Snap for 8426163 from d38372993a99434d47b0668731743a7d1a803f71 to mainline-tzdata2-release
Change-Id: Ifaa41310342a542a190783cbab77a2dd02886653
diff --git a/Android.bp b/Android.bp
index 79bddde..4bbba98 100644
--- a/Android.bp
+++ b/Android.bp
@@ -12,18 +12,14 @@
// See the License for the specific language governing permissions and
// limitations under the License.
-package {
- default_applicable_licenses: ["Android-Apache-2.0"],
-}
-
java_sdk_library {
name: "android.net.ipsec.ike",
installable: true,
defaults: ["framework-module-defaults"],
+ sdk_version: "module_current",
// ike is used as a shared library.
shared_library: true,
- compile_dex: true,
aidl: {
local_include_dirs: ["src/java"],
@@ -37,27 +33,18 @@
libs: [
"unsupportedappusage",
"framework-annotations-lib",
- "conscrypt.module.public.api",
- "framework-connectivity.stubs.module_lib",
],
- stub_only_libs: ["framework-connectivity.stubs.module_lib"],
api_packages: [
"android.net.eap",
"android.net.ipsec.ike",
"android.net.ipsec.ike.exceptions",
- "android.net.ipsec.ike.exceptions.protocol",
- "android.net.ipsec.ike.ike3gpp",
],
hidden_api_packages: [
"com.android.internal.net",
],
- lint: {
- strict_updatability_linting: true,
- },
-
// Shared filegroups of BouncyCastle and frameworks are jar-jar'ed to avoid
// being overwritten by the frameworks class copies.
jarjar_rules: "jarjar-rules-shared.txt",
@@ -67,26 +54,19 @@
"com.android.ipsec",
"test_com.android.ipsec",
],
-
- permitted_packages: [
- "com.android.internal.net",
- "android.net.ipsec.ike",
- "android.net.eap",
- ],
- min_sdk_version: "30",
}
filegroup {
name: "ike-srcs",
srcs: [
- ":ike-internal-srcs",
+ "src/java/**/*.java",
":framework-ike-shared-srcs",
],
}
filegroup {
- name: "ike-internal-srcs",
- srcs: ["src/java/**/*.java"],
+ name: "ike-api-srcs",
+ srcs: ["src/java/android/**/*.java"],
path: "src/java/",
}
@@ -102,46 +82,18 @@
"com.android.ipsec",
"test_com.android.ipsec",
],
- static_libs: [
- "bouncycastle_ike_digests",
- "modules-utils-build",],
- sdk_version: "module_current",
+ static_libs: ["bouncycastle_ike_digests"],
+ sdk_version: "core_current",
}
java_library {
name: "ike_test",
installable: false, // Used only for testing; never installed alone.
srcs: [":ike-srcs"],
- libs: [
- "unsupportedappusage",
- "conscrypt.module.public.api"
- ],
+ libs: ["unsupportedappusage"],
static_libs: ["ike-internals"],
// Shared filegroups of BouncyCastle and frameworks are jar-jar'ed to avoid
- // being overwritten by the frameworks class copies and break code coverage
- // reports. IKE source files are jarjared to avoid this test jar being
- // overshadowed by the IKE jar in framework and bootclasspath which will
- // cause compiling and runtime errors respectively.
- jarjar_rules: "jarjar-rules-test.txt",
-}
-
-java_library {
- name: "ike-test-utils-dependency",
- installable: false, // Used only for building the "ike-test-utils"
- srcs: ["src/java/**/IkeCertUtils.java"],
- jarjar_rules: "jarjar-rules-test.txt",
-}
-
-java_library {
- name: "ike-test-utils",
- srcs: ["tests/iketests/src/java/**/CertUtils.java"],
- static_libs: ["ike-test-utils-dependency"],
- libs: ["androidx.test.rules"],
- visibility: ["//packages/modules/IPsec/tests/cts"]
-}
-
-sdk {
- name: "ipsec-module-sdk",
- bootclasspath_fragments: ["com.android.ipsec-bootclasspath-fragment"],
+ // being overwritten by the frameworks class copies.
+ jarjar_rules: "jarjar-rules-shared.txt",
}
diff --git a/OWNERS b/OWNERS
index 14d68d7..13839fa 100644
--- a/OWNERS
+++ b/OWNERS
@@ -1,8 +1,7 @@
# Bug component: 827526
benedictwong@google.com
+ckesting@google.com
evitayan@google.com
jchalard@google.com
lorenzo@google.com
nharold@google.com
-
-include platform/packages/modules/common:/MODULES_OWNERS
diff --git a/TEST_MAPPING b/TEST_MAPPING
index 6266b8c..71d96ff 100644
--- a/TEST_MAPPING
+++ b/TEST_MAPPING
@@ -1,42 +1,12 @@
{
- "mainline-presubmit": [
- {
- "name": "FrameworksIkeTests[com.google.android.ipsec.apex]"
- },
- {
- "name": "CtsIkeTestCases[com.google.android.ipsec.apex]"
- }
- ],
"presubmit": [
{
"name": "FrameworksIkeTests"
- },
- {
- "name": "CtsIkeTestCases"
- },
- {
- "name": "CtsNetTestCases",
- "options": [
- {
- "include-filter": "android.net.cts.Ikev2VpnTest"
- }
- ]
}
],
"postsubmit": [
{
"name": "FrameworksIkeTests"
- },
- {
- "name": "CtsIkeTestCases"
- },
- {
- "name": "CtsNetTestCases",
- "options": [
- {
- "include-filter": "android.net.cts.Ikev2VpnTest"
- }
- ]
}
]
-}
+}
\ No newline at end of file
diff --git a/apex/Android.bp b/apex/Android.bp
index 8dab57f..6f1b97e 100644
--- a/apex/Android.bp
+++ b/apex/Android.bp
@@ -13,21 +13,13 @@
// limitations under the License.
// Defaults shared between production and test versions of the APEX.
-package {
- default_applicable_licenses: ["Android-Apache-2.0"],
-}
-
apex_defaults {
name: "com.android.ipsec-defaults",
updatable: true,
min_sdk_version: "30",
- bootclasspath_fragments: ["com.android.ipsec-bootclasspath-fragment"],
- prebuilts: ["current_sdkinfo"],
+ java_libs: ["android.net.ipsec.ike"],
key: "com.android.ipsec.key",
certificate: ":com.android.ipsec.certificate",
- // Indicates that pre-installed version of this apex can be compressed.
- // Whether it actually will be compressed is controlled on per-device basis.
- compressible: true,
}
// Production APEX
@@ -49,28 +41,3 @@
// Will use com.android.ipsec.pk8 and com.android.ipsec.x509.pem
certificate: "com.android.ipsec",
}
-
-// Encapsulate the contributions made by the com.android.ipsec to the bootclasspath.
-bootclasspath_fragment {
- name: "com.android.ipsec-bootclasspath-fragment",
- contents: ["android.net.ipsec.ike"],
- apex_available: ["com.android.ipsec"],
-
- // The bootclasspath_fragments that provide APIs on which this depends.
- fragments: [
- {
- apex: "com.android.art",
- module: "art-bootclasspath-fragment",
- },
- {
- apex: "com.android.tethering",
- module: "com.android.tethering-bootclasspath-fragment",
- },
- ],
-
- // Additional stubs libraries that this fragment's contents use which are
- // not provided by another bootclasspath_fragment.
- additional_stubs: [
- "android-non-updatable",
- ],
-}
diff --git a/apex/apex_manifest.json b/apex/apex_manifest.json
index aadcc58..db47ed5 100644
--- a/apex/apex_manifest.json
+++ b/apex/apex_manifest.json
@@ -1,4 +1,4 @@
{
"name": "com.android.ipsec",
- "version": 319999900
+ "version": 309999900
}
diff --git a/apex/testing/Android.bp b/apex/testing/Android.bp
index 57b6f53..ce8d4bd 100644
--- a/apex/testing/Android.bp
+++ b/apex/testing/Android.bp
@@ -12,10 +12,6 @@
// See the License for the specific language governing permissions and
// limitations under the License.
-package {
- default_applicable_licenses: ["Android-Apache-2.0"],
-}
-
apex_test {
name: "test_com.android.ipsec",
visibility: [
diff --git a/api/current.txt b/api/current.txt
index fb5b1f9..d802177 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -1,420 +1 @@
// Signature format: 2.0
-package android.net.eap {
-
- public final class EapSessionConfig {
- method @Nullable public android.net.eap.EapSessionConfig.EapAkaConfig getEapAkaConfig();
- method @Nullable public android.net.eap.EapSessionConfig.EapAkaPrimeConfig getEapAkaPrimeConfig();
- method @NonNull public byte[] getEapIdentity();
- method @Nullable public android.net.eap.EapSessionConfig.EapMsChapV2Config getEapMsChapV2Config();
- method @Nullable public android.net.eap.EapSessionConfig.EapSimConfig getEapSimConfig();
- method @Nullable public android.net.eap.EapSessionConfig.EapTtlsConfig getEapTtlsConfig();
- }
-
- public static final class EapSessionConfig.Builder {
- ctor public EapSessionConfig.Builder();
- method @NonNull public android.net.eap.EapSessionConfig build();
- method @NonNull public android.net.eap.EapSessionConfig.Builder setEapAkaConfig(int, int);
- method @NonNull public android.net.eap.EapSessionConfig.Builder setEapAkaPrimeConfig(int, int, @NonNull String, boolean);
- method @NonNull public android.net.eap.EapSessionConfig.Builder setEapIdentity(@NonNull byte[]);
- method @NonNull public android.net.eap.EapSessionConfig.Builder setEapMsChapV2Config(@NonNull String, @NonNull String);
- method @NonNull public android.net.eap.EapSessionConfig.Builder setEapSimConfig(int, int);
- method @NonNull public android.net.eap.EapSessionConfig.Builder setEapTtlsConfig(@Nullable java.security.cert.X509Certificate, @NonNull android.net.eap.EapSessionConfig);
- }
-
- public static class EapSessionConfig.EapAkaConfig extends android.net.eap.EapSessionConfig.EapMethodConfig {
- method public int getAppType();
- method public int getSubId();
- }
-
- public static class EapSessionConfig.EapAkaPrimeConfig extends android.net.eap.EapSessionConfig.EapAkaConfig {
- method public boolean allowsMismatchedNetworkNames();
- method @NonNull public String getNetworkName();
- }
-
- public abstract static class EapSessionConfig.EapMethodConfig {
- method public int getMethodType();
- field public static final int EAP_TYPE_AKA = 23; // 0x17
- field public static final int EAP_TYPE_AKA_PRIME = 50; // 0x32
- field public static final int EAP_TYPE_MSCHAP_V2 = 26; // 0x1a
- field public static final int EAP_TYPE_SIM = 18; // 0x12
- field public static final int EAP_TYPE_TTLS = 21; // 0x15
- }
-
- public static class EapSessionConfig.EapMsChapV2Config extends android.net.eap.EapSessionConfig.EapMethodConfig {
- method @NonNull public String getPassword();
- method @NonNull public String getUsername();
- }
-
- public static class EapSessionConfig.EapSimConfig extends android.net.eap.EapSessionConfig.EapMethodConfig {
- method public int getAppType();
- method public int getSubId();
- }
-
- public static class EapSessionConfig.EapTtlsConfig extends android.net.eap.EapSessionConfig.EapMethodConfig {
- method @NonNull public android.net.eap.EapSessionConfig getInnerEapSessionConfig();
- method @Nullable public java.security.cert.X509Certificate getServerCaCert();
- }
-
-}
-
-package android.net.ipsec.ike {
-
- public final class ChildSaProposal extends android.net.ipsec.ike.SaProposal {
- method @NonNull public static java.util.Set<java.lang.Integer> getSupportedEncryptionAlgorithms();
- method @NonNull public static java.util.Set<java.lang.Integer> getSupportedIntegrityAlgorithms();
- }
-
- public static final class ChildSaProposal.Builder {
- ctor public ChildSaProposal.Builder();
- method @NonNull public android.net.ipsec.ike.ChildSaProposal.Builder addDhGroup(int);
- method @NonNull public android.net.ipsec.ike.ChildSaProposal.Builder addEncryptionAlgorithm(int, int);
- method @NonNull public android.net.ipsec.ike.ChildSaProposal.Builder addIntegrityAlgorithm(int);
- method @NonNull public android.net.ipsec.ike.ChildSaProposal build();
- }
-
- public interface ChildSessionCallback {
- method public void onClosed();
- method public default void onClosedWithException(@NonNull android.net.ipsec.ike.exceptions.IkeException);
- method public void onIpSecTransformCreated(@NonNull android.net.IpSecTransform, int);
- method public void onIpSecTransformDeleted(@NonNull android.net.IpSecTransform, int);
- method public void onOpened(@NonNull android.net.ipsec.ike.ChildSessionConfiguration);
- }
-
- public final class ChildSessionConfiguration {
- method @NonNull public java.util.List<android.net.ipsec.ike.IkeTrafficSelector> getInboundTrafficSelectors();
- method @NonNull public java.util.List<android.net.ipsec.ike.IkeTrafficSelector> getOutboundTrafficSelectors();
- }
-
- public static final class ChildSessionConfiguration.Builder {
- ctor public ChildSessionConfiguration.Builder(@NonNull java.util.List<android.net.ipsec.ike.IkeTrafficSelector>, @NonNull java.util.List<android.net.ipsec.ike.IkeTrafficSelector>);
- method @NonNull public android.net.ipsec.ike.ChildSessionConfiguration build();
- }
-
- public abstract class ChildSessionParams {
- method @NonNull public java.util.List<android.net.ipsec.ike.ChildSaProposal> getChildSaProposals();
- method @IntRange(from=0x12c, to=0x3840) public int getHardLifetimeSeconds();
- method @NonNull public java.util.List<android.net.ipsec.ike.IkeTrafficSelector> getInboundTrafficSelectors();
- method @NonNull public java.util.List<android.net.ipsec.ike.IkeTrafficSelector> getOutboundTrafficSelectors();
- method @IntRange(from=0x78, to=0x3840) public int getSoftLifetimeSeconds();
- }
-
- public final class IkeDerAsn1DnIdentification extends android.net.ipsec.ike.IkeIdentification {
- ctor public IkeDerAsn1DnIdentification(@NonNull javax.security.auth.x500.X500Principal);
- field @NonNull public final javax.security.auth.x500.X500Principal derAsn1Dn;
- }
-
- public class IkeFqdnIdentification extends android.net.ipsec.ike.IkeIdentification {
- ctor public IkeFqdnIdentification(@NonNull String);
- field @NonNull public final String fqdn;
- }
-
- public abstract class IkeIdentification {
- }
-
- public final class IkeIpv4AddrIdentification extends android.net.ipsec.ike.IkeIdentification {
- ctor public IkeIpv4AddrIdentification(@NonNull java.net.Inet4Address);
- field @NonNull public final java.net.Inet4Address ipv4Address;
- }
-
- public class IkeIpv6AddrIdentification extends android.net.ipsec.ike.IkeIdentification {
- ctor public IkeIpv6AddrIdentification(@NonNull java.net.Inet6Address);
- field @NonNull public final java.net.Inet6Address ipv6Address;
- }
-
- public final class IkeKeyIdIdentification extends android.net.ipsec.ike.IkeIdentification {
- ctor public IkeKeyIdIdentification(@NonNull byte[]);
- field @NonNull public final byte[] keyId;
- }
-
- public final class IkeRfc822AddrIdentification extends android.net.ipsec.ike.IkeIdentification {
- ctor public IkeRfc822AddrIdentification(@NonNull String);
- field @NonNull public final String rfc822Name;
- }
-
- public final class IkeSaProposal extends android.net.ipsec.ike.SaProposal {
- method @NonNull public java.util.List<java.lang.Integer> getPseudorandomFunctions();
- method @NonNull public static java.util.Set<java.lang.Integer> getSupportedEncryptionAlgorithms();
- method @NonNull public static java.util.Set<java.lang.Integer> getSupportedIntegrityAlgorithms();
- method @NonNull public static java.util.Set<java.lang.Integer> getSupportedPseudorandomFunctions();
- }
-
- public static final class IkeSaProposal.Builder {
- ctor public IkeSaProposal.Builder();
- method @NonNull public android.net.ipsec.ike.IkeSaProposal.Builder addDhGroup(int);
- method @NonNull public android.net.ipsec.ike.IkeSaProposal.Builder addEncryptionAlgorithm(int, int);
- method @NonNull public android.net.ipsec.ike.IkeSaProposal.Builder addIntegrityAlgorithm(int);
- method @NonNull public android.net.ipsec.ike.IkeSaProposal.Builder addPseudorandomFunction(int);
- method @NonNull public android.net.ipsec.ike.IkeSaProposal build();
- }
-
- public final class IkeSession implements java.lang.AutoCloseable {
- ctor public IkeSession(@NonNull android.content.Context, @NonNull android.net.ipsec.ike.IkeSessionParams, @NonNull android.net.ipsec.ike.ChildSessionParams, @NonNull java.util.concurrent.Executor, @NonNull android.net.ipsec.ike.IkeSessionCallback, @NonNull android.net.ipsec.ike.ChildSessionCallback);
- method public void close();
- method public void closeChildSession(@NonNull android.net.ipsec.ike.ChildSessionCallback);
- method public void finalize();
- method public void kill();
- method public void openChildSession(@NonNull android.net.ipsec.ike.ChildSessionParams, @NonNull android.net.ipsec.ike.ChildSessionCallback);
- }
-
- public interface IkeSessionCallback {
- method public void onClosed();
- method public default void onClosedWithException(@NonNull android.net.ipsec.ike.exceptions.IkeException);
- method public default void onError(@NonNull android.net.ipsec.ike.exceptions.IkeException);
- method public void onOpened(@NonNull android.net.ipsec.ike.IkeSessionConfiguration);
- }
-
- public final class IkeSessionConfiguration {
- method @NonNull public android.net.ipsec.ike.IkeSessionConnectionInfo getIkeSessionConnectionInfo();
- method @NonNull public String getRemoteApplicationVersion();
- method @NonNull public java.util.List<byte[]> getRemoteVendorIds();
- method public boolean isIkeExtensionEnabled(int);
- field public static final int EXTENSION_TYPE_FRAGMENTATION = 1; // 0x1
- field public static final int EXTENSION_TYPE_MOBIKE = 2; // 0x2
- }
-
- public static final class IkeSessionConfiguration.Builder {
- ctor public IkeSessionConfiguration.Builder(@NonNull android.net.ipsec.ike.IkeSessionConnectionInfo);
- method @NonNull public android.net.ipsec.ike.IkeSessionConfiguration.Builder addIkeExtension(int);
- method @NonNull public android.net.ipsec.ike.IkeSessionConfiguration.Builder addRemoteVendorId(@NonNull byte[]);
- method @NonNull public android.net.ipsec.ike.IkeSessionConfiguration build();
- method @NonNull public android.net.ipsec.ike.IkeSessionConfiguration.Builder clearIkeExtensions();
- method @NonNull public android.net.ipsec.ike.IkeSessionConfiguration.Builder clearRemoteApplicationVersion();
- method @NonNull public android.net.ipsec.ike.IkeSessionConfiguration.Builder clearRemoteVendorIds();
- method @NonNull public android.net.ipsec.ike.IkeSessionConfiguration.Builder setRemoteApplicationVersion(@NonNull String);
- }
-
- public final class IkeSessionConnectionInfo {
- ctor public IkeSessionConnectionInfo(@NonNull java.net.InetAddress, @NonNull java.net.InetAddress, @NonNull android.net.Network);
- method @NonNull public java.net.InetAddress getLocalAddress();
- method @NonNull public android.net.Network getNetwork();
- method @NonNull public java.net.InetAddress getRemoteAddress();
- }
-
- public final class IkeSessionParams {
- method @IntRange(from=0x14, to=0x708) public int getDpdDelaySeconds();
- method @IntRange(from=0x12c, to=0x15180) public int getHardLifetimeSeconds();
- method @NonNull public java.util.List<android.net.ipsec.ike.IkeSaProposal> getIkeSaProposals();
- method @NonNull public android.net.ipsec.ike.IkeSessionParams.IkeAuthConfig getLocalAuthConfig();
- method @NonNull public android.net.ipsec.ike.IkeIdentification getLocalIdentification();
- method @IntRange(from=0xa, to=0xe10) public int getNattKeepAliveDelaySeconds();
- method @Nullable public android.net.Network getNetwork();
- method @NonNull public android.net.ipsec.ike.IkeSessionParams.IkeAuthConfig getRemoteAuthConfig();
- method @NonNull public android.net.ipsec.ike.IkeIdentification getRemoteIdentification();
- method @NonNull public int[] getRetransmissionTimeoutsMillis();
- method @NonNull public String getServerHostname();
- method @IntRange(from=0x78, to=0x15180) public int getSoftLifetimeSeconds();
- method public boolean hasIkeOption(int);
- field public static final int IKE_OPTION_ACCEPT_ANY_REMOTE_ID = 0; // 0x0
- field public static final int IKE_OPTION_EAP_ONLY_AUTH = 1; // 0x1
- field public static final int IKE_OPTION_FORCE_PORT_4500 = 3; // 0x3
- field public static final int IKE_OPTION_MOBIKE = 2; // 0x2
- }
-
- public static final class IkeSessionParams.Builder {
- ctor public IkeSessionParams.Builder();
- ctor public IkeSessionParams.Builder(@NonNull android.net.ipsec.ike.IkeSessionParams);
- method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder addIkeOption(int);
- method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder addIkeSaProposal(@NonNull android.net.ipsec.ike.IkeSaProposal);
- method @NonNull public android.net.ipsec.ike.IkeSessionParams build();
- method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder removeIkeOption(int);
- method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder setAuthDigitalSignature(@Nullable java.security.cert.X509Certificate, @NonNull java.security.cert.X509Certificate, @NonNull java.security.PrivateKey);
- method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder setAuthDigitalSignature(@Nullable java.security.cert.X509Certificate, @NonNull java.security.cert.X509Certificate, @NonNull java.util.List<java.security.cert.X509Certificate>, @NonNull java.security.PrivateKey);
- method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder setAuthEap(@Nullable java.security.cert.X509Certificate, @NonNull android.net.eap.EapSessionConfig);
- method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder setAuthPsk(@NonNull byte[]);
- method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder setDpdDelaySeconds(@IntRange(from=0x14, to=0x708) int);
- method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder setLifetimeSeconds(@IntRange(from=0x12c, to=0x15180) int, @IntRange(from=0x78, to=0x15180) int);
- method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder setLocalIdentification(@NonNull android.net.ipsec.ike.IkeIdentification);
- method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder setNattKeepAliveDelaySeconds(@IntRange(from=0xa, to=0xe10) int);
- method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder setNetwork(@Nullable android.net.Network);
- method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder setRemoteIdentification(@NonNull android.net.ipsec.ike.IkeIdentification);
- method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder setRetransmissionTimeoutsMillis(@NonNull int[]);
- method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder setServerHostname(@NonNull String);
- }
-
- public abstract static class IkeSessionParams.IkeAuthConfig {
- }
-
- public static class IkeSessionParams.IkeAuthDigitalSignLocalConfig extends android.net.ipsec.ike.IkeSessionParams.IkeAuthConfig {
- method @NonNull public java.security.cert.X509Certificate getClientEndCertificate();
- method @NonNull public java.util.List<java.security.cert.X509Certificate> getIntermediateCertificates();
- method @NonNull public java.security.PrivateKey getPrivateKey();
- }
-
- public static class IkeSessionParams.IkeAuthDigitalSignRemoteConfig extends android.net.ipsec.ike.IkeSessionParams.IkeAuthConfig {
- method @Nullable public java.security.cert.X509Certificate getRemoteCaCert();
- }
-
- public static class IkeSessionParams.IkeAuthEapConfig extends android.net.ipsec.ike.IkeSessionParams.IkeAuthConfig {
- method @NonNull public android.net.eap.EapSessionConfig getEapConfig();
- }
-
- public static class IkeSessionParams.IkeAuthPskConfig extends android.net.ipsec.ike.IkeSessionParams.IkeAuthConfig {
- method @NonNull public byte[] getPsk();
- }
-
- public final class IkeTrafficSelector {
- ctor public IkeTrafficSelector(int, int, @NonNull java.net.InetAddress, @NonNull java.net.InetAddress);
- field public final int endPort;
- field @NonNull public final java.net.InetAddress endingAddress;
- field public final int startPort;
- field @NonNull public final java.net.InetAddress startingAddress;
- }
-
- public final class IkeTunnelConnectionParams {
- ctor public IkeTunnelConnectionParams(@NonNull android.net.ipsec.ike.IkeSessionParams, @NonNull android.net.ipsec.ike.TunnelModeChildSessionParams);
- method @NonNull public android.net.ipsec.ike.IkeSessionParams getIkeSessionParams();
- method @NonNull public android.net.ipsec.ike.TunnelModeChildSessionParams getTunnelModeChildSessionParams();
- }
-
- public abstract class SaProposal {
- method @NonNull public java.util.List<java.lang.Integer> getDhGroups();
- method @NonNull public java.util.List<android.util.Pair<java.lang.Integer,java.lang.Integer>> getEncryptionAlgorithms();
- method @NonNull public java.util.List<java.lang.Integer> getIntegrityAlgorithms();
- method @NonNull public static java.util.Set<java.lang.Integer> getSupportedDhGroups();
- field public static final int DH_GROUP_1024_BIT_MODP = 2; // 0x2
- field public static final int DH_GROUP_1536_BIT_MODP = 5; // 0x5
- field public static final int DH_GROUP_2048_BIT_MODP = 14; // 0xe
- field public static final int DH_GROUP_3072_BIT_MODP = 15; // 0xf
- field public static final int DH_GROUP_4096_BIT_MODP = 16; // 0x10
- field public static final int DH_GROUP_CURVE_25519 = 31; // 0x1f
- field public static final int DH_GROUP_NONE = 0; // 0x0
- field public static final int ENCRYPTION_ALGORITHM_3DES = 3; // 0x3
- field public static final int ENCRYPTION_ALGORITHM_AES_CBC = 12; // 0xc
- field public static final int ENCRYPTION_ALGORITHM_AES_CTR = 13; // 0xd
- field public static final int ENCRYPTION_ALGORITHM_AES_GCM_12 = 19; // 0x13
- field public static final int ENCRYPTION_ALGORITHM_AES_GCM_16 = 20; // 0x14
- field public static final int ENCRYPTION_ALGORITHM_AES_GCM_8 = 18; // 0x12
- field public static final int ENCRYPTION_ALGORITHM_CHACHA20_POLY1305 = 28; // 0x1c
- field public static final int INTEGRITY_ALGORITHM_AES_CMAC_96 = 8; // 0x8
- field public static final int INTEGRITY_ALGORITHM_AES_XCBC_96 = 5; // 0x5
- field public static final int INTEGRITY_ALGORITHM_HMAC_SHA1_96 = 2; // 0x2
- field public static final int INTEGRITY_ALGORITHM_HMAC_SHA2_256_128 = 12; // 0xc
- field public static final int INTEGRITY_ALGORITHM_HMAC_SHA2_384_192 = 13; // 0xd
- field public static final int INTEGRITY_ALGORITHM_HMAC_SHA2_512_256 = 14; // 0xe
- field public static final int INTEGRITY_ALGORITHM_NONE = 0; // 0x0
- field public static final int KEY_LEN_AES_128 = 128; // 0x80
- field public static final int KEY_LEN_AES_192 = 192; // 0xc0
- field public static final int KEY_LEN_AES_256 = 256; // 0x100
- field public static final int KEY_LEN_UNUSED = 0; // 0x0
- field public static final int PSEUDORANDOM_FUNCTION_AES128_CMAC = 8; // 0x8
- field public static final int PSEUDORANDOM_FUNCTION_AES128_XCBC = 4; // 0x4
- field public static final int PSEUDORANDOM_FUNCTION_HMAC_SHA1 = 2; // 0x2
- field public static final int PSEUDORANDOM_FUNCTION_SHA2_256 = 5; // 0x5
- field public static final int PSEUDORANDOM_FUNCTION_SHA2_384 = 6; // 0x6
- field public static final int PSEUDORANDOM_FUNCTION_SHA2_512 = 7; // 0x7
- }
-
- public final class TransportModeChildSessionParams extends android.net.ipsec.ike.ChildSessionParams {
- }
-
- public static final class TransportModeChildSessionParams.Builder {
- ctor public TransportModeChildSessionParams.Builder();
- ctor public TransportModeChildSessionParams.Builder(@NonNull android.net.ipsec.ike.TransportModeChildSessionParams);
- method @NonNull public android.net.ipsec.ike.TransportModeChildSessionParams.Builder addChildSaProposal(@NonNull android.net.ipsec.ike.ChildSaProposal);
- method @NonNull public android.net.ipsec.ike.TransportModeChildSessionParams.Builder addInboundTrafficSelectors(@NonNull android.net.ipsec.ike.IkeTrafficSelector);
- method @NonNull public android.net.ipsec.ike.TransportModeChildSessionParams.Builder addOutboundTrafficSelectors(@NonNull android.net.ipsec.ike.IkeTrafficSelector);
- method @NonNull public android.net.ipsec.ike.TransportModeChildSessionParams build();
- method @NonNull public android.net.ipsec.ike.TransportModeChildSessionParams.Builder setLifetimeSeconds(@IntRange(from=0x12c, to=0x3840) int, @IntRange(from=0x78, to=0x3840) int);
- }
-
- public final class TunnelModeChildSessionParams extends android.net.ipsec.ike.ChildSessionParams {
- method @NonNull public java.util.List<android.net.ipsec.ike.TunnelModeChildSessionParams.TunnelModeChildConfigRequest> getConfigurationRequests();
- }
-
- public static final class TunnelModeChildSessionParams.Builder {
- ctor public TunnelModeChildSessionParams.Builder();
- ctor public TunnelModeChildSessionParams.Builder(@NonNull android.net.ipsec.ike.TunnelModeChildSessionParams);
- method @NonNull public android.net.ipsec.ike.TunnelModeChildSessionParams.Builder addChildSaProposal(@NonNull android.net.ipsec.ike.ChildSaProposal);
- method @NonNull public android.net.ipsec.ike.TunnelModeChildSessionParams.Builder addInboundTrafficSelectors(@NonNull android.net.ipsec.ike.IkeTrafficSelector);
- method @NonNull public android.net.ipsec.ike.TunnelModeChildSessionParams.Builder addInternalAddressRequest(int);
- method @NonNull public android.net.ipsec.ike.TunnelModeChildSessionParams.Builder addInternalAddressRequest(@NonNull java.net.Inet4Address);
- method @NonNull public android.net.ipsec.ike.TunnelModeChildSessionParams.Builder addInternalAddressRequest(@NonNull java.net.Inet6Address, int);
- method @NonNull public android.net.ipsec.ike.TunnelModeChildSessionParams.Builder addInternalDhcpServerRequest(int);
- method @NonNull public android.net.ipsec.ike.TunnelModeChildSessionParams.Builder addInternalDnsServerRequest(int);
- method @NonNull public android.net.ipsec.ike.TunnelModeChildSessionParams.Builder addOutboundTrafficSelectors(@NonNull android.net.ipsec.ike.IkeTrafficSelector);
- method @NonNull public android.net.ipsec.ike.TunnelModeChildSessionParams build();
- method @NonNull public android.net.ipsec.ike.TunnelModeChildSessionParams.Builder setLifetimeSeconds(@IntRange(from=0x12c, to=0x3840) int, @IntRange(from=0x78, to=0x3840) int);
- }
-
- public static interface TunnelModeChildSessionParams.ConfigRequestIpv4Address extends android.net.ipsec.ike.TunnelModeChildSessionParams.TunnelModeChildConfigRequest {
- method @Nullable public java.net.Inet4Address getAddress();
- }
-
- public static interface TunnelModeChildSessionParams.ConfigRequestIpv4DhcpServer extends android.net.ipsec.ike.TunnelModeChildSessionParams.TunnelModeChildConfigRequest {
- }
-
- public static interface TunnelModeChildSessionParams.ConfigRequestIpv4DnsServer extends android.net.ipsec.ike.TunnelModeChildSessionParams.TunnelModeChildConfigRequest {
- }
-
- public static interface TunnelModeChildSessionParams.ConfigRequestIpv4Netmask extends android.net.ipsec.ike.TunnelModeChildSessionParams.TunnelModeChildConfigRequest {
- }
-
- public static interface TunnelModeChildSessionParams.ConfigRequestIpv6Address extends android.net.ipsec.ike.TunnelModeChildSessionParams.TunnelModeChildConfigRequest {
- method @Nullable public java.net.Inet6Address getAddress();
- method public int getPrefixLength();
- }
-
- public static interface TunnelModeChildSessionParams.ConfigRequestIpv6DnsServer extends android.net.ipsec.ike.TunnelModeChildSessionParams.TunnelModeChildConfigRequest {
- }
-
- public static interface TunnelModeChildSessionParams.TunnelModeChildConfigRequest {
- }
-
-}
-
-package android.net.ipsec.ike.exceptions {
-
- public abstract class IkeException extends java.lang.Exception {
- }
-
- public final class IkeInternalException extends android.net.ipsec.ike.exceptions.IkeNonProtocolException {
- ctor public IkeInternalException(@NonNull Throwable);
- ctor public IkeInternalException(@NonNull String, @NonNull Throwable);
- }
-
- public final class IkeNetworkLostException extends android.net.ipsec.ike.exceptions.IkeNonProtocolException {
- ctor public IkeNetworkLostException(@NonNull android.net.Network);
- method @NonNull public android.net.Network getNetwork();
- }
-
- public abstract class IkeNonProtocolException extends android.net.ipsec.ike.exceptions.IkeException {
- }
-
- public abstract class IkeProtocolException extends android.net.ipsec.ike.exceptions.IkeException {
- method public int getErrorType();
- field public static final int ERROR_TYPE_AUTHENTICATION_FAILED = 24; // 0x18
- field public static final int ERROR_TYPE_CHILD_SA_NOT_FOUND = 44; // 0x2c
- field public static final int ERROR_TYPE_FAILED_CP_REQUIRED = 37; // 0x25
- field public static final int ERROR_TYPE_INTERNAL_ADDRESS_FAILURE = 36; // 0x24
- field public static final int ERROR_TYPE_INVALID_IKE_SPI = 4; // 0x4
- field public static final int ERROR_TYPE_INVALID_KE_PAYLOAD = 17; // 0x11
- field public static final int ERROR_TYPE_INVALID_MAJOR_VERSION = 5; // 0x5
- field public static final int ERROR_TYPE_INVALID_MESSAGE_ID = 9; // 0x9
- field public static final int ERROR_TYPE_INVALID_SELECTORS = 39; // 0x27
- field public static final int ERROR_TYPE_INVALID_SYNTAX = 7; // 0x7
- field public static final int ERROR_TYPE_NO_ADDITIONAL_SAS = 35; // 0x23
- field public static final int ERROR_TYPE_NO_PROPOSAL_CHOSEN = 14; // 0xe
- field public static final int ERROR_TYPE_SINGLE_PAIR_REQUIRED = 34; // 0x22
- field public static final int ERROR_TYPE_TEMPORARY_FAILURE = 43; // 0x2b
- field public static final int ERROR_TYPE_TS_UNACCEPTABLE = 38; // 0x26
- field public static final int ERROR_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD = 1; // 0x1
- }
-
- public final class InvalidKeException extends android.net.ipsec.ike.exceptions.IkeProtocolException {
- ctor public InvalidKeException(int);
- method public int getDhGroup();
- }
-
- public final class InvalidMajorVersionException extends android.net.ipsec.ike.exceptions.IkeProtocolException {
- ctor public InvalidMajorVersionException(byte);
- method public byte getMajorVersion();
- }
-
- public final class InvalidSelectorsException extends android.net.ipsec.ike.exceptions.IkeProtocolException {
- ctor public InvalidSelectorsException(int, @NonNull byte[]);
- method @NonNull public byte[] getIpSecPacketInfo();
- method public int getIpSecSpi();
- }
-
-}
-
diff --git a/api/system-current.txt b/api/system-current.txt
index d2ffd43..d42f8c0 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -2,78 +2,202 @@
package android.net.eap {
public final class EapSessionConfig {
- method @Deprecated @Nullable public android.net.eap.EapSessionConfig.EapMsChapV2Config getEapMsChapV2onfig();
+ method @Nullable public android.net.eap.EapSessionConfig.EapAkaConfig getEapAkaConfig();
+ method @Nullable public android.net.eap.EapSessionConfig.EapAkaPrimeConfig getEapAkaPrimeConfig();
+ method @NonNull public byte[] getEapIdentity();
+ method @Nullable public android.net.eap.EapSessionConfig.EapMsChapV2Config getEapMsChapV2onfig();
+ method @Nullable public android.net.eap.EapSessionConfig.EapSimConfig getEapSimConfig();
}
- @Deprecated public abstract static class EapSessionConfig.EapUiccConfig extends android.net.eap.EapSessionConfig.EapMethodConfig {
- method @Deprecated public int getAppType();
- method @Deprecated public int getSubId();
+ public static final class EapSessionConfig.Builder {
+ ctor public EapSessionConfig.Builder();
+ method @NonNull public android.net.eap.EapSessionConfig build();
+ method @NonNull public android.net.eap.EapSessionConfig.Builder setEapAkaConfig(int, int);
+ method @NonNull public android.net.eap.EapSessionConfig.Builder setEapAkaPrimeConfig(int, int, @NonNull String, boolean);
+ method @NonNull public android.net.eap.EapSessionConfig.Builder setEapIdentity(@NonNull byte[]);
+ method @NonNull public android.net.eap.EapSessionConfig.Builder setEapMsChapV2Config(@NonNull String, @NonNull String);
+ method @NonNull public android.net.eap.EapSessionConfig.Builder setEapSimConfig(int, int);
+ }
+
+ public static class EapSessionConfig.EapAkaConfig extends android.net.eap.EapSessionConfig.EapUiccConfig {
+ }
+
+ public static class EapSessionConfig.EapAkaPrimeConfig extends android.net.eap.EapSessionConfig.EapAkaConfig {
+ method public boolean allowsMismatchedNetworkNames();
+ method @NonNull public String getNetworkName();
+ }
+
+ public abstract static class EapSessionConfig.EapMethodConfig {
+ method public int getMethodType();
+ }
+
+ public static class EapSessionConfig.EapMsChapV2Config extends android.net.eap.EapSessionConfig.EapMethodConfig {
+ method @NonNull public String getPassword();
+ method @NonNull public String getUsername();
+ }
+
+ public static class EapSessionConfig.EapSimConfig extends android.net.eap.EapSessionConfig.EapUiccConfig {
+ }
+
+ public abstract static class EapSessionConfig.EapUiccConfig extends android.net.eap.EapSessionConfig.EapMethodConfig {
+ method public int getAppType();
+ method public int getSubId();
}
}
package android.net.ipsec.ike {
+ public final class ChildSaProposal extends android.net.ipsec.ike.SaProposal {
+ }
+
+ public static final class ChildSaProposal.Builder {
+ ctor public ChildSaProposal.Builder();
+ method @NonNull public android.net.ipsec.ike.ChildSaProposal.Builder addDhGroup(int);
+ method @NonNull public android.net.ipsec.ike.ChildSaProposal.Builder addEncryptionAlgorithm(int, int);
+ method @NonNull public android.net.ipsec.ike.ChildSaProposal.Builder addIntegrityAlgorithm(int);
+ method @NonNull public android.net.ipsec.ike.ChildSaProposal build();
+ }
+
public interface ChildSessionCallback {
- method @Deprecated public default void onClosedExceptionally(@NonNull android.net.ipsec.ike.exceptions.IkeException);
- method public default void onIpSecTransformsMigrated(@NonNull android.net.IpSecTransform, @NonNull android.net.IpSecTransform);
+ method public void onClosed();
+ method public void onClosedExceptionally(@NonNull android.net.ipsec.ike.exceptions.IkeException);
+ method public void onIpSecTransformCreated(@NonNull android.net.IpSecTransform, int);
+ method public void onIpSecTransformDeleted(@NonNull android.net.IpSecTransform, int);
+ method public void onOpened(@NonNull android.net.ipsec.ike.ChildSessionConfiguration);
}
public final class ChildSessionConfiguration {
+ method @NonNull public java.util.List<android.net.ipsec.ike.IkeTrafficSelector> getInboundTrafficSelectors();
method @NonNull public java.util.List<android.net.LinkAddress> getInternalAddresses();
method @NonNull public java.util.List<java.net.InetAddress> getInternalDhcpServers();
method @NonNull public java.util.List<java.net.InetAddress> getInternalDnsServers();
method @NonNull public java.util.List<android.net.IpPrefix> getInternalSubnets();
- }
-
- public static final class ChildSessionConfiguration.Builder {
- method @NonNull public android.net.ipsec.ike.ChildSessionConfiguration.Builder addInternalAddress(@NonNull android.net.LinkAddress);
- method @NonNull public android.net.ipsec.ike.ChildSessionConfiguration.Builder addInternalDhcpServer(@NonNull java.net.InetAddress);
- method @NonNull public android.net.ipsec.ike.ChildSessionConfiguration.Builder addInternalDnsServer(@NonNull java.net.InetAddress);
- method @NonNull public android.net.ipsec.ike.ChildSessionConfiguration.Builder addInternalSubnet(@NonNull android.net.IpPrefix);
- method @NonNull public android.net.ipsec.ike.ChildSessionConfiguration.Builder clearInternalAddresses();
- method @NonNull public android.net.ipsec.ike.ChildSessionConfiguration.Builder clearInternalDhcpServers();
- method @NonNull public android.net.ipsec.ike.ChildSessionConfiguration.Builder clearInternalDnsServers();
- method @NonNull public android.net.ipsec.ike.ChildSessionConfiguration.Builder clearInternalSubnets();
+ method @NonNull public java.util.List<android.net.ipsec.ike.IkeTrafficSelector> getOutboundTrafficSelectors();
}
public abstract class ChildSessionParams {
- method @Deprecated @NonNull public java.util.List<android.net.ipsec.ike.ChildSaProposal> getSaProposals();
+ method @IntRange(from=0x12c, to=0x3840) public int getHardLifetimeSeconds();
+ method @NonNull public java.util.List<android.net.ipsec.ike.IkeTrafficSelector> getInboundTrafficSelectors();
+ method @NonNull public java.util.List<android.net.ipsec.ike.IkeTrafficSelector> getOutboundTrafficSelectors();
+ method @NonNull public java.util.List<android.net.ipsec.ike.ChildSaProposal> getSaProposals();
+ method @IntRange(from=0x78, to=0x3840) public int getSoftLifetimeSeconds();
+ }
+
+ public final class IkeDerAsn1DnIdentification extends android.net.ipsec.ike.IkeIdentification {
+ ctor public IkeDerAsn1DnIdentification(@NonNull javax.security.auth.x500.X500Principal);
+ field @NonNull public final javax.security.auth.x500.X500Principal derAsn1Dn;
+ }
+
+ public class IkeFqdnIdentification extends android.net.ipsec.ike.IkeIdentification {
+ ctor public IkeFqdnIdentification(@NonNull String);
+ field @NonNull public final String fqdn;
+ }
+
+ public abstract class IkeIdentification {
+ }
+
+ public final class IkeIpv4AddrIdentification extends android.net.ipsec.ike.IkeIdentification {
+ ctor public IkeIpv4AddrIdentification(@NonNull java.net.Inet4Address);
+ field @NonNull public final java.net.Inet4Address ipv4Address;
+ }
+
+ public class IkeIpv6AddrIdentification extends android.net.ipsec.ike.IkeIdentification {
+ ctor public IkeIpv6AddrIdentification(@NonNull java.net.Inet6Address);
+ field @NonNull public final java.net.Inet6Address ipv6Address;
+ }
+
+ public final class IkeKeyIdIdentification extends android.net.ipsec.ike.IkeIdentification {
+ ctor public IkeKeyIdIdentification(@NonNull byte[]);
+ field @NonNull public final byte[] keyId;
+ }
+
+ public final class IkeRfc822AddrIdentification extends android.net.ipsec.ike.IkeIdentification {
+ ctor public IkeRfc822AddrIdentification(@NonNull String);
+ field @NonNull public final String rfc822Name;
+ }
+
+ public final class IkeSaProposal extends android.net.ipsec.ike.SaProposal {
+ method @NonNull public java.util.List<java.lang.Integer> getPseudorandomFunctions();
+ }
+
+ public static final class IkeSaProposal.Builder {
+ ctor public IkeSaProposal.Builder();
+ method @NonNull public android.net.ipsec.ike.IkeSaProposal.Builder addDhGroup(int);
+ method @NonNull public android.net.ipsec.ike.IkeSaProposal.Builder addEncryptionAlgorithm(int, int);
+ method @NonNull public android.net.ipsec.ike.IkeSaProposal.Builder addIntegrityAlgorithm(int);
+ method @NonNull public android.net.ipsec.ike.IkeSaProposal.Builder addPseudorandomFunction(int);
+ method @NonNull public android.net.ipsec.ike.IkeSaProposal build();
}
public final class IkeSession implements java.lang.AutoCloseable {
- method public void setNetwork(@NonNull android.net.Network);
+ ctor public IkeSession(@NonNull android.content.Context, @NonNull android.net.ipsec.ike.IkeSessionParams, @NonNull android.net.ipsec.ike.ChildSessionParams, @NonNull java.util.concurrent.Executor, @NonNull android.net.ipsec.ike.IkeSessionCallback, @NonNull android.net.ipsec.ike.ChildSessionCallback);
+ method public void close();
+ method public void closeChildSession(@NonNull android.net.ipsec.ike.ChildSessionCallback);
+ method public void kill();
+ method public void openChildSession(@NonNull android.net.ipsec.ike.ChildSessionParams, @NonNull android.net.ipsec.ike.ChildSessionCallback);
}
public interface IkeSessionCallback {
- method @Deprecated public default void onClosedExceptionally(@NonNull android.net.ipsec.ike.exceptions.IkeException);
- method @Deprecated public default void onError(@NonNull android.net.ipsec.ike.exceptions.IkeProtocolException);
- method public default void onIkeSessionConnectionInfoChanged(@NonNull android.net.ipsec.ike.IkeSessionConnectionInfo);
+ method public void onClosed();
+ method public void onClosedExceptionally(@NonNull android.net.ipsec.ike.exceptions.IkeException);
+ method public void onError(@NonNull android.net.ipsec.ike.exceptions.IkeProtocolException);
+ method public void onOpened(@NonNull android.net.ipsec.ike.IkeSessionConfiguration);
}
public final class IkeSessionConfiguration {
+ method @NonNull public android.net.ipsec.ike.IkeSessionConnectionInfo getIkeSessionConnectionInfo();
method @NonNull public java.util.List<java.net.InetAddress> getPcscfServers();
+ method @NonNull public String getRemoteApplicationVersion();
+ method @NonNull public java.util.List<byte[]> getRemoteVendorIds();
+ method public boolean isIkeExtensionEnabled(int);
+ field public static final int EXTENSION_TYPE_FRAGMENTATION = 1; // 0x1
+ field public static final int EXTENSION_TYPE_MOBIKE = 2; // 0x2
}
- public static final class IkeSessionConfiguration.Builder {
- method @NonNull public android.net.ipsec.ike.IkeSessionConfiguration.Builder addPcscfServer(@NonNull java.net.InetAddress);
- method @NonNull public android.net.ipsec.ike.IkeSessionConfiguration.Builder clearPcscfServers();
+ public final class IkeSessionConnectionInfo {
+ method @NonNull public java.net.InetAddress getLocalAddress();
+ method @NonNull public android.net.Network getNetwork();
+ method @NonNull public java.net.InetAddress getRemoteAddress();
}
public final class IkeSessionParams {
method @NonNull public java.util.List<android.net.ipsec.ike.IkeSessionParams.IkeConfigRequest> getConfigurationRequests();
- method @IntRange(from=0x0, to=0x3f) public int getDscp();
- method @Nullable public android.net.ipsec.ike.ike3gpp.Ike3gppExtension getIke3gppExtension();
- method @Deprecated @NonNull public java.util.List<android.net.ipsec.ike.IkeSaProposal> getSaProposals();
+ method @IntRange(from=0x14, to=0x708) public int getDpdDelaySeconds();
+ method @IntRange(from=0x12c, to=0x15180) public int getHardLifetimeSeconds();
+ method @NonNull public android.net.ipsec.ike.IkeSessionParams.IkeAuthConfig getLocalAuthConfig();
+ method @NonNull public android.net.ipsec.ike.IkeIdentification getLocalIdentification();
+ method @NonNull public android.net.Network getNetwork();
+ method @NonNull public android.net.ipsec.ike.IkeSessionParams.IkeAuthConfig getRemoteAuthConfig();
+ method @NonNull public android.net.ipsec.ike.IkeIdentification getRemoteIdentification();
+ method public int[] getRetransmissionTimeoutsMillis();
+ method @NonNull public java.util.List<android.net.ipsec.ike.IkeSaProposal> getSaProposals();
+ method @NonNull public String getServerHostname();
+ method @IntRange(from=0x78, to=0x15180) public int getSoftLifetimeSeconds();
+ method public boolean hasIkeOption(int);
+ field public static final int IKE_OPTION_ACCEPT_ANY_REMOTE_ID = 0; // 0x0
+ field public static final int IKE_OPTION_EAP_ONLY_AUTH = 1; // 0x1
}
public static final class IkeSessionParams.Builder {
- ctor @Deprecated public IkeSessionParams.Builder(@NonNull android.content.Context);
+ ctor public IkeSessionParams.Builder(@NonNull android.content.Context);
+ method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder addIkeOption(int);
method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder addPcscfServerRequest(@NonNull java.net.InetAddress);
method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder addPcscfServerRequest(int);
- method @Deprecated @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder addSaProposal(@NonNull android.net.ipsec.ike.IkeSaProposal);
- method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder setDscp(@IntRange(from=0x0, to=0x3f) int);
- method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder setIke3gppExtension(@NonNull android.net.ipsec.ike.ike3gpp.Ike3gppExtension);
+ method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder addSaProposal(@NonNull android.net.ipsec.ike.IkeSaProposal);
+ method @NonNull public android.net.ipsec.ike.IkeSessionParams build();
+ method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder removeIkeOption(int);
+ method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder setAuthDigitalSignature(@Nullable java.security.cert.X509Certificate, @NonNull java.security.cert.X509Certificate, @NonNull java.security.PrivateKey);
+ method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder setAuthDigitalSignature(@Nullable java.security.cert.X509Certificate, @NonNull java.security.cert.X509Certificate, @NonNull java.util.List<java.security.cert.X509Certificate>, @NonNull java.security.PrivateKey);
+ method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder setAuthEap(@Nullable java.security.cert.X509Certificate, @NonNull android.net.eap.EapSessionConfig);
+ method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder setAuthPsk(@NonNull byte[]);
+ method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder setDpdDelaySeconds(@IntRange(from=0x14, to=0x708) int);
+ method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder setLifetimeSeconds(@IntRange(from=0x12c, to=0x15180) int, @IntRange(from=0x78, to=0x15180) int);
+ method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder setLocalIdentification(@NonNull android.net.ipsec.ike.IkeIdentification);
+ method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder setNetwork(@NonNull android.net.Network);
+ method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder setRemoteIdentification(@NonNull android.net.ipsec.ike.IkeIdentification);
+ method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder setRetransmissionTimeoutsMillis(@NonNull int[]);
+ method @NonNull public android.net.ipsec.ike.IkeSessionParams.Builder setServerHostname(@NonNull String);
}
public static interface IkeSessionParams.ConfigRequestIpv4PcscfServer extends android.net.ipsec.ike.IkeSessionParams.IkeConfigRequest {
@@ -84,69 +208,150 @@
method @Nullable public java.net.Inet6Address getAddress();
}
+ public abstract static class IkeSessionParams.IkeAuthConfig {
+ }
+
+ public static class IkeSessionParams.IkeAuthDigitalSignLocalConfig extends android.net.ipsec.ike.IkeSessionParams.IkeAuthConfig {
+ method @NonNull public java.security.cert.X509Certificate getClientEndCertificate();
+ method @NonNull public java.util.List<java.security.cert.X509Certificate> getIntermediateCertificates();
+ method @NonNull public java.security.PrivateKey getPrivateKey();
+ }
+
+ public static class IkeSessionParams.IkeAuthDigitalSignRemoteConfig extends android.net.ipsec.ike.IkeSessionParams.IkeAuthConfig {
+ method @Nullable public java.security.cert.X509Certificate getRemoteCaCert();
+ }
+
+ public static class IkeSessionParams.IkeAuthEapConfig extends android.net.ipsec.ike.IkeSessionParams.IkeAuthConfig {
+ method @NonNull public android.net.eap.EapSessionConfig getEapConfig();
+ }
+
+ public static class IkeSessionParams.IkeAuthPskConfig extends android.net.ipsec.ike.IkeSessionParams.IkeAuthConfig {
+ method @NonNull public byte[] getPsk();
+ }
+
public static interface IkeSessionParams.IkeConfigRequest {
}
+ public final class IkeTrafficSelector {
+ ctor public IkeTrafficSelector(int, int, @NonNull java.net.InetAddress, @NonNull java.net.InetAddress);
+ field public final int endPort;
+ field @NonNull public final java.net.InetAddress endingAddress;
+ field public final int startPort;
+ field @NonNull public final java.net.InetAddress startingAddress;
+ }
+
+ public abstract class SaProposal {
+ method @NonNull public java.util.List<java.lang.Integer> getDhGroups();
+ method @NonNull public java.util.List<android.util.Pair<java.lang.Integer,java.lang.Integer>> getEncryptionAlgorithms();
+ method @NonNull public java.util.List<java.lang.Integer> getIntegrityAlgorithms();
+ field public static final int DH_GROUP_1024_BIT_MODP = 2; // 0x2
+ field public static final int DH_GROUP_2048_BIT_MODP = 14; // 0xe
+ field public static final int DH_GROUP_NONE = 0; // 0x0
+ field public static final int ENCRYPTION_ALGORITHM_3DES = 3; // 0x3
+ field public static final int ENCRYPTION_ALGORITHM_AES_CBC = 12; // 0xc
+ field public static final int ENCRYPTION_ALGORITHM_AES_GCM_12 = 19; // 0x13
+ field public static final int ENCRYPTION_ALGORITHM_AES_GCM_16 = 20; // 0x14
+ field public static final int ENCRYPTION_ALGORITHM_AES_GCM_8 = 18; // 0x12
+ field public static final int INTEGRITY_ALGORITHM_AES_XCBC_96 = 5; // 0x5
+ field public static final int INTEGRITY_ALGORITHM_HMAC_SHA1_96 = 2; // 0x2
+ field public static final int INTEGRITY_ALGORITHM_HMAC_SHA2_256_128 = 12; // 0xc
+ field public static final int INTEGRITY_ALGORITHM_HMAC_SHA2_384_192 = 13; // 0xd
+ field public static final int INTEGRITY_ALGORITHM_HMAC_SHA2_512_256 = 14; // 0xe
+ field public static final int INTEGRITY_ALGORITHM_NONE = 0; // 0x0
+ field public static final int KEY_LEN_AES_128 = 128; // 0x80
+ field public static final int KEY_LEN_AES_192 = 192; // 0xc0
+ field public static final int KEY_LEN_AES_256 = 256; // 0x100
+ field public static final int KEY_LEN_UNUSED = 0; // 0x0
+ field public static final int PSEUDORANDOM_FUNCTION_AES128_XCBC = 4; // 0x4
+ field public static final int PSEUDORANDOM_FUNCTION_HMAC_SHA1 = 2; // 0x2
+ field public static final int PSEUDORANDOM_FUNCTION_SHA2_256 = 5; // 0x5
+ field public static final int PSEUDORANDOM_FUNCTION_SHA2_384 = 6; // 0x6
+ field public static final int PSEUDORANDOM_FUNCTION_SHA2_512 = 7; // 0x7
+ }
+
+ public final class TransportModeChildSessionParams extends android.net.ipsec.ike.ChildSessionParams {
+ }
+
public static final class TransportModeChildSessionParams.Builder {
- method @Deprecated @NonNull public android.net.ipsec.ike.TransportModeChildSessionParams.Builder addSaProposal(@NonNull android.net.ipsec.ike.ChildSaProposal);
+ ctor public TransportModeChildSessionParams.Builder();
+ method @NonNull public android.net.ipsec.ike.TransportModeChildSessionParams.Builder addInboundTrafficSelectors(@NonNull android.net.ipsec.ike.IkeTrafficSelector);
+ method @NonNull public android.net.ipsec.ike.TransportModeChildSessionParams.Builder addOutboundTrafficSelectors(@NonNull android.net.ipsec.ike.IkeTrafficSelector);
+ method @NonNull public android.net.ipsec.ike.TransportModeChildSessionParams.Builder addSaProposal(@NonNull android.net.ipsec.ike.ChildSaProposal);
+ method @NonNull public android.net.ipsec.ike.TransportModeChildSessionParams build();
+ method @NonNull public android.net.ipsec.ike.TransportModeChildSessionParams.Builder setLifetimeSeconds(@IntRange(from=0x12c, to=0x3840) int, @IntRange(from=0x78, to=0x3840) int);
+ }
+
+ public final class TunnelModeChildSessionParams extends android.net.ipsec.ike.ChildSessionParams {
+ method @NonNull public java.util.List<android.net.ipsec.ike.TunnelModeChildSessionParams.TunnelModeChildConfigRequest> getConfigurationRequests();
}
public static final class TunnelModeChildSessionParams.Builder {
- method @Deprecated @NonNull public android.net.ipsec.ike.TunnelModeChildSessionParams.Builder addSaProposal(@NonNull android.net.ipsec.ike.ChildSaProposal);
+ ctor public TunnelModeChildSessionParams.Builder();
+ method @NonNull public android.net.ipsec.ike.TunnelModeChildSessionParams.Builder addInboundTrafficSelectors(@NonNull android.net.ipsec.ike.IkeTrafficSelector);
+ method @NonNull public android.net.ipsec.ike.TunnelModeChildSessionParams.Builder addInternalAddressRequest(int);
+ method @NonNull public android.net.ipsec.ike.TunnelModeChildSessionParams.Builder addInternalAddressRequest(@NonNull java.net.Inet4Address);
+ method @NonNull public android.net.ipsec.ike.TunnelModeChildSessionParams.Builder addInternalAddressRequest(@NonNull java.net.Inet6Address, int);
+ method @NonNull public android.net.ipsec.ike.TunnelModeChildSessionParams.Builder addInternalDhcpServerRequest(int);
+ method @NonNull public android.net.ipsec.ike.TunnelModeChildSessionParams.Builder addInternalDnsServerRequest(int);
+ method @NonNull public android.net.ipsec.ike.TunnelModeChildSessionParams.Builder addOutboundTrafficSelectors(@NonNull android.net.ipsec.ike.IkeTrafficSelector);
+ method @NonNull public android.net.ipsec.ike.TunnelModeChildSessionParams.Builder addSaProposal(@NonNull android.net.ipsec.ike.ChildSaProposal);
+ method @NonNull public android.net.ipsec.ike.TunnelModeChildSessionParams build();
+ method @NonNull public android.net.ipsec.ike.TunnelModeChildSessionParams.Builder setLifetimeSeconds(@IntRange(from=0x12c, to=0x3840) int, @IntRange(from=0x78, to=0x3840) int);
+ }
+
+ public static interface TunnelModeChildSessionParams.ConfigRequestIpv4Address extends android.net.ipsec.ike.TunnelModeChildSessionParams.TunnelModeChildConfigRequest {
+ method @Nullable public java.net.Inet4Address getAddress();
+ }
+
+ public static interface TunnelModeChildSessionParams.ConfigRequestIpv4DhcpServer extends android.net.ipsec.ike.TunnelModeChildSessionParams.TunnelModeChildConfigRequest {
+ }
+
+ public static interface TunnelModeChildSessionParams.ConfigRequestIpv4DnsServer extends android.net.ipsec.ike.TunnelModeChildSessionParams.TunnelModeChildConfigRequest {
+ }
+
+ public static interface TunnelModeChildSessionParams.ConfigRequestIpv4Netmask extends android.net.ipsec.ike.TunnelModeChildSessionParams.TunnelModeChildConfigRequest {
+ }
+
+ public static interface TunnelModeChildSessionParams.ConfigRequestIpv6Address extends android.net.ipsec.ike.TunnelModeChildSessionParams.TunnelModeChildConfigRequest {
+ method @Nullable public java.net.Inet6Address getAddress();
+ method public int getPrefixLength();
+ }
+
+ public static interface TunnelModeChildSessionParams.ConfigRequestIpv6DnsServer extends android.net.ipsec.ike.TunnelModeChildSessionParams.TunnelModeChildConfigRequest {
+ }
+
+ public static interface TunnelModeChildSessionParams.TunnelModeChildConfigRequest {
}
}
package android.net.ipsec.ike.exceptions {
+ public abstract class IkeException extends java.lang.Exception {
+ }
+
+ public final class IkeInternalException extends android.net.ipsec.ike.exceptions.IkeException {
+ }
+
public abstract class IkeProtocolException extends android.net.ipsec.ike.exceptions.IkeException {
method @Nullable public byte[] getErrorData();
- }
-
-}
-
-package android.net.ipsec.ike.ike3gpp {
-
- public final class Ike3gppBackoffTimer extends android.net.ipsec.ike.ike3gpp.Ike3gppData {
- ctor public Ike3gppBackoffTimer(byte, int);
- method public int getBackoffCause();
- method public byte getBackoffTimer();
- method public int getDataType();
- field public static final int ERROR_TYPE_NETWORK_FAILURE = 10500; // 0x2904
- field public static final int ERROR_TYPE_NO_APN_SUBSCRIPTION = 9002; // 0x232a
- }
-
- public abstract class Ike3gppData {
- method public abstract int getDataType();
- field public static final int DATA_TYPE_NOTIFY_BACKOFF_TIMER = 2; // 0x2
- field public static final int DATA_TYPE_NOTIFY_N1_MODE_INFORMATION = 1; // 0x1
- }
-
- public final class Ike3gppExtension {
- ctor public Ike3gppExtension(@NonNull android.net.ipsec.ike.ike3gpp.Ike3gppParams, @NonNull android.net.ipsec.ike.ike3gpp.Ike3gppExtension.Ike3gppDataListener);
- method @NonNull public android.net.ipsec.ike.ike3gpp.Ike3gppExtension.Ike3gppDataListener getIke3gppDataListener();
- method @NonNull public android.net.ipsec.ike.ike3gpp.Ike3gppParams getIke3gppParams();
- }
-
- public static interface Ike3gppExtension.Ike3gppDataListener {
- method public void onIke3gppDataReceived(@NonNull java.util.List<android.net.ipsec.ike.ike3gpp.Ike3gppData>);
- }
-
- public final class Ike3gppN1ModeInformation extends android.net.ipsec.ike.ike3gpp.Ike3gppData {
- ctor public Ike3gppN1ModeInformation(@NonNull byte[]);
- method public int getDataType();
- method @NonNull public byte[] getSnssai();
- }
-
- public final class Ike3gppParams {
- method public byte getPduSessionId();
- field public static final byte PDU_SESSION_ID_UNSET = 0; // 0x0
- }
-
- public static final class Ike3gppParams.Builder {
- ctor public Ike3gppParams.Builder();
- method @NonNull public android.net.ipsec.ike.ike3gpp.Ike3gppParams build();
- method @NonNull public android.net.ipsec.ike.ike3gpp.Ike3gppParams.Builder setPduSessionId(byte);
+ method public int getErrorType();
+ field public static final int ERROR_TYPE_AUTHENTICATION_FAILED = 24; // 0x18
+ field public static final int ERROR_TYPE_CHILD_SA_NOT_FOUND = 44; // 0x2c
+ field public static final int ERROR_TYPE_FAILED_CP_REQUIRED = 37; // 0x25
+ field public static final int ERROR_TYPE_INTERNAL_ADDRESS_FAILURE = 36; // 0x24
+ field public static final int ERROR_TYPE_INVALID_IKE_SPI = 4; // 0x4
+ field public static final int ERROR_TYPE_INVALID_KE_PAYLOAD = 17; // 0x11
+ field public static final int ERROR_TYPE_INVALID_MAJOR_VERSION = 5; // 0x5
+ field public static final int ERROR_TYPE_INVALID_MESSAGE_ID = 9; // 0x9
+ field public static final int ERROR_TYPE_INVALID_SELECTORS = 39; // 0x27
+ field public static final int ERROR_TYPE_INVALID_SYNTAX = 7; // 0x7
+ field public static final int ERROR_TYPE_NO_ADDITIONAL_SAS = 35; // 0x23
+ field public static final int ERROR_TYPE_NO_PROPOSAL_CHOSEN = 14; // 0xe
+ field public static final int ERROR_TYPE_SINGLE_PAIR_REQUIRED = 34; // 0x22
+ field public static final int ERROR_TYPE_TEMPORARY_FAILURE = 43; // 0x2b
+ field public static final int ERROR_TYPE_TS_UNACCEPTABLE = 38; // 0x26
+ field public static final int ERROR_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD = 1; // 0x1
}
}
diff --git a/jarjar-rules-shared.txt b/jarjar-rules-shared.txt
index 7d3bea4..09d6efa 100644
--- a/jarjar-rules-shared.txt
+++ b/jarjar-rules-shared.txt
@@ -1,7 +1,5 @@
rule android.annotation.StringDef com.android.internal.net.ipsec.annotation.StringDef
rule android.net.annotations.PolicyDirection com.android.internal.net.ipsec.ike.annotations.PolicyDirection
rule android.telephony.Annotation* com.android.internal.net.eap.telephony.Annotation@1
-rule com.android.server.vcn.util.PersistableBundleUtils* com.android.internal.net.vcn.util.PersistableBundleUtils@1
rule com.android.internal.util.** com.android.internal.net.ipsec.ike.utils.@1
-rule com.android.modules.utils.** com.android.internal.net.utils.@1
rule org.bouncycastle.** com.android.internal.net.org.bouncycastle.@1
diff --git a/jarjar-rules-test.txt b/jarjar-rules-test.txt
deleted file mode 100644
index 11020ab..0000000
--- a/jarjar-rules-test.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-rule android.net.eap.** android.net.eap.test.@1
-rule android.net.ipsec.** android.net.ipsec.test.@1
-rule com.android.internal.net.**.** com.android.internal.net.@1.test.@2
-rule android.annotation.StringDef com.android.internal.net.ipsec.test.annotation.StringDef
-rule android.net.annotations.PolicyDirection com.android.internal.net.ipsec.test.ike.annotations.PolicyDirection
-rule android.telephony.Annotation* com.android.internal.net.eap.test.telephony.Annotation@1
-rule com.android.server.vcn.util.PersistableBundleUtils* com.android.internal.net.vcn.test.util.PersistableBundleUtils@1
-rule com.android.internal.util.** com.android.internal.net.ipsec.test.ike.utils.@1
-rule com.android.modules.utils.** com.android.internal.net.utils.test.@1
-rule org.bouncycastle.** com.android.internal.net.org.bouncycastle.test.@1
diff --git a/src/java/android/net/eap/EapSessionConfig.java b/src/java/android/net/eap/EapSessionConfig.java
index 2a09cd3..1da899e 100644
--- a/src/java/android/net/eap/EapSessionConfig.java
+++ b/src/java/android/net/eap/EapSessionConfig.java
@@ -16,38 +16,33 @@
package android.net.eap;
-import android.annotation.IntDef;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_AKA;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_AKA_PRIME;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_MSCHAP_V2;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_SIM;
+
import android.annotation.NonNull;
import android.annotation.Nullable;
import android.annotation.SystemApi;
-import android.os.PersistableBundle;
import android.telephony.Annotation.UiccAppType;
import com.android.internal.annotations.VisibleForTesting;
-import com.android.internal.net.ipsec.ike.utils.IkeCertUtils;
-import com.android.server.vcn.util.PersistableBundleUtils;
+import com.android.internal.net.eap.message.EapData.EapMethod;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.TrustAnchor;
-import java.security.cert.X509Certificate;
-import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
-
/**
* EapSessionConfig represents a container for EAP method configuration.
*
* <p>The EAP authentication server decides which EAP method is used, so clients are encouraged to
* provide configs for several EAP methods.
+ *
+ * @hide
*/
+@SystemApi
public final class EapSessionConfig {
- private static final String EAP_ID_KEY = "eapIdentity";
- private static final String EAP_METHOD_CONFIGS_KEY = "eapConfigs";
-
private static final byte[] DEFAULT_IDENTITY = new byte[0];
// IANA -> EapMethodConfig for that method
@@ -74,58 +69,6 @@
return mEapConfigs;
}
- /**
- * Constructs this object by deserializing a PersistableBundle *
- *
- * <p>Constructed EapSessionConfigs are guaranteed to be valid, as checked by the
- * EapSessionConfig.Builder
- *
- * @hide
- */
- @NonNull
- public static EapSessionConfig fromPersistableBundle(@NonNull PersistableBundle in) {
- Objects.requireNonNull(in, "PersistableBundle is null");
-
- EapSessionConfig.Builder builder = new EapSessionConfig.Builder();
-
- PersistableBundle eapIdBundle = in.getPersistableBundle(EAP_ID_KEY);
- Objects.requireNonNull(eapIdBundle, "EAP ID bundle is null");
- byte[] eapId = PersistableBundleUtils.toByteArray(eapIdBundle);
- builder.setEapIdentity(eapId);
-
- PersistableBundle configsBundle = in.getPersistableBundle(EAP_METHOD_CONFIGS_KEY);
- Objects.requireNonNull(configsBundle, "EAP method configs bundle is null");
- Map<Integer, EapMethodConfig> eapMethodConfigs =
- PersistableBundleUtils.toMap(
- configsBundle,
- PersistableBundleUtils.INTEGER_DESERIALIZER,
- EapMethodConfig::fromPersistableBundle);
- for (EapMethodConfig config : eapMethodConfigs.values()) {
- builder.addEapMethodConfig(config);
- }
-
- return builder.build();
- }
-
- /**
- * Serializes this object to a PersistableBundle
- *
- * @hide
- */
- @NonNull
- public PersistableBundle toPersistableBundle() {
- final PersistableBundle result = new PersistableBundle();
- result.putPersistableBundle(EAP_ID_KEY, PersistableBundleUtils.fromByteArray(mEapIdentity));
-
- final PersistableBundle configsBundle =
- PersistableBundleUtils.fromMap(
- mEapConfigs,
- PersistableBundleUtils.INTEGER_SERIALIZER,
- EapMethodConfig::toPersistableBundle);
- result.putPersistableBundle(EAP_METHOD_CONFIGS_KEY, configsBundle);
- return result;
- }
-
/** Retrieves client's EAP Identity */
@NonNull
public byte[] getEapIdentity() {
@@ -139,7 +82,7 @@
*/
@Nullable
public EapSimConfig getEapSimConfig() {
- return (EapSimConfig) mEapConfigs.get(EapMethodConfig.EAP_TYPE_SIM);
+ return (EapSimConfig) mEapConfigs.get(EAP_TYPE_SIM);
}
/**
@@ -149,7 +92,7 @@
*/
@Nullable
public EapAkaConfig getEapAkaConfig() {
- return (EapAkaConfig) mEapConfigs.get(EapMethodConfig.EAP_TYPE_AKA);
+ return (EapAkaConfig) mEapConfigs.get(EAP_TYPE_AKA);
}
/**
@@ -159,7 +102,7 @@
*/
@Nullable
public EapAkaPrimeConfig getEapAkaPrimeConfig() {
- return (EapAkaPrimeConfig) mEapConfigs.get(EapMethodConfig.EAP_TYPE_AKA_PRIME);
+ return (EapAkaPrimeConfig) mEapConfigs.get(EAP_TYPE_AKA_PRIME);
}
/**
@@ -168,50 +111,8 @@
* @return the configuration for EAP MSCHAPV2, or null if it was not set
*/
@Nullable
- public EapMsChapV2Config getEapMsChapV2Config() {
- return (EapMsChapV2Config) mEapConfigs.get(EapMethodConfig.EAP_TYPE_MSCHAP_V2);
- }
-
- /**
- * Retrieves configuration for EAP MSCHAPV2
- *
- * @return the configuration for EAP MSCHAPV2, or null if it was not set
- * @hide
- * @deprecated Callers should use {@link #getEapMsChapV2Config}
- */
- @Deprecated
- @SystemApi
- @Nullable
public EapMsChapV2Config getEapMsChapV2onfig() {
- return getEapMsChapV2Config();
- }
-
- /**
- * Retrieves configuration for EAP-TTLS
- *
- * @return the configuration for EAP-TTLS, or null if it was not set
- */
- @Nullable
- public EapTtlsConfig getEapTtlsConfig() {
- return (EapTtlsConfig) mEapConfigs.get(EapMethodConfig.EAP_TYPE_TTLS);
- }
-
- /** @hide */
- @Override
- public int hashCode() {
- return Objects.hash(Arrays.hashCode(mEapIdentity), mEapConfigs);
- }
-
- /** @hide */
- @Override
- public boolean equals(Object o) {
- if (!(o instanceof EapSessionConfig)) {
- return false;
- }
-
- EapSessionConfig other = (EapSessionConfig) o;
- return Arrays.equals(mEapIdentity, other.mEapIdentity)
- && mEapConfigs.equals(other.mEapConfigs);
+ return (EapMsChapV2Config) mEapConfigs.get(EAP_TYPE_MSCHAP_V2);
}
/** This class can be used to incrementally construct an {@link EapSessionConfig}. */
@@ -247,7 +148,7 @@
*/
@NonNull
public Builder setEapSimConfig(int subId, @UiccAppType int apptype) {
- mEapConfigs.put(EapMethodConfig.EAP_TYPE_SIM, new EapSimConfig(subId, apptype));
+ mEapConfigs.put(EAP_TYPE_SIM, new EapSimConfig(subId, apptype));
return this;
}
@@ -260,7 +161,7 @@
*/
@NonNull
public Builder setEapAkaConfig(int subId, @UiccAppType int apptype) {
- mEapConfigs.put(EapMethodConfig.EAP_TYPE_AKA, new EapAkaConfig(subId, apptype));
+ mEapConfigs.put(EAP_TYPE_AKA, new EapAkaConfig(subId, apptype));
return this;
}
@@ -283,7 +184,7 @@
@NonNull String networkName,
boolean allowMismatchedNetworkNames) {
mEapConfigs.put(
- EapMethodConfig.EAP_TYPE_AKA_PRIME,
+ EAP_TYPE_AKA_PRIME,
new EapAkaPrimeConfig(
subId, apptype, networkName, allowMismatchedNetworkNames));
return this;
@@ -298,46 +199,7 @@
*/
@NonNull
public Builder setEapMsChapV2Config(@NonNull String username, @NonNull String password) {
- mEapConfigs.put(
- EapMethodConfig.EAP_TYPE_MSCHAP_V2, new EapMsChapV2Config(username, password));
- return this;
- }
-
- /**
- * Sets the configuration for EAP-TTLS.
- *
- * <p>Tunneled EAP-TTLS authentications are disallowed, as running multiple layers of
- * EAP-TTLS increases the data footprint but has no discernible benefits over a single
- * EAP-TTLS session with a non EAP-TTLS method nested inside it.
- *
- * @param serverCaCert the CA certificate for validating the received server certificate(s).
- * If a certificate is provided, it MUST be the root CA used by the server, or
- * authentication will fail. If no certificate is provided, any root CA in the system's
- * truststore is considered acceptable.
- * @param innerEapSessionConfig represents the configuration for the inner EAP instance
- * @return Builder this, to facilitate chaining
- */
- @NonNull
- public Builder setEapTtlsConfig(
- @Nullable X509Certificate serverCaCert,
- @NonNull EapSessionConfig innerEapSessionConfig) {
- mEapConfigs.put(
- EapMethodConfig.EAP_TYPE_TTLS,
- new EapTtlsConfig(serverCaCert, innerEapSessionConfig));
- return this;
- }
-
- /**
- * Adds an EAP method configuration. Internal use only.
- *
- * <p>This method will override the previously set configuration with the same method type.
- *
- * @hide
- */
- @NonNull
- public Builder addEapMethodConfig(@NonNull EapMethodConfig config) {
- Objects.requireNonNull(config, "EapMethodConfig is null");
- mEapConfigs.put(config.mMethodType, config);
+ mEapConfigs.put(EAP_TYPE_MSCHAP_V2, new EapMsChapV2Config(username, password));
return this;
}
@@ -357,75 +219,10 @@
}
}
- /** EapMethodConfig represents a generic EAP method configuration. */
+ /**
+ * EapMethodConfig represents a generic EAP method configuration.
+ */
public abstract static class EapMethodConfig {
- private static final String METHOD_TYPE = "methodType";
-
- /** @hide */
- @Retention(RetentionPolicy.SOURCE)
- @IntDef({EAP_TYPE_SIM, EAP_TYPE_TTLS, EAP_TYPE_AKA, EAP_TYPE_MSCHAP_V2, EAP_TYPE_AKA_PRIME})
- public @interface EapMethod {}
-
- // EAP Type values defined by IANA
- // @see https://www.iana.org/assignments/eap-numbers/eap-numbers.xhtml
- /**
- * EAP-Type value for the EAP-SIM method.
- *
- * <p>To include EAP-SIM as an authentication method, see {@link
- * EapSessionConfig.Builder#setEapSimConfig(int, int)}.
- *
- * @see <a href="https://tools.ietf.org/html/rfc4186">RFC 4186, Extensible Authentication
- * Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity
- * Modules (EAP-SIM)</a>
- */
- public static final int EAP_TYPE_SIM = 18;
-
- /**
- * EAP-Type value for the EAP-TTLS method.
- *
- * <p>To include EAP-TTLS as an authentication method, see {@link
- * EapSessionConfig.Builder#setEapTtlsConfig(X509Certificate, EapSessionConfig)}.
- *
- * @see <a href="https://tools.ietf.org/html/rfc5281">RFC 5281, Extensible Authentication
- * Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0
- * (EAP-TTLSv0)</a>
- */
- public static final int EAP_TYPE_TTLS = 21;
-
- /**
- * EAP-Type value for the EAP-AKA method.
- *
- * <p>To include EAP-AKA as an authentication method, see {@link
- * EapSessionConfig.Builder#setEapAkaConfig(int, int)}.
- *
- * @see <a href="https://tools.ietf.org/html/rfc4187">RFC 4187, Extensible Authentication
- * Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA)</a>
- */
- public static final int EAP_TYPE_AKA = 23;
-
- /**
- * EAP-Type value for the EAP-MS-CHAPv2 method.
- *
- * <p>To include EAP-MS-CHAPv2 as an authentication method, see {@link
- * EapSessionConfig.Builder#setEapMsChapV2Config(String, String)}.
- *
- * @see <a href="https://tools.ietf.org/html/draft-kamath-pppext-eap-mschapv2-02">Microsoft
- * EAP CHAP Extensions Draft (EAP MSCHAPv2)</a>
- */
- public static final int EAP_TYPE_MSCHAP_V2 = 26;
-
- /**
- * EAP-Type value for the EAP-AKA' method.
- *
- * <p>To include EAP-AKA' as an authentication method, see {@link
- * EapSessionConfig.Builder#setEapAkaPrimeConfig(int, int, String, boolean)}.
- *
- * @see <a href="https://tools.ietf.org/html/rfc5448">RFC 5448, Improved Extensible
- * Authentication Protocol Method for 3rd Generation Authentication and Key Agreement
- * (EAP-AKA')</a>
- */
- public static final int EAP_TYPE_AKA_PRIME = 50;
-
@EapMethod private final int mMethodType;
/** @hide */
@@ -434,44 +231,6 @@
}
/**
- * Constructs this object by deserializing a PersistableBundle
- *
- * @hide
- */
- @NonNull
- public static EapMethodConfig fromPersistableBundle(PersistableBundle in) {
- Objects.requireNonNull(in, "PersistableBundle is null");
-
- int methodType = in.getInt(METHOD_TYPE);
- switch (methodType) {
- case EAP_TYPE_SIM:
- return EapSimConfig.fromPersistableBundle(in);
- case EAP_TYPE_AKA:
- return EapAkaConfig.fromPersistableBundle(in);
- case EAP_TYPE_AKA_PRIME:
- return EapAkaPrimeConfig.fromPersistableBundle(in);
- case EAP_TYPE_MSCHAP_V2:
- return EapMsChapV2Config.fromPersistableBundle(in);
- case EAP_TYPE_TTLS:
- return EapTtlsConfig.fromPersistableBundle(in);
- default:
- throw new IllegalArgumentException("Invalid EAP Type: " + methodType);
- }
- }
-
- /**
- * Serializes this object to a PersistableBundle
- *
- * @hide
- */
- @NonNull
- protected PersistableBundle toPersistableBundle() {
- final PersistableBundle result = new PersistableBundle();
- result.putInt(METHOD_TYPE, mMethodType);
- return result;
- }
-
- /**
* Retrieves the EAP method type
*
* @return the IANA-defined EAP method constant
@@ -493,40 +252,13 @@
public boolean isEapOnlySafeMethod() {
return false;
}
-
- /** @hide */
- @Override
- public int hashCode() {
- return Objects.hash(mMethodType);
- }
-
- /** @hide */
- @Override
- public boolean equals(Object o) {
- if (!(o instanceof EapMethodConfig)) {
- return false;
- }
-
- return mMethodType == ((EapMethodConfig) o).mMethodType;
- }
}
/**
* EapUiccConfig represents the configs needed for EAP methods that rely on UICC cards for
* authentication.
- *
- * @hide
- * @deprecated This class is not useful. Callers should only use its two subclasses {@link
- * EapSimConfig} and {@link EapAkaConfig}
*/
- @Deprecated
- @SystemApi
public abstract static class EapUiccConfig extends EapMethodConfig {
- /** @hide */
- protected static final String SUB_ID_KEY = "subId";
- /** @hide */
- protected static final String APP_TYPE_KEY = "apptype";
-
private final int mSubId;
private final int mApptype;
@@ -537,21 +269,6 @@
}
/**
- * Serializes this object to a PersistableBundle
- *
- * @hide
- */
- @Override
- @NonNull
- protected PersistableBundle toPersistableBundle() {
- final PersistableBundle result = super.toPersistableBundle();
- result.putInt(SUB_ID_KEY, mSubId);
- result.putInt(APP_TYPE_KEY, mApptype);
-
- return result;
- }
-
- /**
* Retrieves the subId
*
* @return the subId
@@ -574,24 +291,6 @@
public boolean isEapOnlySafeMethod() {
return true;
}
-
- /** @hide */
- @Override
- public int hashCode() {
- return Objects.hash(super.hashCode(), mSubId, mApptype);
- }
-
- /** @hide */
- @Override
- public boolean equals(Object o) {
- if (!super.equals(o) || !(o instanceof EapUiccConfig)) {
- return false;
- }
-
- EapUiccConfig other = (EapUiccConfig) o;
-
- return mSubId == other.mSubId && mApptype == other.mApptype;
- }
}
/**
@@ -603,17 +302,6 @@
public EapSimConfig(int subId, @UiccAppType int apptype) {
super(EAP_TYPE_SIM, subId, apptype);
}
-
- /**
- * Constructs this object by deserializing a PersistableBundle
- *
- * @hide
- */
- @NonNull
- public static EapSimConfig fromPersistableBundle(@NonNull PersistableBundle in) {
- Objects.requireNonNull(in, "PersistableBundle is null");
- return new EapSimConfig(in.getInt(SUB_ID_KEY), in.getInt(APP_TYPE_KEY));
- }
}
/**
@@ -630,26 +318,12 @@
EapAkaConfig(int methodType, int subId, @UiccAppType int apptype) {
super(methodType, subId, apptype);
}
-
- /**
- * Constructs this object by deserializing a PersistableBundle
- *
- * @hide
- */
- @NonNull
- public static EapAkaConfig fromPersistableBundle(@NonNull PersistableBundle in) {
- Objects.requireNonNull(in, "PersistableBundle is null");
- return new EapAkaConfig(in.getInt(SUB_ID_KEY), in.getInt(APP_TYPE_KEY));
- }
}
/**
* EapAkaPrimeConfig represents the configs needed for an EAP-AKA' session.
*/
public static class EapAkaPrimeConfig extends EapAkaConfig {
- private static final String NETWORK_NAME_KEY = "networkName";
- private static final String ALL_MISMATCHED_NETWORK_KEY = "allowMismatchedNetworkNames";
-
@NonNull private final String mNetworkName;
private final boolean mAllowMismatchedNetworkNames;
@@ -669,36 +343,6 @@
}
/**
- * Constructs this object by deserializing a PersistableBundle
- *
- * @hide
- */
- @NonNull
- public static EapAkaPrimeConfig fromPersistableBundle(@NonNull PersistableBundle in) {
- Objects.requireNonNull(in, "PersistableBundle is null");
- return new EapAkaPrimeConfig(
- in.getInt(SUB_ID_KEY),
- in.getInt(APP_TYPE_KEY),
- in.getString(NETWORK_NAME_KEY),
- in.getBoolean(ALL_MISMATCHED_NETWORK_KEY));
- }
-
- /**
- * Serializes this object to a PersistableBundle
- *
- * @hide
- */
- @Override
- @NonNull
- protected PersistableBundle toPersistableBundle() {
- final PersistableBundle result = super.toPersistableBundle();
- result.putString(NETWORK_NAME_KEY, mNetworkName);
- result.putBoolean(ALL_MISMATCHED_NETWORK_KEY, mAllowMismatchedNetworkNames);
-
- return result;
- }
-
- /**
* Retrieves the UICC app type
*
* @return the {@link UiccAppType} constant
@@ -716,34 +360,12 @@
public boolean allowsMismatchedNetworkNames() {
return mAllowMismatchedNetworkNames;
}
-
- /** @hide */
- @Override
- public int hashCode() {
- return Objects.hash(super.hashCode(), mNetworkName, mAllowMismatchedNetworkNames);
- }
-
- /** @hide */
- @Override
- public boolean equals(Object o) {
- if (!super.equals(o) || !(o instanceof EapAkaPrimeConfig)) {
- return false;
- }
-
- EapAkaPrimeConfig other = (EapAkaPrimeConfig) o;
-
- return mNetworkName.equals(other.mNetworkName)
- && mAllowMismatchedNetworkNames == other.mAllowMismatchedNetworkNames;
- }
}
/**
* EapMsChapV2Config represents the configs needed for an EAP MSCHAPv2 session.
*/
public static class EapMsChapV2Config extends EapMethodConfig {
- private static final String USERNAME_KEY = "username";
- private static final String PASSWORD_KEY = "password";
-
@NonNull private final String mUsername;
@NonNull private final String mPassword;
@@ -760,32 +382,6 @@
}
/**
- * Constructs this object by deserializing a PersistableBundle
- *
- * @hide
- */
- @NonNull
- public static EapMsChapV2Config fromPersistableBundle(@NonNull PersistableBundle in) {
- Objects.requireNonNull(in, "PersistableBundle is null");
- return new EapMsChapV2Config(in.getString(USERNAME_KEY), in.getString(PASSWORD_KEY));
- }
-
- /**
- * Serializes this object to a PersistableBundle
- *
- * @hide
- */
- @Override
- @NonNull
- protected PersistableBundle toPersistableBundle() {
- final PersistableBundle result = super.toPersistableBundle();
- result.putString(USERNAME_KEY, mUsername);
- result.putString(PASSWORD_KEY, mPassword);
-
- return result;
- }
-
- /**
* Retrieves the username
*
* @return the username to be used by MSCHAPV2
@@ -804,168 +400,6 @@
public String getPassword() {
return mPassword;
}
-
- /** @hide */
- @Override
- public int hashCode() {
- return Objects.hash(super.hashCode(), mUsername, mPassword);
- }
-
- /** @hide */
- @Override
- public boolean equals(Object o) {
- if (!super.equals(o) || !(o instanceof EapMsChapV2Config)) {
- return false;
- }
-
- EapMsChapV2Config other = (EapMsChapV2Config) o;
-
- return mUsername.equals(other.mUsername) && mPassword.equals(other.mPassword);
- }
- }
-
- /**
- * EapTtlsConfig represents the configs needed for an EAP-TTLS session.
- */
- public static class EapTtlsConfig extends EapMethodConfig {
- private static final String TRUST_CERT_KEY = "TRUST_CERT_KEY";
- private static final String EAP_SESSION_CONFIG_KEY = "EAP_SESSION_CONFIG_KEY";
-
- @Nullable private final TrustAnchor mOverrideTrustAnchor;
- @NonNull private final EapSessionConfig mInnerEapSessionConfig;
-
- /** @hide */
- @VisibleForTesting
- public EapTtlsConfig(
- @Nullable X509Certificate serverCaCert,
- @NonNull EapSessionConfig innerEapSessionConfig) {
- super(EAP_TYPE_TTLS);
- mInnerEapSessionConfig =
- Objects.requireNonNull(
- innerEapSessionConfig, "innerEapSessionConfig must not be null");
- if (mInnerEapSessionConfig.getEapConfigs().containsKey(EAP_TYPE_TTLS)) {
- throw new IllegalArgumentException("Recursive EAP-TTLS method configs not allowed");
- }
-
- mOverrideTrustAnchor =
- (serverCaCert == null)
- ? null
- : new TrustAnchor(serverCaCert, null /* nameConstraints */);
- }
-
- /**
- * Constructs this object by deserializing a PersistableBundle.
- *
- * @hide
- */
- @NonNull
- public static EapTtlsConfig fromPersistableBundle(@NonNull PersistableBundle in) {
- Objects.requireNonNull(in, "PersistableBundle is null");
-
- PersistableBundle trustCertBundle = in.getPersistableBundle(TRUST_CERT_KEY);
- X509Certificate caCert = null;
- if (trustCertBundle != null) {
- byte[] encodedCert = PersistableBundleUtils.toByteArray(trustCertBundle);
- caCert = IkeCertUtils.certificateFromByteArray(encodedCert);
- }
-
- PersistableBundle eapSessionConfigBundle =
- in.getPersistableBundle(EAP_SESSION_CONFIG_KEY);
- Objects.requireNonNull(eapSessionConfigBundle, "eapSessionConfigBundle is null");
- EapSessionConfig eapSessionConfig =
- EapSessionConfig.fromPersistableBundle(eapSessionConfigBundle);
-
- return new EapTtlsConfig(caCert, eapSessionConfig);
- }
-
- /**
- * Serializes this object to a PersistableBundle.
- *
- * @hide
- */
- @Override
- @NonNull
- protected PersistableBundle toPersistableBundle() {
- final PersistableBundle result = super.toPersistableBundle();
-
- try {
- if (mOverrideTrustAnchor != null) {
- result.putPersistableBundle(
- TRUST_CERT_KEY,
- PersistableBundleUtils.fromByteArray(
- mOverrideTrustAnchor.getTrustedCert().getEncoded()));
- }
-
- result.putPersistableBundle(
- EAP_SESSION_CONFIG_KEY, mInnerEapSessionConfig.toPersistableBundle());
- } catch (CertificateEncodingException e) {
- throw new IllegalArgumentException("Fail to encode the certificate");
- }
-
- return result;
- }
-
- /** @hide */
- @Override
- public boolean isEapOnlySafeMethod() {
- return true;
- }
-
- /**
- * Retrieves the provided CA certificate for validating the remote certificate(s)
- *
- * @return the CA certificate for validating the received server certificate or null if the
- * system default is preferred
- */
- @Nullable
- public X509Certificate getServerCaCert() {
- return (mOverrideTrustAnchor == null) ? null : mOverrideTrustAnchor.getTrustedCert();
- }
-
- /**
- * Retrieves the inner EAP session config
- *
- * @return an EapSessionConfig representing the config for tunneled EAP authentication
- */
- @NonNull
- public EapSessionConfig getInnerEapSessionConfig() {
- return mInnerEapSessionConfig;
- }
-
- /** @hide */
- @Override
- public int hashCode() {
- // Use #getTrustedCert() because TrustAnchor does not override #hashCode()
-
- return Objects.hash(
- super.hashCode(),
- mInnerEapSessionConfig,
- (mOverrideTrustAnchor == null) ? null : mOverrideTrustAnchor.getTrustedCert());
- }
-
- /** @hide */
- @Override
- public boolean equals(Object o) {
- if (!super.equals(o) || !(o instanceof EapTtlsConfig)) {
- return false;
- }
-
- EapTtlsConfig other = (EapTtlsConfig) o;
-
- if (!Objects.equals(mInnerEapSessionConfig, other.mInnerEapSessionConfig)) {
- return false;
- }
-
- if (mOverrideTrustAnchor == null && other.mOverrideTrustAnchor == null) {
- return true;
- }
-
- return mOverrideTrustAnchor != null
- && other.mOverrideTrustAnchor != null
- && Objects.equals(
- mOverrideTrustAnchor.getTrustedCert(),
- other.mOverrideTrustAnchor.getTrustedCert());
- }
}
/**
diff --git a/src/java/android/net/ipsec/ike/ChildSaProposal.java b/src/java/android/net/ipsec/ike/ChildSaProposal.java
index b1c8f34..7318659 100644
--- a/src/java/android/net/ipsec/ike/ChildSaProposal.java
+++ b/src/java/android/net/ipsec/ike/ChildSaProposal.java
@@ -16,29 +16,18 @@
package android.net.ipsec.ike;
-import static com.android.internal.net.ipsec.ike.message.IkeSaPayload.EsnTransform.ESN_POLICY_NO_EXTENDED;
-
import android.annotation.NonNull;
-import android.annotation.SuppressLint;
-import android.net.IpSecAlgorithm;
-import android.os.PersistableBundle;
-import android.util.ArraySet;
+import android.annotation.SystemApi;
-import com.android.internal.net.ipsec.ike.crypto.IkeCipher;
-import com.android.internal.net.ipsec.ike.crypto.IkeMacIntegrity;
import com.android.internal.net.ipsec.ike.message.IkePayload;
import com.android.internal.net.ipsec.ike.message.IkeSaPayload.DhGroupTransform;
import com.android.internal.net.ipsec.ike.message.IkeSaPayload.EncryptionTransform;
import com.android.internal.net.ipsec.ike.message.IkeSaPayload.EsnTransform;
import com.android.internal.net.ipsec.ike.message.IkeSaPayload.IntegrityTransform;
import com.android.internal.net.ipsec.ike.message.IkeSaPayload.Transform;
-import com.android.modules.utils.build.SdkLevel;
-import com.android.server.vcn.util.PersistableBundleUtils;
import java.util.Arrays;
import java.util.List;
-import java.util.Objects;
-import java.util.Set;
/**
* ChildSaProposal represents a proposed configuration to negotiate a Child SA.
@@ -50,28 +39,10 @@
*
* @see <a href="https://tools.ietf.org/html/rfc7296#section-3.3">RFC 7296, Internet Key Exchange
* Protocol Version 2 (IKEv2)</a>
+ * @hide
*/
+@SystemApi
public final class ChildSaProposal extends SaProposal {
- // Before SDK S, there is no API in IpSecAlgorithm to retrieve supported algorithms. Thus hard
- // coded these algorithms here.
- private static final Set<Integer> SUPPORTED_IPSEC_ENCRYPTION_BEFORE_SDK_S;
- private static final Set<Integer> SUPPORTED_IPSEC_INTEGRITY_BEFORE_SDK_S;
-
- static {
- SUPPORTED_IPSEC_ENCRYPTION_BEFORE_SDK_S = new ArraySet<>();
- SUPPORTED_IPSEC_ENCRYPTION_BEFORE_SDK_S.add(ENCRYPTION_ALGORITHM_AES_CBC);
- SUPPORTED_IPSEC_ENCRYPTION_BEFORE_SDK_S.add(ENCRYPTION_ALGORITHM_AES_GCM_8);
- SUPPORTED_IPSEC_ENCRYPTION_BEFORE_SDK_S.add(ENCRYPTION_ALGORITHM_AES_GCM_12);
- SUPPORTED_IPSEC_ENCRYPTION_BEFORE_SDK_S.add(ENCRYPTION_ALGORITHM_AES_GCM_16);
-
- SUPPORTED_IPSEC_INTEGRITY_BEFORE_SDK_S = new ArraySet<>();
- SUPPORTED_IPSEC_INTEGRITY_BEFORE_SDK_S.add(INTEGRITY_ALGORITHM_HMAC_SHA1_96);
- SUPPORTED_IPSEC_INTEGRITY_BEFORE_SDK_S.add(INTEGRITY_ALGORITHM_HMAC_SHA2_256_128);
- SUPPORTED_IPSEC_INTEGRITY_BEFORE_SDK_S.add(INTEGRITY_ALGORITHM_HMAC_SHA2_384_192);
- SUPPORTED_IPSEC_INTEGRITY_BEFORE_SDK_S.add(INTEGRITY_ALGORITHM_HMAC_SHA2_512_256);
- }
-
- private static final String ESN_KEY = "mEsns";
private final EsnTransform[] mEsns;
/**
@@ -97,122 +68,6 @@
}
/**
- * Constructs this object by deserializing a PersistableBundle
- *
- * <p>Constructed proposals are guaranteed to be valid, as checked by the
- * ChildSaProposal.Builder.
- *
- * @hide
- */
- @NonNull
- public static ChildSaProposal fromPersistableBundle(@NonNull PersistableBundle in) {
- Objects.requireNonNull(in, "PersistableBundle is null");
-
- ChildSaProposal.Builder builder = new ChildSaProposal.Builder();
-
- PersistableBundle encryptionBundle = in.getPersistableBundle(ENCRYPT_ALGO_KEY);
- Objects.requireNonNull(encryptionBundle, "Encryption algo bundle is null");
- List<EncryptionTransform> encryptList =
- PersistableBundleUtils.toList(
- encryptionBundle, EncryptionTransform::fromPersistableBundle);
- for (EncryptionTransform t : encryptList) {
- builder.addEncryptionAlgorithm(t.id, t.getSpecifiedKeyLength());
- }
-
- int[] integrityAlgoIdArray = in.getIntArray(INTEGRITY_ALGO_KEY);
- Objects.requireNonNull(integrityAlgoIdArray, "Integrity algo array is null");
- for (int algo : integrityAlgoIdArray) {
- builder.addIntegrityAlgorithm(algo);
- }
-
- int[] dhGroupArray = in.getIntArray(DH_GROUP_KEY);
- Objects.requireNonNull(dhGroupArray, "DH Group array is null");
- for (int dh : dhGroupArray) {
- builder.addDhGroup(dh);
- }
-
- int[] esnPolicies = in.getIntArray(ESN_KEY);
- Objects.requireNonNull(esnPolicies, "ESN policy array is null");
-
- for (int p : esnPolicies) {
- switch (p) {
- case ESN_POLICY_NO_EXTENDED:
- // Ignored. All ChildSaProposal(s) are proposed with this automatically
- break;
- default:
- throw new IllegalArgumentException(
- "Proposing ESN policy: " + p + " is unsupported");
- }
- }
-
- return builder.build();
- }
-
- /**
- * Serializes this object to a PersistableBundle
- *
- * @hide
- */
- @Override
- @NonNull
- public PersistableBundle toPersistableBundle() {
- final PersistableBundle result = super.toPersistableBundle();
- int[] esnPolicies = Arrays.asList(mEsns).stream().mapToInt(esn -> esn.id).toArray();
- result.putIntArray(ESN_KEY, esnPolicies);
-
- return result;
- }
-
- /**
- * Returns supported encryption algorithms for Child SA proposal negotiation.
- *
- * <p>Some algorithms may not be supported on old devices.
- */
- @NonNull
- public static Set<Integer> getSupportedEncryptionAlgorithms() {
- if (SdkLevel.isAtLeastS()) {
- Set<Integer> algoIds = new ArraySet<>();
- for (int i = 0; i < SUPPORTED_ENCRYPTION_ALGO_TO_STR.size(); i++) {
- int ikeAlgoId = SUPPORTED_ENCRYPTION_ALGO_TO_STR.keyAt(i);
- String ipSecAlgoName = IkeCipher.getIpSecAlgorithmName(ikeAlgoId);
- if (IpSecAlgorithm.getSupportedAlgorithms().contains(ipSecAlgoName)) {
- algoIds.add(ikeAlgoId);
- }
- }
- return algoIds;
- } else {
- return SUPPORTED_IPSEC_ENCRYPTION_BEFORE_SDK_S;
- }
- }
-
- /**
- * Returns supported integrity algorithms for Child SA proposal negotiation.
- *
- * <p>Some algorithms may not be supported on old devices.
- */
- @NonNull
- public static Set<Integer> getSupportedIntegrityAlgorithms() {
- Set<Integer> algoIds = new ArraySet<>();
-
- // Although IpSecAlgorithm does not support INTEGRITY_ALGORITHM_NONE, IKE supports
- // negotiating it and won't build IpSecAlgorithm with it.
- algoIds.add(INTEGRITY_ALGORITHM_NONE);
-
- if (SdkLevel.isAtLeastS()) {
- for (int i = 0; i < SUPPORTED_INTEGRITY_ALGO_TO_STR.size(); i++) {
- int ikeAlgoId = SUPPORTED_INTEGRITY_ALGO_TO_STR.keyAt(i);
- String ipSecAlgoName = IkeMacIntegrity.getIpSecAlgorithmName(ikeAlgoId);
- if (IpSecAlgorithm.getSupportedAlgorithms().contains(ipSecAlgoName)) {
- algoIds.add(ikeAlgoId);
- }
- }
- } else {
- algoIds.addAll(SUPPORTED_IPSEC_INTEGRITY_BEFORE_SDK_S);
- }
- return algoIds;
- }
-
- /**
* Gets all ESN policies.
*
* @hide
@@ -271,39 +126,24 @@
getEsnTransforms());
}
- @Override
- public int hashCode() {
- return Objects.hash(super.hashCode(), Arrays.hashCode(mEsns));
- }
-
- @Override
- public boolean equals(Object o) {
- if (!super.equals(o) || !(o instanceof ChildSaProposal)) {
- return false;
- }
-
- return Arrays.equals(mEsns, ((ChildSaProposal) o).mEsns);
- }
-
/**
* This class is used to incrementally construct a ChildSaProposal. ChildSaProposal instances
* are immutable once built.
*/
public static final class Builder extends SaProposal.Builder {
+ // TODO: Support users to add algorithms from most preferred to least preferred.
+
/**
* Adds an encryption algorithm with a specific key length to the SA proposal being built.
*
* @param algorithm encryption algorithm to add to ChildSaProposal.
* @param keyLength key length of algorithm. For algorithms that have fixed key length (e.g.
- * 3DES) only {@link SaProposal#KEY_LEN_UNUSED} is allowed.
+ * 3DES) only {@link SaProposal.KEY_LEN_UNUSED} is allowed.
* @return Builder of ChildSaProposal.
*/
- // The matching getter is defined in the super class. Please see {@link
- // SaProposal#getEncryptionAlgorithms}
- @SuppressLint("MissingGetterMatchingBuilder")
@NonNull
public Builder addEncryptionAlgorithm(@EncryptionAlgorithm int algorithm, int keyLength) {
- validateAndAddEncryptAlgo(algorithm, keyLength, true /* isChild */);
+ validateAndAddEncryptAlgo(algorithm, keyLength);
return this;
}
@@ -313,32 +153,18 @@
* @param algorithm integrity algorithm to add to ChildSaProposal.
* @return Builder of ChildSaProposal.
*/
- // The matching getter is defined in the super class. Please see
- // {@link SaProposal#getIntegrityAlgorithms}
- @SuppressLint("MissingGetterMatchingBuilder")
@NonNull
public Builder addIntegrityAlgorithm(@IntegrityAlgorithm int algorithm) {
- validateAndAddIntegrityAlgo(algorithm, true /* isChild */);
+ addIntegrityAlgo(algorithm);
return this;
}
/**
* Adds a Diffie-Hellman Group to the SA proposal being built.
*
- * <p>If this ChildSaProposal will be used for the first Child SA created as part of IKE
- * AUTH exchange, DH groups configured here will only apply when the Child SA is later
- * rekeyed. In this case, configuring different DH groups for IKE and Child SA may cause
- * Rekey Child to fail.
- *
- * <p>If no DH groups are supplied here, but the server requests a DH exchange during rekey,
- * the IKE SA's negotiated DH group will still be accepted.
- *
* @param dhGroup to add to ChildSaProposal.
* @return Builder of ChildSaProposal.
*/
- // The matching getter is defined in the super class. Please see
- // {@link SaProposal#getDhGroups}
- @SuppressLint("MissingGetterMatchingBuilder")
@NonNull
public Builder addDhGroup(@DhGroup int dhGroup) {
addDh(dhGroup);
diff --git a/src/java/android/net/ipsec/ike/ChildSessionCallback.java b/src/java/android/net/ipsec/ike/ChildSessionCallback.java
index 562c55a..fc01eff 100644
--- a/src/java/android/net/ipsec/ike/ChildSessionCallback.java
+++ b/src/java/android/net/ipsec/ike/ChildSessionCallback.java
@@ -17,10 +17,7 @@
package android.net.ipsec.ike;
import android.annotation.NonNull;
-import android.annotation.SuppressLint;
import android.annotation.SystemApi;
-import android.net.IpSecManager;
-import android.net.IpSecManager.IpSecTunnelInterface;
import android.net.IpSecTransform;
import android.net.annotations.PolicyDirection;
import android.net.ipsec.ike.exceptions.IkeException;
@@ -35,14 +32,9 @@
* <p>{@link ChildSessionCallback}s are also used for identifying Child Sessions. It is required
* when a caller wants to delete a specific Child Session.
*
- * @see <a href="https://tools.ietf.org/html/rfc7296">RFC 7296, Internet Key Exchange Protocol
- * Version 2 (IKEv2)</a>
- * @see <a href="https://tools.ietf.org/html/rfc4301">RFC 4301, Security Architecture for the
- * Internet Protocol (IKEv2)</a>
+ * @hide
*/
-// Using interface instead of abstract class to indicate this callback does not have any state or
-// implementation.
-@SuppressLint("CallbackInterface")
+@SystemApi
public interface ChildSessionCallback {
/**
* Called when the Child Session setup succeeds.
@@ -62,7 +54,7 @@
* #onIpSecTransformDeleted(IpSecTransform, int)} for the deleted IPsec SA pair is fired.
*
* <p>When the closure is caused by a local, fatal error, {@link
- * #onClosedWithException(IkeException)} will be fired instead of this method.
+ * #onClosedExceptionally(IkeException)} will be fired instead of this method.
*/
void onClosed();
@@ -73,25 +65,8 @@
* #onIpSecTransformDeleted(IpSecTransform, int)} for the deleted IPsec SA pair is fired.
*
* @param exception the detailed error information.
- * @deprecated Implementers should override {@link #onClosedWithException(IkeException)} to
- * handle fatal {@link IkeException}s instead of using this method.
- * @hide
*/
- @SystemApi
- @Deprecated
- default void onClosedExceptionally(@NonNull IkeException exception) {}
-
- /**
- * Called if the Child Session setup failed or Child Session is closed because of a fatal error.
- *
- * <p>This method will be called immediately after {@link
- * #onIpSecTransformDeleted(IpSecTransform, int)} for the deleted IPsec SA pair is fired.
- *
- * @param exception the detailed error information.
- */
- default void onClosedWithException(@NonNull IkeException exception) {
- onClosedExceptionally(exception);
- }
+ void onClosedExceptionally(@NonNull IkeException exception);
/**
* Called when an {@link IpSecTransform} is created by this Child Session.
@@ -106,7 +81,7 @@
* the new set of transforms.
*
* <p>To avoid the initial startup race condition where the transforms have not yet been
- * applied, the {@link #onOpened(ChildSessionConfiguration)} callback should be used as the
+ * applied, the {@link onOpened(ChildSessionConfiguration)} callback should be used as the
* authoritative signal that the socket or tunnel is ready, as it is fired after both transforms
* have had a chance to be applied.
*
@@ -117,31 +92,11 @@
@NonNull IpSecTransform ipSecTransform, @PolicyDirection int direction);
/**
- * Called when a pair of {@link IpSecTransform}s are migrated by this IKE Session.
- *
- * <p>This method is only called when a Child SA is migrated during a MOBIKE-enabled IKE
- * Session.
- *
- * <p>When this method is invoked, the caller MUST re-apply the transforms to their {@link
- * IpSecTunnelInterface} via {@link IpSecManager#applyTunnelModeTransform(IpSecTunnelInterface,
- * int, IpSecTransform)}
- *
- * @param inIpSecTransform IpSecTransform to be used for traffic with {@link
- * IpSecManager#DIRECTION_IN}
- * @param outIpSecTransform IpSecTransform to be used for traffic with {@link
- * IpSecManager#DIRECTION_OUT}
- * @hide
- */
- @SystemApi
- default void onIpSecTransformsMigrated(
- @NonNull IpSecTransform inIpSecTransform, @NonNull IpSecTransform outIpSecTransform) {}
-
- /**
* Called when an {@link IpSecTransform} is deleted by this Child Session.
*
* <p>This method is fired when a Child Session is closed or a Child Session has deleted old
* IPsec SA during rekey. When this method is fired due to Child Session closure, it will be
- * followed by {@link #onClosed()} or {@link #onClosedWithException(IkeException)}.
+ * followed by {@link #onClosed()} or {@link #onClosedExceptionally(IkeException)}.
*
* <p>Users SHOULD remove the {@link IpSecTransform} from the socket or interface when this
* method is called. Otherwise the IPsec traffic protected by this {@link IpSecTransform} will
diff --git a/src/java/android/net/ipsec/ike/ChildSessionConfiguration.java b/src/java/android/net/ipsec/ike/ChildSessionConfiguration.java
index adf878d..091bece 100644
--- a/src/java/android/net/ipsec/ike/ChildSessionConfiguration.java
+++ b/src/java/android/net/ipsec/ike/ChildSessionConfiguration.java
@@ -42,32 +42,33 @@
import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv6Subnet;
import java.net.InetAddress;
-import java.util.ArrayList;
import java.util.Collections;
+import java.util.LinkedList;
import java.util.List;
-import java.util.Objects;
/**
* ChildSessionConfiguration represents the negotiated configuration for a Child Session.
*
* <p>Configurations include traffic selectors and internal network information.
+ *
+ * @hide
*/
+@SystemApi
public final class ChildSessionConfiguration {
private static final int IPv4_DEFAULT_PREFIX_LEN = 32;
- private final List<IkeTrafficSelector> mInboundTs = new ArrayList<>();
- private final List<IkeTrafficSelector> mOutboundTs = new ArrayList<>();
- private final List<LinkAddress> mInternalAddressList = new ArrayList<>();
- private final List<InetAddress> mInternalDnsAddressList = new ArrayList<>();
- private final List<IpPrefix> mSubnetAddressList = new ArrayList<>();
- private final List<InetAddress> mInternalDhcpAddressList = new ArrayList<>();
+ private final List<IkeTrafficSelector> mInboundTs;
+ private final List<IkeTrafficSelector> mOutboundTs;
+ private final List<LinkAddress> mInternalAddressList;
+ private final List<InetAddress> mInternalDnsAddressList;
+ private final List<IpPrefix> mSubnetAddressList;
+ private final List<InetAddress> mInternalDhcpAddressList;
/**
* Construct an instance of {@link ChildSessionConfiguration}.
*
- * <p>ChildSessionConfiguration may contain negotiated configuration information that is
- * included in a Configure(Reply) Payload. Thus the input configPayload should always be a
- * Configure(Reply), and never be a Configure(Request).
+ * <p>It is only supported to build a {@link ChildSessionConfiguration} with a Configure(Reply)
+ * Payload.
*
* @hide
*/
@@ -147,31 +148,15 @@
*/
public ChildSessionConfiguration(
List<IkeTrafficSelector> inTs, List<IkeTrafficSelector> outTs) {
- mInboundTs.addAll(inTs);
- mOutboundTs.addAll(outTs);
+ mInboundTs = Collections.unmodifiableList(inTs);
+ mOutboundTs = Collections.unmodifiableList(outTs);
+ mInternalAddressList = new LinkedList<>();
+ mInternalDnsAddressList = new LinkedList<>();
+ mSubnetAddressList = new LinkedList<>();
+ mInternalDhcpAddressList = new LinkedList<>();
}
/**
- * Construct an instance of {@link ChildSessionConfiguration}.
- *
- * @hide
- */
- private ChildSessionConfiguration(
- List<IkeTrafficSelector> inTs,
- List<IkeTrafficSelector> outTs,
- List<LinkAddress> internalAddresses,
- List<IpPrefix> internalSubnets,
- List<InetAddress> internalDnsServers,
- List<InetAddress> internalDhcpServers) {
- this(inTs, outTs);
- mInternalAddressList.addAll(internalAddresses);
- mSubnetAddressList.addAll(internalSubnets);
- mInternalDnsAddressList.addAll(internalDnsServers);
- mInternalDhcpAddressList.addAll(internalDhcpServers);
- }
-
-
- /**
* Returns the negotiated inbound traffic selectors.
*
* <p>Only inbound traffic within the range is acceptable to the Child Session.
@@ -206,9 +191,7 @@
*
* @return the assigned internal addresses, or an empty list when no addresses are assigned by
* the remote IKE server (e.g. for a non-tunnel mode Child Session).
- * @hide
*/
- @SystemApi
@NonNull
public List<LinkAddress> getInternalAddresses() {
return Collections.unmodifiableList(mInternalAddressList);
@@ -219,9 +202,7 @@
*
* @return the internal subnets, or an empty list when no information of protected subnets is
* provided by the IKE server (e.g. for a non-tunnel mode Child Session).
- * @hide
*/
- @SystemApi
@NonNull
public List<IpPrefix> getInternalSubnets() {
return Collections.unmodifiableList(mSubnetAddressList);
@@ -232,9 +213,7 @@
*
* @return the internal DNS server addresses, or an empty list when no DNS server is provided by
* the IKE server (e.g. for a non-tunnel mode Child Session).
- * @hide
*/
- @SystemApi
@NonNull
public List<InetAddress> getInternalDnsServers() {
return Collections.unmodifiableList(mInternalDnsAddressList);
@@ -245,174 +224,9 @@
*
* @return the internal DHCP server addresses, or an empty list when no DHCP server is provided
* by the IKE server (e.g. for a non-tunnel mode Child Session).
- * @hide
*/
- @SystemApi
@NonNull
public List<InetAddress> getInternalDhcpServers() {
return Collections.unmodifiableList(mInternalDhcpAddressList);
}
-
- /**
- * This class can be used to incrementally construct a {@link ChildSessionConfiguration}.
- *
- * <p>Except for testing, IKE library users normally do not instantiate {@link
- * ChildSessionConfiguration} themselves but instead get a reference via {@link
- * ChildSessionCallback}
- */
- public static final class Builder {
- private final List<IkeTrafficSelector> mInboundTs = new ArrayList<>();
- private final List<IkeTrafficSelector> mOutboundTs = new ArrayList<>();
- private final List<LinkAddress> mInternalAddressList = new ArrayList<>();
- private final List<IpPrefix> mSubnetAddressList = new ArrayList<>();
- private final List<InetAddress> mInternalDnsAddressList = new ArrayList<>();
- private final List<InetAddress> mInternalDhcpAddressList = new ArrayList<>();
-
- /**
- * Constructs a Builder.
- *
- * @param inTs the negotiated inbound traffic selectors
- * @param outTs the negotiated outbound traffic selectors
- */
- public Builder(
- @NonNull List<IkeTrafficSelector> inTs, @NonNull List<IkeTrafficSelector> outTs) {
- Objects.requireNonNull(inTs, "inTs was null");
- Objects.requireNonNull(outTs, "outTs was null");
- if (inTs.isEmpty() || outTs.isEmpty()) {
- throw new IllegalArgumentException("inTs or outTs is empty.");
- }
- mInboundTs.addAll(inTs);
- mOutboundTs.addAll(outTs);
- }
-
- /**
- * Adds an assigned internal address for the {@link ChildSessionConfiguration} being built.
- *
- * @param address an assigned internal addresses
- * @return Builder this, to facilitate chaining
- * @hide
- */
- @SystemApi
- @NonNull
- public Builder addInternalAddress(@NonNull LinkAddress address) {
- Objects.requireNonNull(address, "address was null");
- mInternalAddressList.add(address);
- return this;
- }
-
- /**
- * Clears all assigned internal addresses from the {@link ChildSessionConfiguration} being
- * built.
- *
- * @return Builder this, to facilitate chaining
- * @hide
- */
- @SystemApi
- @NonNull
- public Builder clearInternalAddresses() {
- mInternalAddressList.clear();
- return this;
- }
-
- /**
- * Adds an assigned internal subnet for the {@link ChildSessionConfiguration} being built.
- *
- * @param subnet an assigned internal subnet
- * @return Builder this, to facilitate chaining
- * @hide
- */
- @SystemApi
- @NonNull
- public Builder addInternalSubnet(@NonNull IpPrefix subnet) {
- Objects.requireNonNull(subnet, "subnet was null");
- mSubnetAddressList.add(subnet);
- return this;
- }
-
- /**
- * Clears all assigned internal subnets from the {@link ChildSessionConfiguration} being
- * built.
- *
- * @return Builder this, to facilitate chaining
- * @hide
- */
- @SystemApi
- @NonNull
- public Builder clearInternalSubnets() {
- mSubnetAddressList.clear();
- return this;
- }
-
- /**
- * Adds an assigned internal DNS server for the {@link ChildSessionConfiguration} being
- * built.
- *
- * @param dnsServer an assigned internal DNS server
- * @return Builder this, to facilitate chaining
- * @hide
- */
- @SystemApi
- @NonNull
- public Builder addInternalDnsServer(@NonNull InetAddress dnsServer) {
- Objects.requireNonNull(dnsServer, "dnsServer was null");
- mInternalDnsAddressList.add(dnsServer);
- return this;
- }
-
- /**
- * Clears all assigned internal DNS servers from the {@link ChildSessionConfiguration} being
- * built.
- *
- * @return Builder this, to facilitate chaining
- * @hide
- */
- @SystemApi
- @NonNull
- public Builder clearInternalDnsServers() {
- mInternalDnsAddressList.clear();
- return this;
- }
-
- /**
- * Adds an assigned internal DHCP server for the {@link ChildSessionConfiguration} being
- * built.
- *
- * @param dhcpServer an assigned internal DHCP server
- * @return Builder this, to facilitate chaining
- * @hide
- */
- @SystemApi
- @NonNull
- public Builder addInternalDhcpServer(@NonNull InetAddress dhcpServer) {
- Objects.requireNonNull(dhcpServer, "dhcpServer was null");
- mInternalDhcpAddressList.add(dhcpServer);
- return this;
- }
-
- /**
- * Clears all assigned internal DHCP servers for the {@link ChildSessionConfiguration} being
- * built.
- *
- * @return Builder this, to facilitate chaining
- * @hide
- */
- @SystemApi
- @NonNull
- public Builder clearInternalDhcpServers() {
- mInternalDhcpAddressList.clear();
- return this;
- }
-
- /** Constructs an {@link ChildSessionConfiguration} instance. */
- @NonNull
- public ChildSessionConfiguration build() {
- return new ChildSessionConfiguration(
- mInboundTs,
- mOutboundTs,
- mInternalAddressList,
- mSubnetAddressList,
- mInternalDnsAddressList,
- mInternalDhcpAddressList);
- }
- }
}
diff --git a/src/java/android/net/ipsec/ike/ChildSessionParams.java b/src/java/android/net/ipsec/ike/ChildSessionParams.java
index efc3e0b..0221491 100644
--- a/src/java/android/net/ipsec/ike/ChildSessionParams.java
+++ b/src/java/android/net/ipsec/ike/ChildSessionParams.java
@@ -21,15 +21,11 @@
import android.annotation.SuppressLint;
import android.annotation.SystemApi;
import android.net.InetAddresses;
-import android.os.PersistableBundle;
-
-import com.android.server.vcn.util.PersistableBundleUtils;
import java.net.InetAddress;
import java.util.Arrays;
import java.util.LinkedList;
import java.util.List;
-import java.util.Objects;
import java.util.concurrent.TimeUnit;
/**
@@ -50,8 +46,10 @@
* to have the same DH group as that of the IKE Session, then they need to explicitly set the same
* DH Group in ChildSessionParams.
*
- * <p>@see {@link TunnelModeChildSessionParams} and {@link TransportModeChildSessionParams}
+ * @see {@link TunnelModeChildSessionParams} and {@link TransportModeChildSessionParams}
+ * @hide
*/
+@SystemApi
public abstract class ChildSessionParams {
/** @hide */
protected static final int CHILD_HARD_LIFETIME_SEC_MINIMUM = 300; // 5 minutes
@@ -81,18 +79,6 @@
IkeTrafficSelector.TRAFFIC_SELECTOR_TYPE_IPV6_ADDR_RANGE);
}
- private static final String IS_TRANPORT_KEY = "mIsTransport";
- /** @hide */
- protected static final String INBOUND_TS_KEY = "mInboundTrafficSelectors";
- /** @hide */
- protected static final String OUTBOUND_TS_KEY = "mOutboundTrafficSelectors";
- /** @hide */
- protected static final String SA_PROPOSALS_KEY = "mSaProposals";
- /** @hide */
- protected static final String HARD_LIFETIME_SEC_KEY = "mHardLifetimeSec";
- /** @hide */
- protected static final String SOFT_LIFETIME_SEC_KEY = "mSoftLifetimeSec";
-
@NonNull private final IkeTrafficSelector[] mInboundTrafficSelectors;
@NonNull private final IkeTrafficSelector[] mOutboundTrafficSelectors;
@NonNull private final ChildSaProposal[] mSaProposals;
@@ -119,71 +105,6 @@
}
/**
- * Constructs this object by deserializing a PersistableBundle
- *
- * @hide
- */
- @NonNull
- public static ChildSessionParams fromPersistableBundle(@NonNull PersistableBundle in) {
- Objects.requireNonNull(in, "PersistableBundle is null");
-
- if (in.getBoolean(IS_TRANPORT_KEY)) {
- return TransportModeChildSessionParams.fromPersistableBundle(in);
- } else {
- return TunnelModeChildSessionParams.fromPersistableBundle(in);
- }
- }
-
- /**
- * Serializes this object to a PersistableBundle
- *
- * @hide
- */
- @NonNull
- public PersistableBundle toPersistableBundle() {
- final PersistableBundle result = new PersistableBundle();
-
- result.putBoolean(IS_TRANPORT_KEY, mIsTransport);
-
- PersistableBundle saProposalBundle =
- PersistableBundleUtils.fromList(
- Arrays.asList(mSaProposals), ChildSaProposal::toPersistableBundle);
- result.putPersistableBundle(SA_PROPOSALS_KEY, saProposalBundle);
-
- PersistableBundle inTsBundle =
- PersistableBundleUtils.fromList(
- Arrays.asList(mInboundTrafficSelectors),
- IkeTrafficSelector::toPersistableBundle);
- result.putPersistableBundle(INBOUND_TS_KEY, inTsBundle);
-
- PersistableBundle outTsBundle =
- PersistableBundleUtils.fromList(
- Arrays.asList(mOutboundTrafficSelectors),
- IkeTrafficSelector::toPersistableBundle);
- result.putPersistableBundle(OUTBOUND_TS_KEY, outTsBundle);
-
- result.putInt(HARD_LIFETIME_SEC_KEY, mHardLifetimeSec);
- result.putInt(SOFT_LIFETIME_SEC_KEY, mSoftLifetimeSec);
- return result;
- }
-
- /** @hide */
- protected static List<ChildSaProposal> getProposalsFromPersistableBundle(PersistableBundle in) {
- PersistableBundle proposalBundle = in.getPersistableBundle(SA_PROPOSALS_KEY);
- Objects.requireNonNull(proposalBundle, "Value for key " + SA_PROPOSALS_KEY + " was null");
- return PersistableBundleUtils.toList(
- proposalBundle, ChildSaProposal::fromPersistableBundle);
- }
-
- /** @hide */
- protected static List<IkeTrafficSelector> getTsFromPersistableBundle(
- PersistableBundle in, String key) {
- PersistableBundle tsBundle = in.getPersistableBundle(key);
- Objects.requireNonNull(tsBundle, "Value for key " + key + " was null");
- return PersistableBundleUtils.toList(tsBundle, IkeTrafficSelector::fromPersistableBundle);
- }
-
- /**
* Retrieves configured inbound traffic selectors
*
* <p>@see {@link
@@ -209,23 +130,9 @@
return Arrays.asList(mOutboundTrafficSelectors);
}
- /**
- * Retrieves all ChildSaProposals configured
- *
- * @deprecated Callers should use {@link #getChildSaProposals()}. This method is deprecated
- * because its name does not match the return type,
- * @hide
- */
- @Deprecated
- @SystemApi
- @NonNull
- public List<ChildSaProposal> getSaProposals() {
- return getChildSaProposals();
- }
-
/** Retrieves all ChildSaProposals configured */
@NonNull
- public List<ChildSaProposal> getChildSaProposals() {
+ public List<ChildSaProposal> getSaProposals() {
return Arrays.asList(mSaProposals);
}
@@ -247,17 +154,17 @@
/** @hide */
public IkeTrafficSelector[] getInboundTrafficSelectorsInternal() {
- return Arrays.copyOf(mInboundTrafficSelectors, mInboundTrafficSelectors.length);
+ return mInboundTrafficSelectors;
}
/** @hide */
public IkeTrafficSelector[] getOutboundTrafficSelectorsInternal() {
- return Arrays.copyOf(mOutboundTrafficSelectors, mOutboundTrafficSelectors.length);
+ return mOutboundTrafficSelectors;
}
/** @hide */
public ChildSaProposal[] getSaProposalsInternal() {
- return Arrays.copyOf(mSaProposals, mSaProposals.length);
+ return mSaProposals;
}
/** @hide */
@@ -275,33 +182,6 @@
return mIsTransport;
}
- @Override
- public int hashCode() {
- return Objects.hash(
- Arrays.hashCode(mInboundTrafficSelectors),
- Arrays.hashCode(mOutboundTrafficSelectors),
- Arrays.hashCode(mSaProposals),
- mHardLifetimeSec,
- mSoftLifetimeSec,
- mIsTransport);
- }
-
- @Override
- public boolean equals(Object o) {
- if (!(o instanceof ChildSessionParams)) {
- return false;
- }
-
- ChildSessionParams other = (ChildSessionParams) o;
-
- return Arrays.equals(mInboundTrafficSelectors, other.mInboundTrafficSelectors)
- && Arrays.equals(mOutboundTrafficSelectors, other.mOutboundTrafficSelectors)
- && Arrays.equals(mSaProposals, other.mSaProposals)
- && mHardLifetimeSec == other.mHardLifetimeSec
- && mSoftLifetimeSec == other.mSoftLifetimeSec
- && mIsTransport == other.mIsTransport;
- }
-
/**
* This class represents common information for Child Session Parameters Builders.
*
@@ -315,20 +195,6 @@
protected int mHardLifetimeSec = CHILD_HARD_LIFETIME_SEC_DEFAULT;
protected int mSoftLifetimeSec = CHILD_SOFT_LIFETIME_SEC_DEFAULT;
- /** Package private constructor */
- Builder() {}
-
- /** Package private constructor */
- Builder(@NonNull ChildSessionParams childParams) {
- Objects.requireNonNull(childParams, "childParams was null");
-
- mInboundTsList.addAll(childParams.getInboundTrafficSelectors());
- mOutboundTsList.addAll(childParams.getOutboundTrafficSelectors());
- mSaProposalList.addAll(childParams.getSaProposals());
- mHardLifetimeSec = childParams.getHardLifetimeSeconds();
- mSoftLifetimeSec = childParams.getSoftLifetimeSeconds();
- }
-
protected void addProposal(@NonNull ChildSaProposal proposal) {
mSaProposalList.add(proposal);
}
diff --git a/src/java/android/net/ipsec/ike/IkeDerAsn1DnIdentification.java b/src/java/android/net/ipsec/ike/IkeDerAsn1DnIdentification.java
index 074ddef..2a4f445 100644
--- a/src/java/android/net/ipsec/ike/IkeDerAsn1DnIdentification.java
+++ b/src/java/android/net/ipsec/ike/IkeDerAsn1DnIdentification.java
@@ -16,10 +16,9 @@
package android.net.ipsec.ike;
import android.annotation.NonNull;
-import android.net.ipsec.ike.exceptions.AuthenticationFailedException;
-import android.os.PersistableBundle;
+import android.annotation.SystemApi;
-import com.android.server.vcn.util.PersistableBundleUtils;
+import com.android.internal.net.ipsec.ike.exceptions.AuthenticationFailedException;
import java.security.cert.X509Certificate;
import java.util.Objects;
@@ -30,9 +29,11 @@
* This class represents an IKE entity ID based on a DER encoded ASN.1 X.500 Distinguished Name.
*
* <p>An example might be "CN=ike.test.android.net, O=Android, C=US".
+ *
+ * @hide
*/
+@SystemApi
public final class IkeDerAsn1DnIdentification extends IkeIdentification {
- private static final String DER_ASN1_DN_KEY = "derAsn1Dn";
/** The ASN.1 X.500 Distinguished Name */
@NonNull public final X500Principal derAsn1Dn;
@@ -67,35 +68,6 @@
this.derAsn1Dn = derAsn1Dn;
}
- /**
- * Constructs this object by deserializing a PersistableBundle
- *
- * @hide
- */
- @NonNull
- public static IkeDerAsn1DnIdentification fromPersistableBundle(@NonNull PersistableBundle in) {
- Objects.requireNonNull(in, "PersistableBundle is null");
-
- PersistableBundle dnBundle = in.getPersistableBundle(DER_ASN1_DN_KEY);
- Objects.requireNonNull(dnBundle, "ASN1 DN bundle is null");
-
- return new IkeDerAsn1DnIdentification(
- new X500Principal(PersistableBundleUtils.toByteArray(dnBundle)));
- }
- /**
- * Serializes this object to a PersistableBundle
- *
- * @hide
- */
- @Override
- @NonNull
- public PersistableBundle toPersistableBundle() {
- final PersistableBundle result = super.toPersistableBundle();
- result.putPersistableBundle(
- DER_ASN1_DN_KEY, PersistableBundleUtils.fromByteArray(derAsn1Dn.getEncoded()));
- return result;
- }
-
/** @hide */
@Override
public int hashCode() {
diff --git a/src/java/android/net/ipsec/ike/IkeFqdnIdentification.java b/src/java/android/net/ipsec/ike/IkeFqdnIdentification.java
index 993e551..e014f1f 100644
--- a/src/java/android/net/ipsec/ike/IkeFqdnIdentification.java
+++ b/src/java/android/net/ipsec/ike/IkeFqdnIdentification.java
@@ -17,8 +17,9 @@
package android.net.ipsec.ike;
import android.annotation.NonNull;
-import android.net.ipsec.ike.exceptions.AuthenticationFailedException;
-import android.os.PersistableBundle;
+import android.annotation.SystemApi;
+
+import com.android.internal.net.ipsec.ike.exceptions.AuthenticationFailedException;
import java.nio.charset.Charset;
import java.security.cert.X509Certificate;
@@ -27,12 +28,13 @@
/**
* IkeFqdnIdentification represents an IKE entity identification based on a fully-qualified domain
* name (FQDN). An example might be ike.android.com
+ *
+ * @hide
*/
+@SystemApi
public class IkeFqdnIdentification extends IkeIdentification {
private static final Charset ASCII = Charset.forName("US-ASCII");
- private static final String FQDN_KEY = "fqdn";
-
/** The fully-qualified domain name(FQDN). */
@NonNull public final String fqdn;
@@ -62,30 +64,6 @@
this.fqdn = fqdn;
}
- /**
- * Constructs this object by deserializing a PersistableBundle
- *
- * @hide
- */
- @NonNull
- public static IkeFqdnIdentification fromPersistableBundle(@NonNull PersistableBundle in) {
- Objects.requireNonNull(in, "PersistableBundle is null");
-
- return new IkeFqdnIdentification(in.getString(FQDN_KEY));
- }
- /**
- * Serializes this object to a PersistableBundle
- *
- * @hide
- */
- @Override
- @NonNull
- public PersistableBundle toPersistableBundle() {
- final PersistableBundle result = super.toPersistableBundle();
- result.putString(FQDN_KEY, fqdn);
- return result;
- }
-
/** @hide */
@Override
public int hashCode() {
diff --git a/src/java/android/net/ipsec/ike/IkeIdentification.java b/src/java/android/net/ipsec/ike/IkeIdentification.java
index 8f77a2e..64bdfc9 100644
--- a/src/java/android/net/ipsec/ike/IkeIdentification.java
+++ b/src/java/android/net/ipsec/ike/IkeIdentification.java
@@ -17,11 +17,11 @@
package android.net.ipsec.ike;
import android.annotation.IntDef;
-import android.annotation.NonNull;
-import android.net.ipsec.ike.exceptions.AuthenticationFailedException;
-import android.os.PersistableBundle;
+import android.annotation.SystemApi;
import android.util.ArraySet;
+import com.android.internal.net.ipsec.ike.exceptions.AuthenticationFailedException;
+
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.security.cert.CertificateParsingException;
@@ -38,7 +38,9 @@
*
* @see <a href="https://tools.ietf.org/html/rfc7296#section-3.5">RFC 7296, Internet Key Exchange
* Protocol Version 2 (IKEv2)</a>
+ * @hide
*/
+@SystemApi
public abstract class IkeIdentification {
// Set of supported ID types.
private static final Set<Integer> SUPPORTED_ID_TYPES;
@@ -88,7 +90,6 @@
/** @hide Subject Alternative Name Type for IP Address defined in RFC 5280 */
protected static final int SAN_TYPE_IP_ADDRESS = 7;
- private static final String ID_TYPE_KEY = "idType";
/** @hide */
public final int idType;
@@ -98,44 +99,6 @@
}
/**
- * Constructs this object by deserializing a PersistableBundle
- *
- * @hide
- */
- @NonNull
- public static IkeIdentification fromPersistableBundle(@NonNull PersistableBundle in) {
- int idType = in.getInt(ID_TYPE_KEY);
- switch (idType) {
- case ID_TYPE_IPV4_ADDR:
- return IkeIpv4AddrIdentification.fromPersistableBundle(in);
- case ID_TYPE_FQDN:
- return IkeFqdnIdentification.fromPersistableBundle(in);
- case ID_TYPE_RFC822_ADDR:
- return IkeRfc822AddrIdentification.fromPersistableBundle(in);
- case ID_TYPE_IPV6_ADDR:
- return IkeIpv6AddrIdentification.fromPersistableBundle(in);
- case ID_TYPE_DER_ASN1_DN:
- return IkeDerAsn1DnIdentification.fromPersistableBundle(in);
- case ID_TYPE_KEY_ID:
- return IkeKeyIdIdentification.fromPersistableBundle(in);
- default:
- throw new IllegalArgumentException("Invalid ID type: " + idType);
- }
- }
-
- /**
- * Serializes this object to a PersistableBundle
- *
- * @hide
- */
- @NonNull
- public PersistableBundle toPersistableBundle() {
- final PersistableBundle result = new PersistableBundle();
- result.putInt(ID_TYPE_KEY, idType);
- return result;
- }
-
- /**
* Returns ID type as a String
*
* @hide
diff --git a/src/java/android/net/ipsec/ike/IkeIpv4AddrIdentification.java b/src/java/android/net/ipsec/ike/IkeIpv4AddrIdentification.java
index ba1184f..4142fcb 100644
--- a/src/java/android/net/ipsec/ike/IkeIpv4AddrIdentification.java
+++ b/src/java/android/net/ipsec/ike/IkeIpv4AddrIdentification.java
@@ -17,18 +17,22 @@
package android.net.ipsec.ike;
import android.annotation.NonNull;
-import android.net.InetAddresses;
-import android.net.ipsec.ike.exceptions.AuthenticationFailedException;
-import android.os.PersistableBundle;
+import android.annotation.SystemApi;
+
+import com.android.internal.net.ipsec.ike.exceptions.AuthenticationFailedException;
import java.net.Inet4Address;
import java.net.UnknownHostException;
import java.security.cert.X509Certificate;
import java.util.Objects;
-/** IkeIpv4AddrIdentification represents an IKE entity identification based on IPv4 address. */
+/**
+ * IkeIpv4AddrIdentification represents an IKE entity identification based on IPv4 address.
+ *
+ * @hide
+ */
+@SystemApi
public final class IkeIpv4AddrIdentification extends IkeIdentification {
- private static final String IP_ADDRESS_KEY = "ipv4Address";
/** The IPv4 address. */
@NonNull public final Inet4Address ipv4Address;
@@ -49,7 +53,7 @@
}
/**
- * Construct an instance of {@link IkeIpv4AddrIdentification} with an IPv4 address.
+ * Construct an instance of {@link IkeIpv4AddrIdentification} with a IPv4 address.
*
* @param address the IPv4 address.
*/
@@ -58,31 +62,6 @@
ipv4Address = address;
}
- /**
- * Constructs this object by deserializing a PersistableBundle
- *
- * @hide
- */
- @NonNull
- public static IkeIpv4AddrIdentification fromPersistableBundle(@NonNull PersistableBundle in) {
- Objects.requireNonNull(in, "PersistableBundle is null");
-
- return new IkeIpv4AddrIdentification(
- (Inet4Address) InetAddresses.parseNumericAddress(in.getString(IP_ADDRESS_KEY)));
- }
- /**
- * Serializes this object to a PersistableBundle
- *
- * @hide
- */
- @Override
- @NonNull
- public PersistableBundle toPersistableBundle() {
- final PersistableBundle result = super.toPersistableBundle();
- result.putString(IP_ADDRESS_KEY, ipv4Address.getHostAddress());
- return result;
- }
-
/** @hide */
@Override
public int hashCode() {
diff --git a/src/java/android/net/ipsec/ike/IkeIpv6AddrIdentification.java b/src/java/android/net/ipsec/ike/IkeIpv6AddrIdentification.java
index c304e04..9bac2fc 100644
--- a/src/java/android/net/ipsec/ike/IkeIpv6AddrIdentification.java
+++ b/src/java/android/net/ipsec/ike/IkeIpv6AddrIdentification.java
@@ -17,20 +17,23 @@
package android.net.ipsec.ike;
import android.annotation.NonNull;
-import android.net.InetAddresses;
-import android.net.ipsec.ike.exceptions.AuthenticationFailedException;
-import android.os.PersistableBundle;
+import android.annotation.SystemApi;
+
+import com.android.internal.net.ipsec.ike.exceptions.AuthenticationFailedException;
import java.net.Inet6Address;
import java.net.UnknownHostException;
import java.security.cert.X509Certificate;
import java.util.Objects;
-/** IkeIpv6AddrIdentification represents an IKE entity identification based on IPv6 address. */
+/**
+ * IkeIpv6AddrIdentification represents an IKE entity identification based on IPv6 address.
+ *
+ * @hide
+ */
+@SystemApi
public class IkeIpv6AddrIdentification extends IkeIdentification {
- private static final String IP_ADDRESS_KEY = "ipv6Address";
-
- /** The IPv6 address. */
+ /** The IPv6 Address. */
@NonNull public final Inet6Address ipv6Address;
/**
@@ -50,7 +53,7 @@
}
/**
- * Construct an instance of {@link IkeIpv6AddrIdentification} with an IPv6 address.
+ * Construct an instance of {@link IkeIpv6AddrIdentification} with a IPv6 address.
*
* @param address the IPv6 address.
*/
@@ -59,31 +62,6 @@
ipv6Address = address;
}
- /**
- * Constructs this object by deserializing a PersistableBundle
- *
- * @hide
- */
- @NonNull
- public static IkeIpv6AddrIdentification fromPersistableBundle(@NonNull PersistableBundle in) {
- Objects.requireNonNull(in, "PersistableBundle is null");
-
- return new IkeIpv6AddrIdentification(
- (Inet6Address) InetAddresses.parseNumericAddress(in.getString(IP_ADDRESS_KEY)));
- }
- /**
- * Serializes this object to a PersistableBundle
- *
- * @hide
- */
- @Override
- @NonNull
- public PersistableBundle toPersistableBundle() {
- final PersistableBundle result = super.toPersistableBundle();
- result.putString(IP_ADDRESS_KEY, ipv6Address.getHostAddress());
- return result;
- }
-
/** @hide */
@Override
public int hashCode() {
diff --git a/src/java/android/net/ipsec/ike/IkeKeyIdIdentification.java b/src/java/android/net/ipsec/ike/IkeKeyIdIdentification.java
index 48cc29f..d3dd095 100644
--- a/src/java/android/net/ipsec/ike/IkeKeyIdIdentification.java
+++ b/src/java/android/net/ipsec/ike/IkeKeyIdIdentification.java
@@ -17,13 +17,11 @@
package android.net.ipsec.ike;
import android.annotation.NonNull;
-import android.net.ipsec.ike.exceptions.AuthenticationFailedException;
-import android.os.PersistableBundle;
+import android.annotation.SystemApi;
-import com.android.server.vcn.util.PersistableBundleUtils;
+import com.android.internal.net.ipsec.ike.exceptions.AuthenticationFailedException;
import java.security.cert.X509Certificate;
-import java.util.Arrays;
import java.util.Objects;
/**
@@ -31,9 +29,11 @@
*
* <p>Key ID is an octet stream that may be used to pass vendor-specific information necessary to do
* certain proprietary types of identification.
+ *
+ * @hide
*/
+@SystemApi
public final class IkeKeyIdIdentification extends IkeIdentification {
- private static final String KEY_ID_KEY = "keyId";
/** The KEY ID in octet stream. */
@NonNull public final byte[] keyId;
@@ -47,38 +47,11 @@
this.keyId = keyId;
}
- /**
- * Constructs this object by deserializing a PersistableBundle
- *
- * @hide
- */
- @NonNull
- public static IkeKeyIdIdentification fromPersistableBundle(@NonNull PersistableBundle in) {
- Objects.requireNonNull(in, "PersistableBundle is null");
-
- PersistableBundle keyIdBundle = in.getPersistableBundle(KEY_ID_KEY);
- Objects.requireNonNull(in, "Key ID bundle is null");
-
- return new IkeKeyIdIdentification(PersistableBundleUtils.toByteArray(keyIdBundle));
- }
- /**
- * Serializes this object to a PersistableBundle
- *
- * @hide
- */
- @Override
- @NonNull
- public PersistableBundle toPersistableBundle() {
- final PersistableBundle result = super.toPersistableBundle();
- result.putPersistableBundle(KEY_ID_KEY, PersistableBundleUtils.fromByteArray(keyId));
- return result;
- }
-
/** @hide */
@Override
public int hashCode() {
// idType is also hashed to prevent collisions with other IkeAuthentication subtypes
- return Objects.hash(idType, Arrays.hashCode(keyId));
+ return Objects.hash(idType, keyId);
}
/** @hide */
@@ -87,7 +60,7 @@
if (!(o instanceof IkeKeyIdIdentification)) return false;
// idType already verified based on class type; no need to check again.
- return Arrays.equals(keyId, ((IkeKeyIdIdentification) o).keyId);
+ return keyId.equals(((IkeKeyIdIdentification) o).keyId);
}
/** @hide */
diff --git a/src/java/android/net/ipsec/ike/IkeRfc822AddrIdentification.java b/src/java/android/net/ipsec/ike/IkeRfc822AddrIdentification.java
index f7dd194..bbe7aed 100644
--- a/src/java/android/net/ipsec/ike/IkeRfc822AddrIdentification.java
+++ b/src/java/android/net/ipsec/ike/IkeRfc822AddrIdentification.java
@@ -17,8 +17,9 @@
package android.net.ipsec.ike;
import android.annotation.NonNull;
-import android.net.ipsec.ike.exceptions.AuthenticationFailedException;
-import android.os.PersistableBundle;
+import android.annotation.SystemApi;
+
+import com.android.internal.net.ipsec.ike.exceptions.AuthenticationFailedException;
import java.nio.charset.Charset;
import java.security.cert.X509Certificate;
@@ -27,12 +28,14 @@
/**
* IkeRfc822AddrIdentification represents an IKE entity identification based on a fully-qualified
* RFC 822 email address ID (e.g. ike@android.com).
+ *
+ * @hide
*/
+@SystemApi
public final class IkeRfc822AddrIdentification extends IkeIdentification {
private static final Charset UTF8 = Charset.forName("UTF-8");
- private static final String RFC822_NAME_KEY = "rfc822Name";
- /** The fully-qualified RFC 822 email address. */
+ /** The fully-qualified RFC 822 email addres. */
@NonNull public final String rfc822Name;
/**
@@ -57,30 +60,6 @@
this.rfc822Name = rfc822Name;
}
- /**
- * Constructs this object by deserializing a PersistableBundle
- *
- * @hide
- */
- @NonNull
- public static IkeRfc822AddrIdentification fromPersistableBundle(@NonNull PersistableBundle in) {
- Objects.requireNonNull(in, "PersistableBundle is null");
-
- return new IkeRfc822AddrIdentification(in.getString(RFC822_NAME_KEY));
- }
- /**
- * Serializes this object to a PersistableBundle
- *
- * @hide
- */
- @Override
- @NonNull
- public PersistableBundle toPersistableBundle() {
- final PersistableBundle result = super.toPersistableBundle();
- result.putString(RFC822_NAME_KEY, rfc822Name);
- return result;
- }
-
/** @hide */
@Override
public int hashCode() {
diff --git a/src/java/android/net/ipsec/ike/IkeSaProposal.java b/src/java/android/net/ipsec/ike/IkeSaProposal.java
index abbbbc2..2b3e7bd 100644
--- a/src/java/android/net/ipsec/ike/IkeSaProposal.java
+++ b/src/java/android/net/ipsec/ike/IkeSaProposal.java
@@ -17,8 +17,7 @@
package android.net.ipsec.ike;
import android.annotation.NonNull;
-import android.annotation.SuppressLint;
-import android.os.PersistableBundle;
+import android.annotation.SystemApi;
import android.util.ArraySet;
import com.android.internal.net.ipsec.ike.message.IkePayload;
@@ -27,14 +26,10 @@
import com.android.internal.net.ipsec.ike.message.IkeSaPayload.IntegrityTransform;
import com.android.internal.net.ipsec.ike.message.IkeSaPayload.PrfTransform;
import com.android.internal.net.ipsec.ike.message.IkeSaPayload.Transform;
-import com.android.modules.utils.build.SdkLevel;
-import com.android.server.vcn.util.PersistableBundleUtils;
import java.util.ArrayList;
import java.util.Arrays;
-import java.util.HashSet;
import java.util.List;
-import java.util.Objects;
import java.util.Set;
/**
@@ -47,9 +42,10 @@
*
* @see <a href="https://tools.ietf.org/html/rfc7296#section-3.3">RFC 7296, Internet Key Exchange
* Protocol Version 2 (IKEv2)</a>
+ * @hide
*/
+@SystemApi
public final class IkeSaProposal extends SaProposal {
- private static final String PRF_KEY = "mPseudorandomFunctions";
private final PrfTransform[] mPseudorandomFunctions;
/**
@@ -75,101 +71,6 @@
}
/**
- * Constructs this object by deserializing a PersistableBundle
- *
- * <p>Constructed proposals are guaranteed to be valid, as checked by the IkeSaProposal.Builder.
- *
- * @hide
- */
- @NonNull
- public static IkeSaProposal fromPersistableBundle(@NonNull PersistableBundle in) {
- Objects.requireNonNull(in, "PersistableBundle is null");
-
- IkeSaProposal.Builder builder = new IkeSaProposal.Builder();
-
- PersistableBundle encryptionBundle = in.getPersistableBundle(ENCRYPT_ALGO_KEY);
- Objects.requireNonNull(encryptionBundle, "Encryption algo bundle is null");
- List<EncryptionTransform> encryptList =
- PersistableBundleUtils.toList(
- encryptionBundle, EncryptionTransform::fromPersistableBundle);
- for (EncryptionTransform t : encryptList) {
- builder.addEncryptionAlgorithm(t.id, t.getSpecifiedKeyLength());
- }
-
- int[] integrityAlgoIdArray = in.getIntArray(INTEGRITY_ALGO_KEY);
- Objects.requireNonNull(integrityAlgoIdArray, "Integrity algo array is null");
- for (int algo : integrityAlgoIdArray) {
- builder.addIntegrityAlgorithm(algo);
- }
-
- int[] dhGroupArray = in.getIntArray(DH_GROUP_KEY);
- Objects.requireNonNull(dhGroupArray, "DH Group array is null");
- for (int dh : dhGroupArray) {
- builder.addDhGroup(dh);
- }
-
- int[] prfArray = in.getIntArray(PRF_KEY);
- Objects.requireNonNull(prfArray, "PRF array is null");
- for (int prf : prfArray) {
- builder.addPseudorandomFunction(prf);
- }
-
- return builder.build();
- }
-
- /**
- * Serializes this object to a PersistableBundle
- *
- * @hide
- */
- @Override
- @NonNull
- public PersistableBundle toPersistableBundle() {
- final PersistableBundle result = super.toPersistableBundle();
-
- int[] prfArray = getPseudorandomFunctions().stream().mapToInt(i -> i).toArray();
- result.putIntArray(PRF_KEY, prfArray);
-
- return result;
- }
-
- /** Returns supported encryption algorithms for IKE SA proposal negotiation. */
- @NonNull
- public static Set<Integer> getSupportedEncryptionAlgorithms() {
- return getKeySet(SUPPORTED_ENCRYPTION_ALGO_TO_STR);
- }
-
- /** Returns supported integrity algorithms for IKE SA proposal negotiation. */
- @NonNull
- public static Set<Integer> getSupportedIntegrityAlgorithms() {
- final Set<Integer> supportedSet = new HashSet<>();
- for (int algo : getKeySet(SUPPORTED_INTEGRITY_ALGO_TO_STR)) {
- if (algo == INTEGRITY_ALGORITHM_AES_CMAC_96 && !SdkLevel.isAtLeastS()) {
- continue;
- } else {
- supportedSet.add(algo);
- }
- }
-
- return supportedSet;
- }
-
- /** Returns supported pseudorandom functions for IKE SA proposal negotiation. */
- @NonNull
- public static Set<Integer> getSupportedPseudorandomFunctions() {
- final Set<Integer> supportedSet = new HashSet<>();
- for (int algo : getKeySet(SUPPORTED_PRF_TO_STR)) {
- if (algo == PSEUDORANDOM_FUNCTION_AES128_CMAC && !SdkLevel.isAtLeastS()) {
- continue;
- } else {
- supportedSet.add(algo);
- }
- }
-
- return supportedSet;
- }
-
- /**
* Gets all proposed Pseudorandom Functions
*
* @return A list of the IANA-defined IDs for the proposed Pseudorandom Functions
@@ -210,20 +111,6 @@
((IkeSaProposal) reqProposal).mPseudorandomFunctions);
}
- @Override
- public int hashCode() {
- return Objects.hash(super.hashCode(), Arrays.hashCode(mPseudorandomFunctions));
- }
-
- @Override
- public boolean equals(Object o) {
- if (!super.equals(o) || !(o instanceof IkeSaProposal)) {
- return false;
- }
-
- return Arrays.equals(mPseudorandomFunctions, ((IkeSaProposal) o).mPseudorandomFunctions);
- }
-
/**
* This class is used to incrementally construct a IkeSaProposal. IkeSaProposal instances are
* immutable once built.
@@ -239,15 +126,12 @@
*
* @param algorithm encryption algorithm to add to IkeSaProposal.
* @param keyLength key length of algorithm. For algorithms that have fixed key length (e.g.
- * 3DES) only {@link SaProposal#KEY_LEN_UNUSED} is allowed.
+ * 3DES) only {@link SaProposal.KEY_LEN_UNUSED} is allowed.
* @return Builder of IkeSaProposal.
*/
- // The matching getter is defined in the super class. Please see {@link
- // SaProposal#getEncryptionAlgorithms}
- @SuppressLint("MissingGetterMatchingBuilder")
@NonNull
public Builder addEncryptionAlgorithm(@EncryptionAlgorithm int algorithm, int keyLength) {
- validateAndAddEncryptAlgo(algorithm, keyLength, false /* isChild */);
+ validateAndAddEncryptAlgo(algorithm, keyLength);
return this;
}
@@ -257,12 +141,9 @@
* @param algorithm integrity algorithm to add to IkeSaProposal.
* @return Builder of IkeSaProposal.
*/
- // The matching getter is defined in the super class. Please see
- // {@link SaProposal#getIntegrityAlgorithms}
- @SuppressLint("MissingGetterMatchingBuilder")
@NonNull
public Builder addIntegrityAlgorithm(@IntegrityAlgorithm int algorithm) {
- validateAndAddIntegrityAlgo(algorithm, false /* isChild */);
+ addIntegrityAlgo(algorithm);
return this;
}
@@ -272,9 +153,6 @@
* @param dhGroup to add to IkeSaProposal.
* @return Builder of IkeSaProposal.
*/
- // The matching getter is defined in the super class. Please see
- // {@link SaProposal#getDhGroups}
- @SuppressLint("MissingGetterMatchingBuilder")
@NonNull
public Builder addDhGroup(@DhGroup int dhGroup) {
addDh(dhGroup);
diff --git a/src/java/android/net/ipsec/ike/IkeSession.java b/src/java/android/net/ipsec/ike/IkeSession.java
index 5fe9c31..4396a21 100644
--- a/src/java/android/net/ipsec/ike/IkeSession.java
+++ b/src/java/android/net/ipsec/ike/IkeSession.java
@@ -21,7 +21,6 @@
import android.content.Context;
import android.content.pm.PackageManager;
import android.net.IpSecManager;
-import android.net.Network;
import android.os.HandlerThread;
import android.os.Looper;
import android.util.CloseGuard;
@@ -33,7 +32,7 @@
/**
* This class represents an IKE Session management object that allows for keying and management of
- * {@link android.net.IpSecTransform}s.
+ * {@link IpSecTransform}s.
*
* <p>An IKE/Child Session represents an IKE/Child SA as well as its rekeyed successors. A Child
* Session is bounded by the lifecycle of the IKE Session under which it is set up. Closing an IKE
@@ -48,7 +47,9 @@
*
* @see <a href="https://tools.ietf.org/html/rfc7296">RFC 7296, Internet Key Exchange Protocol
* Version 2 (IKEv2)</a>
+ * @hide
*/
+@SystemApi
public final class IkeSession implements AutoCloseable {
private final CloseGuard mCloseGuard = new CloseGuard();
private final Context mContext;
@@ -72,7 +73,7 @@
* @param userCbExecutor the {@link Executor} upon which all callbacks will be posted. For
* security and consistency, the callbacks posted to this executor MUST be executed serially
* and in the order they were posted, as guaranteed by executors such as {@link
- * java.util.concurrent.Executors#newSingleThreadExecutor()}
+ * ExecutorService.newSingleThreadExecutor()}
* @param ikeSessionCallback the {@link IkeSessionCallback} interface to notify callers of state
* changes within the {@link IkeSession}.
* @param firstChildSessionCallback the {@link ChildSessionCallback} interface to notify callers
@@ -230,12 +231,12 @@
* <p>Implements {@link AutoCloseable#close()}
*
* <p>Upon closure, {@link IkeSessionCallback#onClosed()} or {@link
- * IkeSessionCallback#onClosedWithException(IkeException)} will be fired.
+ * IkeSessionCallback#onClosedExceptionally()} will be fired.
*
* <p>Closing an IKE Session implicitly closes any remaining Child Sessions negotiated under it.
- * Users SHOULD stop all outbound traffic that uses these Child Sessions ({@link
- * android.net.IpSecTransform} pairs) before calling this method. Otherwise IPsec packets will
- * be dropped due to the lack of a valid {@link android.net.IpSecTransform}.
+ * Users SHOULD stop all outbound traffic that uses these Child Sessions({@link IpSecTransform}
+ * pairs) before calling this method. Otherwise IPsec packets will be dropped due to the lack of
+ * a valid {@link IpSecTransform}.
*
* <p>Closure of an IKE session will take priority over, and cancel other procedures waiting in
* the queue (but will wait for ongoing locally initiated procedures to complete). After sending
@@ -254,9 +255,9 @@
* <p>Upon closing, {@link IkeSessionCallback#onClosed()} will be fired.
*
* <p>Closing an IKE Session implicitly closes any remaining Child Sessions negotiated under it.
- * Users SHOULD stop all outbound traffic that uses these Child Sessions ({@link
- * android.net.IpSecTransform} pairs) before calling this method. Otherwise IPsec packets will
- * be dropped due to the lack of a valid {@link android.net.IpSecTransform}.
+ * Users SHOULD stop all outbound traffic that uses these Child Sessions({@link IpSecTransform}
+ * pairs) before calling this method. Otherwise IPsec packets will be dropped due to the lack of
+ * a valid {@link IpSecTransform}.
*
* <p>Forcible closure of an IKE session will take priority over, and cancel other procedures
* waiting in the queue. It will also interrupt any ongoing locally initiated procedure.
@@ -265,45 +266,4 @@
mCloseGuard.close();
mIkeSessionStateMachine.killSession();
}
-
- /**
- * Update the IkeSession's underlying Network to use the specified Network.
- *
- * <p>Updating the IkeSession's Network also updates the Network for any Child Sessions created
- * with this IkeSession. To perform the update, callers must implement:
- *
- * <ul>
- * <li>{@link IkeSessionCallback#onIkeSessionConnectionInfoChanged(IkeSessionConnectionInfo)}:
- * This call will be triggered once the IKE Session has been updated. The implementation
- * MUST migrate all IpSecTunnelInterface instances associated with this IkeSession via
- * {@link android.net.IpSecManager#IpSecTunnelInterface#setUnderlyingNetwork(Network)}
- * <li>{@link ChildSessionCallback#onIpSecTransformsMigrated(android.net.IpSecTransform,
- * android.net.IpSecTransform)}: This call will be triggered once a Child Session has been
- * updated. The implementation MUST re-apply the migrated transforms to the {@link
- * android.net.IpSecManager#IpSecTunnelInterface} associated with this
- * ChildSessionCallback, via {@link android.net.IpSecManager#applyTunnelModeTransform(
- * android.net.IpSecManager.IpSecTunnelInterface, int, android.net.IpSecTransform)}.
- * </ul>
- *
- * <p>In order for Network migration to be possible, the following must be true:
- *
- * <ul>
- * <li>the {@link IkeSessionParams} for this IkeSession must be configured with {@link
- * IkeSessionParams#IKE_OPTION_MOBIKE} (set via {@link
- * IkeSessionParams.Builder#addIkeOption(int)}), and
- * <li>the IkeSession must have been started with the Network specified via {@link
- * IkeSessionParams.Builder#setConfiguredNetwork(Network)}.
- * </ul>
- *
- * @see <a href="https://tools.ietf.org/html/rfc4555">RFC 4555, IKEv2 Mobility and Multihoming
- * Protocol (MOBIKE)</a>
- * @param network the Network to use for this IkeSession
- * @throws IllegalStateException if {@link IkeSessionParams#IKE_OPTION_MOBIKE} is not configured
- * in IkeSessionParams, or if the Network was not specified in IkeSessionParams.
- * @hide
- */
- @SystemApi
- public void setNetwork(@NonNull Network network) {
- mIkeSessionStateMachine.setNetwork(network);
- }
}
diff --git a/src/java/android/net/ipsec/ike/IkeSessionCallback.java b/src/java/android/net/ipsec/ike/IkeSessionCallback.java
index 26b3cfb..4c15b27 100644
--- a/src/java/android/net/ipsec/ike/IkeSessionCallback.java
+++ b/src/java/android/net/ipsec/ike/IkeSessionCallback.java
@@ -17,7 +17,6 @@
package android.net.ipsec.ike;
import android.annotation.NonNull;
-import android.annotation.SuppressLint;
import android.annotation.SystemApi;
import android.net.ipsec.ike.exceptions.IkeException;
import android.net.ipsec.ike.exceptions.IkeProtocolException;
@@ -29,12 +28,9 @@
* callers are requesting a new {@link IkeSession}. It is automatically unregistered when an {@link
* IkeSession} is closed.
*
- * @see <a href="https://tools.ietf.org/html/rfc7296">RFC 7296, Internet Key Exchange Protocol
- * Version 2 (IKEv2)</a>
+ * @hide
*/
-// Using interface instead of abstract class to indicate this callback does not have any state or
-// implementation.
-@SuppressLint("CallbackInterface")
+@SystemApi
public interface IkeSessionCallback {
/**
* Called when the {@link IkeSession} setup succeeds.
@@ -51,7 +47,7 @@
* Called when the {@link IkeSession} is closed.
*
* <p>When the closure is caused by a local, fatal error, {@link
- * #onClosedWithException(IkeException)} will be fired instead of this method.
+ * #onClosedExceptionally(IkeException)} will be fired instead of this method.
*/
void onClosed();
@@ -60,23 +56,8 @@
* error.
*
* @param exception the detailed error information.
- * @deprecated Implementers should override {@link #onClosedWithException(IkeException)} to
- * handle fatal {@link IkeException}s instead of using this method.
- * @hide
*/
- @SystemApi
- @Deprecated
- default void onClosedExceptionally(@NonNull IkeException exception) {}
-
- /**
- * Called if {@link IkeSession} setup failed or {@link IkeSession} is closed because of a fatal
- * error.
- *
- * @param exception the detailed error information.
- */
- default void onClosedWithException(@NonNull IkeException exception) {
- onClosedExceptionally(exception);
- }
+ void onClosedExceptionally(@NonNull IkeException exception);
/**
* Called if a recoverable error is encountered in an established {@link IkeSession}.
@@ -85,71 +66,6 @@
* INVALID_MESSAGE_ID.
*
* @param exception the detailed error information.
- * @deprecated Implementers should override {@link #onError(IkeException)} to handle {@link
- * IkeProtocolException}s instead of using this method.
- * @hide
*/
- @SystemApi
- @Deprecated
- default void onError(@NonNull IkeProtocolException exception) {}
-
- /**
- * Called if a recoverable error is encountered in an established {@link IkeSession}.
- *
- * <p>This method may be triggered by protocol errors such as an INVALID_IKE_SPI, or by
- * non-protocol errors such as the underlying {@link android.net.Network} dying.
- *
- * @param exception the detailed error information.
- */
- default void onError(@NonNull IkeException exception) {
- if (exception instanceof IkeProtocolException) {
- onError((IkeProtocolException) exception);
- return;
- }
-
- // do nothing for non-protocol errors by default
- }
-
- /**
- * Called if the IkeSessionConnectionInfo for an established {@link IkeSession} changes.
- *
- * <p>This method will only be called for MOBIKE-enabled Sessions, and only after a Mobility
- * Event occurs. An mobility event can happen in two Network modes:
- *
- * <ul>
- * <li><b>Caller managed:</b> The caller controls the underlying Network for the IKE Session
- * at all times. The IKE Session will only change underlying Networks if the caller
- * initiates it through {@link IkeSession#setNetwork(Network)}. If the caller-specified
- * Network is lost, they will be notified via {@link
- * IkeSessionCallback#onError(android.net.ipsec.ike.exceptions.IkeException)} with an
- * {@link android.net.ipsec.ike.exceptions.IkeNetworkLostException} specifying the Network
- * that was lost.
- * <li><b>Platform Default:</b> The IKE Session will always track the application default
- * Network. The IKE Session will start on the application default Network, and any
- * subsequent changes to the default Network (after the IKE_AUTH exchange completes) will
- * cause the IKE Session's underlying Network to change. If the default Network is lost
- * with no replacements, the caller will be notified via {@link
- * IkeSessionCallback#onError(android.net.ipsec.ike.exceptions.IkeException)} with an
- * {@link android.net.ipsec.ike.exceptions.IkeNetworkLostException}. The caller can either
- * wait until for a new default Network to become available or they may close the Session
- * manually via {@link IkeSession#close()}. Note that the IKE Session's maximum
- * retransmissions may expire while waiting for a new default Network, in which case the
- * Session will automatically close and {@link #onClosedWithException(IkeException)} will
- * be fired.
- * </ul>
- *
- * <p>There are three types of mobility events:
- *
- * <ul>
- * <li>The underlying Network changing, or
- * <li>The local address disappearing from the current (and unchanged) underlying Network, or
- * <li>The remote address changing.
- * </ul>
- *
- * @param connectionInfo the updated IkeSessionConnectionInfo for the Session.
- * @hide
- */
- @SystemApi
- default void onIkeSessionConnectionInfoChanged(
- @NonNull IkeSessionConnectionInfo connectionInfo) {}
+ void onError(@NonNull IkeProtocolException exception);
}
diff --git a/src/java/android/net/ipsec/ike/IkeSessionConfiguration.java b/src/java/android/net/ipsec/ike/IkeSessionConfiguration.java
index d7caaec..069b24b 100644
--- a/src/java/android/net/ipsec/ike/IkeSessionConfiguration.java
+++ b/src/java/android/net/ipsec/ike/IkeSessionConfiguration.java
@@ -22,7 +22,6 @@
import android.annotation.IntDef;
import android.annotation.NonNull;
-import android.annotation.SuppressLint;
import android.annotation.SystemApi;
import com.android.internal.net.ipsec.ike.message.IkeConfigPayload;
@@ -44,8 +43,11 @@
/**
* IkeSessionConfiguration represents the negotiated configuration for a {@link IkeSession}.
*
- * <p>Configurations include remote application version and enabled IKE extensions.
+ * <p>Configurations include remote application version and enabled IKE extensions..
+ *
+ * @hide
*/
+@SystemApi
public final class IkeSessionConfiguration {
/** @hide */
@Retention(RetentionPolicy.SOURCE)
@@ -57,9 +59,6 @@
/** IKEv2 Mobility and Multihoming Protocol */
public static final int EXTENSION_TYPE_MOBIKE = 2;
- private static final int VALID_EXTENSION_MIN = EXTENSION_TYPE_FRAGMENTATION;
- private static final int VALID_EXTENSION_MAX = EXTENSION_TYPE_MOBIKE;
-
private final String mRemoteApplicationVersion;
private final IkeSessionConnectionInfo mIkeConnInfo;
private final List<InetAddress> mPcscfServers = new ArrayList<>();
@@ -69,9 +68,7 @@
/**
* Construct an instance of {@link IkeSessionConfiguration}.
*
- * <p>IkeSessionConfigurations may contain negotiated configuration information that is included
- * in a Configure(Reply) Payload. Thus the input configPayload should always be a
- * Configure(Reply), and never be a Configure(Request).
+ * <p>IkeSessionConfigurations may only be built with a with a Configure(Reply) Payload.
*
* @hide
*/
@@ -80,6 +77,11 @@
IkeConfigPayload configPayload,
List<byte[]> remoteVendorIds,
List<Integer> enabledExtensions) {
+ String errMsg = " not provided";
+ Objects.requireNonNull(ikeConnInfo, "ikeConnInfo" + errMsg);
+ Objects.requireNonNull(remoteVendorIds, "remoteVendorIds" + errMsg);
+ Objects.requireNonNull(enabledExtensions, "enabledExtensions" + errMsg);
+
mIkeConnInfo = ikeConnInfo;
mRemoteVendorIds.addAll(remoteVendorIds);
mEnabledExtensions.addAll(enabledExtensions);
@@ -113,36 +115,6 @@
}
}
mRemoteApplicationVersion = appVersion;
- validateOrThrow();
- }
-
- /**
- * Construct an instance of {@link IkeSessionConfiguration}.
- *
- * @hide
- */
- private IkeSessionConfiguration(
- IkeSessionConnectionInfo ikeConnInfo,
- List<InetAddress> pcscfServers,
- List<byte[]> remoteVendorIds,
- Set<Integer> enabledExtensions,
- String remoteApplicationVersion) {
- mIkeConnInfo = ikeConnInfo;
- mPcscfServers.addAll(pcscfServers);
- mRemoteVendorIds.addAll(remoteVendorIds);
- mEnabledExtensions.addAll(enabledExtensions);
- mRemoteApplicationVersion = remoteApplicationVersion;
-
- validateOrThrow();
- }
-
- private void validateOrThrow() {
- String errMsg = " was null";
- Objects.requireNonNull(mIkeConnInfo, "ikeConnInfo" + errMsg);
- Objects.requireNonNull(mPcscfServers, "pcscfServers" + errMsg);
- Objects.requireNonNull(mRemoteVendorIds, "remoteVendorIds" + errMsg);
- Objects.requireNonNull(mRemoteApplicationVersion, "remoteApplicationVersion" + errMsg);
- Objects.requireNonNull(mRemoteVendorIds, "remoteVendorIds" + errMsg);
}
/**
@@ -159,10 +131,6 @@
/**
* Returns remote vendor IDs received during IKE Session setup.
*
- * <p>According to the IKEv2 specification (RFC 7296), a vendor ID may indicate the sender is
- * capable of accepting certain extensions to the protocol, or it may simply identify the
- * implementation as an aid in debugging.
- *
* @return the vendor IDs of the remote server, or an empty list if no vendor ID is received
* during IKE Session setup.
*/
@@ -188,10 +156,8 @@
* Returns the assigned P_CSCF servers.
*
* @return the assigned P_CSCF servers, or an empty list when no servers are assigned by the
- * remote IKE server.
- * @hide
+ * remote IKE server
*/
- @SystemApi
@NonNull
public List<InetAddress> getPcscfServers() {
return Collections.unmodifiableList(mPcscfServers);
@@ -206,153 +172,4 @@
public IkeSessionConnectionInfo getIkeSessionConnectionInfo() {
return mIkeConnInfo;
}
-
- /**
- * This class can be used to incrementally construct a {@link IkeSessionConfiguration}.
- *
- * <p>Except for testing, IKE library users normally do not instantiate {@link
- * IkeSessionConfiguration} themselves but instead get a reference via {@link
- * IkeSessionCallback}
- */
- public static final class Builder {
- private final IkeSessionConnectionInfo mIkeConnInfo;
- private final List<InetAddress> mPcscfServers = new ArrayList<>();
- private final List<byte[]> mRemoteVendorIds = new ArrayList<>();
- private final Set<Integer> mEnabledExtensions = new HashSet<>();
- private String mRemoteApplicationVersion = "";
-
- /**
- * Constructs a Builder.
- *
- * @param ikeConnInfo the connection information
- */
- public Builder(@NonNull IkeSessionConnectionInfo ikeConnInfo) {
- Objects.requireNonNull(ikeConnInfo, "ikeConnInfo was null");
- mIkeConnInfo = ikeConnInfo;
- }
-
- /**
- * Adds an assigned P_CSCF server for the {@link IkeSessionConfiguration} being built.
- *
- * @param pcscfServer an assigned P_CSCF server
- * @return Builder this, to facilitate chaining
- * @hide
- */
- @SystemApi
- @NonNull
- public Builder addPcscfServer(@NonNull InetAddress pcscfServer) {
- Objects.requireNonNull(pcscfServer, "pcscfServer was null");
- mPcscfServers.add(pcscfServer);
- return this;
- }
-
- /**
- * Clear all P_CSCF servers from the {@link IkeSessionConfiguration} being built.
- *
- * @return Builder this, to facilitate chaining
- * @hide
- */
- @SystemApi
- @NonNull
- public Builder clearPcscfServers() {
- mPcscfServers.clear();
- return this;
- }
-
- /**
- * Adds a remote vendor ID for the {@link IkeSessionConfiguration} being built.
- *
- * @param remoteVendorId a remote vendor ID
- * @return Builder this, to facilitate chaining
- */
- @NonNull
- public Builder addRemoteVendorId(@NonNull byte[] remoteVendorId) {
- Objects.requireNonNull(remoteVendorId, "remoteVendorId was null");
- mRemoteVendorIds.add(remoteVendorId);
- return this;
- }
-
- /**
- * Clears all remote vendor IDs from the {@link IkeSessionConfiguration} being built.
- *
- * @return Builder this, to facilitate chaining
- */
- @NonNull
- public Builder clearRemoteVendorIds() {
- mRemoteVendorIds.clear();
- return this;
- }
-
- /**
- * Sets the remote application version for the {@link IkeSessionConfiguration} being built.
- *
- * @param remoteApplicationVersion the remote application version. Defaults to an empty
- * string.
- * @return Builder this, to facilitate chaining
- */
- @NonNull
- public Builder setRemoteApplicationVersion(@NonNull String remoteApplicationVersion) {
- Objects.requireNonNull(remoteApplicationVersion, "remoteApplicationVersion was null");
- mRemoteApplicationVersion = remoteApplicationVersion;
- return this;
- }
-
- /**
- * Clears the remote application version from the {@link IkeSessionConfiguration} being
- * built.
- *
- * @return Builder this, to facilitate chaining
- */
- @NonNull
- public Builder clearRemoteApplicationVersion() {
- mRemoteApplicationVersion = "";
- return this;
- }
-
- private static void validateExtensionOrThrow(@ExtensionType int extensionType) {
- if (extensionType >= VALID_EXTENSION_MIN && extensionType <= VALID_EXTENSION_MAX) {
- return;
- }
- throw new IllegalArgumentException("Invalid extension type: " + extensionType);
- }
-
- /**
- * Marks an IKE extension as enabled for the {@link IkeSessionConfiguration} being built.
- *
- * @param extensionType the enabled extension
- * @return Builder this, to facilitate chaining
- */
- // MissingGetterMatchingBuilder: Use #isIkeExtensionEnabled instead of #getIkeExtension
- // because #isIkeExtensionEnabled allows callers to check the presence of an IKE extension
- // more easily
- @SuppressLint("MissingGetterMatchingBuilder")
- @NonNull
- public Builder addIkeExtension(@ExtensionType int extensionType) {
- validateExtensionOrThrow(extensionType);
- mEnabledExtensions.add(extensionType);
- return this;
- }
-
- /**
- * Clear all enabled IKE extensions from the {@link IkeSessionConfiguration} being built.
- *
- * @return Builder this, to facilitate chaining
- */
- @NonNull
- public Builder clearIkeExtensions() {
- mEnabledExtensions.clear();
- return this;
- }
-
- /** Constructs an {@link IkeSessionConfiguration} instance. */
- @NonNull
- public IkeSessionConfiguration build() {
- return new IkeSessionConfiguration(
- mIkeConnInfo,
- mPcscfServers,
- mRemoteVendorIds,
- mEnabledExtensions,
- mRemoteApplicationVersion);
- }
- }
}
diff --git a/src/java/android/net/ipsec/ike/IkeSessionConnectionInfo.java b/src/java/android/net/ipsec/ike/IkeSessionConnectionInfo.java
index b2cc53d..3969307 100644
--- a/src/java/android/net/ipsec/ike/IkeSessionConnectionInfo.java
+++ b/src/java/android/net/ipsec/ike/IkeSessionConnectionInfo.java
@@ -17,17 +17,21 @@
package android.net.ipsec.ike;
import android.annotation.NonNull;
+import android.annotation.SystemApi;
import android.net.Network;
import java.net.InetAddress;
import java.util.Objects;
/**
- * IkeSessionConnectionInfo represents the connection information of an {@link IkeSession}.
+ * IkeSessionConnectionInfo represents the connection information of a {@link IkeSession}.
*
* <p>Connection information includes IP addresses of both the IKE client and server and the network
* being used.
+ *
+ * @hide
*/
+@SystemApi
public final class IkeSessionConnectionInfo {
private final InetAddress mLocalAddress;
private final InetAddress mRemoteAddress;
@@ -36,14 +40,10 @@
/**
* Construct an instance of {@link IkeSessionConnectionInfo}.
*
- * <p>Except for testing, IKE library users normally do not instantiate {@link
- * IkeSessionConnectionInfo} themselves but instead get a reference via {@link
- * IkeSessionConfiguration} or {@link IkeSessionCallback}
+ * @hide
*/
public IkeSessionConnectionInfo(
- @NonNull InetAddress localAddress,
- @NonNull InetAddress remoteAddress,
- @NonNull Network network) {
+ InetAddress localAddress, InetAddress remoteAddress, Network network) {
Objects.requireNonNull(localAddress, "localAddress not provided");
Objects.requireNonNull(remoteAddress, "remoteAddress not provided");
Objects.requireNonNull(network, "network not provided");
diff --git a/src/java/android/net/ipsec/ike/IkeSessionParams.java b/src/java/android/net/ipsec/ike/IkeSessionParams.java
index 46133e5..6a8dc73 100644
--- a/src/java/android/net/ipsec/ike/IkeSessionParams.java
+++ b/src/java/android/net/ipsec/ike/IkeSessionParams.java
@@ -19,9 +19,6 @@
import static android.system.OsConstants.AF_INET;
import static android.system.OsConstants.AF_INET6;
-import static com.android.internal.net.ipsec.ike.utils.IkeCertUtils.certificateFromByteArray;
-import static com.android.internal.net.ipsec.ike.utils.IkeCertUtils.privateKeyFromByteArray;
-
import android.annotation.IntDef;
import android.annotation.IntRange;
import android.annotation.NonNull;
@@ -32,17 +29,12 @@
import android.net.ConnectivityManager;
import android.net.Network;
import android.net.eap.EapSessionConfig;
-import android.net.ipsec.ike.ike3gpp.Ike3gppExtension;
-import android.os.PersistableBundle;
import com.android.internal.annotations.VisibleForTesting;
-import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttribute;
import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv4Pcscf;
import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv6Pcscf;
import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.IkeConfigAttribute;
import com.android.internal.net.ipsec.ike.message.IkePayload;
-import com.android.modules.utils.build.SdkLevel;
-import com.android.server.vcn.util.PersistableBundleUtils;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
@@ -50,7 +42,6 @@
import java.net.Inet6Address;
import java.net.InetAddress;
import java.security.PrivateKey;
-import java.security.cert.CertificateEncodingException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAKey;
@@ -67,7 +58,10 @@
*
* <p>Note that all negotiated configurations will be reused during rekey including SA Proposal and
* lifetime.
+ *
+ * @hide
*/
+@SystemApi
public final class IkeSessionParams {
/** @hide */
@Retention(RetentionPolicy.SOURCE)
@@ -84,21 +78,7 @@
/** @hide */
@Retention(RetentionPolicy.SOURCE)
- @IntDef({AUTH_DIRECTION_LOCAL, AUTH_DIRECTION_REMOTE, AUTH_DIRECTION_BOTH})
- public @interface AuthDirection {}
-
- // Constants to describe which side (local and/or remote) the authentication configuration will
- // be used.
- /** @hide */
- public static final int AUTH_DIRECTION_LOCAL = 1;
- /** @hide */
- public static final int AUTH_DIRECTION_REMOTE = 2;
- /** @hide */
- public static final int AUTH_DIRECTION_BOTH = 3;
-
- /** @hide */
- @Retention(RetentionPolicy.SOURCE)
- @IntDef({IKE_OPTION_ACCEPT_ANY_REMOTE_ID, IKE_OPTION_EAP_ONLY_AUTH, IKE_OPTION_MOBIKE})
+ @IntDef({IKE_OPTION_ACCEPT_ANY_REMOTE_ID, IKE_OPTION_EAP_ONLY_AUTH})
public @interface IkeOption {}
/**
@@ -115,33 +95,9 @@
* <p>@see {@link Builder#setAuthEap(X509Certificate, EapSessionConfig)}
*/
public static final int IKE_OPTION_EAP_ONLY_AUTH = 1;
- /**
- * If set, the IKE library will be able to handle network and address changes.
- *
- * <p>The IKE library will first attempt to enable MOBIKE to handle the changes of underlying
- * network and addresses. If the server does not support MOBIKE, the IKE library will handle the
- * changes by rekeying all the underlying Child SAs.
- *
- * <p>If this option is set for an IKE Session, Transport-mode SAs will not be allowed in that
- * Session.
- *
- * <p>Checking if MOBIKE is supported by both the IKE library and the server in an IKE Session
- * is done via {@link IkeSessionConfiguration#isIkeExtensionEnabled(int)}.
- */
- public static final int IKE_OPTION_MOBIKE = 2;
-
- /**
- * Configures the IKE session to always send to port 4500.
- *
- * <p>If set, the IKE Session will be initiated and maintained exclusively using
- * destination port 4500, regardless of the presence of NAT. Otherwise, the IKE Session will
- * be initiated on destination port 500; then, if either a NAT is detected or both MOBIKE
- * and NAT-T are supported by the peer, it will proceed on port 4500.
- */
- public static final int IKE_OPTION_FORCE_PORT_4500 = 3;
private static final int MIN_IKE_OPTION = IKE_OPTION_ACCEPT_ANY_REMOTE_ID;
- private static final int MAX_IKE_OPTION = IKE_OPTION_FORCE_PORT_4500;
+ private static final int MAX_IKE_OPTION = IKE_OPTION_EAP_ONLY_AUTH;
/** @hide */
@VisibleForTesting static final int IKE_HARD_LIFETIME_SEC_MINIMUM = 300; // 5 minutes
@@ -167,20 +123,6 @@
@VisibleForTesting static final int IKE_DPD_DELAY_SEC_DEFAULT = 120; // 2 minutes
/** @hide */
- @VisibleForTesting static final int IKE_NATT_KEEPALIVE_DELAY_SEC_MIN = 10;
- /** @hide */
- @VisibleForTesting static final int IKE_NATT_KEEPALIVE_DELAY_SEC_MAX = 3600;
- /** @hide */
- @VisibleForTesting static final int IKE_NATT_KEEPALIVE_DELAY_SEC_DEFAULT = 10;
-
- /** @hide */
- @VisibleForTesting static final int DSCP_MIN = 0;
- /** @hide */
- @VisibleForTesting static final int DSCP_MAX = 63;
- /** @hide */
- @VisibleForTesting static final int DSCP_DEFAULT = 0;
-
- /** @hide */
@VisibleForTesting static final int IKE_RETRANS_TIMEOUT_MS_MIN = 500;
/** @hide */
@VisibleForTesting
@@ -192,34 +134,8 @@
static final int[] IKE_RETRANS_TIMEOUT_MS_LIST_DEFAULT =
new int[] {500, 1000, 2000, 4000, 8000};
- private static final String SERVER_HOST_NAME_KEY = "mServerHostname";
- private static final String SA_PROPOSALS_KEY = "mSaProposals";
- private static final String LOCAL_ID_KEY = "mLocalIdentification";
- private static final String REMOTE_ID_KEY = "mRemoteIdentification";
- private static final String LOCAL_AUTH_KEY = "mLocalAuthConfig";
- private static final String REMOTE_AUTH_KEY = "mRemoteAuthConfig";
- private static final String CONFIG_ATTRIBUTES_KEY = "mConfigRequests";
- private static final String RETRANS_TIMEOUTS_KEY = "mRetransTimeoutMsList";
- private static final String IKE_OPTIONS_KEY = "mIkeOptions";
- private static final String HARD_LIFETIME_SEC_KEY = "mHardLifetimeSec";
- private static final String SOFT_LIFETIME_SEC_KEY = "mSoftLifetimeSec";
- private static final String DPD_DELAY_SEC_KEY = "mDpdDelaySec";
- private static final String NATT_KEEPALIVE_DELAY_SEC_KEY = "mNattKeepaliveDelaySec";
- private static final String DSCP_KEY = "mDscp";
- private static final String IS_IKE_FRAGMENT_SUPPORTED_KEY = "mIsIkeFragmentationSupported";
-
@NonNull private final String mServerHostname;
-
- // @see #getNetwork for reasons of changing the annotation from @NonNull to @Nullable in SDK S.
- // Do not include mDefaultOrConfiguredNetwork in #hashCode or #equal because when it represents
- // configured network, it always has the same value as mCallerConfiguredNetwork. When it
- // represents a default network it can only reflects the device status at the IkeSessionParams
- // creation time. Since the actually default network may change after IkeSessionParams is
- // constructed, depending on mDefaultOrConfiguredNetwork in #hashCode and #equal to decide
- // if this object equals to another object does not make sense.
- @Nullable private final Network mDefaultOrConfiguredNetwork;
-
- @Nullable private final Network mCallerConfiguredNetwork;
+ @NonNull private final Network mNetwork;
@NonNull private final IkeSaProposal[] mSaProposals;
@@ -233,23 +149,18 @@
@NonNull private final int[] mRetransTimeoutMsList;
- @Nullable private final Ike3gppExtension mIke3gppExtension;
-
private final long mIkeOptions;
private final int mHardLifetimeSec;
private final int mSoftLifetimeSec;
private final int mDpdDelaySec;
- private final int mNattKeepaliveDelaySec;
- private final int mDscp;
private final boolean mIsIkeFragmentationSupported;
private IkeSessionParams(
@NonNull String serverHostname,
- @NonNull Network defaultOrConfiguredNetwork,
- @NonNull Network callerConfiguredNetwork,
+ @NonNull Network network,
@NonNull IkeSaProposal[] proposals,
@NonNull IkeIdentification localIdentification,
@NonNull IkeIdentification remoteIdentification,
@@ -257,17 +168,13 @@
@NonNull IkeAuthConfig remoteAuthConfig,
@NonNull IkeConfigAttribute[] configRequests,
@NonNull int[] retransTimeoutMsList,
- @Nullable Ike3gppExtension ike3gppExtension,
long ikeOptions,
int hardLifetimeSec,
int softLifetimeSec,
int dpdDelaySec,
- int nattKeepaliveDelaySec,
- int dscp,
boolean isIkeFragmentationSupported) {
mServerHostname = serverHostname;
- mDefaultOrConfiguredNetwork = defaultOrConfiguredNetwork;
- mCallerConfiguredNetwork = callerConfiguredNetwork;
+ mNetwork = network;
mSaProposals = proposals;
@@ -281,16 +188,12 @@
mRetransTimeoutMsList = retransTimeoutMsList;
- mIke3gppExtension = ike3gppExtension;
-
mIkeOptions = ikeOptions;
mHardLifetimeSec = hardLifetimeSec;
mSoftLifetimeSec = softLifetimeSec;
mDpdDelaySec = dpdDelaySec;
- mNattKeepaliveDelaySec = nattKeepaliveDelaySec;
- mDscp = dscp;
mIsIkeFragmentationSupported = isIkeFragmentationSupported;
}
@@ -306,113 +209,6 @@
}
/**
- * Constructs this object by deserializing a PersistableBundle
- *
- * <p>Constructed IkeSessionParams is guaranteed to be valid, as checked by the
- * IkeSessionParams.Builder
- *
- * @hide
- */
- @NonNull
- public static IkeSessionParams fromPersistableBundle(@NonNull PersistableBundle in) {
- Objects.requireNonNull(in, "PersistableBundle is null");
-
- IkeSessionParams.Builder builder = new IkeSessionParams.Builder();
-
- builder.setServerHostname(in.getString(SERVER_HOST_NAME_KEY));
-
- PersistableBundle proposalBundle = in.getPersistableBundle(SA_PROPOSALS_KEY);
- Objects.requireNonNull(in, "SA Proposals is null");
- List<IkeSaProposal> saProposals =
- PersistableBundleUtils.toList(proposalBundle, IkeSaProposal::fromPersistableBundle);
- for (IkeSaProposal proposal : saProposals) {
- builder.addSaProposal(proposal);
- }
-
- builder.setLocalIdentification(
- IkeIdentification.fromPersistableBundle(in.getPersistableBundle(LOCAL_ID_KEY)));
- builder.setRemoteIdentification(
- IkeIdentification.fromPersistableBundle(in.getPersistableBundle(REMOTE_ID_KEY)));
- builder.setAuth(
- IkeAuthConfig.fromPersistableBundle(in.getPersistableBundle(LOCAL_AUTH_KEY)),
- IkeAuthConfig.fromPersistableBundle(in.getPersistableBundle(REMOTE_AUTH_KEY)));
-
- PersistableBundle configBundle = in.getPersistableBundle(CONFIG_ATTRIBUTES_KEY);
- Objects.requireNonNull(configBundle, "configBundle is null");
- List<ConfigAttribute> configList =
- PersistableBundleUtils.toList(configBundle, ConfigAttribute::fromPersistableBundle);
- for (ConfigAttribute configAttribute : configList) {
- builder.addConfigRequest((IkeConfigAttribute) configAttribute);
- }
-
- builder.setRetransmissionTimeoutsMillis(in.getIntArray(RETRANS_TIMEOUTS_KEY));
-
- long ikeOptions = in.getLong(IKE_OPTIONS_KEY);
- for (int option = MIN_IKE_OPTION; option <= MAX_IKE_OPTION; option++) {
- if (hasIkeOption(ikeOptions, option)) {
- builder.addIkeOption(option);
- } else {
- builder.removeIkeOption(option);
- }
- }
-
- builder.setLifetimeSeconds(
- in.getInt(HARD_LIFETIME_SEC_KEY), in.getInt(SOFT_LIFETIME_SEC_KEY));
- builder.setDpdDelaySeconds(in.getInt(DPD_DELAY_SEC_KEY));
- builder.setNattKeepAliveDelaySeconds(in.getInt(NATT_KEEPALIVE_DELAY_SEC_KEY));
-
- // Fragmentation policy is not configurable. IkeSessionParams will always be constructed to
- // support fragmentation.
- if (!in.getBoolean(IS_IKE_FRAGMENT_SUPPORTED_KEY)) {
- throw new IllegalArgumentException("Invalid fragmentation policy");
- }
-
- return builder.build();
- }
- /**
- * Serializes this object to a PersistableBundle
- *
- * @hide
- */
- @NonNull
- public PersistableBundle toPersistableBundle() {
- if (mCallerConfiguredNetwork != null || mIke3gppExtension != null) {
- throw new IllegalStateException(
- "Cannot convert a IkeSessionParams with a caller configured network or with"
- + " 3GPP extension enabled");
- }
- final PersistableBundle result = new PersistableBundle();
-
- result.putString(SERVER_HOST_NAME_KEY, mServerHostname);
-
- PersistableBundle saProposalBundle =
- PersistableBundleUtils.fromList(
- Arrays.asList(mSaProposals), IkeSaProposal::toPersistableBundle);
- result.putPersistableBundle(SA_PROPOSALS_KEY, saProposalBundle);
-
- result.putPersistableBundle(LOCAL_ID_KEY, mLocalIdentification.toPersistableBundle());
- result.putPersistableBundle(REMOTE_ID_KEY, mRemoteIdentification.toPersistableBundle());
- result.putPersistableBundle(LOCAL_AUTH_KEY, mLocalAuthConfig.toPersistableBundle());
- result.putPersistableBundle(REMOTE_AUTH_KEY, mRemoteAuthConfig.toPersistableBundle());
-
- PersistableBundle configAttributeBundle =
- PersistableBundleUtils.fromList(
- Arrays.asList(mConfigRequests), ConfigAttribute::toPersistableBundle);
- result.putPersistableBundle(CONFIG_ATTRIBUTES_KEY, configAttributeBundle);
-
- result.putIntArray(RETRANS_TIMEOUTS_KEY, mRetransTimeoutMsList);
- result.putLong(IKE_OPTIONS_KEY, mIkeOptions);
- result.putInt(HARD_LIFETIME_SEC_KEY, mHardLifetimeSec);
- result.putInt(SOFT_LIFETIME_SEC_KEY, mSoftLifetimeSec);
- result.putInt(DPD_DELAY_SEC_KEY, mDpdDelaySec);
- result.putInt(NATT_KEEPALIVE_DELAY_SEC_KEY, mNattKeepaliveDelaySec);
- result.putInt(DSCP_KEY, mDscp);
- result.putBoolean(IS_IKE_FRAGMENT_SUPPORTED_KEY, mIsIkeFragmentationSupported);
-
- return result;
- }
-
- /**
* Retrieves the configured server hostname
*
* <p>The configured server hostname will be resolved during IKE Session creation.
@@ -422,56 +218,15 @@
return mServerHostname;
}
- /**
- * Retrieves the configured {@link Network}, or null if was not set
- *
- * <p>This getter is for internal use. Not matter {@link Builder#Builder(Context)} or {@link
- * Builder#Builder()} is used, this method will always return null if no Network was set by the
- * caller.
- *
- * @hide
- */
- @Nullable
- public Network getConfiguredNetwork() {
- return mCallerConfiguredNetwork;
- }
-
- // This method was first released as a @NonNull System APi and has been changed to @Nullable
- // since Android S. This method needs to be @Nullable because a new Builder constructor {@link
- // Builder#Builder() was added in Android S, and by using the new constructor the return value
- // of this method will be null if no network was set.
- // For apps that are using a null-safe language, making this method @Nullable will break
- // compilation, and apps need to update their code. For apps that are not using null-safe
- // language, making this change will not break the backwards compatibility because for any app
- // that uses the deprecated constructor {@link Builder#Builder(Context)}, the return value of
- // this method is still guaranteed to be non-null.
- /**
- * Retrieves the configured {@link Network}, or null if was not set.
- *
- * <p>@see {@link Builder#setNetwork(Network)}
- */
- @Nullable
+ /** Retrieves the configured {@link Network} */
+ @NonNull
public Network getNetwork() {
- return mDefaultOrConfiguredNetwork;
+ return mNetwork;
}
- /**
- * Retrieves all IkeSaProposals configured
- *
- * @deprecated Callers should use {@link #getIkeSaProposals()}. This method is deprecated
- * because its name does not match the return type.
- * @hide
- */
- @Deprecated
- @SystemApi
+ /** Retrieves all ChildSaProposals configured */
@NonNull
public List<IkeSaProposal> getSaProposals() {
- return getIkeSaProposals();
- }
-
- /** Retrieves all IkeSaProposals configured */
- @NonNull
- public List<IkeSaProposal> getIkeSaProposals() {
return Arrays.asList(mSaProposals);
}
@@ -521,61 +276,24 @@
}
/** Retrieves the Dead Peer Detection(DPD) delay in seconds */
- // Use "second" because smaller unit does not make sense to a DPD delay.
- @SuppressLint("MethodNameUnits")
@IntRange(from = IKE_DPD_DELAY_SEC_MIN, to = IKE_DPD_DELAY_SEC_MAX)
public int getDpdDelaySeconds() {
return mDpdDelaySec;
}
- /** Retrieves the Network Address Translation Traversal (NATT) keepalive delay in seconds */
- // Use "second" because smaller unit does not make sense for a NATT Keepalive delay.
- @SuppressLint("MethodNameUnits")
- @IntRange(from = IKE_NATT_KEEPALIVE_DELAY_SEC_MIN, to = IKE_NATT_KEEPALIVE_DELAY_SEC_MAX)
- public int getNattKeepAliveDelaySeconds() {
- return mNattKeepaliveDelaySec;
- }
-
- /**
- * Retrieves the DSCP field of IKE packets.
- *
- * @hide
- */
- @SystemApi
- @IntRange(from = DSCP_MIN, to = DSCP_MAX)
- public int getDscp() {
- return mDscp;
- }
-
/**
* Retrieves the relative retransmission timeout list in milliseconds
*
* <p>@see {@link Builder#setRetransmissionTimeoutsMillis(int[])}
*/
- @NonNull
public int[] getRetransmissionTimeoutsMillis() {
return mRetransTimeoutMsList;
}
- /**
- * Retrieves the configured Ike3gppExtension, or null if it was not set.
- *
- * @hide
- */
- @SystemApi
- @Nullable
- public Ike3gppExtension getIke3gppExtension() {
- return mIke3gppExtension;
- }
-
- private static boolean hasIkeOption(long ikeOptionsRecord, @IkeOption int ikeOption) {
- validateIkeOptionOrThrow(ikeOption);
- return (ikeOptionsRecord & getOptionBitValue(ikeOption)) != 0;
- }
-
/** Checks if the given IKE Session negotiation option is set */
public boolean hasIkeOption(@IkeOption int ikeOption) {
- return hasIkeOption(mIkeOptions, ikeOption);
+ validateIkeOptionOrThrow(ikeOption);
+ return (mIkeOptions & getOptionBitValue(ikeOption)) != 0;
}
/** @hide */
@@ -598,82 +316,16 @@
return mConfigRequests;
}
- /**
- * Retrieves the list of Configuration Requests
- *
- * @hide
- */
- @SystemApi
+ /** Retrieves the list of Configuration Requests */
@NonNull
public List<IkeConfigRequest> getConfigurationRequests() {
return Collections.unmodifiableList(Arrays.asList(mConfigRequests));
}
- /** @hide */
- @Override
- public int hashCode() {
- return Objects.hash(
- mServerHostname,
- mCallerConfiguredNetwork,
- Arrays.hashCode(mSaProposals),
- mLocalIdentification,
- mRemoteIdentification,
- mLocalAuthConfig,
- mRemoteAuthConfig,
- mIke3gppExtension,
- Arrays.hashCode(mConfigRequests),
- Arrays.hashCode(mRetransTimeoutMsList),
- mIkeOptions,
- mHardLifetimeSec,
- mSoftLifetimeSec,
- mDpdDelaySec,
- mNattKeepaliveDelaySec,
- mDscp,
- mIsIkeFragmentationSupported);
- }
-
- /** @hide */
- @Override
- public boolean equals(Object o) {
- if (!(o instanceof IkeSessionParams)) {
- return false;
- }
-
- IkeSessionParams other = (IkeSessionParams) o;
-
- return mServerHostname.equals(other.mServerHostname)
- && Objects.equals(mCallerConfiguredNetwork, other.mCallerConfiguredNetwork)
- && Arrays.equals(mSaProposals, other.mSaProposals)
- && mLocalIdentification.equals(other.mLocalIdentification)
- && mRemoteIdentification.equals(other.mRemoteIdentification)
- && mLocalAuthConfig.equals(other.mLocalAuthConfig)
- && mRemoteAuthConfig.equals(other.mRemoteAuthConfig)
- && Objects.equals(mIke3gppExtension, other.mIke3gppExtension)
- && Arrays.equals(mConfigRequests, other.mConfigRequests)
- && Arrays.equals(mRetransTimeoutMsList, other.mRetransTimeoutMsList)
- && mIkeOptions == other.mIkeOptions
- && mHardLifetimeSec == other.mHardLifetimeSec
- && mSoftLifetimeSec == other.mSoftLifetimeSec
- && mDpdDelaySec == other.mDpdDelaySec
- && mNattKeepaliveDelaySec == other.mNattKeepaliveDelaySec
- && mDscp == other.mDscp
- && mIsIkeFragmentationSupported == other.mIsIkeFragmentationSupported;
- }
-
- /**
- * Represents an IKE session configuration request type
- *
- * @hide
- */
- @SystemApi
+ /** Represents an IKE session configuration request type */
public interface IkeConfigRequest {}
- /**
- * Represents an IPv4 P_CSCF request
- *
- * @hide
- */
- @SystemApi
+ /** Represents an IPv4 P_CSCF request */
public interface ConfigRequestIpv4PcscfServer extends IkeConfigRequest {
/**
* Retrieves the requested IPv4 P_CSCF server address
@@ -685,12 +337,7 @@
Inet4Address getAddress();
}
- /**
- * Represents an IPv6 P_CSCF request
- *
- * @hide
- */
- @SystemApi
+ /** Represents an IPv6 P_CSCF request */
public interface ConfigRequestIpv6PcscfServer extends IkeConfigRequest {
/**
* Retrieves the requested IPv6 P_CSCF server address
@@ -704,79 +351,12 @@
/** This class contains common information of an IKEv2 authentication configuration. */
public abstract static class IkeAuthConfig {
- private static final String AUTH_METHOD_KEY = "mAuthMethod";
- private static final String AUTH_DIRECTION_KEY = "mAuthDirection";
/** @hide */
@IkeAuthMethod public final int mAuthMethod;
- /** @hide */
- @AuthDirection public final int mAuthDirection;
/** @hide */
- IkeAuthConfig(@IkeAuthMethod int authMethod, @AuthDirection int authDirection) {
+ IkeAuthConfig(@IkeAuthMethod int authMethod) {
mAuthMethod = authMethod;
- mAuthDirection = authDirection;
- }
-
- /**
- * Constructs this object by deserializing a PersistableBundle
- *
- * @hide
- */
- @NonNull
- public static IkeAuthConfig fromPersistableBundle(PersistableBundle in) {
- Objects.requireNonNull(in, "PersistableBundle is null");
-
- int authMethod = in.getInt(AUTH_METHOD_KEY);
- switch (authMethod) {
- case IKE_AUTH_METHOD_PSK:
- return IkeAuthPskConfig.fromPersistableBundle(in);
- case IKE_AUTH_METHOD_PUB_KEY_SIGNATURE:
- switch (in.getInt(AUTH_DIRECTION_KEY)) {
- case AUTH_DIRECTION_LOCAL:
- return IkeAuthDigitalSignLocalConfig.fromPersistableBundle(in);
- case AUTH_DIRECTION_REMOTE:
- return IkeAuthDigitalSignRemoteConfig.fromPersistableBundle(in);
- default:
- throw new IllegalArgumentException(
- "Digital-signature-based auth configuration with invalid"
- + " direction: "
- + in.getInt(AUTH_DIRECTION_KEY));
- }
- case IKE_AUTH_METHOD_EAP:
- return IkeAuthEapConfig.fromPersistableBundle(in);
- default:
- throw new IllegalArgumentException("Invalid Auth Method: " + authMethod);
- }
- }
-
- /**
- * Serializes this object to a PersistableBundle
- *
- * @hide
- */
- @NonNull
- protected PersistableBundle toPersistableBundle() {
- final PersistableBundle result = new PersistableBundle();
-
- result.putInt(AUTH_METHOD_KEY, mAuthMethod);
- result.putInt(AUTH_DIRECTION_KEY, mAuthDirection);
- return result;
- }
-
- @Override
- public int hashCode() {
- return Objects.hash(mAuthMethod, mAuthDirection);
- }
-
- @Override
- public boolean equals(Object o) {
- if (!(o instanceof IkeAuthConfig)) {
- return false;
- }
-
- IkeAuthConfig other = (IkeAuthConfig) o;
-
- return mAuthMethod == other.mAuthMethod && mAuthDirection == other.mAuthDirection;
}
}
@@ -785,65 +365,19 @@
* of local or remote side.
*/
public static class IkeAuthPskConfig extends IkeAuthConfig {
- private static final String PSK_KEY = "mPsk";
/** @hide */
@NonNull public final byte[] mPsk;
- /** @hide */
- @VisibleForTesting
- IkeAuthPskConfig(byte[] psk) {
- super(IKE_AUTH_METHOD_PSK, AUTH_DIRECTION_BOTH);
+ private IkeAuthPskConfig(byte[] psk) {
+ super(IKE_AUTH_METHOD_PSK);
mPsk = psk;
}
- /**
- * Constructs this object by deserializing a PersistableBundle
- *
- * @hide
- */
- @NonNull
- public static IkeAuthPskConfig fromPersistableBundle(@NonNull PersistableBundle in) {
- Objects.requireNonNull(in, "PersistableBundle is null");
-
- PersistableBundle pskBundle = in.getPersistableBundle(PSK_KEY);
- Objects.requireNonNull(in, "PSK bundle is null");
-
- return new IkeAuthPskConfig(PersistableBundleUtils.toByteArray(pskBundle));
- }
-
- /**
- * Serializes this object to a PersistableBundle
- *
- * @hide
- */
- @Override
- @NonNull
- public PersistableBundle toPersistableBundle() {
- final PersistableBundle result = super.toPersistableBundle();
-
- result.putPersistableBundle(PSK_KEY, PersistableBundleUtils.fromByteArray(mPsk));
- return result;
- }
-
/** Retrieves the pre-shared key */
@NonNull
public byte[] getPsk() {
return Arrays.copyOf(mPsk, mPsk.length);
}
-
- @Override
- public int hashCode() {
- return Objects.hash(super.hashCode(), Arrays.hashCode(mPsk));
- }
-
- @Override
- public boolean equals(Object o) {
- if (!super.equals(o) || !(o instanceof IkeAuthPskConfig)) {
- return false;
- }
-
- return Arrays.equals(mPsk, ((IkeAuthPskConfig) o).mPsk);
- }
}
/**
@@ -851,7 +385,6 @@
* authentication of the remote side.
*/
public static class IkeAuthDigitalSignRemoteConfig extends IkeAuthConfig {
- private static final String TRUST_CERT_KEY = "TRUST_CERT_KEY";
/** @hide */
@Nullable public final TrustAnchor mTrustAnchor;
@@ -859,12 +392,9 @@
* If a certificate is provided, it MUST be the root CA used by the remote (server), or
* authentication will fail. If no certificate is provided, any root CA in the system's
* truststore is considered acceptable.
- *
- * @hide
*/
- @VisibleForTesting
- IkeAuthDigitalSignRemoteConfig(@Nullable X509Certificate caCert) {
- super(IKE_AUTH_METHOD_PUB_KEY_SIGNATURE, AUTH_DIRECTION_REMOTE);
+ private IkeAuthDigitalSignRemoteConfig(@Nullable X509Certificate caCert) {
+ super(IKE_AUTH_METHOD_PUB_KEY_SIGNATURE);
if (caCert == null) {
mTrustAnchor = null;
} else {
@@ -877,85 +407,12 @@
}
}
- /**
- * Constructs this object by deserializing a PersistableBundle
- *
- * @hide
- */
- @NonNull
- public static IkeAuthDigitalSignRemoteConfig fromPersistableBundle(
- @NonNull PersistableBundle in) {
- Objects.requireNonNull(in, "PersistableBundle is null");
-
- PersistableBundle trustCertBundle = in.getPersistableBundle(TRUST_CERT_KEY);
-
- X509Certificate caCert = null;
- if (trustCertBundle != null) {
- byte[] encodedCert = PersistableBundleUtils.toByteArray(trustCertBundle);
- caCert = certificateFromByteArray(encodedCert);
- }
-
- return new IkeAuthDigitalSignRemoteConfig(caCert);
- }
-
- /**
- * Serializes this object to a PersistableBundle
- *
- * @hide
- */
- @Override
- @NonNull
- public PersistableBundle toPersistableBundle() {
- final PersistableBundle result = super.toPersistableBundle();
-
- try {
- if (mTrustAnchor != null) {
- result.putPersistableBundle(
- TRUST_CERT_KEY,
- PersistableBundleUtils.fromByteArray(
- mTrustAnchor.getTrustedCert().getEncoded()));
- }
-
- } catch (CertificateEncodingException e) {
- throw new IllegalArgumentException("Fail to encode the certificate");
- }
-
- return result;
- }
-
/** Retrieves the provided CA certificate for validating the remote certificate(s) */
@Nullable
public X509Certificate getRemoteCaCert() {
if (mTrustAnchor == null) return null;
return mTrustAnchor.getTrustedCert();
}
-
- @Override
- public int hashCode() {
- // Use #getTrustedCert() because TrustAnchor does not override #hashCode()
- return Objects.hash(
- super.hashCode(),
- (mTrustAnchor == null) ? null : mTrustAnchor.getTrustedCert());
- }
-
- @Override
- public boolean equals(Object o) {
- if (!super.equals(o) || !(o instanceof IkeAuthDigitalSignRemoteConfig)) {
- return false;
- }
-
- IkeAuthDigitalSignRemoteConfig other = (IkeAuthDigitalSignRemoteConfig) o;
-
- if (mTrustAnchor == null && other.mTrustAnchor == null) {
- return true;
- }
-
- // Compare #getTrustedCert() because TrustAnchor does not override #equals(Object)
- return mTrustAnchor != null
- && other.mTrustAnchor != null
- && Objects.equals(
- mTrustAnchor.getTrustedCert(), other.mTrustAnchor.getTrustedCert());
- }
}
/**
@@ -963,9 +420,6 @@
* authentication of the local side.
*/
public static class IkeAuthDigitalSignLocalConfig extends IkeAuthConfig {
- private static final String END_CERT_KEY = "mEndCert";
- private static final String INTERMEDIATE_CERTS_KEY = "mIntermediateCerts";
- private static final String PRIVATE_KEY_KEY = "mPrivateKey";
/** @hide */
@NonNull public final X509Certificate mEndCert;
@@ -975,85 +429,16 @@
/** @hide */
@NonNull public final PrivateKey mPrivateKey;
- /** @hide */
- @VisibleForTesting
- IkeAuthDigitalSignLocalConfig(
+ private IkeAuthDigitalSignLocalConfig(
@NonNull X509Certificate clientEndCert,
@NonNull List<X509Certificate> clientIntermediateCerts,
@NonNull PrivateKey privateKey) {
- super(IKE_AUTH_METHOD_PUB_KEY_SIGNATURE, AUTH_DIRECTION_LOCAL);
+ super(IKE_AUTH_METHOD_PUB_KEY_SIGNATURE);
mEndCert = clientEndCert;
mIntermediateCerts = clientIntermediateCerts;
mPrivateKey = privateKey;
}
- /**
- * Constructs this object by deserializing a PersistableBundle
- *
- * @hide
- */
- @NonNull
- public static IkeAuthDigitalSignLocalConfig fromPersistableBundle(
- @NonNull PersistableBundle in) {
- Objects.requireNonNull(in, "PersistableBundle is null");
-
- PersistableBundle endCertBundle = in.getPersistableBundle(END_CERT_KEY);
- Objects.requireNonNull(endCertBundle, "End cert not provided");
- byte[] encodedCert = PersistableBundleUtils.toByteArray(endCertBundle);
- X509Certificate endCert = certificateFromByteArray(encodedCert);
-
- PersistableBundle certsBundle = in.getPersistableBundle(INTERMEDIATE_CERTS_KEY);
- Objects.requireNonNull(certsBundle, "Intermediate certs not provided");
- List<byte[]> encodedCertList =
- PersistableBundleUtils.toList(certsBundle, PersistableBundleUtils::toByteArray);
- List<X509Certificate> certList = new ArrayList<>(encodedCertList.size());
- for (byte[] encoded : encodedCertList) {
- certList.add(certificateFromByteArray(encoded));
- }
-
- PersistableBundle privateKeyBundle = in.getPersistableBundle(PRIVATE_KEY_KEY);
- Objects.requireNonNull(privateKeyBundle, "PrivateKey bundle is null");
- PrivateKey privateKey =
- privateKeyFromByteArray(PersistableBundleUtils.toByteArray(privateKeyBundle));
- Objects.requireNonNull(privateKeyBundle, "PrivateKey is null");
-
- return new IkeAuthDigitalSignLocalConfig(endCert, certList, privateKey);
- }
-
- /**
- * Serializes this object to a PersistableBundle
- *
- * @hide
- */
- @Override
- @NonNull
- public PersistableBundle toPersistableBundle() {
- final PersistableBundle result = super.toPersistableBundle();
-
- try {
- result.putPersistableBundle(
- END_CERT_KEY, PersistableBundleUtils.fromByteArray(mEndCert.getEncoded()));
-
- List<byte[]> encodedCertList = new ArrayList<>(mIntermediateCerts.size());
- for (X509Certificate cert : mIntermediateCerts) {
- encodedCertList.add(cert.getEncoded());
- }
- PersistableBundle certsBundle =
- PersistableBundleUtils.fromList(
- encodedCertList, PersistableBundleUtils::fromByteArray);
- result.putPersistableBundle(INTERMEDIATE_CERTS_KEY, certsBundle);
- } catch (CertificateEncodingException e) {
- throw new IllegalArgumentException("Fail to encode certificate");
- }
-
- // TODO: b/170670506 Consider putting PrivateKey in Android KeyStore
- result.putPersistableBundle(
- PRIVATE_KEY_KEY,
- PersistableBundleUtils.fromByteArray(mPrivateKey.getEncoded()));
-
- return result;
- }
-
/** Retrieves the client end certificate */
@NonNull
public X509Certificate getClientEndCertificate() {
@@ -1071,24 +456,6 @@
public PrivateKey getPrivateKey() {
return mPrivateKey;
}
-
- @Override
- public int hashCode() {
- return Objects.hash(super.hashCode(), mEndCert, mIntermediateCerts, mPrivateKey);
- }
-
- @Override
- public boolean equals(Object o) {
- if (!super.equals(o) || !(o instanceof IkeAuthDigitalSignLocalConfig)) {
- return false;
- }
-
- IkeAuthDigitalSignLocalConfig other = (IkeAuthDigitalSignLocalConfig) o;
-
- return mEndCert.equals(other.mEndCert)
- && mIntermediateCerts.equals(other.mIntermediateCerts)
- && mPrivateKey.equals(other.mPrivateKey);
- }
}
/**
@@ -1097,79 +464,25 @@
* <p>@see {@link IkeSessionParams.Builder#setAuthEap(X509Certificate, EapSessionConfig)}
*/
public static class IkeAuthEapConfig extends IkeAuthConfig {
- private static final String EAP_CONFIG_KEY = "mEapConfig";
-
/** @hide */
@NonNull public final EapSessionConfig mEapConfig;
- /** @hide */
- @VisibleForTesting
- IkeAuthEapConfig(EapSessionConfig eapConfig) {
- super(IKE_AUTH_METHOD_EAP, AUTH_DIRECTION_LOCAL);
+ private IkeAuthEapConfig(EapSessionConfig eapConfig) {
+ super(IKE_AUTH_METHOD_EAP);
mEapConfig = eapConfig;
}
- /**
- * Constructs this object by deserializing a PersistableBundle
- *
- * @hide
- */
- @NonNull
- public static IkeAuthEapConfig fromPersistableBundle(@NonNull PersistableBundle in) {
- Objects.requireNonNull(in, "PersistableBundle null");
-
- PersistableBundle eapBundle = in.getPersistableBundle(EAP_CONFIG_KEY);
- Objects.requireNonNull(in, "EAP Config bundle is null");
-
- EapSessionConfig eapConfig = EapSessionConfig.fromPersistableBundle(eapBundle);
- Objects.requireNonNull(eapConfig, "EAP Config is null");
-
- return new IkeAuthEapConfig(eapConfig);
- }
-
- /**
- * Serializes this object to a PersistableBundle
- *
- * @hide
- */
- @Override
- @NonNull
- public PersistableBundle toPersistableBundle() {
- final PersistableBundle result = super.toPersistableBundle();
- result.putPersistableBundle(EAP_CONFIG_KEY, mEapConfig.toPersistableBundle());
- return result;
- }
-
/** Retrieves EAP configuration */
@NonNull
public EapSessionConfig getEapConfig() {
return mEapConfig;
}
-
- @Override
- public int hashCode() {
- return Objects.hash(super.hashCode(), mEapConfig);
- }
-
- @Override
- public boolean equals(Object o) {
- if (!super.equals(o) || !(o instanceof IkeAuthEapConfig)) {
- return false;
- }
-
- return mEapConfig.equals(((IkeAuthEapConfig) o).mEapConfig);
- }
}
/** This class can be used to incrementally construct a {@link IkeSessionParams}. */
public static final class Builder {
- // This field has changed from @NonNull to @Nullable since Android S. It has to be @Nullable
- // because the new constructor #Builder() will not need and will not able to get a
- // ConnectivityManager instance anymore. Making it @Nullable does not break the backwards
- // compatibility because if apps use the old constructor #Builder(Context), the Builder and
- // the IkeSessionParams built from it will still work in the old way. @see #Builder(Context)
- @Nullable private ConnectivityManager mConnectivityManager;
+ @NonNull private final ConnectivityManager mConnectivityManager;
@NonNull private final List<IkeSaProposal> mSaProposalList = new LinkedList<>();
@NonNull private final List<IkeConfigAttribute> mConfigRequestList = new ArrayList<>();
@@ -1181,7 +494,7 @@
IKE_RETRANS_TIMEOUT_MS_LIST_DEFAULT.length);
@NonNull private String mServerHostname;
- @Nullable private Network mCallerConfiguredNetwork;
+ @Nullable private Network mNetwork;
@Nullable private IkeIdentification mLocalIdentification;
@Nullable private IkeIdentification mRemoteIdentification;
@@ -1189,93 +502,31 @@
@Nullable private IkeAuthConfig mLocalAuthConfig;
@Nullable private IkeAuthConfig mRemoteAuthConfig;
- @Nullable private Ike3gppExtension mIke3gppExtension;
-
private long mIkeOptions = 0;
private int mHardLifetimeSec = IKE_HARD_LIFETIME_SEC_DEFAULT;
private int mSoftLifetimeSec = IKE_SOFT_LIFETIME_SEC_DEFAULT;
private int mDpdDelaySec = IKE_DPD_DELAY_SEC_DEFAULT;
- private int mNattKeepaliveDelaySec = IKE_NATT_KEEPALIVE_DELAY_SEC_DEFAULT;
- private int mDscp = DSCP_DEFAULT;
- private final boolean mIsIkeFragmentationSupported = true;
+ private boolean mIsIkeFragmentationSupported = false;
/**
* Construct Builder
*
- * <p>This constructor is deprecated since Android S. Apps that use this constructor can
- * still expect {@link #build()} to throw if no configured or default network was found. But
- * apps that use {@link #Builder()} MUST NOT expect that behavior anymore.
- *
- * <p>For a caller that used this constructor and did not set any Network, {@link
- * IkeSessionParams#getNetwork()} will return the default Network resolved in {@link
- * IkeSessionParams.Builder#build()}. This return value is only informational because if
- * MOBIKE is enabled, IKE Session may switch to a different default Network.
- *
* @param context a valid {@link Context} instance.
- * @deprecated Callers should use {@link #Builder()}.This method is deprecated because it is
- * unnecessary to try resolving a default network or to validate network is connected
- * before {@link IkeSession} starts the setup process.
- * @hide
*/
- @Deprecated
- @SystemApi
public Builder(@NonNull Context context) {
this((ConnectivityManager) context.getSystemService(Context.CONNECTIVITY_SERVICE));
}
- /**
- * Construct Builder
- */
- public Builder() {}
-
/** @hide */
- // TODO: b/178389011 This constructor should be removed when #Builder(Context) can be safely
- // removed. See #Builder(Context) for reasons.
@VisibleForTesting
public Builder(ConnectivityManager connectManager) {
mConnectivityManager = connectManager;
}
/**
- * Construct Builder from the {@link IkeSessionParams} object.
- *
- * @param ikeSessionParams the object this Builder will be constructed with.
- */
- public Builder(@NonNull IkeSessionParams ikeSessionParams) {
- mSaProposalList.addAll(ikeSessionParams.getSaProposals());
- mConfigRequestList.addAll(Arrays.asList(ikeSessionParams.mConfigRequests));
-
- int[] retransmissionTimeouts = ikeSessionParams.getRetransmissionTimeoutsMillis();
- mRetransTimeoutMsList =
- Arrays.copyOf(retransmissionTimeouts, retransmissionTimeouts.length);
-
- mServerHostname = ikeSessionParams.getServerHostname();
- mCallerConfiguredNetwork = ikeSessionParams.getConfiguredNetwork();
- mLocalIdentification = ikeSessionParams.getLocalIdentification();
- mRemoteIdentification = ikeSessionParams.getRemoteIdentification();
- mLocalAuthConfig = ikeSessionParams.getLocalAuthConfig();
- mRemoteAuthConfig = ikeSessionParams.getRemoteAuthConfig();
-
- mIke3gppExtension = ikeSessionParams.getIke3gppExtension();
-
- mHardLifetimeSec = ikeSessionParams.getHardLifetimeSeconds();
- mSoftLifetimeSec = ikeSessionParams.getSoftLifetimeSeconds();
- mDpdDelaySec = ikeSessionParams.getDpdDelaySeconds();
- mNattKeepaliveDelaySec = ikeSessionParams.getNattKeepAliveDelaySeconds();
- mDscp = ikeSessionParams.getDscp();
-
- mIkeOptions = ikeSessionParams.mIkeOptions;
-
- if (!ikeSessionParams.mIsIkeFragmentationSupported) {
- throw new IllegalStateException(
- "mIsIkeFragmentationSupported should never be false");
- }
- }
-
- /**
* Sets the server hostname for the {@link IkeSessionParams} being built.
*
* @param serverHostname the hostname of the IKE server, such as "ike.android.com".
@@ -1293,16 +544,18 @@
* Sets the {@link Network} for the {@link IkeSessionParams} being built.
*
* <p>If no {@link Network} is provided, the default Network (as per {@link
- * ConnectivityManager#getActiveNetwork()}) will be used when constructing an {@link
- * IkeSession}.
+ * ConnectivityManager#getActiveNetwork()}) will be used.
*
- * @param network the {@link Network} that IKE Session will use, or {@code null} to clear
- * the previously set {@link Network}
+ * @param network the {@link Network} that IKE Session will use.
* @return Builder this, to facilitate chaining.
*/
@NonNull
- public Builder setNetwork(@Nullable Network network) {
- mCallerConfiguredNetwork = network;
+ public Builder setNetwork(@NonNull Network network) {
+ if (network == null) {
+ throw new NullPointerException("Required argument not provided");
+ }
+
+ mNetwork = network;
return this;
}
@@ -1346,25 +599,9 @@
*
* @param proposal IKE SA proposal.
* @return Builder this, to facilitate chaining.
- * @deprecated Callers should use {@link #addIkeSaProposal(IkeSaProposal)}. This method is
- * deprecated because its name does not match the input type.
- * @hide
*/
- @Deprecated
- @SystemApi
@NonNull
public Builder addSaProposal(@NonNull IkeSaProposal proposal) {
- return addIkeSaProposal(proposal);
- }
-
- /**
- * Adds an IKE SA proposal to the {@link IkeSessionParams} being built.
- *
- * @param proposal IKE SA proposal.
- * @return Builder this, to facilitate chaining.
- */
- @NonNull
- public Builder addIkeSaProposal(@NonNull IkeSaProposal proposal) {
if (proposal == null) {
throw new NullPointerException("Required argument not provided");
}
@@ -1378,18 +615,6 @@
}
/**
- * Configures authentication for IKE Session. Internal use only.
- *
- * @hide
- */
- @NonNull
- private Builder setAuth(IkeAuthConfig local, IkeAuthConfig remote) {
- mLocalAuthConfig = local;
- mRemoteAuthConfig = remote;
- return this;
- }
-
- /**
* Configures the {@link IkeSession} to use pre-shared-key-based authentication.
*
* <p>Both client and server MUST be authenticated using the provided shared key. IKE
@@ -1404,16 +629,15 @@
* @param sharedKey the shared key.
* @return Builder this, to facilitate chaining.
*/
- // #getLocalAuthConfig and #getRemoveAuthConfig are defined to retrieve
- // authentication configurations
- @SuppressLint("MissingGetterMatchingBuilder")
@NonNull
public Builder setAuthPsk(@NonNull byte[] sharedKey) {
if (sharedKey == null) {
throw new NullPointerException("Required argument not provided");
}
- return setAuth(new IkeAuthPskConfig(sharedKey), new IkeAuthPskConfig(sharedKey));
+ mLocalAuthConfig = new IkeAuthPskConfig(sharedKey);
+ mRemoteAuthConfig = new IkeAuthPskConfig(sharedKey);
+ return this;
}
/**
@@ -1424,13 +648,13 @@
* EAP-Only authentication is enabled.
*
* <p>Callers may enable EAP-Only authentication by setting {@link
- * #IKE_OPTION_EAP_ONLY_AUTH}, which will make IKE library request the remote to use
- * EAP-Only authentication. The remote may opt to reject the request, at which point the
- * received certificates and authentication payload WILL be validated with the provided root
- * CA or system's truststore as usual. Only safe EAP methods as listed in RFC 5998 will be
+ * IKE_OPTION_EAP_ONLY_AUTH}, which will make IKE library request the remote to use EAP-Only
+ * authentication. The remote may opt to reject the request, at which point the received
+ * certificates and authentication payload WILL be validated with the provided root CA or
+ * system's truststore as usual. Only safe EAP methods as listed in RFC 5998 will be
* accepted for EAP-Only authentication.
*
- * <p>If {@link #IKE_OPTION_EAP_ONLY_AUTH} is set, callers MUST configure EAP as the
+ * <p>If {@link IKE_OPTION_EAP_ONLY_AUTH} is set, callers MUST configure EAP as the
* authentication method and all EAP methods set in EAP Session configuration MUST be safe
* methods that are accepted for EAP-Only authentication. Otherwise callers will get an
* exception when building the {@link IkeSessionParams}
@@ -1441,7 +665,7 @@
* @see <a href="https://tools.ietf.org/html/rfc5280">RFC 5280, Internet X.509 Public Key
* Infrastructure Certificate and Certificate Revocation List (CRL) Profile</a>
* @see <a href="https://tools.ietf.org/html/rfc5998">RFC 5998, An Extension for EAP-Only
- * Authentication in IKEv2</a>
+ * Authentication in IKEv2
* @param serverCaCert the CA certificate for validating the received server certificate(s).
* If a certificate is provided, it MUST be the root CA used by the server, or
* authentication will fail. If no certificate is provided, any root CA in the system's
@@ -1449,10 +673,7 @@
* @return Builder this, to facilitate chaining.
*/
// TODO(b/151667921): Consider also supporting configuring EAP method that is not accepted
- // by EAP-Only when {@link #IKE_OPTION_EAP_ONLY_AUTH} is set
- // MissingGetterMatchingBuilder: #getLocalAuthConfig and #getRemoveAuthConfig are defined to
- // retrieve authentication configurations
- @SuppressLint("MissingGetterMatchingBuilder")
+ // by EAP-Only when {@link IKE_OPTION_EAP_ONLY_AUTH} is set
@NonNull
public Builder setAuthEap(
@Nullable X509Certificate serverCaCert, @NonNull EapSessionConfig eapConfig) {
@@ -1460,9 +681,10 @@
throw new NullPointerException("Required argument not provided");
}
- return setAuth(
- new IkeAuthEapConfig(eapConfig),
- new IkeAuthDigitalSignRemoteConfig(serverCaCert));
+ mLocalAuthConfig = new IkeAuthEapConfig(eapConfig);
+ mRemoteAuthConfig = new IkeAuthDigitalSignRemoteConfig(serverCaCert);
+
+ return this;
}
/**
@@ -1485,9 +707,6 @@
* PrivateKey} MUST be an instance of {@link RSAKey}.
* @return Builder this, to facilitate chaining.
*/
- // #getLocalAuthConfig and #getRemoveAuthConfig are defined to retrieve
- // authentication configurations
- @SuppressLint("MissingGetterMatchingBuilder")
@NonNull
public Builder setAuthDigitalSignature(
@Nullable X509Certificate serverCaCert,
@@ -1522,9 +741,6 @@
* PrivateKey} MUST be an instance of {@link RSAKey}.
* @return Builder this, to facilitate chaining.
*/
- // #getLocalAuthConfig and #getRemoveAuthConfig are defined to retrieve
- // authentication configurations
- @SuppressLint("MissingGetterMatchingBuilder")
@NonNull
public Builder setAuthDigitalSignature(
@Nullable X509Certificate serverCaCert,
@@ -1541,22 +757,11 @@
throw new IllegalArgumentException("Unsupported private key type");
}
- IkeAuthConfig localConfig =
+ mLocalAuthConfig =
new IkeAuthDigitalSignLocalConfig(
clientEndCert, clientIntermediateCerts, clientPrivateKey);
- IkeAuthConfig remoteConfig = new IkeAuthDigitalSignRemoteConfig(serverCaCert);
+ mRemoteAuthConfig = new IkeAuthDigitalSignRemoteConfig(serverCaCert);
- return setAuth(localConfig, remoteConfig);
- }
-
- /**
- * Adds a configuration request. Internal use only.
- *
- * @hide
- */
- @NonNull
- private Builder addConfigRequest(IkeConfigAttribute configReq) {
- mConfigRequestList.add(configReq);
return this;
}
@@ -1566,11 +771,7 @@
*
* @param address the requested P_CSCF address.
* @return Builder this, to facilitate chaining.
- * @hide
*/
- // #getConfigurationRequests is defined to retrieve PCSCF server requests
- @SuppressLint("MissingGetterMatchingBuilder")
- @SystemApi
@NonNull
public Builder addPcscfServerRequest(@NonNull InetAddress address) {
if (address == null) {
@@ -1578,31 +779,30 @@
}
if (address instanceof Inet4Address) {
- return addConfigRequest(new ConfigAttributeIpv4Pcscf((Inet4Address) address));
+ mConfigRequestList.add(new ConfigAttributeIpv4Pcscf((Inet4Address) address));
} else if (address instanceof Inet6Address) {
- return addConfigRequest(new ConfigAttributeIpv6Pcscf((Inet6Address) address));
+ mConfigRequestList.add(new ConfigAttributeIpv6Pcscf((Inet6Address) address));
} else {
throw new IllegalArgumentException("Invalid address family");
}
+ return this;
}
/**
* Adds a internal P_CSCF server request to the {@link IkeSessionParams} being built.
*
- * @param addressFamily the address family. Only {@code AF_INET} and {@code AF_INET6} are
- * allowed.
+ * @param addressFamily the address family. Only {@link OsConstants.AF_INET} and {@link
+ * OsConstants.AF_INET6} are allowed.
* @return Builder this, to facilitate chaining.
- * @hide
*/
- // #getConfigurationRequests is defined to retrieve PCSCF server requests
- @SuppressLint("MissingGetterMatchingBuilder")
- @SystemApi
@NonNull
public Builder addPcscfServerRequest(int addressFamily) {
if (addressFamily == AF_INET) {
- return addConfigRequest(new ConfigAttributeIpv4Pcscf());
+ mConfigRequestList.add(new ConfigAttributeIpv4Pcscf());
+ return this;
} else if (addressFamily == AF_INET6) {
- return addConfigRequest(new ConfigAttributeIpv6Pcscf());
+ mConfigRequestList.add(new ConfigAttributeIpv6Pcscf());
+ return this;
} else {
throw new IllegalArgumentException("Invalid address family: " + addressFamily);
}
@@ -1621,9 +821,6 @@
* least 60 seconds (1 minute) shorter than the hard lifetime.
* @return Builder this, to facilitate chaining.
*/
- // #getHardLifetimeSeconds and #getSoftLifetimeSeconds are defined for callers to retrieve
- // the lifetimes
- @SuppressLint("MissingGetterMatchingBuilder")
@NonNull
public Builder setLifetimeSeconds(
@IntRange(from = IKE_HARD_LIFETIME_SEC_MINIMUM, to = IKE_HARD_LIFETIME_SEC_MAXIMUM)
@@ -1664,67 +861,14 @@
}
/**
- * Sets the Network Address Translation Traversal (NATT) keepalive delay in seconds.
- *
- * @param nattKeepaliveDelaySeconds number of seconds between keepalive packet
- * transmissions. Defaults to 10 seconds. MUST be a value from 10 seconds to 3600
- * seconds, inclusive.
- * @return Builder this, to facilitate chaining.
- */
- @NonNull
- public Builder setNattKeepAliveDelaySeconds(
- @IntRange(
- from = IKE_NATT_KEEPALIVE_DELAY_SEC_MIN,
- to = IKE_NATT_KEEPALIVE_DELAY_SEC_MAX)
- int nattKeepaliveDelaySeconds) {
- if (nattKeepaliveDelaySeconds < IKE_NATT_KEEPALIVE_DELAY_SEC_MIN
- || nattKeepaliveDelaySeconds > IKE_NATT_KEEPALIVE_DELAY_SEC_MAX) {
- throw new IllegalArgumentException("Invalid NATT keepalive delay value");
- }
- mNattKeepaliveDelaySec = nattKeepaliveDelaySeconds;
- return this;
- }
-
- /**
- * Sets the DSCP field of the IKE packets.
- *
- * <p>Differentiated services code point (DSCP) is a 6-bit field in the IP header that is
- * used for packet classification and prioritization. The DSCP field is encoded in the 6
- * higher order bits of the Type of Service (ToS) in IPv4 header, or the traffic class (TC)
- * field in IPv6 header.
- *
- * <p>Any 6-bit values (0 to 63) are acceptable, whether IANA-defined, or
- * implementation-specific values.
- *
- * @see <a href="https://tools.ietf.org/html/rfc2474">RFC 2474, Definition of the
- * Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers</a>
- * @see <a href="https://www.iana.org/assignments/dscp-registry/dscp-registry.xhtml">
- * Differentiated Services Field Codepoints (DSCP)</a>
- * @param dscp the dscp value. Defaults to 0.
- * @return Builder this, to facilitate chaining.
- * @hide
- */
- @SystemApi
- @NonNull
- public Builder setDscp(@IntRange(from = DSCP_MIN, to = DSCP_MAX) int dscp) {
- if (dscp < DSCP_MIN || dscp > DSCP_MAX) {
- throw new IllegalArgumentException("Invalid DSCP value");
- }
- mDscp = dscp;
- return this;
- }
-
- /**
* Sets the retransmission timeout list in milliseconds.
*
* <p>Configures the retransmission by providing an array of relative retransmission
- * timeouts in milliseconds. After sending out a request and before receiving the response,
- * the IKE Session will iterate through the array and wait for the relative timeout before
- * the next retry. If the last timeout is exceeded, the IKE Session will be terminated.
- *
- * <p>Each element in the array MUST be a value from 500 ms to 1800000 ms (30 minutes). The
- * length of the array MUST NOT exceed 10. This retransmission timeout list defaults to
- * {0.5s, 1s, 2s, 4s, 8s}
+ * timeouts in milliseconds, where each timeout is the waiting time before next retry,
+ * except the last timeout is the waiting time before terminating the IKE Session. Each
+ * element in the array MUST be a value from 500 ms to 1800000 ms (30 minutes). The length
+ * of the array MUST NOT exceed 10. This retransmission timeout list defaults to {0.5s, 1s,
+ * 2s, 4s, 8s}
*
* @param retransTimeoutMillisList the array of relative retransmission timeout in
* milliseconds.
@@ -1750,41 +894,14 @@
}
/**
- * Sets the parameters to be used for 3GPP-specific behavior during the IKE Session.
- *
- * <p>Setting the Ike3gppExtension also enables support for non-configurable payloads, such
- * as the Notify - BACKOFF_TIMER payload.
- *
- * @see 3GPP ETSI TS 24.302: Access to the 3GPP Evolved Packet Core (EPC) via non-3GPP
- * access networks
- * @param ike3gppExtension the Ike3gppExtension to use for this IKE Session.
- * @return Builder this, to facilitate chaining.
- * @hide
- */
- @SystemApi
- @NonNull
- public Builder setIke3gppExtension(@NonNull Ike3gppExtension ike3gppExtension) {
- Objects.requireNonNull(ike3gppExtension, "ike3gppExtension must not be null");
-
- mIke3gppExtension = ike3gppExtension;
- return this;
- }
-
- /**
* Sets the specified IKE Option as enabled.
*
* @param ikeOption the option to be enabled.
* @return Builder this, to facilitate chaining.
*/
- // Use #hasIkeOption instead of @getIkeOptions because #hasIkeOption allows callers to check
- // the presence of one IKE option more easily
- @SuppressLint("MissingGetterMatchingBuilder")
@NonNull
public Builder addIkeOption(@IkeOption int ikeOption) {
validateIkeOptionOrThrow(ikeOption);
- if (ikeOption == IKE_OPTION_MOBIKE && !SdkLevel.isAtLeastS()) {
- throw new UnsupportedOperationException("MOBIKE only supported for S+");
- }
mIkeOptions |= getOptionBitValue(ikeOption);
return this;
}
@@ -1795,9 +912,6 @@
* @param ikeOption the option to be disabled.
* @return Builder this, to facilitate chaining.
*/
- // Use #removeIkeOption instead of #clearIkeOption because "clear" sounds indicating
- // clearing all enabled IKE options
- @SuppressLint("BuilderSetStyle")
@NonNull
public Builder removeIkeOption(@IkeOption int ikeOption) {
validateIkeOptionOrThrow(ikeOption);
@@ -1816,17 +930,9 @@
throw new IllegalArgumentException("IKE SA proposal not found");
}
- // TODO: b/178389011 This code block should be removed when
- // IkeSessionParams#getNetwork() and #Builder(Context) can be safely removed. This block
- // makes sure if the Builder is constructed with the deprecated constructor
- // #Builder(Context), #build() still works in the same way and will throw exception when
- // there is no configured or default network.
- Network defaultOrConfiguredNetwork = mCallerConfiguredNetwork;
- if (mConnectivityManager != null && defaultOrConfiguredNetwork == null) {
- defaultOrConfiguredNetwork = mConnectivityManager.getActiveNetwork();
- if (defaultOrConfiguredNetwork == null) {
- throw new IllegalArgumentException("Network not found");
- }
+ Network network = mNetwork != null ? mNetwork : mConnectivityManager.getActiveNetwork();
+ if (network == null) {
+ throw new IllegalArgumentException("Network not found");
}
if (mServerHostname == null
@@ -1860,8 +966,7 @@
return new IkeSessionParams(
mServerHostname,
- defaultOrConfiguredNetwork,
- mCallerConfiguredNetwork,
+ network,
mSaProposalList.toArray(new IkeSaProposal[0]),
mLocalIdentification,
mRemoteIdentification,
@@ -1869,13 +974,10 @@
mRemoteAuthConfig,
mConfigRequestList.toArray(new IkeConfigAttribute[0]),
mRetransTimeoutMsList,
- mIke3gppExtension,
mIkeOptions,
mHardLifetimeSec,
mSoftLifetimeSec,
mDpdDelaySec,
- mNattKeepaliveDelaySec,
- mDscp,
mIsIkeFragmentationSupported);
}
diff --git a/src/java/android/net/ipsec/ike/IkeTrafficSelector.java b/src/java/android/net/ipsec/ike/IkeTrafficSelector.java
index c51a2d9..618b0d9 100644
--- a/src/java/android/net/ipsec/ike/IkeTrafficSelector.java
+++ b/src/java/android/net/ipsec/ike/IkeTrafficSelector.java
@@ -18,12 +18,11 @@
import android.annotation.IntDef;
import android.annotation.NonNull;
-import android.net.InetAddresses;
-import android.net.ipsec.ike.exceptions.InvalidSyntaxException;
-import android.os.PersistableBundle;
+import android.annotation.SystemApi;
import android.util.ArraySet;
import com.android.internal.annotations.VisibleForTesting;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidSyntaxException;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
@@ -45,7 +44,9 @@
*
* @see <a href="https://tools.ietf.org/html/rfc7296#section-3.13">RFC 7296, Internet Key Exchange
* Protocol Version 2 (IKEv2)</a>
+ * @hide
*/
+@SystemApi
public final class IkeTrafficSelector {
// IpProtocolId consists of standard IP Protocol IDs.
@@ -102,11 +103,6 @@
@VisibleForTesting static final int TRAFFIC_SELECTOR_IPV4_LEN = 16;
@VisibleForTesting static final int TRAFFIC_SELECTOR_IPV6_LEN = 40;
- private static final String START_PORT_KEY = "startPort";
- private static final String END_PORT_KEY = "endPort";
- private static final String START_ADDRESS_KEY = "startingAddress";
- private static final String END_ADDRESS_KEY = "endingAddress";
-
/** @hide */
public final int tsType;
/** @hide */
@@ -227,45 +223,6 @@
}
/**
- * Constructs this object by deserializing a PersistableBundle
- *
- * @hide
- */
- @NonNull
- public static IkeTrafficSelector fromPersistableBundle(@NonNull PersistableBundle in) {
- Objects.requireNonNull(in, "PersistableBundle not provided");
-
- int startPort = in.getInt(START_PORT_KEY);
- int endPort = in.getInt(END_PORT_KEY);
-
- InetAddress startingAddress =
- InetAddresses.parseNumericAddress(in.getString(START_ADDRESS_KEY));
- Objects.requireNonNull(in, "startAddress not provided");
- InetAddress endingAddress =
- InetAddresses.parseNumericAddress(in.getString(END_ADDRESS_KEY));
- Objects.requireNonNull(in, "endAddress not provided");
-
- return new IkeTrafficSelector(startPort, endPort, startingAddress, endingAddress);
- }
-
- /**
- * Serializes this object to a PersistableBundle
- *
- * @hide
- */
- @NonNull
- public PersistableBundle toPersistableBundle() {
- final PersistableBundle result = new PersistableBundle();
-
- result.putInt(START_PORT_KEY, startPort);
- result.putInt(END_PORT_KEY, endPort);
- result.putString(START_ADDRESS_KEY, startingAddress.getHostAddress());
- result.putString(END_ADDRESS_KEY, endingAddress.getHostAddress());
-
- return result;
- }
-
- /**
* Decode IkeTrafficSelectors from inbound Traffic Selector Payload.
*
* <p>This method is only called by IkeTsPayload when decoding inbound IKE message.
diff --git a/src/java/android/net/ipsec/ike/IkeTunnelConnectionParams.java b/src/java/android/net/ipsec/ike/IkeTunnelConnectionParams.java
deleted file mode 100644
index e7140ef..0000000
--- a/src/java/android/net/ipsec/ike/IkeTunnelConnectionParams.java
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net.ipsec.ike;
-
-import android.annotation.NonNull;
-
-import java.util.Objects;
-
-/**
- * IkeTunnelConnectionParams contains IKEv2 configurations to establish an IKE/IPsec tunnel.
- *
- * <p>This class containing IKEv2-specific configuration, authentication and authorization
- * parameters to establish an IKE/IPsec tunnel.
- */
-public final class IkeTunnelConnectionParams {
- private final IkeSessionParams mIkeParams;
- private final TunnelModeChildSessionParams mChildParams;
-
- /**
- * Construct an IkeTunnelConnectionParams instance.
- *
- * @param ikeParams the IKE Session configuration
- * @param childParams the Tunnel mode Child Session configuration
- */
- public IkeTunnelConnectionParams(
- @NonNull IkeSessionParams ikeParams,
- @NonNull TunnelModeChildSessionParams childParams) {
- Objects.requireNonNull(ikeParams, "ikeParams was null");
- Objects.requireNonNull(childParams, "childParams was null");
-
- mIkeParams = ikeParams;
- mChildParams = childParams;
- }
-
- /** Returns the IKE Session configuration. */
- @NonNull
- public IkeSessionParams getIkeSessionParams() {
- return mIkeParams;
- }
-
- /** Returns the Tunnel mode Child Session configuration. */
- @NonNull
- public TunnelModeChildSessionParams getTunnelModeChildSessionParams() {
- return mChildParams;
- }
-
- /** @hide */
- @Override
- public int hashCode() {
- return Objects.hash(mIkeParams, mChildParams);
- }
-
- /** @hide */
- @Override
- public boolean equals(Object o) {
- if (!(o instanceof IkeTunnelConnectionParams)) {
- return false;
- }
-
- IkeTunnelConnectionParams other = (IkeTunnelConnectionParams) o;
-
- return Objects.equals(mIkeParams, other.mIkeParams)
- && Objects.equals(mChildParams, other.mChildParams);
- }
-}
diff --git a/src/java/android/net/ipsec/ike/SaProposal.java b/src/java/android/net/ipsec/ike/SaProposal.java
index a48d855..d5eb8c8 100644
--- a/src/java/android/net/ipsec/ike/SaProposal.java
+++ b/src/java/android/net/ipsec/ike/SaProposal.java
@@ -18,7 +18,7 @@
import android.annotation.IntDef;
import android.annotation.NonNull;
-import android.os.PersistableBundle;
+import android.annotation.SystemApi;
import android.util.Pair;
import android.util.SparseArray;
@@ -28,19 +28,14 @@
import com.android.internal.net.ipsec.ike.message.IkeSaPayload.IntegrityTransform;
import com.android.internal.net.ipsec.ike.message.IkeSaPayload.PrfTransform;
import com.android.internal.net.ipsec.ike.message.IkeSaPayload.Transform;
-import com.android.modules.utils.build.SdkLevel;
-import com.android.server.vcn.util.PersistableBundleUtils;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.util.ArrayList;
import java.util.Arrays;
-import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
-import java.util.Objects;
-import java.util.Set;
/**
* SaProposal represents a proposed configuration to negotiate an IKE or Child SA.
@@ -52,18 +47,18 @@
*
* @see <a href="https://tools.ietf.org/html/rfc7296#section-3.3">RFC 7296, Internet Key Exchange
* Protocol Version 2 (IKEv2)</a>
+ * @hide
*/
+@SystemApi
public abstract class SaProposal {
/** @hide */
@Retention(RetentionPolicy.SOURCE)
@IntDef({
ENCRYPTION_ALGORITHM_3DES,
ENCRYPTION_ALGORITHM_AES_CBC,
- ENCRYPTION_ALGORITHM_AES_CTR,
ENCRYPTION_ALGORITHM_AES_GCM_8,
ENCRYPTION_ALGORITHM_AES_GCM_12,
- ENCRYPTION_ALGORITHM_AES_GCM_16,
- ENCRYPTION_ALGORITHM_CHACHA20_POLY1305
+ ENCRYPTION_ALGORITHM_AES_GCM_16
})
public @interface EncryptionAlgorithm {}
@@ -71,8 +66,6 @@
public static final int ENCRYPTION_ALGORITHM_3DES = 3;
/** AES-CBC Encryption/Ciphering Algorithm. */
public static final int ENCRYPTION_ALGORITHM_AES_CBC = 12;
- /** AES-CTR Encryption/Ciphering Algorithm. */
- public static final int ENCRYPTION_ALGORITHM_AES_CTR = 13;
/**
* AES-GCM Authentication/Integrity + Encryption/Ciphering Algorithm with 8-octet ICV
* (truncation).
@@ -88,32 +81,23 @@
* (truncation).
*/
public static final int ENCRYPTION_ALGORITHM_AES_GCM_16 = 20;
- /**
- * ChaCha20-Poly1305 Authentication/Integrity + Encryption/Ciphering Algorithm with 16-octet ICV
- * (truncation).
- */
- public static final int ENCRYPTION_ALGORITHM_CHACHA20_POLY1305 = 28;
- /** @hide */
- protected static final SparseArray<String> SUPPORTED_ENCRYPTION_ALGO_TO_STR;
+ private static final SparseArray<String> SUPPORTED_ENCRYPTION_ALGO_TO_STR;
static {
SUPPORTED_ENCRYPTION_ALGO_TO_STR = new SparseArray<>();
SUPPORTED_ENCRYPTION_ALGO_TO_STR.put(ENCRYPTION_ALGORITHM_3DES, "ENCR_3DES");
SUPPORTED_ENCRYPTION_ALGO_TO_STR.put(ENCRYPTION_ALGORITHM_AES_CBC, "ENCR_AES_CBC");
- SUPPORTED_ENCRYPTION_ALGO_TO_STR.put(ENCRYPTION_ALGORITHM_AES_CTR, "ENCR_AES_CTR");
SUPPORTED_ENCRYPTION_ALGO_TO_STR.put(ENCRYPTION_ALGORITHM_AES_GCM_8, "ENCR_AES_GCM_8");
SUPPORTED_ENCRYPTION_ALGO_TO_STR.put(ENCRYPTION_ALGORITHM_AES_GCM_12, "ENCR_AES_GCM_12");
SUPPORTED_ENCRYPTION_ALGO_TO_STR.put(ENCRYPTION_ALGORITHM_AES_GCM_16, "ENCR_AES_GCM_16");
- SUPPORTED_ENCRYPTION_ALGO_TO_STR.put(
- ENCRYPTION_ALGORITHM_CHACHA20_POLY1305, "ENCR_CHACHA20_POLY1305");
}
/**
* Key length unused.
*
* <p>This value should only be used with the Encryption/Ciphering Algorithm that accepts a
- * fixed key size such as {@link #ENCRYPTION_ALGORITHM_3DES}.
+ * fixed key size such as {@link ENCRYPTION_ALGORITHM_3DES}.
*/
public static final int KEY_LEN_UNUSED = 0;
/** AES Encryption/Ciphering Algorithm key length 128 bits. */
@@ -130,8 +114,7 @@
PSEUDORANDOM_FUNCTION_AES128_XCBC,
PSEUDORANDOM_FUNCTION_SHA2_256,
PSEUDORANDOM_FUNCTION_SHA2_384,
- PSEUDORANDOM_FUNCTION_SHA2_512,
- PSEUDORANDOM_FUNCTION_AES128_CMAC
+ PSEUDORANDOM_FUNCTION_SHA2_512
})
public @interface PseudorandomFunction {}
@@ -145,11 +128,8 @@
public static final int PSEUDORANDOM_FUNCTION_SHA2_384 = 6;
/** HMAC-SHA2-384 Pseudorandom Function. */
public static final int PSEUDORANDOM_FUNCTION_SHA2_512 = 7;
- /** AES128-CMAC Pseudorandom Function. */
- public static final int PSEUDORANDOM_FUNCTION_AES128_CMAC = 8;
- /** @hide */
- protected static final SparseArray<String> SUPPORTED_PRF_TO_STR;
+ private static final SparseArray<String> SUPPORTED_PRF_TO_STR;
static {
SUPPORTED_PRF_TO_STR = new SparseArray<>();
@@ -158,7 +138,6 @@
SUPPORTED_PRF_TO_STR.put(PSEUDORANDOM_FUNCTION_SHA2_256, "PRF_HMAC2_256");
SUPPORTED_PRF_TO_STR.put(PSEUDORANDOM_FUNCTION_SHA2_384, "PRF_HMAC2_384");
SUPPORTED_PRF_TO_STR.put(PSEUDORANDOM_FUNCTION_SHA2_512, "PRF_HMAC2_512");
- SUPPORTED_PRF_TO_STR.put(PSEUDORANDOM_FUNCTION_AES128_CMAC, "PRF_AES128_CMAC");
}
/** @hide */
@@ -167,7 +146,6 @@
INTEGRITY_ALGORITHM_NONE,
INTEGRITY_ALGORITHM_HMAC_SHA1_96,
INTEGRITY_ALGORITHM_AES_XCBC_96,
- INTEGRITY_ALGORITHM_AES_CMAC_96,
INTEGRITY_ALGORITHM_HMAC_SHA2_256_128,
INTEGRITY_ALGORITHM_HMAC_SHA2_384_192,
INTEGRITY_ALGORITHM_HMAC_SHA2_512_256
@@ -180,8 +158,6 @@
public static final int INTEGRITY_ALGORITHM_HMAC_SHA1_96 = 2;
/** AES-XCBC-96 Authentication/Integrity Algorithm. */
public static final int INTEGRITY_ALGORITHM_AES_XCBC_96 = 5;
- /** AES-CMAC-96 Authentication/Integrity Algorithm. */
- public static final int INTEGRITY_ALGORITHM_AES_CMAC_96 = 8;
/** HMAC-SHA256 Authentication/Integrity Algorithm with 128-bit truncation. */
public static final int INTEGRITY_ALGORITHM_HMAC_SHA2_256_128 = 12;
/** HMAC-SHA384 Authentication/Integrity Algorithm with 192-bit truncation. */
@@ -189,15 +165,13 @@
/** HMAC-SHA512 Authentication/Integrity Algorithm with 256-bit truncation. */
public static final int INTEGRITY_ALGORITHM_HMAC_SHA2_512_256 = 14;
- /** @hide */
- protected static final SparseArray<String> SUPPORTED_INTEGRITY_ALGO_TO_STR;
+ private static final SparseArray<String> SUPPORTED_INTEGRITY_ALGO_TO_STR;
static {
SUPPORTED_INTEGRITY_ALGO_TO_STR = new SparseArray<>();
SUPPORTED_INTEGRITY_ALGO_TO_STR.put(INTEGRITY_ALGORITHM_NONE, "AUTH_NONE");
SUPPORTED_INTEGRITY_ALGO_TO_STR.put(INTEGRITY_ALGORITHM_HMAC_SHA1_96, "AUTH_HMAC_SHA1_96");
SUPPORTED_INTEGRITY_ALGO_TO_STR.put(INTEGRITY_ALGORITHM_AES_XCBC_96, "AUTH_AES_XCBC_96");
- SUPPORTED_INTEGRITY_ALGO_TO_STR.put(INTEGRITY_ALGORITHM_AES_CMAC_96, "AUTH_AES_CMAC_96");
SUPPORTED_INTEGRITY_ALGO_TO_STR.put(
INTEGRITY_ALGORITHM_HMAC_SHA2_256_128, "AUTH_HMAC_SHA2_256_128");
SUPPORTED_INTEGRITY_ALGO_TO_STR.put(
@@ -208,31 +182,19 @@
/** @hide */
@Retention(RetentionPolicy.SOURCE)
- @IntDef({
- DH_GROUP_NONE,
- DH_GROUP_1024_BIT_MODP,
- DH_GROUP_1536_BIT_MODP,
- DH_GROUP_2048_BIT_MODP,
- DH_GROUP_3072_BIT_MODP,
- DH_GROUP_4096_BIT_MODP,
- DH_GROUP_CURVE_25519
- })
+ @IntDef({DH_GROUP_NONE, DH_GROUP_1024_BIT_MODP, DH_GROUP_2048_BIT_MODP})
public @interface DhGroup {}
/** None Diffie-Hellman Group. */
public static final int DH_GROUP_NONE = 0;
/** 1024-bit MODP Diffie-Hellman Group. */
public static final int DH_GROUP_1024_BIT_MODP = 2;
- /** 1536-bit MODP Diffie-Hellman Group. */
- public static final int DH_GROUP_1536_BIT_MODP = 5;
/** 2048-bit MODP Diffie-Hellman Group. */
public static final int DH_GROUP_2048_BIT_MODP = 14;
- /** 3072-bit MODP Diffie-Hellman Group. */
+ /** 3072-bit MODP Diffie-Hellman Group. @hide */
public static final int DH_GROUP_3072_BIT_MODP = 15;
- /** 4096-bit MODP Diffie-Hellman Group. */
+ /** 4096-bit MODP Diffie-Hellman Group. @hide */
public static final int DH_GROUP_4096_BIT_MODP = 16;
- /** Elliptic Curve Diffie-Hellman 25519. */
- public static final int DH_GROUP_CURVE_25519 = 31;
private static final SparseArray<String> SUPPORTED_DH_GROUP_TO_STR;
@@ -240,21 +202,11 @@
SUPPORTED_DH_GROUP_TO_STR = new SparseArray<>();
SUPPORTED_DH_GROUP_TO_STR.put(DH_GROUP_NONE, "DH_NONE");
SUPPORTED_DH_GROUP_TO_STR.put(DH_GROUP_1024_BIT_MODP, "DH_1024_BIT_MODP");
- SUPPORTED_DH_GROUP_TO_STR.put(DH_GROUP_1536_BIT_MODP, "DH_1536_BIT_MODP");
SUPPORTED_DH_GROUP_TO_STR.put(DH_GROUP_2048_BIT_MODP, "DH_2048_BIT_MODP");
SUPPORTED_DH_GROUP_TO_STR.put(DH_GROUP_3072_BIT_MODP, "DH_3072_BIT_MODP");
SUPPORTED_DH_GROUP_TO_STR.put(DH_GROUP_4096_BIT_MODP, "DH_4096_BIT_MODP");
- SUPPORTED_DH_GROUP_TO_STR.put(DH_GROUP_CURVE_25519, "DH_GROUP_CURVE_25519");
}
- private static final String PROTOCOL_ID_KEY = "mProtocolId";
- /** @hide */
- protected static final String ENCRYPT_ALGO_KEY = "mEncryptionAlgorithms";
- /** @hide */
- protected static final String INTEGRITY_ALGO_KEY = "mIntegrityAlgorithms";
- /** @hide */
- protected static final String DH_GROUP_KEY = "mDhGroups";
-
@IkePayload.ProtocolId private final int mProtocolId;
private final EncryptionTransform[] mEncryptionAlgorithms;
private final IntegrityTransform[] mIntegrityAlgorithms;
@@ -273,52 +225,6 @@
}
/**
- * Constructs this object by deserializing a PersistableBundle
- *
- * @hide
- */
- @NonNull
- public static SaProposal fromPersistableBundle(@NonNull PersistableBundle in) {
- Objects.requireNonNull(in, "PersistableBundle is null");
-
- int protocolId = in.getInt(PROTOCOL_ID_KEY);
- switch (protocolId) {
- case IkePayload.PROTOCOL_ID_IKE:
- return IkeSaProposal.fromPersistableBundle(in);
- case IkePayload.PROTOCOL_ID_ESP:
- return ChildSaProposal.fromPersistableBundle(in);
- default:
- throw new IllegalArgumentException("Invalid protocol ID " + protocolId);
- }
- }
-
- /**
- * Serializes this object to a PersistableBundle
- *
- * @hide
- */
- @NonNull
- public PersistableBundle toPersistableBundle() {
- final PersistableBundle result = new PersistableBundle();
-
- result.putInt(PROTOCOL_ID_KEY, mProtocolId);
-
- PersistableBundle encryptionBundle =
- PersistableBundleUtils.fromList(
- Arrays.asList(mEncryptionAlgorithms),
- EncryptionTransform::toPersistableBundle);
- result.putPersistableBundle(ENCRYPT_ALGO_KEY, encryptionBundle);
-
- int[] integrityAlgoIdArray = getIntegrityAlgorithms().stream().mapToInt(i -> i).toArray();
- result.putIntArray(INTEGRITY_ALGO_KEY, integrityAlgoIdArray);
-
- int[] dhGroupArray = getDhGroups().stream().mapToInt(i -> i).toArray();
- result.putIntArray(DH_GROUP_KEY, dhGroupArray);
-
- return result;
- }
-
- /**
* Check if the current SaProposal from the SA responder is consistent with the selected
* reqProposal from the SA initiator.
*
@@ -505,16 +411,12 @@
case ENCRYPTION_ALGORITHM_3DES:
// Fall through
case ENCRYPTION_ALGORITHM_AES_CBC:
- // Fall through
- case ENCRYPTION_ALGORITHM_AES_CTR:
return false;
case ENCRYPTION_ALGORITHM_AES_GCM_8:
// Fall through
case ENCRYPTION_ALGORITHM_AES_GCM_12:
// Fall through
case ENCRYPTION_ALGORITHM_AES_GCM_16:
- // Fall through
- case ENCRYPTION_ALGORITHM_CHACHA20_POLY1305:
return true;
default:
// Won't hit here.
@@ -533,18 +435,11 @@
}
protected void validateAndAddEncryptAlgo(
- @EncryptionAlgorithm int algorithm, int keyLength, boolean isChild) {
+ @EncryptionAlgorithm int algorithm, int keyLength) {
// Construct EncryptionTransform and validate proposed algorithm during
// construction.
EncryptionTransform encryptionTransform = new EncryptionTransform(algorithm, keyLength);
- // For Child SA algorithm, check if that is supported by IPsec
- if (SdkLevel.isAtLeastS()
- && isChild
- && !ChildSaProposal.getSupportedEncryptionAlgorithms().contains(algorithm)) {
- throw new IllegalArgumentException("Unsupported encryption algorithm " + algorithm);
- }
-
// Validate that only one mode encryption algorithm has been proposed.
boolean isCurrentAead = isAead(algorithm);
if (!mProposedEncryptAlgos.isEmpty() && (mHasAead ^ isCurrentAead)) {
@@ -558,15 +453,7 @@
mProposedEncryptAlgos.add(encryptionTransform);
}
- protected void validateAndAddIntegrityAlgo(
- @IntegrityAlgorithm int algorithm, boolean isChild) {
- // For Child SA algorithm, check if that is supported by IPsec
- if (SdkLevel.isAtLeastS()
- && isChild
- && !ChildSaProposal.getSupportedIntegrityAlgorithms().contains(algorithm)) {
- throw new IllegalArgumentException("Unsupported integrity algorithm " + algorithm);
- }
-
+ protected void addIntegrityAlgo(@IntegrityAlgorithm int algorithm) {
// Construct IntegrityTransform and validate proposed algorithm during
// construction.
mProposedIntegrityAlgos.add(new IntegrityTransform(algorithm));
@@ -596,51 +483,48 @@
return sb.toString();
}
- @Override
- public int hashCode() {
- return Objects.hash(
- mProtocolId,
- Arrays.hashCode(mEncryptionAlgorithms),
- Arrays.hashCode(mIntegrityAlgorithms),
- Arrays.hashCode(mDhGroups));
+ /**
+ * Check if the provided algorithm is a supported encryption algorithm.
+ *
+ * @param algorithm IKE standard encryption algorithm id.
+ * @return true if the provided algorithm is a supported encryption algorithm.
+ * @hide
+ */
+ public static boolean isSupportedEncryptionAlgorithm(@EncryptionAlgorithm int algorithm) {
+ return SUPPORTED_ENCRYPTION_ALGO_TO_STR.get(algorithm) != null;
}
- @Override
- public boolean equals(Object o) {
- if (!(o instanceof SaProposal)) {
- return false;
- }
-
- SaProposal other = (SaProposal) o;
-
- return mProtocolId == other.mProtocolId
- && Arrays.equals(mEncryptionAlgorithms, other.mEncryptionAlgorithms)
- && Arrays.equals(mIntegrityAlgorithms, other.mIntegrityAlgorithms)
- && Arrays.equals(mDhGroups, other.mDhGroups);
+ /**
+ * Check if the provided algorithm is a supported pseudorandom function.
+ *
+ * @param algorithm IKE standard pseudorandom function id.
+ * @return true if the provided algorithm is a supported pseudorandom function.
+ * @hide
+ */
+ public static boolean isSupportedPseudorandomFunction(@PseudorandomFunction int algorithm) {
+ return SUPPORTED_PRF_TO_STR.get(algorithm) != null;
}
- /** @hide */
- protected static Set<Integer> getKeySet(SparseArray array) {
- Set<Integer> result = new HashSet<>();
- for (int i = 0; i < array.size(); i++) {
- result.add(array.keyAt(i));
- }
-
- return result;
+ /**
+ * Check if the provided algorithm is a supported integrity algorithm.
+ *
+ * @param algorithm IKE standard integrity algorithm id.
+ * @return true if the provided algorithm is a supported integrity algorithm.
+ * @hide
+ */
+ public static boolean isSupportedIntegrityAlgorithm(@IntegrityAlgorithm int algorithm) {
+ return SUPPORTED_INTEGRITY_ALGO_TO_STR.get(algorithm) != null;
}
- /** Returns supported DH groups for IKE and Child SA proposal negotiation. */
- @NonNull
- public static Set<Integer> getSupportedDhGroups() {
- final Set<Integer> supportedSet = new HashSet<>();
- for (int dh : getKeySet(SUPPORTED_DH_GROUP_TO_STR)) {
- if (dh == DH_GROUP_CURVE_25519 && !SdkLevel.isAtLeastS()) {
- continue;
- } else {
- supportedSet.add(dh);
- }
- }
- return supportedSet;
+ /**
+ * Check if the provided group number is for a supported Diffie-Hellman Group.
+ *
+ * @param dhGroup IKE standard DH Group id.
+ * @return true if the provided number is for a supported Diffie-Hellman Group.
+ * @hide
+ */
+ public static boolean isSupportedDhGroup(@DhGroup int dhGroup) {
+ return SUPPORTED_DH_GROUP_TO_STR.get(dhGroup) != null;
}
/**
@@ -649,7 +533,7 @@
* @hide
*/
public static String getEncryptionAlgorithmString(int algorithm) {
- if (SUPPORTED_ENCRYPTION_ALGO_TO_STR.contains(algorithm)) {
+ if (isSupportedEncryptionAlgorithm(algorithm)) {
return SUPPORTED_ENCRYPTION_ALGO_TO_STR.get(algorithm);
}
return "ENC_Unknown_" + algorithm;
@@ -661,7 +545,7 @@
* @hide
*/
public static String getPseudorandomFunctionString(int algorithm) {
- if (SUPPORTED_PRF_TO_STR.contains(algorithm)) {
+ if (isSupportedPseudorandomFunction(algorithm)) {
return SUPPORTED_PRF_TO_STR.get(algorithm);
}
return "PRF_Unknown_" + algorithm;
@@ -673,7 +557,7 @@
* @hide
*/
public static String getIntegrityAlgorithmString(int algorithm) {
- if (SUPPORTED_INTEGRITY_ALGO_TO_STR.contains(algorithm)) {
+ if (isSupportedIntegrityAlgorithm(algorithm)) {
return SUPPORTED_INTEGRITY_ALGO_TO_STR.get(algorithm);
}
return "AUTH_Unknown_" + algorithm;
@@ -685,7 +569,7 @@
* @hide
*/
public static String getDhGroupString(int dhGroup) {
- if (SUPPORTED_DH_GROUP_TO_STR.contains(dhGroup)) {
+ if (isSupportedDhGroup(dhGroup)) {
return SUPPORTED_DH_GROUP_TO_STR.get(dhGroup);
}
return "DH_Unknown_" + dhGroup;
diff --git a/src/java/android/net/ipsec/ike/TransportModeChildSessionParams.java b/src/java/android/net/ipsec/ike/TransportModeChildSessionParams.java
index 164795a..9d810a3 100644
--- a/src/java/android/net/ipsec/ike/TransportModeChildSessionParams.java
+++ b/src/java/android/net/ipsec/ike/TransportModeChildSessionParams.java
@@ -18,16 +18,17 @@
import android.annotation.IntRange;
import android.annotation.NonNull;
-import android.annotation.SuppressLint;
import android.annotation.SystemApi;
-import android.os.PersistableBundle;
import java.util.Objects;
/**
* TransportModeChildSessionParams represents proposed configurations for negotiating a transport
* mode Child Session.
+ *
+ * @hide
*/
+@SystemApi
public final class TransportModeChildSessionParams extends ChildSessionParams {
private TransportModeChildSessionParams(
IkeTrafficSelector[] inboundTs,
@@ -45,40 +46,6 @@
}
/**
- * Constructs this object by deserializing a PersistableBundle *
- *
- * <p>Constructed TransportModeChildSessionParams is guaranteed to be valid, as checked by the
- * TransportModeChildSessionParams.Builder
- *
- * @hide
- */
- @NonNull
- public static TransportModeChildSessionParams fromPersistableBundle(
- @NonNull PersistableBundle in) {
- Objects.requireNonNull(in, "PersistableBundle not provided");
-
- TransportModeChildSessionParams.Builder builder =
- new TransportModeChildSessionParams.Builder();
-
- for (ChildSaProposal p : getProposalsFromPersistableBundle(in)) {
- builder.addSaProposal(p);
- }
-
- for (IkeTrafficSelector ts : getTsFromPersistableBundle(in, INBOUND_TS_KEY)) {
- builder.addInboundTrafficSelectors(ts);
- }
-
- for (IkeTrafficSelector ts : getTsFromPersistableBundle(in, OUTBOUND_TS_KEY)) {
- builder.addOutboundTrafficSelectors(ts);
- }
-
- builder.setLifetimeSeconds(
- in.getInt(HARD_LIFETIME_SEC_KEY), in.getInt(SOFT_LIFETIME_SEC_KEY));
-
- return builder.build();
- }
-
- /**
* This class can be used to incrementally construct a {@link TransportModeChildSessionParams}.
*/
public static final class Builder extends ChildSessionParams.Builder {
@@ -88,46 +55,13 @@
}
/**
- * Construct Builder from the {@link TransportModeChildSessionParams} object.
- *
- * @param childParams the object this Builder will be constructed with.
- */
- public Builder(@NonNull TransportModeChildSessionParams childParams) {
- super(childParams);
- }
-
- /**
* Adds a Child SA proposal to the {@link TransportModeChildSessionParams} being built.
*
* @param proposal Child SA proposal.
* @return Builder this, to facilitate chaining.
- * @deprecated Callers should use {@link #addChildSaProposal(ChildSaProposal)}. This method
- * is deprecated because its name does not match the input type.
- * @hide
*/
- // The matching getter is defined in the super class. Please see
- // {@link ChildSessionParams#getSaProposals}
- @SuppressLint("MissingGetterMatchingBuilder")
- @Deprecated
- @SystemApi
@NonNull
public Builder addSaProposal(@NonNull ChildSaProposal proposal) {
- return addChildSaProposal(proposal);
- }
-
- /**
- * Adds a Child SA proposal to the {@link TransportModeChildSessionParams} being built.
- *
- * @param proposal Child SA proposal.
- * @return Builder this, to facilitate chaining.
- */
- // The matching getter is defined in the super class. Please see
- // {@link ChildSessionParams#getSaProposals}
- @SuppressLint("MissingGetterMatchingBuilder")
- @NonNull
- public Builder addChildSaProposal(@NonNull ChildSaProposal proposal) {
- Objects.requireNonNull(proposal, "Required argument not provided");
-
addProposal(proposal);
return this;
}
@@ -146,9 +80,6 @@
* @param trafficSelector the inbound {@link IkeTrafficSelector}.
* @return Builder this, to facilitate chaining.
*/
- // The matching getter is defined in the super class. Please see {@link
- // ChildSessionParams#getInboundTrafficSelectors}
- @SuppressLint("MissingGetterMatchingBuilder")
@NonNull
public Builder addInboundTrafficSelectors(@NonNull IkeTrafficSelector trafficSelector) {
Objects.requireNonNull(trafficSelector, "Required argument not provided");
@@ -170,9 +101,6 @@
* @param trafficSelector the outbound {@link IkeTrafficSelector}.
* @return Builder this, to facilitate chaining.
*/
- // The matching getter is defined in the super class. Please see {@link
- // ChildSessionParams#getOutboundTrafficSelectors}
- @SuppressLint("MissingGetterMatchingBuilder")
@NonNull
public Builder addOutboundTrafficSelectors(@NonNull IkeTrafficSelector trafficSelector) {
Objects.requireNonNull(trafficSelector, "Required argument not provided");
@@ -193,10 +121,6 @@
* Defaults to 3600 seconds (1 hour). MUST be at least 120 seconds (2 minutes), and at
* least 60 seconds (1 minute) shorter than the hard lifetime.
*/
- // The matching getters are defined in the super class. Please see {@link
- // ChildSessionParams#getHardLifetimeSeconds and {@link
- // ChildSessionParams#getSoftLifetimeSeconds}
- @SuppressLint("MissingGetterMatchingBuilder")
@NonNull
public Builder setLifetimeSeconds(
@IntRange(
diff --git a/src/java/android/net/ipsec/ike/TunnelModeChildSessionParams.java b/src/java/android/net/ipsec/ike/TunnelModeChildSessionParams.java
index 5cf2b40..c8d31f6 100644
--- a/src/java/android/net/ipsec/ike/TunnelModeChildSessionParams.java
+++ b/src/java/android/net/ipsec/ike/TunnelModeChildSessionParams.java
@@ -22,12 +22,9 @@
import android.annotation.IntRange;
import android.annotation.NonNull;
import android.annotation.Nullable;
-import android.annotation.SuppressLint;
import android.annotation.SystemApi;
import android.net.LinkAddress;
-import android.os.PersistableBundle;
-import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttribute;
import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv4Address;
import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv4Dhcp;
import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv4Dns;
@@ -35,25 +32,24 @@
import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv6Address;
import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv6Dns;
import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.TunnelModeChildConfigAttribute;
-import com.android.server.vcn.util.PersistableBundleUtils;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
-import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
+import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
/**
* TunnelModeChildSessionParams represents proposed configurations for negotiating a tunnel mode
* Child Session.
+ *
+ * @hide
*/
+@SystemApi
public final class TunnelModeChildSessionParams extends ChildSessionParams {
- /** @hide */
- private static final String CONFIG_ATTRIBUTES_KEY = "mConfigRequests";
-
@NonNull private final TunnelModeChildConfigAttribute[] mConfigRequests;
private TunnelModeChildSessionParams(
@@ -73,67 +69,6 @@
mConfigRequests = configRequests;
}
- /**
- * Constructs this object by deserializing a PersistableBundle
- *
- * <p>Constructed TunnelModeChildSessionParams is guaranteed to be valid, as checked by the
- * TunnelModeChildSessionParams.Builder
- *
- * @hide
- */
- @NonNull
- public static TunnelModeChildSessionParams fromPersistableBundle(
- @NonNull PersistableBundle in) {
- Objects.requireNonNull(in, "PersistableBundle not provided");
-
- TunnelModeChildSessionParams.Builder builder = new TunnelModeChildSessionParams.Builder();
-
- for (ChildSaProposal p : getProposalsFromPersistableBundle(in)) {
- builder.addSaProposal(p);
- }
-
- for (IkeTrafficSelector ts : getTsFromPersistableBundle(in, INBOUND_TS_KEY)) {
- builder.addInboundTrafficSelectors(ts);
- }
-
- for (IkeTrafficSelector ts : getTsFromPersistableBundle(in, OUTBOUND_TS_KEY)) {
- builder.addOutboundTrafficSelectors(ts);
- }
-
- builder.setLifetimeSeconds(
- in.getInt(HARD_LIFETIME_SEC_KEY), in.getInt(SOFT_LIFETIME_SEC_KEY));
-
- PersistableBundle configAttributeBundle = in.getPersistableBundle(CONFIG_ATTRIBUTES_KEY);
- List<ConfigAttribute> configReqList =
- PersistableBundleUtils.toList(
- configAttributeBundle, ConfigAttribute::fromPersistableBundle);
-
- for (ConfigAttribute a : configReqList) {
- builder.addConfigRequest((TunnelModeChildConfigAttribute) a);
- }
-
- return builder.build();
- }
-
- /**
- * Serializes this object to a PersistableBundle
- *
- * @hide
- */
- @Override
- @NonNull
- public PersistableBundle toPersistableBundle() {
- final PersistableBundle result = super.toPersistableBundle();
-
- PersistableBundle configAttributeBundle =
- PersistableBundleUtils.fromList(
- Arrays.asList(mConfigRequests),
- TunnelModeChildConfigAttribute::toPersistableBundle);
- result.putPersistableBundle(CONFIG_ATTRIBUTES_KEY, configAttributeBundle);
-
- return result;
- }
-
/** @hide */
public TunnelModeChildConfigAttribute[] getConfigurationAttributesInternal() {
return mConfigRequests;
@@ -189,52 +124,18 @@
/** Represents an IPv6 DNS Server request */
public interface ConfigRequestIpv6DnsServer extends TunnelModeChildConfigRequest {}
- @Override
- public int hashCode() {
- return Objects.hash(super.hashCode(), Arrays.hashCode(mConfigRequests));
- }
-
- @Override
- public boolean equals(Object o) {
- if (!super.equals(o) || !(o instanceof ChildSessionParams)) {
- return false;
- }
-
- TunnelModeChildSessionParams other = (TunnelModeChildSessionParams) o;
-
- return Arrays.equals(mConfigRequests, other.mConfigRequests);
- }
-
/** This class can be used to incrementally construct a {@link TunnelModeChildSessionParams}. */
public static final class Builder extends ChildSessionParams.Builder {
private static final int IPv4_DEFAULT_PREFIX_LEN = 32;
private boolean mHasIp4AddressRequest;
- private boolean mHasIp4NetmaskRequest;
- private List<TunnelModeChildConfigAttribute> mConfigRequestList = new ArrayList<>();
+ private List<TunnelModeChildConfigAttribute> mConfigRequestList;
- /** Create a Builder for negotiating a tunnel mode Child Session. */
+ /** Create a Builder for negotiating a transport mode Child Session. */
public Builder() {
super();
mHasIp4AddressRequest = false;
- mHasIp4NetmaskRequest = false;
- }
-
- /**
- * Construct Builder from the {@link TunnelModeChildSessionParams} object.
- *
- * @param childParams the object this Builder will be constructed with.
- */
- public Builder(@NonNull TunnelModeChildSessionParams childParams) {
- super(childParams);
- mConfigRequestList.addAll(Arrays.asList(childParams.mConfigRequests));
- for (TunnelModeChildConfigAttribute config : mConfigRequestList) {
- if (config instanceof ConfigAttributeIpv4Address) {
- mHasIp4AddressRequest = true;
- } else if (config instanceof ConfigAttributeIpv4Netmask) {
- mHasIp4NetmaskRequest = true;
- }
- }
+ mConfigRequestList = new LinkedList<>();
}
/**
@@ -242,31 +143,9 @@
*
* @param proposal Child SA proposal.
* @return Builder this, to facilitate chaining.
- * @deprecated Callers should use {@link #addChildSaProposal(ChildSaProposal)}. This method
- * is deprecated because its name does not match the input type.
- * @hide
*/
- // The matching getter is defined in the super class. Please see
- // {@link ChildSessionParams#getSaProposals}
- @SuppressLint("MissingGetterMatchingBuilder")
- @Deprecated
- @SystemApi
@NonNull
public Builder addSaProposal(@NonNull ChildSaProposal proposal) {
- return addChildSaProposal(proposal);
- }
-
- /**
- * Adds an Child SA proposal to the {@link TunnelModeChildSessionParams} being built.
- *
- * @param proposal Child SA proposal.
- * @return Builder this, to facilitate chaining.
- */
- // The matching getter is defined in the super class. Please see
- // {@link ChildSessionParams#getChildSaProposals}
- @SuppressLint("MissingGetterMatchingBuilder")
- @NonNull
- public Builder addChildSaProposal(@NonNull ChildSaProposal proposal) {
if (proposal == null) {
throw new NullPointerException("Required argument not provided");
}
@@ -289,9 +168,6 @@
* @param trafficSelector the inbound {@link IkeTrafficSelector}.
* @return Builder this, to facilitate chaining.
*/
- // The matching getter is defined in the super class. Please see {@link
- // ChildSessionParams#getInboundTrafficSelectors}
- @SuppressLint("MissingGetterMatchingBuilder")
@NonNull
public Builder addInboundTrafficSelectors(@NonNull IkeTrafficSelector trafficSelector) {
Objects.requireNonNull(trafficSelector, "Required argument not provided");
@@ -313,9 +189,6 @@
* @param trafficSelector the outbound {@link IkeTrafficSelector}.
* @return Builder this, to facilitate chaining.
*/
- // The matching getter is defined in the super class. Please see {@link
- // ChildSessionParams#getOutboundTrafficSelectors}
- @SuppressLint("MissingGetterMatchingBuilder")
@NonNull
public Builder addOutboundTrafficSelectors(@NonNull IkeTrafficSelector trafficSelector) {
Objects.requireNonNull(trafficSelector, "Required argument not provided");
@@ -336,10 +209,6 @@
* Defaults to 3600 seconds (1 hour). MUST be at least 120 seconds (2 minutes), and at
* least 60 seconds (1 minute) shorter than the hard lifetime.
*/
- // The matching getters are defined in the super class. Please see {@link
- // ChildSessionParams#getHardLifetimeSeconds and {@link
- // ChildSessionParams#getSoftLifetimeSeconds}
- @SuppressLint("MissingGetterMatchingBuilder")
@NonNull
public Builder setLifetimeSeconds(
@IntRange(
@@ -360,13 +229,10 @@
* Adds an internal IP address request to the {@link TunnelModeChildSessionParams} being
* built.
*
- * @param addressFamily the address family. Only {@code AF_INET} and {@code AF_INET6} are
- * allowed
+ * @param addressFamily the address family. Only {@link OsConstants.AF_INET} and {@link
+ * OsConstants.AF_INET6} are allowed.
* @return Builder this, to facilitate chaining.
*/
- // #getConfigurationRequests has been defined for callers to retrieve internal address
- // requests
- @SuppressLint("MissingGetterMatchingBuilder")
@NonNull
public Builder addInternalAddressRequest(int addressFamily) {
if (addressFamily == AF_INET) {
@@ -388,9 +254,6 @@
* @param address the requested IPv4 address.
* @return Builder this, to facilitate chaining.
*/
- // #getConfigurationRequests has been defined for callers to retrieve internal address
- // requests
- @SuppressLint("MissingGetterMatchingBuilder")
@NonNull
public Builder addInternalAddressRequest(@NonNull Inet4Address address) {
if (address == null) {
@@ -410,9 +273,6 @@
* @param prefixLen length of the IPv6 address prefix length.
* @return Builder this, to facilitate chaining.
*/
- // #getConfigurationRequests has been defined for callers to retrieve internal address
- // requests
- @SuppressLint("MissingGetterMatchingBuilder")
@NonNull
public Builder addInternalAddressRequest(@NonNull Inet6Address address, int prefixLen) {
if (address == null) {
@@ -428,13 +288,10 @@
* Adds an internal DNS server request to the {@link TunnelModeChildSessionParams} being
* built.
*
- * @param addressFamily the address family. Only {@code AF_INET} and {@code AF_INET6} are
- * allowed
+ * @param addressFamily the address family. Only {@link OsConstants.AF_INET} and {@link
+ * OsConstants.AF_INET6} are allowed.
* @return Builder this, to facilitate chaining.
*/
- // #getConfigurationRequests has been defined for callers to retrieve internal DNS server
- // requests
- @SuppressLint("MissingGetterMatchingBuilder")
@NonNull
public Builder addInternalDnsServerRequest(int addressFamily) {
if (addressFamily == AF_INET) {
@@ -474,17 +331,14 @@
}
/**
- * Adds an internal DHCP server request to the {@link TunnelModeChildSessionParams} being
+ * Adds internal DHCP server requests to the {@link TunnelModeChildSessionParams} being
* built.
*
* <p>Only DHCPv4 server requests are supported.
*
- * @param addressFamily the address family. Only {@code AF_INET} is allowed
+ * @param addressFamily the address family. Only {@link OsConstants.AF_INET} is allowed.
* @return Builder this, to facilitate chaining.
*/
- // #getConfigurationRequests has been defined for callers to retrieve internal DHCP server
- // requests.
- @SuppressLint("MissingGetterMatchingBuilder")
@NonNull
public Builder addInternalDhcpServerRequest(int addressFamily) {
if (addressFamily == AF_INET) {
@@ -520,28 +374,6 @@
}
/**
- * Adds Configuration requests. Internal use only.
- *
- * @hide
- */
- @NonNull
- public Builder addConfigRequest(@NonNull TunnelModeChildConfigAttribute attribute) {
- if (attribute instanceof ConfigAttributeIpv4Address) {
- mHasIp4AddressRequest = true;
- } else if (attribute instanceof ConfigAttributeIpv4Netmask) {
- if (((ConfigAttributeIpv4Netmask) attribute).address != null) {
- throw new IllegalArgumentException(
- "Requesting specific a netmask is disallowed");
- } else {
- mHasIp4NetmaskRequest = true;
- }
- }
-
- mConfigRequestList.add(attribute);
- return this;
- }
-
- /**
* Validates and builds the {@link TunnelModeChildSessionParams}.
*
* @return the validated {@link TunnelModeChildSessionParams}.
@@ -551,11 +383,7 @@
addDefaultTsIfNotConfigured();
validateOrThrow();
- if (!mHasIp4AddressRequest && mHasIp4NetmaskRequest) {
- throw new IllegalArgumentException(
- "Requesting netmask without IPv4 address is disallowed");
- }
- if (mHasIp4AddressRequest && !mHasIp4NetmaskRequest) {
+ if (mHasIp4AddressRequest) {
mConfigRequestList.add(new ConfigAttributeIpv4Netmask());
}
diff --git a/src/java/android/net/ipsec/ike/exceptions/AuthenticationFailedException.java b/src/java/android/net/ipsec/ike/exceptions/AuthenticationFailedException.java
deleted file mode 100644
index fe482c3..0000000
--- a/src/java/android/net/ipsec/ike/exceptions/AuthenticationFailedException.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright (C) 2018 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package android.net.ipsec.ike.exceptions;
-
-import android.annotation.NonNull;
-import android.net.ipsec.ike.ChildSessionCallback;
-import android.net.ipsec.ike.IkeSessionCallback;
-
-/**
- * This exception is thrown when IKE authentication failed.
- *
- * @see <a href="https://tools.ietf.org/html/rfc7296#section-2.21.2">RFC 7296, Internet Key Exchange
- * Protocol Version 2 (IKEv2)</a>
- * @hide
- */
-public final class AuthenticationFailedException extends IkeProtocolException {
- private static final int EXPECTED_ERROR_DATA_LEN = 0;
-
- /**
- * Construct a instance of AuthenticationFailedException.
- *
- * <p>Except for testing, IKE library users normally do not instantiate this object themselves
- * but instead get a reference via {@link IkeSessionCallback} or {@link ChildSessionCallback}.
- *
- * @param message the descriptive message (which is saved for later retrieval by the {@link
- * #getMessage()} method).
- */
- public AuthenticationFailedException(@NonNull String message) {
- super(ERROR_TYPE_AUTHENTICATION_FAILED, message);
- }
-
- /**
- * Construct a instance of AuthenticationFailedException.
- *
- * <p>Except for testing, IKE library users normally do not instantiate this object themselves
- * but instead get a reference via {@link IkeSessionCallback} or {@link ChildSessionCallback}.
- *
- * @param cause the cause (which is saved for later retrieval by the {@link #getCause()}
- * method).
- */
- public AuthenticationFailedException(@NonNull Throwable cause) {
- super(ERROR_TYPE_AUTHENTICATION_FAILED, cause);
- }
-
- /**
- * Construct a instance of AuthenticationFailedException from a notify payload.
- *
- * @param notifyData the notify data included in the payload.
- * @hide
- */
- public AuthenticationFailedException(byte[] notifyData) {
- super(ERROR_TYPE_AUTHENTICATION_FAILED, notifyData);
- }
-
- /** @hide */
- @Override
- protected boolean isValidDataLength(int dataLen) {
- return EXPECTED_ERROR_DATA_LEN == dataLen;
- }
-}
diff --git a/src/java/android/net/ipsec/ike/exceptions/ChildSaNotFoundException.java b/src/java/android/net/ipsec/ike/exceptions/ChildSaNotFoundException.java
deleted file mode 100644
index 662fdf3..0000000
--- a/src/java/android/net/ipsec/ike/exceptions/ChildSaNotFoundException.java
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package android.net.ipsec.ike.exceptions;
-
-import android.net.ipsec.ike.ChildSessionCallback;
-import android.net.ipsec.ike.IkeSessionCallback;
-
-/**
- * This exception is thrown if the remote server received a request for a nonexistent Child SA.
- *
- * <p>This exception is usually caused by a request collision. IKE library will handle it internally
- * by deleting the Child SA (if it still exists).
- *
- * @see <a href="https://tools.ietf.org/html/rfc7296#section-2.25">RFC 7296, Internet Key Exchange
- * Protocol Version 2 (IKEv2)</a>
- * @hide
- */
-public final class ChildSaNotFoundException extends IkeProtocolException {
- private static final int EXPECTED_ERROR_DATA_LEN = 0;
-
- private final int mIpSecSpi;
-
- /**
- * Construct an instance of ChildSaNotFoundException.
- *
- * <p>Except for testing, IKE library users normally do not instantiate this object themselves
- * but instead get a reference via {@link IkeSessionCallback} or {@link ChildSessionCallback}.
- *
- * @param spi the SPI of the Child SA (IPsec SA) that does not exist.
- */
- public ChildSaNotFoundException(int spi) {
- super(ERROR_TYPE_CHILD_SA_NOT_FOUND);
- mIpSecSpi = spi;
- }
-
- /**
- * Construct a instance of ChildSaNotFoundException from a notify payload.
- *
- * @param spi the SPI of the Child SA (IPsec SA) that does not exist.
- * @param notifyData the notify data included in the payload.
- * @hide
- */
- public ChildSaNotFoundException(int spi, byte[] notifyData) {
- super(ERROR_TYPE_CHILD_SA_NOT_FOUND, notifyData);
- mIpSecSpi = spi;
- }
-
- /** @hide */
- @Override
- protected boolean isValidDataLength(int dataLen) {
- return EXPECTED_ERROR_DATA_LEN == dataLen;
- }
-
- /** Returns the SPI of the Child SA (IPsec SA) that does not exist. */
- public int getIpSecSpi() {
- return mIpSecSpi;
- }
-}
diff --git a/src/java/android/net/ipsec/ike/exceptions/FailedCpRequiredException.java b/src/java/android/net/ipsec/ike/exceptions/FailedCpRequiredException.java
deleted file mode 100644
index 8371c17..0000000
--- a/src/java/android/net/ipsec/ike/exceptions/FailedCpRequiredException.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package android.net.ipsec.ike.exceptions;
-
-import android.net.ipsec.ike.ChildSessionCallback;
-import android.net.ipsec.ike.IkeSessionCallback;
-
-/**
- * This exception is thrown if the remote server did not receive a Configuration Payload.
- *
- * <p>This usually indicates that remote server requires the client to request internal addresses
- * when negotiating a tunnel mode Child Session. Callers can fix this by retrying Child creation
- * with internal addresses requests.
- *
- * @see <a href="https://tools.ietf.org/html/rfc7296#section-2.19">RFC 7296, Internet Key Exchange
- * Protocol Version 2 (IKEv2)</a>
- * @hide
- */
-public final class FailedCpRequiredException extends IkeProtocolException {
- private static final int EXPECTED_ERROR_DATA_LEN = 0;
-
- /**
- * Construct an instance of FailedCpRequiredException.
- *
- * <p>Except for testing, IKE library users normally do not instantiate this object themselves
- * but instead get a reference via {@link IkeSessionCallback} or {@link ChildSessionCallback}.
- */
- public FailedCpRequiredException() {
- super(ERROR_TYPE_FAILED_CP_REQUIRED);
- }
-
- /**
- * Construct a instance of FailedCpRequiredException from a notify payload.
- *
- * @param notifyData the notify data included in the payload.
- * @hide
- */
- public FailedCpRequiredException(byte[] notifyData) {
- super(ERROR_TYPE_FAILED_CP_REQUIRED, notifyData);
- }
-
- /** @hide */
- @Override
- protected boolean isValidDataLength(int dataLen) {
- return EXPECTED_ERROR_DATA_LEN == dataLen;
- }
-}
diff --git a/src/java/android/net/ipsec/ike/exceptions/IkeException.java b/src/java/android/net/ipsec/ike/exceptions/IkeException.java
index b86b4a6..fae5f61 100644
--- a/src/java/android/net/ipsec/ike/exceptions/IkeException.java
+++ b/src/java/android/net/ipsec/ike/exceptions/IkeException.java
@@ -15,9 +15,14 @@
*/
package android.net.ipsec.ike.exceptions;
+import android.annotation.SystemApi;
+
/**
* IkeException represents a generic exception that includes internal and protocol exceptions.
+ *
+ * @hide
*/
+@SystemApi
public abstract class IkeException extends Exception {
/** @hide */
protected IkeException() {
diff --git a/src/java/android/net/ipsec/ike/exceptions/IkeInternalException.java b/src/java/android/net/ipsec/ike/exceptions/IkeInternalException.java
index 929f544..06c139a 100644
--- a/src/java/android/net/ipsec/ike/exceptions/IkeInternalException.java
+++ b/src/java/android/net/ipsec/ike/exceptions/IkeInternalException.java
@@ -15,42 +15,38 @@
*/
package android.net.ipsec.ike.exceptions;
-import android.annotation.NonNull;
-import android.net.ipsec.ike.ChildSessionCallback;
-import android.net.ipsec.ike.IkeSessionCallback;
+import android.annotation.SystemApi;
/**
* IkeInternalException encapsulates all local implementation or resource related exceptions.
*
- * <p>Causes may include exceptions such as {@link android.net.IpSecManager.SpiUnavailableException}
- * when the requested SPI resources failed to be allocated.
+ * <p>Causes may include exceptions such as {@link IpSecManager.SpiUnavailableException} when the
+ * requested SPI resources failed to be allocated.
+ *
+ * @hide
*/
-public final class IkeInternalException extends IkeNonProtocolException {
+@SystemApi
+public final class IkeInternalException extends IkeException {
/**
* Constructs a new exception with the specified cause.
*
- * <p>Except for testing, IKE library users normally do not instantiate this object themselves
- * but instead get a reference via {@link IkeSessionCallback} or {@link ChildSessionCallback}.
- *
* @param cause the cause (which is saved for later retrieval by the {@link #getCause()}
* method).
+ * @hide
*/
- public IkeInternalException(@NonNull Throwable cause) {
+ public IkeInternalException(Throwable cause) {
super(cause);
}
/**
* Constructs a new exception with the specified cause.
*
- * <p>Except for testing, IKE library users normally do not instantiate this object themselves
- * but instead get a reference via {@link IkeSessionCallback} or {@link ChildSessionCallback}.
- *
- * @param message the descriptive message (which is saved for later retrieval by the {@link
- * #getMessage()} method).
+ * @param message the descriptive message.
* @param cause the cause (which is saved for later retrieval by the {@link #getCause()}
* method).
+ * @hide
*/
- public IkeInternalException(@NonNull String message, @NonNull Throwable cause) {
+ public IkeInternalException(String message, Throwable cause) {
super(message, cause);
}
}
diff --git a/src/java/android/net/ipsec/ike/exceptions/IkeNetworkLostException.java b/src/java/android/net/ipsec/ike/exceptions/IkeNetworkLostException.java
deleted file mode 100644
index 25c222c..0000000
--- a/src/java/android/net/ipsec/ike/exceptions/IkeNetworkLostException.java
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net.ipsec.ike.exceptions;
-
-import android.annotation.NonNull;
-import android.net.Network;
-import android.net.ipsec.ike.IkeSessionCallback;
-
-import java.util.Objects;
-
-/**
- * IkeNetworkLostException is returned to the caller via {@link
- * IkeSessionCallback#onError(IkeException)} if the underlying Network for the {@link
- * android.net.ipsec.ike.IkeSession} was lost with no alternatives.
- *
- * <p>This Exception corresponds to {@link
- * android.net.ConnectivityManager.NetworkCallback#onLost(android.net.Network)} being invoked for
- * the specified underlying Network.
- *
- * <p>When the caller receives this Exception, they must either:
- *
- * <ul>
- * <li>set a new underlying Network for the corresponding IkeSession (MOBIKE must be enabled and
- * the IKE Session must have started with a caller-configured Network), or
- * <li>wait for a new underlying Network to become available (MOBIKE must be enabled and the IKE
- * Session must be tracking the System default Network), or
- * <ul>
- * <li>Note: if the maximum retransmission time is encountered while waiting, the IKE
- * Session will close. If this occurs, the caller will be notified via {@link
- * IkeSessionCallback#onClosedWithException(IkeException)}.
- * </ul>
- * <li>close the corresponding IkeSession.
- * </ul>
- */
-public final class IkeNetworkLostException extends IkeNonProtocolException {
- private final Network mNetwork;
-
- /** Constructs an IkeNetworkLostException to indicate the specified Network was lost. */
- public IkeNetworkLostException(@NonNull Network network) {
- super();
- Objects.requireNonNull(network, "network is null");
-
- mNetwork = network;
- }
-
- /** Returns the IkeSession's underlying Network that was lost. */
- @NonNull
- public Network getNetwork() {
- return mNetwork;
- }
-}
diff --git a/src/java/android/net/ipsec/ike/exceptions/IkeNonProtocolException.java b/src/java/android/net/ipsec/ike/exceptions/IkeNonProtocolException.java
deleted file mode 100644
index f005504..0000000
--- a/src/java/android/net/ipsec/ike/exceptions/IkeNonProtocolException.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net.ipsec.ike.exceptions;
-
-/**
- * IkeNonProtocolException encapsulates all implementation-specific non-protocol IKE errors.
- */
-public abstract class IkeNonProtocolException extends IkeException {
- /** @hide */
- protected IkeNonProtocolException() {
- super();
- }
-
- /** @hide */
- protected IkeNonProtocolException(String message) {
- super(message);
- }
-
- /** @hide */
- protected IkeNonProtocolException(Throwable cause) {
- super(cause);
- }
-
- /** @hide */
- protected IkeNonProtocolException(String message, Throwable cause) {
- super(message, cause);
- }
-}
diff --git a/src/java/android/net/ipsec/ike/exceptions/IkeProtocolException.java b/src/java/android/net/ipsec/ike/exceptions/IkeProtocolException.java
index 9364558..960507f 100644
--- a/src/java/android/net/ipsec/ike/exceptions/IkeProtocolException.java
+++ b/src/java/android/net/ipsec/ike/exceptions/IkeProtocolException.java
@@ -33,7 +33,9 @@
*
* @see <a href="https://tools.ietf.org/html/rfc7296#section-3.10.1">RFC 7296, Internet Key Exchange
* Protocol Version 2 (IKEv2)</a>
+ * @hide
*/
+@SystemApi
public abstract class IkeProtocolException extends IkeException {
/** @hide */
@Retention(RetentionPolicy.SOURCE)
@@ -146,7 +148,7 @@
}
mErrorType = code;
- mErrorData = notifyData.clone();
+ mErrorData = notifyData;
}
/** @hide */
@@ -202,9 +204,7 @@
* they call this method.
*
* @return the included error data in byte array, or {@code null} if no error data is available.
- * @hide
*/
- @SystemApi
@Nullable
public byte[] getErrorData() {
return mErrorData;
diff --git a/src/java/android/net/ipsec/ike/exceptions/InternalAddressFailureException.java b/src/java/android/net/ipsec/ike/exceptions/InternalAddressFailureException.java
deleted file mode 100644
index 79aa252..0000000
--- a/src/java/android/net/ipsec/ike/exceptions/InternalAddressFailureException.java
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package android.net.ipsec.ike.exceptions;
-
-import android.net.ipsec.ike.ChildSessionCallback;
-import android.net.ipsec.ike.IkeSessionCallback;
-
-/**
- * This exception is thrown if the remote server hits an error in assigning an internal IP address.
- *
- * <p>This exception indicates the remote server encounters an error while attempting to assign an
- * internal IP address during Child creation.
- *
- * @see <a href="https://tools.ietf.org/html/rfc7296#section-3.15.4">RFC 7296, Internet Key Exchange
- * Protocol Version 2 (IKEv2)</a>
- * @hide
- */
-public final class InternalAddressFailureException extends IkeProtocolException {
- private static final int EXPECTED_ERROR_DATA_LEN = 0;
-
- /**
- * Construct an instance of InternalAddressFailureException.
- *
- * <p>Except for testing, IKE library users normally do not instantiate this object themselves
- * but instead get a reference via {@link IkeSessionCallback} or {@link ChildSessionCallback}.
- */
- public InternalAddressFailureException() {
- super(ERROR_TYPE_INTERNAL_ADDRESS_FAILURE);
- }
-
- /**
- * Construct a instance of InternalAddressFailureException from a notify payload.
- *
- * @param notifyData the notify data included in the payload.
- * @hide
- */
- public InternalAddressFailureException(byte[] notifyData) {
- super(ERROR_TYPE_INTERNAL_ADDRESS_FAILURE, notifyData);
- }
-
- /** @hide */
- @Override
- protected boolean isValidDataLength(int dataLen) {
- return EXPECTED_ERROR_DATA_LEN == dataLen;
- }
-}
diff --git a/src/java/android/net/ipsec/ike/exceptions/InvalidIkeSpiException.java b/src/java/android/net/ipsec/ike/exceptions/InvalidIkeSpiException.java
deleted file mode 100644
index 2e7eeed..0000000
--- a/src/java/android/net/ipsec/ike/exceptions/InvalidIkeSpiException.java
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package android.net.ipsec.ike.exceptions;
-
-import android.net.ipsec.ike.ChildSessionCallback;
-import android.net.ipsec.ike.IkeSessionCallback;
-
-/**
- * This exception is thrown if an IKE message was received with an unrecognized destination SPI.
- *
- * <p>This usually indicates that the message recipient has rebooted and forgotten the existence of
- * an IKE SA.
- *
- * @see <a href="https://tools.ietf.org/html/rfc7296#section-2.21">RFC 7296, Internet Key Exchange
- * Protocol Version 2 (IKEv2)</a>
- * @hide
- */
-public final class InvalidIkeSpiException extends IkeProtocolException {
- private static final int EXPECTED_ERROR_DATA_LEN = 0;
-
- /**
- * Construct an instance of InvalidIkeSpiException.
- *
- * <p>Except for testing, IKE library users normally do not instantiate this object themselves
- * but instead get a reference via {@link IkeSessionCallback} or {@link ChildSessionCallback}.
- */
- public InvalidIkeSpiException() {
- super(ERROR_TYPE_INVALID_IKE_SPI);
- }
-
- /**
- * Construct a instance of InvalidIkeSpiException from a notify payload.
- *
- * @param notifyData the notify data included in the payload.
- * @hide
- */
- public InvalidIkeSpiException(byte[] notifyData) {
- super(ERROR_TYPE_INVALID_IKE_SPI, notifyData);
- }
-
- /** @hide */
- @Override
- protected boolean isValidDataLength(int dataLen) {
- return EXPECTED_ERROR_DATA_LEN == dataLen;
- }
-}
diff --git a/src/java/android/net/ipsec/ike/exceptions/InvalidMajorVersionException.java b/src/java/android/net/ipsec/ike/exceptions/InvalidMajorVersionException.java
deleted file mode 100644
index cdb9e55..0000000
--- a/src/java/android/net/ipsec/ike/exceptions/InvalidMajorVersionException.java
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright (C) 2018 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package android.net.ipsec.ike.exceptions;
-
-import android.annotation.SuppressLint;
-import android.net.ipsec.ike.ChildSessionCallback;
-import android.net.ipsec.ike.IkeSessionCallback;
-
-/**
- * This exception is thrown when major version of an inbound message is higher than 2.
- *
- * @see <a href="https://tools.ietf.org/html/rfc7296#section-2.5">RFC 7296, Internet Key Exchange
- * Protocol Version 2 (IKEv2)</a>
- */
-// Include INVALID_MAJOR_VERSION Notify payload in an unencrypted response message containing
-// version number 2.
-public final class InvalidMajorVersionException extends IkeProtocolException {
- private static final int EXPECTED_ERROR_DATA_LEN = 1;
-
- private final byte mVersion;
-
- /**
- * Construct a instance of InvalidMajorVersionException
- *
- * <p>Except for testing, IKE library users normally do not instantiate this object themselves
- * but instead get a reference via {@link IkeSessionCallback} or {@link ChildSessionCallback}.
- *
- * @param version the major version in received packet
- */
- // NoByteOrShort: using byte to be consistent with the Major Version specification
- public InvalidMajorVersionException(@SuppressLint("NoByteOrShort") byte version) {
- super(ERROR_TYPE_INVALID_MAJOR_VERSION, new byte[] {version});
- mVersion = version;
- }
-
- /**
- * Construct a instance of InvalidMajorVersionException from a notify payload.
- *
- * @param notifyData the notify data included in the payload.
- * @hide
- */
- public InvalidMajorVersionException(byte[] notifyData) {
- super(ERROR_TYPE_INVALID_MAJOR_VERSION, notifyData);
- mVersion = notifyData[0];
- }
-
- /**
- * Return the major version included in this exception.
- *
- * @return the major version
- */
- // NoByteOrShort: using byte to be consistent with the Major Version specification
- @SuppressLint("NoByteOrShort")
- public byte getMajorVersion() {
- return mVersion;
- }
-
- /** @hide */
- @Override
- protected boolean isValidDataLength(int dataLen) {
- return EXPECTED_ERROR_DATA_LEN == dataLen;
- }
-}
diff --git a/src/java/android/net/ipsec/ike/exceptions/InvalidSelectorsException.java b/src/java/android/net/ipsec/ike/exceptions/InvalidSelectorsException.java
deleted file mode 100644
index 985a4ec..0000000
--- a/src/java/android/net/ipsec/ike/exceptions/InvalidSelectorsException.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package android.net.ipsec.ike.exceptions;
-
-import android.annotation.NonNull;
-import android.net.ipsec.ike.ChildSessionCallback;
-import android.net.ipsec.ike.IkeSessionCallback;
-
-import java.util.Objects;
-
-/**
- * This exception is thrown if the remote server received an IPsec packet with mismatched selectors.
- *
- * <p>This exception indicates that the remote server received an IPsec packet whose selectors do
- * not match those of the IPsec SA on which it was delivered. The error data contains the start of
- * the offending packet (as in ICMP messages), which is the IP header plus the first 64 bits of the
- * original datagram's data.
- *
- * @see <a href="https://tools.ietf.org/html/rfc7296#section-3.10.1">RFC 7296, Internet Key Exchange
- * Protocol Version 2 (IKEv2)</a>
- */
-public final class InvalidSelectorsException extends IkeProtocolException {
- // Minimum IP header length plus 64 bits
- private static final int EXPECTED_ERROR_DATA_LEN_MIN = 28;
-
- private final int mIpSecSpi;
- private final byte[] mIpSecPacketInfo;
-
- /**
- * Construct an instance of InvalidSelectorsException.
- *
- * <p>Except for testing, IKE library users normally do not instantiate this object themselves
- * but instead get a reference via {@link IkeSessionCallback} or {@link ChildSessionCallback}
- *
- * @param spi the SPI of the IPsec SA that delivered the packet with mismtached selectors.
- * @param packetInfo the IP header plus the first 64 bits of the packet that has mismtached
- * selectors.
- */
- public InvalidSelectorsException(int spi, @NonNull byte[] packetInfo) {
- super(ERROR_TYPE_INVALID_SELECTORS, packetInfo);
- Objects.requireNonNull(packetInfo, "packetInfo is null");
- mIpSecSpi = spi;
- mIpSecPacketInfo = packetInfo.clone();
- }
-
- /** @hide */
- @Override
- protected boolean isValidDataLength(int dataLen) {
- return EXPECTED_ERROR_DATA_LEN_MIN <= dataLen;
- }
-
- /** Returns the SPI of the IPsec SA that delivered the packet with mismtached selectors. */
- public int getIpSecSpi() {
- return mIpSecSpi;
- }
-
- /** Returns the IP header plus the first 64 bits of the packet that has mismtached selectors. */
- @NonNull
- public byte[] getIpSecPacketInfo() {
- return mIpSecPacketInfo;
- }
-}
diff --git a/src/java/android/net/ipsec/ike/exceptions/InvalidSyntaxException.java b/src/java/android/net/ipsec/ike/exceptions/InvalidSyntaxException.java
deleted file mode 100644
index 1ff886e..0000000
--- a/src/java/android/net/ipsec/ike/exceptions/InvalidSyntaxException.java
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * Copyright (C) 2018 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package android.net.ipsec.ike.exceptions;
-
-import android.annotation.NonNull;
-import android.net.ipsec.ike.ChildSessionCallback;
-import android.net.ipsec.ike.IkeSessionCallback;
-
-/**
- * This exception is thrown if any IKE message has a syntax error.
- *
- * <p>This exception indicates that the IKE message that was received was invalid because some type,
- * length, or value was out of range or because the request was rejected for policy reasons.
- *
- * @see <a href="https://tools.ietf.org/html/rfc7296#section-3.10.1">RFC 7296, Internet Key Exchange
- * Protocol Version 2 (IKEv2)</a>
- * @hide
- */
-// Include INVALID_SYNTAX Notify payload in an encrypted response message if current message is
-// an encrypted request and cryptographic checksum is valid. Fatal error.
-public final class InvalidSyntaxException extends IkeProtocolException {
- private static final int EXPECTED_ERROR_DATA_LEN = 0;
-
- /**
- * Construct an instance of InvalidSyntaxException.
- *
- * <p>Except for testing, IKE library users normally do not instantiate this object themselves
- * but instead get a reference via {@link IkeSessionCallback} or {@link ChildSessionCallback}.
- *
- * @param message the descriptive message (which is saved for later retrieval by the {@link
- * #getMessage()} method).
- */
- public InvalidSyntaxException(@NonNull String message) {
- super(ERROR_TYPE_INVALID_SYNTAX, message);
- }
-
- /**
- * Construct a instance of InvalidSyntaxException.
- *
- * <p>Except for testing, IKE library users normally do not instantiate this object themselves
- * but instead get a reference via {@link IkeSessionCallback} or {@link ChildSessionCallback}.
- *
- * @param cause the cause (which is saved for later retrieval by the {@link #getCause()}
- * method).
- */
- public InvalidSyntaxException(@NonNull Throwable cause) {
- super(ERROR_TYPE_INVALID_SYNTAX, cause);
- }
-
- /**
- * Construct a instance of InvalidSyntaxException.
- *
- * <p>Except for testing, IKE library users normally do not instantiate this object themselves
- * but instead get a reference via {@link IkeSessionCallback} or {@link ChildSessionCallback}.
- *
- * @param message the descriptive message (which is saved for later retrieval by the {@link
- * #getMessage()} method).
- * @param cause the cause (which is saved for later retrieval by the {@link #getCause()}
- * method).
- */
- public InvalidSyntaxException(@NonNull String message, @NonNull Throwable cause) {
- super(ERROR_TYPE_INVALID_SYNTAX, message, cause);
- }
-
- /**
- * Construct a instance of InvalidSyntaxException from a notify payload.
- *
- * @param notifyData the notify data included in the payload.
- * @hide
- */
- public InvalidSyntaxException(byte[] notifyData) {
- super(ERROR_TYPE_INVALID_SYNTAX, notifyData);
- }
-
- /** @hide */
- @Override
- protected boolean isValidDataLength(int dataLen) {
- return EXPECTED_ERROR_DATA_LEN == dataLen;
- }
-}
diff --git a/src/java/android/net/ipsec/ike/exceptions/NoAdditionalSasException.java b/src/java/android/net/ipsec/ike/exceptions/NoAdditionalSasException.java
deleted file mode 100644
index 5c7572c..0000000
--- a/src/java/android/net/ipsec/ike/exceptions/NoAdditionalSasException.java
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package android.net.ipsec.ike.exceptions;
-
-import android.net.ipsec.ike.ChildSessionCallback;
-import android.net.ipsec.ike.IkeSessionCallback;
-
-/**
- * This exception is thrown if the remote server is unwilling to accept any more Child SAs.
- *
- * <p>Some minimal implementations may only accept a single Child SA setup in the context of an
- * initial IKE exchange and reject any subsequent attempts to add more.
- *
- * @see <a href="https://tools.ietf.org/html/rfc7296#section-1.3">RFC 7296, Internet Key Exchange
- * Protocol Version 2 (IKEv2)</a>
- * @hide
- */
-public final class NoAdditionalSasException extends IkeProtocolException {
- private static final int EXPECTED_ERROR_DATA_LEN = 0;
-
- /**
- * Construct an instance of NoAdditionalSasException.
- *
- * <p>Except for testing, IKE library users normally do not instantiate this object themselves
- * but instead get a reference via {@link IkeSessionCallback} or {@link ChildSessionCallback}.
- */
- public NoAdditionalSasException() {
- super(ERROR_TYPE_NO_ADDITIONAL_SAS);
- }
-
- /**
- * Construct a instance of NoAdditionalSasException from a notify payload.
- *
- * @param notifyData the notify data included in the payload.
- * @hide
- */
- public NoAdditionalSasException(byte[] notifyData) {
- super(ERROR_TYPE_NO_ADDITIONAL_SAS, notifyData);
- }
-
- /** @hide */
- @Override
- protected boolean isValidDataLength(int dataLen) {
- return EXPECTED_ERROR_DATA_LEN == dataLen;
- }
-}
diff --git a/src/java/android/net/ipsec/ike/exceptions/NoValidProposalChosenException.java b/src/java/android/net/ipsec/ike/exceptions/NoValidProposalChosenException.java
deleted file mode 100644
index 362f316..0000000
--- a/src/java/android/net/ipsec/ike/exceptions/NoValidProposalChosenException.java
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (C) 2018 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package android.net.ipsec.ike.exceptions;
-
-import android.annotation.NonNull;
-import android.net.ipsec.ike.ChildSessionCallback;
-import android.net.ipsec.ike.IkeSessionCallback;
-
-/**
- * This exception is thrown if a SA proposal negotiation failed.
- *
- * <p>This exception indicates that either none of SA proposals from caller is acceptable or the
- * negotiated SA proposal from the remote server is invalid.
- *
- * @see <a href="https://tools.ietf.org/html/rfc7296#section-2.7">RFC 7296, Internet Key Exchange
- * Protocol Version 2 (IKEv2)</a>
- * @hide
- */
-// Include the NO_PROPOSAL_CHOSEN Notify payload in an encrypted response message if received
-// message is an encrypted request from SA initiator.
-public final class NoValidProposalChosenException extends IkeProtocolException {
- private static final int EXPECTED_ERROR_DATA_LEN = 0;
-
- /**
- * Construct an instance of NoValidProposalChosenException.
- *
- * <p>Except for testing, IKE library users normally do not instantiate this object themselves
- * but instead get a reference via {@link IkeSessionCallback} or {@link ChildSessionCallback}.
- *
- * @param message the descriptive message (which is saved for later retrieval by the {@link
- * #getMessage()} method).
- */
- public NoValidProposalChosenException(@NonNull String message) {
- super(ERROR_TYPE_NO_PROPOSAL_CHOSEN, message);
- }
-
- /**
- * Construct an instance of NoValidProposalChosenException.
- *
- * <p>Except for testing, IKE library users normally do not instantiate this object themselves
- * but instead get a reference via {@link IkeSessionCallback} or {@link ChildSessionCallback}.
- *
- * @param message the descriptive message (which is saved for later retrieval by the {@link
- * #getMessage()} method).
- * @param cause the cause (which is saved for later retrieval by the {@link #getCause()}
- * method).
- */
- public NoValidProposalChosenException(@NonNull String message, @NonNull Throwable cause) {
- super(ERROR_TYPE_NO_PROPOSAL_CHOSEN, cause);
- }
-
- /**
- * Construct a instance of NoValidProposalChosenException from a notify payload.
- *
- * @param notifyData the notify data included in the payload.
- * @hide
- */
- public NoValidProposalChosenException(byte[] notifyData) {
- super(ERROR_TYPE_NO_PROPOSAL_CHOSEN, notifyData);
- }
-
- /** @hide */
- @Override
- protected boolean isValidDataLength(int dataLen) {
- return EXPECTED_ERROR_DATA_LEN == dataLen;
- }
-}
diff --git a/src/java/android/net/ipsec/ike/exceptions/SinglePairRequiredException.java b/src/java/android/net/ipsec/ike/exceptions/SinglePairRequiredException.java
deleted file mode 100644
index e378847..0000000
--- a/src/java/android/net/ipsec/ike/exceptions/SinglePairRequiredException.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package android.net.ipsec.ike.exceptions;
-
-import android.net.ipsec.ike.ChildSessionCallback;
-import android.net.ipsec.ike.IkeSessionCallback;
-
-/**
- * This exception is thrown if the remote server requires a single pair of addresses as selectors.
- *
- * <p>This exception indicates that the remote server is only willing to accept Traffic Selectors
- * specifying a single pair of addresses. Callers may retry Child creation with only the specific
- * traffic it is trying to forward.
- *
- * @see <a href="https://tools.ietf.org/html/rfc7296#section-2.9">RFC 7296, Internet Key Exchange
- * Protocol Version 2 (IKEv2)</a>
- * @hide
- */
-public class SinglePairRequiredException extends IkeProtocolException {
- private static final int EXPECTED_ERROR_DATA_LEN = 0;
-
- /**
- * Construct an instance of SinglePairRequiredException.
- *
- * <p>Except for testing, IKE library users normally do not instantiate this object themselves
- * but instead get a reference via {@link IkeSessionCallback} or {@link ChildSessionCallback}.
- */
- public SinglePairRequiredException() {
- super(ERROR_TYPE_SINGLE_PAIR_REQUIRED);
- }
-
- /**
- * Construct a instance of SinglePairRequiredException from a notify payload.
- *
- * @param notifyData the notify data included in the payload.
- * @hide
- */
- public SinglePairRequiredException(byte[] notifyData) {
- super(ERROR_TYPE_SINGLE_PAIR_REQUIRED, notifyData);
- }
-
- /** @hide */
- @Override
- protected boolean isValidDataLength(int dataLen) {
- return EXPECTED_ERROR_DATA_LEN == dataLen;
- }
-}
diff --git a/src/java/android/net/ipsec/ike/exceptions/TsUnacceptableException.java b/src/java/android/net/ipsec/ike/exceptions/TsUnacceptableException.java
deleted file mode 100644
index adb19d1..0000000
--- a/src/java/android/net/ipsec/ike/exceptions/TsUnacceptableException.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (C) 2019 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package android.net.ipsec.ike.exceptions;
-
-import android.net.ipsec.ike.ChildSessionCallback;
-import android.net.ipsec.ike.IkeSessionCallback;
-
-/**
- * This exception is thrown if Traffic Selectors negotiation failed.
- *
- * <p>This exception indicates either proposed Traffic Selectors by callers is not acceptable or the
- * negotiated Traffic Selectors from the remote server is invalid.
- *
- * @hide
- */
-// If remote server is the exchange initiator, IKE library should respond with a TS_UNACCEPTABLE
-// Notify message. If the remote server is the exchange responder, IKE library should initiate a
-// Delete IKE exchange and close the IKE Session.
-public final class TsUnacceptableException extends IkeProtocolException {
- private static final int EXPECTED_ERROR_DATA_LEN = 0;
-
- /**
- * Construct an instance of TsUnacceptableException.
- *
- * <p>Except for testing, IKE library users normally do not instantiate this object themselves
- * but instead get a reference via {@link IkeSessionCallback} or {@link ChildSessionCallback}.
- */
- public TsUnacceptableException() {
- super(ERROR_TYPE_TS_UNACCEPTABLE);
- }
-
- /**
- * Construct a instance of TsUnacceptableException from a notify payload.
- *
- * @param notifyData the notify data included in the payload.
- * @hide
- */
- public TsUnacceptableException(byte[] notifyData) {
- super(ERROR_TYPE_TS_UNACCEPTABLE, notifyData);
- }
-
- /** @hide */
- @Override
- protected boolean isValidDataLength(int dataLen) {
- return EXPECTED_ERROR_DATA_LEN == dataLen;
- }
-}
diff --git a/src/java/android/net/ipsec/ike/exceptions/UnrecognizedIkeProtocolException.java b/src/java/android/net/ipsec/ike/exceptions/UnrecognizedIkeProtocolException.java
deleted file mode 100644
index b5bce79..0000000
--- a/src/java/android/net/ipsec/ike/exceptions/UnrecognizedIkeProtocolException.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * Copyright (C) 2019 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package android.net.ipsec.ike.exceptions;
-
-import android.annotation.NonNull;
-import android.net.ipsec.ike.ChildSessionCallback;
-import android.net.ipsec.ike.IkeSessionCallback;
-
-import java.util.Objects;
-
-/**
- * This exception represents an unrecognized error notification in a received response.
- *
- * @see <a href="https://tools.ietf.org/html/rfc7296#section-3.10.1">RFC 7296, Internet Key Exchange
- * Protocol Version 2 (IKEv2)</a>
- * @hide
- */
-// When receiving an unrecognized error notification in a response, IKE Session MUST assume that
-// the corresponding request has failed entirely. If it is in a request, IKE Session MUST ignore it.
-public final class UnrecognizedIkeProtocolException extends IkeProtocolException {
- private final byte[] mUnrecognizedErrorData;
- /**
- * Constructs an instance of UnrecognizedIkeProtocolException
- *
- * <p>Except for testing, IKE library users normally do not instantiate this object themselves
- * but instead get a reference via {@link IkeSessionCallback} or {@link ChildSessionCallback}.
- *
- * @param errorType the error type
- * @param errorData the error data in bytes
- */
- public UnrecognizedIkeProtocolException(int errorType, @NonNull byte[] errorData) {
- super(errorType, errorData);
- Objects.requireNonNull(errorData, "errorData is null");
- mUnrecognizedErrorData = errorData.clone();
- }
-
- /** Returns the included error data of this UnrecognizedIkeProtocolException */
- @NonNull
- public byte[] getUnrecognizedErrorData() {
- return mUnrecognizedErrorData;
- }
-
- /** @hide */
- @Override
- protected boolean isValidDataLength(int dataLen) {
- // Unrecognized error does not have an expected error data length. Any non-negative length
- // is valid
- return dataLen >= 0;
- }
-}
diff --git a/src/java/android/net/ipsec/ike/ike3gpp/Ike3gppBackoffTimer.java b/src/java/android/net/ipsec/ike/ike3gpp/Ike3gppBackoffTimer.java
deleted file mode 100644
index 44fc108..0000000
--- a/src/java/android/net/ipsec/ike/ike3gpp/Ike3gppBackoffTimer.java
+++ /dev/null
@@ -1,120 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net.ipsec.ike.ike3gpp;
-
-import android.annotation.IntDef;
-import android.annotation.SuppressLint;
-import android.annotation.SystemApi;
-import android.util.ArraySet;
-
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.util.Set;
-
-/**
- * Ike3gppBackoffTimer represents the data provided by the peer/remote endpoint for a BACKOFF_TIMER
- * Notify payload.
- *
- * @see 3GPP TS 24.302 Section 8.2.9.1 BACKOFF_TIMER Notify Payload
- * @hide
- */
-@SystemApi
-public final class Ike3gppBackoffTimer extends Ike3gppData {
- /**
- * Error-Notify indicating that access is not authorized because no subscription was found for
- * the specified APN.
- *
- * <p>NOTE: PRIVATE-USE VALUE; not IANA specified. This value MAY conflict with other private
- * use values from other extensions.
- *
- * <p>Corresponds to DIAMETER_ERROR_USER_NO_APN_SUBSCRIPTION Result code as specified in 3GPP TS
- * 29.273 Section 10.3.7
- *
- * @see 3GPP TS 24.302 Section 8.1.2.2
- */
- public static final int ERROR_TYPE_NO_APN_SUBSCRIPTION = 9002;
-
- /**
- * Error-Notify indicating that the procedure could not be completed due to network failure.
- *
- * <p>NOTE: PRIVATE-USE VALUE; not IANA specified. This value MAY conflict with other private
- * use values from other extensions.
- *
- * <p>Corresponds to DIAMETER_UNABLE_TO_COMPLY Result code as specified in 3GPP TS 29.273
- *
- * @see 3GPP TS 24.302 Section 8.1.2.2
- */
- public static final int ERROR_TYPE_NETWORK_FAILURE = 10500;
-
- /** @hide */
- @Retention(RetentionPolicy.SOURCE)
- @IntDef({ERROR_TYPE_NO_APN_SUBSCRIPTION, ERROR_TYPE_NETWORK_FAILURE})
- public @interface ErrorType {}
-
- private static final Set<Integer> VALID_BACKOFF_TIMER_CAUSES;
-
- static {
- VALID_BACKOFF_TIMER_CAUSES = new ArraySet<>();
- VALID_BACKOFF_TIMER_CAUSES.add(ERROR_TYPE_NO_APN_SUBSCRIPTION);
- VALID_BACKOFF_TIMER_CAUSES.add(ERROR_TYPE_NETWORK_FAILURE);
- }
-
- private final byte mBackoffTimer;
- private final int mBackoffCause;
-
- /**
- * Constructs an Ike3gppBackoffTimer with the specified parameters.
- *
- * @param backoffTimer the backoff timer indicated by the peer
- * @param backoffCause the cause for this backoff timer, indicated by the peer
- * @hide
- */
- // NoByteOrShort: using byte to be consistent with the Backoff Timer specification
- @SystemApi
- public Ike3gppBackoffTimer(
- @SuppressLint("NoByteOrShort") byte backoffTimer, @ErrorType int backoffCause) {
- mBackoffTimer = backoffTimer;
- mBackoffCause = backoffCause;
- }
-
- @Override
- public @DataType int getDataType() {
- return DATA_TYPE_NOTIFY_BACKOFF_TIMER;
- }
-
- /**
- * Returns the Backoff Timer specified by the peer.
- *
- * <p>The Backoff Timer is coded as the value part (as specified in 3GPP TS 24.007 for type 4
- * IE) of the GPRS timer 3 information element defined in 3GPP TS 24.008 subclause 10.5.7.4a.
- */
- // NoByteOrShort: using byte to be consistent with the Backoff Timer specification
- @SuppressLint("NoByteOrShort")
- public byte getBackoffTimer() {
- return mBackoffTimer;
- }
-
- /** Returns the cause for this Backoff Timer specified by the peer. */
- public @ErrorType int getBackoffCause() {
- return mBackoffCause;
- }
-
- /** @hide */
- public static boolean isValidErrorNotifyCause(int notifyType) {
- return VALID_BACKOFF_TIMER_CAUSES.contains(notifyType);
- }
-}
diff --git a/src/java/android/net/ipsec/ike/ike3gpp/Ike3gppData.java b/src/java/android/net/ipsec/ike/ike3gpp/Ike3gppData.java
deleted file mode 100644
index 3aae560..0000000
--- a/src/java/android/net/ipsec/ike/ike3gpp/Ike3gppData.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net.ipsec.ike.ike3gpp;
-
-import android.annotation.IntDef;
-import android.annotation.SystemApi;
-
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-
-/**
- * Ike3gppData represents 3GPP-specific data sent by the peer/remote endpoint.
- *
- * @see 3GPP ETSI TS 24.302: Access to the 3GPP Evolved Packet Core (EPC) via non-3GPP access
- * networks
- * @hide
- */
-@SystemApi
-public abstract class Ike3gppData {
- private static final int DATA_TYPE_SHARED_BASE = 0;
- private static final int DATA_TYPE_CATEGORY_SIZE = 100;
-
- private static final int DATA_TYPE_PAYLOAD_NOTIFY_BASE = DATA_TYPE_SHARED_BASE;
-
- /** Data Type representing an {@link Ike3gppN1ModeInformation}. */
- public static final int DATA_TYPE_NOTIFY_N1_MODE_INFORMATION =
- DATA_TYPE_PAYLOAD_NOTIFY_BASE + 1;
-
- /** Data Type representing an {@link Ike3gppBackoffTimer}. */
- public static final int DATA_TYPE_NOTIFY_BACKOFF_TIMER = DATA_TYPE_PAYLOAD_NOTIFY_BASE + 2;
-
- /** @hide */
- @Retention(RetentionPolicy.SOURCE)
- @IntDef({DATA_TYPE_NOTIFY_N1_MODE_INFORMATION, DATA_TYPE_NOTIFY_BACKOFF_TIMER})
- public @interface DataType {}
-
- /** @hide */
- protected Ike3gppData() {}
-
- /** Returns the DataType that this Ike3gppData represents. */
- public abstract @DataType int getDataType();
-}
diff --git a/src/java/android/net/ipsec/ike/ike3gpp/Ike3gppExtension.java b/src/java/android/net/ipsec/ike/ike3gpp/Ike3gppExtension.java
deleted file mode 100644
index 2165e3f..0000000
--- a/src/java/android/net/ipsec/ike/ike3gpp/Ike3gppExtension.java
+++ /dev/null
@@ -1,111 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net.ipsec.ike.ike3gpp;
-
-import android.annotation.NonNull;
-import android.annotation.SuppressLint;
-import android.annotation.SystemApi;
-
-import java.util.List;
-import java.util.Objects;
-
-/**
- * Ike3gppExtension is used to provide 3GPP-specific extensions for an IKE Session.
- *
- * <p>Ike3gppExtension must be set in IkeSessionParams.Builder in order for it to be enabled during
- * an IKE Session.
- *
- * @see 3GPP ETSI TS 24.302: Access to the 3GPP Evolved Packet Core (EPC) via non-3GPP access
- * networks
- * @hide
- */
-@SystemApi
-public final class Ike3gppExtension {
- @NonNull private final Ike3gppParams mIke3gppParams;
- @NonNull private final Ike3gppDataListener mIke3gppDataListener;
-
- /**
- * Constructs an Ike3gppExtension instance with the given Ike3gppDataListener and Ike3gppParams
- * instances.
- *
- * @param ike3gppParams Ike3gppParams used to configure the 3GPP-support for an IKE Session.
- * @param ike3gppDataListener Ike3gppDataListener used to notify the caller of 3GPP-specific
- * data received during an IKE Session.
- */
- // ExecutorRegistration: Not necessary to take an Executor for invoking the listener here, as
- // this is not actually where the listener is registered. The caller's Executor provided in the
- // IkeSession constructor will be used to invoke the Ike3gppDataListener.
- @SuppressLint("ExecutorRegistration")
- public Ike3gppExtension(
- @NonNull Ike3gppParams ike3gppParams,
- @NonNull Ike3gppDataListener ike3gppDataListener) {
- Objects.requireNonNull(ike3gppParams, "ike3gppParams must not be null");
- Objects.requireNonNull(ike3gppDataListener, "ike3gppDataListener must not be null");
-
- mIke3gppParams = ike3gppParams;
- mIke3gppDataListener = ike3gppDataListener;
- }
-
- /** Retrieves the configured Ike3gppDataListener. */
- @NonNull
- public Ike3gppDataListener getIke3gppDataListener() {
- return mIke3gppDataListener;
- }
-
- /** Retrieves the configured Ike3gppParams. */
- @NonNull
- public Ike3gppParams getIke3gppParams() {
- return mIke3gppParams;
- }
-
- @Override
- public int hashCode() {
- return Objects.hash(mIke3gppParams, mIke3gppDataListener);
- }
-
- @Override
- public boolean equals(Object o) {
- if (!(o instanceof Ike3gppExtension)) {
- return false;
- }
-
- Ike3gppExtension other = (Ike3gppExtension) o;
-
- return mIke3gppParams.equals(other.mIke3gppParams)
- && mIke3gppDataListener.equals(other.mIke3gppDataListener);
- }
-
- /**
- * Listener for receiving 3GPP-specific data.
- *
- * <p>MUST be unique to each IKE Session.
- *
- * <p>All Ike3gppDataListener calls will be invoked on the Executor provided in the IkeSession
- * constructor.
- */
- public interface Ike3gppDataListener {
- /**
- * Invoked when the IKE Session receives 3GPP-specific data.
- *
- * <p>This function will be invoked at most once for each IKE Message received by the IKEv2
- * library.
- *
- * @param ike3gppDataList List<Ike3gppData> the 3GPP-data received
- */
- void onIke3gppDataReceived(@NonNull List<Ike3gppData> ike3gppDataList);
- }
-}
diff --git a/src/java/android/net/ipsec/ike/ike3gpp/Ike3gppN1ModeInformation.java b/src/java/android/net/ipsec/ike/ike3gpp/Ike3gppN1ModeInformation.java
deleted file mode 100644
index bee6615..0000000
--- a/src/java/android/net/ipsec/ike/ike3gpp/Ike3gppN1ModeInformation.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net.ipsec.ike.ike3gpp;
-
-import android.annotation.NonNull;
-import android.annotation.SystemApi;
-
-import java.util.Objects;
-
-/**
- * Ike3gppN1ModeInformation represents the data provided by the peer/remote endpoint for an
- * N1_MODE_INFORMATION Notify payload.
- *
- * @see 3GPP TS 24.302 Section 8.2.9.16 N1_MODE_INFORMATION Notify payload
- * @hide
- */
-@SystemApi
-public final class Ike3gppN1ModeInformation extends Ike3gppData {
- private final byte[] mSnssai;
-
- /**
- * Constructs an Ike3gppN1ModeInformation with the specified parameters.
- *
- * @param snssai the SNSSAI value indicated by the peer
- * @hide
- */
- @SystemApi
- public Ike3gppN1ModeInformation(@NonNull byte[] snssai) {
- Objects.requireNonNull(snssai, "snssai must not be null");
- mSnssai = snssai.clone();
- }
-
- @Override
- public @DataType int getDataType() {
- return DATA_TYPE_NOTIFY_N1_MODE_INFORMATION;
- }
-
- /**
- * Returns the S-NSSAI value reported by the peer.
- *
- * <p>The S-NSSAI is coded as defined in 3GPP TS 24.501 Section 9.11.2.8.
- */
- @NonNull
- public byte[] getSnssai() {
- return mSnssai.clone();
- }
-}
diff --git a/src/java/android/net/ipsec/ike/ike3gpp/Ike3gppParams.java b/src/java/android/net/ipsec/ike/ike3gpp/Ike3gppParams.java
deleted file mode 100644
index 4c5506e..0000000
--- a/src/java/android/net/ipsec/ike/ike3gpp/Ike3gppParams.java
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net.ipsec.ike.ike3gpp;
-
-import android.annotation.NonNull;
-import android.annotation.SuppressLint;
-import android.annotation.SystemApi;
-
-import java.util.Objects;
-
-/**
- * Ike3gppParams is used to configure 3GPP-specific parameters to be used during an IKE Session.
- *
- * @see 3GPP ETSI TS 24.302: Access to the 3GPP Evolved Packet Core (EPC) via non-3GPP access
- * networks
- * @hide
- */
-@SystemApi
-public final class Ike3gppParams {
- /** If the PDU Session ID is not set, it will be reported as 0. */
- // NoByteOrShort: using byte to be consistent with the PDU Session ID specification
- @SuppressLint("NoByteOrShort")
- public static final byte PDU_SESSION_ID_UNSET = 0;
-
- private final byte mPduSessionId;
-
- private Ike3gppParams(byte pduSessionId) {
- mPduSessionId = pduSessionId;
- }
-
- /**
- * Retrieves the PDU Session ID for this Ike3gppParams.
- *
- * <p>If the PDU Session ID was not set and this method is called, {@link PDU_SESSION_ID_UNSET}
- * will be returned.
- */
- // NoByteOrShort: using byte to be consistent with the PDU Session ID specification
- @SuppressLint("NoByteOrShort")
- public byte getPduSessionId() {
- return mPduSessionId;
- }
-
- /**
- * Returns true if the PDU Session ID is set for this instance.
- *
- * @hide
- */
- public boolean hasPduSessionId() {
- return mPduSessionId != PDU_SESSION_ID_UNSET;
- }
-
- @Override
- public int hashCode() {
- return Objects.hash(mPduSessionId);
- }
-
- @Override
- public boolean equals(Object o) {
- if (!(o instanceof Ike3gppParams)) {
- return false;
- }
-
- return mPduSessionId == ((Ike3gppParams) o).mPduSessionId;
- }
-
- @Override
- public String toString() {
- return new StringBuilder()
- .append("Ike3gppParams={ ")
- .append("pduSessionId=")
- .append(String.format("%02X", mPduSessionId))
- .append(" }")
- .toString();
- }
-
- /** This class can be used to incrementally construct an {@link Ike3gppParams}. */
- public static final class Builder {
- private byte mPduSessionId = PDU_SESSION_ID_UNSET;
-
- /**
- * Sets the PDU Session ID to be used for the 3GPP N1_MODE_CAPABILITY payload.
- *
- * <p>Setting the PDU Session ID will configure the IKE Session to notify the server that it
- * supports N1_MODE.
- *
- * <p>{@link PDU_SESSION_ID_UNSET} will clear the previously-set PDU Session ID.
- *
- * @see TS 24.007 Section 11.2.3.1b for the definition of PDU Session ID encoding
- * @see TS 24.302 Section 7.2.2 for context on PDU Session ID usage
- * @see TS 24.302 Section 8.2.9.15 for a description of the N1_MODE_CAPABILITY payload
- * @param pduSessionId the PDU Session ID value to be used in this IKE Session
- * @return Builder this, to facilitate chaining
- */
- // NoByteOrShort: using byte to be consistent with the PDU Session ID specification
- @NonNull
- public Builder setPduSessionId(@SuppressLint("NoByteOrShort") byte pduSessionId) {
- mPduSessionId = pduSessionId;
- return this;
- }
-
- /**
- * Validates and builds the {@link Ike3gppParams}.
- *
- * @return Ike3gppParams the validated Ike3gppParams
- */
- @NonNull
- public Ike3gppParams build() {
- return new Ike3gppParams(mPduSessionId);
- }
- }
-}
diff --git a/src/java/com/android/internal/net/eap/EapResult.java b/src/java/com/android/internal/net/eap/EapResult.java
index 1b403c1..687c9d9 100644
--- a/src/java/com/android/internal/net/eap/EapResult.java
+++ b/src/java/com/android/internal/net/eap/EapResult.java
@@ -117,7 +117,7 @@
* Constructs an EapError instance for the given cause.
*
* @param cause the Exception that caused the EapError to be returned from the
- * EapStateMachine
+ * EapStateMachine
*/
public EapError(Exception cause) {
this.cause = cause;
diff --git a/src/java/com/android/internal/net/eap/crypto/TlsSession.java b/src/java/com/android/internal/net/eap/crypto/TlsSession.java
deleted file mode 100644
index 854618c..0000000
--- a/src/java/com/android/internal/net/eap/crypto/TlsSession.java
+++ /dev/null
@@ -1,523 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.eap.crypto;
-
-import static com.android.internal.net.eap.EapAuthenticator.LOG;
-import static com.android.internal.net.eap.statemachine.EapMethodStateMachine.MIN_EMSK_LEN_BYTES;
-import static com.android.internal.net.eap.statemachine.EapMethodStateMachine.MIN_MSK_LEN_BYTES;
-
-import android.annotation.IntDef;
-import android.net.ssl.SSLEngines;
-
-import com.android.internal.annotations.VisibleForTesting;
-import com.android.internal.net.eap.EapResult.EapError;
-import com.android.internal.net.eap.exceptions.EapInvalidRequestException;
-
-import java.io.IOException;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.nio.BufferOverflowException;
-import java.nio.ByteBuffer;
-import java.security.GeneralSecurityException;
-import java.security.KeyStore;
-import java.security.Provider;
-import java.security.ProviderException;
-import java.security.SecureRandom;
-import java.security.Security;
-import java.security.cert.X509Certificate;
-import java.util.Arrays;
-
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLEngine;
-import javax.net.ssl.SSLEngineResult;
-import javax.net.ssl.SSLEngineResult.HandshakeStatus;
-import javax.net.ssl.SSLEngineResult.Status;
-import javax.net.ssl.SSLException;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
-import javax.net.ssl.X509TrustManager;
-
-/**
- * TlsSession provides the TLS handshake and encryption/decryption functionality for EAP-TTLS.
- *
- * <p>The primary return mechanism of TlsSession is via {@link TlsResult TlsResult}, which contains
- * an outbound message and the status of the operation.
- *
- * <p>The handshake is initiated via the {@link #startHandshake() startHandshake} method which wraps
- * the first outbound message. Any handshake message that follows is then processed via {@link
- * #processHandshakeData(byte[]) processHandshakeData} which will eventually produce a TlsResult.
- *
- * <p>Once a handshake is complete, data can be encrypted via {@link #processOutgoingData(byte[])
- * processOutgoingData} which will produce a TlsResult with the encrypted message. Decryption is
- * similar and is handled via {@link #processIncomingData(byte[]) processIncomingData} which
- * produces a TlsResult with the decrypted application data.
- */
-public class TlsSession {
- private static final String TAG = TlsSession.class.getSimpleName();
-
- @Retention(RetentionPolicy.SOURCE)
- @IntDef({
- TLS_STATUS_TUNNEL_ESTABLISHED,
- TLS_STATUS_SUCCESS,
- TLS_STATUS_FAILURE,
- TLS_STATUS_CLOSED
- })
- public @interface TlsStatus {}
-
- public static final int TLS_STATUS_TUNNEL_ESTABLISHED = 0;
- public static final int TLS_STATUS_SUCCESS = 1;
- public static final int TLS_STATUS_FAILURE = 2;
- public static final int TLS_STATUS_CLOSED = 3;
-
- // TODO(b/163135610): Support for TLS 1.3 in EAP-TTLS
- private static final String[] ENABLED_TLS_PROTOCOLS = {"TLSv1.2"};
- // The trust management algorithm, keystore type and the trust manager provider are equivalent
- // to those used in the IKEv2 library
- private static final String CERT_PATH_ALGO_PKIX = "PKIX";
- private static final String KEY_STORE_TYPE_PKCS12 = "PKCS12";
- private static final Provider TRUST_MANAGER_PROVIDER = Security.getProvider("HarmonyJSSE");
-
- // Label for key generation (RFC 5281#8)
- private static final String TTLS_EXPORTER_LABEL = "ttls keying material";
- // 128 bytes of keying material. First 64 bytes represent the MSK and the second 64 bytes
- // represent the EMSK (RFC5281#8)
- private static final int TTLS_KEYING_MATERIAL_LEN = 128;
-
- private final SSLContext mSslContext;
- private final SSLSession mSslSession;
- private final SSLEngine mSslEngine;
- private final SecureRandom mSecureRandom;
-
- // this is kept as an outer variable as the finished state is returned exclusively by
- // wrap/unwrap so it is important to keep track of the handshake status separately
- @VisibleForTesting HandshakeStatus mHandshakeStatus;
- @VisibleForTesting boolean mHandshakeComplete = false;
- private TrustManager[] mTrustManagers;
-
- private ByteBuffer mApplicationData;
- private ByteBuffer mPacketData;
-
- // Package-private
- TlsSession(X509Certificate serverCaCert, SecureRandom secureRandom)
- throws GeneralSecurityException, IOException {
- mSecureRandom = secureRandom;
- initTrustManagers(serverCaCert);
- mSslContext = SSLContext.getInstance("TLSv1.2");
- mSslContext.init(null, mTrustManagers, secureRandom);
- mSslEngine = mSslContext.createSSLEngine();
- mSslEngine.setEnabledProtocols(ENABLED_TLS_PROTOCOLS);
- mSslEngine.setUseClientMode(true);
- mSslSession = mSslEngine.getSession();
- mApplicationData = ByteBuffer.allocate(mSslSession.getApplicationBufferSize());
- mPacketData = ByteBuffer.allocate(mSslSession.getPacketBufferSize());
- }
-
- @VisibleForTesting
- public TlsSession(
- SSLContext sslContext,
- SSLEngine sslEngine,
- SSLSession sslSession,
- SecureRandom secureRandom) {
- mSslContext = sslContext;
- mSslEngine = sslEngine;
- mSecureRandom = secureRandom;
- mSslSession = sslSession;
- mApplicationData = ByteBuffer.allocate(mSslSession.getApplicationBufferSize());
- mPacketData = ByteBuffer.allocate(mSslSession.getPacketBufferSize());
- }
-
- /**
- * Creates the trust manager instance needed to instantiate the SSLContext
- *
- * @param serverCaCert the CA certificate for validating the received server certificate(s). If
- * no certificate is provided, any root CA in the system's truststore is considered
- * acceptable.
- * @throws GeneralSecurityException if the trust manager cannot be initialized
- * @throws IOException if there is an I/O issue with keystore data
- */
- private void initTrustManagers(X509Certificate serverCaCert)
- throws GeneralSecurityException, IOException {
- // TODO(b/160798904): Pass TrustManager through EAP authenticator in EAP-TTLS
-
- KeyStore keyStore = null;
-
- if (serverCaCert != null) {
- keyStore = KeyStore.getInstance(KEY_STORE_TYPE_PKCS12);
- keyStore.load(null);
- String alias =
- serverCaCert.getSubjectX500Principal().getName() + serverCaCert.hashCode();
- keyStore.setCertificateEntry(alias, serverCaCert);
- }
-
- TrustManagerFactory tmFactory =
- TrustManagerFactory.getInstance(CERT_PATH_ALGO_PKIX, TRUST_MANAGER_PROVIDER);
- tmFactory.init(keyStore);
-
- mTrustManagers = tmFactory.getTrustManagers();
- for (TrustManager tm : mTrustManagers) {
- if (tm instanceof X509TrustManager) {
- return;
- }
- }
-
- throw new ProviderException(
- "X509TrustManager is not supported by provider " + TRUST_MANAGER_PROVIDER);
- }
-
- /**
- * Initializes the TLS handshake by wrapping the first ClientHello message
- *
- * <p>Note that no handshaking occurred during the writing of this code. The underlying
- * implementation of handshake used here is the elbow bump.
- *
- * @return a tls result containing outbound data the and status of operation
- */
- public TlsResult startHandshake() {
- clearAndGrowApplicationBufferIfNeeded();
- clearAndGrowPacketBufferIfNeeded();
-
- SSLEngineResult result;
- try {
- // A wrap implicitly begins the handshake. This will produce the ClientHello
- // message.
- result = mSslEngine.wrap(mApplicationData, mPacketData);
- } catch (SSLException e) {
- LOG.e(TAG, "Failed to initiate handshake", e);
- return new TlsResult(TLS_STATUS_FAILURE);
- }
- mHandshakeStatus = result.getHandshakeStatus();
-
- return new TlsResult(getByteArrayFromBuffer(mPacketData), TLS_STATUS_SUCCESS);
- }
-
- /**
- * Processes an incoming handshake message and updates the handshake status accordingly
- *
- * <p>Note that Conscrypt's SSLEngine only returns FINISHED once. In TLS 1.2, this is returned
- * after a wrap call. However, this wrap occurs AFTER the handshake is complete on both the
- * server and client side. As a result, the wrap would simply encrypt the entire buffer (of
- * zeroes) and produce garbage data. Instead, an EAP-identity within an EAP-MESSAGE AVP is
- * passed and encrypted as this is the first message sent after the handshake. If the EAP
- * identity is not passed and the garbage data packet is simply dropped, all subsequent packets
- * will have incorrect sequence numbers and fail message authentication.
- *
- * <p>The AVP, which contains an EAP-identity response, can safely be passed for each
- * wrap/unwrap as it is ignored if the handshake is still in progress. Consumption and
- * production during the handshake occur within the packet buffers.
- *
- * <p>Note that due to the ongoing COVID-19 pandemic, increased sanitization measures are being
- * employed in-between processHandshakeData calls in order to keep the buffers clean (RFC-EB)
- *
- * @param handshakeData the message to process
- * @param avp an avp containing an EAP-identity response
- * @return a {@link TlsResult} containing an outbound message and status of operation
- */
- public TlsResult processHandshakeData(byte[] handshakeData, byte[] avp) {
- clearAndGrowApplicationBufferIfNeeded();
- clearAndGrowPacketBufferIfNeeded();
-
- try {
- // The application buffer size is guaranteed to be larger than that of the AVP as the
- // handshaking messages contain substantially more data
- mApplicationData.put(avp);
- mPacketData.put(handshakeData);
- } catch (BufferOverflowException e) {
- // The connection will be closed because the buffer was just allocated to the desired
- // size.
- LOG.e(
- TAG,
- "Buffer overflow while attempting to process handshake message. Attempting to"
- + " close connection.",
- e);
- return closeConnection();
- }
- mApplicationData.flip();
- mPacketData.flip();
-
- TlsResult tlsResult = new TlsResult(TLS_STATUS_FAILURE);
-
- processingLoop:
- while (true) {
- switch (mHandshakeStatus) {
- case NEED_UNWRAP:
- tlsResult = doUnwrap();
- continue;
- case NEED_TASK:
- mSslEngine.getDelegatedTask().run();
- mHandshakeStatus = mSslEngine.getHandshakeStatus();
- continue;
- case NEED_WRAP:
- mPacketData.clear();
- tlsResult = doWrap();
- if (mHandshakeStatus == HandshakeStatus.FINISHED) {
- mHandshakeComplete = true;
- mHandshakeStatus = mSslEngine.getHandshakeStatus();
- }
- break processingLoop;
- default:
- // If the status is NOT_HANDSHAKING, this is unexpected, and is treated as a
- // failure. FINISHED can never be reached here because it is handled in
- // NEED_WRAP/NEED_UNWRAP
- break processingLoop;
- }
- }
-
- return tlsResult;
- }
-
- /**
- * Decrypts incoming data during a TLS session
- *
- * @param data the data to decrypt
- * @return a tls result containing the decrypted data and status of operation
- */
- public TlsResult processIncomingData(byte[] data) {
- clearAndGrowApplicationBufferIfNeeded();
- mPacketData = ByteBuffer.wrap(data);
- return doUnwrap();
- }
-
- /**
- * Encrypts outbound data during a TLS session
- *
- * @param data the data to encrypt
- * @return a tls result containing the encrypted data and status of operation
- */
- public TlsResult processOutgoingData(byte[] data) {
- clearAndGrowPacketBufferIfNeeded();
- mApplicationData = ByteBuffer.wrap(data);
- return doWrap();
- }
-
- /**
- * Unwraps data during a TLS session either during a handshake or for decryption purposes.
- *
- * @param applicationData a destination buffer with decrypted or processed data
- * @param packetData a bytebuffer containing inbound data from the server
- * @return a tls result containing the unwrapped message and status of operation
- */
- private TlsResult doUnwrap() {
- SSLEngineResult result;
- try {
- result = mSslEngine.unwrap(mPacketData, mApplicationData);
- } catch (SSLException e) {
- LOG.e(TAG, "Encountered an issue while unwrapping data. Connection will be closed.", e);
- return closeConnection();
- }
-
- mHandshakeStatus = result.getHandshakeStatus();
- if (result.getStatus() != Status.OK) {
- return closeConnection();
- }
-
- return new TlsResult(getByteArrayFromBuffer(mApplicationData), TLS_STATUS_SUCCESS);
- }
-
- /**
- * Wraps data during a TLS session either during a handshake or for encryption purposes.
- *
- * @param applicationData a bytebuffer containing data to encrypt or process
- * @param packetData a destination buffer for outbound data
- * @return a tls result containing the wrapped message and status of operation
- */
- private TlsResult doWrap() {
- SSLEngineResult result;
- try {
- result = mSslEngine.wrap(mApplicationData, mPacketData);
- } catch (SSLException e) {
- LOG.e(TAG, "Encountered an issue while wrapping data. Connection will be closed.", e);
- return closeConnection();
- }
-
- mHandshakeStatus = result.getHandshakeStatus();
- if (result.getStatus() != Status.OK) {
- return closeConnection();
- }
-
- return new TlsResult(
- getByteArrayFromBuffer(mPacketData),
- (mHandshakeStatus == HandshakeStatus.FINISHED)
- ? TLS_STATUS_TUNNEL_ESTABLISHED
- : TLS_STATUS_SUCCESS);
- }
-
- /**
- * Attempts to close the TLS tunnel.
- *
- * <p>Once a session has been closed, it cannot be reopened.
- *
- * @return a tls result with the status of the operation as well as a potential closing message
- */
- public TlsResult closeConnection() {
- try {
- mSslEngine.closeInbound();
- } catch (SSLException e) {
- LOG.e(TAG, "Error occurred when trying to close inbound.", e);
- }
- mSslEngine.closeOutbound();
-
- mHandshakeStatus = mSslEngine.getHandshakeStatus();
-
- if (mHandshakeStatus != HandshakeStatus.NEED_WRAP) {
- return new TlsResult(TLS_STATUS_CLOSED);
- }
-
- clearAndGrowPacketBufferIfNeeded();
- clearAndGrowApplicationBufferIfNeeded();
-
- SSLEngineResult result;
- while (mHandshakeStatus == HandshakeStatus.NEED_WRAP) {
- try {
- // the wrap is handled internally in order to preserve data in the buffers as they
- // are cleared in the beginning of the closeConnection call
- result = mSslEngine.wrap(mApplicationData, mPacketData);
- } catch (SSLException e) {
- LOG.e(
- TAG,
- "Wrap operation failed whilst attempting to flush out data during a close.",
- e);
- return new TlsResult(TLS_STATUS_FAILURE);
- }
-
- mHandshakeStatus = result.getHandshakeStatus();
- if (result.getStatus() == Status.BUFFER_OVERFLOW
- || result.getStatus() == Status.BUFFER_UNDERFLOW) {
- // an overflow or underflow at this point should not occur. if one does, terminate
- LOG.e(
- TAG,
- "Experienced an overflow or underflow while trying to close the TLS"
- + " connection.");
- return new TlsResult(TLS_STATUS_FAILURE);
- }
- }
-
- return new TlsResult(getByteArrayFromBuffer(mPacketData), TLS_STATUS_CLOSED);
- }
-
- /**
- * Generates the keying material required in EAP-TTLS (RFC5281#8)
- *
- * @return EapTtlsKeyingMaterial containing the MSK and EMSK
- */
- public EapTtlsKeyingMaterial generateKeyingMaterial() {
- if (!mHandshakeComplete) {
- EapInvalidRequestException invalidRequestException =
- new EapInvalidRequestException(
- "Keying material can only be generated once the handshake is"
- + " complete.");
- return new EapTtlsKeyingMaterial(new EapError(invalidRequestException));
- }
-
- try {
- // As per RFC5281#8 (and RFC5705#4), generation of keying material in EAP-TTLS does not
- // require a context.
- ByteBuffer keyingMaterial =
- ByteBuffer.wrap(
- SSLEngines.exportKeyingMaterial(
- mSslEngine,
- TTLS_EXPORTER_LABEL,
- null /* context */,
- TTLS_KEYING_MATERIAL_LEN));
-
- byte[] msk = new byte[MIN_MSK_LEN_BYTES];
- byte[] emsk = new byte[MIN_EMSK_LEN_BYTES];
- keyingMaterial.get(msk);
- keyingMaterial.get(emsk);
-
- return new EapTtlsKeyingMaterial(msk, emsk);
- } catch (SSLException e) {
- LOG.e(TAG, "Failed to generate EAP-TTLS keying material", e);
- return new EapTtlsKeyingMaterial(new EapError(e));
- }
- }
-
- /**
- * Verifies whether the packet data buffer is in need of additional memory and reallocates if
- * necessary
- */
- private void clearAndGrowPacketBufferIfNeeded() {
- mPacketData.clear();
- if (mPacketData.capacity() < mSslSession.getPacketBufferSize()) {
- mPacketData = ByteBuffer.allocate(mSslSession.getPacketBufferSize());
- }
- }
-
- /**
- * Verifies whether the application data buffer is in need of additional memory and reallocates
- * if necessary
- */
- private void clearAndGrowApplicationBufferIfNeeded() {
- mApplicationData.clear();
- if (mApplicationData.capacity() < mSslSession.getApplicationBufferSize()) {
- mApplicationData = ByteBuffer.allocate(mSslSession.getApplicationBufferSize());
- }
- }
-
- /**
- * Retrieves a byte array from a given byte buffer
- *
- * @param buffer the byte buffer to get the array from
- * @return a byte array
- */
- @VisibleForTesting
- public static byte[] getByteArrayFromBuffer(ByteBuffer buffer) {
- return Arrays.copyOfRange(buffer.array(), 0, buffer.position());
- }
-
- /**
- * TlsResult encapsulates the results of a TlsSession operation.
- *
- * <p>It contains the status result of the TLS session and the data that accompanies it
- */
- public class TlsResult {
- public final byte[] data;
- public final @TlsStatus int status;
-
- public TlsResult(byte[] data, @TlsStatus int status) {
- this.data = data;
- this.status = status;
- }
-
- public TlsResult(@TlsStatus int status) {
- this(new byte[0], status);
- }
- }
-
- /** EapTtlsKeyingMaterial encapsulates the result of keying material generation in EAP-TTLS */
- public class EapTtlsKeyingMaterial {
- public final byte[] msk;
- public final byte[] emsk;
- public final EapError eapError;
-
- public EapTtlsKeyingMaterial(byte[] msk, byte[] emsk) {
- this.msk = msk;
- this.emsk = emsk;
- this.eapError = null;
- }
-
- public EapTtlsKeyingMaterial(EapError eapError) {
- this.msk = null;
- this.emsk = null;
- this.eapError = eapError;
- }
-
- public boolean isSuccessful() {
- return eapError == null;
- }
- }
-}
diff --git a/src/java/com/android/internal/net/eap/crypto/TlsSessionFactory.java b/src/java/com/android/internal/net/eap/crypto/TlsSessionFactory.java
deleted file mode 100644
index 4483ce0..0000000
--- a/src/java/com/android/internal/net/eap/crypto/TlsSessionFactory.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.eap.crypto;
-
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.security.SecureRandom;
-import java.security.cert.X509Certificate;
-
-/** A factory class responsible for creating an instance of TlsSession */
-public class TlsSessionFactory {
-
- /**
- * Retrieves a new instance of TlsSession
- *
- * @param serverCaCert the CA certificate for validating the received server certificate(s).If
- * no certificate is provided, any root CA in the system's truststore is considered
- * acceptable. * @param secureRandom the secure random to use
- * @return a {@link TlsSession}
- * @throws GeneralSecurityException if the TLS session cannot be intiailized
- * @throws IOException if there is an I/O issue with keystore data
- */
- public TlsSession newInstance(X509Certificate serverCaCert, SecureRandom secureRandom)
- throws GeneralSecurityException, IOException {
- return new TlsSession(serverCaCert, secureRandom);
- }
-}
diff --git a/src/java/com/android/internal/net/eap/exceptions/ttls/EapTtlsHandshakeException.java b/src/java/com/android/internal/net/eap/exceptions/ttls/EapTtlsHandshakeException.java
deleted file mode 100644
index b99d339..0000000
--- a/src/java/com/android/internal/net/eap/exceptions/ttls/EapTtlsHandshakeException.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.eap.exceptions.ttls;
-
-/**
- * EapTtlsHandshakeException is thrown when the handshake is unable to be initiated or a failure
- * occurs that results in the handshake terminating.
- */
-public class EapTtlsHandshakeException extends Exception {
- /**
- * Construct an instance of EapTtlsHandshakeException with the specified detail message.
- *
- * @param message the detail message.
- */
- public EapTtlsHandshakeException(String message) {
- super(message);
- }
-
- /**
- * Construct an instance of EapTtlsHandshakeException with the specified message and cause.
- *
- * @param message the detail message.
- * @param cause the cause.
- */
- public EapTtlsHandshakeException(String message, Throwable cause) {
- super(message, cause);
- }
-}
diff --git a/src/java/com/android/internal/net/eap/exceptions/ttls/EapTtlsParsingException.java b/src/java/com/android/internal/net/eap/exceptions/ttls/EapTtlsParsingException.java
deleted file mode 100644
index 68f70cb..0000000
--- a/src/java/com/android/internal/net/eap/exceptions/ttls/EapTtlsParsingException.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.eap.exceptions.ttls;
-
-/**
- * EapTtlsParsingException is thrown when an invalid EapTtls Type Data is attempted to be processed.
- */
-public class EapTtlsParsingException extends Exception {
- /**
- * Construct an instance of EapTtlsParsingException with the specified detail message.
- *
- * @param message the detail message.
- */
- public EapTtlsParsingException(String message) {
- super(message);
- }
-
- /**
- * Construct an instance of EapTtlsParsingException with the specified message and cause.
- *
- * @param message the detail message.
- * @param cause the cause.
- */
- public EapTtlsParsingException(String message, Throwable cause) {
- super(message, cause);
- }
-}
diff --git a/src/java/com/android/internal/net/eap/message/EapData.java b/src/java/com/android/internal/net/eap/message/EapData.java
index e04418f..86dc43b 100644
--- a/src/java/com/android/internal/net/eap/message/EapData.java
+++ b/src/java/com/android/internal/net/eap/message/EapData.java
@@ -16,12 +16,6 @@
package com.android.internal.net.eap.message;
-import static android.net.eap.EapSessionConfig.EapMethodConfig.EAP_TYPE_AKA;
-import static android.net.eap.EapSessionConfig.EapMethodConfig.EAP_TYPE_AKA_PRIME;
-import static android.net.eap.EapSessionConfig.EapMethodConfig.EAP_TYPE_MSCHAP_V2;
-import static android.net.eap.EapSessionConfig.EapMethodConfig.EAP_TYPE_SIM;
-import static android.net.eap.EapSessionConfig.EapMethodConfig.EAP_TYPE_TTLS;
-
import android.annotation.IntDef;
import android.annotation.NonNull;
@@ -61,17 +55,29 @@
EAP_TYPE_SIM,
EAP_TYPE_AKA,
EAP_TYPE_MSCHAP_V2,
- EAP_TYPE_AKA_PRIME,
- EAP_TYPE_TTLS
+ EAP_TYPE_AKA_PRIME
})
public @interface EapType {}
+ @Retention(RetentionPolicy.SOURCE)
+ @IntDef({
+ EAP_TYPE_SIM,
+ EAP_TYPE_AKA,
+ EAP_TYPE_MSCHAP_V2,
+ EAP_TYPE_AKA_PRIME
+ })
+ public @interface EapMethod {}
+
// EAP Type values defined by IANA
// https://www.iana.org/assignments/eap-numbers/eap-numbers.xhtml
public static final int EAP_IDENTITY = 1;
public static final int EAP_NOTIFICATION = 2;
public static final int EAP_NAK = 3;
// EAP_MD5_CHALLENGE unsupported, allowable based on RFC 3748, Section 5.4
+ public static final int EAP_TYPE_SIM = 18;
+ public static final int EAP_TYPE_AKA = 23;
+ public static final int EAP_TYPE_MSCHAP_V2 = 26;
+ public static final int EAP_TYPE_AKA_PRIME = 50;
public static final Map<Integer, String> EAP_TYPE_STRING = new HashMap<>();
static {
@@ -82,7 +88,6 @@
EAP_TYPE_STRING.put(EAP_TYPE_AKA, "EAP-AKA");
EAP_TYPE_STRING.put(EAP_TYPE_MSCHAP_V2, "EAP-MSCHAP-V2");
EAP_TYPE_STRING.put(EAP_TYPE_AKA_PRIME, "EAP-AKA-PRIME");
- EAP_TYPE_STRING.put(EAP_TYPE_TTLS, "EAP-TTLS");
}
private static final Set<Integer> SUPPORTED_TYPES = new HashSet<>();
@@ -96,7 +101,6 @@
SUPPORTED_TYPES.add(EAP_TYPE_AKA);
SUPPORTED_TYPES.add(EAP_TYPE_MSCHAP_V2);
SUPPORTED_TYPES.add(EAP_TYPE_AKA_PRIME);
- SUPPORTED_TYPES.add(EAP_TYPE_TTLS);
}
@EapType public final int eapType;
diff --git a/src/java/com/android/internal/net/eap/message/ttls/EapTtlsAvp.java b/src/java/com/android/internal/net/eap/message/ttls/EapTtlsAvp.java
deleted file mode 100644
index 3846175..0000000
--- a/src/java/com/android/internal/net/eap/message/ttls/EapTtlsAvp.java
+++ /dev/null
@@ -1,316 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.eap.message.ttls;
-
-import static com.android.internal.net.eap.EapAuthenticator.LOG;
-
-import com.android.internal.annotations.VisibleForTesting;
-import com.android.internal.net.eap.EapResult.EapError;
-import com.android.internal.net.eap.exceptions.ttls.EapTtlsParsingException;
-
-import java.nio.BufferUnderflowException;
-import java.nio.ByteBuffer;
-
-/**
- * EapTtlsAvp represents the structure of an AVP during an EAP-TTLS session (RFC5281#10.1) The
- * structure of the flag byte is as follows:
- *
- * <pre>
- * |---+---+---+---+---+-----------+
- * | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
- * | V | M | r | r | r | r | r | r |
- * |---+---+---+---+---+---+---+---+
- * V = Vendor ID present
- * M = AVP support is mandatory
- * r = Reserved bits (must be ignored)
- * </pre>
- *
- * @see <a href="https://tools.ietf.org/html/rfc5281#section-10.1">RFC 5281, Extensible
- * Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0
- * (EAP-TTLSv0)</a>
- */
-public class EapTtlsAvp {
- private static final String TAG = EapTtlsAvp.class.getSimpleName();
-
- // AVP code derived from RFC3579#3.1. Note that the EAP-TTLS uses an custom AVP structure (see
- // RFC 5281, section 10.1), as opposed to the one defined in RFC 3579.
- private static final int EAP_MESSAGE_AVP_CODE = 79;
-
- private static final int AVP_CODE_LEN_BYTES = 4;
- private static final int AVP_FLAGS_LEN_BYTES = 1;
- private static final int AVP_LENGTH_LEN_BYTES = 3;
- private static final int AVP_VENDOR_ID_LEN_BYTES = 4;
- private static final int AVP_HEADER_LEN_BYTES =
- AVP_CODE_LEN_BYTES + AVP_FLAGS_LEN_BYTES + AVP_LENGTH_LEN_BYTES;
- private static final int AVP_BYTE_ALIGNMENT = 4;
-
- private static final int FLAG_VENDOR_ID_INCLUDED = 1 << 7;
- private static final int FLAG_AVP_MANDATORY = 1 << 6;
-
- public final int avpCode;
- public final int avpLength;
- public final int vendorId;
- public final byte[] data;
-
- public final boolean isMandatory;
- public final boolean isVendorIdPresent;
-
- @VisibleForTesting
- EapTtlsAvp(ByteBuffer buffer) throws EapTtlsParsingException {
- avpCode = buffer.getInt();
- byte avpFlags = buffer.get();
-
- isMandatory = (avpFlags & FLAG_AVP_MANDATORY) != 0;
- isVendorIdPresent = (avpFlags & FLAG_VENDOR_ID_INCLUDED) != 0;
-
- avpLength = getAvpLength(buffer);
- int dataLength = avpLength - AVP_HEADER_LEN_BYTES;
-
- if (isVendorIdPresent) {
- dataLength -= AVP_VENDOR_ID_LEN_BYTES;
- vendorId = buffer.getInt();
- } else {
- // no vendor ID is equivalent to a vendor ID of 0 (RFC5281#10.1)
- vendorId = 0;
- }
-
- if (dataLength < 0) {
- throw new EapTtlsParsingException(
- "Received an AVP with an invalid length: "
- + avpLength
- + ". Data length was predicted to be "
- + dataLength);
- }
-
- data = new byte[dataLength];
- buffer.get(data);
-
- // the remaining padding is consumed in order to align with the next AVP header
- int paddingSize = getAvpPadding(avpLength);
- buffer.get(new byte[paddingSize]);
- }
-
- private EapTtlsAvp(int avpCode, int vendorId, boolean isMandatory, byte[] data) {
- this.avpCode = avpCode;
- this.vendorId = vendorId;
- this.isMandatory = isMandatory;
- this.data = data;
- // A vendor ID of 0 is equivalent to not sending the vendor ID at all (RFC5281#10.1)
- if (vendorId != 0) {
- avpLength = data.length + AVP_HEADER_LEN_BYTES + AVP_VENDOR_ID_LEN_BYTES;
- isVendorIdPresent = true;
- } else {
- avpLength = data.length + AVP_HEADER_LEN_BYTES;
- isVendorIdPresent = false;
- }
- }
-
- /**
- * Assembles each bit from the flag byte into a byte
- *
- * @return a byte that compromises the avp flags
- */
- private byte getFlagByte() {
- int flag = 0;
- flag |= isVendorIdPresent ? FLAG_VENDOR_ID_INCLUDED : 0;
- flag |= isMandatory ? FLAG_AVP_MANDATORY : 0;
- return (byte) flag;
- }
-
- /**
- * Encodes this AVP instance into a byte array.
- *
- * @return byte[] representing the encoded value of this EapTtlsAvp instance
- */
- public byte[] encode() {
- // Each AVP must be padded to the next 4 byte boundary (RFC5281#10.2), so 0 to 3 padding
- // bytes may be added to the original length
- int paddedAvpLength = avpLength + getAvpPadding(avpLength);
-
- ByteBuffer encodedBuffer = ByteBuffer.allocate(paddedAvpLength);
-
- encodedBuffer.putInt(avpCode);
- encodedBuffer.put(getFlagByte());
- encodeAvpLength(encodedBuffer, avpLength);
- if (isVendorIdPresent) {
- encodedBuffer.putInt(vendorId);
- }
- encodedBuffer.put(data);
-
- return encodedBuffer.array();
- }
-
- /**
- * Produces an EAP-MESSAGE AVP (RFC5281#10.1)
- *
- * @param data the data to encode in the avp
- * @param vendorId the vendorId or 0 if not specified
- * @return an EAP-MESSAGE AVP
- */
- public static EapTtlsAvp getEapMessageAvp(int vendorId, byte[] data) {
- return new EapTtlsAvp(EAP_MESSAGE_AVP_CODE, vendorId, true /* isMandatory */, data);
- }
-
- /**
- * Retrieves the required padding bytes (4 byte aligned) for a given length
- *
- * @param avpLength the length to pad
- * @return the required padding bytes
- */
- @VisibleForTesting
- static int getAvpPadding(int avpLength) {
- if (avpLength % AVP_BYTE_ALIGNMENT == 0) {
- return 0;
- }
- return AVP_BYTE_ALIGNMENT - (avpLength % AVP_BYTE_ALIGNMENT);
- }
-
- /**
- * Encodes an AVP length into a given bytebuffer
- *
- * <p>As per RFC5281#10.2, the avp length field is 3 bytes
- *
- * @param buffer the bytebuffer to encode the length into
- * @param length the length to encode
- */
- @VisibleForTesting
- static void encodeAvpLength(ByteBuffer buffer, int length) {
- buffer.put((byte) (length >> 16));
- buffer.put((byte) (length >> 8));
- buffer.put((byte) length);
- }
-
- /**
- * Converts a byte array of size 3 to its integer representation
- *
- * <p>As per RFC5281#10.2, the AVP length field is 3 bytes
- *
- * @param buffer a byte buffer to extract the length from
- * @return an int representation of the byte array
- * @throws BufferUnderflowException if the buffer has less than 3 bytes remaining
- */
- @VisibleForTesting
- static int getAvpLength(ByteBuffer buffer) throws BufferUnderflowException {
- return (Byte.toUnsignedInt(buffer.get()) << 16)
- | (Byte.toUnsignedInt(buffer.get()) << 8)
- | Byte.toUnsignedInt(buffer.get());
- }
-
- /** EapTtlsAvpDecoder will be used for decoding {@link EapTtlsAvp} objects. */
- public static class EapTtlsAvpDecoder {
- /**
- * Decodes and returns an EapTtlsAvp for the specified EAP-TTLS AVP.
- *
- * <p>In the case that multiple AVPs are received, all AVPs will be decoded, but only the
- * EAP-MESSAGE AVP will be stored. All AVP codes and Vendor-IDs will be logged. Furthermore,
- * if multiple EAP-MESSAGE AVPs are received, this will be treated as an error.
- *
- * @param avp a byte array representing the AVP
- * @return DecodeResult wrapping an EapTtlsAvp instance for the given EapTtlsAvp iff the
- * eapTtlsAvp is formatted correctly. Otherwise, the DecodeResult wraps the appropriate
- * EapError.
- */
- public AvpDecodeResult decode(byte[] avp) {
- try {
- // AVPs must be 4 byte aligned (RFC5281#10.2)
- if (avp.length % AVP_BYTE_ALIGNMENT != 0) {
- return new AvpDecodeResult(
- new EapError(
- new EapTtlsParsingException(
- "Received one or more invalid AVPs: AVPs must be 4"
- + " byte aligned.")));
- }
- ByteBuffer avpBuffer = ByteBuffer.wrap(avp);
- EapTtlsAvp eapMessageAvp = null;
-
- while (avpBuffer.hasRemaining()) {
- EapTtlsAvp decodedAvp = new EapTtlsAvp(avpBuffer);
- LOG.i(
- TAG,
- "Decoded AVP with code "
- + decodedAvp.avpCode
- + " and vendor ID "
- + decodedAvp.vendorId);
-
- if (decodedAvp.avpCode == EAP_MESSAGE_AVP_CODE) {
- if (eapMessageAvp != null) {
- // Only one EAP-MESSAGE AVP is expected at a time
- return new AvpDecodeResult(
- new EapError(
- new EapTtlsParsingException(
- "Received multiple EAP-MESSAGE AVPs in one"
- + " message")));
- }
- eapMessageAvp = decodedAvp;
- } else if (decodedAvp.isMandatory) {
- // As per RFC5281#10.1, if an AVP tagged as mandatory is unsupported, the
- // negotiation should fail
- return new AvpDecodeResult(
- new EapError(
- new EapTtlsParsingException(
- "Received an AVP that requires support for AVP code"
- + decodedAvp.avpCode)));
- }
- }
-
- if (eapMessageAvp == null) {
- return new AvpDecodeResult(
- new EapError(
- new EapTtlsParsingException(
- "No EAP-MESSAGE (79) AVP was found")));
- }
-
- return new AvpDecodeResult(eapMessageAvp);
- } catch (BufferUnderflowException | EapTtlsParsingException e) {
- return new AvpDecodeResult(new EapError(e));
- }
- }
-
- /**
- * DecodeResult represents the result from attempting to decode a sequence of EAP-TTLS
- * AVPs. It will contain either an EapTtlsAvp or an EapError.
- *
- * <p>In the case that multiple AVPs are received, all AVPs will be decoded and their AVP
- * codes/Vendor-ID will be logged. However, only the EAP-MESSAGE AVP will be stored in the
- * decode result. Furthermore, if zero, or multiple EAP-MESSAGE AVPs are received, this will
- * be treated as an error.
- */
- public static class AvpDecodeResult {
- public final EapTtlsAvp eapTtlsAvp;
- public final EapError eapError;
-
- public AvpDecodeResult(EapTtlsAvp eapTtlsAvp) {
- this.eapTtlsAvp = eapTtlsAvp;
- this.eapError = null;
- }
-
- public AvpDecodeResult(EapError eapError) {
- this.eapTtlsAvp = null;
- this.eapError = eapError;
- }
-
- /**
- * Checks whether this instance represents a successful decode operation.
- *
- * @return true iff this DecodeResult represents a successfully decoded Type Data
- */
- public boolean isSuccessfulDecode() {
- return eapTtlsAvp != null;
- }
- }
- }
-}
diff --git a/src/java/com/android/internal/net/eap/message/ttls/EapTtlsInboundFragmentationHelper.java b/src/java/com/android/internal/net/eap/message/ttls/EapTtlsInboundFragmentationHelper.java
deleted file mode 100644
index 0c9e116..0000000
--- a/src/java/com/android/internal/net/eap/message/ttls/EapTtlsInboundFragmentationHelper.java
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.eap.message.ttls;
-
-import static com.android.internal.net.eap.EapAuthenticator.LOG;
-
-import android.annotation.IntDef;
-
-import com.android.internal.annotations.VisibleForTesting;
-
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.nio.ByteBuffer;
-
-/** The inbound fragmentation helper is responsible for assembling fragmented EAP-TTLS data. */
-public class EapTtlsInboundFragmentationHelper {
- private static final String TAG = EapTtlsInboundFragmentationHelper.class.getSimpleName();
-
- @Retention(RetentionPolicy.SOURCE)
- @IntDef({
- FRAGMENTATION_STATUS_ACK,
- FRAGMENTATION_STATUS_ASSEMBLED,
- FRAGMENTATION_STATUS_INVALID
- })
- public @interface FragmentationStatus {}
-
- // ACK indicates that an inbound fragment has been processed and an ACK should be sent
- public static final int FRAGMENTATION_STATUS_ACK = 0;
- // ASSEMBLED indicates that fragments have been reasembeled and data can now be processed
- public static final int FRAGMENTATION_STATUS_ASSEMBLED = 1;
- // INVALID indicates some kind of failure likely due to an unexpected request or invalid data
- public static final int FRAGMENTATION_STATUS_INVALID = 2;
-
- @VisibleForTesting public boolean mIsAwaitingFragments = false;
- @VisibleForTesting public ByteBuffer mFragmentedData;
-
- /**
- * This method is responsible for processing incoming fragmented data (RFC5281#9.2.2)
- *
- * @param typeData the type data to process
- * @return a fragmentation status indicating the result of the process
- */
- public @FragmentationStatus int assembleInboundMessage(EapTtlsTypeData typeData) {
- if (!mIsAwaitingFragments) {
- if (typeData.isDataFragmented) {
- mIsAwaitingFragments = true;
- mFragmentedData = ByteBuffer.allocate(typeData.messageLength);
- } else {
- // If there is no fragmentation, simply return the full data in a byte array
- mFragmentedData = ByteBuffer.wrap(typeData.data);
- return FRAGMENTATION_STATUS_ASSEMBLED;
- }
- } else if (typeData.isLengthIncluded) {
- // the length bit MUST only be set on the first packet for a fragmented packet
- // (RFC5281#9.2.2)
- LOG.e(
- TAG,
- "Fragmentation failure: Received a second or greater fragmented request"
- + " with the length bit set.");
- return FRAGMENTATION_STATUS_INVALID;
- }
-
- if (typeData.data.length > mFragmentedData.remaining()) {
- LOG.e(
- TAG,
- "Fragmentation failure: Received more data then declared and failed to"
- + " reassemble fragment.");
- return FRAGMENTATION_STATUS_INVALID;
- }
-
- mFragmentedData.put(typeData.data);
-
- if (typeData.isDataFragmented) {
- return FRAGMENTATION_STATUS_ACK;
- }
-
- LOG.d(TAG, "Successfully assembled a fragment.");
- mIsAwaitingFragments = false;
- return FRAGMENTATION_STATUS_ASSEMBLED;
- }
-
- /**
- * Retrieves assembled inbound fragmented data
- *
- * @return a byte array containing an assembled inbound fragment
- */
- public byte[] getAssembledInboundFragment() {
- return mFragmentedData.array();
- }
-
- /**
- * Indicates whether a fragmentation session is currently in progress
- *
- * @return true if fragmentation is in progress
- */
- public boolean isAwaitingFragments() {
- return mIsAwaitingFragments;
- }
-}
diff --git a/src/java/com/android/internal/net/eap/message/ttls/EapTtlsOutboundFragmentationHelper.java b/src/java/com/android/internal/net/eap/message/ttls/EapTtlsOutboundFragmentationHelper.java
deleted file mode 100644
index 03c6c45..0000000
--- a/src/java/com/android/internal/net/eap/message/ttls/EapTtlsOutboundFragmentationHelper.java
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.eap.message.ttls;
-
-import com.android.internal.annotations.VisibleForTesting;
-
-import java.nio.ByteBuffer;
-
-/** The outbound fragmentation helper is responsible for fragmenting outbound EAP-TTLS data */
-public class EapTtlsOutboundFragmentationHelper {
- private static final String TAG = EapTtlsInboundFragmentationHelper.class.getSimpleName();
-
- private static final int DEFAULT_FRAGMENTATION_SIZE = 1024;
-
- // Defines the outbound fragment size
- private final int mFragmentSize;
- private ByteBuffer mFragmentedData;
-
- // TODO(b/165668196): Modify outbound fragmentation helper to be per-message in EAP-TTLS
- public EapTtlsOutboundFragmentationHelper() {
- this(DEFAULT_FRAGMENTATION_SIZE);
- }
-
- /**
- * Sets a specific fragment size for the fragmentation helper instance. This should only be used
- * for testing.
- *
- * @param fragmentSize the fragment size to set
- */
- @VisibleForTesting
- public EapTtlsOutboundFragmentationHelper(int fragmentSize) {
- mFragmentSize = fragmentSize;
- }
-
- /**
- * Prepares an outbound message for fragmentation
- *
- * @param data the data to fragment
- */
- public void setupOutboundFragmentation(byte[] data) {
- mFragmentedData = ByteBuffer.wrap(data);
- }
-
- /**
- * Returns fragmented data ready to be sent to the server
- *
- * @return a fragmentation result which contains the fragmented data as well as a boolean
- * indicating whether more fragments will follow
- * @throws IllegalStateException if this is called when a fragmentation session is not in
- * progress
- */
- public FragmentationResult getNextOutboundFragment() throws IllegalStateException {
- if (mFragmentedData == null || !mFragmentedData.hasRemaining()) {
- throw new IllegalStateException(
- "Error producing next outbound fragment. No fragmented packets are currently"
- + " being processed.");
- }
- // If the data in the buffer is larger than the fragmentSize, produce a fragment of
- // fragmentSize. Otherwise, return all the remaining data
- int outboundDataSize = Math.min(mFragmentSize, mFragmentedData.remaining());
- byte[] outboundData = new byte[outboundDataSize];
- mFragmentedData.get(outboundData);
-
- return new FragmentationResult(outboundData, mFragmentedData.hasRemaining());
- }
-
- /**
- * Indicates whether there is additional outbound fragmented data to be sent
- *
- * <p>This should be called in case the server does not send an ack but sends a regular request
- * in response to a fragment. This will allow the state machine to detect an unexpected request
- * error.
- *
- * @return a boolean indicating whether there are outbound fragments that need to be sent
- */
- public boolean hasRemainingFragments() {
- return mFragmentedData != null && mFragmentedData.hasRemaining();
- }
-
- /** FragmentationResult encapsulates the results of outbound fragmentation processing */
- public class FragmentationResult {
-
- public final boolean hasRemainingFragments;
- public final byte[] fragmentedData;
-
- public FragmentationResult(byte[] fragmentedData, boolean hasRemainingFragments) {
- this.fragmentedData = fragmentedData;
- this.hasRemainingFragments = hasRemainingFragments;
- }
- }
-}
diff --git a/src/java/com/android/internal/net/eap/message/ttls/EapTtlsTypeData.java b/src/java/com/android/internal/net/eap/message/ttls/EapTtlsTypeData.java
deleted file mode 100644
index 68c1c06..0000000
--- a/src/java/com/android/internal/net/eap/message/ttls/EapTtlsTypeData.java
+++ /dev/null
@@ -1,253 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.eap.message.ttls;
-
-import static com.android.internal.net.eap.EapAuthenticator.LOG;
-
-import com.android.internal.annotations.VisibleForTesting;
-import com.android.internal.net.eap.EapResult.EapError;
-import com.android.internal.net.eap.exceptions.ttls.EapTtlsParsingException;
-import com.android.internal.net.eap.message.EapMessage;
-
-import java.nio.BufferUnderflowException;
-import java.nio.ByteBuffer;
-
-/**
- * EapTtlsTypeData represents the type data for an {@link EapMessage} during an EAP-TTLS session.
- * The structure of the flag byte is as follows:
- *
- * <pre>
- * |---+---+---+---+---+-------+
- * | 0 | 1 | 2 | 3 | 4 | 5 6 7 |
- * | L | M | S | R | R | V |
- * |---+---+---+---+---+-------+
- * L = Message length is included
- * M = More fragments incoming
- * S = Start
- * R = Reserved
- * V = Version
- * </pre>
- *
- * @see <a href="https://tools.ietf.org/html/rfc5281">RFC 5281, Extensible Authentication Protocol
- * Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0)</a>
- */
-public class EapTtlsTypeData {
- private static final String TAG = EapTtlsTypeData.class.getSimpleName();
-
- /*
- * Used to extract bits from the flag byte as well as set them. Flag defined via:
- * https://tools.ietf.org/html/rfc5281#section-9.1
- * Note that unlike the flag diagram, the length included field is treated as the
- * most significant bit
- */
- private static final int FLAG_LENGTH_INCLUDED = 1 << 7;
- private static final int FLAG_PACKET_FRAGMENTED = 1 << 6;
- private static final int FLAG_START = 1 << 5;
- // used to extract the lower 3 bits from the flag byte
- private static final int FLAG_VERSION_MASK = 0x07;
-
- private static final int FLAGS_LEN_BYTES = 1;
- private static final int MESSAGE_LENGTH_LEN_BYTES = 4;
-
- private static final int SUPPORTED_EAP_TTLS_VERSION = 0;
- private static final int LEN_NOT_INCLUDED = 0;
-
- public final boolean isLengthIncluded;
- public final boolean isStart;
- public final boolean isDataFragmented;
- public final int version;
- public final int messageLength;
- public byte[] data;
-
- // Package-private
- EapTtlsTypeData(ByteBuffer buffer) throws EapTtlsParsingException {
- byte flags = buffer.get();
- isLengthIncluded = (flags & FLAG_LENGTH_INCLUDED) != 0;
- isDataFragmented = (flags & FLAG_PACKET_FRAGMENTED) != 0;
- isStart = (flags & FLAG_START) != 0;
- version = (flags & FLAG_VERSION_MASK);
-
- messageLength = isLengthIncluded ? buffer.getInt() : 0;
- data = new byte[buffer.remaining()];
- buffer.get(data);
-
- if (!isDataFragmented && isLengthIncluded && data.length != messageLength) {
- throw new EapTtlsParsingException(
- "Received an unfragmented packet with message length not equal to payload");
- }
- }
-
- private EapTtlsTypeData(
- boolean isDataFragmented, boolean isStart, int version, int messageLength, byte[] data)
- throws EapTtlsParsingException {
- this.isLengthIncluded = messageLength != LEN_NOT_INCLUDED;
- this.isDataFragmented = isDataFragmented;
- this.isStart = isStart;
- if (version != SUPPORTED_EAP_TTLS_VERSION) {
- throw new EapTtlsParsingException("Unsupported version number: " + version);
- }
- this.version = version;
- this.messageLength = messageLength;
- this.data = data;
-
- if (!isDataFragmented && isLengthIncluded && data.length != messageLength) {
- throw new EapTtlsParsingException(
- "Received an unfragmented packet with message length not equal to payload");
- }
- }
- /**
- * Assembles each bit from the flag byte into a byte
- *
- * @return a byte that compromises the EAP-TTLS flags
- */
- private byte getFlagByte() {
- return (byte)
- ((isLengthIncluded ? FLAG_LENGTH_INCLUDED : 0)
- | (isDataFragmented ? FLAG_PACKET_FRAGMENTED : 0)
- | (isStart ? FLAG_START : 0)
- | (version));
- }
-
- /**
- * Determines if the type data represents an acknowledgment packet (RFC5281#9.2.3)
- *
- * @return true if it is an ack
- */
- public boolean isAcknowledgmentPacket() {
- return data.length == 0 && !isStart && !isLengthIncluded && !isDataFragmented;
- }
-
- /**
- * Constructs and returns new EAP-TTLS response type data.
- *
- * @param packetFragmented a boolean that indicates whether this is a fragmented message
- * @param start indicates if the start bit should be set
- * @param version the EAP-TTLS version number
- * @param messageLength an optional field to indicate the raw length of the data field prior to
- * fragmentation
- * @param data the raw tls message sequence
- * @return an EapTtlsTypeData or null if the packet configuration is invalid
- */
- public static EapTtlsTypeData getEapTtlsTypeData(
- boolean packetFragmented, boolean start, int version, int messageLength, byte[] data) {
- try {
- return new EapTtlsTypeData(packetFragmented, start, version, messageLength, data);
- } catch (EapTtlsParsingException e) {
- LOG.e(TAG, "Parsing exception thrown while attempting to create an EapTtlsTypeData");
- return null;
- }
- }
-
- /**
- * Encodes this EapTtlsTypeData instance as a byte[].
- *
- * @return byte[] representing the encoded value of this EapTtlsTypeData instance
- */
- public byte[] encode() {
- int msgLen = isLengthIncluded ? MESSAGE_LENGTH_LEN_BYTES : 0;
- int bufferSize = data.length + FLAGS_LEN_BYTES + msgLen;
- ByteBuffer buffer = ByteBuffer.allocate(bufferSize);
- buffer.put(getFlagByte());
- if (isLengthIncluded) {
- buffer.putInt(messageLength);
- }
- buffer.put(data);
- return buffer.array();
- }
-
- /** EapTtlsAcknowledgement represents an EapTtls ack response (EAP-TTLS#9.2.3) */
- public static class EapTtlsAcknowledgement extends EapTtlsTypeData {
- private static final String TAG = EapTtlsAcknowledgement.class.getSimpleName();
-
- @VisibleForTesting
- public EapTtlsAcknowledgement() throws EapTtlsParsingException {
- super(
- false /* no fragmentation */,
- false /* not start */,
- 0 /* version */,
- 0 /* length */,
- new byte[0] /* no data */);
- }
-
- /**
- * Constructs and returns a new EAP-TTLS acknowledgement type data.
- *
- * @return a new EapTtlsAcknowledgement instance
- */
- public static EapTtlsAcknowledgement getEapTtlsAcknowledgement() {
- try {
- return new EapTtlsAcknowledgement();
- } catch (EapTtlsParsingException e) {
- // This should never happen
- LOG.e(
- TAG,
- "Parsing exception thrown while attempting"
- + "to create an acknowledgement packet");
- return null;
- }
- }
- }
-
- /** EapTtlsTypeDataDecoder will be used for decoding {@link EapTtlsTypeData} objects. */
- public static class EapTtlsTypeDataDecoder {
-
- /**
- * Decodes and returns an EapTtlsTypeData for the specified eapTypeData.
- *
- * @param eapTypeData byte[] to be decoded as an EapTtlsTypeData instance
- * @return DecodeResult wrapping an EapTtlsTypeData instance for the given eapTypeData iff
- * the eapTypeData is formatted correctly. Otherwise, the DecodeResult wraps the
- * appropriate EapError.
- */
- public DecodeResult decodeEapTtlsRequestPacket(byte[] eapTypeData) {
- try {
- ByteBuffer buffer = ByteBuffer.wrap(eapTypeData);
- return new DecodeResult(new EapTtlsTypeData(buffer));
- } catch (BufferUnderflowException | EapTtlsParsingException e) {
- return new DecodeResult(new EapError(e));
- }
- }
-
- /**
- * DecodeResult represents the result from calling a decode method within
- * EapTtlsTypeDataDecoder. It will contain either an EapTtlsTypeData or an EapError.
- */
- public static class DecodeResult {
- public final EapTtlsTypeData eapTypeData;
- public final EapError eapError;
-
- public DecodeResult(EapTtlsTypeData eapTypeData) {
- this.eapTypeData = eapTypeData;
- this.eapError = null;
- }
-
- public DecodeResult(EapError eapError) {
- this.eapTypeData = null;
- this.eapError = eapError;
- }
-
- /**
- * Checks whether this instance represents a successful decode operation.
- *
- * @return true iff this DecodeResult represents a successfully decoded Type Data
- */
- public boolean isSuccessfulDecode() {
- return eapTypeData != null;
- }
- }
- }
-}
diff --git a/src/java/com/android/internal/net/eap/statemachine/EapAkaMethodStateMachine.java b/src/java/com/android/internal/net/eap/statemachine/EapAkaMethodStateMachine.java
index 62d28a3..2f69591 100644
--- a/src/java/com/android/internal/net/eap/statemachine/EapAkaMethodStateMachine.java
+++ b/src/java/com/android/internal/net/eap/statemachine/EapAkaMethodStateMachine.java
@@ -16,9 +16,8 @@
package com.android.internal.net.eap.statemachine;
-import static android.net.eap.EapSessionConfig.EapMethodConfig.EAP_TYPE_AKA;
-
import static com.android.internal.net.eap.EapAuthenticator.LOG;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_AKA;
import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_SUCCESS;
import static com.android.internal.net.eap.message.simaka.EapAkaTypeData.EAP_AKA_AUTHENTICATION_REJECT;
import static com.android.internal.net.eap.message.simaka.EapAkaTypeData.EAP_AKA_CHALLENGE;
@@ -39,7 +38,6 @@
import android.annotation.Nullable;
import android.content.Context;
import android.net.eap.EapSessionConfig.EapAkaConfig;
-import android.net.eap.EapSessionConfig.EapMethodConfig.EapMethod;
import android.telephony.TelephonyManager;
import com.android.internal.annotations.VisibleForTesting;
@@ -54,6 +52,7 @@
import com.android.internal.net.eap.exceptions.simaka.EapSimAkaIdentityUnavailableException;
import com.android.internal.net.eap.exceptions.simaka.EapSimAkaInvalidAttributeException;
import com.android.internal.net.eap.exceptions.simaka.EapSimAkaInvalidLengthException;
+import com.android.internal.net.eap.message.EapData.EapMethod;
import com.android.internal.net.eap.message.EapMessage;
import com.android.internal.net.eap.message.simaka.EapAkaTypeData;
import com.android.internal.net.eap.message.simaka.EapAkaTypeData.EapAkaTypeDataDecoder;
diff --git a/src/java/com/android/internal/net/eap/statemachine/EapAkaPrimeMethodStateMachine.java b/src/java/com/android/internal/net/eap/statemachine/EapAkaPrimeMethodStateMachine.java
index ac839ab..15801f3 100644
--- a/src/java/com/android/internal/net/eap/statemachine/EapAkaPrimeMethodStateMachine.java
+++ b/src/java/com/android/internal/net/eap/statemachine/EapAkaPrimeMethodStateMachine.java
@@ -16,9 +16,8 @@
package com.android.internal.net.eap.statemachine;
-import static android.net.eap.EapSessionConfig.EapMethodConfig.EAP_TYPE_AKA_PRIME;
-
import static com.android.internal.net.eap.EapAuthenticator.LOG;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_AKA_PRIME;
import static com.android.internal.net.eap.message.simaka.EapAkaTypeData.EAP_AKA_CLIENT_ERROR;
import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_AUTN;
import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_KDF;
@@ -27,12 +26,12 @@
import android.annotation.Nullable;
import android.content.Context;
import android.net.eap.EapSessionConfig.EapAkaPrimeConfig;
-import android.net.eap.EapSessionConfig.EapMethodConfig.EapMethod;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.net.crypto.KeyGenerationUtils;
import com.android.internal.net.eap.EapResult;
import com.android.internal.net.eap.crypto.HmacSha256ByteSigner;
+import com.android.internal.net.eap.message.EapData.EapMethod;
import com.android.internal.net.eap.message.EapMessage;
import com.android.internal.net.eap.message.simaka.EapAkaPrimeTypeData;
import com.android.internal.net.eap.message.simaka.EapAkaPrimeTypeData.EapAkaPrimeTypeDataDecoder;
diff --git a/src/java/com/android/internal/net/eap/statemachine/EapMethodStateMachine.java b/src/java/com/android/internal/net/eap/statemachine/EapMethodStateMachine.java
index 8700806..74e9a16 100644
--- a/src/java/com/android/internal/net/eap/statemachine/EapMethodStateMachine.java
+++ b/src/java/com/android/internal/net/eap/statemachine/EapMethodStateMachine.java
@@ -22,13 +22,13 @@
import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_SUCCESS;
import android.annotation.Nullable;
-import android.net.eap.EapSessionConfig.EapMethodConfig.EapMethod;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.net.eap.EapResult;
import com.android.internal.net.eap.EapResult.EapError;
import com.android.internal.net.eap.EapResult.EapFailure;
import com.android.internal.net.eap.exceptions.EapInvalidRequestException;
+import com.android.internal.net.eap.message.EapData.EapMethod;
import com.android.internal.net.eap.message.EapMessage;
import com.android.internal.net.utils.SimpleStateMachine;
diff --git a/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2MethodStateMachine.java b/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2MethodStateMachine.java
index 80aadfc..b78eaa9 100644
--- a/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2MethodStateMachine.java
+++ b/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2MethodStateMachine.java
@@ -16,10 +16,9 @@
package com.android.internal.net.eap.statemachine;
-import static android.net.eap.EapSessionConfig.EapMethodConfig.EAP_TYPE_MSCHAP_V2;
-
import static com.android.internal.net.eap.EapAuthenticator.LOG;
import static com.android.internal.net.eap.message.EapData.EAP_NOTIFICATION;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_MSCHAP_V2;
import static com.android.internal.net.eap.message.EapData.EAP_TYPE_STRING;
import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_FAILURE;
import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_RESPONSE;
@@ -31,7 +30,6 @@
import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2FailureResponse.getEapMsChapV2FailureResponse;
import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2SuccessResponse.getEapMsChapV2SuccessResponse;
-import android.net.eap.EapSessionConfig.EapMethodConfig.EapMethod;
import android.net.eap.EapSessionConfig.EapMsChapV2Config;
import com.android.internal.annotations.VisibleForTesting;
@@ -45,6 +43,7 @@
import com.android.internal.net.eap.exceptions.EapSilentException;
import com.android.internal.net.eap.exceptions.mschapv2.EapMsChapV2ParsingException;
import com.android.internal.net.eap.message.EapData;
+import com.android.internal.net.eap.message.EapData.EapMethod;
import com.android.internal.net.eap.message.EapMessage;
import com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData;
import com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2ChallengeRequest;
diff --git a/src/java/com/android/internal/net/eap/statemachine/EapSimMethodStateMachine.java b/src/java/com/android/internal/net/eap/statemachine/EapSimMethodStateMachine.java
index eed1614..1bccff2 100644
--- a/src/java/com/android/internal/net/eap/statemachine/EapSimMethodStateMachine.java
+++ b/src/java/com/android/internal/net/eap/statemachine/EapSimMethodStateMachine.java
@@ -16,9 +16,8 @@
package com.android.internal.net.eap.statemachine;
-import static android.net.eap.EapSessionConfig.EapMethodConfig.EAP_TYPE_SIM;
-
import static com.android.internal.net.eap.EapAuthenticator.LOG;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_SIM;
import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_SUCCESS;
import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_ANY_ID_REQ;
import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_ENCR_DATA;
@@ -35,7 +34,6 @@
import android.annotation.Nullable;
import android.content.Context;
-import android.net.eap.EapSessionConfig.EapMethodConfig.EapMethod;
import android.net.eap.EapSessionConfig.EapSimConfig;
import android.telephony.TelephonyManager;
@@ -50,6 +48,7 @@
import com.android.internal.net.eap.exceptions.simaka.EapSimAkaIdentityUnavailableException;
import com.android.internal.net.eap.exceptions.simaka.EapSimAkaInvalidAttributeException;
import com.android.internal.net.eap.exceptions.simaka.EapSimAkaInvalidLengthException;
+import com.android.internal.net.eap.message.EapData.EapMethod;
import com.android.internal.net.eap.message.EapMessage;
import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute;
import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtClientErrorCode;
diff --git a/src/java/com/android/internal/net/eap/statemachine/EapStateMachine.java b/src/java/com/android/internal/net/eap/statemachine/EapStateMachine.java
index 5402971..18119ea 100644
--- a/src/java/com/android/internal/net/eap/statemachine/EapStateMachine.java
+++ b/src/java/com/android/internal/net/eap/statemachine/EapStateMachine.java
@@ -16,16 +16,14 @@
package com.android.internal.net.eap.statemachine;
-import static android.net.eap.EapSessionConfig.EapMethodConfig.EAP_TYPE_AKA;
-import static android.net.eap.EapSessionConfig.EapMethodConfig.EAP_TYPE_AKA_PRIME;
-import static android.net.eap.EapSessionConfig.EapMethodConfig.EAP_TYPE_MSCHAP_V2;
-import static android.net.eap.EapSessionConfig.EapMethodConfig.EAP_TYPE_SIM;
-import static android.net.eap.EapSessionConfig.EapMethodConfig.EAP_TYPE_TTLS;
-
import static com.android.internal.net.eap.EapAuthenticator.LOG;
import static com.android.internal.net.eap.message.EapData.EAP_IDENTITY;
import static com.android.internal.net.eap.message.EapData.EAP_NAK;
import static com.android.internal.net.eap.message.EapData.EAP_NOTIFICATION;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_AKA;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_AKA_PRIME;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_MSCHAP_V2;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_SIM;
import static com.android.internal.net.eap.message.EapData.EAP_TYPE_STRING;
import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_FAILURE;
import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_REQUEST;
@@ -40,10 +38,8 @@
import android.net.eap.EapSessionConfig.EapAkaConfig;
import android.net.eap.EapSessionConfig.EapAkaPrimeConfig;
import android.net.eap.EapSessionConfig.EapMethodConfig;
-import android.net.eap.EapSessionConfig.EapMethodConfig.EapMethod;
import android.net.eap.EapSessionConfig.EapMsChapV2Config;
import android.net.eap.EapSessionConfig.EapSimConfig;
-import android.net.eap.EapSessionConfig.EapTtlsConfig;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.net.eap.EapResult;
@@ -55,6 +51,7 @@
import com.android.internal.net.eap.exceptions.EapSilentException;
import com.android.internal.net.eap.exceptions.UnsupportedEapTypeException;
import com.android.internal.net.eap.message.EapData;
+import com.android.internal.net.eap.message.EapData.EapMethod;
import com.android.internal.net.eap.message.EapMessage;
import com.android.internal.net.utils.SimpleStateMachine;
@@ -346,9 +343,6 @@
case EAP_TYPE_MSCHAP_V2:
EapMsChapV2Config eapMsChapV2Config = (EapMsChapV2Config) eapMethodConfig;
return new EapMsChapV2MethodStateMachine(eapMsChapV2Config, mSecureRandom);
- case EAP_TYPE_TTLS:
- EapTtlsConfig eapTtlsConfig = (EapTtlsConfig) eapMethodConfig;
- return new EapTtlsMethodStateMachine(mContext, eapTtlsConfig, mSecureRandom);
default:
// received unsupported EAP Type. This should never happen.
LOG.e(mTAG, "Received unsupported EAP Type=" + eapType);
diff --git a/src/java/com/android/internal/net/eap/statemachine/EapTtlsMethodStateMachine.java b/src/java/com/android/internal/net/eap/statemachine/EapTtlsMethodStateMachine.java
deleted file mode 100644
index 6483c54..0000000
--- a/src/java/com/android/internal/net/eap/statemachine/EapTtlsMethodStateMachine.java
+++ /dev/null
@@ -1,838 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.eap.statemachine;
-
-import static android.net.eap.EapSessionConfig.EapMethodConfig.EAP_TYPE_TTLS;
-
-import static com.android.internal.net.eap.EapAuthenticator.LOG;
-import static com.android.internal.net.eap.crypto.TlsSession.TLS_STATUS_CLOSED;
-import static com.android.internal.net.eap.crypto.TlsSession.TLS_STATUS_FAILURE;
-import static com.android.internal.net.eap.crypto.TlsSession.TLS_STATUS_SUCCESS;
-import static com.android.internal.net.eap.crypto.TlsSession.TLS_STATUS_TUNNEL_ESTABLISHED;
-import static com.android.internal.net.eap.message.EapData.EAP_IDENTITY;
-import static com.android.internal.net.eap.message.EapData.EAP_NOTIFICATION;
-import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_FAILURE;
-import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_RESPONSE;
-import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_SUCCESS;
-import static com.android.internal.net.eap.message.ttls.EapTtlsInboundFragmentationHelper.FRAGMENTATION_STATUS_ACK;
-import static com.android.internal.net.eap.message.ttls.EapTtlsInboundFragmentationHelper.FRAGMENTATION_STATUS_ASSEMBLED;
-import static com.android.internal.net.eap.message.ttls.EapTtlsInboundFragmentationHelper.FRAGMENTATION_STATUS_INVALID;
-
-import android.annotation.Nullable;
-import android.content.Context;
-import android.net.eap.EapSessionConfig.EapMethodConfig.EapMethod;
-import android.net.eap.EapSessionConfig.EapTtlsConfig;
-
-import com.android.internal.annotations.VisibleForTesting;
-import com.android.internal.net.eap.EapResult;
-import com.android.internal.net.eap.EapResult.EapError;
-import com.android.internal.net.eap.EapResult.EapFailure;
-import com.android.internal.net.eap.EapResult.EapResponse;
-import com.android.internal.net.eap.EapResult.EapSuccess;
-import com.android.internal.net.eap.crypto.TlsSession;
-import com.android.internal.net.eap.crypto.TlsSession.EapTtlsKeyingMaterial;
-import com.android.internal.net.eap.crypto.TlsSession.TlsResult;
-import com.android.internal.net.eap.crypto.TlsSessionFactory;
-import com.android.internal.net.eap.exceptions.EapInvalidRequestException;
-import com.android.internal.net.eap.exceptions.EapSilentException;
-import com.android.internal.net.eap.exceptions.ttls.EapTtlsHandshakeException;
-import com.android.internal.net.eap.exceptions.ttls.EapTtlsParsingException;
-import com.android.internal.net.eap.message.EapData;
-import com.android.internal.net.eap.message.EapMessage;
-import com.android.internal.net.eap.message.ttls.EapTtlsAvp;
-import com.android.internal.net.eap.message.ttls.EapTtlsAvp.EapTtlsAvpDecoder;
-import com.android.internal.net.eap.message.ttls.EapTtlsAvp.EapTtlsAvpDecoder.AvpDecodeResult;
-import com.android.internal.net.eap.message.ttls.EapTtlsInboundFragmentationHelper;
-import com.android.internal.net.eap.message.ttls.EapTtlsOutboundFragmentationHelper;
-import com.android.internal.net.eap.message.ttls.EapTtlsOutboundFragmentationHelper.FragmentationResult;
-import com.android.internal.net.eap.message.ttls.EapTtlsTypeData;
-import com.android.internal.net.eap.message.ttls.EapTtlsTypeData.EapTtlsAcknowledgement;
-import com.android.internal.net.eap.message.ttls.EapTtlsTypeData.EapTtlsTypeDataDecoder;
-import com.android.internal.net.eap.message.ttls.EapTtlsTypeData.EapTtlsTypeDataDecoder.DecodeResult;
-
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.security.SecureRandom;
-
-import javax.net.ssl.SSLException;
-
-/**
- * EapTtlsMethodStateMachine represents the valid paths possible for the EAP-TTLS protocol
- *
- * <p>EAP-TTLS sessions will always follow the path:
- *
- * <p>Created --+--> Handshake --+--> Tunnel (EAP) --+--> Final
- *
- * <p>Note: EAP-TTLS will only be allowed to run once. The inner EAP instance will not be able to
- * select EAP-TTLS. This is handled in the tunnel state when a new EAP session config is created.
- *
- * @see <a href="https://tools.ietf.org/html/rfc5281">RFC 5281, Extensible Authentication Protocol
- * Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0)</a>
- */
-public class EapTtlsMethodStateMachine extends EapMethodStateMachine {
-
- @VisibleForTesting public static TlsSessionFactory sTlsSessionFactory = new TlsSessionFactory();
- private static final int DEFAULT_AVP_VENDOR_ID = 0;
-
- private final Context mContext;
- private final EapTtlsConfig mEapTtlsConfig;
- private final EapTtlsTypeDataDecoder mTypeDataDecoder;
- private final SecureRandom mSecureRandom;
-
- @VisibleForTesting final EapTtlsInboundFragmentationHelper mInboundFragmentationHelper;
- @VisibleForTesting final EapTtlsOutboundFragmentationHelper mOutboundFragmentationHelper;
- @VisibleForTesting TlsSession mTlsSession;
-
- public EapTtlsMethodStateMachine(
- Context context,
- EapTtlsConfig eapTtlsConfig,
- SecureRandom secureRandom) {
- this(
- context,
- eapTtlsConfig,
- secureRandom,
- new EapTtlsTypeDataDecoder(),
- new EapTtlsInboundFragmentationHelper(),
- new EapTtlsOutboundFragmentationHelper());
- }
-
- @VisibleForTesting
- public EapTtlsMethodStateMachine(
- Context context,
- EapTtlsConfig eapTtlsConfig,
- SecureRandom secureRandom,
- EapTtlsTypeDataDecoder typeDataDecoder,
- EapTtlsInboundFragmentationHelper inboundFragmentationHelper,
- EapTtlsOutboundFragmentationHelper outboundFragmentationHelper) {
- mContext = context;
- mEapTtlsConfig = eapTtlsConfig;
- mTypeDataDecoder = typeDataDecoder;
- mSecureRandom = secureRandom;
- mInboundFragmentationHelper = inboundFragmentationHelper;
- mOutboundFragmentationHelper = outboundFragmentationHelper;
-
- transitionTo(new CreatedState());
- }
-
- @Override
- @EapMethod
- int getEapMethod() {
- return EAP_TYPE_TTLS;
- }
-
- @Override
- EapResult handleEapNotification(String tag, EapMessage message) {
- return EapStateMachine.handleNotification(tag, message);
- }
-
- /**
- * The created state verifies the start request before transitioning to phase 1 of EAP-TTLS
- * (RFC5281#7.1)
- */
- protected class CreatedState extends EapMethodState {
- private final String mTAG = this.getClass().getSimpleName();
-
- @Override
- public EapResult process(EapMessage message) {
- // TODO(b/160781895): Support decoding AVP's pre-tunnel in EAP-TTLS
- EapResult result = handleEapSuccessFailureNotification(mTAG, message);
- if (result != null) {
- return result;
- }
-
- DecodeResult decodeResult =
- mTypeDataDecoder.decodeEapTtlsRequestPacket(message.eapData.eapTypeData);
- if (!decodeResult.isSuccessfulDecode()) {
- LOG.e(mTAG, "Error parsing EAP-TTLS packet type data", decodeResult.eapError.cause);
- return decodeResult.eapError;
- } else if (!decodeResult.eapTypeData.isStart) {
- return new EapError(
- new EapInvalidRequestException(
- "Unexpected request received in EAP-TTLS: Received first request"
- + " without start bit set."));
- }
-
- return transitionAndProcess(new HandshakeState(), message);
- }
- }
-
- /**
- * The handshake (phase 1) state builds the tunnel for tunneled EAP authentication in phase 2
- *
- * <p>As per RFC5281#9.2.1, version negotiation occurs during the first exchange between client
- * and server. In other words, this is an implicit negotiation and is not handled independently.
- * In this case, the version will always be zero because that is the only currently supported
- * version of EAP-TTLS at the time of writing. The initiation of the handshake (RFC5281#7.1) is
- * the first response sent by the client.
- */
- protected class HandshakeState extends CloseableTtlsMethodState {
- private final String mTAG = this.getClass().getSimpleName();
-
- private static final int DEFAULT_VENDOR_ID = 0;
-
- /**
- * Processes a message for the handshake state
- *
- * <ol>
- * <li>Checks for EAP-success, EAP-failure, or EAP notification, returns early if one
- * needs to be handled
- * <li>Decodes type data, closes the connection if decoding fails
- * <li>If outbound data is being fragmented, returns early with the next fragment to be
- * sent
- * <li>If inbound data is being reassembled, returns early with an ack etc. If nothing has
- * returned yet, generates an EAP response for the incoming message
- * <li>If this is a start request, and the first message in the handshake state, starts
- * the handshake and returns an EAP-Response. Otherwise, processes the incoming
- * message in TlsSession, and then sends an EAP-Response.
- * <li>If the handshake is complete, sends a tunnelled EAP-Response/Identity and
- * transitions to the tunnel state.
- * </ol>
- */
- @Override
- public EapResult process(EapMessage message) {
- EapResult eapResult = handleEapSuccessFailureNotification(mTAG, message);
- if (eapResult != null) {
- return eapResult;
- }
-
- DecodeResult decodeResult =
- mTypeDataDecoder.decodeEapTtlsRequestPacket(message.eapData.eapTypeData);
- if (!decodeResult.isSuccessfulDecode()) {
- LOG.e(mTAG, "Error parsing EAP-TTLS packet type data", decodeResult.eapError.cause);
- if (mTlsSession == null) {
- return decodeResult.eapError;
- }
- return transitionToErroredAndAwaitingClosureState(
- mTAG, message.eapIdentifier, decodeResult.eapError);
- }
-
- EapTtlsTypeData eapTtlsRequest = decodeResult.eapTypeData;
-
- // If the remote is in the midst of sending a fragmented message, ack the fragment and
- // return
- EapResult inboundFragmentAck =
- handleInboundFragmentation(mTAG, eapTtlsRequest, message.eapIdentifier);
- if (inboundFragmentAck != null) {
- return inboundFragmentAck;
- }
-
- if (eapTtlsRequest.isStart) {
- if (mTlsSession != null) {
- return transitionToErroredAndAwaitingClosureState(
- mTAG,
- message.eapIdentifier,
- new EapError(
- new EapInvalidRequestException(
- "Received a start request when a session is already in"
- + " progress")));
- }
-
- return startHandshake(message.eapIdentifier);
- }
-
- EapResult nextOutboundFragment =
- getNextOutboundFragment(mTAG, eapTtlsRequest, message.eapIdentifier);
- if (nextOutboundFragment != null) {
- // Skip further processing, send remaining outbound fragments
- return nextOutboundFragment;
- }
-
- TlsResult tlsResult;
-
- try {
- tlsResult =
- mTlsSession.processHandshakeData(
- mInboundFragmentationHelper.getAssembledInboundFragment(),
- buildEapIdentityResponseAvp(message.eapIdentifier));
- } catch (EapSilentException e) {
- LOG.e(mTAG, "Error building an identity response.", e);
- return transitionToErroredAndAwaitingClosureState(
- mTAG, message.eapIdentifier, new EapError(e));
- }
-
- switch (tlsResult.status) {
- case TLS_STATUS_TUNNEL_ESTABLISHED:
- LOG.d(mTAG, "Tunnel established. Generating a response.");
- transitionTo(new TunnelState());
- // fallthrough
- case TLS_STATUS_SUCCESS:
- return buildEapMessageResponse(mTAG, message.eapIdentifier, tlsResult.data);
- case TLS_STATUS_CLOSED:
- EapError eapError =
- new EapError(
- new EapTtlsHandshakeException(
- "Handshake failed to complete and the"
- + " connection was closed."));
- // Because the TLS session is already closed, we only transition to
- // ErroredAndAwaitingClosureState as the tls result has data to return from the
- // closure
- transitionTo(new ErroredAndAwaitingClosureState(eapError));
- return buildEapMessageResponse(mTAG, message.eapIdentifier, tlsResult.data);
- case TLS_STATUS_FAILURE:
- // Handshake failed and attempts to successfully close the tunnel also failed.
- // Processing more messages is not possible due to the state of TlsSession so
- // transition to FinalState.
- transitionTo(new FinalState());
- return new EapError(
- new EapTtlsHandshakeException(
- "Handshake failed to complete and may not have been closed"
- + " properly."));
- default:
- return transitionToErroredAndAwaitingClosureState(
- mTAG,
- message.eapIdentifier,
- new EapError(
- new IllegalStateException(
- "Received an unknown TLS result with code "
- + tlsResult.status)));
- }
- }
-
- /**
- * Initializes the TlsSession and starts a TLS handshake
- *
- * @param eapIdentifier the eap identifier for the response
- * @return an EAP response containing the ClientHello message, or an EAP error if the TLS
- * handshake fails to begin
- */
- private EapResult startHandshake(int eapIdentifier) {
- try {
- mTlsSession =
- sTlsSessionFactory.newInstance(
- mEapTtlsConfig.getServerCaCert(), mSecureRandom);
- } catch (GeneralSecurityException | IOException e) {
- return new EapError(
- new EapTtlsHandshakeException(
- "There was an error creating the TLS Session.", e));
- }
-
- TlsResult tlsResult = mTlsSession.startHandshake();
- if (tlsResult.status == TLS_STATUS_FAILURE) {
- // Handshake failed and attempts to successfully close the tunnel also failed.
- // Processing more messages is not possible due to the state of TlsSession so
- // transition to FinalState.
- transitionTo(new FinalState());
- return new EapError(new EapTtlsHandshakeException("Failed to start handshake."));
- }
-
- return buildEapMessageResponse(mTAG, eapIdentifier, tlsResult.data);
- }
-
- /**
- * Builds an EAP-MESSAGE AVP containing an EAP-Identity response
- *
- * <p>Note that this uses the EAP-Identity in the session config nested within EapTtlsConfig
- * which may be different than the identity in the top-level EapSessionConfig
- *
- * @param eapIdentifier the eap identifier for the response
- * @throws EapSilentException if an error occurs creating the eap message
- */
- @VisibleForTesting
- byte[] buildEapIdentityResponseAvp(int eapIdentifier) throws EapSilentException {
- EapData eapData =
- new EapData(
- EAP_IDENTITY,
- mEapTtlsConfig.getInnerEapSessionConfig().getEapIdentity());
- EapMessage eapMessage = new EapMessage(EAP_CODE_RESPONSE, eapIdentifier, eapData);
- return EapTtlsAvp.getEapMessageAvp(DEFAULT_AVP_VENDOR_ID, eapMessage.encode()).encode();
- }
-
- /**
- * Handles premature EAP-Success and EAP-Failure messages in the handshake state.
- *
- * <p>In the case of an EAP-Success or EAP-Failure, the TLS session will be closed but an
- * EapError or EAP-Failure will be returned. For an invalid type error, the TLS session will
- * be closed and the state will transition to AwaitingClosure.
- *
- * @param message the EapMessage to be checked for early Success/Failure/Notification
- * messages
- * @return the EapResult generated from handling the give EapMessage, or null if the message
- * Type matches that of the current EAP method
- */
- @Nullable
- @Override
- public EapResult handleEapSuccessFailure(EapMessage message) {
- if (message.eapCode == EAP_CODE_SUCCESS) {
- // EAP-SUCCESS is required to be the last EAP message sent during the EAP protocol,
- // so receiving a premature SUCCESS message is an unrecoverable error.
- mTlsSession.closeConnection();
- return new EapError(
- new EapInvalidRequestException(
- "Received an EAP-Success in the handshake state"));
- } else if (message.eapCode == EAP_CODE_FAILURE) {
- mTlsSession.closeConnection();
- transitionTo(new FinalState());
- return new EapFailure();
- }
-
- return null;
- }
- }
-
- /**
- * The tunnel state (phase 2) tunnels data produced by an inner EAP instance
- *
- * <p>The tunnel state creates an inner EAP instance via a new EAP state machine and handles
- * decryption and encryption of data using the previously established TLS tunnel (RFC5281#7.2)
- */
- protected class TunnelState extends CloseableTtlsMethodState {
- private final String mTAG = this.getClass().getSimpleName();
-
- @VisibleForTesting EapStateMachine mInnerEapStateMachine;
- @VisibleForTesting EapTtlsAvpDecoder mEapTtlsAvpDecoder = new EapTtlsAvpDecoder();
-
- public TunnelState() {
- mInnerEapStateMachine =
- new EapStateMachine(
- mContext, mEapTtlsConfig.getInnerEapSessionConfig(), mSecureRandom);
- }
-
- /**
- * Processes a message for the inner tunneled authentication method.
- *
- * <ol>
- * <li>Checks for EAP-success, EAP-failure, or EAP notification, returns early if one
- * needs to be handled
- * <li>Decodes type data, closes the connection if decoding fails
- * <li>If outbound data is being fragmented, returns early with the next fragment to be
- * sent
- * <li>If inbound data is being reassembled, returns early with an ack etc. If nothing has
- * returned yet, generates an EAP response for the incoming message
- * <li>Decodes AVP, closes the connection if decoding fails.
- * <li>Processes data through inner state machine. Encodes response in AVP, encrypts it
- * and sends EAP-Response.
- * </ol>
- */
- @Override
- public EapResult process(EapMessage message) {
- EapResult eapResult = handleEapSuccessFailureNotification(mTAG, message);
- if (eapResult != null) {
- return eapResult;
- }
-
- DecodeResult decodeResult =
- mTypeDataDecoder.decodeEapTtlsRequestPacket(message.eapData.eapTypeData);
- if (!decodeResult.isSuccessfulDecode()) {
- LOG.e(mTAG, "Error parsing EAP-TTLS packet type data", decodeResult.eapError.cause);
- return transitionToErroredAndAwaitingClosureState(
- mTAG, message.eapIdentifier, decodeResult.eapError);
- }
-
- EapTtlsTypeData eapTtlsRequest = decodeResult.eapTypeData;
-
- EapResult nextOutboundFragment =
- getNextOutboundFragment(mTAG, eapTtlsRequest, message.eapIdentifier);
- if (nextOutboundFragment != null) {
- return nextOutboundFragment;
- }
-
- EapResult inboundFragmentAck =
- handleInboundFragmentation(mTAG, eapTtlsRequest, message.eapIdentifier);
- if (inboundFragmentAck != null) {
- return inboundFragmentAck;
- }
-
- TlsResult decryptResult =
- mTlsSession.processIncomingData(
- mInboundFragmentationHelper.getAssembledInboundFragment());
-
- EapResult errorResult = handleTunnelTlsResult(decryptResult, message.eapIdentifier);
- if (errorResult != null) {
- return errorResult;
- }
-
- AvpDecodeResult avpDecodeResult = mEapTtlsAvpDecoder.decode(decryptResult.data);
- if (!avpDecodeResult.isSuccessfulDecode()) {
- LOG.e(mTAG, "Error parsing EAP-TTLS AVP", avpDecodeResult.eapError.cause);
- return transitionToErroredAndAwaitingClosureState(
- mTAG, message.eapIdentifier, avpDecodeResult.eapError);
- }
-
- EapTtlsAvp avp = avpDecodeResult.eapTtlsAvp;
- LOG.d(
- mTAG,
- "Incoming AVP has been decrypted and processed. AVP data will be passed to the"
- + " inner state machine.");
-
- EapResult innerResult = mInnerEapStateMachine.process(avp.data);
-
- if (innerResult instanceof EapError) {
- return transitionToErroredAndAwaitingClosureState(
- mTAG, message.eapIdentifier, (EapError) innerResult);
- } else if (innerResult instanceof EapFailure) {
- LOG.e(mTAG, "Tunneled authentication failed");
- mTlsSession.closeConnection();
- transitionTo(new FinalState());
- return innerResult;
- } else if (innerResult instanceof EapSuccess) {
- Exception invalidSuccess =
- new EapInvalidRequestException(
- "Received an unexpected EapSuccess from the inner state machine.");
- transitionToErroredAndAwaitingClosureState(
- mTAG, message.eapIdentifier, new EapError(invalidSuccess));
- }
-
- LOG.d(mTAG, "Received EapResponse from innerStateMachine");
- TlsResult encryptResult;
-
- EapResponse innerResponse = (EapResponse) innerResult;
- EapTtlsAvp outgoingAvp =
- EapTtlsAvp.getEapMessageAvp(DEFAULT_AVP_VENDOR_ID, innerResponse.packet);
- encryptResult = mTlsSession.processOutgoingData(outgoingAvp.encode());
-
- errorResult = handleTunnelTlsResult(encryptResult, message.eapIdentifier);
- if (errorResult != null) {
- return errorResult;
- }
-
- LOG.d(mTAG, "Outbound AVP has been assembled and encrypted. Building EAP Response.");
-
- return buildEapMessageResponse(mTAG, message.eapIdentifier, encryptResult.data);
- }
-
- /**
- * Validates the results of an encryption or decryption operation
- *
- * <p>If the result is an error state, the tunnel will be closed and a response or EapError
- * will be returned. Otherwise, null is returned to indicate that processing can continue.
- *
- * @param result a TlsResult encapsulating the results of an encrypt or decrypt operation
- * @param eapIdentifier the eap identifier from the latest message
- * @return an eap response if an error occurs or null if processing can continue
- */
- @Nullable
- EapResult handleTunnelTlsResult(TlsResult result, int eapIdentifier) {
- switch (result.status) {
- case TLS_STATUS_SUCCESS:
- return null;
- case TLS_STATUS_CLOSED:
- Exception closeException =
- new SSLException(
- "TLS Session failed to encrypt or decrypt data"
- + " and was closed.");
- // Because the TLS session is already closed, we only transition to
- // ErroredAndAwaitingClosureState as the tls result has data to return from the
- // closure
- transitionTo(new ErroredAndAwaitingClosureState(new EapError(closeException)));
- return buildEapMessageResponse(mTAG, eapIdentifier, result.data);
- case TLS_STATUS_FAILURE:
- transitionTo(new FinalState());
- return new EapError(
- new SSLException(
- "Failed to encrypt or decrypt message. Tunnel could not be"
- + " closed properly"));
- default:
- Exception illegalStateException =
- new IllegalStateException(
- "Received an unexpected TLS result with code " + result.status);
- return transitionToErroredAndAwaitingClosureState(
- mTAG, eapIdentifier, new EapError(illegalStateException));
- }
- }
-
- /**
- * Handles EAP-Success and EAP-Failure messages in the tunnel state
- *
- * <p>Both success/failure messages are passed into the inner state machine for processing.
- *
- * <p>If an EAP-Success is returned by the inner state machine, it is discarded and a new
- * EAP-Success that contains the keying material generated during the TLS negotiation is
- * sent instead.
- *
- * @param message the EapMessage to be checked for Success/Failure
- * @return the EapResult generated from handling the give EapMessage, or null if the message
- * Type matches that of the current EAP method
- */
- @Nullable
- @Override
- EapResult handleEapSuccessFailure(EapMessage message) {
- if (message.eapCode == EAP_CODE_SUCCESS || message.eapCode == EAP_CODE_FAILURE) {
- EapResult innerResult = mInnerEapStateMachine.process(message.encode());
- if (innerResult instanceof EapSuccess) {
- EapTtlsKeyingMaterial keyingMaterial = mTlsSession.generateKeyingMaterial();
- mTlsSession.closeConnection();
- transitionTo(new FinalState());
-
- if (!keyingMaterial.isSuccessful()) {
- return keyingMaterial.eapError;
- }
-
- return new EapSuccess(keyingMaterial.msk, keyingMaterial.emsk);
- }
-
- transitionTo(new FinalState());
- mTlsSession.closeConnection();
- return innerResult;
- }
-
- return null;
- }
- }
-
- /**
- * The closure state handles closure of the TLS session in EAP-TTLS
- *
- * <p>Note that this state is only entered following an error. If EAP authentication completes
- * successfully or fails, the tunnel is assumed to have implicitly closed.
- */
- protected class ErroredAndAwaitingClosureState extends EapMethodState {
- private final String mTAG = this.getClass().getSimpleName();
-
- private final EapError mEapError;
-
- /**
- * Initializes the closure state
- *
- * <p>The errored and awaiting closure state is an error state. If a server responds to a
- * close-notify, the data is processed and the EAP error which encapsulates the initial
- * error that caused the closure is returned
- *
- * @param eapError an EAP error that contains the error that initially caused a close to
- * occur
- */
- public ErroredAndAwaitingClosureState(EapError eapError) {
- mEapError = eapError;
- }
-
- @Override
- public EapResult process(EapMessage message) {
- EapResult result = handleEapSuccessFailureNotification(mTAG, message);
- if (result != null) {
- return result;
- }
-
- DecodeResult decodeResult =
- mTypeDataDecoder.decodeEapTtlsRequestPacket(message.eapData.eapTypeData);
- if (!decodeResult.isSuccessfulDecode()) {
- LOG.e(mTAG, "Error parsing EAP-TTLS packet type data", decodeResult.eapError.cause);
- return decodeResult.eapError;
- }
-
- // if the server sent data, we process it and return an EapError.
- // A response is not required and is additionally unlikely as we have already sent the
- // closure-notify
- mTlsSession.processIncomingData(decodeResult.eapTypeData.data);
-
- return mEapError;
- }
- }
-
- /**
- * Transitions to the ErroredAndAwaitingClosureState and attempts to close the TLS tunnel
- *
- * @param tag the tag of the calling class
- * @param eapIdentifier the EAP identifier from the most recent EAP request
- * @param eapError the EAP error to return if closure fails
- * @return a closure notify TLS message or an EAP error if one cannot be generated
- */
- @VisibleForTesting
- EapResult transitionToErroredAndAwaitingClosureState(
- String tag, int eapIdentifier, EapError eapError) {
- TlsResult closureResult = mTlsSession.closeConnection();
- if (closureResult.status != TLS_STATUS_CLOSED) {
- LOG.e(tag, "Failed to close the TLS session");
- transitionTo(new FinalState());
- return eapError;
- }
-
- transitionTo(new ErroredAndAwaitingClosureState(eapError));
- return buildEapMessageResponse(
- tag,
- eapIdentifier,
- EapTtlsTypeData.getEapTtlsTypeData(
- false /* isFragmented */,
- false /* start */,
- 0 /* version 0 */,
- closureResult.data.length,
- closureResult.data));
- }
-
- /**
- * Verifies whether outbound fragmentation is in progress and constructs the next fragment if
- * necessary
- *
- * @param tag the tag for the calling class
- * @param eapTtlsRequest the request received from the server
- * @param eapIdentifier the eap identifier from the latest message
- * @return an eap response if the next fragment exists, or null if no fragmentation is in
- * progress
- */
- @Nullable
- private EapResult getNextOutboundFragment(
- String tag, EapTtlsTypeData eapTtlsRequest, int eapIdentifier) {
- if (eapTtlsRequest.isAcknowledgmentPacket()) {
- if (mOutboundFragmentationHelper.hasRemainingFragments()) {
- FragmentationResult result = mOutboundFragmentationHelper.getNextOutboundFragment();
- return buildEapMessageResponse(
- tag,
- eapIdentifier,
- EapTtlsTypeData.getEapTtlsTypeData(
- result.hasRemainingFragments,
- false /* start */,
- 0 /* version 0 */,
- 0 /* messageLength */,
- result.fragmentedData));
- } else {
- return transitionToErroredAndAwaitingClosureState(
- tag,
- eapIdentifier,
- new EapError(
- new EapInvalidRequestException(
- "Received an ack but no packet was in the process of"
- + " being fragmented.")));
- }
- } else if (mOutboundFragmentationHelper.hasRemainingFragments()) {
- return transitionToErroredAndAwaitingClosureState(
- tag,
- eapIdentifier,
- new EapError(
- new EapInvalidRequestException(
- "Received a standard EAP-Request but was expecting an ack to a"
- + " fragment.")));
- }
-
- return null;
- }
-
- /**
- * Processes incoming data, and if necessary, assembles fragments
- *
- * @param tag the tag for the calling class
- * @param eapTtlsRequest the request received from the server
- * @param eapIdentifier the eap identifier from the latest message
- * @return an acknowledgment if the received data is a fragment, null if data is ready to
- * process
- */
- @Nullable
- private EapResult handleInboundFragmentation(
- String tag, EapTtlsTypeData eapTtlsRequest, int eapIdentifier) {
- int fragmentationStatus =
- mInboundFragmentationHelper.assembleInboundMessage(eapTtlsRequest);
-
- switch (fragmentationStatus) {
- case FRAGMENTATION_STATUS_ASSEMBLED:
- return null;
- case FRAGMENTATION_STATUS_ACK:
- LOG.d(tag, "Packet is fragmented. Generating an acknowledgement response.");
- return buildEapMessageResponse(
- tag, eapIdentifier, EapTtlsAcknowledgement.getEapTtlsAcknowledgement());
- case FRAGMENTATION_STATUS_INVALID:
- return transitionToErroredAndAwaitingClosureState(
- tag,
- eapIdentifier,
- new EapError(
- new EapTtlsParsingException(
- "Fragmentation failure: There was an error decoding the"
- + " fragmented request.")));
- default:
- return transitionToErroredAndAwaitingClosureState(
- tag,
- eapIdentifier,
- new EapError(
- new IllegalStateException(
- "Received an unknown fragmentation status when assembling"
- + " an inbound fragment: "
- + fragmentationStatus)));
- }
- }
-
- /**
- * Takes outbound data and assembles an EAP-Response.
- *
- * <p>The data will be fragmented if necessary
- *
- * @param tag the tag of the calling class
- * @param eapIdentifier the EAP identifier from the most recent EAP request
- * @param data the data used to build the EAP-TTLS type data
- * @return an EAP result that is either an EAP response or an EAP error
- */
- private EapResult buildEapMessageResponse(String tag, int eapIdentifier, byte[] data) {
- // TODO(b/165668196): Modify outbound fragmentation helper to be per-message in EAP-TTLS
- mOutboundFragmentationHelper.setupOutboundFragmentation(data);
- FragmentationResult result = mOutboundFragmentationHelper.getNextOutboundFragment();
-
- // As per RFC5281#9.2.2, an unfragmented packet may have the length bit set
- return buildEapMessageResponse(
- tag,
- eapIdentifier,
- EapTtlsTypeData.getEapTtlsTypeData(
- result.hasRemainingFragments,
- false /* start */,
- 0 /* version 0 */,
- data.length,
- result.fragmentedData));
- }
-
- /**
- * Takes an already constructed EapTtlsTypeData and builds an EAP-Response
- *
- * @param tag the tag of the calling class
- * @param eapIdentifier the EAP identifier from the most recent EAP request
- * @param eapTtlsTypeData the type data to use in the EAP Response
- * @return an EAP result that is either an EAP response or an EAP error
- */
- private EapResult buildEapMessageResponse(
- String tag, int eapIdentifier, EapTtlsTypeData eapTtlsTypeData) {
- try {
- EapData eapData = new EapData(getEapMethod(), eapTtlsTypeData.encode());
- EapMessage eapMessage = new EapMessage(EAP_CODE_RESPONSE, eapIdentifier, eapData);
- return EapResponse.getEapResponse(eapMessage);
- } catch (EapSilentException ex) {
- LOG.e(tag, "Error building response EapMessage", ex);
- return new EapError(ex);
- }
- }
-
- /**
- * CloseableTtlsMethodState defines specific behaviour for handling EAP-Messages in EAP-TTLS
- *
- * <p>EAP-TTLS requires specific handling compared to what is defined in {@link EapMethodState}
- * as the tunnel needs to be closed. Furthermore, EAP-Success/EAP-Failure handling differs in
- * the tunnel state as it needs to be processed by the inner authentication method.
- *
- * <p>
- */
- abstract class CloseableTtlsMethodState extends EapMethodState {
- abstract EapResult handleEapSuccessFailure(EapMessage message);
-
- @Override
- @Nullable
- EapResult handleEapSuccessFailureNotification(String tag, EapMessage message) {
- EapResult eapResult = handleEapSuccessFailure(message);
- if (eapResult != null) {
- return eapResult;
- }
-
- if (message.eapData.eapType == EAP_NOTIFICATION) {
- return handleEapNotification(tag, message);
- } else if (message.eapData.eapType != EAP_TYPE_TTLS) {
- EapError eapError =
- new EapError(
- new EapInvalidRequestException(
- "Expected EAP Type "
- + getEapMethod()
- + ", received "
- + message.eapData.eapType));
- return transitionToErroredAndAwaitingClosureState(
- tag, message.eapIdentifier, eapError);
- }
-
- return null;
- }
- }
-}
-
diff --git a/src/java/com/android/internal/net/ipsec/ike/AbstractSessionStateMachine.java b/src/java/com/android/internal/net/ipsec/ike/AbstractSessionStateMachine.java
index 2b73684..1ed89b9 100644
--- a/src/java/com/android/internal/net/ipsec/ike/AbstractSessionStateMachine.java
+++ b/src/java/com/android/internal/net/ipsec/ike/AbstractSessionStateMachine.java
@@ -51,20 +51,15 @@
@VisibleForTesting
static final int CMD_LOCAL_REQUEST_REKEY_CHILD = CMD_CHILD_LOCAL_REQUEST_BASE + 3;
- @VisibleForTesting
- static final int CMD_LOCAL_REQUEST_REKEY_CHILD_MOBIKE = CMD_CHILD_LOCAL_REQUEST_BASE + 4;
-
/** Timeout commands. */
protected static final int CMD_TIMEOUT_BASE = CMD_SHARED_BASE + CMD_CATEGORY_SIZE;
/** Timeout when the remote side fails to send a Rekey-Delete request. */
@VisibleForTesting static final int TIMEOUT_REKEY_REMOTE_DELETE = CMD_TIMEOUT_BASE + 1;
- /** Commands for generic usages */
- protected static final int CMD_GENERIC_BASE = CMD_SHARED_BASE + 2 * CMD_CATEGORY_SIZE;
+ /** Commands for testing only */
+ protected static final int CMD_TEST_BASE = CMD_SHARED_BASE + 2 * CMD_CATEGORY_SIZE;
/** Force state machine to a target state for testing purposes. */
- @VisibleForTesting static final int CMD_FORCE_TRANSITION = CMD_GENERIC_BASE + 1;
- /** Force close the session. */
- @VisibleForTesting static final int CMD_KILL_SESSION = CMD_GENERIC_BASE + 2;
+ @VisibleForTesting static final int CMD_FORCE_TRANSITION = CMD_TEST_BASE + 1;
/** Private commands for subclasses */
protected static final int CMD_PRIVATE_BASE = CMD_SHARED_BASE + 3 * CMD_CATEGORY_SIZE;
@@ -76,8 +71,6 @@
SHARED_CMD_TO_STR.put(CMD_LOCAL_REQUEST_CREATE_CHILD, "Create Child");
SHARED_CMD_TO_STR.put(CMD_LOCAL_REQUEST_DELETE_CHILD, "Delete Child");
SHARED_CMD_TO_STR.put(CMD_LOCAL_REQUEST_REKEY_CHILD, "Rekey Child");
- SHARED_CMD_TO_STR.put(CMD_LOCAL_REQUEST_REKEY_CHILD_MOBIKE, "Rekey Child (MOBIKE)");
- SHARED_CMD_TO_STR.put(CMD_KILL_SESSION, "Kill session");
SHARED_CMD_TO_STR.put(TIMEOUT_REKEY_REMOTE_DELETE, "Timout rekey remote delete");
SHARED_CMD_TO_STR.put(CMD_FORCE_TRANSITION, "Force transition");
}
@@ -91,8 +84,6 @@
protected final Executor mUserCbExecutor;
private final String mLogTag;
- private volatile boolean mIsClosing = false;
-
protected AbstractSessionStateMachine(String name, Looper looper, Executor userCbExecutor) {
super(name, looper);
mLogTag = name;
@@ -117,34 +108,18 @@
}
}
- private String getCmdStr(int cmd) {
- String cmdName = SHARED_CMD_TO_STR.get(cmd);
- if (cmdName != null) {
- return cmdName;
- }
-
- cmdName = getCmdString(cmd);
- if (cmdName != null) {
- return cmdName;
- }
-
- // Unrecognized message
- return Integer.toString(cmd);
- }
-
@Override
public final boolean processMessage(Message message) {
try {
- if (mIsClosing && message.what != CMD_KILL_SESSION) {
- logd(
- "Ignore "
- + getCmdStr(message.what)
- + " since this session is going to be closed");
- return HANDLED;
- } else {
- logd("processStateMessage: " + getCmdStr(message.what));
- return processStateMessage(message);
+ String cmdName = SHARED_CMD_TO_STR.get(message.what);
+ if (cmdName == null) {
+ cmdName = getCmdString(message.what);
}
+
+ // Unrecognized message will be logged by super class(Android StateMachine)
+ if (cmdName != null) logd("processStateMessage: " + cmdName);
+
+ return processStateMessage(message);
} catch (RuntimeException e) {
cleanUpAndQuit(e);
return HANDLED;
@@ -185,14 +160,6 @@
}
}
- /** Forcibly close this session. */
- public void killSession() {
- log("killSession");
-
- mIsClosing = true;
- sendMessage(CMD_KILL_SESSION);
- }
-
@Override
protected void log(String s) {
getIkeLog().d(mLogTag, s);
diff --git a/src/java/com/android/internal/net/ipsec/ike/ChildSessionStateMachine.java b/src/java/com/android/internal/net/ipsec/ike/ChildSessionStateMachine.java
index bc29e58..81c36c7 100644
--- a/src/java/com/android/internal/net/ipsec/ike/ChildSessionStateMachine.java
+++ b/src/java/com/android/internal/net/ipsec/ike/ChildSessionStateMachine.java
@@ -39,12 +39,12 @@
import static com.android.internal.net.ipsec.ike.message.IkePayload.PAYLOAD_TYPE_TS_INITIATOR;
import static com.android.internal.net.ipsec.ike.message.IkePayload.PAYLOAD_TYPE_TS_RESPONDER;
import static com.android.internal.net.ipsec.ike.message.IkePayload.PROTOCOL_ID_ESP;
-import static com.android.internal.net.ipsec.ike.utils.IkeAlarm.IkeAlarmConfig;
import static com.android.internal.net.ipsec.ike.utils.IkeAlarmReceiver.ACTION_DELETE_CHILD;
import static com.android.internal.net.ipsec.ike.utils.IkeAlarmReceiver.ACTION_REKEY_CHILD;
import android.annotation.IntDef;
import android.annotation.Nullable;
+import android.app.AlarmManager;
import android.app.PendingIntent;
import android.content.Context;
import android.net.IpSecManager;
@@ -52,7 +52,6 @@
import android.net.IpSecManager.SecurityParameterIndex;
import android.net.IpSecManager.SpiUnavailableException;
import android.net.IpSecManager.UdpEncapsulationSocket;
-import android.net.IpSecTransform;
import android.net.ipsec.ike.ChildSaProposal;
import android.net.ipsec.ike.ChildSessionCallback;
import android.net.ipsec.ike.ChildSessionConfiguration;
@@ -63,13 +62,7 @@
import android.net.ipsec.ike.exceptions.IkeException;
import android.net.ipsec.ike.exceptions.IkeInternalException;
import android.net.ipsec.ike.exceptions.IkeProtocolException;
-import android.net.ipsec.ike.exceptions.InvalidKeException;
-import android.net.ipsec.ike.exceptions.InvalidSyntaxException;
-import android.net.ipsec.ike.exceptions.NoValidProposalChosenException;
-import android.net.ipsec.ike.exceptions.TemporaryFailureException;
-import android.net.ipsec.ike.exceptions.TsUnacceptableException;
import android.os.Bundle;
-import android.os.Handler;
import android.os.Looper;
import android.os.Message;
import android.util.Pair;
@@ -77,13 +70,17 @@
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.net.ipsec.ike.IkeLocalRequestScheduler.ChildLocalRequest;
-import com.android.internal.net.ipsec.ike.IkeLocalRequestScheduler.LocalRequestFactory;
import com.android.internal.net.ipsec.ike.IkeSessionStateMachine.IkeExchangeSubType;
import com.android.internal.net.ipsec.ike.SaRecord.ChildSaRecord;
import com.android.internal.net.ipsec.ike.SaRecord.SaLifetimeAlarmScheduler;
import com.android.internal.net.ipsec.ike.crypto.IkeCipher;
import com.android.internal.net.ipsec.ike.crypto.IkeMacIntegrity;
import com.android.internal.net.ipsec.ike.crypto.IkeMacPrf;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidKeException;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidSyntaxException;
+import com.android.internal.net.ipsec.ike.exceptions.NoValidProposalChosenException;
+import com.android.internal.net.ipsec.ike.exceptions.TemporaryFailureException;
+import com.android.internal.net.ipsec.ike.exceptions.TsUnacceptableException;
import com.android.internal.net.ipsec.ike.message.IkeConfigPayload;
import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttribute;
import com.android.internal.net.ipsec.ike.message.IkeDeletePayload;
@@ -143,6 +140,8 @@
private static final int CMD_HANDLE_RECEIVED_REQUEST = CMD_GENERAL_BASE + 2;
/** Receive a reponse from the remote. */
private static final int CMD_HANDLE_RECEIVED_RESPONSE = CMD_GENERAL_BASE + 3;
+ /** Kill Session and close all alive Child SAs immediately. */
+ private static final int CMD_KILL_SESSION = CMD_GENERAL_BASE + 4;
private static final SparseArray<String> CMD_TO_STR;
@@ -151,11 +150,12 @@
CMD_TO_STR.put(CMD_HANDLE_FIRST_CHILD_EXCHANGE, "Handle First Child");
CMD_TO_STR.put(CMD_HANDLE_RECEIVED_REQUEST, "Rcv request");
CMD_TO_STR.put(CMD_HANDLE_RECEIVED_RESPONSE, "Rcv response");
+ CMD_TO_STR.put(CMD_KILL_SESSION, "Kill session");
}
private final Context mContext;
private final int mIkeSessionId;
- private final Handler mIkeHandler;
+ private final AlarmManager mAlarmManager;
private final IpSecManager mIpSecManager;
private final RandomnessFactory mRandomFactory;
@@ -165,8 +165,6 @@
*/
private final IpSecSpiGenerator mIpSecSpiGenerator;
- private final LocalRequestFactory mLocalRequestFactory = new LocalRequestFactory();
-
/** User provided configurations. */
@VisibleForTesting final ChildSessionParams mChildSessionParams;
@@ -193,16 +191,6 @@
@VisibleForTesting byte[] mSkD;
- /**
- * Negotiated IKE DH group
- *
- * <p>First Child SA, and all additional Child SAs that do not have user specified DH group are
- * set up with crypto keys that are implicitly generated by the negotiated IKE DH group. For
- * those Child SAs, incoming rekey requests that match the negotiated IKE DH group should also
- * be acceptable. This for improving the interoperability with other IKE implementations.
- */
- @VisibleForTesting int mIkeDhGroup;
-
/** Package private ChildSaProposal that represents the negotiated Child SA proposal. */
@VisibleForTesting ChildSaProposal mSaProposal;
@@ -234,7 +222,6 @@
@VisibleForTesting final State mDeleteChildLocalDelete = new DeleteChildLocalDelete();
@VisibleForTesting final State mDeleteChildRemoteDelete = new DeleteChildRemoteDelete();
@VisibleForTesting final State mRekeyChildLocalCreate = new RekeyChildLocalCreate();
- @VisibleForTesting final State mMobikeRekeyChildLocalCreate = new MobikeRekeyChildLocalCreate();
@VisibleForTesting final State mRekeyChildRemoteCreate = new RekeyChildRemoteCreate();
@VisibleForTesting final State mRekeyChildLocalDelete = new RekeyChildLocalDelete();
@VisibleForTesting final State mRekeyChildRemoteDelete = new RekeyChildRemoteDelete();
@@ -256,7 +243,7 @@
Looper looper,
Context context,
int ikeSessionUniqueId,
- Handler ikeHandler,
+ AlarmManager alarmManager,
RandomnessFactory randomnessFactory,
IpSecManager ipSecManager,
IpSecSpiGenerator ipSecSpiGenerator,
@@ -268,7 +255,7 @@
mContext = context;
mIkeSessionId = ikeSessionUniqueId;
- mIkeHandler = ikeHandler;
+ mAlarmManager = alarmManager;
mRandomFactory = randomnessFactory;
mIpSecManager = ipSecManager;
mIpSecSpiGenerator = ipSecSpiGenerator;
@@ -287,7 +274,6 @@
addState(mDeleteChildLocalDelete, mKillChildSessionParent);
addState(mDeleteChildRemoteDelete, mKillChildSessionParent);
addState(mRekeyChildLocalCreate, mKillChildSessionParent);
- addState(mMobikeRekeyChildLocalCreate, mKillChildSessionParent);
addState(mRekeyChildRemoteCreate, mKillChildSessionParent);
addState(mRekeyChildLocalDelete, mKillChildSessionParent);
addState(mRekeyChildRemoteDelete, mKillChildSessionParent);
@@ -363,7 +349,6 @@
* @param remoteAddress The remote (outer) address of the Child Session.
* @param udpEncapSocket The socket to use for UDP encapsulation, or NULL if no encap needed.
* @param ikePrf The pseudo-random function to use for key derivation
- * @param ikeDh The negotiated IKE DH group
* @param skD The key for which to derive new keying information from.
*/
public void handleFirstChildExchange(
@@ -373,14 +358,12 @@
InetAddress remoteAddress,
UdpEncapsulationSocket udpEncapSocket,
IkeMacPrf ikePrf,
- int ikeDh,
byte[] skD) {
this.mLocalAddress = localAddress;
this.mRemoteAddress = remoteAddress;
this.mUdpEncapSocket = udpEncapSocket;
this.mIkePrf = ikePrf;
- this.mIkeDhGroup = ikeDh;
this.mSkD = skD;
mIsFirstChild = true;
@@ -400,7 +383,6 @@
* @param remoteAddress The remote (outer) address to which traffic will be sent.
* @param udpEncapSocket The socket to use for UDP encapsulation, or NULL if no encap needed.
* @param ikePrf The pseudo-random function to use for key derivation
- * @param ikeDh The negotiated IKE DH group
* @param skD The key for which to derive new keying information from.
*/
public void createChildSession(
@@ -408,13 +390,11 @@
InetAddress remoteAddress,
UdpEncapsulationSocket udpEncapSocket,
IkeMacPrf ikePrf,
- int ikeDh,
byte[] skD) {
this.mLocalAddress = localAddress;
this.mRemoteAddress = remoteAddress;
this.mUdpEncapSocket = udpEncapSocket;
this.mIkePrf = ikePrf;
- this.mIkeDhGroup = ikeDh;
this.mSkD = skD;
mIsFirstChild = false;
@@ -442,32 +422,12 @@
}
/**
- * Initiate Rekey Child procedure for MOBIKE (instead of migrating IPsec SAs).
+ * Kill Child Session and all alive Child SAs without doing IKE exchange.
*
- * <p>This method should only be used as a fallback mode for devices that do not have
- * XFRM_MIGRATE kernel support.
- *
- * <p>This method is called synchronously from IkeStateMachine. It proxies the synchronous call
- * as an asynchronous job to the ChildStateMachine handler.
- *
- * <p>This method works similarly to {@link #rekeyChildSession()} in that it rekeys the Child
- * SAs associated with this state machine. However, the caller is notified of Child SA creation
- * via {@link ChildSessionCallback#onIpSecTransformsMigrated(android.net.IpSecTransform,
- * android.net.IpSecTransform)};
- *
- * @param localAddress The local (outer) address from which traffic will originate.
- * @param remoteAddress The remote (outer) address to which traffic will be sent.
- * @param udpEncapSocket The socket to use for UDP encapsulation, or NULL if no encap needed.
+ * <p>It is usually called when IKE Session is being closed.
*/
- public void rekeyChildSessionForMobike(
- InetAddress localAddress,
- InetAddress remoteAddress,
- UdpEncapsulationSocket udpEncapSocket) {
- this.mLocalAddress = localAddress;
- this.mRemoteAddress = remoteAddress;
- this.mUdpEncapSocket = udpEncapSocket;
-
- sendMessage(CMD_LOCAL_REQUEST_REKEY_CHILD_MOBIKE);
+ public void killSession() {
+ sendMessage(CMD_KILL_SESSION);
}
/**
@@ -516,7 +476,6 @@
private boolean isAwaitingCreateResp() {
return (getCurrentState() == mCreateChildLocalCreate
- || getCurrentState() == mMobikeRekeyChildLocalCreate
|| getCurrentState() == mRekeyChildLocalCreate);
}
@@ -566,36 +525,12 @@
EXCHANGE_TYPE_INFORMATIONAL, true /*isResp*/, outPayloads, this);
}
- class OnIpSecSaPairCreatedRunnable implements Runnable {
- private final IpSecTransform mOut;
- private final IpSecTransform mIn;
-
- OnIpSecSaPairCreatedRunnable(ChildSaRecord childSaRecord) {
- mOut = childSaRecord.getOutboundIpSecTransform();
- mIn = childSaRecord.getInboundIpSecTransform();
- }
-
- @Override
- public void run() {
- mUserCallback.onIpSecTransformCreated(mOut, IpSecManager.DIRECTION_OUT);
- mUserCallback.onIpSecTransformCreated(mIn, IpSecManager.DIRECTION_IN);
- }
- }
-
- class OnIpSecSaPairDeletedRunnable implements Runnable {
- private final IpSecTransform mOut;
- private final IpSecTransform mIn;
-
- OnIpSecSaPairDeletedRunnable(ChildSaRecord childSaRecord) {
- mOut = childSaRecord.getOutboundIpSecTransform();
- mIn = childSaRecord.getInboundIpSecTransform();
- }
-
- @Override
- public void run() {
- mUserCallback.onIpSecTransformDeleted(mOut, IpSecManager.DIRECTION_OUT);
- mUserCallback.onIpSecTransformDeleted(mIn, IpSecManager.DIRECTION_IN);
- }
+ /** Notify users the deletion of a Child SA. MUST be called on user callback executor */
+ private void onIpSecTransformPairDeleted(ChildSaRecord childSaRecord) {
+ mUserCallback.onIpSecTransformDeleted(
+ childSaRecord.getOutboundIpSecTransform(), IpSecManager.DIRECTION_OUT);
+ mUserCallback.onIpSecTransformDeleted(
+ childSaRecord.getInboundIpSecTransform(), IpSecManager.DIRECTION_IN);
}
/**
@@ -666,7 +601,7 @@
executeUserCallback(
() -> {
- mUserCallback.onClosedWithException(new IkeInternalException(e));
+ mUserCallback.onClosedExceptionally(new IkeInternalException(e));
});
logWtf("Unexpected exception in " + getCurrentState().getName(), e);
quitNow();
@@ -701,8 +636,10 @@
private void closeChildSaRecord(ChildSaRecord childSaRecord, boolean expectSaClosed) {
if (childSaRecord == null) return;
- OnIpSecSaPairDeletedRunnable delRunnable = new OnIpSecSaPairDeletedRunnable(childSaRecord);
- executeUserCallback(delRunnable);
+ executeUserCallback(
+ () -> {
+ onIpSecTransformPairDeleted(childSaRecord);
+ });
mChildSmCallback.onChildSaDeleted(childSaRecord.getRemoteSpi());
childSaRecord.close();
@@ -723,7 +660,7 @@
executeUserCallback(
() -> {
- mUserCallback.onClosedWithException(ikeException);
+ mUserCallback.onClosedExceptionally(ikeException);
});
loge("Child Session fatal error", ikeException);
@@ -816,12 +753,14 @@
ChildSessionConfiguration sessionConfig =
buildChildSessionConfigFromResp(createChildResult, respPayloads);
-
- OnIpSecSaPairCreatedRunnable createRunnable =
- new OnIpSecSaPairCreatedRunnable(mCurrentChildSaRecord);
executeUserCallback(
() -> {
- createRunnable.run();
+ mUserCallback.onIpSecTransformCreated(
+ mCurrentChildSaRecord.getInboundIpSecTransform(),
+ IpSecManager.DIRECTION_IN);
+ mUserCallback.onIpSecTransformCreated(
+ mCurrentChildSaRecord.getOutboundIpSecTransform(),
+ IpSecManager.DIRECTION_OUT);
mUserCallback.onOpened(sessionConfig);
});
@@ -917,34 +856,31 @@
Bundle spiBundle = new Bundle();
spiBundle.putInt(BUNDLE_KEY_CHILD_REMOTE_SPI, remoteSpi);
- return mIkeHandler.obtainMessage(
- CMD_ALARM_FIRED, mIkeSessionId, localRequestType, spiBundle);
+ // This Message will eventually gets fired on the IKE session state machine's handler, since
+ // the pendingIntent clears the target
+ return obtainMessage(CMD_ALARM_FIRED, mIkeSessionId, localRequestType, spiBundle);
}
private SaLifetimeAlarmScheduler buildSaLifetimeAlarmSched(int remoteSpi) {
- Message deleteMsg = getIntentIkeSmMsg(CMD_LOCAL_REQUEST_DELETE_CHILD, remoteSpi);
- Message rekeyMsg = getIntentIkeSmMsg(CMD_LOCAL_REQUEST_REKEY_CHILD, remoteSpi);
-
PendingIntent deleteSaIntent =
buildIkeAlarmIntent(
- mContext, ACTION_DELETE_CHILD, getIntentIdentifier(remoteSpi), deleteMsg);
- PendingIntent rekeySaIntent =
- buildIkeAlarmIntent(
- mContext, ACTION_REKEY_CHILD, getIntentIdentifier(remoteSpi), rekeyMsg);
-
- return new SaLifetimeAlarmScheduler(
- new IkeAlarmConfig(
mContext,
ACTION_DELETE_CHILD,
- mChildSessionParams.getHardLifetimeMsInternal(),
- deleteSaIntent,
- deleteMsg),
- new IkeAlarmConfig(
+ getIntentIdentifier(remoteSpi),
+ getIntentIkeSmMsg(CMD_LOCAL_REQUEST_DELETE_CHILD, remoteSpi));
+ PendingIntent rekeySaIntent =
+ buildIkeAlarmIntent(
mContext,
ACTION_REKEY_CHILD,
- mChildSessionParams.getSoftLifetimeMsInternal(),
- rekeySaIntent,
- rekeyMsg));
+ getIntentIdentifier(remoteSpi),
+ getIntentIkeSmMsg(CMD_LOCAL_REQUEST_REKEY_CHILD, remoteSpi));
+
+ return new SaLifetimeAlarmScheduler(
+ mChildSessionParams.getHardLifetimeMsInternal(),
+ mChildSessionParams.getSoftLifetimeMsInternal(),
+ deleteSaIntent,
+ rekeySaIntent,
+ mAlarmManager);
}
/** Initial state of ChildSessionStateMachine. */
@@ -1053,7 +989,7 @@
transitionTo(mInitial);
mChildSmCallback.scheduleRetryLocalRequest(
- mLocalRequestFactory.getChildLocalRequest(
+ new ChildLocalRequest(
CMD_LOCAL_REQUEST_CREATE_CHILD,
mUserCallback,
mChildSessionParams));
@@ -1106,9 +1042,6 @@
case CMD_LOCAL_REQUEST_REKEY_CHILD:
transitionTo(mRekeyChildLocalCreate);
return HANDLED;
- case CMD_LOCAL_REQUEST_REKEY_CHILD_MOBIKE:
- transitionTo(mMobikeRekeyChildLocalCreate);
- return HANDLED;
case CMD_HANDLE_RECEIVED_REQUEST:
ReceivedRequest req = (ReceivedRequest) message.obj;
switch (req.exchangeSubtype) {
@@ -1230,18 +1163,28 @@
"Found no remote SPI for mCurrentChildSaRecord in a Delete Child"
+ " request."));
} else {
+
+ executeUserCallback(
+ () -> {
+ mUserCallback.onClosed();
+ onIpSecTransformPairDeleted(mCurrentChildSaRecord);
+ });
+
sendDeleteChild(mCurrentChildSaRecord, true /*isResp*/);
- closeSessionAndNotifyUser(true /* quitStateMachine */);
+
+ mChildSmCallback.onChildSaDeleted(mCurrentChildSaRecord.getRemoteSpi());
+ mCurrentChildSaRecord.close();
+ mCurrentChildSaRecord = null;
+
+ quitNow();
}
}
protected void closeSessionAndNotifyUser(boolean quitStateMachine) {
- OnIpSecSaPairDeletedRunnable delRunnable =
- new OnIpSecSaPairDeletedRunnable(mCurrentChildSaRecord);
executeUserCallback(
() -> {
mUserCallback.onClosed();
- delRunnable.run();
+ onIpSecTransformPairDeleted(mCurrentChildSaRecord);
});
mChildSmCallback.onChildSaDeleted(mCurrentChildSaRecord.getRemoteSpi());
@@ -1499,7 +1442,17 @@
buildSaLifetimeAlarmSched(
createChildResult.respSpi.getSpi()));
- notifyCallerForLocalChildSaRekey();
+ executeUserCallback(
+ () -> {
+ mUserCallback.onIpSecTransformCreated(
+ mLocalInitNewChildSaRecord
+ .getInboundIpSecTransform(),
+ IpSecManager.DIRECTION_IN);
+ mUserCallback.onIpSecTransformCreated(
+ mLocalInitNewChildSaRecord
+ .getOutboundIpSecTransform(),
+ IpSecManager.DIRECTION_OUT);
+ });
transitionTo(mRekeyChildLocalDelete);
} catch (GeneralSecurityException
@@ -1538,12 +1491,6 @@
}
}
- protected void notifyCallerForLocalChildSaRekey() {
- OnIpSecSaPairCreatedRunnable createRunnable =
- new OnIpSecSaPairCreatedRunnable(mLocalInitNewChildSaRecord);
- executeUserCallback(createRunnable);
- }
-
private void handleProcessRespOrSaCreationFailAndQuit(
int registeredSpi, Exception exception) {
// We don't retry rekey if failure was caused by invalid response or SA creation error.
@@ -1564,28 +1511,6 @@
}
}
- /**
- * MobikeRekeyChildLocalCreate represents the state where Child Session initiates the Rekey
- * Child exchange for MOBIKE-enabled IKE Sessions.
- *
- * <p>MobikeRekeyChildLocalCreate behaves similarly to RekeyChildLocalCreate except that it
- * notifies the caller of Child SA creation via {@link
- * ChildSessionCallback#onIpSecTransformsMigrated(android.net.IpSecTransform,
- * android.net.IpSecTransform)}.
- *
- * <p>As indicated in RFC 7296 section 2.8, "when rekeying, the new Child SA SHOULD NOT have
- * different Traffic Selectors and algorithms than the old one."
- */
- class MobikeRekeyChildLocalCreate extends RekeyChildLocalCreate {
- @Override
- protected void notifyCallerForLocalChildSaRekey() {
- IpSecTransform inTransform = mLocalInitNewChildSaRecord.getInboundIpSecTransform();
- IpSecTransform outTransform = mLocalInitNewChildSaRecord.getOutboundIpSecTransform();
- executeUserCallback(
- () -> mUserCallback.onIpSecTransformsMigrated(inTransform, outTransform));
- }
- }
-
private ChildSaProposal addDhGroupsFromChildSessionParamsIfAbsent() {
// DH groups are excluded for the first child. Add dh groups from child session params in
// this case.
@@ -1658,15 +1583,13 @@
PAYLOAD_TYPE_KE, IkeKePayload.class, reqPayloads);
ChildSaProposal saProposal = mSaProposal;
- if (reqKePayload != null) {
- saProposal =
- reqSaPayload.getNegotiatedChildProposalWithDh(
- mSaProposal,
- mChildSessionParams.getChildSaProposals(),
- reqKePayload.dhGroup,
- mIkeDhGroup);
- }
+ // Try accepting a DH group requested during remote rekey for both first and
+ // additional Child Sessions even if it is different from the previously negotiated
+ // proposal.
+ if (reqKePayload != null && isKePayloadAcceptable(reqKePayload)) {
+ saProposal = mSaProposal.getCopyWithAdditionalDhTransform(reqKePayload.dhGroup);
+ }
byte respProposalNumber = reqSaPayload.getNegotiatedProposalNumber(saProposal);
@@ -1681,7 +1604,7 @@
mRemoteTs,
mCurrentChildSaRecord.getLocalSpi(),
mChildSessionParams.isTransportMode());
- } catch (NoValidProposalChosenException | InvalidKeException e) {
+ } catch (NoValidProposalChosenException e) {
handleCreationFailureAndBackToIdle(e);
return;
} catch (SpiUnavailableException | ResourceUnavailableException e) {
@@ -1733,12 +1656,11 @@
// the remote has (implicitly) acknowledged our response via the
// delete-old-SA request. This will be performed in the finishRekey()
// method.
- IpSecTransform inTransform =
- mRemoteInitNewChildSaRecord.getInboundIpSecTransform();
executeUserCallback(
() -> {
mUserCallback.onIpSecTransformCreated(
- inTransform, IpSecManager.DIRECTION_IN);
+ mRemoteInitNewChildSaRecord.getInboundIpSecTransform(),
+ IpSecManager.DIRECTION_IN);
});
mChildSmCallback.onOutboundPayloadsReady(
@@ -1786,6 +1708,20 @@
}
}
+ private boolean isKePayloadAcceptable(IkeKePayload reqKePayload) {
+ ChildSaProposal proposal =
+ mSaProposal.getCopyWithAdditionalDhTransform(reqKePayload.dhGroup);
+
+ // Verify if this proposal is accepted by user
+ for (SaProposal saProposal : mChildSessionParams.getSaProposals()) {
+ if (proposal.isNegotiatedFrom(saProposal)) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
private void handleCreationFailureAndBackToIdle(IkeProtocolException e) {
loge("Received invalid Rekey Child request. Reject with error notification", e);
@@ -1841,9 +1777,10 @@
// Rekey timer for old SA will be cancelled as part of the closing of the SA.
protected void finishRekey() {
- OnIpSecSaPairDeletedRunnable delRunnable =
- new OnIpSecSaPairDeletedRunnable(mCurrentChildSaRecord);
- executeUserCallback(delRunnable);
+ executeUserCallback(
+ () -> {
+ onIpSecTransformPairDeleted(mCurrentChildSaRecord);
+ });
mChildSmCallback.onChildSaDeleted(mCurrentChildSaRecord.getRemoteSpi());
mCurrentChildSaRecord.close();
@@ -1986,11 +1923,11 @@
@Override
protected void finishRekey() {
- IpSecTransform outTransform = mRemoteInitNewChildSaRecord.getOutboundIpSecTransform();
executeUserCallback(
() -> {
mUserCallback.onIpSecTransformCreated(
- outTransform, IpSecManager.DIRECTION_OUT);
+ mRemoteInitNewChildSaRecord.getOutboundIpSecTransform(),
+ IpSecManager.DIRECTION_OUT);
});
super.finishRekey();
@@ -2129,8 +2066,7 @@
((ChildProposal) saPayload.proposalList.get(0))
.saProposal.getDhGroupTransforms();
if (dhGroups.length != 0 && dhGroups[0].id != DH_GROUP_NONE) {
- payloadList.add(
- IkeKePayload.createOutboundKePayload(dhGroups[0].id, randomFactory));
+ payloadList.add(new IkeKePayload(dhGroups[0].id, randomFactory));
}
if (isTransport) payloadList.add(new IkeNotifyPayload(NOTIFY_TYPE_USE_TRANSPORT_MODE));
diff --git a/src/java/com/android/internal/net/ipsec/ike/ChildSessionStateMachineFactory.java b/src/java/com/android/internal/net/ipsec/ike/ChildSessionStateMachineFactory.java
index 3ea585a..a1a0147 100644
--- a/src/java/com/android/internal/net/ipsec/ike/ChildSessionStateMachineFactory.java
+++ b/src/java/com/android/internal/net/ipsec/ike/ChildSessionStateMachineFactory.java
@@ -16,11 +16,11 @@
package com.android.internal.net.ipsec.ike;
+import android.app.AlarmManager;
import android.content.Context;
import android.net.IpSecManager;
import android.net.ipsec.ike.ChildSessionCallback;
import android.net.ipsec.ike.ChildSessionParams;
-import android.os.Handler;
import android.os.Looper;
import com.android.internal.annotations.VisibleForTesting;
@@ -41,7 +41,7 @@
Looper looper,
Context context,
int ikeSessionUniqueId,
- Handler ikeHandler,
+ AlarmManager alarmManager,
RandomnessFactory randomFactory,
IpSecSpiGenerator ipSecSpiGenerator,
ChildSessionParams sessionParams,
@@ -52,7 +52,7 @@
looper,
context,
ikeSessionUniqueId,
- ikeHandler,
+ alarmManager,
randomFactory,
ipSecSpiGenerator,
sessionParams,
@@ -77,7 +77,7 @@
Looper looper,
Context context,
int ikeSessionUniqueId,
- Handler ikeHandler,
+ AlarmManager alarmManager,
RandomnessFactory randomFactory,
IpSecSpiGenerator ipSecSpiGenerator,
ChildSessionParams sessionParams,
@@ -96,7 +96,7 @@
Looper looper,
Context context,
int ikeSessionUniqueId,
- Handler ikeHandler,
+ AlarmManager alarmManager,
RandomnessFactory randomFactory,
IpSecSpiGenerator ipSecSpiGenerator,
ChildSessionParams sessionParams,
@@ -108,7 +108,7 @@
looper,
context,
ikeSessionUniqueId,
- ikeHandler,
+ alarmManager,
randomFactory,
(IpSecManager) context.getSystemService(Context.IPSEC_SERVICE),
ipSecSpiGenerator,
diff --git a/src/java/com/android/internal/net/ipsec/ike/IkeDhParams.java b/src/java/com/android/internal/net/ipsec/ike/IkeDhParams.java
index d5e1d7b..9219784 100644
--- a/src/java/com/android/internal/net/ipsec/ike/IkeDhParams.java
+++ b/src/java/com/android/internal/net/ipsec/ike/IkeDhParams.java
@@ -28,15 +28,6 @@
+ "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
+ "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381"
+ "FFFFFFFFFFFFFFFF";
- public static final String PRIME_1536_BIT_MODP =
- "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
- + "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
- + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
- + "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
- + "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
- + "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
- + "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
- + "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF";
public static final String PRIME_2048_BIT_MODP =
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+ "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
diff --git a/src/java/com/android/internal/net/ipsec/ike/IkeLocalRequestScheduler.java b/src/java/com/android/internal/net/ipsec/ike/IkeLocalRequestScheduler.java
index 3cfcb94..1217126 100644
--- a/src/java/com/android/internal/net/ipsec/ike/IkeLocalRequestScheduler.java
+++ b/src/java/com/android/internal/net/ipsec/ike/IkeLocalRequestScheduler.java
@@ -19,17 +19,10 @@
import static android.os.PowerManager.PARTIAL_WAKE_LOCK;
import static com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.CMD_LOCAL_REQUEST_CREATE_CHILD;
-import static com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.CMD_LOCAL_REQUEST_DELETE_CHILD;
import static com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_CHILD;
-import static com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_CHILD_MOBIKE;
import static com.android.internal.net.ipsec.ike.IkeSessionStateMachine.CMD_LOCAL_REQUEST_CREATE_IKE;
-import static com.android.internal.net.ipsec.ike.IkeSessionStateMachine.CMD_LOCAL_REQUEST_DELETE_IKE;
import static com.android.internal.net.ipsec.ike.IkeSessionStateMachine.CMD_LOCAL_REQUEST_DPD;
-import static com.android.internal.net.ipsec.ike.IkeSessionStateMachine.CMD_LOCAL_REQUEST_INFO;
-import static com.android.internal.net.ipsec.ike.IkeSessionStateMachine.CMD_LOCAL_REQUEST_MOBIKE;
-import static com.android.internal.net.ipsec.ike.IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE;
-import android.annotation.IntDef;
import android.content.Context;
import android.net.ipsec.ike.ChildSessionCallback;
import android.net.ipsec.ike.ChildSessionParams;
@@ -38,10 +31,7 @@
import com.android.internal.annotations.VisibleForTesting;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.util.Comparator;
-import java.util.PriorityQueue;
+import java.util.LinkedList;
/**
* IkeLocalRequestScheduler caches all local requests scheduled by an IKE Session and notify the IKE
@@ -54,44 +44,14 @@
@VisibleForTesting static final String LOCAL_REQUEST_WAKE_LOCK_TAG = "LocalRequestWakeLock";
- private static final int DEFAULT_REQUEST_QUEUE_SIZE = 1;
-
- private static final int REQUEST_ID_NOT_ASSIGNED = -1;
-
- // Local request that must be handled immediately. Ex: CMD_LOCAL_REQUEST_DELETE_IKE
- @VisibleForTesting static final int REQUEST_PRIORITY_URGENT = 0;
-
- // Local request that must be handled soon, but not necessarily immediately.
- // Ex: CMD_LOCAL_REQUEST_MOBIKE
- @VisibleForTesting static final int REQUEST_PRIORITY_HIGH = 1;
-
- // Local request that should be handled once nothing more urgent requires handling. Most
- // LocalRequests will have this priority.
- @VisibleForTesting static final int REQUEST_PRIORITY_NORMAL = 2;
-
- // Local request that has an unknown priority. This shouldn't happen in normal processing.
- @VisibleForTesting static final int REQUEST_PRIORITY_UNKNOWN = Integer.MAX_VALUE;
-
- @Retention(RetentionPolicy.SOURCE)
- @IntDef({
- REQUEST_PRIORITY_URGENT,
- REQUEST_PRIORITY_HIGH,
- REQUEST_PRIORITY_NORMAL,
- REQUEST_PRIORITY_UNKNOWN
- })
- @interface RequestPriority {}
-
public static int SPI_NOT_INCLUDED = 0;
private final PowerManager mPowerManager;
- private final PriorityQueue<LocalRequest> mRequestQueue =
- new PriorityQueue<>(DEFAULT_REQUEST_QUEUE_SIZE, new LocalRequestComparator());
+ private final LinkedList<LocalRequest> mRequestQueue = new LinkedList<>();
private final IProcedureConsumer mConsumer;
- private int mNextRequestId;
-
/**
* Construct an instance of IkeLocalRequestScheduler
*
@@ -100,17 +60,20 @@
public IkeLocalRequestScheduler(IProcedureConsumer consumer, Context context) {
mConsumer = consumer;
mPowerManager = context.getSystemService(PowerManager.class);
-
- mNextRequestId = 0;
}
/** Add a new local request to the queue. */
public void addRequest(LocalRequest request) {
request.acquireWakeLock(mPowerManager);
- request.setRequestId(mNextRequestId++);
mRequestQueue.offer(request);
}
+ /** Add a new local request to the front of the queue. */
+ public void addRequestAtFront(LocalRequest request) {
+ request.acquireWakeLock(mPowerManager);
+ mRequestQueue.offerFirst(request);
+ }
+
/**
* Notifies the scheduler that the caller is ready for a new procedure
*
@@ -139,33 +102,11 @@
*/
public abstract static class LocalRequest {
public final int procedureType;
-
- // Priority of this LocalRequest. Note that a lower 'priority' means higher urgency.
- @RequestPriority private final int mPriority;
-
- // ID used to preserve insertion-order between requests in IkeLocalRequestScheduler with the
- // same priority. Set when the LocalRequest is added to the IkeLocalRequestScheduler.
- private int mRequestId = REQUEST_ID_NOT_ASSIGNED;
private WakeLock mWakeLock;
- LocalRequest(int type, int priority) {
+ LocalRequest(int type) {
validateTypeOrThrow(type);
procedureType = type;
- mPriority = priority;
- }
-
- @VisibleForTesting
- int getPriority() {
- return mPriority;
- }
-
- private void setRequestId(int requestId) {
- mRequestId = requestId;
- }
-
- @VisibleForTesting
- int getRequestId() {
- return mRequestId;
}
/**
@@ -201,18 +142,6 @@
protected abstract boolean isChildRequest();
}
- /** LocalRequestComparator is a comparator for comparing LocalRequest instances. */
- private class LocalRequestComparator implements Comparator<LocalRequest> {
- @Override
- public int compare(LocalRequest requestA, LocalRequest requestB) {
- int relativePriorities =
- Integer.compare(requestA.getPriority(), requestB.getPriority());
- if (relativePriorities != 0) return relativePriorities;
-
- return Integer.compare(requestA.getRequestId(), requestB.getRequestId());
- }
- }
-
/**
* This class represents a user requested or internally scheduled IKE procedure that will be
* initiated locally.
@@ -220,15 +149,20 @@
public static class IkeLocalRequest extends LocalRequest {
public long remoteSpi;
+ /** Schedule a request for the IKE Session */
+ IkeLocalRequest(int type) {
+ this(type, SPI_NOT_INCLUDED);
+ }
+
/** Schedule a request for an IKE SA that is identified by the remoteIkeSpi */
- private IkeLocalRequest(int type, long remoteIkeSpi, int priority) {
- super(type, priority);
+ IkeLocalRequest(int type, long remoteIkeSpi) {
+ super(type);
remoteSpi = remoteIkeSpi;
}
@Override
protected void validateTypeOrThrow(int type) {
- if (type >= CMD_LOCAL_REQUEST_CREATE_IKE && type <= CMD_LOCAL_REQUEST_MOBIKE) return;
+ if (type >= CMD_LOCAL_REQUEST_CREATE_IKE && type <= CMD_LOCAL_REQUEST_DPD) return;
throw new IllegalArgumentException("Invalid IKE procedure type: " + type);
}
@@ -247,13 +181,23 @@
public final ChildSessionCallback childSessionCallback;
public final ChildSessionParams childSessionParams;
+ /** Schedule a request for a Child Session that is identified by the childCallback */
+ ChildLocalRequest(
+ int type, ChildSessionCallback childCallback, ChildSessionParams childParams) {
+ this(type, SPI_NOT_INCLUDED, childCallback, childParams);
+ }
+
+ /** Schedule a request for a Child SA that is identified by the remoteChildSpi */
+ ChildLocalRequest(int type, int remoteChildSpi) {
+ this(type, remoteChildSpi, null /*childCallback*/, null /*childParams*/);
+ }
+
private ChildLocalRequest(
int type,
int remoteChildSpi,
ChildSessionCallback childCallback,
- ChildSessionParams childParams,
- int priority) {
- super(type, priority);
+ ChildSessionParams childParams) {
+ super(type);
childSessionParams = childParams;
childSessionCallback = childCallback;
remoteSpi = remoteChildSpi;
@@ -261,8 +205,7 @@
@Override
protected void validateTypeOrThrow(int type) {
- if (type >= CMD_LOCAL_REQUEST_CREATE_CHILD
- && type <= CMD_LOCAL_REQUEST_REKEY_CHILD_MOBIKE) {
+ if (type >= CMD_LOCAL_REQUEST_CREATE_CHILD && type <= CMD_LOCAL_REQUEST_REKEY_CHILD) {
return;
}
@@ -284,66 +227,4 @@
*/
void onNewProcedureReady(LocalRequest localRequest);
}
-
- /** package-protected */
- static class LocalRequestFactory {
- /** Create a request for the IKE Session */
- IkeLocalRequest getIkeLocalRequest(int type) {
- return getIkeLocalRequest(type, SPI_NOT_INCLUDED);
- }
-
- /** Create a request for an IKE SA that is identified by the remoteIkeSpi */
- IkeLocalRequest getIkeLocalRequest(int type, long remoteIkeSpi) {
- return new IkeLocalRequest(type, remoteIkeSpi, procedureTypeToPriority(type));
- }
-
- /** Create a request for a Child Session that is identified by the childCallback */
- ChildLocalRequest getChildLocalRequest(
- int type, ChildSessionCallback childCallback, ChildSessionParams childParams) {
- return new ChildLocalRequest(
- type,
- SPI_NOT_INCLUDED,
- childCallback,
- childParams,
- procedureTypeToPriority(type));
- }
-
- /** Create a request for a Child SA that is identified by the remoteChildSpi */
- ChildLocalRequest getChildLocalRequest(int type, int remoteChildSpi) {
- return new ChildLocalRequest(
- type,
- remoteChildSpi,
- null /*childCallback*/,
- null /*childParams*/,
- procedureTypeToPriority(type));
- }
-
- /** Returns the request priority for the specified procedure type. */
- @VisibleForTesting
- @RequestPriority
- static int procedureTypeToPriority(int procedureType) {
- switch (procedureType) {
- case CMD_LOCAL_REQUEST_DELETE_IKE:
- return REQUEST_PRIORITY_URGENT;
-
- case CMD_LOCAL_REQUEST_MOBIKE:
- case CMD_LOCAL_REQUEST_REKEY_CHILD_MOBIKE:
- return REQUEST_PRIORITY_HIGH;
-
- case CMD_LOCAL_REQUEST_CREATE_IKE: // Fallthrough
- case CMD_LOCAL_REQUEST_REKEY_IKE: // Fallthrough
- case CMD_LOCAL_REQUEST_INFO: // Fallthrough
- case CMD_LOCAL_REQUEST_DPD: // Fallthrough
- case CMD_LOCAL_REQUEST_CREATE_CHILD: // Fallthrough
- case CMD_LOCAL_REQUEST_DELETE_CHILD: // Fallthrough
- case CMD_LOCAL_REQUEST_REKEY_CHILD:
- return REQUEST_PRIORITY_NORMAL;
-
- default:
- // unknown procedure type - assign it the lowest priority
- getIkeLog().wtf(TAG, "Unknown procedureType: " + procedureType);
- return REQUEST_PRIORITY_UNKNOWN;
- }
- }
- }
}
diff --git a/src/java/com/android/internal/net/ipsec/ike/IkeSessionStateMachine.java b/src/java/com/android/internal/net/ipsec/ike/IkeSessionStateMachine.java
index 7e7001e..ed0be28 100644
--- a/src/java/com/android/internal/net/ipsec/ike/IkeSessionStateMachine.java
+++ b/src/java/com/android/internal/net/ipsec/ike/IkeSessionStateMachine.java
@@ -16,10 +16,7 @@
package com.android.internal.net.ipsec.ike;
import static android.net.ipsec.ike.IkeSessionConfiguration.EXTENSION_TYPE_FRAGMENTATION;
-import static android.net.ipsec.ike.IkeSessionConfiguration.EXTENSION_TYPE_MOBIKE;
import static android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_EAP_ONLY_AUTH;
-import static android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_FORCE_PORT_4500;
-import static android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_MOBIKE;
import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_CHILD_SA_NOT_FOUND;
import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_INVALID_SYNTAX;
import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_NO_ADDITIONAL_SAS;
@@ -33,16 +30,12 @@
import static com.android.internal.net.ipsec.ike.message.IkeMessage.DECODE_STATUS_PARTIAL;
import static com.android.internal.net.ipsec.ike.message.IkeMessage.DECODE_STATUS_PROTECTED_ERROR;
import static com.android.internal.net.ipsec.ike.message.IkeMessage.DECODE_STATUS_UNPROTECTED_ERROR;
-import static com.android.internal.net.ipsec.ike.message.IkeNotifyPayload.NOTIFY_TYPE_COOKIE;
-import static com.android.internal.net.ipsec.ike.message.IkeNotifyPayload.NOTIFY_TYPE_COOKIE2;
import static com.android.internal.net.ipsec.ike.message.IkeNotifyPayload.NOTIFY_TYPE_EAP_ONLY_AUTHENTICATION;
import static com.android.internal.net.ipsec.ike.message.IkeNotifyPayload.NOTIFY_TYPE_IKEV2_FRAGMENTATION_SUPPORTED;
-import static com.android.internal.net.ipsec.ike.message.IkeNotifyPayload.NOTIFY_TYPE_MOBIKE_SUPPORTED;
import static com.android.internal.net.ipsec.ike.message.IkeNotifyPayload.NOTIFY_TYPE_NAT_DETECTION_DESTINATION_IP;
import static com.android.internal.net.ipsec.ike.message.IkeNotifyPayload.NOTIFY_TYPE_NAT_DETECTION_SOURCE_IP;
import static com.android.internal.net.ipsec.ike.message.IkeNotifyPayload.NOTIFY_TYPE_REKEY_SA;
import static com.android.internal.net.ipsec.ike.message.IkeNotifyPayload.NOTIFY_TYPE_SIGNATURE_HASH_ALGORITHMS;
-import static com.android.internal.net.ipsec.ike.message.IkeNotifyPayload.NOTIFY_TYPE_UPDATE_SA_ADDRESSES;
import static com.android.internal.net.ipsec.ike.message.IkePayload.PAYLOAD_TYPE_AUTH;
import static com.android.internal.net.ipsec.ike.message.IkePayload.PAYLOAD_TYPE_CP;
import static com.android.internal.net.ipsec.ike.message.IkePayload.PAYLOAD_TYPE_DELETE;
@@ -52,7 +45,6 @@
import static com.android.internal.net.ipsec.ike.message.IkePayload.PAYLOAD_TYPE_TS_INITIATOR;
import static com.android.internal.net.ipsec.ike.message.IkePayload.PAYLOAD_TYPE_TS_RESPONDER;
import static com.android.internal.net.ipsec.ike.message.IkePayload.PAYLOAD_TYPE_VENDOR;
-import static com.android.internal.net.ipsec.ike.utils.IkeAlarm.IkeAlarmConfig;
import static com.android.internal.net.ipsec.ike.utils.IkeAlarmReceiver.ACTION_DELETE_CHILD;
import static com.android.internal.net.ipsec.ike.utils.IkeAlarmReceiver.ACTION_DELETE_IKE;
import static com.android.internal.net.ipsec.ike.utils.IkeAlarmReceiver.ACTION_DPD;
@@ -66,14 +58,11 @@
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
-import android.net.ConnectivityManager;
import android.net.IpSecManager;
import android.net.IpSecManager.ResourceUnavailableException;
import android.net.IpSecManager.SpiUnavailableException;
import android.net.IpSecManager.UdpEncapsulationSocket;
-import android.net.LinkProperties;
import android.net.Network;
-import android.net.NetworkRequest;
import android.net.ipsec.ike.ChildSessionCallback;
import android.net.ipsec.ike.ChildSessionParams;
import android.net.ipsec.ike.IkeSaProposal;
@@ -85,21 +74,18 @@
import android.net.ipsec.ike.IkeSessionParams.IkeAuthDigitalSignLocalConfig;
import android.net.ipsec.ike.IkeSessionParams.IkeAuthDigitalSignRemoteConfig;
import android.net.ipsec.ike.IkeSessionParams.IkeAuthPskConfig;
-import android.net.ipsec.ike.TransportModeChildSessionParams;
-import android.net.ipsec.ike.exceptions.AuthenticationFailedException;
import android.net.ipsec.ike.exceptions.IkeException;
import android.net.ipsec.ike.exceptions.IkeInternalException;
-import android.net.ipsec.ike.exceptions.IkeNetworkLostException;
import android.net.ipsec.ike.exceptions.IkeProtocolException;
-import android.net.ipsec.ike.exceptions.InvalidKeException;
-import android.net.ipsec.ike.exceptions.InvalidSyntaxException;
-import android.net.ipsec.ike.exceptions.NoValidProposalChosenException;
import android.os.Bundle;
import android.os.Handler;
import android.os.Looper;
import android.os.Message;
import android.os.PowerManager;
+import android.os.SystemClock;
import android.system.ErrnoException;
+import android.system.Os;
+import android.system.OsConstants;
import android.util.LongSparseArray;
import android.util.Pair;
import android.util.SparseArray;
@@ -112,13 +98,15 @@
import com.android.internal.net.ipsec.ike.IkeLocalRequestScheduler.ChildLocalRequest;
import com.android.internal.net.ipsec.ike.IkeLocalRequestScheduler.IkeLocalRequest;
import com.android.internal.net.ipsec.ike.IkeLocalRequestScheduler.LocalRequest;
-import com.android.internal.net.ipsec.ike.IkeLocalRequestScheduler.LocalRequestFactory;
import com.android.internal.net.ipsec.ike.SaRecord.IkeSaRecord;
import com.android.internal.net.ipsec.ike.SaRecord.SaLifetimeAlarmScheduler;
import com.android.internal.net.ipsec.ike.crypto.IkeCipher;
import com.android.internal.net.ipsec.ike.crypto.IkeMacIntegrity;
import com.android.internal.net.ipsec.ike.crypto.IkeMacPrf;
-import com.android.internal.net.ipsec.ike.ike3gpp.Ike3gppExtensionExchange;
+import com.android.internal.net.ipsec.ike.exceptions.AuthenticationFailedException;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidKeException;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidSyntaxException;
+import com.android.internal.net.ipsec.ike.exceptions.NoValidProposalChosenException;
import com.android.internal.net.ipsec.ike.keepalive.IkeNattKeepalive;
import com.android.internal.net.ipsec.ike.message.IkeAuthDigitalSignPayload;
import com.android.internal.net.ipsec.ike.message.IkeAuthPayload;
@@ -146,12 +134,6 @@
import com.android.internal.net.ipsec.ike.message.IkeSaPayload;
import com.android.internal.net.ipsec.ike.message.IkeSaPayload.IkeProposal;
import com.android.internal.net.ipsec.ike.message.IkeVendorPayload;
-import com.android.internal.net.ipsec.ike.net.IkeDefaultNetworkCallback;
-import com.android.internal.net.ipsec.ike.net.IkeLocalAddressGenerator;
-import com.android.internal.net.ipsec.ike.net.IkeNetworkCallbackBase;
-import com.android.internal.net.ipsec.ike.net.IkeNetworkUpdater;
-import com.android.internal.net.ipsec.ike.net.IkeSpecificNetworkCallback;
-import com.android.internal.net.ipsec.ike.utils.IkeAlarm;
import com.android.internal.net.ipsec.ike.utils.IkeAlarmReceiver;
import com.android.internal.net.ipsec.ike.utils.IkeSecurityParameterIndex;
import com.android.internal.net.ipsec.ike.utils.IkeSpiGenerator;
@@ -159,15 +141,14 @@
import com.android.internal.net.ipsec.ike.utils.RandomnessFactory;
import com.android.internal.net.ipsec.ike.utils.Retransmitter;
import com.android.internal.util.State;
-import com.android.modules.utils.build.SdkLevel;
+import java.io.FileDescriptor;
import java.io.IOException;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.net.Inet4Address;
-import java.net.Inet6Address;
import java.net.InetAddress;
-import java.net.UnknownHostException;
+import java.net.InetSocketAddress;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.cert.TrustAnchor;
@@ -202,8 +183,7 @@
* Exchange Type = {IkeInit | IkeAuth | Create | Delete | Info}
* </pre>
*/
-public class IkeSessionStateMachine extends AbstractSessionStateMachine
- implements IkeNetworkUpdater {
+public class IkeSessionStateMachine extends AbstractSessionStateMachine {
// Package private
static final String TAG = "IkeSessionStateMachine";
@@ -248,8 +228,7 @@
@VisibleForTesting
static final long TEMP_FAILURE_RETRY_TIMEOUT_MS = TimeUnit.MINUTES.toMillis(5L);
- // The maximum number of attempts allowed for a single DNS resolution.
- static final int MAX_DNS_RESOLUTION_ATTEMPTS = 3;
+ @VisibleForTesting static final int NATT_KEEPALIVE_DELAY_SECONDS = 10;
// Package private IKE exchange subtypes describe the specific function of a IKE
// request/response exchange. It helps IkeSessionStateMachine to do message validation according
@@ -267,17 +246,17 @@
})
@interface IkeExchangeSubType {}
- public static final int IKE_EXCHANGE_SUBTYPE_INVALID = 0;
- public static final int IKE_EXCHANGE_SUBTYPE_IKE_INIT = 1;
- public static final int IKE_EXCHANGE_SUBTYPE_IKE_AUTH = 2;
- public static final int IKE_EXCHANGE_SUBTYPE_CREATE_CHILD = 3;
- public static final int IKE_EXCHANGE_SUBTYPE_DELETE_IKE = 4;
- public static final int IKE_EXCHANGE_SUBTYPE_DELETE_CHILD = 5;
- public static final int IKE_EXCHANGE_SUBTYPE_REKEY_IKE = 6;
- public static final int IKE_EXCHANGE_SUBTYPE_REKEY_CHILD = 7;
- public static final int IKE_EXCHANGE_SUBTYPE_GENERIC_INFO = 8;
+ static final int IKE_EXCHANGE_SUBTYPE_INVALID = 0;
+ static final int IKE_EXCHANGE_SUBTYPE_IKE_INIT = 1;
+ static final int IKE_EXCHANGE_SUBTYPE_IKE_AUTH = 2;
+ static final int IKE_EXCHANGE_SUBTYPE_CREATE_CHILD = 3;
+ static final int IKE_EXCHANGE_SUBTYPE_DELETE_IKE = 4;
+ static final int IKE_EXCHANGE_SUBTYPE_DELETE_CHILD = 5;
+ static final int IKE_EXCHANGE_SUBTYPE_REKEY_IKE = 6;
+ static final int IKE_EXCHANGE_SUBTYPE_REKEY_CHILD = 7;
+ static final int IKE_EXCHANGE_SUBTYPE_GENERIC_INFO = 8;
- public static final SparseArray<String> EXCHANGE_SUBTYPE_TO_STRING;
+ private static final SparseArray<String> EXCHANGE_SUBTYPE_TO_STRING;
static {
EXCHANGE_SUBTYPE_TO_STRING = new SparseArray<>();
@@ -325,8 +304,8 @@
static final int CMD_ALARM_FIRED = CMD_GENERAL_BASE + 15;
/** Send keepalive packet */
static final int CMD_SEND_KEEPALIVE = CMD_GENERAL_BASE + 16;
- /** Update the Session's underlying Network */
- static final int CMD_SET_NETWORK = CMD_GENERAL_BASE + 17;
+ /** Force close the session. This is initiated locally, but will not go into the scheduler */
+ static final int CMD_KILL_SESSION = CMD_GENERAL_BASE + 17;
/** Force state machine to a target state for testing purposes. */
static final int CMD_FORCE_TRANSITION = CMD_GENERAL_BASE + 99;
@@ -336,7 +315,6 @@
static final int CMD_LOCAL_REQUEST_REKEY_IKE = CMD_IKE_LOCAL_REQUEST_BASE + 3;
static final int CMD_LOCAL_REQUEST_INFO = CMD_IKE_LOCAL_REQUEST_BASE + 4;
static final int CMD_LOCAL_REQUEST_DPD = CMD_IKE_LOCAL_REQUEST_BASE + 5;
- static final int CMD_LOCAL_REQUEST_MOBIKE = CMD_IKE_LOCAL_REQUEST_BASE + 6;
private static final SparseArray<String> CMD_TO_STR;
@@ -356,27 +334,16 @@
CMD_TO_STR.put(CMD_EAP_FAILED, "EAP failed");
CMD_TO_STR.put(CMD_EAP_FINISH_EAP_AUTH, "Finish EAP");
CMD_TO_STR.put(CMD_ALARM_FIRED, "Alarm Fired");
- CMD_TO_STR.put(CMD_SET_NETWORK, "Update underlying Network");
CMD_TO_STR.put(CMD_LOCAL_REQUEST_CREATE_IKE, "Create IKE");
CMD_TO_STR.put(CMD_LOCAL_REQUEST_DELETE_IKE, "Delete IKE");
CMD_TO_STR.put(CMD_LOCAL_REQUEST_REKEY_IKE, "Rekey IKE");
CMD_TO_STR.put(CMD_LOCAL_REQUEST_INFO, "Info");
CMD_TO_STR.put(CMD_LOCAL_REQUEST_DPD, "DPD");
- CMD_TO_STR.put(CMD_LOCAL_REQUEST_MOBIKE, "MOBIKE migration event");
}
/** Package */
@VisibleForTesting final IkeSessionParams mIkeSessionParams;
- // Underlying Network for this IKE Session. May change if MOBIKE is enabled.
- @VisibleForTesting Network mNetwork;
-
- // Network callback used to keep IkeSessionStateMachine aware of Network changes for
- // MOBIKE-enabled sessions. Initialized if MOBIKE support is determined for the IKE Session.
- private IkeNetworkCallbackBase mNetworkCallback;
-
- private final ConnectivityManager mConnectivityManager;
-
/** Map that stores all IkeSaRecords, keyed by locally generated IKE SPI. */
private final LongSparseArray<IkeSaRecord> mLocalSpiToIkeSaRecordMap;
/**
@@ -394,13 +361,10 @@
private final IkeSessionCallback mIkeSessionCallback;
private final IkeEapAuthenticatorFactory mEapAuthenticatorFactory;
private final TempFailureHandler mTempFailHandler;
- private final IkeLocalAddressGenerator mIkeLocalAddressGenerator;
/** Package private */
@VisibleForTesting final RandomnessFactory mRandomFactory;
- private final LocalRequestFactory mLocalRequestFactory;
-
/**
* mIkeSpiGenerator will be used by all IKE SA creations in this IKE Session to avoid SPI
* collision in test mode.
@@ -436,38 +400,15 @@
/** Local port assigned on device. Initialized in Initial State. */
@VisibleForTesting int mLocalPort;
- /** Available remote addresses that are v4. Resolved in Initial State. */
- @VisibleForTesting final List<Inet4Address> mRemoteAddressesV4 = new ArrayList<>();
- /** Available remote addresses that are v6. Resolved in Initial State. */
- @VisibleForTesting final List<Inet6Address> mRemoteAddressesV6 = new ArrayList<>();
-
- /**
- * Indicates if the IKE client has checked whether the server supports NAT-T. Sets to true when
- * the first time IKE client sends NAT_DETECTION (in other words the first time IKE client is
- * using IPv4 address since IKE does not support IPv6 NAT-T)
- */
- @VisibleForTesting boolean mHasCheckedNattSupport;
- /**
- * Indicates if the server supports NAT-T. Sets at the first time IKE client sends NAT_DETECTION
- * (in other words the first time IKE client is using IPv4 address since IKE does not support
- * IPv6 NAT-T)
- */
- @VisibleForTesting boolean mSupportNatTraversal;
-
/** Indicates if local node is behind a NAT. */
- @VisibleForTesting boolean mLocalNatDetected;
+ @VisibleForTesting boolean mIsLocalBehindNat;
/** Indicates if remote node is behind a NAT. */
- @VisibleForTesting boolean mRemoteNatDetected;
- /** NATT keepalive scheduler. Initialized when a NAT is detected while using V4 addresses */
+ @VisibleForTesting boolean mIsRemoteBehindNat;
+ /** NATT keepalive scheduler. Initialized when a NAT is detected */
@VisibleForTesting IkeNattKeepalive mIkeNattKeepalive;
/** Indicates if both sides support fragmentation. Set in IKE INIT */
@VisibleForTesting boolean mSupportFragment;
- /** Indicates if both sides support MOBIKE. Set in IKE AUTH. */
- @VisibleForTesting boolean mSupportMobike;
-
- /** Set of peer-supported Signature Hash Algorithms. Optionally set in IKE INIT. */
- @VisibleForTesting Set<Short> mPeerSignatureHashAlgorithms;
/** Package private IkeSaProposal that represents the negotiated IKE SA proposal. */
@VisibleForTesting IkeSaProposal mSaProposal;
@@ -510,8 +451,6 @@
/** Package */
@VisibleForTesting IkeSaRecord mIkeSaRecordAwaitingRemoteDel;
- private final Ike3gppExtensionExchange mIke3gppExtensionExchange;
-
// States
@VisibleForTesting final State mKillIkeSessionParent = new KillIkeSessionParent();
@@ -538,7 +477,6 @@
@VisibleForTesting final State mRekeyIkeRemoteDelete = new RekeyIkeRemoteDelete();
@VisibleForTesting final State mDeleteIkeLocalDelete = new DeleteIkeLocalDelete();
@VisibleForTesting final State mDpdIkeLocalInfo = new DpdIkeLocalInfo();
- @VisibleForTesting final State mMobikeLocalInfo = new MobikeLocalInfo();
/** Constructor for testing. */
@VisibleForTesting
@@ -546,26 +484,14 @@
Looper looper,
Context context,
IpSecManager ipSecManager,
- ConnectivityManager connectMgr,
IkeSessionParams ikeParams,
ChildSessionParams firstChildParams,
Executor userCbExecutor,
IkeSessionCallback ikeSessionCallback,
ChildSessionCallback firstChildSessionCallback,
- IkeEapAuthenticatorFactory eapAuthenticatorFactory,
- IkeLocalAddressGenerator ikeLocalAddressGenerator,
- LocalRequestFactory localRequestFactory) {
+ IkeEapAuthenticatorFactory eapAuthenticatorFactory) {
super(TAG, looper, userCbExecutor);
- if (ikeParams.hasIkeOption(IkeSessionParams.IKE_OPTION_MOBIKE)) {
- if (firstChildParams instanceof TransportModeChildSessionParams) {
- throw new IllegalArgumentException(
- "Transport Mode SAs not supported when MOBIKE is enabled");
- } else if (!SdkLevel.isAtLeastS()) {
- throw new IllegalStateException("MOBIKE only supported for S+");
- }
- }
-
synchronized (IKE_SESSION_LOCK) {
if (!sContextToIkeSmMap.containsKey(context)) {
// Pass in a Handler so #onReceive will run on the StateMachine thread
@@ -590,22 +516,8 @@
sIkeAlarmReceiver.registerIkeSession(mIkeSessionId, getHandler());
mIkeSessionParams = ikeParams;
- mConnectivityManager = connectMgr;
- if (mIkeSessionParams.getConfiguredNetwork() != null) {
- mNetwork = mIkeSessionParams.getConfiguredNetwork();
- } else {
- mNetwork = connectMgr.getActiveNetwork();
- if (mNetwork == null) {
- throw new IllegalStateException("No active default network found");
- }
- }
-
mEapAuthenticatorFactory = eapAuthenticatorFactory;
- mIkeLocalAddressGenerator = ikeLocalAddressGenerator;
-
- mLocalRequestFactory = localRequestFactory;
-
// SaProposals.Builder guarantees there is at least one SA proposal, and each SA proposal
// has at least one DH group.
mPeerSelectedDhGroup =
@@ -621,7 +533,7 @@
mIpSecManager = ipSecManager;
mAlarmManager = (AlarmManager) context.getSystemService(Context.ALARM_SERVICE);
- mRandomFactory = new RandomnessFactory(mContext, mNetwork);
+ mRandomFactory = new RandomnessFactory(mContext, mIkeSessionParams.getNetwork());
mIkeSpiGenerator = new IkeSpiGenerator(mRandomFactory);
mIpSecSpiGenerator = new IpSecSpiGenerator(mIpSecManager, mRandomFactory);
@@ -631,10 +543,6 @@
mFirstChildCallbacks = firstChildSessionCallback;
registerChildSessionCallback(firstChildParams, firstChildSessionCallback, true);
- mIke3gppExtensionExchange =
- new Ike3gppExtensionExchange(
- mIkeSessionParams.getIke3gppExtension(), mUserCbExecutor);
-
// CHECKSTYLE:OFF IndentationCheck
addState(mKillIkeSessionParent);
addState(mInitial, mKillIkeSessionParent);
@@ -654,7 +562,6 @@
addState(mRekeyIkeRemoteDelete, mKillIkeSessionParent);
addState(mDeleteIkeLocalDelete, mKillIkeSessionParent);
addState(mDpdIkeLocalInfo, mKillIkeSessionParent);
- addState(mMobikeLocalInfo, mKillIkeSessionParent);
// CHECKSTYLE:ON IndentationCheck
setInitialState(mInitial);
@@ -685,15 +592,12 @@
looper,
context,
ipSecManager,
- context.getSystemService(ConnectivityManager.class),
ikeParams,
firstChildParams,
userCbExecutor,
ikeSessionCallback,
firstChildSessionCallback,
- new IkeEapAuthenticatorFactory(),
- new IkeLocalAddressGenerator(),
- new LocalRequestFactory());
+ new IkeEapAuthenticatorFactory());
}
private boolean hasChildSessionCallback(ChildSessionCallback callback) {
@@ -729,7 +633,7 @@
getHandler().getLooper(),
mContext,
mIkeSessionId,
- getHandler(),
+ mAlarmManager,
mRandomFactory,
mIpSecSpiGenerator,
childParams,
@@ -742,8 +646,7 @@
/** Initiates IKE setup procedure. */
public void openSession() {
sendMessage(
- CMD_LOCAL_REQUEST_CREATE_IKE,
- mLocalRequestFactory.getIkeLocalRequest(CMD_LOCAL_REQUEST_CREATE_IKE));
+ CMD_LOCAL_REQUEST_CREATE_IKE, new IkeLocalRequest(CMD_LOCAL_REQUEST_CREATE_IKE));
}
/** Schedules a Create Child procedure. */
@@ -757,17 +660,11 @@
throw new IllegalArgumentException("Child Session Callback handle already registered");
}
- if (mIkeSessionParams.hasIkeOption(IKE_OPTION_MOBIKE)
- && childSessionParams instanceof TransportModeChildSessionParams) {
- throw new IllegalArgumentException(
- "Transport Mode SAs not supported when MOBIKE is enabled");
- }
-
registerChildSessionCallback(
childSessionParams, childSessionCallback, false /*isFirstChild*/);
sendMessage(
CMD_LOCAL_REQUEST_CREATE_CHILD,
- mLocalRequestFactory.getChildLocalRequest(
+ new ChildLocalRequest(
CMD_LOCAL_REQUEST_CREATE_CHILD, childSessionCallback, childSessionParams));
}
@@ -783,34 +680,18 @@
sendMessage(
CMD_LOCAL_REQUEST_DELETE_CHILD,
- mLocalRequestFactory.getChildLocalRequest(
- CMD_LOCAL_REQUEST_DELETE_CHILD, childSessionCallback, null));
+ new ChildLocalRequest(CMD_LOCAL_REQUEST_DELETE_CHILD, childSessionCallback, null));
}
/** Initiates Delete IKE procedure. */
public void closeSession() {
sendMessage(
- CMD_LOCAL_REQUEST_DELETE_IKE,
- mLocalRequestFactory.getIkeLocalRequest(CMD_LOCAL_REQUEST_DELETE_IKE));
+ CMD_LOCAL_REQUEST_DELETE_IKE, new IkeLocalRequest(CMD_LOCAL_REQUEST_DELETE_IKE));
}
- /** Update the IkeSessionStateMachine to use the specified Network. */
- public void setNetwork(Network network) {
- if (network == null) {
- throw new IllegalArgumentException("network must not be null");
- }
-
- if (!mIkeSessionParams.hasIkeOption(IKE_OPTION_MOBIKE)) {
- throw new IllegalStateException("IKE_OPTION_MOBIKE is not set");
- }
-
- if (mIkeSessionParams.getConfiguredNetwork() == null) {
- throw new IllegalStateException(
- "setNetwork() requires this IkeSession to be configured to use caller-specified"
- + " network instead of default network");
- }
-
- sendMessage(CMD_SET_NETWORK, network);
+ /** Forcibly close IKE Session. */
+ public void killSession() {
+ sendMessage(CMD_KILL_SESSION);
}
private void scheduleRetry(LocalRequest localRequest) {
@@ -846,7 +727,7 @@
+ " of sync.");
executeUserCallback(
() -> {
- mIkeSessionCallback.onClosedWithException(
+ mIkeSessionCallback.onClosedExceptionally(
new IkeInternalException(error));
});
loge("Fatal error", error);
@@ -882,77 +763,14 @@
// TODO: Add methods for building and validating general Informational packet.
- /** Switch all IKE SAs to the new IKE socket due to an underlying network change. */
- private void switchToIkeSocket(IkeSocket newSocket) {
- // Changing IkeSockets - make sure to quit NAT-T keepalive if it's going
- if (mIkeNattKeepalive != null) {
- mIkeNattKeepalive.stop();
- mIkeNattKeepalive = null;
- }
-
- long currentLocalSpi = mCurrentIkeSaRecord.getLocalSpi();
- migrateSpiToIkeSocket(currentLocalSpi, mIkeSocket, newSocket);
-
- if (mLocalInitNewIkeSaRecord != null) {
- long newLocalSpi = mLocalInitNewIkeSaRecord.getLocalSpi();
- migrateSpiToIkeSocket(newLocalSpi, mIkeSocket, newSocket);
- }
- if (mRemoteInitNewIkeSaRecord != null) {
- long newLocalSpi = mRemoteInitNewIkeSaRecord.getLocalSpi();
- migrateSpiToIkeSocket(newLocalSpi, mIkeSocket, newSocket);
- }
-
+ /** Switch to a new IKE socket due to NAT detection, or an underlying network change. */
+ private void switchToIkeSocket(long localSpi, IkeSocket newSocket) {
+ newSocket.registerIke(localSpi, this);
+ mIkeSocket.unregisterIke(localSpi);
mIkeSocket.releaseReference(this);
mIkeSocket = newSocket;
}
- private IkeSocket getIkeSocket(boolean isIpv4, boolean useEncapPort)
- throws ErrnoException, IOException, ResourceUnavailableException {
- IkeSocketConfig sockConfig = new IkeSocketConfig(mNetwork, mIkeSessionParams.getDscp());
- if (useEncapPort) {
- if (isIpv4) {
- return IkeUdpEncapSocket.getIkeUdpEncapSocket(
- sockConfig,
- mIpSecManager,
- IkeSessionStateMachine.this,
- getHandler().getLooper());
- } else {
- return IkeUdp6WithEncapPortSocket.getIkeUdpEncapSocket(
- sockConfig, IkeSessionStateMachine.this, getHandler());
- }
- } else {
- if (isIpv4) {
- return IkeUdp4Socket.getInstance(
- sockConfig, IkeSessionStateMachine.this, getHandler());
- } else {
- return IkeUdp6Socket.getInstance(
- sockConfig, IkeSessionStateMachine.this, getHandler());
- }
- }
- }
-
- private void getAndSwitchToIkeSocket(boolean isIpv4, boolean useEncapPort) {
- try {
- IkeSocket newSocket = getIkeSocket(isIpv4, useEncapPort);
- if (newSocket == mIkeSocket) {
- // Attempting to switch to current socket - ignore.
- return;
- }
- switchToIkeSocket(newSocket);
- if (isIpv4 && useEncapPort) {
- mIkeNattKeepalive = buildAndStartNattKeepalive();
- }
- mLocalPort = mIkeSocket.getLocalPort();
- } catch (ErrnoException | IOException | ResourceUnavailableException e) {
- handleIkeFatalError(e);
- }
- }
-
- private void migrateSpiToIkeSocket(long localSpi, IkeSocket oldSocket, IkeSocket newSocket) {
- newSocket.registerIke(localSpi, IkeSessionStateMachine.this);
- oldSocket.unregisterIke(localSpi);
- }
-
@VisibleForTesting
void addIkeSaRecord(IkeSaRecord record) {
mLocalSpiToIkeSaRecordMap.put(record.getLocalSpi(), record);
@@ -1099,7 +917,7 @@
executeUserCallback(
() -> {
- mIkeSessionCallback.onClosedWithException(new IkeInternalException(e));
+ mIkeSessionCallback.onClosedExceptionally(new IkeInternalException(e));
});
logWtf("Unexpected exception in " + getCurrentState().getName(), e);
quitNow();
@@ -1137,11 +955,6 @@
mIkeSocket.releaseReference(this);
}
- if (mNetworkCallback != null) {
- mConnectivityManager.unregisterNetworkCallback(mNetworkCallback);
- mNetworkCallback = null;
- }
-
sIkeAlarmReceiver.unregisterIkeSession(mIkeSessionId);
synchronized (IKE_SESSION_LOCK) {
@@ -1154,8 +967,6 @@
// TODO: Remove the stored ikeSessionCallback
}
- mIke3gppExtensionExchange.close();
-
mBusyWakeLock.release();
mScheduler.releaseAllLocalRequestWakeLocks();
}
@@ -1194,7 +1005,7 @@
closeAllSaRecords(false /*expectSaClosed*/);
executeUserCallback(
() -> {
- mIkeSessionCallback.onClosedWithException(ikeException);
+ mIkeSessionCallback.onClosedExceptionally(ikeException);
});
loge("IKE Session fatal error in " + getCurrentState().getName(), ikeException);
@@ -1225,24 +1036,31 @@
@Override
public void enterState() {
try {
- resolveAndSetAvailableRemoteAddresses();
+ Network network = mIkeSessionParams.getNetwork();
- setRemoteAddress();
+ // TODO(b/149954916): Do DNS resolution asynchronously and support resolving
+ // multiple addresses.
+ mRemoteAddress = network.getByName(mIkeSessionParams.getServerHostname());
boolean isIpv4 = mRemoteAddress instanceof Inet4Address;
- mIkeSocket =
- getIkeSocket(
- isIpv4, mIkeSessionParams.hasIkeOption(IKE_OPTION_FORCE_PORT_4500));
- mLocalPort = mIkeSocket.getLocalPort();
-
- mLocalAddress =
- mIkeLocalAddressGenerator.generateLocalAddress(
- mNetwork, isIpv4, mRemoteAddress, mIkeSocket.getIkeServerPort());
-
- if (mIkeSocket instanceof IkeUdpEncapSocket) {
- mIkeNattKeepalive = buildAndStartNattKeepalive();
+ if (isIpv4) {
+ mIkeSocket = IkeUdp4Socket.getInstance(network, IkeSessionStateMachine.this);
+ } else {
+ mIkeSocket = IkeUdp6Socket.getInstance(network, IkeSessionStateMachine.this);
}
- } catch (ErrnoException | IOException | ResourceUnavailableException e) {
+
+ FileDescriptor sock =
+ Os.socket(
+ isIpv4 ? OsConstants.AF_INET : OsConstants.AF_INET6,
+ OsConstants.SOCK_DGRAM,
+ OsConstants.IPPROTO_UDP);
+ network.bindSocket(sock);
+ Os.connect(sock, mRemoteAddress, mIkeSocket.getIkeServerPort());
+ InetSocketAddress localAddr = (InetSocketAddress) Os.getsockname(sock);
+ mLocalAddress = localAddr.getAddress();
+ mLocalPort = mIkeSocket.getLocalPort();
+ Os.close(sock);
+ } catch (ErrnoException | IOException e) {
handleIkeFatalError(e);
}
}
@@ -1263,37 +1081,10 @@
}
/**
- * Set the remote address for the peer.
- *
- * <p>Prefers IPv6 addresses if:
- *
- * <ul>
- * <li>an IPv6 address is known for the peer, and
- * <li>the current underlying Network has a global (non-link local) IPv6 address available
- * </ul>
- *
- * Otherwise, an IPv4 address will be used.
- */
- private void setRemoteAddress() {
- LinkProperties linkProperties = mConnectivityManager.getLinkProperties(mNetwork);
- if (!mRemoteAddressesV6.isEmpty() && linkProperties.hasGlobalIpv6Address()) {
- // TODO(b/175348096): randomly choose from available addresses
- mRemoteAddress = mRemoteAddressesV6.get(0);
- } else {
- if (mRemoteAddressesV4.isEmpty()) {
- throw new IllegalArgumentException("No valid IPv4 or IPv6 addresses for peer");
- }
-
- // TODO(b/175348096): randomly choose from available addresses
- mRemoteAddress = mRemoteAddressesV4.get(0);
- }
- }
-
- /**
* Idle represents a state when there is no ongoing IKE exchange affecting established IKE SA.
*/
class Idle extends LocalRequestQueuer {
- private IkeAlarm mDpdAlarm;
+ private PendingIntent mDpdIntent;
// TODO (b/152236790): Add wakelock for awaiting LocalRequests and ongoing procedures.
@@ -1303,36 +1094,36 @@
mBusyWakeLock.release();
}
+ if (mDpdIntent == null) {
+ long remoteIkeSpi = mCurrentIkeSaRecord.getRemoteSpi();
+ mDpdIntent =
+ buildIkeAlarmIntent(
+ mContext,
+ ACTION_DPD,
+ getIntentIdentifier(remoteIkeSpi),
+ getIntentIkeSmMsg(CMD_LOCAL_REQUEST_DPD, remoteIkeSpi));
+ }
long dpdDelayMs = TimeUnit.SECONDS.toMillis(mIkeSessionParams.getDpdDelaySeconds());
- long remoteIkeSpi = mCurrentIkeSaRecord.getRemoteSpi();
- Message intentIkeMsg = getIntentIkeSmMsg(CMD_LOCAL_REQUEST_DPD, remoteIkeSpi);
- PendingIntent dpdIntent =
- buildIkeAlarmIntent(
- mContext, ACTION_DPD, getIntentIdentifier(remoteIkeSpi), intentIkeMsg);
-
// Initiating DPD is a way to detect the aliveness of the remote server and also a
- // way to assert the aliveness of IKE library. Considering this, the alarm to
- // trigger DPD needs to go off even when device is in doze mode to decrease the chance
- // the remote server thinks IKE library is dead. Also, since DPD initiation is
- // time-critical, we need to use "setExact" to avoid the batching alarm delay which
- // can be at most 75% for the alarm timeout (@see AlarmManagerService#maxTriggerTime).
+ // way to assert the aliveness of IKE library. Considering this, the alarm to trigger
+ // DPD needs to go off even when device is in doze mode to decrease the chance the
+ // remote server thinks IKE library is dead. Also, since DPD initiation is
+ // time-critical, we need to use "setExact" to avoid the batching alarm delay which can
+ // be at most 75% for the alarm timeout (@see AlarmManagerService#maxTriggerTime).
// Please check AlarmManager#setExactAndAllowWhileIdle for more details.
- mDpdAlarm =
- IkeAlarm.newExactAndAllowWhileIdleAlarm(
- new IkeAlarmConfig(
- mContext, ACTION_DPD, dpdDelayMs, dpdIntent, intentIkeMsg));
- mDpdAlarm.schedule();
+ mAlarmManager.setExactAndAllowWhileIdle(
+ AlarmManager.ELAPSED_REALTIME_WAKEUP,
+ SystemClock.elapsedRealtime() + dpdDelayMs,
+ mDpdIntent);
logd("DPD Alarm scheduled with DPD delay: " + dpdDelayMs + "ms");
}
@Override
protected void exitState() {
// #exitState is guaranteed to be invoked when quit() or quitNow() is called
- if (mDpdAlarm != null) {
- mDpdAlarm.cancel();
- logd("DPD Alarm canceled");
- }
+ mAlarmManager.cancel(mDpdIntent);
+ logd("DPD Alarm canceled");
mBusyWakeLock.acquire();
}
@@ -1365,10 +1156,6 @@
// Let KillIkeSessionParent handle the rest of the cleanup.
return NOT_HANDLED;
- case CMD_SET_NETWORK:
- onUnderlyingNetworkUpdated((Network) message.obj);
- return HANDLED;
-
default:
// Queue local requests, and trigger next procedure
if (isLocalRequest(message.what)) {
@@ -1405,14 +1192,10 @@
break;
case CMD_LOCAL_REQUEST_CREATE_CHILD: // fallthrough
case CMD_LOCAL_REQUEST_REKEY_CHILD: // fallthrough
- case CMD_LOCAL_REQUEST_REKEY_CHILD_MOBIKE: // fallthrough
case CMD_LOCAL_REQUEST_DELETE_CHILD:
deferMessage(message);
transitionTo(mChildProcedureOngoing);
break;
- case CMD_LOCAL_REQUEST_MOBIKE:
- transitionTo(mMobikeLocalInfo);
- break;
default:
cleanUpAndQuit(
new IllegalStateException(
@@ -1458,29 +1241,25 @@
@VisibleForTesting
SaLifetimeAlarmScheduler buildSaLifetimeAlarmScheduler(long remoteSpi) {
- Message deleteMsg = getIntentIkeSmMsg(CMD_LOCAL_REQUEST_DELETE_IKE, remoteSpi);
- Message rekeyMsg = getIntentIkeSmMsg(CMD_LOCAL_REQUEST_REKEY_IKE, remoteSpi);
-
PendingIntent deleteSaIntent =
buildIkeAlarmIntent(
- mContext, ACTION_DELETE_IKE, getIntentIdentifier(remoteSpi), deleteMsg);
- PendingIntent rekeySaIntent =
- buildIkeAlarmIntent(
- mContext, ACTION_REKEY_IKE, getIntentIdentifier(remoteSpi), rekeyMsg);
-
- return new SaLifetimeAlarmScheduler(
- new IkeAlarmConfig(
mContext,
ACTION_DELETE_IKE,
- mIkeSessionParams.getHardLifetimeMsInternal(),
- deleteSaIntent,
- deleteMsg),
- new IkeAlarmConfig(
+ getIntentIdentifier(remoteSpi),
+ getIntentIkeSmMsg(CMD_LOCAL_REQUEST_DELETE_IKE, remoteSpi));
+ PendingIntent rekeySaIntent =
+ buildIkeAlarmIntent(
mContext,
ACTION_REKEY_IKE,
- mIkeSessionParams.getSoftLifetimeMsInternal(),
- rekeySaIntent,
- rekeyMsg));
+ getIntentIdentifier(remoteSpi),
+ getIntentIkeSmMsg(CMD_LOCAL_REQUEST_REKEY_IKE, remoteSpi));
+
+ return new SaLifetimeAlarmScheduler(
+ mIkeSessionParams.getHardLifetimeMsInternal(),
+ mIkeSessionParams.getSoftLifetimeMsInternal(),
+ deleteSaIntent,
+ rekeySaIntent,
+ mAlarmManager);
}
// Package private. Accessible to ChildSessionStateMachine
@@ -1600,18 +1379,12 @@
ikeSaRecord,
mSupportFragment,
DEFAULT_FRAGMENT_SIZE);
- sendEncryptedIkePackets(packetList);
-
- if (msg.ikeHeader.isResponseMsg) {
- ikeSaRecord.updateLastSentRespAllPackets(
- Arrays.asList(packetList), msg.ikeHeader.messageId);
- }
- }
-
- private void sendEncryptedIkePackets(byte[][] packetList) {
for (byte[] packet : packetList) {
mIkeSocket.sendIkePacket(packet, mRemoteAddress);
}
+ if (msg.ikeHeader.isResponseMsg) {
+ ikeSaRecord.updateLastSentRespAllPackets(Arrays.asList(packetList));
+ }
}
// Builds and sends IKE-level error notification response on the provided IKE SA record
@@ -1689,8 +1462,10 @@
*/
protected void handleLocalRequest(int requestVal, LocalRequest req) {
switch (requestVal) {
- case CMD_LOCAL_REQUEST_DELETE_IKE: // Fallthrough
- case CMD_LOCAL_REQUEST_MOBIKE: // Fallthrough
+ case CMD_LOCAL_REQUEST_DELETE_IKE:
+ mScheduler.addRequestAtFront(req);
+ return;
+
case CMD_LOCAL_REQUEST_REKEY_IKE: // Fallthrough
case CMD_LOCAL_REQUEST_INFO: // Fallthrough
case CMD_LOCAL_REQUEST_DPD:
@@ -1699,7 +1474,6 @@
case CMD_LOCAL_REQUEST_CREATE_CHILD: // Fallthrough
case CMD_LOCAL_REQUEST_REKEY_CHILD: // Fallthrough
- case CMD_LOCAL_REQUEST_REKEY_CHILD_MOBIKE: // Fallthrough
case CMD_LOCAL_REQUEST_DELETE_CHILD:
ChildLocalRequest childReq = (ChildLocalRequest) req;
if (childReq.procedureType != requestVal) {
@@ -1731,18 +1505,14 @@
protected void handleFiredAlarm(Message message) {
switch (message.arg2) {
case CMD_SEND_KEEPALIVE:
- // Software keepalive alarm is fired. Ignore the alarm whe NAT-T keepalive is no
- // longer needed (e.g. migrating from IPv4 to IPv6)
- if (mIkeNattKeepalive != null) {
- mIkeNattKeepalive.onAlarmFired();
- }
+ // Software keepalive alarm is fired
+ mIkeNattKeepalive.onAlarmFired();
return;
case CMD_LOCAL_REQUEST_DELETE_CHILD: // Hits hard lifetime; fall through
case CMD_LOCAL_REQUEST_REKEY_CHILD: // Hits soft lifetime
int remoteChildSpi = ((Bundle) message.obj).getInt(BUNDLE_KEY_CHILD_REMOTE_SPI);
enqueueLocalRequestSynchronously(
- mLocalRequestFactory.getChildLocalRequest(
- message.arg2, remoteChildSpi));
+ new ChildLocalRequest(message.arg2, remoteChildSpi));
return;
case CMD_LOCAL_REQUEST_DELETE_IKE: // Hits hard lifetime; fall through
case CMD_LOCAL_REQUEST_REKEY_IKE: // Hits soft lifetime; fall through
@@ -1750,7 +1520,7 @@
// IKE Session has not received any protectd IKE packet for the whole DPD delay
long remoteIkeSpi = ((Bundle) message.obj).getLong(BUNDLE_KEY_IKE_REMOTE_SPI);
enqueueLocalRequestSynchronously(
- mLocalRequestFactory.getIkeLocalRequest(message.arg2, remoteIkeSpi));
+ new IkeLocalRequest(message.arg2, remoteIkeSpi));
// TODO(b/152442041): Cancel the scheduled DPD request if IKE Session starts any
// procedure before DPD get executed.
@@ -1808,10 +1578,6 @@
triggerRetransmit();
return HANDLED;
- case CMD_SET_NETWORK:
- onUnderlyingNetworkUpdated((Network) message.obj);
- return HANDLED;
-
default:
// Queue local requests, and trigger next procedure
if (isLocalRequest(message.what)) {
@@ -1938,19 +1704,12 @@
if (expectedMsgId - 1 == ikeHeader.messageId) {
if (ikeSaRecord.isRetransmittedRequest(ikePacketBytes)) {
- if (ikeSaRecord.getLastSentRespMsgId() == ikeHeader.messageId) {
- logd(
- "Received re-transmitted request "
- + ikeHeader.messageId
- + " Retransmitting response");
+ logd("Received re-transmitted request. Retransmitting response");
+
+ if (ikeSaRecord.getLastSentRespAllPackets() != null) {
for (byte[] packet : ikeSaRecord.getLastSentRespAllPackets()) {
mIkeSocket.sendIkePacket(packet, mRemoteAddress);
}
- } else {
- logd(
- "Received re-transmitted request "
- + ikeHeader.messageId
- + " Original request is still being processed");
}
// TODO:Support resetting remote rekey delete timer.
@@ -2074,45 +1833,14 @@
}
protected void handleGenericInfoRequest(IkeMessage ikeMessage) {
- try {
- List<IkeInformationalPayload> infoPayloadList = new ArrayList<>();
- for (IkePayload payload : ikeMessage.ikePayloadList) {
- switch (payload.payloadType) {
- case PAYLOAD_TYPE_CP:
- // TODO(b/150327849): Respond with config payload responses.
- break;
- case PAYLOAD_TYPE_NOTIFY:
- IkeNotifyPayload notify = (IkeNotifyPayload) payload;
- if (notify.notifyType == NOTIFY_TYPE_COOKIE2) {
- infoPayloadList.add(
- IkeNotifyPayload.handleCookie2AndGenerateCopy(notify));
- }
+ // TODO(b/150327849): Respond with vendor ID or config payload responses.
- // No action for other notifications
- break;
- default:
- logw(
- "Received unexpected payload in an INFORMATIONAL request."
- + " Payload type: "
- + payload.payloadType);
- }
- }
-
- IkeMessage infoResp =
- buildEncryptedInformationalMessage(
- infoPayloadList.toArray(
- new IkeInformationalPayload[infoPayloadList.size()]),
- true /* isResponse */,
- ikeMessage.ikeHeader.messageId);
- sendEncryptedIkeMessage(infoResp);
- } catch (InvalidSyntaxException e) {
- buildAndSendErrorNotificationResponse(
- mCurrentIkeSaRecord,
- ikeMessage.ikeHeader.messageId,
- ERROR_TYPE_INVALID_SYNTAX);
- handleIkeFatalError(e);
- return;
- }
+ IkeMessage emptyInfoResp =
+ buildEncryptedInformationalMessage(
+ new IkeInformationalPayload[0],
+ true /* isResponse */,
+ ikeMessage.ikeHeader.messageId);
+ sendEncryptedIkeMessage(emptyInfoResp);
}
protected void handleRequestIkeMessage(
@@ -2167,34 +1895,6 @@
"Do not support handling generic processing error of encrypted"
+ " response"));
}
-
- /**
- * Method for handling and extracting 3GPP-specific payloads from the IKE response payloads.
- *
- * <p>Returns the extracted 3GPP payloads after they have been handled. Only non
- * error-notify payloads are returned.
- */
- protected List<IkePayload> handle3gppRespAndExtractNonError3gppPayloads(
- int exchangeSubtype, List<IkePayload> respPayloads) throws InvalidSyntaxException {
- List<IkePayload> ike3gppPayloads =
- mIke3gppExtensionExchange.extract3gppResponsePayloads(
- exchangeSubtype, respPayloads);
-
- mIke3gppExtensionExchange.handle3gppResponsePayloads(exchangeSubtype, ike3gppPayloads);
-
- List<IkePayload> ike3gppErrorNotifyPayloads = new ArrayList<>();
- for (IkePayload payload : ike3gppPayloads) {
- if (payload instanceof IkeNotifyPayload) {
- IkeNotifyPayload notifyPayload = (IkeNotifyPayload) payload;
- if (notifyPayload.isErrorNotify()) {
- ike3gppErrorNotifyPayloads.add(payload);
- }
- }
- }
- ike3gppPayloads.removeAll(ike3gppErrorNotifyPayloads);
-
- return ike3gppPayloads;
- }
}
/**
@@ -2204,7 +1904,7 @@
*/
@VisibleForTesting
class EncryptedRetransmitter extends Retransmitter {
- private final byte[][] mIkePacketList;
+ private final IkeSaRecord mIkeSaRecord;
@VisibleForTesting
EncryptedRetransmitter(IkeMessage msg) {
@@ -2213,20 +1913,15 @@
private EncryptedRetransmitter(IkeSaRecord ikeSaRecord, IkeMessage msg) {
super(getHandler(), msg, mIkeSessionParams.getRetransmissionTimeoutsMillis());
- mIkePacketList =
- msg.encryptAndEncode(
- mIkeIntegrity,
- mIkeCipher,
- ikeSaRecord,
- mSupportFragment,
- DEFAULT_FRAGMENT_SIZE);
+
+ mIkeSaRecord = ikeSaRecord;
retransmit();
}
@Override
- public void send() {
- sendEncryptedIkePackets(mIkePacketList);
+ public void send(IkeMessage msg) {
+ sendEncryptedIkeMessage(mIkeSaRecord, msg);
}
@Override
@@ -2343,9 +2038,9 @@
protected void handleReceivedIkePacket(Message message) {
super.handleReceivedIkePacket(message);
- // If the IKE process triggered by the received packet is completed in this
- // state, transition back to Idle. Otherwise, either stay in this state, or transition
- // to another state specified in #handleRequestIkeMessage.
+ // If the received packet does not trigger a state transition or the packet causes this
+ // state machine to quit, transition back to Idle State. In the second case, state
+ // machine will first go back to Idle and then quit.
if (mProcedureFinished) transitionTo(mIdle);
}
@@ -2362,23 +2057,16 @@
try {
validateIkeRekeyReq(ikeMessage);
+ // TODO: Add support for limited re-negotiation of parameters
+
// Build a rekey response payload with our previously selected proposal,
- // against which we will validate the received proposals. Re-negotiating
- // proposal with different algorithms is not supported since there
- // is no use case.
+ // against which we will validate the received proposals.
IkeSaPayload reqSaPayload =
ikeMessage.getPayloadForType(
IkePayload.PAYLOAD_TYPE_SA, IkeSaPayload.class);
byte respProposalNumber =
reqSaPayload.getNegotiatedProposalNumber(mSaProposal);
- IkeKePayload reqKePayload =
- ikeMessage.getPayloadForType(
- IkePayload.PAYLOAD_TYPE_KE, IkeKePayload.class);
- if (reqKePayload.dhGroup != mSaProposal.getDhGroups().get(0)) {
- throw new InvalidKeException(mSaProposal.getDhGroups().get(0));
- }
-
List<IkePayload> payloadList =
CreateIkeSaHelper.getRekeyIkeSaResponsePayloads(
respProposalNumber,
@@ -2425,9 +2113,6 @@
return;
case IKE_EXCHANGE_SUBTYPE_DELETE_IKE:
handleDeleteSessionRequest(ikeMessage);
-
- // Directly quit from this state. Do not need to transition back to Idle state
- mProcedureFinished = false;
return;
case IKE_EXCHANGE_SUBTYPE_CREATE_CHILD: // Fall through
case IKE_EXCHANGE_SUBTYPE_DELETE_CHILD: // Fall through
@@ -2559,9 +2244,8 @@
childData.respPayloads,
mLocalAddress,
mRemoteAddress,
- getEncapSocketOrNull(),
+ getEncapSocketIfNatDetected(),
mIkePrf,
- mSaProposal.getDhGroupTransforms()[0].id, // negotiated DH
mCurrentIkeSaRecord.getSkD());
return HANDLED;
case CMD_EXECUTE_LOCAL_REQ:
@@ -2611,12 +2295,16 @@
}
// Returns the UDP-Encapsulation socket to the newly created ChildSessionStateMachine if
- // a NAT is detected or if NAT-T AND MOBIKE are enabled by both parties. It allows the
- // ChildSessionStateMachine to build IPsec transforms that can send and receive IPsec
- // traffic through a NAT.
- private UdpEncapsulationSocket getEncapSocketOrNull() {
+ // a NAT is detected. It allows the ChildSessionStateMachine to build IPsec transforms that
+ // can send and receive IPsec traffic through a NAT.
+ private UdpEncapsulationSocket getEncapSocketIfNatDetected() {
+ boolean isNatDetected = mIsLocalBehindNat || mIsRemoteBehindNat;
+
+ if (!isNatDetected) return null;
+
if (!(mIkeSocket instanceof IkeUdpEncapSocket)) {
- return null;
+ throw new IllegalStateException(
+ "NAT is detected but IKE packet is not UDP-Encapsulated.");
}
return ((IkeUdpEncapSocket) mIkeSocket).getUdpEncapsulationSocket();
}
@@ -2643,18 +2331,13 @@
mChildInLocalProcedure.createChildSession(
mLocalAddress,
mRemoteAddress,
- getEncapSocketOrNull(),
+ getEncapSocketIfNatDetected(),
mIkePrf,
- mSaProposal.getDhGroupTransforms()[0].id, // negotiated DH
mCurrentIkeSaRecord.getSkD());
break;
case CMD_LOCAL_REQUEST_REKEY_CHILD:
mChildInLocalProcedure.rekeyChildSession();
break;
- case CMD_LOCAL_REQUEST_REKEY_CHILD_MOBIKE:
- mChildInLocalProcedure.rekeyChildSessionForMobike(
- mLocalAddress, mRemoteAddress, getEncapSocketOrNull());
- break;
case CMD_LOCAL_REQUEST_DELETE_CHILD:
mChildInLocalProcedure.deleteChildSession();
break;
@@ -2928,15 +2611,10 @@
List<IkePayload> outboundPayloads,
ChildSessionStateMachine childSession) {
// For each request IKE passed to Child, Child will send back to IKE a response. Even
- // if the Child Session is under simultaneous deletion, it will send back an empty
+ // if the Child Sesison is under simultaneous deletion, it will send back an empty
// payload list.
mOutboundRespPayloads.addAll(outboundPayloads);
mAwaitingChildResponse.remove(childSession);
-
- // When the server tries to delete multiple Child Sessions in one IKE exchange,
- // mAwaitingChildResponse may not be empty. It means that there are Child Sessions
- // have not sent IKE Session the delete responses. In this case IKE Session needs to
- // return and keep waiting for all the Child responses in this state.
if (!mAwaitingChildResponse.isEmpty()) return;
IkeHeader ikeHeader =
@@ -2950,10 +2628,6 @@
mLastInboundRequestMsgId);
IkeMessage ikeMessage = new IkeMessage(ikeHeader, mOutboundRespPayloads);
sendEncryptedIkeMessage(ikeMessage);
-
- // Clear mOutboundRespPayloads so that in a two-exchange process (e.g. Rekey Child), the
- // response of the first exchange won't be added to the response of the second exchange.
- mOutboundRespPayloads.clear();
}
}
@@ -2969,27 +2643,23 @@
@Override
public void enterState() {
try {
- sendRequest(buildIkeInitReq());
+ IkeMessage request = buildIkeInitReq();
+
+ // Register local SPI to receive the IKE INIT response.
+ mIkeSocket.registerIke(
+ request.ikeHeader.ikeInitiatorSpi, IkeSessionStateMachine.this);
+
+ mIkeInitRequestBytes = request.encode();
+ mIkeInitNoncePayload =
+ request.getPayloadForType(
+ IkePayload.PAYLOAD_TYPE_NONCE, IkeNoncePayload.class);
+ mRetransmitter = new UnencryptedRetransmitter(request);
} catch (IOException e) {
// Fail to assign IKE SPI
handleIkeFatalError(e);
}
}
- private void sendRequest(IkeMessage request) {
- // Register local SPI to receive the IKE INIT response.
- mIkeSocket.registerIke(request.ikeHeader.ikeInitiatorSpi, IkeSessionStateMachine.this);
-
- mIkeInitRequestBytes = request.encode();
- mIkeInitNoncePayload =
- request.getPayloadForType(IkePayload.PAYLOAD_TYPE_NONCE, IkeNoncePayload.class);
-
- if (mRetransmitter != null) {
- mRetransmitter.stopRetransmitting();
- }
- mRetransmitter = new UnencryptedRetransmitter(request);
- }
-
@Override
protected void triggerRetransmit() {
mRetransmitter.retransmit();
@@ -3002,12 +2672,6 @@
handleReceivedIkePacket(message);
return HANDLED;
- case CMD_SET_NETWORK:
- // Shouldn't be receiving this command before MOBIKE is active - determined with
- // last IKE_AUTH response
- logWtf("Received SET_NETWORK cmd in " + getCurrentState().getName());
- return NOT_HANDLED;
-
default:
return super.processStateMessage(message);
}
@@ -3066,48 +2730,10 @@
}
}
- /** Returns the Notify-Cookie payload, or null if it does not exist */
- private IkeNotifyPayload getNotifyCookie(IkeMessage ikeMessage) {
- List<IkeNotifyPayload> notifyPayloads =
- ikeMessage.getPayloadListForType(PAYLOAD_TYPE_NOTIFY, IkeNotifyPayload.class);
- for (IkeNotifyPayload notify : notifyPayloads) {
- if (notify.notifyType == NOTIFY_TYPE_COOKIE) {
- return notify;
- }
- }
- return null;
- }
-
@Override
protected void handleResponseIkeMessage(IkeMessage ikeMessage) {
- // IKE_SA_INIT exchange and IKE SA setup succeed
boolean ikeInitSuccess = false;
-
- // IKE INIT is not finished. IKE_SA_INIT request was re-sent with Notify-Cookie,
- // and the same INIT SPI and other payloads.
- boolean ikeInitRetriedWithCookie = false;
-
try {
- int exchangeType = ikeMessage.ikeHeader.exchangeType;
- if (exchangeType != IkeHeader.EXCHANGE_TYPE_IKE_SA_INIT) {
- throw new InvalidSyntaxException(
- "Expected EXCHANGE_TYPE_IKE_SA_INIT but received: " + exchangeType);
- }
-
- // Retry IKE INIT if there is Notify-Cookie
- IkeNotifyPayload inCookiePayload = getNotifyCookie(ikeMessage);
- if (inCookiePayload != null) {
- IkeNotifyPayload outCookiePayload =
- IkeNotifyPayload.handleCookieAndGenerateCopy(inCookiePayload);
- IkeMessage initReq =
- buildReqWithCookie(mRetransmitter.getMessage(), outCookiePayload);
-
- sendRequest(initReq);
- ikeInitRetriedWithCookie = true;
- return;
- }
-
- // Negotiate IKE SA
validateIkeInitResp(mRetransmitter.getMessage(), ikeMessage);
mCurrentIkeSaRecord =
@@ -3156,7 +2782,7 @@
handleIkeFatalError(e);
} finally {
- if (!ikeInitSuccess && !ikeInitRetriedWithCookie) {
+ if (!ikeInitSuccess) {
if (mLocalIkeSpiResource != null) {
mLocalIkeSpiResource.close();
mLocalIkeSpiResource = null;
@@ -3189,8 +2815,7 @@
mRemoteAddress,
mLocalPort,
mIkeSocket.getIkeServerPort(),
- mRandomFactory,
- mIkeSessionParams.hasIkeOption(IKE_OPTION_MOBIKE));
+ mRandomFactory);
payloadList.add(
new IkeNotifyPayload(
IkeNotifyPayload.NOTIFY_TYPE_IKEV2_FRAGMENTATION_SUPPORTED));
@@ -3222,45 +2847,18 @@
return new IkeMessage(ikeHeader, payloadList);
}
- /**
- * Builds an IKE INIT request that has the same payloads and SPI with the original request,
- * and with the new Notify-Cookie Payload as the first payload.
- */
- private IkeMessage buildReqWithCookie(
- IkeMessage originalReq, IkeNotifyPayload cookieNotify) {
- List<IkePayload> payloads = new ArrayList<>();
-
- // Notify-Cookie MUST be the first payload.
- payloads.add(cookieNotify);
-
- for (IkePayload payload : originalReq.ikePayloadList) {
- // Keep all previous payloads except COOKIEs
- if (payload instanceof IkeNotifyPayload
- && ((IkeNotifyPayload) payload).notifyType == NOTIFY_TYPE_COOKIE) {
- continue;
- }
- payloads.add(payload);
- }
-
- IkeHeader originalHeader = originalReq.ikeHeader;
- IkeHeader header =
- new IkeHeader(
- originalHeader.ikeInitiatorSpi,
- originalHeader.ikeResponderSpi,
- PAYLOAD_TYPE_NOTIFY,
- IkeHeader.EXCHANGE_TYPE_IKE_SA_INIT,
- false /* isResponseMsg */,
- true /* fromIkeInitiator */,
- 0 /* messageId */);
- return new IkeMessage(header, payloads);
- }
-
private void validateIkeInitResp(IkeMessage reqMsg, IkeMessage respMsg)
throws IkeProtocolException, IOException {
IkeHeader respIkeHeader = respMsg.ikeHeader;
mRemoteIkeSpiResource =
mIkeSpiGenerator.allocateSpi(mRemoteAddress, respIkeHeader.ikeResponderSpi);
+ int exchangeType = respIkeHeader.exchangeType;
+ if (exchangeType != IkeHeader.EXCHANGE_TYPE_IKE_SA_INIT) {
+ throw new InvalidSyntaxException(
+ "Expected EXCHANGE_TYPE_IKE_SA_INIT but received: " + exchangeType);
+ }
+
IkeSaPayload respSaPayload = null;
IkeKePayload respKePayload = null;
@@ -3316,10 +2914,7 @@
mEnabledExtensions.add(EXTENSION_TYPE_FRAGMENTATION);
break;
case NOTIFY_TYPE_SIGNATURE_HASH_ALGORITHMS:
- mPeerSignatureHashAlgorithms =
- IkeAuthDigitalSignPayload
- .getSignatureHashAlgorithmsFromIkeNotifyPayload(
- notifyPayload);
+ // TODO(b/164515741): decode the peer's Signature Hash Algorithms
break;
default:
// Unknown and unexpected status notifications are ignored as per
@@ -3369,7 +2964,9 @@
throw new InvalidSyntaxException("Received KE payload with mismatched DH group.");
}
- if (reqMsg.hasNotifyPayload(NOTIFY_TYPE_NAT_DETECTION_SOURCE_IP)) {
+ if (mRemoteAddress instanceof Inet4Address) {
+ // UDP encapsulation not (currently) supported on IPv6. Even if there is a NAT on
+ // IPv6, the best we can currently do is try non-encap'd anyways
handleNatDetection(respMsg, natSourcePayloads, natDestPayload);
}
}
@@ -3379,74 +2976,92 @@
List<IkeNotifyPayload> natSourcePayloads,
IkeNotifyPayload natDestPayload)
throws InvalidSyntaxException, IOException {
- mHasCheckedNattSupport = true;
-
- if (!didPeerIncludeNattDetectionPayloads(natSourcePayloads, natDestPayload)) {
- mSupportNatTraversal = false;
- return;
+ if (natSourcePayloads.isEmpty() || natDestPayload == null) {
+ throw new InvalidSyntaxException("NAT detection notifications missing.");
}
- mSupportNatTraversal = true;
-
// NAT detection
long initIkeSpi = respMsg.ikeHeader.ikeInitiatorSpi;
long respIkeSpi = respMsg.ikeHeader.ikeResponderSpi;
+ mIsLocalBehindNat = true;
+ mIsRemoteBehindNat = true;
- updateLocalAndRemoteNatDetected(
- initIkeSpi, respIkeSpi, natSourcePayloads, natDestPayload);
+ // Check if local node is behind NAT
+ byte[] expectedLocalNatData =
+ IkeNotifyPayload.generateNatDetectionData(
+ initIkeSpi, respIkeSpi, mLocalAddress, mLocalPort);
+ mIsLocalBehindNat = !Arrays.equals(expectedLocalNatData, natDestPayload.notifyData);
- if (mLocalNatDetected || mRemoteNatDetected) {
- logd("Switching to send to remote port 4500 if it's not already");
- boolean isIpv4 = mRemoteAddress instanceof Inet4Address;
+ // Check if the remote node is behind NAT
+ byte[] expectedRemoteNatData =
+ IkeNotifyPayload.generateNatDetectionData(
+ initIkeSpi, respIkeSpi, mRemoteAddress, mIkeSocket.getIkeServerPort());
+ for (IkeNotifyPayload natPayload : natSourcePayloads) {
+ // If none of the received hash matches the expected value, the remote node is
+ // behind NAT.
+ if (Arrays.equals(expectedRemoteNatData, natPayload.notifyData)) {
+ mIsRemoteBehindNat = false;
+ }
+ }
+
+ if (mIsLocalBehindNat || mIsRemoteBehindNat) {
+ if (!(mRemoteAddress instanceof Inet4Address)) {
+ handleIkeFatalError(
+ new IllegalStateException("Remote IPv6 server was behind a NAT"));
+ }
+
+ logd("Switching to UDP encap socket");
try {
- IkeSocket newSocket = getIkeSocket(isIpv4, true /* useEncapPort */);
- if (newSocket == mIkeSocket) {
- // Attempting to switch to current socket - ignore.
- return;
- }
- // TODO(b/186900683): use getAndSwitchToIkeSocket here instead
+ IkeSocket newSocket =
+ IkeUdpEncapSocket.getIkeUdpEncapSocket(
+ mIkeSessionParams.getNetwork(),
+ mIpSecManager,
+ IkeSessionStateMachine.this,
+ getHandler().getLooper());
switchToIkeSocket(initIkeSpi, newSocket);
- mLocalPort = mIkeSocket.getLocalPort();
-
- if (isIpv4) {
- mIkeNattKeepalive = buildAndStartNattKeepalive();
- }
} catch (ErrnoException | IOException | ResourceUnavailableException e) {
handleIkeFatalError(e);
}
+
+ mIkeNattKeepalive =
+ new IkeNattKeepalive(
+ mContext,
+ NATT_KEEPALIVE_DELAY_SECONDS,
+ (Inet4Address) mLocalAddress,
+ (Inet4Address) mRemoteAddress,
+ ((IkeUdpEncapSocket) mIkeSocket).getUdpEncapsulationSocket(),
+ mIkeSocket.getNetwork(),
+ buildKeepaliveIntent());
+ mIkeNattKeepalive.start();
}
}
- /** Switch to a new IKE socket due to NAT detection */
- private void switchToIkeSocket(long localSpi, IkeSocket newSocket) {
- migrateSpiToIkeSocket(localSpi, mIkeSocket, newSocket);
- mIkeSocket.releaseReference(IkeSessionStateMachine.this);
- mIkeSocket = newSocket;
+ private PendingIntent buildKeepaliveIntent() {
+ return buildIkeAlarmIntent(
+ mContext,
+ ACTION_KEEPALIVE,
+ getIntentIdentifier(),
+ obtainMessage(CMD_ALARM_FIRED, mIkeSessionId, CMD_SEND_KEEPALIVE));
}
@Override
public void exitState() {
super.exitState();
-
- if (mRetransmitter != null) {
- mRetransmitter.stopRetransmitting();
- }
+ mRetransmitter.stopRetransmitting();
}
private class UnencryptedRetransmitter extends Retransmitter {
- private final byte[] mIkePacket;
-
private UnencryptedRetransmitter(IkeMessage msg) {
super(getHandler(), msg, mIkeSessionParams.getRetransmissionTimeoutsMillis());
- mIkePacket = msg.encode();
+
retransmit();
}
@Override
- public void send() {
- // Sends unencrypted packet
- mIkeSocket.sendIkePacket(mIkePacket, mRemoteAddress);
+ public void send(IkeMessage msg) {
+ // Sends unencrypted
+ mIkeSocket.sendIkePacket(msg.encode(), mRemoteAddress);
}
@Override
@@ -3457,86 +3072,6 @@
}
/**
- * Returns if the peer included NAT-T detection payloads
- *
- * @throws InvalidSyntaxException if an invalid combination of NAT-T detection payloads are
- * received.
- */
- private boolean didPeerIncludeNattDetectionPayloads(
- List<IkeNotifyPayload> natSourcePayloads, IkeNotifyPayload natDestPayload)
- throws InvalidSyntaxException {
- if (!natSourcePayloads.isEmpty() && natDestPayload != null) {
- return true;
- } else if (natSourcePayloads.isEmpty() && natDestPayload == null) {
- return false;
- } else {
- throw new InvalidSyntaxException(
- "Missing source or destination NAT detection notification");
- }
- }
-
- /**
- * Updates whether the local or remote peer are behind NATs. Assumes that mRemoteAddress is an
- * IPv4 address.
- */
- private void updateLocalAndRemoteNatDetected(
- long initIkeSpi,
- long respIkeSpi,
- List<IkeNotifyPayload> natSourcePayloads,
- IkeNotifyPayload natDestPayload) {
- // Check if local node is behind NAT
- byte[] expectedLocalNatData =
- IkeNotifyPayload.generateNatDetectionData(
- initIkeSpi, respIkeSpi, mLocalAddress, mLocalPort);
- mLocalNatDetected = !Arrays.equals(expectedLocalNatData, natDestPayload.notifyData);
-
- // Check if the remote node is behind NAT
- byte[] expectedRemoteNatData =
- IkeNotifyPayload.generateNatDetectionData(
- initIkeSpi, respIkeSpi, mRemoteAddress, mIkeSocket.getIkeServerPort());
- mRemoteNatDetected = true;
- for (IkeNotifyPayload natPayload : natSourcePayloads) {
- // If none of the received hash matches the expected value, the remote node is
- // behind NAT.
- if (Arrays.equals(expectedRemoteNatData, natPayload.notifyData)) {
- mRemoteNatDetected = false;
- }
- }
- }
-
- /** Starts NAT-T keepalive for current IkeUdpEncapSocket */
- private IkeNattKeepalive buildAndStartNattKeepalive() throws IOException {
- if (!(mIkeSocket instanceof IkeUdpEncapSocket)) {
- throw new IllegalStateException(
- "Cannot start NAT-T keepalive when IKE Session is not using UDP Encap socket");
- }
-
- Message keepaliveMsg = obtainMessage(CMD_ALARM_FIRED, mIkeSessionId, CMD_SEND_KEEPALIVE);
- PendingIntent keepaliveIntent =
- buildIkeAlarmIntent(
- mContext, ACTION_KEEPALIVE, getIntentIdentifier(), keepaliveMsg);
-
- int keepaliveDelaySeconds = mIkeSessionParams.getNattKeepAliveDelaySeconds();
- IkeNattKeepalive keepalive =
- new IkeNattKeepalive(
- mContext,
- mConnectivityManager,
- keepaliveDelaySeconds,
- (Inet4Address) mLocalAddress,
- (Inet4Address) mRemoteAddress,
- ((IkeUdpEncapSocket) mIkeSocket).getUdpEncapsulationSocket(),
- mIkeSocket.getIkeSocketConfig().getNetwork(),
- new IkeAlarmConfig(
- mContext,
- ACTION_KEEPALIVE,
- TimeUnit.SECONDS.toMillis(keepaliveDelaySeconds),
- keepaliveIntent,
- keepaliveMsg));
- keepalive.start();
- return keepalive;
- }
-
- /**
* CreateIkeLocalIkeAuthBase represents the common state and functionality required to perform
* IKE AUTH exchanges in both the EAP and non-EAP flows.
*/
@@ -3653,7 +3188,8 @@
}
IkeSessionConnectionInfo ikeConnInfo =
- new IkeSessionConnectionInfo(mLocalAddress, mRemoteAddress, mNetwork);
+ new IkeSessionConnectionInfo(
+ mLocalAddress, mRemoteAddress, mIkeSessionParams.getNetwork());
return new IkeSessionConfiguration(
ikeConnInfo, configPayload, mRemoteVendorIds, mEnabledExtensions);
@@ -3666,75 +3202,6 @@
mIkeSessionCallback.onOpened(ikeSessionConfig);
});
}
-
- protected void handleNotifyInLastAuthResp(
- IkeNotifyPayload notifyPayload, IkeAuthPayload authPayload) throws IkeException {
- if (notifyPayload.isErrorNotify()) {
- if (notifyPayload.isNewChildSaNotify() && authPayload != null) {
- // If error is for creating Child and Auth payload is included, try
- // to do authentication first and let ChildSessionStateMachine
- // handle the error later.
- return;
- } else {
- throw notifyPayload.validateAndBuildIkeException();
- }
- } else if (notifyPayload.isNewChildSaNotify()) {
- // If payload is not an error but is for the new Child, it's reasonable
- // to receive here. Let the ChildSessionStateMachine handle it.
- return;
- } else if (mIkeSessionParams.hasIkeOption(IKE_OPTION_MOBIKE)
- && notifyPayload.notifyType == NOTIFY_TYPE_MOBIKE_SUPPORTED) {
- mSupportMobike = true;
- mEnabledExtensions.add(EXTENSION_TYPE_MOBIKE);
- return;
- } else {
- // Unknown and unexpected status notifications are ignored as per
- // RFC7296.
- logw(
- "Received unknown or unexpected status notifications with"
- + " notify type: "
- + notifyPayload.notifyType);
- }
- }
-
- protected void setUpMobilityHandling() throws IkeException {
- try {
- if (mIkeSessionParams.getConfiguredNetwork() != null) {
- // Caller configured a specific Network - track it
- // ConnectivityManager does not provide a callback for tracking a specific
- // Network. In order to do so, create a NetworkRequest without any
- // capabilities so it will match all Networks. The NetworkCallback will then
- // filter for the correct (caller-specified) Network.
- NetworkRequest request =
- new NetworkRequest.Builder().clearCapabilities().build();
- mNetworkCallback =
- new IkeSpecificNetworkCallback(
- IkeSessionStateMachine.this, mNetwork, mLocalAddress);
- mConnectivityManager.registerNetworkCallback(
- request, mNetworkCallback, getHandler());
- } else {
- // Caller did not configure a specific Network - track the default
- mNetworkCallback =
- new IkeDefaultNetworkCallback(
- IkeSessionStateMachine.this, mNetwork, mLocalAddress);
- mConnectivityManager.registerDefaultNetworkCallback(
- mNetworkCallback, getHandler());
- }
- } catch (RuntimeException e) {
- // Error occurred while registering the NetworkCallback
- throw new IkeInternalException("Error while registering NetworkCallback", e);
- }
-
- // Switch to port 4500 if NAT-T is supported (whether or not mobility is done via MOBIKE
- // or Rekey Child). This way, there is no need to change the ports later if a NAT
- // is detected on the new path.
- if (mHasCheckedNattSupport
- && mSupportNatTraversal
- && mIkeSocket.getIkeServerPort() != IkeSocket.SERVER_PORT_UDP_ENCAPSULATED) {
- getAndSwitchToIkeSocket(
- mIkeSocket instanceof IkeUdp4Socket, true /* useEncapPort */);
- }
- }
}
/**
@@ -3761,20 +3228,6 @@
}
@Override
- public boolean processStateMessage(Message message) {
- switch (message.what) {
- case CMD_SET_NETWORK:
- // Shouldn't be receiving this command before MOBIKE is active - determined with
- // last IKE_AUTH response
- logWtf("Received SET_NETWORK cmd in " + getCurrentState().getName());
- return NOT_HANDLED;
-
- default:
- return super.processStateMessage(message);
- }
- }
-
- @Override
protected void handleResponseIkeMessage(IkeMessage ikeMessage) {
try {
int exchangeType = ikeMessage.ikeHeader.exchangeType;
@@ -3801,15 +3254,12 @@
deferMessage(obtainMessage(CMD_EAP_START_EAP_AUTH, ikeEapPayload));
transitionTo(mCreateIkeLocalIkeAuthInEap);
} else {
- if (mIkeSessionParams.hasIkeOption(IKE_OPTION_MOBIKE)) {
- setUpMobilityHandling();
- }
notifyIkeSessionSetup(ikeMessage);
performFirstChildNegotiation(
childReqList, extractChildPayloadsFromMessage(ikeMessage));
}
- } catch (IkeException e) {
+ } catch (IkeProtocolException e) {
if (!mUseEap) {
// Notify the remote because they may have set up the IKE SA.
sendEncryptedIkeMessage(buildIkeDeleteReq(mCurrentIkeSaRecord));
@@ -3847,9 +3297,6 @@
if (mIkeSessionParams.hasIkeOption(IKE_OPTION_EAP_ONLY_AUTH)) {
payloadList.add(new IkeNotifyPayload(NOTIFY_TYPE_EAP_ONLY_AUTHENTICATION));
}
- if (mIkeSessionParams.hasIkeOption(IKE_OPTION_MOBIKE)) {
- payloadList.add(new IkeNotifyPayload(NOTIFY_TYPE_MOBIKE_SUPPORTED));
- }
// Build Authentication payload
IkeAuthConfig authConfig = mIkeSessionParams.getLocalAuthConfig();
@@ -3916,28 +3363,15 @@
configAttributes.add(new IkeConfigPayload.ConfigAttributeAppVersion());
payloadList.add(new IkeConfigPayload(false /*isReply*/, configAttributes));
- // Add 3GPP-specific payloads for this exchange subtype
- payloadList.addAll(
- mIke3gppExtensionExchange.getRequestPayloads(IKE_EXCHANGE_SUBTYPE_IKE_AUTH));
-
return buildIkeAuthReqMessage(payloadList);
}
- private void validateIkeAuthResp(IkeMessage authResp) throws IkeException {
+ private void validateIkeAuthResp(IkeMessage authResp) throws IkeProtocolException {
// Validate IKE Authentication
IkeAuthPayload authPayload = null;
List<IkeCertPayload> certPayloads = new LinkedList<>();
- // Process 3GPP-specific payloads before verifying IKE_AUTH to ensure that the
- // caller is informed of them.
- List<IkePayload> ike3gppPayloads =
- handle3gppRespAndExtractNonError3gppPayloads(
- IKE_EXCHANGE_SUBTYPE_IKE_AUTH, authResp.ikePayloadList);
-
- List<IkePayload> payloadsWithout3gpp = new ArrayList<>(authResp.ikePayloadList);
- payloadsWithout3gpp.removeAll(ike3gppPayloads);
-
- for (IkePayload payload : payloadsWithout3gpp) {
+ for (IkePayload payload : authResp.ikePayloadList) {
switch (payload.payloadType) {
case IkePayload.PAYLOAD_TYPE_ID_RESPONDER:
mRespIdPayload = (IkeIdPayload) payload;
@@ -3957,10 +3391,32 @@
certPayloads.add((IkeCertPayload) payload);
break;
case IkePayload.PAYLOAD_TYPE_NOTIFY:
- handleNotifyInLastAuthResp(
- (IkeNotifyPayload) payload,
- authResp.getPayloadForType(
- PAYLOAD_TYPE_AUTH, IkeAuthPayload.class));
+ IkeNotifyPayload notifyPayload = (IkeNotifyPayload) payload;
+ if (notifyPayload.isErrorNotify()) {
+ if (notifyPayload.isNewChildSaNotify()
+ && authResp.getPayloadForType(
+ PAYLOAD_TYPE_AUTH, IkeAuthPayload.class)
+ != null) {
+ // If error is for creating Child and Auth payload is included, try
+ // to do authentication first and let ChildSessionStateMachine
+ // handle the error later.
+ continue;
+ } else {
+ throw notifyPayload.validateAndBuildIkeException();
+ }
+
+ } else if (notifyPayload.isNewChildSaNotify()) {
+ // If payload is not an error but is for the new Child, it's reasonable
+ // to receive here. Let the ChildSessionStateMachine handle it.
+ continue;
+ } else {
+ // Unknown and unexpected status notifications are ignored as per
+ // RFC7296.
+ logw(
+ "Received unknown or unexpected status notifications with"
+ + " notify type: "
+ + notifyPayload.notifyType);
+ }
break;
case PAYLOAD_TYPE_SA: // Will be handled separately; fall through
case PAYLOAD_TYPE_CP: // Will be handled separately; fall through
@@ -3977,6 +3433,7 @@
}
// Verify existence of payloads
+
if (authPayload == null && mIkeSessionParams.hasIkeOption(IKE_OPTION_EAP_ONLY_AUTH)) {
// If EAP-only option is selected, the responder will not send auth payload if it
// accepts EAP-only authentication. Currently only EAP-only safe methods are
@@ -4131,11 +3588,6 @@
transitionTo(mCreateIkeLocalIkeAuthPostEap);
return HANDLED;
- case CMD_SET_NETWORK:
- // Shouldn't be receiving this command before MOBIKE is active - determined with
- // last IKE_AUTH response
- logWtf("Received SET_NETWORK cmd in " + getCurrentState().getName());
- return NOT_HANDLED;
default:
return super.processStateMessage(msg);
}
@@ -4152,17 +3604,8 @@
"Expected EXCHANGE_TYPE_IKE_AUTH but received: " + exchangeType);
}
- // Process 3GPP-specific payloads before verifying IKE_AUTH to ensure that the
- // caller is informed of them.
- List<IkePayload> ike3gppPayloads =
- handle3gppRespAndExtractNonError3gppPayloads(
- IKE_EXCHANGE_SUBTYPE_IKE_AUTH, ikeMessage.ikePayloadList);
-
- List<IkePayload> payloadsWithout3gpp = new ArrayList<>(ikeMessage.ikePayloadList);
- payloadsWithout3gpp.removeAll(ike3gppPayloads);
-
IkeEapPayload eapPayload = null;
- for (IkePayload payload : payloadsWithout3gpp) {
+ for (IkePayload payload : ikeMessage.ikePayloadList) {
switch (payload.payloadType) {
case IkePayload.PAYLOAD_TYPE_EAP:
eapPayload = (IkeEapPayload) payload;
@@ -4254,11 +3697,6 @@
mRetransmitter = new EncryptedRetransmitter(postEapAuthMsg);
return HANDLED;
- case CMD_SET_NETWORK:
- // Shouldn't be receiving this command before MOBIKE is active - determined with
- // last IKE_AUTH response
- logWtf("Received SET_NETWORK cmd in " + getCurrentState().getName());
- return NOT_HANDLED;
default:
return super.processStateMessage(msg);
}
@@ -4274,15 +3712,11 @@
}
validateIkeAuthRespPostEap(ikeMessage);
-
- if (mIkeSessionParams.hasIkeOption(IKE_OPTION_MOBIKE)) {
- setUpMobilityHandling();
- }
notifyIkeSessionSetup(ikeMessage);
performFirstChildNegotiation(
mFirstChildReqList, extractChildPayloadsFromMessage(ikeMessage));
- } catch (IkeException e) {
+ } catch (IkeProtocolException e) {
// Notify the remote because they may have set up the IKE SA.
sendEncryptedIkeMessage(buildIkeDeleteReq(mCurrentIkeSaRecord));
handleIkeFatalError(e);
@@ -4298,28 +3732,41 @@
handleIkeFatalError(ikeException);
}
- private void validateIkeAuthRespPostEap(IkeMessage authResp) throws IkeException {
+ private void validateIkeAuthRespPostEap(IkeMessage authResp) throws IkeProtocolException {
IkeAuthPayload authPayload = null;
- // Process 3GPP-specific payloads before verifying IKE_AUTH to ensure that the
- // caller is informed of them.
- List<IkePayload> ike3gppPayloads =
- handle3gppRespAndExtractNonError3gppPayloads(
- IKE_EXCHANGE_SUBTYPE_IKE_AUTH, authResp.ikePayloadList);
-
- List<IkePayload> payloadsWithout3gpp = new ArrayList<>(authResp.ikePayloadList);
- payloadsWithout3gpp.removeAll(ike3gppPayloads);
-
- for (IkePayload payload : payloadsWithout3gpp) {
+ for (IkePayload payload : authResp.ikePayloadList) {
switch (payload.payloadType) {
case IkePayload.PAYLOAD_TYPE_AUTH:
authPayload = (IkeAuthPayload) payload;
break;
case IkePayload.PAYLOAD_TYPE_NOTIFY:
- handleNotifyInLastAuthResp(
- (IkeNotifyPayload) payload,
- authResp.getPayloadForType(
- PAYLOAD_TYPE_AUTH, IkeAuthPayload.class));
+ IkeNotifyPayload notifyPayload = (IkeNotifyPayload) payload;
+ if (notifyPayload.isErrorNotify()) {
+ if (notifyPayload.isNewChildSaNotify()
+ && authResp.getPayloadForType(
+ PAYLOAD_TYPE_AUTH, IkeAuthPayload.class)
+ != null) {
+ // If error is for creating Child and Auth payload is included, try
+ // to do authentication first and let ChildSessionStateMachine
+ // handle the error later.
+ continue;
+ } else {
+ throw notifyPayload.validateAndBuildIkeException();
+ }
+
+ } else if (notifyPayload.isNewChildSaNotify()) {
+ // If payload is not an error but is for the new Child, it's reasonable
+ // to receive here. Let the ChildSessionStateMachine handle it.
+ continue;
+ } else {
+ // Unknown and unexpected status notifications are ignored as per
+ // RFC7296.
+ logw(
+ "Received unknown or unexpected status notifications with"
+ + " notify type: "
+ + notifyPayload.notifyType);
+ }
break;
case PAYLOAD_TYPE_SA: // Will be handled separately; fall through
case PAYLOAD_TYPE_CP: // Will be handled separately; fall through
@@ -4623,9 +4070,6 @@
case IKE_EXCHANGE_SUBTYPE_DELETE_IKE:
handleDeleteSessionRequest(ikeMessage);
break;
- case IKE_EXCHANGE_SUBTYPE_GENERIC_INFO:
- handleGenericInfoRequest(ikeMessage);
- break;
default:
// TODO: Implement simultaneous rekey
buildAndSendErrorNotificationResponse(
@@ -5264,252 +4708,6 @@
}
/**
- * MobikeLocalInfo handles mobility event for the IKE Session.
- *
- * <p>When MOBIKE is supported by both sides, MobikeLocalInfo will initiate an
- * UPDATE_SA_ADDRESSES exchange for the IKE Session.
- */
- class MobikeLocalInfo extends DeleteBase {
- private Retransmitter mRetransmitter;
-
- @Override
- public void enterState() {
- if (!mSupportMobike) {
- logd("non-MOBIKE mobility event");
- migrateAllChildSAs();
- notifyConnectionInfoChanged();
- transitionTo(mIdle);
- return;
- }
-
- logd("MOBIKE mobility event");
- mRetransmitter = new EncryptedRetransmitter(buildUpdateSaAddressesReq());
- }
-
- private boolean needNatDetection() {
- if (mRemoteAddress instanceof Inet4Address) {
- // Add NAT_DETECTION payloads when it is unknown if server supports NAT-T or not, or
- // it is known that server supports NAT-T.
- return !mHasCheckedNattSupport || mSupportNatTraversal;
- } else {
- // Add NAT_DETECTION payloads only when a NAT has been detected previously. This is
- // mainly for updating the previous NAT detection result, so that if IKE Session
- // migrates from a v4 NAT environment to a v6 non-NAT environment, both sides can
- // switch to use non-encap ESP SA. This is especially beneficial for implementations
- // that do not support Ipv6 NAT-T.
- return mLocalNatDetected || mRemoteNatDetected;
- }
- }
-
- private IkeMessage buildUpdateSaAddressesReq() {
- // Generics required for addNatDetectionPayloadsToList that takes List<IkePayload> and
- // buildEncryptedInformationalMessage that takes InformationalPayload[].
- List<? super IkeInformationalPayload> payloadList = new ArrayList<>();
- payloadList.add(new IkeNotifyPayload(NOTIFY_TYPE_UPDATE_SA_ADDRESSES));
-
- if (needNatDetection()) {
- addNatDetectionPayloadsToList(
- (List<IkePayload>) payloadList,
- mLocalAddress,
- mRemoteAddress,
- mLocalPort,
- mIkeSocket.getIkeServerPort(),
- mCurrentIkeSaRecord.getInitiatorSpi(),
- mCurrentIkeSaRecord.getResponderSpi());
- }
-
- return buildEncryptedInformationalMessage(
- mCurrentIkeSaRecord,
- payloadList.toArray(new IkeInformationalPayload[payloadList.size()]),
- false /* isResp */,
- mCurrentIkeSaRecord.getLocalRequestMessageId());
- }
-
- @Override
- protected void triggerRetransmit() {
- mRetransmitter.retransmit();
- }
-
- @Override
- public void exitState() {
- super.exitState();
-
- if (mRetransmitter != null) {
- mRetransmitter.stopRetransmitting();
- }
- }
-
- @Override
- public void handleRequestIkeMessage(
- IkeMessage msg, int ikeExchangeSubType, Message message) {
- switch (ikeExchangeSubType) {
- case IKE_EXCHANGE_SUBTYPE_DELETE_IKE:
- handleDeleteSessionRequest(msg);
- break;
-
- default:
- // Send a temporary failure for all non-DELETE_IKE requests
- buildAndSendErrorNotificationResponse(
- mCurrentIkeSaRecord,
- msg.ikeHeader.messageId,
- ERROR_TYPE_TEMPORARY_FAILURE);
- }
- }
-
- @Override
- public void handleResponseIkeMessage(IkeMessage resp) {
- mRetransmitter.stopRetransmitting();
-
- try {
- validateResp(resp);
-
- migrateAllChildSAs();
- notifyConnectionInfoChanged();
- transitionTo(mIdle);
- } catch (IkeException | IOException e) {
- handleIkeFatalError(e);
- }
- }
-
- private void validateResp(IkeMessage resp) throws IkeException, IOException {
- if (resp.ikeHeader.exchangeType != IkeHeader.EXCHANGE_TYPE_INFORMATIONAL) {
- throw new InvalidSyntaxException(
- "Invalid exchange type; expected INFORMATIONAL, but got: "
- + resp.ikeHeader.exchangeType);
- }
-
- List<IkeNotifyPayload> natSourcePayloads = new ArrayList<>();
- IkeNotifyPayload natDestPayload = null;
-
- for (IkePayload payload : resp.ikePayloadList) {
- switch (payload.payloadType) {
- case PAYLOAD_TYPE_NOTIFY:
- IkeNotifyPayload notifyPayload = (IkeNotifyPayload) payload;
- if (notifyPayload.isErrorNotify()) {
- // TODO(b/): handle UNACCEPTABLE_ADDRESSES payload
- throw notifyPayload.validateAndBuildIkeException();
- }
-
- switch (notifyPayload.notifyType) {
- case NOTIFY_TYPE_NAT_DETECTION_SOURCE_IP:
- natSourcePayloads.add(notifyPayload);
- break;
- case NOTIFY_TYPE_NAT_DETECTION_DESTINATION_IP:
- if (natDestPayload != null) {
- throw new InvalidSyntaxException(
- "More than one"
- + " NOTIFY_TYPE_NAT_DETECTION_DESTINATION_IP"
- + " found");
- }
- natDestPayload = notifyPayload;
- break;
- default:
- // Unknown and unexpected status notifications are ignored as per
- // RFC7296.
- logw(
- "Received unknown or unexpected status notifications with"
- + " notify type: "
- + notifyPayload.notifyType);
- }
-
- break;
- default:
- logw("Unexpected payload types found: " + payload.payloadType);
- }
- }
-
- if (mRetransmitter.getMessage().hasNotifyPayload(NOTIFY_TYPE_NAT_DETECTION_SOURCE_IP)) {
- handleNatDetection(resp, natSourcePayloads, natDestPayload);
- }
- }
-
- /** Handle NAT detection and switch socket if needed */
- private void handleNatDetection(
- IkeMessage resp,
- List<IkeNotifyPayload> natSourcePayloads,
- IkeNotifyPayload natDestPayload)
- throws IkeException {
- if (!didPeerIncludeNattDetectionPayloads(natSourcePayloads, natDestPayload)) {
- // If this is first time that IKE client sends NAT_DETECTION payloads, mark that the
- // server does not support NAT-T
- if (!mHasCheckedNattSupport) {
- mHasCheckedNattSupport = true;
- mSupportNatTraversal = false;
- }
- return;
- }
-
- // If this is first time that IKE client sends NAT_DETECTION payloads, mark that the
- // server supports NAT-T, and switch socket if a NAT is detected.
- if (!mHasCheckedNattSupport) {
- mHasCheckedNattSupport = true;
- mSupportNatTraversal = true;
- }
-
- updateLocalAndRemoteNatDetected(
- resp.ikeHeader.ikeInitiatorSpi,
- resp.ikeHeader.ikeResponderSpi,
- natSourcePayloads,
- natDestPayload);
-
- if (mLocalNatDetected || mRemoteNatDetected) {
- if (mRemoteAddress instanceof Inet6Address) {
- throw new IkeInternalException(
- new UnsupportedOperationException("An IPv6 NAT is detected."));
- }
-
- logd("Switching to send to remote port 4500 if it's not already");
- getAndSwitchToIkeSocket(
- mRemoteAddress instanceof Inet4Address, true /* useEncapPort */);
- }
- }
-
- private void migrateAllChildSAs() {
- // TODO(b/172015298): migrate Child SAs directly if Kernel support
-
- // Schedule MOBIKE Rekeys for all Child Sessions
- for (int i = 0; i < mRemoteSpiToChildSessionMap.size(); i++) {
- int remoteChildSpi = mRemoteSpiToChildSessionMap.keyAt(i);
- sendMessage(
- CMD_LOCAL_REQUEST_REKEY_CHILD_MOBIKE,
- mLocalRequestFactory.getChildLocalRequest(
- CMD_LOCAL_REQUEST_REKEY_CHILD_MOBIKE, remoteChildSpi));
- }
- }
-
- private void notifyConnectionInfoChanged() {
- IkeSessionConnectionInfo connectionInfo =
- new IkeSessionConnectionInfo(mLocalAddress, mRemoteAddress, mNetwork);
- executeUserCallback(
- () -> mIkeSessionCallback.onIkeSessionConnectionInfoChanged(connectionInfo));
- }
- }
-
- private static void addNatDetectionPayloadsToList(
- List<IkePayload> payloadList,
- InetAddress localAddr,
- InetAddress remoteAddr,
- int localPort,
- int remotePort,
- long initIkeSpi,
- long respIkeSpi) {
- // Though RFC says Notify-NAT payload is "just after the Ni and Nr payloads (before
- // the optional CERTREQ payload)", it also says recipient MUST NOT reject " messages
- // in which the payloads were not in the "right" order" due to the lack of clarity
- // of the payload order.
- payloadList.add(
- new IkeNotifyPayload(
- NOTIFY_TYPE_NAT_DETECTION_SOURCE_IP,
- IkeNotifyPayload.generateNatDetectionData(
- initIkeSpi, respIkeSpi, localAddr, localPort)));
- payloadList.add(
- new IkeNotifyPayload(
- NOTIFY_TYPE_NAT_DETECTION_DESTINATION_IP,
- IkeNotifyPayload.generateNatDetectionData(
- initIkeSpi, respIkeSpi, remoteAddr, remotePort)));
- }
-
- /**
* Helper class to generate IKE SA creation payloads, in both request and response directions.
*/
private static class CreateIkeSaHelper {
@@ -5522,27 +4720,28 @@
InetAddress remoteAddr,
int localPort,
int remotePort,
- RandomnessFactory randomFactory,
- boolean isMobikeSupportEnabled)
+ RandomnessFactory randomFactory)
throws IOException {
List<IkePayload> payloadList =
getCreateIkeSaPayloads(
selectedDhGroup,
IkeSaPayload.createInitialIkeSaPayload(saProposals),
randomFactory);
-
- if (remoteAddr instanceof Inet4Address) {
- // TODO(b/184869678): support NAT detection for all cases
- // UdpEncap for V6 is not supported in Android yet, so only send NAT Detection
- // payloads when using IPv4 addresses
- addNatDetectionPayloadsToList(
- payloadList,
- localAddr,
- remoteAddr,
- localPort,
- remotePort,
- initIkeSpi,
- respIkeSpi);
+ if (localAddr instanceof Inet4Address) {
+ // Though RFC says Notify-NAT payload is "just after the Ni and Nr payloads (before
+ // the optional CERTREQ payload)", it also says recipient MUST NOT reject " messages
+ // in which the payloads were not in the "right" order" due to the lack of clarity
+ // of the payload order.
+ payloadList.add(
+ new IkeNotifyPayload(
+ NOTIFY_TYPE_NAT_DETECTION_SOURCE_IP,
+ IkeNotifyPayload.generateNatDetectionData(
+ initIkeSpi, respIkeSpi, localAddr, localPort)));
+ payloadList.add(
+ new IkeNotifyPayload(
+ NOTIFY_TYPE_NAT_DETECTION_DESTINATION_IP,
+ IkeNotifyPayload.generateNatDetectionData(
+ initIkeSpi, respIkeSpi, remoteAddr, remotePort)));
}
return payloadList;
@@ -5603,163 +4802,13 @@
List<IkePayload> payloadList = new ArrayList<>(3);
- // The old IKE spec RFC 4306 (section 2.5 and 2.6) requires the payload order in IKE
- // INIT to be SAi, KEi, Ni and allow responders to reject requests with wrong order.
- // Although starting from RFC 5996, the protocol removed the allowance for rejecting
- // messages in which the payloads were not in the "right" order, there are few responder
- // implementations are still following the old spec when handling IKE INIT request with
- // COOKIE payload. Thus IKE library should follow the payload order to be compatible
- // with older implementations.
payloadList.add(saPayload);
+ payloadList.add(new IkeNoncePayload(randomFactory));
// SaPropoals.Builder guarantees that each SA proposal has at least one DH group.
- payloadList.add(IkeKePayload.createOutboundKePayload(selectedDhGroup, randomFactory));
-
- payloadList.add(new IkeNoncePayload(randomFactory));
+ payloadList.add(new IkeKePayload(selectedDhGroup, randomFactory));
return payloadList;
}
}
-
- /**
- * Updates the underlying Network for this IKE Session to be the specified Network. This will
- * also update the local address and IkeSocket for the IKE Session.
- *
- * <p>MUST be called from the Handler Thread to avoid races.
- */
- @Override
- public void onUnderlyingNetworkUpdated(Network network) {
- Network oldNetwork = mNetwork;
- InetAddress oldLocalAddress = mLocalAddress;
- InetAddress oldRemoteAddress = mRemoteAddress;
-
- mNetwork = network;
-
- // If the network changes, perform a new DNS lookup to ensure that the correct remote
- // address is used. This ensures that DNS returns addresses for the correct address families
- // (important if using a v4/v6-only network). This also ensures that DNS64 is handled
- // correctly when switching between networks that may have different IPv6 prefixes.
- if (!mNetwork.equals(oldNetwork)) {
- try {
- resolveAndSetAvailableRemoteAddresses();
- } catch (IOException e) {
- handleIkeFatalError(e);
- return;
- }
- }
-
- setRemoteAddress();
-
- boolean isIpv4 = mRemoteAddress instanceof Inet4Address;
-
- // If it is known that the server supports NAT-T, use port 4500. Otherwise, use port 500.
- boolean nattSupported = mHasCheckedNattSupport && mSupportNatTraversal;
- int serverPort =
- nattSupported
- ? IkeSocket.SERVER_PORT_UDP_ENCAPSULATED
- : IkeSocket.SERVER_PORT_NON_UDP_ENCAPSULATED;
-
- try {
- mLocalAddress =
- mIkeLocalAddressGenerator.generateLocalAddress(
- mNetwork, isIpv4, mRemoteAddress, serverPort);
-
- if (mNetwork.equals(oldNetwork)
- && mLocalAddress.equals(oldLocalAddress)
- && mRemoteAddress.equals(oldRemoteAddress)) {
- logw(
- "onUnderlyingNetworkUpdated: None of network, local or remote address has"
- + " changed. No action needed here.");
- return;
- }
-
- // Only switch the IkeSocket if the underlying Network actually changes. This may not
- // always happen (ex: the underlying Network loses the current local address)
- if (!mNetwork.equals(oldNetwork)) {
- boolean useEncapPort =
- mIkeSessionParams.hasIkeOption(IKE_OPTION_FORCE_PORT_4500) || nattSupported;
- getAndSwitchToIkeSocket(isIpv4, useEncapPort);
- }
- } catch (ErrnoException | IOException e) {
- handleIkeFatalError(e);
- return;
- }
- mNetworkCallback.setNetwork(mNetwork);
- mNetworkCallback.setAddress(mLocalAddress);
-
- try {
- mCurrentIkeSaRecord.migrate(mLocalAddress, mRemoteAddress);
- if (mLocalInitNewIkeSaRecord != null) {
- mLocalInitNewIkeSaRecord.migrate(mLocalAddress, mRemoteAddress);
- }
- if (mRemoteInitNewIkeSaRecord != null) {
- mRemoteInitNewIkeSaRecord.migrate(mLocalAddress, mRemoteAddress);
- }
- } catch (IOException e) {
- // Failed to migrate IKE SAs due to IKE SPI collision
- handleIkeFatalError(e);
- return;
- }
-
- // TODO(b/172013873): restart transmission timeouts on IKE SAs after changing networks
- sendMessage(
- CMD_LOCAL_REQUEST_MOBIKE,
- mLocalRequestFactory.getIkeLocalRequest(CMD_LOCAL_REQUEST_MOBIKE));
- }
-
- private void resolveAndSetAvailableRemoteAddresses() throws IOException {
- // TODO(b/149954916): Do DNS resolution asynchronously
- InetAddress[] allRemoteAddresses = null;
- final String hostname = mIkeSessionParams.getServerHostname();
-
- for (int attempts = 1;
- attempts <= MAX_DNS_RESOLUTION_ATTEMPTS && allRemoteAddresses == null;
- attempts++) {
- try {
- allRemoteAddresses = mNetwork.getAllByName(hostname);
- } catch (UnknownHostException e) {
- final boolean willRetry = attempts < MAX_DNS_RESOLUTION_ATTEMPTS;
- logd(
- "Failed to look up host for attempt "
- + attempts
- + ": "
- + hostname
- + " retrying? "
- + willRetry,
- e);
- }
- }
- if (allRemoteAddresses == null) {
- throw new IOException(
- "DNS resolution for "
- + hostname
- + " failed after "
- + MAX_DNS_RESOLUTION_ATTEMPTS
- + " attempts");
- }
-
- logd(
- "Resolved addresses for peer: "
- + Arrays.toString(allRemoteAddresses)
- + " to replace old addresses: v4="
- + mRemoteAddressesV4
- + " v6="
- + mRemoteAddressesV6);
-
- mRemoteAddressesV4.clear();
- mRemoteAddressesV6.clear();
- for (InetAddress remoteAddress : allRemoteAddresses) {
- if (remoteAddress instanceof Inet4Address) {
- mRemoteAddressesV4.add((Inet4Address) remoteAddress);
- } else {
- mRemoteAddressesV6.add((Inet6Address) remoteAddress);
- }
- }
- }
-
- @Override
- public void onUnderlyingNetworkDied() {
- executeUserCallback(
- () -> mIkeSessionCallback.onError(new IkeNetworkLostException(mNetwork)));
- }
}
diff --git a/src/java/com/android/internal/net/ipsec/ike/IkeSocket.java b/src/java/com/android/internal/net/ipsec/ike/IkeSocket.java
index 8a48a08..d6c1f5c 100644
--- a/src/java/com/android/internal/net/ipsec/ike/IkeSocket.java
+++ b/src/java/com/android/internal/net/ipsec/ike/IkeSocket.java
@@ -17,11 +17,8 @@
package com.android.internal.net.ipsec.ike;
import static android.net.ipsec.ike.IkeManager.getIkeLog;
-import static android.system.OsConstants.IPPROTO_IP;
-import static android.system.OsConstants.IPPROTO_IPV6;
-import static android.system.OsConstants.IPV6_TCLASS;
-import static android.system.OsConstants.IP_TOS;
+import android.net.Network;
import android.net.ipsec.ike.exceptions.IkeProtocolException;
import android.os.Handler;
import android.system.ErrnoException;
@@ -68,7 +65,8 @@
private static final int RCV_BUFFER_SIZE = 4096;
- private final IkeSocketConfig mIkeSocketConfig;
+ // Network this socket bound to.
+ private final Network mNetwork;
private final Handler mHandler;
// Map from locally generated IKE SPI to IkeSessionStateMachine instances.
@@ -80,9 +78,9 @@
@VisibleForTesting
protected final Set<IkeSessionStateMachine> mAliveIkeSessions = new HashSet<>();
- protected IkeSocket(IkeSocketConfig sockConfig, Handler handler) {
+ protected IkeSocket(Network network, Handler handler) {
mHandler = handler;
- mIkeSocketConfig = sockConfig;
+ mNetwork = network;
}
protected static void parseAndDemuxIkePacket(
@@ -114,24 +112,6 @@
}
}
- /** Applies a socket configuration to an input socket. */
- protected static void applySocketConfig(
- IkeSocketConfig sockConfig, FileDescriptor sock, boolean isIpv6)
- throws ErrnoException, IOException {
- sockConfig.getNetwork().bindSocket(sock);
- if (isIpv6) {
- // Traffic class field consists of a 6-bit Differentiated Services Code Point (DSCP)
- // field and a 2-bit Explicit Congestion Notification (ECN) field.
- final int tClass = sockConfig.getDscp() << 2;
- Os.setsockoptInt(sock, IPPROTO_IPV6, IPV6_TCLASS, tClass);
- } else {
- // TOS field consists of a 6-bit Differentiated Services Code Point (DSCP) field and a
- // 2-bit Explicit Congestion Notification (ECN) field.
- final int tos = sockConfig.getDscp() << 2;
- Os.setsockoptInt(sock, IPPROTO_IP, IP_TOS, tos);
- }
- }
-
/** Starts the packet reading poll-loop. */
public void start() {
// Start background reader thread
@@ -201,9 +181,13 @@
protected abstract void handlePacket(byte[] recvbuf, int length);
- /** Return the IkeSocketConfig */
- public final IkeSocketConfig getIkeSocketConfig() {
- return mIkeSocketConfig;
+ /**
+ * Return Network this socket bound to
+ *
+ * @return the bound Network
+ */
+ public final Network getNetwork() {
+ return mNetwork;
}
/**
diff --git a/src/java/com/android/internal/net/ipsec/ike/IkeSocketConfig.java b/src/java/com/android/internal/net/ipsec/ike/IkeSocketConfig.java
deleted file mode 100644
index a91708a..0000000
--- a/src/java/com/android/internal/net/ipsec/ike/IkeSocketConfig.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.ipsec.ike;
-
-
-import android.net.Network;
-
-import java.util.Objects;
-
-/**
- * IkeSocketConfig represents a socket configuration.
- *
- * <p>IkeSessionStateMachines that share the same socket configuration and request the same IKE
- * socket type (v4, v6, v4-encap, v6-encap-port) will be sharing the same IkeSocket instance.
- */
-public final class IkeSocketConfig {
- // Network that the IKE socket will be bound to.
- private final Network mNetwork;
- private final int mDscp;
-
- /** Construct an IkeSocketConfig. */
- public IkeSocketConfig(Network network, int dscp) {
- mNetwork = network;
- mDscp = dscp;
- }
-
- /** Returns the underlying network. */
- public Network getNetwork() {
- return mNetwork;
- }
-
- /** Returns the DSCP value. */
- public int getDscp() {
- return mDscp;
- }
-
- /** @hide */
- @Override
- public int hashCode() {
- return Objects.hash(mNetwork, mDscp);
- }
-
- /** @hide */
- @Override
- public boolean equals(Object o) {
- if (!(o instanceof IkeSocketConfig)) {
- return false;
- }
-
- IkeSocketConfig other = (IkeSocketConfig) o;
-
- return mNetwork.equals(other.mNetwork) && mDscp == other.mDscp;
- }
-}
diff --git a/src/java/com/android/internal/net/ipsec/ike/IkeUdp4Socket.java b/src/java/com/android/internal/net/ipsec/ike/IkeUdp4Socket.java
index 3bf864b..4886611 100644
--- a/src/java/com/android/internal/net/ipsec/ike/IkeUdp4Socket.java
+++ b/src/java/com/android/internal/net/ipsec/ike/IkeUdp4Socket.java
@@ -21,10 +21,13 @@
import static android.system.OsConstants.SOCK_DGRAM;
import android.net.InetAddresses;
+import android.net.Network;
import android.os.Handler;
import android.system.ErrnoException;
import android.system.Os;
+import com.android.internal.annotations.VisibleForTesting;
+
import java.io.FileDescriptor;
import java.io.IOException;
import java.net.InetAddress;
@@ -34,48 +37,54 @@
/**
* IkeUdp4Socket uses an IPv4-bound {@link FileDescriptor} to send and receive IKE packets.
*
- * <p>Caller MUST provide one IkeSocketConfig when trying to get an instance of IkeUdp4Socket. Each
- * IkeSocketConfig will only be bound to by one IkeUdp4Socket instance. When caller requests an
- * IkeUdp4Socket with an already bound IkeSocketConfig, the existing instance will be returned.
+ * <p>Caller MUST provide one {@link Network} when trying to get an instance of IkeUdp4Socket. Each
+ * {@link Network} will only be bound to by one IkeUdp4Socket instance. When caller requests an
+ * IkeUdp4Socket with an already bound {@link Network}, the existing instance will be returned.
*/
public final class IkeUdp4Socket extends IkeUdpSocket {
private static final String TAG = IkeUdp4Socket.class.getSimpleName();
private static final InetAddress INADDR_ANY = InetAddresses.parseNumericAddress("0.0.0.0");
- // Map from IkeSocketConfig to IkeUdp4Socket instances.
- private static Map<IkeSocketConfig, IkeUdp4Socket> sConfigToSocketMap = new HashMap<>();
+ // Map from Network to IkeUdp4Socket instances.
+ private static Map<Network, IkeUdp4Socket> sNetworkToUdp4SocketMap = new HashMap<>();
- private IkeUdp4Socket(FileDescriptor socket, IkeSocketConfig sockConfig, Handler handler) {
- super(socket, sockConfig, handler == null ? new Handler() : handler);
+ private IkeUdp4Socket(FileDescriptor socket, Network network, Handler handler) {
+ super(socket, network, handler == null ? new Handler() : handler);
}
/**
* Get an IkeUdp4Socket instance.
*
- * <p>Return the existing IkeUdp4Socket instance if it has been created for the input
- * IkeSocketConfig. Otherwise, create and return a new IkeUdp4Socket instance.
+ * <p>Return the existing IkeUdp4Socket instance if it has been created for the input Network.
+ * Otherwise, create and return a new IkeUdp4Socket instance.
*
- * @param sockConfig the socket configuration
+ * @param network the Network this socket will be bound to
* @param ikeSession the IkeSessionStateMachine that is requesting an IkeUdp4Socket.
- * @param handler the Handler used to process received packets
* @return an IkeUdp4Socket instance
*/
- public static IkeUdp4Socket getInstance(
- IkeSocketConfig sockConfig, IkeSessionStateMachine ikeSession, Handler handler)
+ public static IkeUdp4Socket getInstance(Network network, IkeSessionStateMachine ikeSession)
throws ErrnoException, IOException {
- IkeUdp4Socket ikeSocket = sConfigToSocketMap.get(sockConfig);
+ return getInstance(network, ikeSession, null);
+ }
+
+ // package protected; for testing purposes.
+ @VisibleForTesting
+ static IkeUdp4Socket getInstance(
+ Network network, IkeSessionStateMachine ikeSession, Handler handler)
+ throws ErrnoException, IOException {
+ IkeUdp4Socket ikeSocket = sNetworkToUdp4SocketMap.get(network);
if (ikeSocket == null) {
FileDescriptor sock = Os.socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
Os.bind(sock, INADDR_ANY, 0);
- applySocketConfig(sockConfig, sock, false /* isIpv6 */);
+ network.bindSocket(sock);
- ikeSocket = new IkeUdp4Socket(sock, sockConfig, handler);
+ ikeSocket = new IkeUdp4Socket(sock, network, handler);
// Create and register FileDescriptor for receiving IKE packet on current thread.
ikeSocket.start();
- sConfigToSocketMap.put(sockConfig, ikeSocket);
+ sNetworkToUdp4SocketMap.put(network, ikeSocket);
}
ikeSocket.mAliveIkeSessions.add(ikeSession);
return ikeSocket;
@@ -84,7 +93,7 @@
/** Implement {@link AutoCloseable#close()} */
@Override
public void close() {
- sConfigToSocketMap.remove(getIkeSocketConfig());
+ sNetworkToUdp4SocketMap.remove(getNetwork());
super.close();
}
diff --git a/src/java/com/android/internal/net/ipsec/ike/IkeUdp6Socket.java b/src/java/com/android/internal/net/ipsec/ike/IkeUdp6Socket.java
index 76c71a3..c0d9e36 100644
--- a/src/java/com/android/internal/net/ipsec/ike/IkeUdp6Socket.java
+++ b/src/java/com/android/internal/net/ipsec/ike/IkeUdp6Socket.java
@@ -21,10 +21,13 @@
import static android.system.OsConstants.SOCK_DGRAM;
import android.net.InetAddresses;
+import android.net.Network;
import android.os.Handler;
import android.system.ErrnoException;
import android.system.Os;
+import com.android.internal.annotations.VisibleForTesting;
+
import java.io.FileDescriptor;
import java.io.IOException;
import java.net.InetAddress;
@@ -34,62 +37,63 @@
/**
* IkeUdp6Socket uses an IPv6-bound {@link FileDescriptor} to send and receive IKE packets.
*
- * <p>Caller MUST provide one IkeSocketConfig when trying to get an instance of IkeUdp6Socket. Each
- * IkeSocketConfig will only be bound to by one IkeUdp6Socket instance. When caller requests an
- * IkeUdp6Socket with an already bound IkeSocketConfig, the existing instance will be returned.
+ * <p>Caller MUST provide one {@link Network} when trying to get an instance of IkeUdp6Socket. Each
+ * {@link Network} will only be bound to by one IkeUdp6Socket instance. When caller requests an
+ * IkeUdp6Socket with an already bound {@link Network}, the existing instance will be returned.
*/
-public class IkeUdp6Socket extends IkeUdpSocket {
+public final class IkeUdp6Socket extends IkeUdpSocket {
private static final String TAG = IkeUdp6Socket.class.getSimpleName();
private static final InetAddress INADDR_ANY = InetAddresses.parseNumericAddress("::");
- // Map from IkeSocketConfig to IkeUdp6Socket instances.
- private static Map<IkeSocketConfig, IkeUdp6Socket> sConfigToSocketMap = new HashMap<>();
+ // Map from Network to IkeUdp6Socket instances.
+ private static Map<Network, IkeUdp6Socket> sNetworkToUdp6SocketMap = new HashMap<>();
- protected IkeUdp6Socket(FileDescriptor socket, IkeSocketConfig sockConfig, Handler handler) {
- super(socket, sockConfig, handler == null ? new Handler() : handler);
+ private IkeUdp6Socket(FileDescriptor socket, Network network, Handler handler) {
+ super(socket, network, handler == null ? new Handler() : handler);
}
/**
* Get an IkeUdp6Socket instance.
*
- * <p>Return the existing IkeUdp6Socket instance if it has been created for the input
- * IkeSocketConfig. Otherwise, create and return a new IkeUdp6Socket instance.
+ * <p>Return the existing IkeUdp6Socket instance if it has been created for the input Network.
+ * Otherwise, create and return a new IkeUdp6Socket instance.
*
- * @param sockConfig the socket configuration
+ * @param network the Network this socket will be bound to
* @param ikeSession the IkeSessionStateMachine that is requesting an IkeUdp6Socket.
- * @param handler the Handler used to process received packets
* @return an IkeUdp6Socket instance
*/
- public static IkeUdp6Socket getInstance(
- IkeSocketConfig sockConfig, IkeSessionStateMachine ikeSession, Handler handler)
+ public static IkeUdp6Socket getInstance(Network network, IkeSessionStateMachine ikeSession)
throws ErrnoException, IOException {
- IkeUdp6Socket ikeSocket = sConfigToSocketMap.get(sockConfig);
+ return getInstance(network, ikeSession, null);
+ }
+
+ // package protected; for testing purposes.
+ @VisibleForTesting
+ static IkeUdp6Socket getInstance(
+ Network network, IkeSessionStateMachine ikeSession, Handler handler)
+ throws ErrnoException, IOException {
+ IkeUdp6Socket ikeSocket = sNetworkToUdp6SocketMap.get(network);
if (ikeSocket == null) {
- ikeSocket = new IkeUdp6Socket(openUdp6Sock(sockConfig), sockConfig, handler);
+ FileDescriptor sock = Os.socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);
+ Os.bind(sock, INADDR_ANY, 0);
+ network.bindSocket(sock);
+
+ ikeSocket = new IkeUdp6Socket(sock, network, handler);
// Create and register FileDescriptor for receiving IKE packet on current thread.
ikeSocket.start();
- sConfigToSocketMap.put(sockConfig, ikeSocket);
+ sNetworkToUdp6SocketMap.put(network, ikeSocket);
}
ikeSocket.mAliveIkeSessions.add(ikeSession);
return ikeSocket;
}
- protected static FileDescriptor openUdp6Sock(IkeSocketConfig sockConfig)
- throws ErrnoException, IOException {
- FileDescriptor sock = Os.socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);
- Os.bind(sock, INADDR_ANY, 0);
- applySocketConfig(sockConfig, sock, true /* isIpv6 */);
-
- return sock;
- }
-
/** Implement {@link AutoCloseable#close()} */
@Override
public void close() {
- sConfigToSocketMap.remove(getIkeSocketConfig());
+ sNetworkToUdp6SocketMap.remove(getNetwork());
super.close();
}
diff --git a/src/java/com/android/internal/net/ipsec/ike/IkeUdp6WithEncapPortSocket.java b/src/java/com/android/internal/net/ipsec/ike/IkeUdp6WithEncapPortSocket.java
deleted file mode 100644
index c83cd4d..0000000
--- a/src/java/com/android/internal/net/ipsec/ike/IkeUdp6WithEncapPortSocket.java
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.ipsec.ike;
-
-import android.os.Handler;
-import android.system.ErrnoException;
-
-import com.android.internal.annotations.VisibleForTesting;
-
-import java.io.FileDescriptor;
-import java.io.IOException;
-import java.net.InetAddress;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.Map;
-
-/**
- * IkeUdp6WithEncapPortSocket uses an IPv6-bound {@link FileDescriptor} to send and receive IKE
- * packets.
- *
- * <p>IkeUdp6WithEncapPortSocket is usually used when IKE Session has IPv6 address and is required
- * to send message to port 4500, as per MOBIKE spec (RFC 4555).
- *
- * <p>Caller MUST provide one IkeSocketConfig when trying to get an instance of
- * IkeUdp6WithEncapPortSocket. Each IkeSocketConfig will only be bound to by one
- * IkeUdp6WithEncapPortSocket instance. When caller requests an IkeUdp6WithEncapPortSocket with an
- * already bound IkeSocketConfig, the existing instance will be returned.
- */
-public final class IkeUdp6WithEncapPortSocket extends IkeUdp6Socket {
- private static final String TAG = IkeUdp6WithEncapPortSocket.class.getSimpleName();
-
- // Map from IkeSocketConfig to IkeUdp6WithEncapPortSocket instances.
- private static Map<IkeSocketConfig, IkeUdp6WithEncapPortSocket> sConfigToSocketMap =
- new HashMap<>();
-
- private static IPacketReceiver sPacketReceiver =
- new IkeUdpEncapPortPacketHandler.PacketReceiver();
-
- private final IkeUdpEncapPortPacketHandler mUdpEncapPortPacketHandler;
-
- private IkeUdp6WithEncapPortSocket(
- FileDescriptor socket, IkeSocketConfig sockConfig, Handler handler) {
- super(socket, sockConfig, handler);
-
- mUdpEncapPortPacketHandler = new IkeUdpEncapPortPacketHandler(getFd());
- }
-
- /**
- * Get an IkeUdp6WithEncapPortSocket instance.
- *
- * <p>Return the existing IkeUdp6WithEncapPortSocket instance if it has been created for the
- * input IkeSocketConfig. Otherwise, create and return a new IkeUdp6WithEncapPortSocket
- * instance.
- *
- * @param sockConfig the socket configuration
- * @param ikeSession the IkeSessionStateMachine that is requesting an
- * IkeUdp6WithEncapPortSocket.
- * @param handler the Handler used to process received packets
- * @return an IkeUdp6WithEncapPortSocket instance
- */
- public static IkeUdp6WithEncapPortSocket getIkeUdpEncapSocket(
- IkeSocketConfig sockConfig, IkeSessionStateMachine ikeSession, Handler handler)
- throws ErrnoException, IOException {
- IkeUdp6WithEncapPortSocket ikeSocket = sConfigToSocketMap.get(sockConfig);
- if (ikeSocket == null) {
- ikeSocket =
- new IkeUdp6WithEncapPortSocket(openUdp6Sock(sockConfig), sockConfig, handler);
-
- // Create and register FileDescriptor for receiving IKE packet on current thread.
- ikeSocket.start();
-
- sConfigToSocketMap.put(sockConfig, ikeSocket);
- }
- ikeSocket.mAliveIkeSessions.add(ikeSession);
- return ikeSocket;
- }
-
- /** Package private */
- @VisibleForTesting
- static void setPacketReceiver(IkeSocket.IPacketReceiver receiver) {
- sPacketReceiver = receiver;
- }
-
- /**
- * Handle received IKE packet. Invoked when there is a read event. Any desired copies of
- * |recvbuf| should be made in here, as the underlying byte array is reused across all reads.
- */
- @Override
- protected void handlePacket(byte[] recvbuf, int length) {
- sPacketReceiver.handlePacket(Arrays.copyOfRange(recvbuf, 0, length), mSpiToIkeSession);
- }
-
- @Override
- public void sendIkePacket(byte[] ikePacket, InetAddress serverAddress) {
- mUdpEncapPortPacketHandler.sendIkePacket(ikePacket, serverAddress);
- }
-
- @Override
- public int getIkeServerPort() {
- return SERVER_PORT_UDP_ENCAPSULATED;
- }
-
- /** Implement {@link AutoCloseable#close()} */
- @Override
- public void close() {
- sConfigToSocketMap.remove(getIkeSocketConfig());
-
- super.close();
- }
-}
diff --git a/src/java/com/android/internal/net/ipsec/ike/IkeUdpEncapPortPacketHandler.java b/src/java/com/android/internal/net/ipsec/ike/IkeUdpEncapPortPacketHandler.java
deleted file mode 100644
index 07dff2b..0000000
--- a/src/java/com/android/internal/net/ipsec/ike/IkeUdpEncapPortPacketHandler.java
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.ipsec.ike;
-
-import static android.net.ipsec.ike.IkeManager.getIkeLog;
-
-import android.system.ErrnoException;
-import android.system.Os;
-import android.util.LongSparseArray;
-
-import com.android.internal.annotations.VisibleForTesting;
-
-import java.io.FileDescriptor;
-import java.io.IOException;
-import java.net.InetAddress;
-import java.nio.ByteBuffer;
-import java.util.Arrays;
-
-/**
- * IkeUdpEncapPortPacketHandler is a template for IKE Sockets that target port 4500.
- *
- * <p>Specifically, this class helps for IKE Sockets that target port 4500 and need to utilize
- * 4-byte non-ESP markers in their incoming/outgoing IKE packets, as specified in RFC 3948 Section
- * 2.2.
- */
-public class IkeUdpEncapPortPacketHandler {
- private static final String TAG = IkeUdpEncapPortPacketHandler.class.getSimpleName();
-
- @VisibleForTesting static final int NON_ESP_MARKER_LEN = 4;
- @VisibleForTesting static final byte[] NON_ESP_MARKER = new byte[NON_ESP_MARKER_LEN];
-
- private final FileDescriptor mSocket;
-
- /** Creates a IkeUdpEncapPortPacketHandler with the given FileDescriptor. */
- public IkeUdpEncapPortPacketHandler(FileDescriptor socket) {
- mSocket = socket;
- }
-
- /** Package private */
- @VisibleForTesting
- static class PacketReceiver implements IkeSocket.IPacketReceiver {
- private static final String TAG = IkeUdpEncapPortPacketHandler.class.getSimpleName();
-
- public void handlePacket(
- byte[] recvbuf, LongSparseArray<IkeSessionStateMachine> spiToIkeSession) {
- if (recvbuf.length < NON_ESP_MARKER_LEN) {
- getIkeLog().d(TAG, "Received too short of packet. Ignoring.");
- return;
- }
-
- ByteBuffer byteBuffer = ByteBuffer.wrap(recvbuf);
-
- // Check the existence of the Non-ESP Marker. A received packet can be either an IKE
- // packet starts with 4 zero-valued bytes Non-ESP Marker or an ESP packet starts with 4
- // bytes ESP SPI. ESP SPI value can never be zero.
- byte[] espMarker = new byte[NON_ESP_MARKER_LEN];
- byteBuffer.get(espMarker);
- if (!Arrays.equals(NON_ESP_MARKER, espMarker)) {
- // Drop the received ESP packet.
- getIkeLog().e(TAG, "Received an ESP packet. Dropped.");
- return;
- }
-
- // Re-direct IKE packet to IkeSessionStateMachine according to the locally generated
- // IKE SPI.
- byte[] ikePacketBytes = new byte[byteBuffer.remaining()];
- byteBuffer.get(ikePacketBytes);
- IkeSocket.parseAndDemuxIkePacket(ikePacketBytes, spiToIkeSession, TAG);
- }
- }
-
- /**
- * Send encoded IKE packet to destination address
- *
- * @param ikePacket encoded IKE packet
- * @param serverAddress IP address of remote server
- *
- * <p>package-private
- */
- void sendIkePacket(byte[] ikePacket, InetAddress serverAddress) {
- getIkeLog()
- .d(
- TAG,
- "Send packet to "
- + serverAddress.getHostAddress()
- + "( "
- + ikePacket.length
- + " bytes)");
- try {
- ByteBuffer buffer = ByteBuffer.allocate(NON_ESP_MARKER_LEN + ikePacket.length);
-
- // Build outbound UDP Encapsulation packet body for sending IKE message.
- buffer.put(NON_ESP_MARKER).put(ikePacket);
- buffer.rewind();
-
- // Use unconnected UDP socket because one {@IkeSocket} may be shared by
- // multiple IKE sessions that send messages to different destinations.
- Os.sendto(mSocket, buffer, 0, serverAddress, IkeSocket.SERVER_PORT_UDP_ENCAPSULATED);
- } catch (ErrnoException | IOException e) {
- // TODO: Handle exception
- getIkeLog().e(TAG, "error sending IKE packet", e);
- }
- }
-}
diff --git a/src/java/com/android/internal/net/ipsec/ike/IkeUdpEncapSocket.java b/src/java/com/android/internal/net/ipsec/ike/IkeUdpEncapSocket.java
index 40da618..5e94694 100644
--- a/src/java/com/android/internal/net/ipsec/ike/IkeUdpEncapSocket.java
+++ b/src/java/com/android/internal/net/ipsec/ike/IkeUdpEncapSocket.java
@@ -21,15 +21,19 @@
import android.net.IpSecManager;
import android.net.IpSecManager.ResourceUnavailableException;
import android.net.IpSecManager.UdpEncapsulationSocket;
+import android.net.Network;
import android.os.Handler;
import android.os.Looper;
import android.system.ErrnoException;
+import android.system.Os;
+import android.util.LongSparseArray;
import com.android.internal.annotations.VisibleForTesting;
import java.io.FileDescriptor;
import java.io.IOException;
import java.net.InetAddress;
+import java.nio.ByteBuffer;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
@@ -37,62 +41,61 @@
/**
* IkeUdpEncapSocket uses an {@link UdpEncapsulationSocket} to send and receive IKE packets.
*
- * <p>Caller MUST provide one IkeSocketConfig when trying to get an instance of IkeUdpEncapSocket.
- * Each IkeSocketConfig can only be bound by one IkeUdpEncapSocket instance. When caller requests
- * for IkeUdpEncapSocket with an already bound IkeSocketConfig, an existing instance will be
+ * <p>Caller MUST provide one {@link Network} when trying to get an instance of IkeUdpEncapSocket.
+ * Each {@link Network} can only be bound with one IkeUdpEncapSocket instance. When caller requests
+ * for IkeUdpEncapSocket with an already bound {@link Network}, an existing instance will be
* returned.
*/
public final class IkeUdpEncapSocket extends IkeSocket {
private static final String TAG = "IkeUdpEncapSocket";
- // Map from IkeSocketConfig to IkeSocket instances.
- private static Map<IkeSocketConfig, IkeUdpEncapSocket> sConfigToSocketMap = new HashMap<>();
+ // A Non-ESP marker helps the recipient to distinguish IKE packets from ESP packets.
+ @VisibleForTesting static final int NON_ESP_MARKER_LEN = 4;
+ @VisibleForTesting static final byte[] NON_ESP_MARKER = new byte[NON_ESP_MARKER_LEN];
- private static IPacketReceiver sPacketReceiver =
- new IkeUdpEncapPortPacketHandler.PacketReceiver();
+ // Map from Network to IkeSocket instances.
+ private static Map<Network, IkeUdpEncapSocket> sNetworkToIkeSocketMap = new HashMap<>();
+
+ private static IPacketReceiver sPacketReceiver = new PacketReceiver();
// UdpEncapsulationSocket for sending and receving IKE packet.
private final UdpEncapsulationSocket mUdpEncapSocket;
- private final IkeUdpEncapPortPacketHandler mUdpEncapPortPacketHandler;
-
private IkeUdpEncapSocket(
- UdpEncapsulationSocket udpEncapSocket, IkeSocketConfig sockConfig, Handler handler) {
- super(sockConfig, handler);
+ UdpEncapsulationSocket udpEncapSocket, Network network, Handler handler) {
+ super(network, handler);
mUdpEncapSocket = udpEncapSocket;
-
- mUdpEncapPortPacketHandler = new IkeUdpEncapPortPacketHandler(getFd());
}
/**
* Get an IkeUdpEncapSocket instance.
*
* <p>Return the existing IkeUdpEncapSocket instance if it has been created for the input
- * IkeSocketConfig. Otherwise, create and return a new IkeUdpEncapSocket instance.
+ * Network. Otherwise, create and return a new IkeUdpEncapSocket instance.
*
- * @param sockConfig the socket configuration
+ * @param network the Network this socket will be bound to
* @param ipsecManager for creating {@link UdpEncapsulationSocket}
* @param ikeSession the IkeSessionStateMachine that is requesting an IkeUdpEncapSocket.
* @return an IkeUdpEncapSocket instance
*/
public static IkeUdpEncapSocket getIkeUdpEncapSocket(
- IkeSocketConfig sockConfig,
+ Network network,
IpSecManager ipsecManager,
IkeSessionStateMachine ikeSession,
Looper looper)
throws ErrnoException, IOException, ResourceUnavailableException {
- IkeUdpEncapSocket ikeSocket = sConfigToSocketMap.get(sockConfig);
+ IkeUdpEncapSocket ikeSocket = sNetworkToIkeSocketMap.get(network);
if (ikeSocket == null) {
UdpEncapsulationSocket udpEncapSocket = ipsecManager.openUdpEncapsulationSocket();
FileDescriptor fd = udpEncapSocket.getFileDescriptor();
- applySocketConfig(sockConfig, fd, false /* isIpv6 */);
+ network.bindSocket(fd);
- ikeSocket = new IkeUdpEncapSocket(udpEncapSocket, sockConfig, new Handler(looper));
+ ikeSocket = new IkeUdpEncapSocket(udpEncapSocket, network, new Handler(looper));
// Create and register FileDescriptor for receiving IKE packet on current thread.
ikeSocket.start();
- sConfigToSocketMap.put(sockConfig, ikeSocket);
+ sNetworkToIkeSocketMap.put(network, ikeSocket);
}
ikeSocket.mAliveIkeSessions.add(ikeSession);
return ikeSocket;
@@ -115,6 +118,32 @@
/** Package private */
@VisibleForTesting
+ static final class PacketReceiver implements IkeSocket.IPacketReceiver {
+ public void handlePacket(
+ byte[] recvbuf, LongSparseArray<IkeSessionStateMachine> spiToIkeSession) {
+ ByteBuffer byteBuffer = ByteBuffer.wrap(recvbuf);
+
+ // Check the existence of the Non-ESP Marker. A received packet can be either an IKE
+ // packet starts with 4 zero-valued bytes Non-ESP Marker or an ESP packet starts with 4
+ // bytes ESP SPI. ESP SPI value can never be zero.
+ byte[] espMarker = new byte[NON_ESP_MARKER_LEN];
+ byteBuffer.get(espMarker);
+ if (!Arrays.equals(NON_ESP_MARKER, espMarker)) {
+ // Drop the received ESP packet.
+ getIkeLog().e(TAG, "Receive an ESP packet.");
+ return;
+ }
+
+ // Re-direct IKE packet to IkeSessionStateMachine according to the locally generated
+ // IKE SPI.
+ byte[] ikePacketBytes = new byte[byteBuffer.remaining()];
+ byteBuffer.get(ikePacketBytes);
+ parseAndDemuxIkePacket(ikePacketBytes, spiToIkeSession, TAG);
+ }
+ }
+
+ /** Package private */
+ @VisibleForTesting
static void setPacketReceiver(IkeSocket.IPacketReceiver receiver) {
sPacketReceiver = receiver;
}
@@ -128,9 +157,40 @@
sPacketReceiver.handlePacket(Arrays.copyOfRange(recvbuf, 0, length), mSpiToIkeSession);
}
+ /**
+ * Send encoded IKE packet to destination address
+ *
+ * @param ikePacket encoded IKE packet
+ * @param serverAddress IP address of remote server
+ */
@Override
public void sendIkePacket(byte[] ikePacket, InetAddress serverAddress) {
- mUdpEncapPortPacketHandler.sendIkePacket(ikePacket, serverAddress);
+ getIkeLog()
+ .d(
+ TAG,
+ "Send packet to "
+ + serverAddress.getHostAddress()
+ + "( "
+ + ikePacket.length
+ + " bytes)");
+ try {
+ ByteBuffer buffer = ByteBuffer.allocate(NON_ESP_MARKER_LEN + ikePacket.length);
+
+ // Build outbound UDP Encapsulation packet body for sending IKE message.
+ buffer.put(NON_ESP_MARKER).put(ikePacket);
+ buffer.rewind();
+
+ // Use unconnected UDP socket because one {@UdpEncapsulationSocket} may be shared by
+ // multiple IKE sessions that send messages to different destinations.
+ Os.sendto(
+ mUdpEncapSocket.getFileDescriptor(),
+ buffer,
+ 0,
+ serverAddress,
+ SERVER_PORT_UDP_ENCAPSULATED);
+ } catch (ErrnoException | IOException e) {
+ // TODO: Handle exception
+ }
}
@Override
@@ -141,7 +201,7 @@
/** Implement {@link AutoCloseable#close()} */
@Override
public void close() {
- sConfigToSocketMap.remove(getIkeSocketConfig());
+ sNetworkToIkeSocketMap.remove(getNetwork());
try {
mUdpEncapSocket.close();
diff --git a/src/java/com/android/internal/net/ipsec/ike/IkeUdpSocket.java b/src/java/com/android/internal/net/ipsec/ike/IkeUdpSocket.java
index 4be7961..b6130ad 100644
--- a/src/java/com/android/internal/net/ipsec/ike/IkeUdpSocket.java
+++ b/src/java/com/android/internal/net/ipsec/ike/IkeUdpSocket.java
@@ -18,6 +18,7 @@
import static android.net.ipsec.ike.IkeManager.getIkeLog;
+import android.net.Network;
import android.os.Handler;
import android.system.ErrnoException;
import android.system.Os;
@@ -25,8 +26,6 @@
import com.android.internal.annotations.VisibleForTesting;
-import libcore.io.IoUtils;
-
import java.io.FileDescriptor;
import java.io.IOException;
import java.net.InetAddress;
@@ -42,8 +41,8 @@
// FileDescriptor for sending and receving IKE packet.
protected final FileDescriptor mSocket;
- protected IkeUdpSocket(FileDescriptor socket, IkeSocketConfig sockConfig, Handler handler) {
- super(sockConfig, handler);
+ protected IkeUdpSocket(FileDescriptor socket, Network network, Handler handler) {
+ super(network, handler);
mSocket = socket;
}
@@ -109,7 +108,7 @@
getIkeLog()
.i(
this.getClass().getSimpleName(),
- "Failed to send packet on network " + getIkeSocketConfig().getNetwork(),
+ "Failed to send packet on network " + getNetwork(),
e);
}
}
@@ -123,14 +122,12 @@
@Override
public void close() {
try {
- IoUtils.close(mSocket);
- } catch (IOException e) {
+ Os.close(mSocket);
+ } catch (ErrnoException e) {
getIkeLog()
.e(
this.getClass().getSimpleName(),
- "Failed to close UDP Socket for Network "
- + getIkeSocketConfig().getNetwork(),
- e);
+ "Failed to close UDP Encapsulation Socket for Network " + getNetwork());
}
// PacketReader unregisters file descriptor from listener on thread with which the Handler
diff --git a/src/java/com/android/internal/net/ipsec/ike/SaRecord.java b/src/java/com/android/internal/net/ipsec/ike/SaRecord.java
index 80a38e7..c2d86dc 100644
--- a/src/java/com/android/internal/net/ipsec/ike/SaRecord.java
+++ b/src/java/com/android/internal/net/ipsec/ike/SaRecord.java
@@ -18,6 +18,8 @@
import static android.net.ipsec.ike.IkeManager.getIkeLog;
import android.annotation.Nullable;
+import android.app.AlarmManager;
+import android.app.PendingIntent;
import android.content.Context;
import android.net.IpSecManager;
import android.net.IpSecManager.ResourceUnavailableException;
@@ -25,6 +27,7 @@
import android.net.IpSecManager.SpiUnavailableException;
import android.net.IpSecManager.UdpEncapsulationSocket;
import android.net.IpSecTransform;
+import android.os.SystemClock;
import android.util.CloseGuard;
import com.android.internal.annotations.VisibleForTesting;
@@ -36,8 +39,6 @@
import com.android.internal.net.ipsec.ike.message.IkeMessage.DecodeResultPartial;
import com.android.internal.net.ipsec.ike.message.IkeNoncePayload;
import com.android.internal.net.ipsec.ike.message.IkePayload;
-import com.android.internal.net.ipsec.ike.utils.IkeAlarm;
-import com.android.internal.net.ipsec.ike.utils.IkeAlarm.IkeAlarmConfig;
import com.android.internal.net.ipsec.ike.utils.IkeSecurityParameterIndex;
import java.io.IOException;
@@ -258,9 +259,7 @@
IkePayload.PAYLOAD_TYPE_KE, IkeKePayload.class);
return IkeKePayload.getSharedKey(
- keLocalPayload.localPrivateKey,
- keRemotePayload.keyExchangeData,
- keRemotePayload.dhGroup);
+ keLocalPayload.localPrivateKey, keRemotePayload.keyExchangeData);
}
/**
@@ -350,38 +349,25 @@
IkeNoncePayload.class,
respPayloads)
.nonceData;
- byte[] sharedDhKey =
- getChildSharedKey(reqPayloads, respPayloads, childSaRecordConfig.isLocalInit);
- return makeChildSaRecord(sharedDhKey, nonceInit, nonceResp, childSaRecordConfig);
- }
-
- @VisibleForTesting
- static byte[] getChildSharedKey(
- List<IkePayload> reqPayloads, List<IkePayload> respPayloads, boolean isLocalInit)
- throws GeneralSecurityException {
// Check if KE Payload exists and get DH shared key. Encoding/Decoding of payload list
// guarantees that there is either no KE payload in the reqPayloads and respPayloads
// lists, or only one KE payload in each list.
+ byte[] sharedDhKey = new byte[0];
IkeKePayload keInitPayload =
IkePayload.getPayloadForTypeInProvidedList(
IkePayload.PAYLOAD_TYPE_KE, IkeKePayload.class, reqPayloads);
-
- if (keInitPayload == null) {
- return new byte[0];
+ if (keInitPayload != null) {
+ IkeKePayload keRespPayload =
+ IkePayload.getPayloadForTypeInProvidedList(
+ IkePayload.PAYLOAD_TYPE_KE, IkeKePayload.class, respPayloads);
+ sharedDhKey =
+ IkeKePayload.getSharedKey(
+ keInitPayload.localPrivateKey, keRespPayload.keyExchangeData);
}
- IkeKePayload keRespPayload =
- IkePayload.getPayloadForTypeInProvidedList(
- IkePayload.PAYLOAD_TYPE_KE, IkeKePayload.class, respPayloads);
- IkeKePayload localKePayload = isLocalInit ? keInitPayload : keRespPayload;
- IkeKePayload remoteKePayload = isLocalInit ? keRespPayload : keInitPayload;
- return IkeKePayload.getSharedKey(
- localKePayload.localPrivateKey,
- remoteKePayload.keyExchangeData,
- remoteKePayload.dhGroup);
+ return makeChildSaRecord(sharedDhKey, nonceInit, nonceResp, childSaRecordConfig);
}
-
/**
* Package private method for calculating keys, build IpSecTransforms and construct
* ChildSaRecord.
@@ -534,26 +520,38 @@
static class SaLifetimeAlarmScheduler {
private final long mDeleteDelayMs;
private final long mRekeyDelayMs;
- private final IkeAlarm mDeleteAlarm;
- private final IkeAlarm mRekeyAlarm;
+ private final PendingIntent mDeleteSaIntent;
+ private final PendingIntent mRekeySaIntent;
+ private final AlarmManager mAlarmManager;
SaLifetimeAlarmScheduler(
- IkeAlarmConfig deleteAlarmConfig, IkeAlarmConfig rekeyAlarmConfig) {
- mDeleteDelayMs = deleteAlarmConfig.delayMs;
- mRekeyDelayMs = rekeyAlarmConfig.delayMs;
-
- // Hard lifetime expiry alarm needs to be "setExact" considering the hard lifetime
- // minimum value is 5 minutes and the inexact alarm might cause at most 75% of the
- // scheduled interval delay because batching alarms. It is not necessay to wake up
- // the alarm during doze mode because even the SA expires at that time, the device
- // can not get access to network and won't expose more vulnerabilities.
- mDeleteAlarm = IkeAlarm.newExactAlarm(deleteAlarmConfig);
- mRekeyAlarm = IkeAlarm.newExactAndAllowWhileIdleAlarm(rekeyAlarmConfig);
+ long deleteDelayMs,
+ long rekeyDelayMs,
+ PendingIntent deleteSaIntent,
+ PendingIntent rekeySaIntent,
+ AlarmManager alarmManager) {
+ mDeleteDelayMs = deleteDelayMs;
+ mRekeyDelayMs = rekeyDelayMs;
+ mAlarmManager = alarmManager;
+ mDeleteSaIntent = deleteSaIntent;
+ mRekeySaIntent = rekeySaIntent;
}
public void scheduleLifetimeExpiryAlarm(String tag) {
- mDeleteAlarm.schedule();
- mRekeyAlarm.schedule();
+ // Hard lifetime expiry alarm needs to be "setExact" considering the hard lifetime
+ // minimum value is 5 minutes and the inexact alarm might cause at most 75% of the
+ // scheduled interval delay because batching alarms. It is not necessay to wake up the
+ // alarm during doze mode because even the SA expires at that time, the device can not
+ // get access to network and won't expose more vulnerabilities.
+ mAlarmManager.setExact(
+ AlarmManager.ELAPSED_REALTIME_WAKEUP,
+ SystemClock.elapsedRealtime() + mDeleteDelayMs,
+ mDeleteSaIntent);
+ mAlarmManager.setExactAndAllowWhileIdle(
+ AlarmManager.ELAPSED_REALTIME_WAKEUP,
+ SystemClock.elapsedRealtime() + mRekeyDelayMs,
+ mRekeySaIntent);
+
getIkeLog()
.d(
tag,
@@ -565,12 +563,17 @@
}
public void rescheduleRekey(long retryDelayMs) {
- mRekeyAlarm.schedule();
+ mAlarmManager.setExactAndAllowWhileIdle(
+ AlarmManager.ELAPSED_REALTIME_WAKEUP,
+ SystemClock.elapsedRealtime() + retryDelayMs,
+ mRekeySaIntent);
}
public void cancelLifetimeExpiryAlarm(String tag) {
- mDeleteAlarm.cancel();
- mRekeyAlarm.cancel();
+ mAlarmManager.cancel(mDeleteSaIntent);
+ mAlarmManager.cancel(mRekeySaIntent);
+ mDeleteSaIntent.cancel();
+ mRekeySaIntent.cancel();
getIkeLog().d(tag, "Hard and soft lifetime alarm cancelled");
}
@@ -640,7 +643,6 @@
private int mLocalRequestMessageId;
private int mRemoteRequestMessageId;
- private int mLastSentRespMsgId;
private DecodeResultPartial mCollectedReqFragments;
private DecodeResultPartial mCollectedRespFragments;
@@ -682,7 +684,6 @@
mLocalRequestMessageId = 0;
mRemoteRequestMessageId = 0;
- mLastSentRespMsgId = -1;
mCollectedReqFragments = null;
mCollectedRespFragments = null;
@@ -762,21 +763,11 @@
return mInitiatorSpiResource.getSpi();
}
- @VisibleForTesting
- IkeSecurityParameterIndex getInitiatorIkeSecurityParameterIndex() {
- return mInitiatorSpiResource;
- }
-
/** Package private */
long getResponderSpi() {
return mResponderSpiResource.getSpi();
}
- @VisibleForTesting
- IkeSecurityParameterIndex getResponderIkeSecurityParameterIndex() {
- return mResponderSpiResource;
- }
-
/** Package private */
long getLocalSpi() {
return isLocalInit ? mInitiatorSpiResource.getSpi() : mResponderSpiResource.getSpi();
@@ -901,14 +892,8 @@
}
/** Update all packets of last sent response. */
- public void updateLastSentRespAllPackets(List<byte[]> respPacketList, int msgId) {
+ public void updateLastSentRespAllPackets(List<byte[]> respPacketList) {
mLastSentRespAllPackets = respPacketList;
- mLastSentRespMsgId = msgId;
- }
-
- /** Return the message ID of the last sent out response. */
- public int getLastSentRespMsgId() {
- return mLastSentRespMsgId;
}
/** Returns if received IKE packet is the first packet of a re-transmistted request. */
@@ -928,13 +913,6 @@
mInitiatorSpiResource.close();
mResponderSpiResource.close();
}
-
- /** Migrate this IKE SA to the specified address pair. */
- public void migrate(InetAddress initiatorAddress, InetAddress responderAddress)
- throws IOException {
- mInitiatorSpiResource.migrate(initiatorAddress);
- mResponderSpiResource.migrate(responderAddress);
- }
}
/** Package private class that groups parameters to construct an IkeSaRecord instance. */
diff --git a/src/java/com/android/internal/net/ipsec/ike/crypto/IkeCipher.java b/src/java/com/android/internal/net/ipsec/ike/crypto/IkeCipher.java
index 23220be..38adf2b 100644
--- a/src/java/com/android/internal/net/ipsec/ike/crypto/IkeCipher.java
+++ b/src/java/com/android/internal/net/ipsec/ike/crypto/IkeCipher.java
@@ -16,10 +16,8 @@
package com.android.internal.net.ipsec.ike.crypto;
-import android.annotation.Nullable;
import android.net.IpSecAlgorithm;
import android.net.ipsec.ike.SaProposal;
-import android.util.SparseArray;
import com.android.internal.net.ipsec.ike.message.IkeSaPayload.EncryptionTransform;
@@ -37,66 +35,24 @@
*/
public abstract class IkeCipher extends IkeCrypto {
private static final int KEY_LEN_3DES = 24;
- private static final int KEY_LEN_CHACHA20_POLY1305 = 32;
private static final int IV_LEN_3DES = 8;
private static final int IV_LEN_AES_CBC = 16;
- private static final int IV_LEN_AES_CTR = 8;
private static final int IV_LEN_AES_GCM = 8;
- private static final int IV_LEN_CHACHA20_POLY1305 = 8;
-
- private static final int SALT_LEN_AES_GCM = 4;
- private static final int SALT_LEN_AES_CTR = 4;
- private static final int SALT_LEN_AES_CHACHA20_POLY1305 = 4;
-
- private static final int BLOCK_SIZE_CHACHA_POLY = 4;
-
- protected static final int SALT_LEN_NOT_INCLUDED = 0;
- protected static final int BLOCK_SIZE_NOT_SPECIFIED = 0;
-
- // Map IKE algorithm numbers to IPsec algorithm names
- private static final SparseArray<String> IKE_ALGO_TO_IPSEC_ALGO;
-
- static {
- IKE_ALGO_TO_IPSEC_ALGO = new SparseArray<>();
- IKE_ALGO_TO_IPSEC_ALGO.put(
- SaProposal.ENCRYPTION_ALGORITHM_AES_CBC, IpSecAlgorithm.CRYPT_AES_CBC);
- IKE_ALGO_TO_IPSEC_ALGO.put(
- SaProposal.ENCRYPTION_ALGORITHM_AES_CTR, IpSecAlgorithm.CRYPT_AES_CTR);
- IKE_ALGO_TO_IPSEC_ALGO.put(
- SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, IpSecAlgorithm.AUTH_CRYPT_AES_GCM);
- IKE_ALGO_TO_IPSEC_ALGO.put(
- SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12, IpSecAlgorithm.AUTH_CRYPT_AES_GCM);
- IKE_ALGO_TO_IPSEC_ALGO.put(
- SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_16, IpSecAlgorithm.AUTH_CRYPT_AES_GCM);
- IKE_ALGO_TO_IPSEC_ALGO.put(
- SaProposal.ENCRYPTION_ALGORITHM_CHACHA20_POLY1305,
- IpSecAlgorithm.AUTH_CRYPT_CHACHA20_POLY1305);
- }
private final boolean mIsAead;
private final int mIvLen;
- private final int mBlockSize;
- protected final int mSaltLen;
protected final Cipher mCipher;
protected IkeCipher(
- int algorithmId,
- int keyLength,
- int ivLength,
- String algorithmName,
- boolean isAead,
- int saltLen,
- int blockSize) {
+ int algorithmId, int keyLength, int ivLength, String algorithmName, boolean isAead) {
super(algorithmId, keyLength, algorithmName);
mIvLen = ivLength;
mIsAead = isAead;
- mSaltLen = saltLen;
try {
mCipher = Cipher.getInstance(getAlgorithmName());
- mBlockSize = blockSize == BLOCK_SIZE_NOT_SPECIFIED ? mCipher.getBlockSize() : blockSize;
} catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
throw new IllegalArgumentException("Failed to construct " + getTypeString(), e);
}
@@ -123,13 +79,6 @@
encryptionTransform.getSpecifiedKeyLength() / 8,
IV_LEN_AES_CBC,
"AES/CBC/NoPadding");
- case SaProposal.ENCRYPTION_ALGORITHM_AES_CTR:
- return new IkeNormalModeCipher(
- algorithmId,
- encryptionTransform.getSpecifiedKeyLength() / 8,
- IV_LEN_AES_CTR,
- "AES/CTR/NoPadding",
- SALT_LEN_AES_CTR);
case SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8:
// Fall through
case SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12:
@@ -140,16 +89,7 @@
algorithmId,
encryptionTransform.getSpecifiedKeyLength() / 8,
IV_LEN_AES_GCM,
- "AES/GCM/NoPadding",
- SALT_LEN_AES_GCM);
- case SaProposal.ENCRYPTION_ALGORITHM_CHACHA20_POLY1305:
- return new IkeCombinedModeCipher(
- algorithmId,
- KEY_LEN_CHACHA20_POLY1305,
- IV_LEN_CHACHA20_POLY1305,
- "ChaCha20/Poly1305/NoPadding",
- SALT_LEN_AES_CHACHA20_POLY1305,
- BLOCK_SIZE_CHACHA_POLY);
+ "AES/GCM/NoPadding");
default:
throw new IllegalArgumentException(
"Unrecognized Encryption Algorithm ID: " + algorithmId);
@@ -171,7 +111,9 @@
* @return the block size (in bytes).
*/
public int getBlockSize() {
- return mBlockSize;
+ // Currently all supported encryption algorithms are block ciphers. So the return value will
+ // not be zero.
+ return mCipher.getBlockSize();
}
/**
@@ -204,24 +146,6 @@
}
}
- @Override
- public int getKeyLength() {
- return super.getKeyLength() + mSaltLen;
- }
-
- /**
- * Returns the IPsec algorithm name defined in {@link IpSecAlgorithm} given the IKE algorithm
- * ID.
- *
- * <p>Returns null if there is no corresponding IPsec algorithm given the IKE algorithm ID.
- */
- @Nullable
- public static String getIpSecAlgorithmName(int ikeAlgoId) {
- return IKE_ALGO_TO_IPSEC_ALGO.get(ikeAlgoId);
- }
-
- protected abstract IpSecAlgorithm buildIpSecAlgorithmWithKeyImpl(byte[] key);
-
/**
* Build IpSecAlgorithm from this IkeCipher.
*
@@ -231,14 +155,7 @@
* @param key the encryption key in byte array.
* @return the IpSecAlgorithm.
*/
- public IpSecAlgorithm buildIpSecAlgorithmWithKey(byte[] key) {
- validateKeyLenOrThrow(key);
- if (getIpSecAlgorithmName(getAlgorithmId()) == null) {
- throw new IllegalStateException(
- "Unsupported algorithm " + getAlgorithmId() + " in IPsec");
- }
- return buildIpSecAlgorithmWithKeyImpl(key);
- }
+ public abstract IpSecAlgorithm buildIpSecAlgorithmWithKey(byte[] key);
/**
* Returns algorithm type as a String.
diff --git a/src/java/com/android/internal/net/ipsec/ike/crypto/IkeCombinedModeCipher.java b/src/java/com/android/internal/net/ipsec/ike/crypto/IkeCombinedModeCipher.java
index a59e566..8c7a8d5 100644
--- a/src/java/com/android/internal/net/ipsec/ike/crypto/IkeCombinedModeCipher.java
+++ b/src/java/com/android/internal/net/ipsec/ike/crypto/IkeCombinedModeCipher.java
@@ -31,7 +31,6 @@
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.GCMParameterSpec;
-import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
/**
@@ -47,34 +46,25 @@
* Protocol</a>
*/
public final class IkeCombinedModeCipher extends IkeCipher {
+ private static final int SALT_LEN_GCM = 4;
+
private final int mChecksumLen;
+ private final int mSaltLen;
/** Package private */
- IkeCombinedModeCipher(
- int algorithmId, int keyLength, int ivLength, String algorithmName, int saltLen) {
- this(algorithmId, keyLength, ivLength, algorithmName, saltLen, BLOCK_SIZE_NOT_SPECIFIED);
- }
-
- /** Package private */
- IkeCombinedModeCipher(
- int algorithmId,
- int keyLength,
- int ivLength,
- String algorithmName,
- int saltLen,
- int blockSize) {
- super(algorithmId, keyLength, ivLength, algorithmName, true /*isAead*/, saltLen, blockSize);
+ IkeCombinedModeCipher(int algorithmId, int keyLength, int ivLength, String algorithmName) {
+ super(algorithmId, keyLength, ivLength, algorithmName, true /*isAead*/);
switch (algorithmId) {
case SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8:
+ mSaltLen = SALT_LEN_GCM;
mChecksumLen = 8;
break;
case SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12:
+ mSaltLen = SALT_LEN_GCM;
mChecksumLen = 12;
break;
case SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_16:
- mChecksumLen = 16;
- break;
- case SaProposal.ENCRYPTION_ALGORITHM_CHACHA20_POLY1305:
+ mSaltLen = SALT_LEN_GCM;
mChecksumLen = 16;
break;
default:
@@ -136,8 +126,6 @@
// Fall through
case SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_16:
return new GCMParameterSpec(mChecksumLen * 8, nonce);
- case SaProposal.ENCRYPTION_ALGORITHM_CHACHA20_POLY1305:
- return new IvParameterSpec(nonce);
default:
throw new IllegalArgumentException(
"Unrecognized Encryption Algorithm ID: " + getAlgorithmId());
@@ -193,6 +181,16 @@
}
/**
+ * Gets key length of this algorithm (in bytes).
+ *
+ * @return the key length (in bytes).
+ */
+ @Override
+ public int getKeyLength() {
+ return super.getKeyLength() + mSaltLen;
+ }
+
+ /**
* Returns length of checksum.
*
* @return the length of checksum in bytes.
@@ -202,7 +200,8 @@
}
@Override
- protected IpSecAlgorithm buildIpSecAlgorithmWithKeyImpl(byte[] key) {
- return new IpSecAlgorithm(getIpSecAlgorithmName(getAlgorithmId()), key, mChecksumLen * 8);
+ public IpSecAlgorithm buildIpSecAlgorithmWithKey(byte[] key) {
+ validateKeyLenOrThrow(key);
+ return new IpSecAlgorithm(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, key, mChecksumLen * 8);
}
}
diff --git a/src/java/com/android/internal/net/ipsec/ike/crypto/IkeMacIntegrity.java b/src/java/com/android/internal/net/ipsec/ike/crypto/IkeMacIntegrity.java
index 6b8aa75..e8716e4 100644
--- a/src/java/com/android/internal/net/ipsec/ike/crypto/IkeMacIntegrity.java
+++ b/src/java/com/android/internal/net/ipsec/ike/crypto/IkeMacIntegrity.java
@@ -18,10 +18,8 @@
import static android.net.ipsec.ike.SaProposal.INTEGRITY_ALGORITHM_AES_XCBC_96;
-import android.annotation.Nullable;
import android.net.IpSecAlgorithm;
import android.net.ipsec.ike.SaProposal;
-import android.util.SparseArray;
import com.android.internal.net.ipsec.ike.message.IkeSaPayload.IntegrityTransform;
@@ -41,25 +39,7 @@
* Exchange Protocol Version 2 (IKEv2)</a>
*/
public class IkeMacIntegrity extends IkeMac {
- // Map IKE algorithm numbers to IPsec algorithm names
- private static final SparseArray<String> IKE_ALGO_TO_IPSEC_ALGO;
-
- static {
- IKE_ALGO_TO_IPSEC_ALGO = new SparseArray<>();
- IKE_ALGO_TO_IPSEC_ALGO.put(
- SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96, IpSecAlgorithm.AUTH_HMAC_SHA1);
- IKE_ALGO_TO_IPSEC_ALGO.put(
- SaProposal.INTEGRITY_ALGORITHM_AES_XCBC_96, IpSecAlgorithm.AUTH_AES_XCBC);
- IKE_ALGO_TO_IPSEC_ALGO.put(
- SaProposal.INTEGRITY_ALGORITHM_AES_CMAC_96, IpSecAlgorithm.AUTH_AES_CMAC);
- IKE_ALGO_TO_IPSEC_ALGO.put(
- SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA2_256_128, IpSecAlgorithm.AUTH_HMAC_SHA256);
- IKE_ALGO_TO_IPSEC_ALGO.put(
- SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA2_384_192, IpSecAlgorithm.AUTH_HMAC_SHA384);
- IKE_ALGO_TO_IPSEC_ALGO.put(
- SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA2_512_256, IpSecAlgorithm.AUTH_HMAC_SHA512);
- }
-
+ // STOPSHIP: b/130190639 Catch unchecked exceptions, notify users and close the IKE session.
private final int mChecksumLength;
private IkeMacIntegrity(
@@ -100,11 +80,6 @@
algorithmName = ALGO_NAME_JCE_UNSUPPORTED;
checksumLength = 12;
break;
- case SaProposal.INTEGRITY_ALGORITHM_AES_CMAC_96:
- keyLength = 16;
- algorithmName = "AESCMAC";
- checksumLength = 12;
- break;
case SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA2_256_128:
keyLength = 32;
algorithmName = "HmacSHA256";
@@ -174,17 +149,6 @@
}
/**
- * Returns the IPsec algorithm name defined in {@link IpSecAlgorithm} given the IKE algorithm
- * ID.
- *
- * <p>Returns null if there is no corresponding IPsec algorithm given the IKE algorithm ID.
- */
- @Nullable
- public static String getIpSecAlgorithmName(int ikeAlgoId) {
- return IKE_ALGO_TO_IPSEC_ALGO.get(ikeAlgoId);
- }
-
- /**
* Build IpSecAlgorithm from this IkeMacIntegrity.
*
* <p>Build IpSecAlgorithm that represents the same integrity algorithm with this
@@ -201,12 +165,27 @@
+ " Received key with length of : "
+ key.length);
}
- if (getIpSecAlgorithmName(getAlgorithmId()) == null) {
- throw new IllegalStateException(
- "Unsupported algorithm " + getAlgorithmId() + " in IPsec");
+
+ switch (getAlgorithmId()) {
+ case SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96:
+ return new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA1, key, mChecksumLength * 8);
+ case SaProposal.INTEGRITY_ALGORITHM_AES_XCBC_96:
+ // TODO:Consider supporting AES128_XCBC in IpSecTransform.
+ throw new IllegalArgumentException(
+ "Do not support IpSecAlgorithm with AES128_XCBC.");
+ case SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA2_256_128:
+ return new IpSecAlgorithm(
+ IpSecAlgorithm.AUTH_HMAC_SHA256, key, mChecksumLength * 8);
+ case SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA2_384_192:
+ return new IpSecAlgorithm(
+ IpSecAlgorithm.AUTH_HMAC_SHA384, key, mChecksumLength * 8);
+ case SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA2_512_256:
+ return new IpSecAlgorithm(
+ IpSecAlgorithm.AUTH_HMAC_SHA512, key, mChecksumLength * 8);
+ default:
+ throw new IllegalArgumentException(
+ "Unrecognized Integrity Algorithm ID: " + getAlgorithmId());
}
- return new IpSecAlgorithm(
- getIpSecAlgorithmName(getAlgorithmId()), key, mChecksumLength * 8);
}
/**
diff --git a/src/java/com/android/internal/net/ipsec/ike/crypto/IkeMacPrf.java b/src/java/com/android/internal/net/ipsec/ike/crypto/IkeMacPrf.java
index 633a395..2292419 100644
--- a/src/java/com/android/internal/net/ipsec/ike/crypto/IkeMacPrf.java
+++ b/src/java/com/android/internal/net/ipsec/ike/crypto/IkeMacPrf.java
@@ -16,7 +16,6 @@
package com.android.internal.net.ipsec.ike.crypto;
-import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_AES128_CMAC;
import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC;
import android.net.ipsec.ike.SaProposal;
@@ -78,10 +77,6 @@
isJceSupported = false;
algorithmName = ALGO_NAME_JCE_UNSUPPORTED;
break;
- case SaProposal.PSEUDORANDOM_FUNCTION_AES128_CMAC:
- keyLength = 16;
- algorithmName = "AESCMAC";
- break;
case SaProposal.PSEUDORANDOM_FUNCTION_SHA2_256:
keyLength = 32;
algorithmName = "HmacSHA256";
@@ -110,11 +105,9 @@
} catch (GeneralSecurityException | IllegalStateException e) {
throw new IllegalArgumentException("Failed to generate MAC: ", e);
}
- } else if (getAlgorithmId() == PSEUDORANDOM_FUNCTION_AES128_CMAC) {
- keyBytes = modifyAesCmacKeyIfNeeded(keyBytes);
+ } else {
+ return super.signBytes(keyBytes, dataToSign);
}
-
- return super.signBytes(keyBytes, dataToSign);
}
private byte[] modifyAesXCbcKeyIfNeeded(byte[] keyBytes) throws GeneralSecurityException {
@@ -139,21 +132,6 @@
return keyBytes;
}
- private byte[] modifyAesCmacKeyIfNeeded(byte[] keyBytes) {
- // As per RFC 4615:
- // The key for AES-CMAC-PRF-128 is created as follows:
- //
- // 1. If the key, VK, is exactly 128 bits, then we use it as-is.
- //
- // 2. If it is longer or shorter than 128 bits, then we derive the key, K, by applying the
- // AES-CMAC algorithm using the 128-bit all-zero string as the key and VK as the input
- // message.
- if (keyBytes.length != 16) {
- keyBytes = signBytes(new byte[16], keyBytes);
- }
- return keyBytes;
- }
-
/**
* Generates SKEYSEED based on the nonces and shared DH secret.
*
@@ -164,9 +142,8 @@
*/
public byte[] generateSKeySeed(byte[] nonceInit, byte[] nonceResp, byte[] sharedDhKey) {
ByteBuffer keyBuffer = null;
- if (getAlgorithmId() == SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC
- || getAlgorithmId() == SaProposal.PSEUDORANDOM_FUNCTION_AES128_CMAC) {
- keyBuffer = ByteBuffer.allocate(getKeyLength());
+ if (getAlgorithmId() == SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC) {
+ keyBuffer = ByteBuffer.allocate(PSEUDORANDOM_FUNCTION_AES128_XCBC_KEY_LEN);
// When generating initial keys, use 8 bytes each from initiator and responder nonces as
// per RFC 7296
keyBuffer
diff --git a/src/java/com/android/internal/net/ipsec/ike/crypto/IkeNormalModeCipher.java b/src/java/com/android/internal/net/ipsec/ike/crypto/IkeNormalModeCipher.java
index 7fc18ed..05384da 100644
--- a/src/java/com/android/internal/net/ipsec/ike/crypto/IkeNormalModeCipher.java
+++ b/src/java/com/android/internal/net/ipsec/ike/crypto/IkeNormalModeCipher.java
@@ -22,7 +22,6 @@
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
-import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
@@ -38,25 +37,9 @@
* Protocol Version 2 (IKEv2)</a>
*/
public final class IkeNormalModeCipher extends IkeCipher {
- // Block counter field should be 32 bits and starts from value one.
- static final byte[] AES_CTR_INITIAL_COUNTER = new byte[] {0x00, 0x00, 0x00, 0x01};
-
/** Package private */
IkeNormalModeCipher(int algorithmId, int keyLength, int ivLength, String algorithmName) {
- this(algorithmId, keyLength, ivLength, algorithmName, SALT_LEN_NOT_INCLUDED);
- }
-
- /** Package private */
- IkeNormalModeCipher(
- int algorithmId, int keyLength, int ivLength, String algorithmName, int saltLen) {
- super(
- algorithmId,
- keyLength,
- ivLength,
- algorithmName,
- false /*isAead*/,
- saltLen,
- BLOCK_SIZE_NOT_SPECIFIED);
+ super(algorithmId, keyLength, ivLength, algorithmName, false /*isAead*/);
}
private byte[] doCipherAction(byte[] data, byte[] keyBytes, byte[] ivBytes, int opmode)
@@ -69,16 +52,8 @@
+ keyBytes.length);
}
try {
- byte[] secretKeyBytes = Arrays.copyOfRange(keyBytes, 0, keyBytes.length - mSaltLen);
- byte[] salt = Arrays.copyOfRange(keyBytes, secretKeyBytes.length, keyBytes.length);
-
- byte[] nonce = concatenateByteArray(salt, ivBytes);
- if (getAlgorithmId() == SaProposal.ENCRYPTION_ALGORITHM_AES_CTR) {
- nonce = concatenateByteArray(nonce, AES_CTR_INITIAL_COUNTER);
- }
-
- SecretKeySpec key = new SecretKeySpec(secretKeyBytes, getAlgorithmName());
- IvParameterSpec iv = new IvParameterSpec(nonce);
+ SecretKeySpec key = new SecretKeySpec(keyBytes, getAlgorithmName());
+ IvParameterSpec iv = new IvParameterSpec(ivBytes);
mCipher.init(opmode, key, iv);
ByteBuffer inputBuffer = ByteBuffer.wrap(data);
@@ -130,15 +105,18 @@
}
@Override
- protected IpSecAlgorithm buildIpSecAlgorithmWithKeyImpl(byte[] key) {
- return new IpSecAlgorithm(getIpSecAlgorithmName(getAlgorithmId()), key);
- }
+ public IpSecAlgorithm buildIpSecAlgorithmWithKey(byte[] key) {
+ validateKeyLenOrThrow(key);
- private static byte[] concatenateByteArray(byte[] left, byte[] right) {
- byte[] result = new byte[left.length + right.length];
- System.arraycopy(left, 0, result, 0, left.length);
- System.arraycopy(right, 0, result, left.length, right.length);
-
- return result;
+ switch (getAlgorithmId()) {
+ case SaProposal.ENCRYPTION_ALGORITHM_3DES:
+ // TODO: Consider supporting 3DES in IpSecTransform.
+ throw new UnsupportedOperationException("Do not support 3Des encryption.");
+ case SaProposal.ENCRYPTION_ALGORITHM_AES_CBC:
+ return new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, key);
+ default:
+ throw new IllegalArgumentException(
+ "Unrecognized Encryption Algorithm ID: " + getAlgorithmId());
+ }
}
}
diff --git a/src/java/com/android/internal/net/ipsec/ike/exceptions/AuthenticationFailedException.java b/src/java/com/android/internal/net/ipsec/ike/exceptions/AuthenticationFailedException.java
new file mode 100644
index 0000000..e587364
--- /dev/null
+++ b/src/java/com/android/internal/net/ipsec/ike/exceptions/AuthenticationFailedException.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.android.internal.net.ipsec.ike.exceptions;
+
+import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_AUTHENTICATION_FAILED;
+
+import android.net.ipsec.ike.exceptions.IkeProtocolException;
+
+/**
+ * This exception is thrown when IKE authentication fails.
+ *
+ * <p>Contains an exception message detailing the failure cause.
+ *
+ * @see <a href="https://tools.ietf.org/html/rfc7296#section-2.21.2">RFC 7296, Internet Key Exchange
+ * Protocol Version 2 (IKEv2)</a>
+ */
+public final class AuthenticationFailedException extends IkeProtocolException {
+ private static final int EXPECTED_ERROR_DATA_LEN = 0;
+
+ /**
+ * Construct a instance of AuthenticationFailedException.
+ *
+ * @param message the detail message.
+ */
+ public AuthenticationFailedException(String message) {
+ super(ERROR_TYPE_AUTHENTICATION_FAILED, message);
+ }
+
+ /**
+ * Construct a instance of AuthenticationFailedExcepion.
+ *
+ * @param cause the cause.
+ */
+ public AuthenticationFailedException(Throwable cause) {
+ super(ERROR_TYPE_AUTHENTICATION_FAILED, cause);
+ }
+
+ /**
+ * Construct a instance of AuthenticationFailedExcepion from a notify payload.
+ *
+ * @param notifyData the notify data included in the payload.
+ */
+ public AuthenticationFailedException(byte[] notifyData) {
+ super(ERROR_TYPE_AUTHENTICATION_FAILED, notifyData);
+ }
+
+ @Override
+ protected boolean isValidDataLength(int dataLen) {
+ return EXPECTED_ERROR_DATA_LEN == dataLen;
+ }
+}
diff --git a/src/java/android/net/ipsec/ike/exceptions/InvalidKeException.java b/src/java/com/android/internal/net/ipsec/ike/exceptions/InvalidKeException.java
similarity index 63%
rename from src/java/android/net/ipsec/ike/exceptions/InvalidKeException.java
rename to src/java/com/android/internal/net/ipsec/ike/exceptions/InvalidKeException.java
index 2882138..ae2330c 100644
--- a/src/java/android/net/ipsec/ike/exceptions/InvalidKeException.java
+++ b/src/java/com/android/internal/net/ipsec/ike/exceptions/InvalidKeException.java
@@ -13,32 +13,27 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package android.net.ipsec.ike.exceptions;
+package com.android.internal.net.ipsec.ike.exceptions;
-import android.net.ipsec.ike.ChildSessionCallback;
-import android.net.ipsec.ike.IkeSessionCallback;
+import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_INVALID_KE_PAYLOAD;
+
+import android.net.ipsec.ike.exceptions.IkeProtocolException;
/**
- * This exception is thrown when the remote server expected a different Diffie-Hellman group.
+ * This exception is thrown when the received KE payload in the request is different from accepted
+ * Diffie-Hellman group.
*
- * <p>This exception indicates that the remote server received a different KE payload in the Child
- * creation request from accepted Diffie-Hellman group. Callers can retry Child creation by
- * proposing the expected DH group included in this exception.
+ * <p>Responder should include an INVALID_KE_PAYLOAD Notify payload in a response message for both
+ * IKE INI exchange and other SA negotiation exchanges after IKE is setup..
*
* @see <a href="https://tools.ietf.org/html/rfc7296#section-1.3">RFC 7296, Internet Key Exchange
* Protocol Version 2 (IKEv2)</a>
*/
-// Responder should include an INVALID_KE_PAYLOAD Notify payload in a response message for both
-// IKE INIT exchange and other SA negotiation exchanges after IKE is setup, as per RFC 7296
-// section-1.3.
public final class InvalidKeException extends IkeProtocolException {
private static final int EXPECTED_ERROR_DATA_LEN = 2;
/**
- * Construct an instance of InvalidKeException.
- *
- * <p>Except for testing, IKE library users normally do not instantiate this object themselves
- * but instead get a reference via {@link IkeSessionCallback} or {@link ChildSessionCallback}.
+ * Construct an instance of InvalidKeException
*
* @param dhGroup the expected DH group
*/
@@ -50,7 +45,6 @@
* Construct a instance of InvalidKeException from a notify payload.
*
* @param notifyData the notify data included in the payload.
- * @hide
*/
public InvalidKeException(byte[] notifyData) {
super(ERROR_TYPE_INVALID_KE_PAYLOAD, notifyData);
@@ -65,7 +59,6 @@
return byteArrayToInteger(getErrorData());
}
- /** @hide */
@Override
protected boolean isValidDataLength(int dataLen) {
return EXPECTED_ERROR_DATA_LEN == dataLen;
diff --git a/src/java/com/android/internal/net/ipsec/ike/exceptions/InvalidMajorVersionException.java b/src/java/com/android/internal/net/ipsec/ike/exceptions/InvalidMajorVersionException.java
new file mode 100644
index 0000000..dc0357e
--- /dev/null
+++ b/src/java/com/android/internal/net/ipsec/ike/exceptions/InvalidMajorVersionException.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.android.internal.net.ipsec.ike.exceptions;
+
+import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_INVALID_MAJOR_VERSION;
+
+import android.net.ipsec.ike.exceptions.IkeProtocolException;
+
+/**
+ * This exception is thrown when major version is higher than 2.
+ *
+ * <p>Include INVALID_MAJOR_VERSION Notify payload in an unencrypted response message containing
+ * version number 2.
+ *
+ * @see <a href="https://tools.ietf.org/html/rfc7296#section-2.5">RFC 7296, Internet Key Exchange
+ * Protocol Version 2 (IKEv2)</a>
+ */
+public final class InvalidMajorVersionException extends IkeProtocolException {
+ private static final int EXPECTED_ERROR_DATA_LEN = 1;
+
+ /**
+ * Construct a instance of InvalidMajorVersionException
+ *
+ * @param version the major version in received packet
+ */
+ public InvalidMajorVersionException(byte version) {
+ super(ERROR_TYPE_INVALID_MAJOR_VERSION, new byte[] {version});
+ }
+
+ /**
+ * Construct a instance of InvalidMajorVersionException from a notify payload.
+ *
+ * @param notifyData the notify data included in the payload.
+ */
+ public InvalidMajorVersionException(byte[] notifyData) {
+ super(ERROR_TYPE_INVALID_MAJOR_VERSION, notifyData);
+ }
+
+ /**
+ * Return the major verion included in this exception.
+ *
+ * @return the major verion
+ */
+ public int getMajorVerion() {
+ return byteArrayToInteger(getErrorData());
+ }
+
+ @Override
+ protected boolean isValidDataLength(int dataLen) {
+ return EXPECTED_ERROR_DATA_LEN == dataLen;
+ }
+}
diff --git a/src/java/android/net/ipsec/ike/exceptions/InvalidMessageIdException.java b/src/java/com/android/internal/net/ipsec/ike/exceptions/InvalidMessageIdException.java
similarity index 72%
rename from src/java/android/net/ipsec/ike/exceptions/InvalidMessageIdException.java
rename to src/java/com/android/internal/net/ipsec/ike/exceptions/InvalidMessageIdException.java
index df32e9b..9c5cffa 100644
--- a/src/java/android/net/ipsec/ike/exceptions/InvalidMessageIdException.java
+++ b/src/java/com/android/internal/net/ipsec/ike/exceptions/InvalidMessageIdException.java
@@ -13,30 +13,28 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package android.net.ipsec.ike.exceptions;
+package com.android.internal.net.ipsec.ike.exceptions;
-import android.net.ipsec.ike.ChildSessionCallback;
-import android.net.ipsec.ike.IkeSessionCallback;
+import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_INVALID_MESSAGE_ID;
+
+import android.net.ipsec.ike.exceptions.IkeProtocolException;
/**
- * This exception is thrown when the remote server received a message with out-of-window-size ID.
+ * This exception is thrown when the message ID is out of window size.
+ *
+ * <p>Notifications based on this exception contains the four-octet invalid message ID. It MUST only
+ * ever be sent in an INFORMATIONAL request. Sending this notification is OPTIONAL, and
+ * notifications of this type MUST be rate limited.
*
* @see <a href="https://tools.ietf.org/html/rfc7296#section-2.3">RFC 7296, Internet Key Exchange
* Protocol Version 2 (IKEv2)</a>
- * @hide
*/
-// Notifications based on this exception contains the four-octet invalid message ID. It MUST only
-// ever be sent in an INFORMATIONAL request. Sending this notification is OPTIONAL, and
-// notifications of this type MUST be rate limited.
public final class InvalidMessageIdException extends IkeProtocolException {
private static final int EXPECTED_ERROR_DATA_LEN = 4;
/**
* Construct a instance of InvalidMessageIdException
*
- * <p>Except for testing, IKE library users normally do not instantiate this object themselves
- * but instead get a reference via {@link IkeSessionCallback} or {@link ChildSessionCallback}.
- *
* @param messageId the invalid Message ID.
*/
public InvalidMessageIdException(int messageId) {
@@ -49,7 +47,6 @@
* Construct a instance of InvalidMessageIdException from a notify payload.
*
* @param notifyData the notify data included in the payload.
- * @hide
*/
public InvalidMessageIdException(byte[] notifyData) {
super(ERROR_TYPE_INVALID_MESSAGE_ID, notifyData);
@@ -64,7 +61,6 @@
return byteArrayToInteger(getErrorData());
}
- /** @hide */
@Override
protected boolean isValidDataLength(int dataLen) {
return EXPECTED_ERROR_DATA_LEN == dataLen;
diff --git a/src/java/com/android/internal/net/ipsec/ike/exceptions/InvalidSyntaxException.java b/src/java/com/android/internal/net/ipsec/ike/exceptions/InvalidSyntaxException.java
new file mode 100644
index 0000000..fd73f2f
--- /dev/null
+++ b/src/java/com/android/internal/net/ipsec/ike/exceptions/InvalidSyntaxException.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.android.internal.net.ipsec.ike.exceptions;
+
+import android.net.ipsec.ike.exceptions.IkeProtocolException;
+
+/**
+ * This exception is thrown if any IKE message field is invalid.
+ *
+ * <p>Include INVALID_SYNTAX Notify payload in an encrypted response message if current message is
+ * an encrypted request and cryptographic checksum is valid. Fatal error.
+ *
+ * @see <a href="https://tools.ietf.org/html/rfc7296#section-3.10.1">RFC 7296, Internet Key Exchange
+ * Protocol Version 2 (IKEv2)</a>
+ */
+public final class InvalidSyntaxException extends IkeProtocolException {
+ private static final int EXPECTED_ERROR_DATA_LEN = 0;
+
+ /**
+ * Construct an instance of InvalidSyntaxException.
+ *
+ * @param message the descriptive message.
+ */
+ public InvalidSyntaxException(String message) {
+ super(ERROR_TYPE_INVALID_SYNTAX, message);
+ }
+
+ /**
+ * Construct a instance of InvalidSyntaxException.
+ *
+ * @param cause the reason of exception.
+ */
+ public InvalidSyntaxException(Throwable cause) {
+ super(ERROR_TYPE_INVALID_SYNTAX, cause);
+ }
+
+ /**
+ * Construct a instance of InvalidSyntaxException.
+ *
+ * @param message the descriptive message.
+ * @param cause the reason of exception.
+ */
+ public InvalidSyntaxException(String message, Throwable cause) {
+ super(ERROR_TYPE_INVALID_SYNTAX, message, cause);
+ }
+
+ /**
+ * Construct a instance of InvalidSyntaxException from a notify payload.
+ *
+ * @param notifyData the notify data included in the payload.
+ */
+ public InvalidSyntaxException(byte[] notifyData) {
+ super(ERROR_TYPE_INVALID_SYNTAX, notifyData);
+ }
+
+ @Override
+ protected boolean isValidDataLength(int dataLen) {
+ return EXPECTED_ERROR_DATA_LEN == dataLen;
+ }
+}
diff --git a/src/java/com/android/internal/net/ipsec/ike/exceptions/NoValidProposalChosenException.java b/src/java/com/android/internal/net/ipsec/ike/exceptions/NoValidProposalChosenException.java
new file mode 100644
index 0000000..4514c65
--- /dev/null
+++ b/src/java/com/android/internal/net/ipsec/ike/exceptions/NoValidProposalChosenException.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.android.internal.net.ipsec.ike.exceptions;
+
+import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_NO_PROPOSAL_CHOSEN;
+
+import android.net.ipsec.ike.exceptions.IkeProtocolException;
+
+/**
+ * This exception is thrown if either none of SA proposals from SA initiator is acceptable or the
+ * negotiated SA proposal from SA responder is invalid.
+ *
+ * <p>Include the NO_PROPOSAL_CHOSEN Notify payload in an encrypted response message if received
+ * message is an encrypted request from SA initiator.
+ *
+ * @see <a href="https://tools.ietf.org/html/rfc7296#section-2.7">RFC 7296, Internet Key Exchange
+ * Protocol Version 2 (IKEv2)</a>
+ */
+public final class NoValidProposalChosenException extends IkeProtocolException {
+ private static final int EXPECTED_ERROR_DATA_LEN = 0;
+
+ /**
+ * Construct an instance of NoValidProposalChosenException.
+ *
+ * @param message the descriptive message.
+ */
+ public NoValidProposalChosenException(String message) {
+ super(ERROR_TYPE_NO_PROPOSAL_CHOSEN, message);
+ }
+
+ /**
+ * Construct an instance of NoValidProposalChosenException.
+ *
+ * @param message the descriptive message.
+ * @param cause the reason of exception.
+ */
+ public NoValidProposalChosenException(String message, Throwable cause) {
+ super(ERROR_TYPE_NO_PROPOSAL_CHOSEN, cause);
+ }
+
+ /**
+ * Construct a instance of NoValidProposalChosenException from a notify payload.
+ *
+ * @param notifyData the notify data included in the payload.
+ */
+ public NoValidProposalChosenException(byte[] notifyData) {
+ super(ERROR_TYPE_NO_PROPOSAL_CHOSEN, notifyData);
+ }
+
+ @Override
+ protected boolean isValidDataLength(int dataLen) {
+ return EXPECTED_ERROR_DATA_LEN == dataLen;
+ }
+}
diff --git a/src/java/android/net/ipsec/ike/exceptions/TemporaryFailureException.java b/src/java/com/android/internal/net/ipsec/ike/exceptions/TemporaryFailureException.java
similarity index 62%
rename from src/java/android/net/ipsec/ike/exceptions/TemporaryFailureException.java
rename to src/java/com/android/internal/net/ipsec/ike/exceptions/TemporaryFailureException.java
index e63319a..57ef8cd 100644
--- a/src/java/android/net/ipsec/ike/exceptions/TemporaryFailureException.java
+++ b/src/java/com/android/internal/net/ipsec/ike/exceptions/TemporaryFailureException.java
@@ -13,21 +13,18 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package android.net.ipsec.ike.exceptions;
+package com.android.internal.net.ipsec.ike.exceptions;
-import android.annotation.NonNull;
-import android.net.ipsec.ike.ChildSessionCallback;
-import android.net.ipsec.ike.IkeSessionCallback;
+import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_TEMPORARY_FAILURE;
+
+import android.net.ipsec.ike.exceptions.IkeProtocolException;
/**
- * This exception is thrown if the remote server declined a request because of a temporary issue.
- *
- * <p>This exception indicates that the remote server receives a request that cannot be completed
- * due to a temporary condition such as a rekeying operation.
+ * This exception is thrown when local node or remote peer receives a request that cannot be
+ * completed due to a temporary condition such as a rekeying operation.
*
* @see <a href="https://tools.ietf.org/html/rfc7296#section-2.7">RFC 7296, Internet Key Exchange
* Protocol Version 2 (IKEv2)</a>
- * @hide
*/
public final class TemporaryFailureException extends IkeProtocolException {
private static final int EXPECTED_ERROR_DATA_LEN = 0;
@@ -35,13 +32,9 @@
/**
* Construct an instance of TemporaryFailureException.
*
- * <p>Except for testing, IKE library users normally do not instantiate this object themselves
- * but instead get a reference via {@link IkeSessionCallback} or {@link ChildSessionCallback}.
- *
- * @param message the descriptive message (which is saved for later retrieval by the {@link
- * #getMessage()} method).
+ * @param message the descriptive message.
*/
- public TemporaryFailureException(@NonNull String message) {
+ public TemporaryFailureException(String message) {
super(ERROR_TYPE_TEMPORARY_FAILURE, message);
}
@@ -49,13 +42,11 @@
* Construct a instance of TemporaryFailureException from a notify payload.
*
* @param notifyData the notify data included in the payload.
- * @hide
*/
public TemporaryFailureException(byte[] notifyData) {
super(ERROR_TYPE_TEMPORARY_FAILURE, notifyData);
}
- /** @hide */
@Override
protected boolean isValidDataLength(int dataLen) {
return EXPECTED_ERROR_DATA_LEN == dataLen;
diff --git a/src/java/com/android/internal/net/ipsec/ike/exceptions/TsUnacceptableException.java b/src/java/com/android/internal/net/ipsec/ike/exceptions/TsUnacceptableException.java
new file mode 100644
index 0000000..ef1152a
--- /dev/null
+++ b/src/java/com/android/internal/net/ipsec/ike/exceptions/TsUnacceptableException.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.android.internal.net.ipsec.ike.exceptions;
+
+import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_TS_UNACCEPTABLE;
+
+import android.net.ipsec.ike.exceptions.IkeProtocolException;
+
+/**
+ * This exception is thrown if the remote sever proposed unacceptable TS.
+ *
+ * <p>If remote server is the exchange initiator, IKE library should respond with a TS_UNACCEPTABLE
+ * Notify message. If the remote server is the exchange responder, IKE library should initiate a
+ * Delete IKE exchange and close the IKE Session.
+ */
+public final class TsUnacceptableException extends IkeProtocolException {
+ private static final int EXPECTED_ERROR_DATA_LEN = 0;
+
+ /** Construct an instance of TsUnacceptableException. */
+ public TsUnacceptableException() {
+ super(ERROR_TYPE_TS_UNACCEPTABLE);
+ }
+
+ /**
+ * Construct a instance of TsUnacceptableException from a notify payload.
+ *
+ * @param notifyData the notify data included in the payload.
+ */
+ public TsUnacceptableException(byte[] notifyData) {
+ super(ERROR_TYPE_TS_UNACCEPTABLE, notifyData);
+ }
+
+ @Override
+ protected boolean isValidDataLength(int dataLen) {
+ return EXPECTED_ERROR_DATA_LEN == dataLen;
+ }
+}
diff --git a/src/java/com/android/internal/net/ipsec/ike/exceptions/UnrecognizedIkeProtocolException.java b/src/java/com/android/internal/net/ipsec/ike/exceptions/UnrecognizedIkeProtocolException.java
new file mode 100644
index 0000000..3d1d508
--- /dev/null
+++ b/src/java/com/android/internal/net/ipsec/ike/exceptions/UnrecognizedIkeProtocolException.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.android.internal.net.ipsec.ike.exceptions;
+
+import android.net.ipsec.ike.exceptions.IkeProtocolException;
+
+/**
+ * This exception represents an unrecognized error notification in a received response.
+ *
+ * <p>When receiving an unrecognized error notification in a response, IKE Session MUST assume that
+ * the corresponding request has failed entirely. If it is in a request, IKE Session MUST ignore it.
+ *
+ * @see <a href="https://tools.ietf.org/html/rfc7296#section-3.10.1">RFC 7296, Internet Key Exchange
+ * Protocol Version 2 (IKEv2)</a>
+ */
+public final class UnrecognizedIkeProtocolException extends IkeProtocolException {
+ /** Constructs an instance of UnrecognizedIkeProtocolException */
+ public UnrecognizedIkeProtocolException(int errorType, byte[] notifyData) {
+ super(errorType, notifyData);
+ }
+
+ @Override
+ protected boolean isValidDataLength(int dataLen) {
+ // Unrecognized error does not have an expected error data length. Any non-negative length
+ // is valid
+ return dataLen >= 0;
+ }
+}
diff --git a/src/java/android/net/ipsec/ike/exceptions/UnsupportedCriticalPayloadException.java b/src/java/com/android/internal/net/ipsec/ike/exceptions/UnsupportedCriticalPayloadException.java
similarity index 74%
rename from src/java/android/net/ipsec/ike/exceptions/UnsupportedCriticalPayloadException.java
rename to src/java/com/android/internal/net/ipsec/ike/exceptions/UnsupportedCriticalPayloadException.java
index 672ede8..ab1f75e 100644
--- a/src/java/android/net/ipsec/ike/exceptions/UnsupportedCriticalPayloadException.java
+++ b/src/java/com/android/internal/net/ipsec/ike/exceptions/UnsupportedCriticalPayloadException.java
@@ -13,28 +13,28 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package android.net.ipsec.ike.exceptions;
+package com.android.internal.net.ipsec.ike.exceptions;
-import android.annotation.NonNull;
+import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD;
+
+import android.net.ipsec.ike.exceptions.IkeProtocolException;
import java.util.ArrayList;
-import java.util.Collections;
import java.util.List;
-import java.util.Objects;
/**
* This exception is thrown when payload type is not supported and critical bit is set
*
+ * <p>Include UNSUPPORTED_CRITICAL_PAYLOAD Notify payloads in a response message. Each payload
+ * contains only one payload type.
+ *
* @see <a href="https://tools.ietf.org/html/rfc7296#section-2.5">RFC 7296, Internet Key Exchange
* Protocol Version 2 (IKEv2)</a>
- * @hide
*/
-// Include UNSUPPORTED_CRITICAL_PAYLOAD Notify payloads in a response message. Each payload
-// contains only one payload type.
public final class UnsupportedCriticalPayloadException extends IkeProtocolException {
private static final int EXPECTED_ERROR_DATA_LEN = 1;
- private final List<Integer> mPayloadTypeList;
+ public final List<Integer> payloadTypeList;
/**
* Construct an instance of UnsupportedCriticalPayloadException.
@@ -44,23 +44,22 @@
*
* @param payloadList the list of all unsupported critical payload types.
*/
- public UnsupportedCriticalPayloadException(@NonNull List<Integer> payloadList) {
+ public UnsupportedCriticalPayloadException(List<Integer> payloadList) {
super(
ERROR_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD,
integerToByteArray(payloadList.get(0), EXPECTED_ERROR_DATA_LEN));
- Objects.requireNonNull(payloadList, "payloadList is null");
- mPayloadTypeList = Collections.unmodifiableList(new ArrayList<>(payloadList));
+ payloadTypeList = payloadList;
}
/**
* Construct a instance of UnsupportedCriticalPayloadException from a notify payload.
*
* @param notifyData the notify data included in the payload.
- * @hide
*/
public UnsupportedCriticalPayloadException(byte[] notifyData) {
super(ERROR_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD, notifyData);
- mPayloadTypeList = Collections.singletonList(byteArrayToInteger(notifyData));
+ payloadTypeList = new ArrayList<>(1);
+ payloadTypeList.add(byteArrayToInteger(notifyData));
}
/**
@@ -68,12 +67,10 @@
*
* @return the unsupported critical payload list.
*/
- @NonNull
public List<Integer> getUnsupportedCriticalPayloadList() {
- return Collections.unmodifiableList(mPayloadTypeList);
+ return payloadTypeList;
}
- /** @hide */
@Override
protected boolean isValidDataLength(int dataLen) {
return EXPECTED_ERROR_DATA_LEN == dataLen;
diff --git a/src/java/com/android/internal/net/ipsec/ike/ike3gpp/Ike3gppBackoffTimerUtils.java b/src/java/com/android/internal/net/ipsec/ike/ike3gpp/Ike3gppBackoffTimerUtils.java
deleted file mode 100644
index efa53a5..0000000
--- a/src/java/com/android/internal/net/ipsec/ike/ike3gpp/Ike3gppBackoffTimerUtils.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.android.internal.net.ipsec.ike.ike3gpp;
-
-import android.net.ipsec.ike.exceptions.InvalidSyntaxException;
-
-import java.nio.ByteBuffer;
-
-/**
- * Ike3gppBackoffTimerUtils contains functions needed to support 3GPP-specific Backoff Timer
- * functionality.
- *
- * <p>This class is package-private.
- */
-class Ike3gppBackoffTimerUtils {
- private static final int BACKOFF_TIMER_DATA_LEN = 2;
- private static final byte BACKOFF_TIMER_LEN = (byte) 1;
-
- /**
- * Get the backoff timer byte from the specified Notify Data.
- *
- * @see TS 124 302 Section 8.2.9.1 for specification of BACKOFF_TIMER Notify payload.
- * @param notifyData The Notify-Data payload from which the backoff timer value will be parsed.
- * @return the parsed backoff timer value
- * @throws InvalidSyntaxException if the BACKOFF_TIMER's notifyData is encoded incorrectly
- */
- static byte getBackoffTimerfromNotifyData(byte[] notifyData) throws InvalidSyntaxException {
- ByteBuffer buffer = ByteBuffer.wrap(notifyData);
-
- if (buffer.remaining() != BACKOFF_TIMER_DATA_LEN || buffer.get() != BACKOFF_TIMER_LEN) {
- throw new InvalidSyntaxException("BACKOFF_TIMER payload with an invalid encoding");
- }
-
- return buffer.get();
- }
-}
diff --git a/src/java/com/android/internal/net/ipsec/ike/ike3gpp/Ike3gppExchangeBase.java b/src/java/com/android/internal/net/ipsec/ike/ike3gpp/Ike3gppExchangeBase.java
deleted file mode 100644
index 88aa114..0000000
--- a/src/java/com/android/internal/net/ipsec/ike/ike3gpp/Ike3gppExchangeBase.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.android.internal.net.ipsec.ike.ike3gpp;
-
-import static android.net.ipsec.ike.IkeManager.getIkeLog;
-
-import android.annotation.NonNull;
-import android.net.ipsec.ike.ike3gpp.Ike3gppData;
-import android.net.ipsec.ike.ike3gpp.Ike3gppExtension;
-
-import java.util.List;
-import java.util.Objects;
-import java.util.concurrent.Executor;
-
-/**
- * Ike3gppExchangeBase is the base for IKE exchange-specific 3GPP functionality.
- *
- * <p>This class is package-private.
- */
-abstract class Ike3gppExchangeBase {
- private static final String TAG = Ike3gppExchangeBase.class.getSimpleName();
-
- @NonNull protected final Ike3gppExtension mIke3gppExtension;
- @NonNull private final Executor mUserCbExecutor;
-
- /** Initializes an Ike3gppExchangeBase. */
- Ike3gppExchangeBase(
- @NonNull Ike3gppExtension ike3gppExtension, @NonNull Executor userCbExecutor) {
- mIke3gppExtension =
- Objects.requireNonNull(ike3gppExtension, "ike3gppExtension must not be null");
- mUserCbExecutor = Objects.requireNonNull(userCbExecutor, "userCbExecutor must not be null");
- }
-
- void maybeInvokeUserCallback(List<Ike3gppData> ike3gppDataList) {
- if (ike3gppDataList.isEmpty()) return;
-
- try {
- mUserCbExecutor.execute(
- () ->
- mIke3gppExtension
- .getIke3gppDataListener()
- .onIke3gppDataReceived(ike3gppDataList));
- } catch (Exception e) {
- getIkeLog().d(TAG, "Ike3gppDataListener#onIke3gppDataReceived execution failed", e);
- }
- }
-}
diff --git a/src/java/com/android/internal/net/ipsec/ike/ike3gpp/Ike3gppExtensionExchange.java b/src/java/com/android/internal/net/ipsec/ike/ike3gpp/Ike3gppExtensionExchange.java
deleted file mode 100644
index cafbcf4..0000000
--- a/src/java/com/android/internal/net/ipsec/ike/ike3gpp/Ike3gppExtensionExchange.java
+++ /dev/null
@@ -1,186 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.android.internal.net.ipsec.ike.ike3gpp;
-
-import static android.net.ipsec.ike.IkeManager.getIkeLog;
-
-import static com.android.internal.net.ipsec.ike.IkeSessionStateMachine.IKE_EXCHANGE_SUBTYPE_IKE_AUTH;
-
-import android.annotation.NonNull;
-import android.annotation.Nullable;
-import android.net.ipsec.ike.exceptions.InvalidSyntaxException;
-import android.net.ipsec.ike.ike3gpp.Ike3gppExtension;
-import android.net.ipsec.ike.ike3gpp.Ike3gppExtension.Ike3gppDataListener;
-import android.util.ArraySet;
-
-import com.android.internal.net.ipsec.ike.IkeSessionStateMachine;
-import com.android.internal.net.ipsec.ike.message.IkePayload;
-
-import java.util.Collections;
-import java.util.List;
-import java.util.Objects;
-import java.util.Set;
-import java.util.concurrent.Executor;
-
-/**
- * Ike3gppExtensionExchange contains the implementation for 3GPP-specific functionality in IKEv2.
- */
-public class Ike3gppExtensionExchange implements AutoCloseable {
- private static final String TAG = Ike3gppExtensionExchange.class.getSimpleName();
-
- private static final Set<Ike3gppDataListener> REGISTERED_LISTENERS =
- Collections.synchronizedSet(new ArraySet<>());
-
- /**
- * Indicates that the caller must wait the specified time before attempting to open an IKE
- * Session with the peer.
- *
- * <p>Note that this is not an IANA-specified value.
- *
- * <p>Must be accompanied by an Error-Notify(ERROR_TYPE_NO_APN_SUBSCRIPTION) or
- * Error-Notify(ERROR_TYPE_NETWORK_FAILURE); otherwise, the payload will be logged and ignored.
- */
- public static final int NOTIFY_TYPE_BACKOFF_TIMER = 41041;
-
- /**
- * Indicates that the UE supports N1 Mode during 5G SA ePDG tunnel setup.
- *
- * <p>Note that this is not an IANA-specified value.
- *
- * <p>A PDU session ID will be included to indicate the PDU session associated with the IKEv2
- * SA.
- *
- * <p>See TS 124 302 - Universal Mobile Telecommunications System (UMTS); LTE; 5G; Access to the
- * 3GPP Evolved Packet Core (EPC) via non-3GPP access networks (Section 8.2.9.15) for more
- * details.
- */
- public static final int NOTIFY_TYPE_N1_MODE_CAPABILITY = 51015;
-
- /**
- * Used for reporting the S-NSSAI from the server to the UE for the reported PDU Session ID.
- *
- * <p>Note that this is not an IANA-specified value.
- *
- * <p>This Payload will only be sent from the server to the user device after {@link
- * NOTIFY_TYPE_N1_MODE_CAPABILITY} is sent during the IKE_AUTH exchange.
- *
- * <p>See TS 124 302 - Universal Mobile Telecommunications System (UMTS); LTE; 5G; Access to the
- * 3GPP Evolved Packet Core (EPC) via non-3GPP access networks (Section 8.2.9.16) for more
- * details.
- */
- public static final int NOTIFY_TYPE_N1_MODE_INFORMATION = 51115;
-
- @Nullable private final Ike3gppExtension mIke3gppExtension;
- @NonNull private final Executor mUserCbExecutor;
- @Nullable private final Ike3gppIkeAuth mIke3gppIkeAuth;
-
- /**
- * Initializes an Ike3gppExtensionExchange.
- *
- * <p>If ike3gppExtension is null, no 3GPP functionality will be enabled.
- */
- public Ike3gppExtensionExchange(
- @Nullable Ike3gppExtension ike3gppExtension, @NonNull Executor userCbExecutor) {
- mIke3gppExtension = ike3gppExtension;
- mUserCbExecutor = Objects.requireNonNull(userCbExecutor, "userCbExecutor must not be null");
-
- if (mIke3gppExtension != null) {
- mIke3gppIkeAuth = new Ike3gppIkeAuth(mIke3gppExtension, mUserCbExecutor);
-
- if (!REGISTERED_LISTENERS.add(ike3gppExtension.getIke3gppDataListener())) {
- throw new IllegalArgumentException(
- "Ike3gppDataListener must be unique for each IkeSession");
- }
-
- logd("IKE 3GPP Extension enabled: " + mIke3gppExtension.getIke3gppParams());
- } else {
- mIke3gppIkeAuth = null;
- }
- }
-
- @Override
- public void close() {
- if (mIke3gppExtension == null) return;
-
- REGISTERED_LISTENERS.remove(mIke3gppExtension.getIke3gppDataListener());
- }
-
- /** Gets the 3GPP-specific Request IkePayloads for the specified exchangeSubtype. */
- public List<IkePayload> getRequestPayloads(int exchangeSubtype) {
- if (mIke3gppExtension == null) return Collections.EMPTY_LIST;
-
- switch (exchangeSubtype) {
- case IKE_EXCHANGE_SUBTYPE_IKE_AUTH:
- return mIke3gppIkeAuth.getRequestPayloads();
- default:
- // No 3GPP-specific behavior for this exchange subtype
- String exchangeSubtypeString =
- IkeSessionStateMachine.EXCHANGE_SUBTYPE_TO_STRING.get(exchangeSubtype);
- logw("No 3GPP request payloads added for: " + exchangeSubtypeString);
- return Collections.EMPTY_LIST;
- }
- }
-
- /**
- * Returns a list of 3GPP-specific Response Payloads from the given list that are valid for the
- * specified exchangeSubtype.
- */
- public List<IkePayload> extract3gppResponsePayloads(
- int exchangeSubtype, List<IkePayload> payloads) {
- if (mIke3gppExtension == null) return Collections.EMPTY_LIST;
-
- switch (exchangeSubtype) {
- case IKE_EXCHANGE_SUBTYPE_IKE_AUTH:
- return mIke3gppIkeAuth.extract3gppResponsePayloads(payloads);
- default:
- // No 3GPP-specific behavior for this exchange subtype
- String exchangeSubtypeString =
- IkeSessionStateMachine.EXCHANGE_SUBTYPE_TO_STRING.get(exchangeSubtype);
- logw("No 3GPP response payloads expected for: " + exchangeSubtypeString);
- return Collections.EMPTY_LIST;
- }
- }
-
- /**
- * Handles the provided Response IkePayloads for the specified exchangeSubtype.
- *
- * <p>If the caller needs to be notified of received Ike3gppData, the configured
- * Ike3gppDataListener will be invoked.
- */
- public void handle3gppResponsePayloads(int exchangeSubtype, List<IkePayload> ike3gppPayloads)
- throws InvalidSyntaxException {
- if (mIke3gppExtension == null || ike3gppPayloads.isEmpty()) return;
-
- switch (exchangeSubtype) {
- case IKE_EXCHANGE_SUBTYPE_IKE_AUTH:
- mIke3gppIkeAuth.handleAuthResp(ike3gppPayloads);
- break;
- default:
- // No 3GPP-specific behavior for this exchange subtype
- String exchangeSubtypeString =
- IkeSessionStateMachine.EXCHANGE_SUBTYPE_TO_STRING.get(exchangeSubtype);
- logw("Received unexpected 3GPP payloads in: " + exchangeSubtypeString);
- }
- }
-
- private void logw(String msg) {
- getIkeLog().w(TAG, msg);
- }
-
- private void logd(String msg) {
- getIkeLog().d(TAG, msg);
- }
-}
diff --git a/src/java/com/android/internal/net/ipsec/ike/ike3gpp/Ike3gppIkeAuth.java b/src/java/com/android/internal/net/ipsec/ike/ike3gpp/Ike3gppIkeAuth.java
deleted file mode 100644
index f3672f1..0000000
--- a/src/java/com/android/internal/net/ipsec/ike/ike3gpp/Ike3gppIkeAuth.java
+++ /dev/null
@@ -1,154 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.android.internal.net.ipsec.ike.ike3gpp;
-
-import static android.net.ipsec.ike.IkeManager.getIkeLog;
-import static android.net.ipsec.ike.ike3gpp.Ike3gppBackoffTimer.ERROR_TYPE_NETWORK_FAILURE;
-import static android.net.ipsec.ike.ike3gpp.Ike3gppBackoffTimer.ERROR_TYPE_NO_APN_SUBSCRIPTION;
-
-import static com.android.internal.net.ipsec.ike.ike3gpp.Ike3gppExtensionExchange.NOTIFY_TYPE_BACKOFF_TIMER;
-import static com.android.internal.net.ipsec.ike.ike3gpp.Ike3gppExtensionExchange.NOTIFY_TYPE_N1_MODE_INFORMATION;
-
-import android.annotation.NonNull;
-import android.net.ipsec.ike.exceptions.InvalidSyntaxException;
-import android.net.ipsec.ike.ike3gpp.Ike3gppBackoffTimer;
-import android.net.ipsec.ike.ike3gpp.Ike3gppData;
-import android.net.ipsec.ike.ike3gpp.Ike3gppExtension;
-import android.net.ipsec.ike.ike3gpp.Ike3gppN1ModeInformation;
-import android.util.ArraySet;
-
-import com.android.internal.net.ipsec.ike.message.IkeNotifyPayload;
-import com.android.internal.net.ipsec.ike.message.IkePayload;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Set;
-import java.util.concurrent.Executor;
-
-/**
- * Ike3gppIkeAuth contains the implementation for IKE_AUTH 3GPP-specific functionality in IKEv2.
- *
- * <p>This class is package-private.
- */
-class Ike3gppIkeAuth extends Ike3gppExchangeBase {
- private static final String TAG = Ike3gppIkeAuth.class.getSimpleName();
- private static final Set<Integer> SUPPORTED_RESPONSE_NOTIFY_TYPES = new ArraySet<>();
-
- static {
- SUPPORTED_RESPONSE_NOTIFY_TYPES.add(NOTIFY_TYPE_N1_MODE_INFORMATION);
- SUPPORTED_RESPONSE_NOTIFY_TYPES.add(NOTIFY_TYPE_BACKOFF_TIMER);
- SUPPORTED_RESPONSE_NOTIFY_TYPES.add(ERROR_TYPE_NETWORK_FAILURE);
- SUPPORTED_RESPONSE_NOTIFY_TYPES.add(ERROR_TYPE_NO_APN_SUBSCRIPTION);
- }
-
- /** Initializes an Ike3gppIkeAuth. */
- Ike3gppIkeAuth(@NonNull Ike3gppExtension ike3gppExtension, @NonNull Executor userCbExecutor) {
- super(ike3gppExtension, userCbExecutor);
- }
-
- List<IkePayload> getRequestPayloads() {
- List<IkePayload> ike3gppPayloads = new ArrayList<>();
- if (mIke3gppExtension.getIke3gppParams().hasPduSessionId()) {
- ike3gppPayloads.add(
- Ike3gppN1ModeUtils.generateN1ModeCapabilityPayload(
- mIke3gppExtension.getIke3gppParams().getPduSessionId()));
- }
-
- return ike3gppPayloads;
- }
-
- List<IkePayload> extract3gppResponsePayloads(List<IkePayload> payloads) {
- List<IkePayload> ike3gppPayloads = new ArrayList<>();
-
- for (IkePayload payload : payloads) {
- switch (payload.payloadType) {
- case IkePayload.PAYLOAD_TYPE_NOTIFY:
- IkeNotifyPayload notifyPayload = (IkeNotifyPayload) payload;
- if (SUPPORTED_RESPONSE_NOTIFY_TYPES.contains(notifyPayload.notifyType)) {
- ike3gppPayloads.add(notifyPayload);
- }
- break;
- default:
- // not a 3GPP-specific payload
- break;
- }
- }
-
- return ike3gppPayloads;
- }
-
- void handleAuthResp(List<IkePayload> ike3gppPayloads) throws InvalidSyntaxException {
- List<Ike3gppData> ike3gppDataList = new ArrayList<>();
- List<IkeNotifyPayload> notifyPayloads =
- IkePayload.getPayloadListForTypeInProvidedList(
- IkePayload.PAYLOAD_TYPE_NOTIFY, IkeNotifyPayload.class, ike3gppPayloads);
-
- IkeNotifyPayload backoffTimerPayload = null;
- IkeNotifyPayload backoffTimerCause = null;
- for (IkeNotifyPayload notifyPayload : notifyPayloads) {
- switch (notifyPayload.notifyType) {
- case NOTIFY_TYPE_N1_MODE_INFORMATION:
- // N1_MODE_CAPABILITY must be configured for the client to be notified
- if (!mIke3gppExtension.getIke3gppParams().hasPduSessionId()) {
- logw("Received N1_MODE_INFORMATION when N1 Mode is not enabled");
- continue;
- }
-
- byte[] snssai =
- Ike3gppN1ModeUtils.getSnssaiFromNotifyData(notifyPayload.notifyData);
- ike3gppDataList.add(new Ike3gppN1ModeInformation(snssai));
- break;
- case NOTIFY_TYPE_BACKOFF_TIMER:
- backoffTimerPayload = notifyPayload;
- break;
- case ERROR_TYPE_NO_APN_SUBSCRIPTION: // fallthrough
- case ERROR_TYPE_NETWORK_FAILURE:
- if (backoffTimerCause == null) {
- backoffTimerCause = notifyPayload;
- } else {
- logw(
- "Received multiple potential causes for BACKOFF_TIMER: "
- + notifyPayload.notifyType);
- }
- break;
- default:
- // non-3GPP payload. Can be ignored.
- logd("Non-3GPP payload processed as 3GPP: " + notifyPayload.getTypeString());
- break;
- }
- }
-
- if (backoffTimerPayload != null && backoffTimerCause != null) {
- byte backoffTimer =
- Ike3gppBackoffTimerUtils.getBackoffTimerfromNotifyData(
- backoffTimerPayload.notifyData);
- ike3gppDataList.add(
- new Ike3gppBackoffTimer(backoffTimer, backoffTimerCause.notifyType));
- } else if (backoffTimerPayload != null) {
- logw("Received BACKOFF_TIMER payload without an Error-Notify");
- }
-
- maybeInvokeUserCallback(ike3gppDataList);
- }
-
- private void logd(String msg) {
- getIkeLog().d(TAG, msg);
- }
-
- private void logw(String msg) {
- getIkeLog().w(TAG, msg);
- }
-}
diff --git a/src/java/com/android/internal/net/ipsec/ike/ike3gpp/Ike3gppN1ModeUtils.java b/src/java/com/android/internal/net/ipsec/ike/ike3gpp/Ike3gppN1ModeUtils.java
deleted file mode 100644
index 1375a75..0000000
--- a/src/java/com/android/internal/net/ipsec/ike/ike3gpp/Ike3gppN1ModeUtils.java
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.android.internal.net.ipsec.ike.ike3gpp;
-
-import android.net.ipsec.ike.exceptions.InvalidSyntaxException;
-
-import com.android.internal.net.ipsec.ike.message.IkeNotifyPayload;
-
-import java.nio.ByteBuffer;
-
-/**
- * Ike3gppN1ModeUtils contains functions needed to support 3GPP-specific N1 Mode functionality.
- *
- * <p>This class is package-private.
- */
-class Ike3gppN1ModeUtils {
- private static final int N1_MODE_CAPABILITY_PAYLOAD_LENGTH = 2;
- private static final byte PDU_SESSION_ID_LEN = (byte) 1;
-
- /**
- * Generate N1 Mode Capability Notify payload.
- *
- * <p>This method formats the given PDU Session ID to its payload format.
- *
- * @see TS 124 302 Section 8.2.9.15 for specification of N1_MODE_CAPABILITY Notify payload.
- * @param pduSessionId the PDU Session ID to be included in this N1 Mode Capability payload
- * @return the formatted N1_MODE_CAPABILITY Notify payload data as a byte array.
- */
- static IkeNotifyPayload generateN1ModeCapabilityPayload(byte pduSessionId) {
- ByteBuffer payloadData = ByteBuffer.allocate(N1_MODE_CAPABILITY_PAYLOAD_LENGTH);
- payloadData.put(PDU_SESSION_ID_LEN);
- payloadData.put(pduSessionId);
-
- return new IkeNotifyPayload(
- Ike3gppExtensionExchange.NOTIFY_TYPE_N1_MODE_CAPABILITY, payloadData.array());
- }
-
- /**
- * Get the S-NSSAI value from the specified Notify Data.
- *
- * @see TS 124 302 Section 8.2.9.16 for specification of N1_MODE_INFORMATION Notify payload.
- * @param notifyData The Notify-Data payload from which the S-NSSAI value will be parsed.
- * @return the parsed S-NSSAI value
- */
- static byte[] getSnssaiFromNotifyData(byte[] notifyData) throws InvalidSyntaxException {
- ByteBuffer buffer = ByteBuffer.wrap(notifyData);
-
- // Format is: | SNSSAI Length (1B) | SNSSAI (Length B) |
- int snssaiLen = Byte.toUnsignedInt(buffer.get());
- if (snssaiLen != notifyData.length - 1) {
- throw new InvalidSyntaxException("SNSSAI does not match expected length");
- }
-
- byte[] snssai = new byte[snssaiLen];
- buffer.get(snssai);
- return snssai;
- }
-}
diff --git a/src/java/com/android/internal/net/ipsec/ike/keepalive/HardwareKeepaliveImpl.java b/src/java/com/android/internal/net/ipsec/ike/keepalive/HardwareKeepaliveImpl.java
index 268568c..bb0abe5 100644
--- a/src/java/com/android/internal/net/ipsec/ike/keepalive/HardwareKeepaliveImpl.java
+++ b/src/java/com/android/internal/net/ipsec/ike/keepalive/HardwareKeepaliveImpl.java
@@ -49,7 +49,6 @@
/** Construct an instance of HardwareKeepaliveImpl */
public HardwareKeepaliveImpl(
Context context,
- ConnectivityManager connectMgr,
int keepaliveDelaySeconds,
Inet4Address src,
Inet4Address dest,
@@ -62,8 +61,10 @@
mKeepaliveDelaySeconds = keepaliveDelaySeconds;
mHardwareKeepaliveCb = hardwareKeepaliveCb;
+ ConnectivityManager connMgr =
+ (ConnectivityManager) context.getSystemService(Context.CONNECTIVITY_SERVICE);
mSocketKeepalive =
- connectMgr.createSocketKeepalive(
+ connMgr.createSocketKeepalive(
network,
socket,
src,
@@ -99,12 +100,13 @@
void onNetworkError();
}
- class MySocketKeepaliveCb extends SocketKeepalive.Callback {
+ private class MySocketKeepaliveCb extends SocketKeepalive.Callback {
@Override
public void onError(int error) {
getIkeLog().d(TAG, "Hardware offload failed on error: " + error);
switch (error) {
case ERROR_INVALID_NETWORK: // fallthrough
+ case ERROR_INVALID_IP_ADDRESS: // fallthrough
case ERROR_INVALID_PORT: // fallthrough
case ERROR_INVALID_LENGTH: // fallthrough
case ERROR_INVALID_INTERVAL: // fallthrough
@@ -112,9 +114,6 @@
case ERROR_SOCKET_NOT_IDLE: // fallthrough
mHardwareKeepaliveCb.onNetworkError();
return;
- case ERROR_INVALID_IP_ADDRESS:
- // Hardware keepalive is not supported on 464XLAT and this error will be thrown.
- // So fallthrough to use software keepalive.
case ERROR_UNSUPPORTED: // fallthrough
case ERROR_HARDWARE_ERROR: // fallthrough
case ERROR_INSUFFICIENT_RESOURCES:
diff --git a/src/java/com/android/internal/net/ipsec/ike/keepalive/IkeNattKeepalive.java b/src/java/com/android/internal/net/ipsec/ike/keepalive/IkeNattKeepalive.java
index 5dd09e0..129a1f0 100644
--- a/src/java/com/android/internal/net/ipsec/ike/keepalive/IkeNattKeepalive.java
+++ b/src/java/com/android/internal/net/ipsec/ike/keepalive/IkeNattKeepalive.java
@@ -18,13 +18,11 @@
import static android.net.ipsec.ike.IkeManager.getIkeLog;
+import android.app.PendingIntent;
import android.content.Context;
-import android.net.ConnectivityManager;
import android.net.IpSecManager.UdpEncapsulationSocket;
import android.net.Network;
-import com.android.internal.net.ipsec.ike.utils.IkeAlarm.IkeAlarmConfig;
-
import java.io.IOException;
import java.net.Inet4Address;
@@ -37,55 +35,32 @@
public class IkeNattKeepalive {
private static final String TAG = "IkeNattKeepalive";
- private final Dependencies mDeps;
-
private NattKeepalive mNattKeepalive;
/** Construct an instance of IkeNattKeepalive */
public IkeNattKeepalive(
Context context,
- ConnectivityManager connectMgr,
int keepaliveDelaySeconds,
Inet4Address src,
Inet4Address dest,
UdpEncapsulationSocket socket,
Network network,
- IkeAlarmConfig ikeAlarmConfig)
- throws IOException {
- this(
- context,
- connectMgr,
- keepaliveDelaySeconds,
- src,
- dest,
- socket,
- network,
- ikeAlarmConfig,
- new Dependencies());
- }
-
- IkeNattKeepalive(
- Context context,
- ConnectivityManager connectMgr,
- int keepaliveDelaySeconds,
- Inet4Address src,
- Inet4Address dest,
- UdpEncapsulationSocket socket,
- Network network,
- IkeAlarmConfig ikeAlarmConfig,
- Dependencies deps)
+ PendingIntent keepAliveAlarmIntent)
throws IOException {
mNattKeepalive =
new HardwareKeepaliveImpl(
context,
- connectMgr,
keepaliveDelaySeconds,
src,
dest,
socket,
network,
- new HardwareKeepaliveCb(context, dest, socket, ikeAlarmConfig));
- mDeps = deps;
+ new HardwareKeepaliveCb(
+ context,
+ keepaliveDelaySeconds,
+ dest,
+ socket,
+ keepAliveAlarmIntent));
}
/** Start keepalive */
@@ -117,31 +92,24 @@
void onAlarmFired();
}
- static class Dependencies {
- SoftwareKeepaliveImpl createSoftwareKeepaliveImpl(
- Context context,
- Inet4Address dest,
- UdpEncapsulationSocket socket,
- IkeAlarmConfig alarmConfig) {
- return new SoftwareKeepaliveImpl(context, dest, socket, alarmConfig);
- }
- }
-
private class HardwareKeepaliveCb implements HardwareKeepaliveImpl.HardwareKeepaliveCallback {
private final Context mContext;
+ private final int mKeepaliveDelaySeconds;
private final Inet4Address mDest;
private final UdpEncapsulationSocket mSocket;
- private final IkeAlarmConfig mIkeAlarmConfig;
+ private final PendingIntent mKeepAliveAlarmIntent;
HardwareKeepaliveCb(
Context context,
+ int keepaliveDelaySeconds,
Inet4Address dest,
UdpEncapsulationSocket socket,
- IkeAlarmConfig ikeAlarmConfig) {
+ PendingIntent keepAliveAlarmIntent) {
mContext = context;
+ mKeepaliveDelaySeconds = keepaliveDelaySeconds;
mDest = dest;
mSocket = socket;
- mIkeAlarmConfig = ikeAlarmConfig;
+ mKeepAliveAlarmIntent = keepAliveAlarmIntent;
}
@Override
@@ -150,7 +118,12 @@
mNattKeepalive.stop();
mNattKeepalive =
- mDeps.createSoftwareKeepaliveImpl(mContext, mDest, mSocket, mIkeAlarmConfig);
+ new SoftwareKeepaliveImpl(
+ mContext,
+ mKeepaliveDelaySeconds,
+ mDest,
+ mSocket,
+ mKeepAliveAlarmIntent);
mNattKeepalive.start();
}
@@ -158,12 +131,9 @@
public void onNetworkError() {
// Stop doing keepalive when getting network error since it will also fail software
// keepalive. Considering the only user of IkeNattKeepalive is IkeSessionStateMachine,
- // not notifying user this error won't bring user extra risk. When there is a network
+ // not notifying user this error won't bring user extral risk. When there is a network
// error, IkeSessionStateMachine will eventually hit the max request retransmission
// times and be terminated anyway.
-
- // TODO: b/182209475 Terminate IKE Sessions when
- // HardwareKeepaliveCallback#onNetworkError is fired
stop();
}
}
diff --git a/src/java/com/android/internal/net/ipsec/ike/keepalive/SoftwareKeepaliveImpl.java b/src/java/com/android/internal/net/ipsec/ike/keepalive/SoftwareKeepaliveImpl.java
index b0e0309..af39d6e 100644
--- a/src/java/com/android/internal/net/ipsec/ike/keepalive/SoftwareKeepaliveImpl.java
+++ b/src/java/com/android/internal/net/ipsec/ike/keepalive/SoftwareKeepaliveImpl.java
@@ -18,18 +18,20 @@
import static android.net.ipsec.ike.IkeManager.getIkeLog;
+import android.app.AlarmManager;
+import android.app.PendingIntent;
import android.content.Context;
import android.net.IpSecManager.UdpEncapsulationSocket;
+import android.os.SystemClock;
import android.system.ErrnoException;
import android.system.Os;
import com.android.internal.net.ipsec.ike.IkeSocket;
-import com.android.internal.net.ipsec.ike.utils.IkeAlarm;
-import com.android.internal.net.ipsec.ike.utils.IkeAlarm.IkeAlarmConfig;
import java.net.Inet4Address;
import java.net.SocketException;
import java.nio.ByteBuffer;
+import java.util.concurrent.TimeUnit;
/** This class provides methods to schedule and send keepalive packet. */
public final class SoftwareKeepaliveImpl implements IkeNattKeepalive.NattKeepalive {
@@ -38,9 +40,11 @@
// NAT-Keepalive packet payload as per RFC 3948
private static final byte[] NATT_KEEPALIVE_PAYLOAD = new byte[] {(byte) 0xff};
+ private final long mKeepaliveDelayMs;
private final UdpEncapsulationSocket mSocket;
private final Inet4Address mDestAddress;
- private final IkeAlarm mIkeAlarm;
+ private final AlarmManager mAlarmMgr;
+ private final PendingIntent mKeepaliveIntent;
/**
* Construct an instance of SoftwareKeepaliveImpl
@@ -49,17 +53,16 @@
*/
public SoftwareKeepaliveImpl(
Context context,
+ int keepaliveDelaySeconds,
Inet4Address dest,
UdpEncapsulationSocket socket,
- IkeAlarmConfig alarmConfig) {
+ PendingIntent keepAliveAlarmIntent) {
+ mKeepaliveDelayMs = TimeUnit.SECONDS.toMillis(keepaliveDelaySeconds);
mSocket = socket;
- mDestAddress = dest;
- // It is time-critical to send packets periodically to keep the dynamic NAT mapping
- // alive. Thus, the alarm has to be "setExact" to avoid batching delay (can be at most 75%)
- // and allowed to goes off when the device is in doze mode. There will still be a rate limit
- // on firing alarms. Please check AlarmManager#setExactAndAllowWhileIdle for more details.
- mIkeAlarm = IkeAlarm.newExactAndAllowWhileIdleAlarm(alarmConfig);
+ mAlarmMgr = (AlarmManager) context.getSystemService(Context.ALARM_SERVICE);
+ mDestAddress = dest;
+ mKeepaliveIntent = keepAliveAlarmIntent;
}
@Override
@@ -69,7 +72,8 @@
@Override
public void stop() {
- mIkeAlarm.cancel();
+ mAlarmMgr.cancel(mKeepaliveIntent);
+ mKeepaliveIntent.cancel();
}
@Override
@@ -79,7 +83,6 @@
/** Send out keepalive packet and schedule next keepalive event */
private void sendKeepaliveAndScheduleNext() {
- getIkeLog().d(TAG, "Send keepalive to " + mDestAddress.getHostAddress());
try {
Os.sendto(
mSocket.getFileDescriptor(),
@@ -92,6 +95,13 @@
getIkeLog().i(TAG, "Failed to keepalive packet to " + mDestAddress.getHostAddress(), e);
}
- mIkeAlarm.schedule();
+ // It is time-critical to send packets periodically to keep the dynamic NAT mapping
+ // alive. Thus, the alarm has to be "setExact" to avoid batching delay (can be at most 75%)
+ // and allowed to goes off when the device is in doze mode. There will still be a rate limit
+ // on firing alarms. Please check AlarmManager#setExactAndAllowWhileIdle for more details.
+ mAlarmMgr.setExactAndAllowWhileIdle(
+ AlarmManager.ELAPSED_REALTIME_WAKEUP,
+ SystemClock.elapsedRealtime() + mKeepaliveDelayMs,
+ mKeepaliveIntent);
}
}
diff --git a/src/java/com/android/internal/net/ipsec/ike/message/IkeAuthDigitalSignPayload.java b/src/java/com/android/internal/net/ipsec/ike/message/IkeAuthDigitalSignPayload.java
index 839b17b..956e9be 100644
--- a/src/java/com/android/internal/net/ipsec/ike/message/IkeAuthDigitalSignPayload.java
+++ b/src/java/com/android/internal/net/ipsec/ike/message/IkeAuthDigitalSignPayload.java
@@ -16,16 +16,12 @@
package com.android.internal.net.ipsec.ike.message;
-import static android.net.ipsec.ike.IkeManager.getIkeLog;
-
import android.annotation.StringDef;
-import android.net.ipsec.ike.exceptions.AuthenticationFailedException;
import android.net.ipsec.ike.exceptions.IkeProtocolException;
-import android.net.ipsec.ike.exceptions.InvalidSyntaxException;
-import android.util.ArraySet;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.net.ipsec.ike.crypto.IkeMacPrf;
+import com.android.internal.net.ipsec.ike.exceptions.AuthenticationFailedException;
import com.android.internal.net.ipsec.ike.message.IkeAuthPayload.AuthMethod;
import java.lang.annotation.Retention;
@@ -39,7 +35,6 @@
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
-import java.util.Set;
/**
* IkeAuthDigitalSignPayload represents Authentication Payload using a specific or generic digital
@@ -55,8 +50,6 @@
* Internet Key Exchange Version 2 (IKEv2)</a>
*/
public class IkeAuthDigitalSignPayload extends IkeAuthPayload {
- private static final String TAG = IkeAuthDigitalSignPayload.class.getSimpleName();
-
private static final String KEY_ALGO_NAME = "RSA";
private static final byte SIGNATURE_ALGO_ASN1_BYTES_LEN = (byte) 15;
private static final byte SIGNATURE_ALGO_ASN1_BYTES_LEN_LEN = (byte) 1;
@@ -121,14 +114,6 @@
HASH_ALGORITHM_RSA_SHA2_384,
HASH_ALGORITHM_RSA_SHA2_512
};
- private static final Set<Short> ALL_SIGNATURE_ALGO_TYPES_SET = new ArraySet<>();
-
- static {
- ALL_SIGNATURE_ALGO_TYPES_SET.add(HASH_ALGORITHM_RSA_SHA1);
- ALL_SIGNATURE_ALGO_TYPES_SET.add(HASH_ALGORITHM_RSA_SHA2_256);
- ALL_SIGNATURE_ALGO_TYPES_SET.add(HASH_ALGORITHM_RSA_SHA2_384);
- ALL_SIGNATURE_ALGO_TYPES_SET.add(HASH_ALGORITHM_RSA_SHA2_512);
- }
public final String signatureAndHashAlgos;
public final byte[] signature;
@@ -308,39 +293,4 @@
public String getTypeString() {
return "Auth(Digital Sign)";
}
-
- /**
- * Gets the Signature Hash Algorithsm from the specified IkeNotifyPayload.
- *
- * @param notifyPayload IkeNotifyPayload to read serialized Signature Hash Algorithms from. The
- * payload type must be SIGNATURE_HASH_ALGORITHMS.
- * @return Set<Short> the Signature Hash Algorithms included in the notifyPayload.
- * @throws InvalidSyntaxException if the included Signature Hash Algorithms are not serialized
- * correctly
- */
- public static Set<Short> getSignatureHashAlgorithmsFromIkeNotifyPayload(
- IkeNotifyPayload notifyPayload) throws InvalidSyntaxException {
- if (notifyPayload.notifyType != IkeNotifyPayload.NOTIFY_TYPE_SIGNATURE_HASH_ALGORITHMS) {
- throw new IllegalArgumentException(
- "Notify payload type must be SIGNATURE_HASH_ALGORITHMS");
- }
-
- // Hash Algorithm Identifiers are encoded as 16-bit values with no padding (RFC 7427#4)
- int dataLen = notifyPayload.notifyData.length;
- if (dataLen % 2 != 0) {
- throw new InvalidSyntaxException(
- "Received notify(SIGNATURE_HASH_ALGORITHMS) with invalid notify data");
- }
-
- Set<Short> hashAlgos = new ArraySet<>();
- ByteBuffer serializedHashAlgos = ByteBuffer.wrap(notifyPayload.notifyData);
- while (serializedHashAlgos.hasRemaining()) {
- short hashAlgo = serializedHashAlgos.getShort();
- if (!ALL_SIGNATURE_ALGO_TYPES_SET.contains(hashAlgo) || !hashAlgos.add(hashAlgo)) {
- getIkeLog().w(TAG, "Unexpected or repeated Signature Hash Algorithm: " + hashAlgo);
- }
- }
-
- return hashAlgos;
- }
}
diff --git a/src/java/com/android/internal/net/ipsec/ike/message/IkeAuthPayload.java b/src/java/com/android/internal/net/ipsec/ike/message/IkeAuthPayload.java
index adc880e..e36b9be 100644
--- a/src/java/com/android/internal/net/ipsec/ike/message/IkeAuthPayload.java
+++ b/src/java/com/android/internal/net/ipsec/ike/message/IkeAuthPayload.java
@@ -17,10 +17,10 @@
package com.android.internal.net.ipsec.ike.message;
import android.annotation.IntDef;
-import android.net.ipsec.ike.exceptions.AuthenticationFailedException;
import android.net.ipsec.ike.exceptions.IkeProtocolException;
import com.android.internal.net.ipsec.ike.crypto.IkeMacPrf;
+import com.android.internal.net.ipsec.ike.exceptions.AuthenticationFailedException;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
diff --git a/src/java/com/android/internal/net/ipsec/ike/message/IkeAuthPskPayload.java b/src/java/com/android/internal/net/ipsec/ike/message/IkeAuthPskPayload.java
index 6791546..93bef17 100644
--- a/src/java/com/android/internal/net/ipsec/ike/message/IkeAuthPskPayload.java
+++ b/src/java/com/android/internal/net/ipsec/ike/message/IkeAuthPskPayload.java
@@ -16,9 +16,8 @@
package com.android.internal.net.ipsec.ike.message;
-import android.net.ipsec.ike.exceptions.AuthenticationFailedException;
-
import com.android.internal.net.ipsec.ike.crypto.IkeMacPrf;
+import com.android.internal.net.ipsec.ike.exceptions.AuthenticationFailedException;
import java.nio.ByteBuffer;
import java.util.Arrays;
diff --git a/src/java/com/android/internal/net/ipsec/ike/message/IkeCertPayload.java b/src/java/com/android/internal/net/ipsec/ike/message/IkeCertPayload.java
index fb89a75..d75607e 100644
--- a/src/java/com/android/internal/net/ipsec/ike/message/IkeCertPayload.java
+++ b/src/java/com/android/internal/net/ipsec/ike/message/IkeCertPayload.java
@@ -18,9 +18,10 @@
import android.annotation.IntDef;
import android.annotation.Nullable;
-import android.net.ipsec.ike.exceptions.AuthenticationFailedException;
import android.net.ipsec.ike.exceptions.IkeProtocolException;
+import com.android.internal.net.ipsec.ike.exceptions.AuthenticationFailedException;
+
import java.io.IOException;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
diff --git a/src/java/com/android/internal/net/ipsec/ike/message/IkeCertX509CertPayload.java b/src/java/com/android/internal/net/ipsec/ike/message/IkeCertX509CertPayload.java
index 9cc3e8c..4a26f7e 100644
--- a/src/java/com/android/internal/net/ipsec/ike/message/IkeCertX509CertPayload.java
+++ b/src/java/com/android/internal/net/ipsec/ike/message/IkeCertX509CertPayload.java
@@ -16,9 +16,10 @@
package com.android.internal.net.ipsec.ike.message;
-import android.net.ipsec.ike.exceptions.AuthenticationFailedException;
import android.net.ipsec.ike.exceptions.IkeProtocolException;
+import com.android.internal.net.ipsec.ike.exceptions.AuthenticationFailedException;
+
import java.io.ByteArrayInputStream;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
diff --git a/src/java/com/android/internal/net/ipsec/ike/message/IkeConfigPayload.java b/src/java/com/android/internal/net/ipsec/ike/message/IkeConfigPayload.java
index f5781fa..778faa4 100644
--- a/src/java/com/android/internal/net/ipsec/ike/message/IkeConfigPayload.java
+++ b/src/java/com/android/internal/net/ipsec/ike/message/IkeConfigPayload.java
@@ -30,11 +30,9 @@
import android.net.ipsec.ike.TunnelModeChildSessionParams.ConfigRequestIpv6Address;
import android.net.ipsec.ike.TunnelModeChildSessionParams.ConfigRequestIpv6DnsServer;
import android.net.ipsec.ike.TunnelModeChildSessionParams.TunnelModeChildConfigRequest;
-import android.net.ipsec.ike.exceptions.InvalidSyntaxException;
-import android.os.PersistableBundle;
import com.android.internal.annotations.VisibleForTesting;
-import com.android.server.vcn.util.PersistableBundleUtils;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidSyntaxException;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
@@ -42,13 +40,11 @@
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.UnknownHostException;
-import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.LinkedList;
import java.util.List;
-import java.util.Objects;
/**
* This class represents Configuration payload.
@@ -115,7 +111,7 @@
configType = Byte.toUnsignedInt(inputBuffer.get());
inputBuffer.get(new byte[CONFIG_HEADER_RESERVED_LEN]);
- recognizedAttributeList = ConfigAttribute.decodeAttributesFrom(inputBuffer);
+ recognizedAttributeList = ConfigAttribute.decodeAttributeFrom(inputBuffer);
// For an inbound Config Payload, IKE library is only able to handle a Config Reply or IKE
// Session attribute requests in a Config Request. For interoperability, netmask validation
@@ -170,8 +166,6 @@
/** This class represents common information of all Configuration Attributes. */
public abstract static class ConfigAttribute {
- private static final String ENCODED_ATTRIBUTE_BYTES_KEY = "encodedAttribute";
-
private static final int ATTRIBUTE_TYPE_MASK = 0x7fff;
private static final int ATTRIBUTE_HEADER_LEN = 4;
@@ -198,113 +192,68 @@
}
/**
- * Constructs this object by deserializing a PersistableBundle.
- *
- * <p>Constructed ConfigAttributes are guaranteed to be valid, as checked by
- * #decodeAttributesFrom(ByteBuffer)
- */
- public static ConfigAttribute fromPersistableBundle(PersistableBundle in) {
- Objects.requireNonNull(in, "PersistableBundle is null");
-
- PersistableBundle byteArrayBundle =
- in.getPersistableBundle(ENCODED_ATTRIBUTE_BYTES_KEY);
- ByteBuffer buffer =
- ByteBuffer.wrap(PersistableBundleUtils.toByteArray(byteArrayBundle));
-
- ConfigAttribute attribute;
- try {
- attribute = decodeSingleAttributeFrom(buffer);
- } catch (NegativeArraySizeException
- | BufferUnderflowException
- | InvalidSyntaxException e) {
- throw new IllegalArgumentException(
- "PersistableBundle contains invalid Config request");
- }
-
- if (buffer.hasRemaining()) {
- throw new IllegalArgumentException(
- "Unexpected trailing bytes in Config request PersistableBundle");
- }
-
- return attribute;
- }
-
- /** Serializes this object to a PersistableBundle */
- public PersistableBundle toPersistableBundle() {
- final PersistableBundle result = new PersistableBundle();
-
- ByteBuffer buffer = ByteBuffer.allocate(getAttributeLen());
- encodeAttributeToByteBuffer(buffer);
-
- result.putPersistableBundle(
- ENCODED_ATTRIBUTE_BYTES_KEY,
- PersistableBundleUtils.fromByteArray(buffer.array()));
- return result;
- }
-
- /**
* Package private method to decode ConfigAttribute list from an inbound packet
*
* <p>NegativeArraySizeException and BufferUnderflowException will be caught in {@link
* IkeMessage}
*/
- static List<ConfigAttribute> decodeAttributesFrom(ByteBuffer inputBuffer)
+ static List<ConfigAttribute> decodeAttributeFrom(ByteBuffer inputBuffer)
throws InvalidSyntaxException {
List<ConfigAttribute> configList = new LinkedList();
while (inputBuffer.hasRemaining()) {
- ConfigAttribute attribute = decodeSingleAttributeFrom(inputBuffer);
- if (attribute != null) {
- configList.add(attribute);
+ int attributeType = Short.toUnsignedInt(inputBuffer.getShort());
+ int length = Short.toUnsignedInt(inputBuffer.getShort());
+ byte[] value = new byte[length];
+ inputBuffer.get(value);
+
+ switch (attributeType) {
+ case CONFIG_ATTR_INTERNAL_IP4_ADDRESS:
+ configList.add(new ConfigAttributeIpv4Address(value));
+ break;
+ case CONFIG_ATTR_INTERNAL_IP4_NETMASK:
+ configList.add(new ConfigAttributeIpv4Netmask(value));
+ break;
+ case CONFIG_ATTR_INTERNAL_IP4_DNS:
+ configList.add(new ConfigAttributeIpv4Dns(value));
+ break;
+ case CONFIG_ATTR_INTERNAL_IP4_DHCP:
+ configList.add(new ConfigAttributeIpv4Dhcp(value));
+ break;
+ case CONFIG_ATTR_APPLICATION_VERSION:
+ configList.add(new ConfigAttributeAppVersion(value));
+ break;
+ case CONFIG_ATTR_INTERNAL_IP6_ADDRESS:
+ configList.add(new ConfigAttributeIpv6Address(value));
+ break;
+ case CONFIG_ATTR_INTERNAL_IP6_DNS:
+ configList.add(new ConfigAttributeIpv6Dns(value));
+ break;
+ case CONFIG_ATTR_INTERNAL_IP4_SUBNET:
+ configList.add(new ConfigAttributeIpv4Subnet(value));
+ break;
+ case CONFIG_ATTR_INTERNAL_IP6_SUBNET:
+ configList.add(new ConfigAttributeIpv6Subnet(value));
+ break;
+ case CONFIG_ATTR_IP4_PCSCF:
+ configList.add(new ConfigAttributeIpv4Pcscf(value));
+ break;
+ case CONFIG_ATTR_IP6_PCSCF:
+ configList.add(new ConfigAttributeIpv6Pcscf(value));
+ break;
+ default:
+ IkeManager.getIkeLog()
+ .i(
+ "IkeConfigPayload",
+ "Unrecognized attribute type: " + attributeType);
}
+
+ // TODO: Support App version and supported attribute list
}
return configList;
}
- /**
- * Method to decode a single ConfigAttribute from a ByteBuffer.
- *
- * <p>Caller should be responsible for handling NegativeArraySizeException and
- * BufferUnderflowException.
- */
- private static ConfigAttribute decodeSingleAttributeFrom(ByteBuffer inputBuffer)
- throws InvalidSyntaxException {
- int attributeType = Short.toUnsignedInt(inputBuffer.getShort());
- int length = Short.toUnsignedInt(inputBuffer.getShort());
- byte[] value = new byte[length];
- inputBuffer.get(value);
-
- switch (attributeType) {
- case CONFIG_ATTR_INTERNAL_IP4_ADDRESS:
- return new ConfigAttributeIpv4Address(value);
- case CONFIG_ATTR_INTERNAL_IP4_NETMASK:
- return new ConfigAttributeIpv4Netmask(value);
- case CONFIG_ATTR_INTERNAL_IP4_DNS:
- return new ConfigAttributeIpv4Dns(value);
- case CONFIG_ATTR_INTERNAL_IP4_DHCP:
- return new ConfigAttributeIpv4Dhcp(value);
- case CONFIG_ATTR_APPLICATION_VERSION:
- return new ConfigAttributeAppVersion(value);
- case CONFIG_ATTR_INTERNAL_IP6_ADDRESS:
- return new ConfigAttributeIpv6Address(value);
- case CONFIG_ATTR_INTERNAL_IP6_DNS:
- return new ConfigAttributeIpv6Dns(value);
- case CONFIG_ATTR_INTERNAL_IP4_SUBNET:
- return new ConfigAttributeIpv4Subnet(value);
- case CONFIG_ATTR_INTERNAL_IP6_SUBNET:
- return new ConfigAttributeIpv6Subnet(value);
- case CONFIG_ATTR_IP4_PCSCF:
- return new ConfigAttributeIpv4Pcscf(value);
- case CONFIG_ATTR_IP6_PCSCF:
- return new ConfigAttributeIpv6Pcscf(value);
- default:
- IkeManager.getIkeLog()
- .i("IkeConfigPayload", "Unrecognized attribute type: " + attributeType);
- return null;
- }
- }
-
/** Encode attribute to ByteBuffer. */
public void encodeAttributeToByteBuffer(ByteBuffer buffer) {
buffer.putShort((short) (attributeType & ATTRIBUTE_TYPE_MASK))
@@ -322,20 +271,6 @@
return getValueLength() == VALUE_LEN_NOT_INCLUDED;
}
- @Override
- public int hashCode() {
- return Objects.hash(attributeType);
- }
-
- @Override
- public boolean equals(Object o) {
- if (!(o instanceof ConfigAttribute)) {
- return false;
- }
-
- return attributeType == ((ConfigAttribute) o).attributeType;
- }
-
protected static int netmaskToPrefixLen(Inet4Address address) {
byte[] bytes = address.getAddress();
@@ -456,23 +391,6 @@
protected boolean isLengthValid(int length) {
return length == IPV4_ADDRESS_LEN || length == VALUE_LEN_NOT_INCLUDED;
}
-
- @Override
- public int hashCode() {
- return Objects.hash(super.hashCode(), address);
- }
-
- @Override
- public boolean equals(Object o) {
- if (!super.equals(o) || !(o instanceof TunnelModeChildConfigAttrIpv4AddressBase)) {
- return false;
- }
-
- TunnelModeChildConfigAttrIpv4AddressBase other =
- (TunnelModeChildConfigAttrIpv4AddressBase) o;
-
- return Objects.equals(address, other.address);
- }
}
/**
@@ -530,22 +448,6 @@
protected boolean isLengthValid(int length) {
return length == IPV4_ADDRESS_LEN || length == VALUE_LEN_NOT_INCLUDED;
}
-
- @Override
- public int hashCode() {
- return Objects.hash(super.hashCode(), address);
- }
-
- @Override
- public boolean equals(Object o) {
- if (!super.equals(o) || !(o instanceof IkeConfigAttrIpv4AddressBase)) {
- return false;
- }
-
- IkeConfigAttrIpv4AddressBase other = (IkeConfigAttrIpv4AddressBase) o;
-
- return Objects.equals(address, other.address);
- }
}
/** This class represents Configuration Attribute for IPv4 internal address. */
@@ -763,22 +665,6 @@
protected boolean isLengthValid(int length) {
return length == VALUE_LEN || length == VALUE_LEN_NOT_INCLUDED;
}
-
- @Override
- public int hashCode() {
- return Objects.hash(super.hashCode(), linkAddress);
- }
-
- @Override
- public boolean equals(Object o) {
- if (!super.equals(o) || !(o instanceof ConfigAttributeIpv4Subnet)) {
- return false;
- }
-
- ConfigAttributeIpv4Subnet other = (ConfigAttributeIpv4Subnet) o;
-
- return Objects.equals(linkAddress, other.linkAddress);
- }
}
/** This class represents an IPv4 P_CSCF address attribute */
@@ -866,23 +752,6 @@
protected boolean isLengthValid(int length) {
return length == IPV6_ADDRESS_LEN || length == VALUE_LEN_NOT_INCLUDED;
}
-
- @Override
- public int hashCode() {
- return Objects.hash(super.hashCode(), address);
- }
-
- @Override
- public boolean equals(Object o) {
- if (!super.equals(o) || !(o instanceof TunnelModeChildConfigAttrIpv6AddressBase)) {
- return false;
- }
-
- TunnelModeChildConfigAttrIpv6AddressBase other =
- (TunnelModeChildConfigAttrIpv6AddressBase) o;
-
- return Objects.equals(address, other.address);
- }
}
/**
@@ -940,22 +809,6 @@
protected boolean isLengthValid(int length) {
return length == IPV6_ADDRESS_LEN || length == VALUE_LEN_NOT_INCLUDED;
}
-
- @Override
- public int hashCode() {
- return Objects.hash(super.hashCode(), address);
- }
-
- @Override
- public boolean equals(Object o) {
- if (!super.equals(o) || !(o instanceof IkeConfigAttrIpv6AddressBase)) {
- return false;
- }
-
- IkeConfigAttrIpv6AddressBase other = (IkeConfigAttrIpv6AddressBase) o;
-
- return Objects.equals(address, other.address);
- }
}
/**
@@ -1033,23 +886,6 @@
protected boolean isLengthValid(int length) {
return length == VALUE_LEN || length == VALUE_LEN_NOT_INCLUDED;
}
-
- @Override
- public int hashCode() {
- return Objects.hash(super.hashCode(), linkAddress);
- }
-
- @Override
- public boolean equals(Object o) {
- if (!super.equals(o) || !(o instanceof TunnelModeChildConfigAttrIpv6AddrRangeBase)) {
- return false;
- }
-
- TunnelModeChildConfigAttrIpv6AddrRangeBase other =
- (TunnelModeChildConfigAttrIpv6AddrRangeBase) o;
-
- return Objects.equals(linkAddress, other.linkAddress);
- }
}
/** This class represents Configuration Attribute for IPv6 internal addresses. */
@@ -1211,22 +1047,6 @@
protected boolean isLengthValid(int length) {
return length >= 0;
}
-
- @Override
- public int hashCode() {
- return Objects.hash(super.hashCode(), applicationVersion);
- }
-
- @Override
- public boolean equals(Object o) {
- if (!super.equals(o) || !(o instanceof ConfigAttributeAppVersion)) {
- return false;
- }
-
- ConfigAttributeAppVersion other = (ConfigAttributeAppVersion) o;
-
- return Objects.equals(applicationVersion, other.applicationVersion);
- }
}
/**
diff --git a/src/java/com/android/internal/net/ipsec/ike/message/IkeDeletePayload.java b/src/java/com/android/internal/net/ipsec/ike/message/IkeDeletePayload.java
index 3777c74..f629f50 100644
--- a/src/java/com/android/internal/net/ipsec/ike/message/IkeDeletePayload.java
+++ b/src/java/com/android/internal/net/ipsec/ike/message/IkeDeletePayload.java
@@ -17,7 +17,8 @@
package com.android.internal.net.ipsec.ike.message;
import android.net.ipsec.ike.exceptions.IkeProtocolException;
-import android.net.ipsec.ike.exceptions.InvalidSyntaxException;
+
+import com.android.internal.net.ipsec.ike.exceptions.InvalidSyntaxException;
import java.nio.ByteBuffer;
diff --git a/src/java/com/android/internal/net/ipsec/ike/message/IkeHeader.java b/src/java/com/android/internal/net/ipsec/ike/message/IkeHeader.java
index 34a7174..7aa4fbc 100644
--- a/src/java/com/android/internal/net/ipsec/ike/message/IkeHeader.java
+++ b/src/java/com/android/internal/net/ipsec/ike/message/IkeHeader.java
@@ -20,11 +20,11 @@
import android.annotation.IntDef;
import android.net.ipsec.ike.exceptions.IkeProtocolException;
-import android.net.ipsec.ike.exceptions.InvalidMajorVersionException;
-import android.net.ipsec.ike.exceptions.InvalidSyntaxException;
import android.util.SparseArray;
import com.android.internal.annotations.VisibleForTesting;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidMajorVersionException;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidSyntaxException;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
diff --git a/src/java/com/android/internal/net/ipsec/ike/message/IkeIdPayload.java b/src/java/com/android/internal/net/ipsec/ike/message/IkeIdPayload.java
index 95d92c2..2864fd8 100644
--- a/src/java/com/android/internal/net/ipsec/ike/message/IkeIdPayload.java
+++ b/src/java/com/android/internal/net/ipsec/ike/message/IkeIdPayload.java
@@ -23,9 +23,10 @@
import android.net.ipsec.ike.IkeIpv6AddrIdentification;
import android.net.ipsec.ike.IkeKeyIdIdentification;
import android.net.ipsec.ike.IkeRfc822AddrIdentification;
-import android.net.ipsec.ike.exceptions.AuthenticationFailedException;
import android.net.ipsec.ike.exceptions.IkeProtocolException;
-import android.net.ipsec.ike.exceptions.InvalidSyntaxException;
+
+import com.android.internal.net.ipsec.ike.exceptions.AuthenticationFailedException;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidSyntaxException;
import java.nio.ByteBuffer;
import java.security.cert.X509Certificate;
diff --git a/src/java/com/android/internal/net/ipsec/ike/message/IkeKePayload.java b/src/java/com/android/internal/net/ipsec/ike/message/IkeKePayload.java
index f1d7716..882aa16 100644
--- a/src/java/com/android/internal/net/ipsec/ike/message/IkeKePayload.java
+++ b/src/java/com/android/internal/net/ipsec/ike/message/IkeKePayload.java
@@ -16,23 +16,12 @@
package com.android.internal.net.ipsec.ike.message;
-import static android.net.ipsec.ike.SaProposal.DH_GROUP_1024_BIT_MODP;
-import static android.net.ipsec.ike.SaProposal.DH_GROUP_1536_BIT_MODP;
-import static android.net.ipsec.ike.SaProposal.DH_GROUP_2048_BIT_MODP;
-import static android.net.ipsec.ike.SaProposal.DH_GROUP_3072_BIT_MODP;
-import static android.net.ipsec.ike.SaProposal.DH_GROUP_4096_BIT_MODP;
-import static android.net.ipsec.ike.SaProposal.DH_GROUP_CURVE_25519;
-
-import static com.android.internal.net.utils.BigIntegerUtils.unsignedHexStringToBigInteger;
-
import android.annotation.Nullable;
import android.net.ipsec.ike.SaProposal;
import android.net.ipsec.ike.exceptions.IkeProtocolException;
-import android.net.ipsec.ike.exceptions.InvalidSyntaxException;
-import android.util.SparseArray;
-import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.net.ipsec.ike.IkeDhParams;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidSyntaxException;
import com.android.internal.net.ipsec.ike.utils.RandomnessFactory;
import com.android.internal.net.utils.BigIntegerUtils;
@@ -45,18 +34,15 @@
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
import java.security.ProviderException;
-import java.security.PublicKey;
import java.security.SecureRandom;
-import java.security.spec.X509EncodedKeySpec;
-import java.util.Arrays;
+import java.security.spec.InvalidKeySpecException;
import javax.crypto.KeyAgreement;
import javax.crypto.interfaces.DHPrivateKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
+import javax.crypto.spec.DHPrivateKeySpec;
import javax.crypto.spec.DHPublicKeySpec;
/**
@@ -73,58 +59,13 @@
private static final int KE_HEADER_RESERVED = 0;
// Key exchange data length in octets
- private static final int DH_GROUP_1024_BIT_MODP_PUBLIC_KEY_LEN = 128;
- private static final int DH_GROUP_1536_BIT_MODP_PUBLIC_KEY_LEN = 192;
- private static final int DH_GROUP_2048_BIT_MODP_PUBLIC_KEY_LEN = 256;
- private static final int DH_GROUP_3072_BIT_MODP_PUBLIC_KEY_LEN = 384;
- private static final int DH_GROUP_4096_BIT_MODP_PUBLIC_KEY_LEN = 512;
- private static final int DH_GROUP_CURVE_25519_PUBLIC_KEY_LEN = 32;
-
- private static final SparseArray<Integer> PUBLIC_KEY_LEN_MAP = new SparseArray<>();
-
- static {
- PUBLIC_KEY_LEN_MAP.put(DH_GROUP_1024_BIT_MODP, DH_GROUP_1024_BIT_MODP_PUBLIC_KEY_LEN);
- PUBLIC_KEY_LEN_MAP.put(DH_GROUP_1536_BIT_MODP, DH_GROUP_1536_BIT_MODP_PUBLIC_KEY_LEN);
- PUBLIC_KEY_LEN_MAP.put(DH_GROUP_2048_BIT_MODP, DH_GROUP_2048_BIT_MODP_PUBLIC_KEY_LEN);
- PUBLIC_KEY_LEN_MAP.put(DH_GROUP_3072_BIT_MODP, DH_GROUP_3072_BIT_MODP_PUBLIC_KEY_LEN);
- PUBLIC_KEY_LEN_MAP.put(DH_GROUP_4096_BIT_MODP, DH_GROUP_4096_BIT_MODP_PUBLIC_KEY_LEN);
- PUBLIC_KEY_LEN_MAP.put(DH_GROUP_CURVE_25519, DH_GROUP_CURVE_25519_PUBLIC_KEY_LEN);
- }
-
- private static final SparseArray<BigInteger> MODP_PRIME_MAP = new SparseArray<>();
-
- static {
- MODP_PRIME_MAP.put(
- DH_GROUP_1024_BIT_MODP,
- unsignedHexStringToBigInteger(IkeDhParams.PRIME_1024_BIT_MODP));
- MODP_PRIME_MAP.put(
- DH_GROUP_1536_BIT_MODP,
- unsignedHexStringToBigInteger(IkeDhParams.PRIME_1536_BIT_MODP));
- MODP_PRIME_MAP.put(
- DH_GROUP_2048_BIT_MODP,
- unsignedHexStringToBigInteger(IkeDhParams.PRIME_2048_BIT_MODP));
- MODP_PRIME_MAP.put(
- DH_GROUP_3072_BIT_MODP,
- unsignedHexStringToBigInteger(IkeDhParams.PRIME_3072_BIT_MODP));
- MODP_PRIME_MAP.put(
- DH_GROUP_4096_BIT_MODP,
- unsignedHexStringToBigInteger(IkeDhParams.PRIME_4096_BIT_MODP));
- }
-
- // Invariable header of an X509 format Curve 25519 public key defined in RFC8410
- private static final byte[] CURVE_25519_X509_PUB_KEY_HEADER = {
- (byte) 0x30, (byte) 0x2a, (byte) 0x30, (byte) 0x05,
- (byte) 0x06, (byte) 0x03, (byte) 0x2b, (byte) 0x65,
- (byte) 0x6e, (byte) 0x03, (byte) 0x21, (byte) 0x00
- };
+ private static final int DH_GROUP_1024_BIT_MODP_DATA_LEN = 128;
+ private static final int DH_GROUP_2048_BIT_MODP_DATA_LEN = 256;
+ private static final int DH_GROUP_3072_BIT_MODP_DATA_LEN = 384;
+ private static final int DH_GROUP_4096_BIT_MODP_DATA_LEN = 512;
// Algorithm name of Diffie-Hellman
- private static final String KEY_EXCHANGE_ALGORITHM_MODP = "DH";
-
- // Currently java does not support "ECDH", thus using AndroidOpenSSL (Conscrypt) provided "XDH"
- // who has the same key exchange flow.
- private static final String KEY_EXCHANGE_ALGORITHM_CURVE = "XDH";
- private static final String KEY_EXCHANGE_CURVE_PROVIDER = "AndroidOpenSSL";
+ private static final String KEY_EXCHANGE_ALGORITHM = "DH";
// TODO: Create a library initializer that checks if Provider supports DH algorithm.
@@ -145,7 +86,7 @@
* <p>localPrivateKey of a inbound payload will be set to null. Caller MUST ensure its an
* outbound payload before using localPrivateKey.
*/
- @Nullable public final PrivateKey localPrivateKey;
+ @Nullable public final DHPrivateKeySpec localPrivateKey;
/**
* Construct an instance of IkeKePayload in the context of IkePayloadFactory
@@ -157,8 +98,7 @@
* @see <a href="https://tools.ietf.org/html/rfc7296#page-76">RFC 7296, Internet Key Exchange
* Protocol Version 2 (IKEv2), Critical.
*/
- @VisibleForTesting
- public IkeKePayload(boolean critical, byte[] payloadBody) throws IkeProtocolException {
+ IkeKePayload(boolean critical, byte[] payloadBody) throws IkeProtocolException {
super(PAYLOAD_TYPE_KE, critical);
isOutbound = false;
@@ -167,34 +107,37 @@
ByteBuffer inputBuffer = ByteBuffer.wrap(payloadBody);
dhGroup = Short.toUnsignedInt(inputBuffer.getShort());
-
// Skip reserved field
inputBuffer.getShort();
int dataSize = payloadBody.length - KE_HEADER_LEN;
-
- // If DH group is recognized, check if dataSize matches the DH group type
- if (PUBLIC_KEY_LEN_MAP.contains(dhGroup) && dataSize != PUBLIC_KEY_LEN_MAP.get(dhGroup)) {
- throw new InvalidSyntaxException(
- "Expecting data size to be "
- + PUBLIC_KEY_LEN_MAP.get(dhGroup)
- + " but found "
- + dataSize);
+ // Check if dataSize matches the DH group type
+ boolean isValidSyntax = true;
+ switch (dhGroup) {
+ case SaProposal.DH_GROUP_1024_BIT_MODP:
+ isValidSyntax = DH_GROUP_1024_BIT_MODP_DATA_LEN == dataSize;
+ break;
+ case SaProposal.DH_GROUP_2048_BIT_MODP:
+ isValidSyntax = DH_GROUP_2048_BIT_MODP_DATA_LEN == dataSize;
+ break;
+ case SaProposal.DH_GROUP_3072_BIT_MODP:
+ isValidSyntax = DH_GROUP_3072_BIT_MODP_DATA_LEN == dataSize;
+ break;
+ case SaProposal.DH_GROUP_4096_BIT_MODP:
+ isValidSyntax = DH_GROUP_4096_BIT_MODP_DATA_LEN == dataSize;
+ break;
+ default:
+ // For unsupported DH group, we cannot check its syntax. Upper layer will ingore
+ // this payload.
+ }
+ if (!isValidSyntax) {
+ throw new InvalidSyntaxException("Invalid KE payload length for provided DH group.");
}
keyExchangeData = new byte[dataSize];
inputBuffer.get(keyExchangeData);
}
- /** Constructor for building an outbound KE payload. */
- private IkeKePayload(int dhGroup, byte[] keyExchangeData, PrivateKey localPrivateKey) {
- super(PAYLOAD_TYPE_KE, true /* critical */);
- this.dhGroup = dhGroup;
- this.isOutbound = true;
- this.keyExchangeData = keyExchangeData;
- this.localPrivateKey = localPrivateKey;
- }
-
/**
* Construct an instance of IkeKePayload for building an outbound packet.
*
@@ -208,33 +151,48 @@
* @see <a href="https://tools.ietf.org/html/rfc7296#page-76">RFC 7296, Internet Key Exchange
* Protocol Version 2 (IKEv2), Critical.
*/
- public static IkeKePayload createOutboundKePayload(
- @SaProposal.DhGroup int dh, RandomnessFactory randomnessFactory) {
- switch (dh) {
- case SaProposal.DH_GROUP_1024_BIT_MODP: // fall through
- case SaProposal.DH_GROUP_1536_BIT_MODP: // fall through
- case SaProposal.DH_GROUP_2048_BIT_MODP: // fall through
- case SaProposal.DH_GROUP_3072_BIT_MODP: // fall through
- case SaProposal.DH_GROUP_4096_BIT_MODP: // fall through
- return createOutboundModpKePayload(dh, randomnessFactory);
- case SaProposal.DH_GROUP_CURVE_25519:
- return createOutboundCurveKePayload(dh, randomnessFactory);
- default:
- throw new IllegalArgumentException("Unsupported DH group: " + dh);
- }
- }
+ public IkeKePayload(@SaProposal.DhGroup int dh, RandomnessFactory randomnessFactory) {
+ super(PAYLOAD_TYPE_KE, false);
- private static IkeKePayload createOutboundModpKePayload(
- @SaProposal.DhGroup int dh, RandomnessFactory randomnessFactory) {
- BigInteger prime = MODP_PRIME_MAP.get(dh);
- int keySize = PUBLIC_KEY_LEN_MAP.get(dh);
+ dhGroup = dh;
+ isOutbound = true;
+
+ BigInteger prime = BigInteger.ZERO;
+ int keySize = 0;
+ switch (dhGroup) {
+ case SaProposal.DH_GROUP_1024_BIT_MODP:
+ prime =
+ BigIntegerUtils.unsignedHexStringToBigInteger(
+ IkeDhParams.PRIME_1024_BIT_MODP);
+ keySize = DH_GROUP_1024_BIT_MODP_DATA_LEN;
+ break;
+ case SaProposal.DH_GROUP_2048_BIT_MODP:
+ prime =
+ BigIntegerUtils.unsignedHexStringToBigInteger(
+ IkeDhParams.PRIME_2048_BIT_MODP);
+ keySize = DH_GROUP_2048_BIT_MODP_DATA_LEN;
+ break;
+ case SaProposal.DH_GROUP_3072_BIT_MODP:
+ prime =
+ BigIntegerUtils.unsignedHexStringToBigInteger(
+ IkeDhParams.PRIME_3072_BIT_MODP);
+ keySize = DH_GROUP_3072_BIT_MODP_DATA_LEN;
+ break;
+ case SaProposal.DH_GROUP_4096_BIT_MODP:
+ prime =
+ BigIntegerUtils.unsignedHexStringToBigInteger(
+ IkeDhParams.PRIME_4096_BIT_MODP);
+ keySize = DH_GROUP_4096_BIT_MODP_DATA_LEN;
+ break;
+ default:
+ throw new IllegalArgumentException("DH group not supported: " + dh);
+ }
try {
BigInteger baseGen = BigInteger.valueOf(IkeDhParams.BASE_GENERATOR_MODP);
DHParameterSpec dhParams = new DHParameterSpec(prime, baseGen);
- KeyPairGenerator dhKeyPairGen =
- KeyPairGenerator.getInstance(KEY_EXCHANGE_ALGORITHM_MODP);
+ KeyPairGenerator dhKeyPairGen = KeyPairGenerator.getInstance(KEY_EXCHANGE_ALGORITHM);
SecureRandom random = randomnessFactory.getRandom();
random = random == null ? new SecureRandom() : random;
@@ -242,44 +200,22 @@
KeyPair keyPair = dhKeyPairGen.generateKeyPair();
- PrivateKey localPrivateKey = (DHPrivateKey) keyPair.getPrivate();
+ DHPrivateKey privateKey = (DHPrivateKey) keyPair.getPrivate();
+ DHPrivateKeySpec dhPrivateKeyspec =
+ new DHPrivateKeySpec(privateKey.getX(), prime, baseGen);
DHPublicKey publicKey = (DHPublicKey) keyPair.getPublic();
// Zero-pad the public key without the sign bit
- byte[] keyExchangeData =
+ keyExchangeData =
BigIntegerUtils.bigIntegerToUnsignedByteArray(publicKey.getY(), keySize);
-
- return new IkeKePayload(dh, keyExchangeData, localPrivateKey);
+ localPrivateKey = dhPrivateKeyspec;
} catch (NoSuchAlgorithmException e) {
- throw new ProviderException("Failed to obtain " + KEY_EXCHANGE_ALGORITHM_MODP, e);
+ throw new ProviderException("Failed to obtain " + KEY_EXCHANGE_ALGORITHM, e);
} catch (InvalidAlgorithmParameterException e) {
throw new IllegalArgumentException("Failed to initialize key generator", e);
}
}
- private static IkeKePayload createOutboundCurveKePayload(
- @SaProposal.DhGroup int dh, RandomnessFactory randomnessFactory) {
- try {
- KeyPairGenerator dhKeyPairGen =
- KeyPairGenerator.getInstance(
- KEY_EXCHANGE_ALGORITHM_CURVE, KEY_EXCHANGE_CURVE_PROVIDER);
- KeyPair keyPair = dhKeyPairGen.generateKeyPair();
-
- PrivateKey privateKey = keyPair.getPrivate();
- PublicKey publicKey = keyPair.getPublic();
- byte[] x509EncodedPubKeyBytes = publicKey.getEncoded();
- byte[] keyExchangeData =
- Arrays.copyOfRange(
- x509EncodedPubKeyBytes,
- CURVE_25519_X509_PUB_KEY_HEADER.length,
- x509EncodedPubKeyBytes.length);
-
- return new IkeKePayload(dh, keyExchangeData, privateKey);
- } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
- throw new ProviderException("Failed to obtain " + KEY_EXCHANGE_ALGORITHM_CURVE, e);
- }
- }
-
/**
* Encode KE payload to ByteBuffer.
*
@@ -308,46 +244,28 @@
/**
* Calculate the shared secret.
*
- * @param privateKey the local private key.
+ * @param privateKeySpec contains the local private key, DH prime and DH base generator.
* @param remotePublicKey the public key from remote server.
- * @param dhGroup the DH group.
* @throws GeneralSecurityException if the remote public key is invalid.
*/
- public static byte[] getSharedKey(PrivateKey privateKey, byte[] remotePublicKey, int dhGroup)
- throws GeneralSecurityException {
- switch (dhGroup) {
- case SaProposal.DH_GROUP_1024_BIT_MODP: // fall through
- case SaProposal.DH_GROUP_1536_BIT_MODP: // fall through
- case SaProposal.DH_GROUP_2048_BIT_MODP: // fall through
- case SaProposal.DH_GROUP_3072_BIT_MODP: // fall through
- case SaProposal.DH_GROUP_4096_BIT_MODP: // fall through
- return getModpSharedKey(privateKey, remotePublicKey, dhGroup);
- case SaProposal.DH_GROUP_CURVE_25519:
- return getCurveSharedKey(privateKey, remotePublicKey, dhGroup);
- default:
- throw new IllegalArgumentException("Invalid DH group: " + dhGroup);
- }
- }
-
- private static byte[] getModpSharedKey(
- PrivateKey privateKey, byte[] remotePublicKey, int dhGroup)
+ public static byte[] getSharedKey(DHPrivateKeySpec privateKeySpec, byte[] remotePublicKey)
throws GeneralSecurityException {
KeyAgreement dhKeyAgreement;
KeyFactory dhKeyFactory;
try {
- dhKeyAgreement = KeyAgreement.getInstance(KEY_EXCHANGE_ALGORITHM_MODP);
- dhKeyFactory = KeyFactory.getInstance(KEY_EXCHANGE_ALGORITHM_MODP);
-
// Apply local private key.
+ dhKeyAgreement = KeyAgreement.getInstance(KEY_EXCHANGE_ALGORITHM);
+ dhKeyFactory = KeyFactory.getInstance(KEY_EXCHANGE_ALGORITHM);
+ DHPrivateKey privateKey = (DHPrivateKey) dhKeyFactory.generatePrivate(privateKeySpec);
dhKeyAgreement.init(privateKey);
- } catch (NoSuchAlgorithmException | InvalidKeyException e) {
- throw new IllegalArgumentException("Failed to construct or initialize KeyAgreement", e);
+ } catch (NoSuchAlgorithmException | InvalidKeySpecException | InvalidKeyException e) {
+ throw new IllegalArgumentException("Failed to generate DH private key", e);
}
// Build public key.
BigInteger publicKeyValue = BigIntegerUtils.unsignedByteArrayToBigInteger(remotePublicKey);
- BigInteger primeValue = MODP_PRIME_MAP.get(dhGroup);
- BigInteger baseGenValue = BigInteger.valueOf(IkeDhParams.BASE_GENERATOR_MODP);
+ BigInteger primeValue = privateKeySpec.getP();
+ BigInteger baseGenValue = privateKeySpec.getG();
DHPublicKeySpec publicKeySpec =
new DHPublicKeySpec(publicKeyValue, primeValue, baseGenValue);
@@ -359,48 +277,6 @@
return dhKeyAgreement.generateSecret();
}
- private static byte[] getCurveSharedKey(
- PrivateKey privateKey, byte[] remotePublicKey, int dhGroup)
- throws GeneralSecurityException {
- KeyAgreement keyAgreement;
- KeyFactory keyFactory;
- try {
- keyAgreement =
- KeyAgreement.getInstance(
- KEY_EXCHANGE_ALGORITHM_CURVE, KEY_EXCHANGE_CURVE_PROVIDER);
- keyFactory =
- KeyFactory.getInstance(
- KEY_EXCHANGE_ALGORITHM_CURVE, KEY_EXCHANGE_CURVE_PROVIDER);
-
- // Apply local private key.
- keyAgreement.init(privateKey);
- } catch (NoSuchAlgorithmException | InvalidKeyException e) {
- throw new IllegalArgumentException("Failed to construct or initialize KeyAgreement", e);
- }
-
- final byte[] x509EncodedPubKeyBytes =
- new byte
- [CURVE_25519_X509_PUB_KEY_HEADER.length
- + DH_GROUP_CURVE_25519_PUBLIC_KEY_LEN];
- System.arraycopy(
- CURVE_25519_X509_PUB_KEY_HEADER,
- 0,
- x509EncodedPubKeyBytes,
- 0,
- CURVE_25519_X509_PUB_KEY_HEADER.length);
- System.arraycopy(
- remotePublicKey,
- 0,
- x509EncodedPubKeyBytes,
- CURVE_25519_X509_PUB_KEY_HEADER.length,
- DH_GROUP_CURVE_25519_PUBLIC_KEY_LEN);
-
- PublicKey publicKey =
- keyFactory.generatePublic(new X509EncodedKeySpec(x509EncodedPubKeyBytes));
- keyAgreement.doPhase(publicKey, true /* Last phase */);
- return keyAgreement.generateSecret();
- }
-
/**
* Return the payload type as a String.
*
diff --git a/src/java/com/android/internal/net/ipsec/ike/message/IkeMessage.java b/src/java/com/android/internal/net/ipsec/ike/message/IkeMessage.java
index 1c0d780..29bade2 100644
--- a/src/java/com/android/internal/net/ipsec/ike/message/IkeMessage.java
+++ b/src/java/com/android/internal/net/ipsec/ike/message/IkeMessage.java
@@ -18,7 +18,6 @@
import static android.net.ipsec.ike.IkeManager.getIkeLog;
-import static com.android.internal.net.ipsec.ike.message.IkePayload.PAYLOAD_TYPE_NOTIFY;
import static com.android.internal.net.ipsec.ike.message.IkePayload.PayloadType;
import android.annotation.IntDef;
@@ -26,16 +25,15 @@
import android.net.ipsec.ike.exceptions.IkeException;
import android.net.ipsec.ike.exceptions.IkeInternalException;
import android.net.ipsec.ike.exceptions.IkeProtocolException;
-import android.net.ipsec.ike.exceptions.InvalidMessageIdException;
-import android.net.ipsec.ike.exceptions.InvalidSyntaxException;
-import android.net.ipsec.ike.exceptions.UnsupportedCriticalPayloadException;
import android.util.Pair;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.net.ipsec.ike.SaRecord.IkeSaRecord;
import com.android.internal.net.ipsec.ike.crypto.IkeCipher;
import com.android.internal.net.ipsec.ike.crypto.IkeMacIntegrity;
-import com.android.internal.net.ipsec.ike.message.IkeNotifyPayload.NotifyType;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidMessageIdException;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidSyntaxException;
+import com.android.internal.net.ipsec.ike.exceptions.UnsupportedCriticalPayloadException;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
@@ -44,7 +42,6 @@
import java.security.GeneralSecurityException;
import java.security.Provider;
import java.security.Security;
-import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.LinkedList;
@@ -81,16 +78,16 @@
}
public final IkeHeader ikeHeader;
- public final List<IkePayload> ikePayloadList = new ArrayList<>();
+ public final List<IkePayload> ikePayloadList;
/**
- * Construct an instance of IkeMessage. It is called by decode or for building outbound message.
+ * Conctruct an instance of IkeMessage. It is called by decode or for building outbound message.
*
* @param header the header of this IKE message
* @param payloadList the list of decoded IKE payloads in this IKE message
*/
public IkeMessage(IkeHeader header, List<IkePayload> payloadList) {
ikeHeader = header;
- ikePayloadList.addAll(payloadList);
+ ikePayloadList = payloadList;
}
/**
@@ -326,18 +323,6 @@
payloadType, payloadClass, ikePayloadList);
}
- /** Returns if a notification payload with a specified type is included in this message. */
- public boolean hasNotifyPayload(@NotifyType int notifyType) {
- for (IkeNotifyPayload notify :
- this.getPayloadListForType(PAYLOAD_TYPE_NOTIFY, IkeNotifyPayload.class)) {
- if (notify.notifyType == notifyType) {
- return true;
- }
- }
-
- return false;
- }
-
/**
* Checks if this Request IkeMessage was a DPD message
*
diff --git a/src/java/com/android/internal/net/ipsec/ike/message/IkeNoncePayload.java b/src/java/com/android/internal/net/ipsec/ike/message/IkeNoncePayload.java
index aebceda..112bc46 100644
--- a/src/java/com/android/internal/net/ipsec/ike/message/IkeNoncePayload.java
+++ b/src/java/com/android/internal/net/ipsec/ike/message/IkeNoncePayload.java
@@ -17,8 +17,8 @@
package com.android.internal.net.ipsec.ike.message;
import android.net.ipsec.ike.exceptions.IkeProtocolException;
-import android.net.ipsec.ike.exceptions.InvalidSyntaxException;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidSyntaxException;
import com.android.internal.net.ipsec.ike.utils.RandomnessFactory;
import java.nio.ByteBuffer;
diff --git a/src/java/com/android/internal/net/ipsec/ike/message/IkeNotifyPayload.java b/src/java/com/android/internal/net/ipsec/ike/message/IkeNotifyPayload.java
index 728929b..3014533 100644
--- a/src/java/com/android/internal/net/ipsec/ike/message/IkeNotifyPayload.java
+++ b/src/java/com/android/internal/net/ipsec/ike/message/IkeNotifyPayload.java
@@ -35,27 +35,21 @@
import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD;
import android.annotation.IntDef;
-import android.net.ipsec.ike.exceptions.AuthenticationFailedException;
-import android.net.ipsec.ike.exceptions.ChildSaNotFoundException;
-import android.net.ipsec.ike.exceptions.FailedCpRequiredException;
import android.net.ipsec.ike.exceptions.IkeProtocolException;
-import android.net.ipsec.ike.exceptions.InternalAddressFailureException;
-import android.net.ipsec.ike.exceptions.InvalidIkeSpiException;
-import android.net.ipsec.ike.exceptions.InvalidKeException;
-import android.net.ipsec.ike.exceptions.InvalidMajorVersionException;
-import android.net.ipsec.ike.exceptions.InvalidMessageIdException;
-import android.net.ipsec.ike.exceptions.InvalidSelectorsException;
-import android.net.ipsec.ike.exceptions.InvalidSyntaxException;
-import android.net.ipsec.ike.exceptions.NoAdditionalSasException;
-import android.net.ipsec.ike.exceptions.NoValidProposalChosenException;
-import android.net.ipsec.ike.exceptions.SinglePairRequiredException;
-import android.net.ipsec.ike.exceptions.TemporaryFailureException;
-import android.net.ipsec.ike.exceptions.TsUnacceptableException;
-import android.net.ipsec.ike.exceptions.UnrecognizedIkeProtocolException;
-import android.net.ipsec.ike.exceptions.UnsupportedCriticalPayloadException;
import android.util.ArraySet;
import android.util.SparseArray;
+import com.android.internal.net.ipsec.ike.exceptions.AuthenticationFailedException;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidKeException;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidMajorVersionException;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidMessageIdException;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidSyntaxException;
+import com.android.internal.net.ipsec.ike.exceptions.NoValidProposalChosenException;
+import com.android.internal.net.ipsec.ike.exceptions.TemporaryFailureException;
+import com.android.internal.net.ipsec.ike.exceptions.TsUnacceptableException;
+import com.android.internal.net.ipsec.ike.exceptions.UnrecognizedIkeProtocolException;
+import com.android.internal.net.ipsec.ike.exceptions.UnsupportedCriticalPayloadException;
+
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.net.InetAddress;
@@ -120,11 +114,6 @@
*/
public static final int NOTIFY_TYPE_NAT_DETECTION_DESTINATION_IP = 16389;
/**
- * Might be sent by the IKE responder in an IKE_SA_INIT response, to prevent DoS Attacks. If
- * receiving it, IKE client MUST retry IKE_SA_INIT request with the same associated data.
- */
- public static final int NOTIFY_TYPE_COOKIE = 16390;
- /**
* Indicates a willingness by its sender to use transport mode rather than tunnel mode on this
* Child SA. Only allowed in the request/response for negotiating a Child SA.
*/
@@ -139,23 +128,6 @@
* being negotiated. Only allowed in the request/response for negotiating a Child SA.
*/
public static final int NOTIFY_TYPE_ESP_TFC_PADDING_NOT_SUPPORTED = 16394;
- /**
- * Indicates that the sender supports MOBIKE functionality for the IKE Session. Only allowed in
- * the request/response of IKE_AUTH exchange.
- */
- public static final int NOTIFY_TYPE_MOBIKE_SUPPORTED = 16396;
- /**
- * Used for notifying the Responder that an address change has occurred during a MOBIKE-enabled
- * IKE Session. Only allowed in Informational exchanges sent after the IKE_AUTH exchange has
- * finished.
- */
- public static final int NOTIFY_TYPE_UPDATE_SA_ADDRESSES = 16400;
-
- /**
- * Used in any INFORMATIONAL request for return routability check purposes when performing
- * MOBIKE.
- */
- public static final int NOTIFY_TYPE_COOKIE2 = 16401;
/** Indicates that the sender prefers to use only eap based authentication */
public static final int NOTIFY_TYPE_EAP_ONLY_AUTHENTICATION = 16417;
@@ -176,12 +148,6 @@
private static final String NAT_DETECTION_DIGEST_ALGORITHM = "SHA-1";
- private static final int COOKIE_DATA_LEN_MIN = 1;
- private static final int COOKIE_DATA_LEN_MAX = 64;
-
- private static final int COOKIE2_DATA_LEN_MIN = 8;
- private static final int COOKIE2_DATA_LEN_MAX = 64;
-
private static final Set<Integer> VALID_NOTIFY_TYPES_FOR_EXISTING_CHILD_SA;
private static final Set<Integer> VALID_NOTIFY_TYPES_FOR_NEW_CHILD_SA;
@@ -237,14 +203,10 @@
NOTIFY_TYPE_TO_STRING.put(NOTIFY_TYPE_NAT_DETECTION_SOURCE_IP, "NAT detection source IP");
NOTIFY_TYPE_TO_STRING.put(
NOTIFY_TYPE_NAT_DETECTION_DESTINATION_IP, "NAT detection destination IP");
- NOTIFY_TYPE_TO_STRING.put(NOTIFY_TYPE_COOKIE, "COOKIE");
NOTIFY_TYPE_TO_STRING.put(NOTIFY_TYPE_USE_TRANSPORT_MODE, "Use transport mode");
NOTIFY_TYPE_TO_STRING.put(NOTIFY_TYPE_REKEY_SA, "Rekey SA");
NOTIFY_TYPE_TO_STRING.put(
NOTIFY_TYPE_ESP_TFC_PADDING_NOT_SUPPORTED, "ESP TCP Padding not supported");
- NOTIFY_TYPE_TO_STRING.put(NOTIFY_TYPE_MOBIKE_SUPPORTED, "MOBIKE supported");
- NOTIFY_TYPE_TO_STRING.put(NOTIFY_TYPE_UPDATE_SA_ADDRESSES, "UPDATE_SA_ADDRESSES");
- NOTIFY_TYPE_TO_STRING.put(NOTIFY_TYPE_COOKIE2, "COOKIE2");
NOTIFY_TYPE_TO_STRING.put(
NOTIFY_TYPE_IKEV2_FRAGMENTATION_SUPPORTED, "Fragmentation supported");
NOTIFY_TYPE_TO_STRING.put(
@@ -357,35 +319,6 @@
}
}
- private static IkeNotifyPayload handleCookieAndGenerateCopy(
- IkeNotifyPayload cookie2Notify, int minLen, int maxLen) throws InvalidSyntaxException {
- byte[] notifyData = cookie2Notify.notifyData;
- if (notifyData.length < minLen || notifyData.length > maxLen) {
- String cookieType =
- cookie2Notify.notifyType == NOTIFY_TYPE_COOKIE2 ? "COOKIE2" : "COOKIE";
- throw new InvalidSyntaxException(
- "Invalid "
- + cookieType
- + " notification data with length "
- + notifyData.length);
- }
-
- return new IkeNotifyPayload(cookie2Notify.notifyType, notifyData);
- }
-
- /** Validate inbound Cookie in IKE_INIT response and build a Cookie notify payload in request */
- public static IkeNotifyPayload handleCookieAndGenerateCopy(IkeNotifyPayload cookieNotify)
- throws InvalidSyntaxException {
- return handleCookieAndGenerateCopy(cookieNotify, COOKIE_DATA_LEN_MIN, COOKIE_DATA_LEN_MAX);
- }
-
- /** Validate inbound Cookie2 request and build a response Cookie2 notify payload */
- public static IkeNotifyPayload handleCookie2AndGenerateCopy(IkeNotifyPayload cookie2Notify)
- throws InvalidSyntaxException {
- return handleCookieAndGenerateCopy(
- cookie2Notify, COOKIE2_DATA_LEN_MIN, COOKIE2_DATA_LEN_MAX);
- }
-
/**
* Encode Notify payload to ByteBuffer.
*
@@ -505,8 +438,6 @@
switch (notifyType) {
case ERROR_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD:
return new UnsupportedCriticalPayloadException(notifyData);
- case ERROR_TYPE_INVALID_IKE_SPI:
- return new InvalidIkeSpiException(notifyData);
case ERROR_TYPE_INVALID_MAJOR_VERSION:
return new InvalidMajorVersionException(notifyData);
case ERROR_TYPE_INVALID_SYNTAX:
@@ -519,22 +450,10 @@
return new InvalidKeException(notifyData);
case ERROR_TYPE_AUTHENTICATION_FAILED:
return new AuthenticationFailedException(notifyData);
- case ERROR_TYPE_SINGLE_PAIR_REQUIRED:
- return new SinglePairRequiredException(notifyData);
- case ERROR_TYPE_NO_ADDITIONAL_SAS:
- return new NoAdditionalSasException(notifyData);
- case ERROR_TYPE_INTERNAL_ADDRESS_FAILURE:
- return new InternalAddressFailureException(notifyData);
- case ERROR_TYPE_FAILED_CP_REQUIRED:
- return new FailedCpRequiredException(notifyData);
case ERROR_TYPE_TS_UNACCEPTABLE:
return new TsUnacceptableException(notifyData);
- case ERROR_TYPE_INVALID_SELECTORS:
- return new InvalidSelectorsException(spi, notifyData);
case ERROR_TYPE_TEMPORARY_FAILURE:
return new TemporaryFailureException(notifyData);
- case ERROR_TYPE_CHILD_SA_NOT_FOUND:
- return new ChildSaNotFoundException(spi, notifyData);
default:
return new UnrecognizedIkeProtocolException(notifyType, notifyData);
}
diff --git a/src/java/com/android/internal/net/ipsec/ike/message/IkePayloadFactory.java b/src/java/com/android/internal/net/ipsec/ike/message/IkePayloadFactory.java
index 6105cab..b50f093 100644
--- a/src/java/com/android/internal/net/ipsec/ike/message/IkePayloadFactory.java
+++ b/src/java/com/android/internal/net/ipsec/ike/message/IkePayloadFactory.java
@@ -18,12 +18,12 @@
import android.annotation.Nullable;
import android.net.ipsec.ike.exceptions.IkeProtocolException;
-import android.net.ipsec.ike.exceptions.InvalidSyntaxException;
import android.util.Pair;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.net.ipsec.ike.crypto.IkeCipher;
import com.android.internal.net.ipsec.ike.crypto.IkeMacIntegrity;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidSyntaxException;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
diff --git a/src/java/com/android/internal/net/ipsec/ike/message/IkeSaPayload.java b/src/java/com/android/internal/net/ipsec/ike/message/IkeSaPayload.java
index 9c20a7a..929dcf1 100644
--- a/src/java/com/android/internal/net/ipsec/ike/message/IkeSaPayload.java
+++ b/src/java/com/android/internal/net/ipsec/ike/message/IkeSaPayload.java
@@ -31,14 +31,12 @@
import android.net.ipsec.ike.IkeSaProposal;
import android.net.ipsec.ike.SaProposal;
import android.net.ipsec.ike.exceptions.IkeProtocolException;
-import android.net.ipsec.ike.exceptions.InvalidKeException;
-import android.net.ipsec.ike.exceptions.InvalidSyntaxException;
-import android.net.ipsec.ike.exceptions.NoValidProposalChosenException;
-import android.os.PersistableBundle;
import android.util.ArraySet;
import android.util.Pair;
import com.android.internal.annotations.VisibleForTesting;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidSyntaxException;
+import com.android.internal.net.ipsec.ike.exceptions.NoValidProposalChosenException;
import com.android.internal.net.ipsec.ike.utils.IkeSecurityParameterIndex;
import com.android.internal.net.ipsec.ike.utils.IkeSpiGenerator;
import com.android.internal.net.ipsec.ike.utils.IpSecSpiGenerator;
@@ -349,72 +347,6 @@
}
/**
- * Finds or builds the negotiated Child proposal when there is a key exchange.
- *
- * <p>This method will be used in Remote Rekey Child. For better interoperability, IKE library
- * allows the server to set up new Child SA with a different DH group if (1) caller has
- * configured that DH group in the Child SA Proposal, or (2) that DH group is the DH group
- * negotiated as part of IKE Session.
- *
- * @param currentProposal the current negotiated Child SA Proposal
- * @param callerConfiguredProposals all caller configured Child SA Proposals
- * @param reqKePayloadDh the DH group in the request KE payload
- * @param ikeDh the DH group negotiated as part of IKE Session
- * @return the negotiated Child SA Proposal
- * @throws NoValidProposalChosenException when there is no acceptable proposal in the SA payload
- * @throws InvalidKeException when the request KE payload has a mismatched DH group
- */
- public ChildSaProposal getNegotiatedChildProposalWithDh(
- ChildSaProposal currentProposal,
- List<ChildSaProposal> callerConfiguredProposals,
- int reqKePayloadDh,
- int ikeDh)
- throws NoValidProposalChosenException, InvalidKeException {
-
- List<ChildSaProposal> proposalCandidates = new ArrayList<>();
- for (ChildSaProposal callerProposal : callerConfiguredProposals) {
- // Check if current proposal can be negotiated from the callerProposal.
- if (!currentProposal.isNegotiatedFromExceptDhGroup(callerProposal)) {
- continue;
- }
-
- // Check if current proposal can be negotiated from the Rekey Child request.
- // Try all DH groups in this caller configured proposal and see if current
- // proposal + the DH group can be negotiated from the Rekey request. For
- // better interoperability, if caller does not configure any DH group for
- // this proposal, try DH group negotiated as part of IKE Session. Some
- // implementation will request using the IKE DH group when rekeying the
- // Child SA which is built during IKE Auth
- if (callerProposal.getDhGroups().isEmpty()) {
- callerProposal = callerProposal.getCopyWithAdditionalDhTransform(ikeDh);
- }
-
- for (int callerDh : callerProposal.getDhGroups()) {
- ChildSaProposal negotiatedProposal =
- currentProposal.getCopyWithAdditionalDhTransform(callerDh);
- try {
- getNegotiatedProposalNumber(negotiatedProposal);
- proposalCandidates.add(negotiatedProposal);
- } catch (NoValidProposalChosenException e) {
- continue;
- }
- }
- }
-
- // Check if any negotiated proposal match reqKePayloadDh
- if (proposalCandidates.isEmpty()) {
- throw new NoValidProposalChosenException("No acceptable SA proposal in the request");
- } else {
- for (ChildSaProposal negotiatedProposal : proposalCandidates) {
- if (reqKePayloadDh == negotiatedProposal.getDhGroups().get(0)) {
- return negotiatedProposal;
- }
- }
- throw new InvalidKeException(proposalCandidates.get(0).getDhGroups().get(0));
- }
- }
-
- /**
* Validate the IKE SA Payload pair (request/response) and return the IKE SA negotiation result.
*
* <p>Caller is able to extract the negotiated IKE SA Proposal from the response Proposal and
@@ -1191,9 +1123,6 @@
public static final class EncryptionTransform extends Transform {
public static final int KEY_LEN_UNSPECIFIED = 0;
- private static final String ID_KEY = "id";
- private static final String SPECIFIED_KEY_LEN_KEY = "mSpecifiedKeyLength";
-
// When using encryption algorithm with variable-length keys, mSpecifiedKeyLength MUST be
// set and a KeyLengthAttribute MUST be attached. Otherwise, mSpecifiedKeyLength MUST NOT be
// set and KeyLengthAttribute MUST NOT be attached.
@@ -1227,21 +1156,6 @@
}
}
- /** Constructs this object by deserializing a PersistableBundle */
- public static EncryptionTransform fromPersistableBundle(@NonNull PersistableBundle in) {
- Objects.requireNonNull(in, "PersistableBundle is null");
- return new EncryptionTransform(in.getInt(ID_KEY), in.getInt(SPECIFIED_KEY_LEN_KEY));
- }
-
- /** Serializes this object to a PersistableBundle */
- public PersistableBundle toPersistableBundle() {
- final PersistableBundle result = new PersistableBundle();
- result.putInt(ID_KEY, id);
- result.putInt(SPECIFIED_KEY_LEN_KEY, mSpecifiedKeyLength);
-
- return result;
- }
-
/**
* Contruct an instance of EncryptionTransform for decoding an inbound packet.
*
@@ -1291,8 +1205,7 @@
@Override
protected boolean isSupportedTransformId(int id) {
- return IkeSaProposal.getSupportedEncryptionAlgorithms().contains(id)
- || ChildSaProposal.getSupportedEncryptionAlgorithms().contains(id);
+ return SaProposal.isSupportedEncryptionAlgorithm(id);
}
@Override
@@ -1317,8 +1230,6 @@
private void validateKeyLength() throws InvalidSyntaxException {
switch (id) {
case SaProposal.ENCRYPTION_ALGORITHM_3DES:
- /* fall through */
- case SaProposal.ENCRYPTION_ALGORITHM_CHACHA20_POLY1305:
if (mSpecifiedKeyLength != KEY_LEN_UNSPECIFIED) {
throw new InvalidSyntaxException(
"Must not set Key Length value for this "
@@ -1329,8 +1240,6 @@
return;
case SaProposal.ENCRYPTION_ALGORITHM_AES_CBC:
/* fall through */
- case SaProposal.ENCRYPTION_ALGORITHM_AES_CTR:
- /* fall through */
case SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8:
/* fall through */
case SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12:
@@ -1442,7 +1351,7 @@
@Override
protected boolean isSupportedTransformId(int id) {
- return IkeSaProposal.getSupportedPseudorandomFunctions().contains(id);
+ return SaProposal.isSupportedPseudorandomFunction(id);
}
@Override
@@ -1523,8 +1432,7 @@
@Override
protected boolean isSupportedTransformId(int id) {
- return IkeSaProposal.getSupportedIntegrityAlgorithms().contains(id)
- || ChildSaProposal.getSupportedIntegrityAlgorithms().contains(id);
+ return SaProposal.isSupportedIntegrityAlgorithm(id);
}
@Override
@@ -1605,7 +1513,7 @@
@Override
protected boolean isSupportedTransformId(int id) {
- return SaProposal.getSupportedDhGroups().contains(id);
+ return SaProposal.isSupportedDhGroup(id);
}
@Override
diff --git a/src/java/com/android/internal/net/ipsec/ike/message/IkeSkfPayload.java b/src/java/com/android/internal/net/ipsec/ike/message/IkeSkfPayload.java
index 5dfba8d..6faea12 100644
--- a/src/java/com/android/internal/net/ipsec/ike/message/IkeSkfPayload.java
+++ b/src/java/com/android/internal/net/ipsec/ike/message/IkeSkfPayload.java
@@ -18,11 +18,11 @@
import android.annotation.Nullable;
import android.net.ipsec.ike.exceptions.IkeProtocolException;
-import android.net.ipsec.ike.exceptions.InvalidSyntaxException;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.net.ipsec.ike.crypto.IkeCipher;
import com.android.internal.net.ipsec.ike.crypto.IkeMacIntegrity;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidSyntaxException;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
diff --git a/src/java/com/android/internal/net/ipsec/ike/message/IkeTsPayload.java b/src/java/com/android/internal/net/ipsec/ike/message/IkeTsPayload.java
index 6c6dcba..207bdc3 100644
--- a/src/java/com/android/internal/net/ipsec/ike/message/IkeTsPayload.java
+++ b/src/java/com/android/internal/net/ipsec/ike/message/IkeTsPayload.java
@@ -18,7 +18,8 @@
import android.net.ipsec.ike.IkeTrafficSelector;
import android.net.ipsec.ike.exceptions.IkeProtocolException;
-import android.net.ipsec.ike.exceptions.InvalidSyntaxException;
+
+import com.android.internal.net.ipsec.ike.exceptions.InvalidSyntaxException;
import java.nio.ByteBuffer;
diff --git a/src/java/com/android/internal/net/ipsec/ike/net/IkeDefaultNetworkCallback.java b/src/java/com/android/internal/net/ipsec/ike/net/IkeDefaultNetworkCallback.java
deleted file mode 100644
index fa4c6bf..0000000
--- a/src/java/com/android/internal/net/ipsec/ike/net/IkeDefaultNetworkCallback.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.ipsec.ike.net;
-
-import android.net.Network;
-
-import java.net.InetAddress;
-
-/**
- * IkeDefaultNetworkCallback is a network callback used to track the application default Network.
- *
- * <p>This NetworkCallback will notify IkeSessionStateMachine if:
- *
- * <ul>
- * <li>the default Network changes, or
- * <li>the local Address for the default Network is dropped,
- * <li>the default Network dies with no alternatives available.
- * </ul>
- *
- * <p>MUST be registered with {@link android.net.ConnectivityManager} and specify the
- * IkeSessionStateMachine's Handler to prevent races.
- */
-public class IkeDefaultNetworkCallback extends IkeNetworkCallbackBase {
- public IkeDefaultNetworkCallback(
- IkeNetworkUpdater ikeNetworkUpdater, Network currNetwork, InetAddress currAddress) {
- super(ikeNetworkUpdater, currNetwork, currAddress);
- }
-
- @Override
- public void onAvailable(Network network) {
- // This signal can be ignored if the Network is already the current Network
- if (mCurrNetwork.equals(network)) {
- return;
- }
-
- logd("Application default Network changed to " + network);
- mIkeNetworkUpdater.onUnderlyingNetworkUpdated(network);
- }
-}
diff --git a/src/java/com/android/internal/net/ipsec/ike/net/IkeLocalAddressGenerator.java b/src/java/com/android/internal/net/ipsec/ike/net/IkeLocalAddressGenerator.java
deleted file mode 100644
index 20e2dfc..0000000
--- a/src/java/com/android/internal/net/ipsec/ike/net/IkeLocalAddressGenerator.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.ipsec.ike.net;
-
-import android.net.Network;
-import android.system.ErrnoException;
-import android.system.Os;
-import android.system.OsConstants;
-
-import java.io.FileDescriptor;
-import java.io.IOException;
-import java.net.InetAddress;
-import java.net.InetSocketAddress;
-
-/**
- * IkeLocalAddressGenerator generates a local IP address for the given Network using the specified
- * address family, remote address, and server port number.
- */
-public class IkeLocalAddressGenerator {
- /** Generate and return a local IP address on the specified Network. */
- public InetAddress generateLocalAddress(
- Network network, boolean isIpv4, InetAddress remoteAddress, int serverPort)
- throws ErrnoException, IOException {
- FileDescriptor sock =
- Os.socket(
- isIpv4 ? OsConstants.AF_INET : OsConstants.AF_INET6,
- OsConstants.SOCK_DGRAM,
- OsConstants.IPPROTO_UDP);
- network.bindSocket(sock);
- Os.connect(sock, remoteAddress, serverPort);
- InetSocketAddress localAddr = (InetSocketAddress) Os.getsockname(sock);
- Os.close(sock);
-
- return localAddr.getAddress();
- }
-}
diff --git a/src/java/com/android/internal/net/ipsec/ike/net/IkeNetworkCallbackBase.java b/src/java/com/android/internal/net/ipsec/ike/net/IkeNetworkCallbackBase.java
deleted file mode 100644
index 67279e0..0000000
--- a/src/java/com/android/internal/net/ipsec/ike/net/IkeNetworkCallbackBase.java
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.ipsec.ike.net;
-
-import static android.net.ipsec.ike.IkeManager.getIkeLog;
-
-import android.net.ConnectivityManager.NetworkCallback;
-import android.net.LinkAddress;
-import android.net.LinkProperties;
-import android.net.Network;
-
-import com.android.internal.annotations.VisibleForTesting;
-
-import java.net.InetAddress;
-
-/** IkeNetworkCallbackBase is a template for IKE-specific NetworkCallback implementations. */
-public abstract class IkeNetworkCallbackBase extends NetworkCallback {
- private static final String TAG = IkeNetworkCallbackBase.class.getSimpleName();
-
- protected final IkeNetworkUpdater mIkeNetworkUpdater;
- protected Network mCurrNetwork;
- private InetAddress mCurrAddress;
-
- protected IkeNetworkCallbackBase(
- IkeNetworkUpdater ikeNetworkUpdater, Network currNetwork, InetAddress currAddress) {
- mIkeNetworkUpdater = ikeNetworkUpdater;
- mCurrNetwork = currNetwork;
- mCurrAddress = currAddress;
- }
-
- @Override
- public void onLost(Network network) {
- // This Network loss is only meaningful if it's for the current Network
- if (!mCurrNetwork.equals(network)) {
- return;
- }
-
- logd("onLost invoked for current Network " + mCurrNetwork);
- mIkeNetworkUpdater.onUnderlyingNetworkDied();
- }
-
- @Override
- public void onLinkPropertiesChanged(Network network, LinkProperties linkProperties) {
- // This LinkProperties update is only meaningful if it's for the current Network
- if (!mCurrNetwork.equals(network)) {
- return;
- }
-
- // Use getAllLinkAddresses (instead of getLinkAddresses()) so that the return value also
- // includes addresses of stacked LinkProperties. This is useful for handling the address of
- // a CLAT interface.
- for (LinkAddress linkAddress : linkProperties.getAllLinkAddresses()) {
- if (mCurrAddress.equals(linkAddress.getAddress())) {
- return;
- }
- }
-
- // The underlying Network didn't change, but the current address disappeared. A MOBIKE
- // event is necessary to update the local address and notify the peer of this change.
- logd(
- "onLinkPropertiesChanged indicates current address "
- + mCurrAddress
- + " lost on current Network "
- + mCurrNetwork.getNetId());
- mIkeNetworkUpdater.onUnderlyingNetworkUpdated(mCurrNetwork);
- }
-
- /**
- * Sets the current Network that this NetworkCallback is monitoring for.
- *
- * <p>MUST be called on the Handler specified when registering this NetworkCallback with {@link
- * ConnectivityManager}.
- */
- public void setNetwork(Network network) {
- mCurrNetwork = network;
- }
-
- /** Returns the current Network that this NetworkCallback is monitoring for. */
- @VisibleForTesting
- public Network getNetwork() {
- return mCurrNetwork;
- }
-
- /**
- * Sets the current address that this NetworkCallback is monitoring for.
- *
- * <p>MUST be called on the Handler specified when registering this NetworkCallback with {@link
- * ConnectivityManager}.
- */
- public void setAddress(InetAddress address) {
- mCurrAddress = address;
- }
-
- /** Returns the current Address that this NetworkCallback is monitoring for. */
- @VisibleForTesting
- public InetAddress getAddress() {
- return mCurrAddress;
- }
-
- protected void logd(String msg) {
- getIkeLog().d(TAG, msg);
- }
-}
diff --git a/src/java/com/android/internal/net/ipsec/ike/net/IkeNetworkUpdater.java b/src/java/com/android/internal/net/ipsec/ike/net/IkeNetworkUpdater.java
deleted file mode 100644
index 3e612d2..0000000
--- a/src/java/com/android/internal/net/ipsec/ike/net/IkeNetworkUpdater.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.ipsec.ike.net;
-
-import android.net.Network;
-
-/** IkeNetworkUpdater is an interface for updating the underlying Network for an IKE Session. */
-public interface IkeNetworkUpdater {
- /**
- * Notify the IkeNetworkUpdater to use the specified Network as its underlying Network.
- *
- * <p>This may also be invoked if the LinkProperties for the specified Network drop the previous
- * local address for the IKE Session.
- *
- * @param network The Network to be used for the underlying Network
- */
- void onUnderlyingNetworkUpdated(Network network);
-
- /** Notify the IkeNetworkUpdater that the underlying Network died. */
- void onUnderlyingNetworkDied();
-}
diff --git a/src/java/com/android/internal/net/ipsec/ike/net/IkeSpecificNetworkCallback.java b/src/java/com/android/internal/net/ipsec/ike/net/IkeSpecificNetworkCallback.java
deleted file mode 100644
index b74d022..0000000
--- a/src/java/com/android/internal/net/ipsec/ike/net/IkeSpecificNetworkCallback.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.ipsec.ike.net;
-
-import android.net.Network;
-
-import java.net.InetAddress;
-
-/**
- * IkeSpecificNetworkCallback is a network callback used to track a caller-specified network.
- *
- * <p>This NetworkCallback will notify IkeSessionStateMachine if:
- *
- * <ul>
- * <li>the local Address for the caller-specified Network is dropped, or
- * <li>the caller-specified Network dies.
- * </ul>
- *
- * <p>MUST be registered with {@link android.net.ConnectivityManager} and specify the
- * IkeSessionStateMachine's Handler to prevent races.
- */
-public class IkeSpecificNetworkCallback extends IkeNetworkCallbackBase {
- public IkeSpecificNetworkCallback(
- IkeNetworkUpdater ikeNetworkUpdater, Network currNetwork, InetAddress currAddress) {
- super(ikeNetworkUpdater, currNetwork, currAddress);
- }
-}
diff --git a/src/java/com/android/internal/net/ipsec/ike/utils/IkeAlarm.java b/src/java/com/android/internal/net/ipsec/ike/utils/IkeAlarm.java
deleted file mode 100644
index 2fc6de7..0000000
--- a/src/java/com/android/internal/net/ipsec/ike/utils/IkeAlarm.java
+++ /dev/null
@@ -1,177 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.ipsec.ike.utils;
-
-import android.app.AlarmManager;
-import android.app.PendingIntent;
-import android.content.Context;
-import android.os.Message;
-import android.os.Process;
-import android.os.SystemClock;
-
-import com.android.internal.annotations.VisibleForTesting;
-import com.android.internal.util.WakeupMessage;
-
-/** IkeAlarm provides interfaces to use AlarmManager for scheduling system alarm. */
-// TODO: b/191056695 Improve test coverage for scheduling system alarms.
-public abstract class IkeAlarm {
- private static final Dependencies sDeps = new Dependencies();
-
- protected final AlarmManager mAlarmManager;
- protected final String mTag;
- protected final long mDelayMs;
-
- private IkeAlarm(IkeAlarmConfig alarmConfig) {
- mAlarmManager = alarmConfig.context.getSystemService(AlarmManager.class);
- mTag = alarmConfig.tag;
- mDelayMs = alarmConfig.delayMs;
- }
-
- /** Creates an alarm to be delivered precisely at the stated time. */
- public static IkeAlarm newExactAlarm(IkeAlarmConfig alarmConfig) {
- return new IkeAlarmWithListener(alarmConfig, sDeps);
- }
-
- /** Creates an alarm with a Dependencies instance for testing */
- @VisibleForTesting
- static IkeAlarm newExactAlarm(IkeAlarmConfig alarmConfig, Dependencies deps) {
- return new IkeAlarmWithListener(alarmConfig, deps);
- }
-
- /**
- * Creates an alarm to be delivered precisely at the stated time, even when the system is in
- * low-power idle (a.k.a. doze) modes.
- */
- public static IkeAlarm newExactAndAllowWhileIdleAlarm(IkeAlarmConfig alarmConfig) {
- return newExactAndAllowWhileIdleAlarm(alarmConfig, sDeps);
- }
-
- /** Creates an alarm with a Dependencies instance for testing */
- @VisibleForTesting
- static IkeAlarm newExactAndAllowWhileIdleAlarm(IkeAlarmConfig alarmConfig, Dependencies deps) {
- if (deps.getMyUid() == Process.SYSTEM_UID) {
- // By using listener instead of PendingIntent, the system service does not need to
- // declare the PendingIntent broadcast as protected in the AndroidManifest.
- return new IkeAlarmWithListener(alarmConfig, deps);
- } else {
- return new IkeAlarmWithPendingIntent(alarmConfig);
- }
- }
-
- /** Cancel the alarm */
- public abstract void cancel();
-
- /** Schedule/re-schedule the alarm */
- public abstract void schedule();
-
- /** External dependencies, for injection in tests */
- @VisibleForTesting
- static class Dependencies {
- /** Get the UID of the current process */
- public int getMyUid() {
- return Process.myUid();
- }
-
- /** Construct a WakeupMessage */
- public WakeupMessage newWakeMessage(IkeAlarmConfig alarmConfig) {
- Message alarmMessage = alarmConfig.message;
- return new WakeupMessage(
- alarmConfig.context,
- alarmMessage.getTarget(),
- alarmConfig.tag,
- alarmMessage.what,
- alarmMessage.arg1,
- alarmMessage.arg2,
- alarmMessage.obj);
- }
- }
-
- /** Alarm that will be using a PendingIntent and will be set with setExactAndAllowWhileIdle */
- @VisibleForTesting
- static class IkeAlarmWithPendingIntent extends IkeAlarm {
- private final PendingIntent mPendingIntent;
-
- IkeAlarmWithPendingIntent(IkeAlarmConfig alarmConfig) {
- super(alarmConfig);
- android.util.Log.d("IKE", "new IkeAlarmWithPendingIntent for " + mTag);
-
- mPendingIntent = alarmConfig.pendingIntent;
- }
-
- @Override
- public void cancel() {
- mAlarmManager.cancel(mPendingIntent);
- mPendingIntent.cancel();
- }
-
- @Override
- public void schedule() {
- mAlarmManager.setExactAndAllowWhileIdle(
- AlarmManager.ELAPSED_REALTIME_WAKEUP,
- SystemClock.elapsedRealtime() + mDelayMs,
- mPendingIntent);
- }
- }
-
- /**
- * Alarm that will be using a OnAlarmListener and will be set with setExact
- *
- * <p>If the caller is a system service, the alarm can still be fired in doze mode.
- */
- @VisibleForTesting
- static class IkeAlarmWithListener extends IkeAlarm {
- private final WakeupMessage mWakeupMsg;
-
- IkeAlarmWithListener(IkeAlarmConfig alarmConfig, Dependencies deps) {
- super(alarmConfig);
- android.util.Log.d("IKE", "new IkeAlarmWithListener for " + mTag);
-
- mWakeupMsg = deps.newWakeMessage(alarmConfig);
- }
-
- @Override
- public void cancel() {
- mWakeupMsg.cancel();
- }
-
- @Override
- public void schedule() {
- mWakeupMsg.schedule(SystemClock.elapsedRealtime() + mDelayMs);
- }
- }
-
- public static class IkeAlarmConfig {
- public final Context context;
- public final String tag;
- public final long delayMs;
- public final Message message;
- public final PendingIntent pendingIntent;
-
- public IkeAlarmConfig(
- Context context,
- String tag,
- long delayMs,
- PendingIntent pendingIntent,
- Message message) {
- this.context = context;
- this.tag = tag;
- this.delayMs = delayMs;
- this.message = message;
- this.pendingIntent = pendingIntent;
- }
- }
-}
diff --git a/src/java/com/android/internal/net/ipsec/ike/utils/IkeCertUtils.java b/src/java/com/android/internal/net/ipsec/ike/utils/IkeCertUtils.java
deleted file mode 100644
index e7bb26e..0000000
--- a/src/java/com/android/internal/net/ipsec/ike/utils/IkeCertUtils.java
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.ipsec.ike.utils;
-
-import java.io.ByteArrayInputStream;
-import java.io.InputStream;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.security.interfaces.RSAPrivateKey;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.util.Objects;
-
-/** IkeCertUtils provides utility methods for decoding byte array of Certificate and PrivateKey */
-public class IkeCertUtils {
- private static final String CERT_TYPE_X509 = "X.509";
- private static final String PRIVATE_KEY_TYPE_RSA = "RSA";
-
- /** Decodes an ASN.1 DER encoded Certificate */
- public static X509Certificate certificateFromByteArray(byte[] derEncoded) {
- Objects.requireNonNull(derEncoded, "derEncoded is null");
-
- try {
- CertificateFactory certFactory = CertificateFactory.getInstance(CERT_TYPE_X509);
- InputStream in = new ByteArrayInputStream(derEncoded);
- return (X509Certificate) certFactory.generateCertificate(in);
- } catch (CertificateException e) {
- throw new IllegalArgumentException("Fail to decode certificate", e);
- }
- }
-
- /** Decodes a PKCS#8 encoded RSA private key */
- public static RSAPrivateKey privateKeyFromByteArray(byte[] pkcs8Encoded) {
- Objects.requireNonNull(pkcs8Encoded, "pkcs8Encoded is null");
- PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(pkcs8Encoded);
-
- try {
- KeyFactory keyFactory = KeyFactory.getInstance(PRIVATE_KEY_TYPE_RSA);
-
- return (RSAPrivateKey) keyFactory.generatePrivate(privateKeySpec);
- } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
- throw new IllegalArgumentException("Fail to decode PrivateKey", e);
- }
- }
-}
diff --git a/src/java/com/android/internal/net/ipsec/ike/utils/IkeSecurityParameterIndex.java b/src/java/com/android/internal/net/ipsec/ike/utils/IkeSecurityParameterIndex.java
index 7336948..c5863be 100644
--- a/src/java/com/android/internal/net/ipsec/ike/utils/IkeSecurityParameterIndex.java
+++ b/src/java/com/android/internal/net/ipsec/ike/utils/IkeSecurityParameterIndex.java
@@ -18,9 +18,6 @@
import android.util.CloseGuard;
import android.util.Pair;
-import com.android.internal.annotations.VisibleForTesting;
-
-import java.io.IOException;
import java.net.InetAddress;
import java.util.HashSet;
import java.util.Set;
@@ -44,7 +41,7 @@
// accessed only by IkeSecurityParameterIndex and IkeSpiGenerator
static final Set<Pair<InetAddress, Long>> sAssignedIkeSpis = new HashSet<>();
- private InetAddress mSourceAddress;
+ private final InetAddress mSourceAddress;
private final long mSpi;
private final CloseGuard mCloseGuard = new CloseGuard();
@@ -64,12 +61,6 @@
return mSpi;
}
- /** Gets the current source address for this IkeSecurityParameterIndex. */
- @VisibleForTesting
- public InetAddress getSourceAddress() {
- return mSourceAddress;
- }
-
/** Release an SPI that was previously reserved. */
@Override
public void close() {
@@ -85,25 +76,4 @@
}
close();
}
-
- /** Migrate this IkeSecurityParameterIndex to the specified InetAddress. */
- public void migrate(InetAddress newSourceAddress) throws IOException {
- if (mSourceAddress.equals(newSourceAddress)) {
- // not actually migrating - this is a no op
- return;
- }
-
- if (!sAssignedIkeSpis.add(new Pair<>(newSourceAddress, mSpi))) {
- throw new IOException(
- String.format(
- "SPI colllision migrating IKE SPI <%s, %d> to <%s, %d>",
- mSourceAddress.getHostAddress(),
- mSpi,
- newSourceAddress.getHostAddress(),
- mSpi));
- }
-
- sAssignedIkeSpis.remove(new Pair<InetAddress, Long>(mSourceAddress, mSpi));
- mSourceAddress = newSourceAddress;
- }
}
diff --git a/src/java/com/android/internal/net/ipsec/ike/utils/Retransmitter.java b/src/java/com/android/internal/net/ipsec/ike/utils/Retransmitter.java
index c3a8413..2b656d3 100644
--- a/src/java/com/android/internal/net/ipsec/ike/utils/Retransmitter.java
+++ b/src/java/com/android/internal/net/ipsec/ike/utils/Retransmitter.java
@@ -54,7 +54,7 @@
return;
}
- send();
+ send(mRetransmitMsg);
long timeout = mRetransmissionTimeouts[mRetransmitCount++];
mHandler.sendMessageDelayed(mHandler.obtainMessage(CMD_RETRANSMIT, this), timeout);
@@ -74,8 +74,10 @@
* Implementation-provided sender
*
* <p>For Retransmitter-internal use only.
+ *
+ * @param msg the message to be sent
*/
- protected abstract void send();
+ protected abstract void send(IkeMessage msg);
/**
* Callback for implementations to be informed that we have reached the max retransmissions.
diff --git a/tests/cts/Android.bp b/tests/cts/Android.bp
index 5087a6e..1d9f0cb 100644
--- a/tests/cts/Android.bp
+++ b/tests/cts/Android.bp
@@ -12,10 +12,6 @@
// See the License for the specific language governing permissions and
// limitations under the License.
-package {
- default_applicable_licenses: ["Android-Apache-2.0"],
-}
-
android_test {
name: "CtsIkeTestCases",
defaults: ["cts_defaults"],
@@ -30,15 +26,14 @@
srcs: [
"src/**/*.java",
+ ":ike-test-utils",
],
static_libs: [
"androidx.test.ext.junit",
"compatibility-device-util-axt",
"ctstestrunner-axt",
- "modules-utils-build",
"net-tests-utils",
- "ike-test-utils",
],
platform_apis: true,
@@ -50,18 +45,4 @@
"vts",
"general-tests",
],
-
- min_sdk_version: "30",
-}
-
-java_library {
- name: "ike-tun-utils",
- srcs: [
- "src/**/IkeTunUtils.java",
- "src/**/PacketUtils.java",
- "src/**/TunUtils.java",
- ],
- static_libs: [
- "junit",
- ],
}
diff --git a/tests/cts/AndroidManifest.xml b/tests/cts/AndroidManifest.xml
index 3162399..052b12d 100644
--- a/tests/cts/AndroidManifest.xml
+++ b/tests/cts/AndroidManifest.xml
@@ -19,8 +19,6 @@
package="android.ipsec.cts"
android:targetSandboxVersion="2">
- <uses-sdk android:minSdkVersion="30" android:targetSdkVersion="30" />
-
<!--Allow tests to call ConnectivityManager#getActiveNetwork()-->
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
<!--Allow tests to create socket -->
diff --git a/tests/cts/AndroidTest.xml b/tests/cts/AndroidTest.xml
index 12032be..7ebfd95 100644
--- a/tests/cts/AndroidTest.xml
+++ b/tests/cts/AndroidTest.xml
@@ -19,7 +19,6 @@
<option name="config-descriptor:metadata" key="parameter" value="not_multi_abi" />
<option name="config-descriptor:metadata" key="parameter" value="secondary_user" />
<option name="not-shardable" value="true" />
- <option name="config-descriptor:metadata" key="mainline-param" value="com.google.android.ipsec.apex" />
<target_preparer class="com.android.tradefed.targetprep.suite.SuiteApkInstaller">
<option name="cleanup-apks" value="true" />
<option name="test-file-name" value="CtsIkeTestCases.apk" />
diff --git a/tests/cts/src/android/eap/cts/EapSessionConfigTest.java b/tests/cts/src/android/eap/cts/EapSessionConfigTest.java
index c88303d..b0a257a 100644
--- a/tests/cts/src/android/eap/cts/EapSessionConfigTest.java
+++ b/tests/cts/src/android/eap/cts/EapSessionConfigTest.java
@@ -28,25 +28,18 @@
import android.net.eap.EapSessionConfig.EapAkaPrimeConfig;
import android.net.eap.EapSessionConfig.EapMsChapV2Config;
import android.net.eap.EapSessionConfig.EapSimConfig;
-import android.net.eap.EapSessionConfig.EapTtlsConfig;
import android.net.eap.EapSessionConfig.EapUiccConfig;
import androidx.test.runner.AndroidJUnit4;
-import com.android.internal.net.ipsec.test.ike.testutils.CertUtils;
-
-import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
-import java.security.cert.X509Certificate;
-
@RunWith(AndroidJUnit4.class)
public class EapSessionConfigTest {
// These constants are IANA-defined values and are copies of hidden constants in
// frameworks/opt/net/ike/src/java/com/android/internal/net/eap/message/EapData.java.
private static final int EAP_TYPE_SIM = 18;
- private static final int EAP_TYPE_TTLS = 21;
private static final int EAP_TYPE_AKA = 23;
private static final int EAP_TYPE_MSCHAP_V2 = 26;
private static final int EAP_TYPE_AKA_PRIME = 50;
@@ -57,19 +50,6 @@
private static final String EAP_MSCHAPV2_USERNAME = "username";
private static final String EAP_MSCHAPV2_PASSWORD = "password";
- private static final EapSessionConfig INNER_EAP_SESSION_CONFIG =
- new EapSessionConfig.Builder()
- .setEapIdentity(EAP_IDENTITY)
- .setEapMsChapV2Config(EAP_MSCHAPV2_USERNAME, EAP_MSCHAPV2_PASSWORD)
- .build();
-
- private X509Certificate mServerCaCert;
-
- @Before
- public void setUp() throws Exception {
- mServerCaCert = CertUtils.createCertFromPemFile("server-a-self-signed-ca.pem");
- }
-
@Test
public void testBuildWithAllEapMethods() {
EapSessionConfig result =
@@ -83,7 +63,6 @@
NETWORK_NAME,
true /* allowMismatchedNetworkNames */)
.setEapMsChapV2Config(EAP_MSCHAPV2_USERNAME, EAP_MSCHAPV2_PASSWORD)
- .setEapTtlsConfig(mServerCaCert, INNER_EAP_SESSION_CONFIG)
.build();
assertArrayEquals(EAP_IDENTITY, result.getEapIdentity());
@@ -110,12 +89,6 @@
assertEquals(EAP_TYPE_MSCHAP_V2, eapMsChapV2Config.getMethodType());
assertEquals(EAP_MSCHAPV2_USERNAME, eapMsChapV2Config.getUsername());
assertEquals(EAP_MSCHAPV2_PASSWORD, eapMsChapV2Config.getPassword());
-
- EapTtlsConfig eapTtlsConfig = result.getEapTtlsConfig();
- assertNotNull(eapTtlsConfig);
- assertEquals(EAP_TYPE_TTLS, eapTtlsConfig.getMethodType());
- assertEquals(mServerCaCert, eapTtlsConfig.getServerCaCert());
- assertEquals(INNER_EAP_SESSION_CONFIG, eapTtlsConfig.getInnerEapSessionConfig());
}
private void verifyEapUiccConfigCommon(EapUiccConfig config) {
diff --git a/tests/cts/src/android/ipsec/ike/cts/ChildSessionParamsTest.java b/tests/cts/src/android/ipsec/ike/cts/ChildSessionParamsTest.java
index 753d3c5..9cba90b 100644
--- a/tests/cts/src/android/ipsec/ike/cts/ChildSessionParamsTest.java
+++ b/tests/cts/src/android/ipsec/ike/cts/ChildSessionParamsTest.java
@@ -125,26 +125,6 @@
}
@Test
- public void testBuildTransportModeParamsWithTransportModeParams() {
- TransportModeChildSessionParams childParams =
- new TransportModeChildSessionParams.Builder().addSaProposal(mSaProposal).build();
- TransportModeChildSessionParams result =
- new TransportModeChildSessionParams.Builder(childParams).build();
-
- assertEquals(childParams, result);
- }
-
- @Test
- public void testBuildTunnelModeParamsWithTunnelModeParams() {
- TunnelModeChildSessionParams childParams =
- new TunnelModeChildSessionParams.Builder().addSaProposal(mSaProposal).build();
- TunnelModeChildSessionParams result =
- new TunnelModeChildSessionParams.Builder(childParams).build();
-
- assertEquals(childParams, result);
- }
-
- @Test
public void testBuildTransportModeParamsWithCustomizedValues() {
TransportModeChildSessionParams childParams =
new TransportModeChildSessionParams.Builder()
diff --git a/tests/cts/src/android/ipsec/ike/cts/IkeExceptionTest.java b/tests/cts/src/android/ipsec/ike/cts/IkeExceptionTest.java
deleted file mode 100644
index d2d249d..0000000
--- a/tests/cts/src/android/ipsec/ike/cts/IkeExceptionTest.java
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.ipsec.ike.cts;
-
-import static android.net.ipsec.ike.SaProposal.DH_GROUP_1024_BIT_MODP;
-
-import static com.android.internal.util.HexDump.hexStringToByteArray;
-
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertEquals;
-
-import android.net.InetAddresses;
-import android.net.ipsec.ike.exceptions.IkeInternalException;
-import android.net.ipsec.ike.exceptions.IkeNetworkLostException;
-import android.net.ipsec.ike.exceptions.InvalidKeException;
-import android.net.ipsec.ike.exceptions.InvalidMajorVersionException;
-import android.net.ipsec.ike.exceptions.InvalidSelectorsException;
-
-import androidx.test.ext.junit.runners.AndroidJUnit4;
-
-import org.junit.Test;
-import org.junit.runner.RunWith;
-
-import java.net.InetAddress;
-
-@RunWith(AndroidJUnit4.class)
-public class IkeExceptionTest extends IkeTestNetworkBase {
- @Test
- public void testIkeInternalException() throws Exception {
- final Throwable cause = new Throwable("Test Cause");
- final String errMsg = "Test Error Message";
-
- final IkeInternalException exception = new IkeInternalException(cause);
- final IkeInternalException exceptionWithMsg = new IkeInternalException(errMsg, cause);
-
- assertEquals(cause, exception.getCause());
- assertEquals(cause, exceptionWithMsg.getCause());
- assertEquals(errMsg, exceptionWithMsg.getMessage());
- }
-
- @Test
- public void testIkeNetworkLostException() throws Exception {
- final InetAddress testAddress = InetAddresses.parseNumericAddress("198.51.100.10");
- try (TunNetworkContext tunContext = new TunNetworkContext(testAddress)) {
- final IkeNetworkLostException exception =
- new IkeNetworkLostException(tunContext.tunNetwork);
- assertEquals(tunContext.tunNetwork, exception.getNetwork());
- }
- }
-
- @Test
- public void testInvalidKeException() throws Exception {
- final InvalidKeException exception = new InvalidKeException(DH_GROUP_1024_BIT_MODP);
- assertEquals(DH_GROUP_1024_BIT_MODP, exception.getDhGroup());
- }
-
- @Test
- public void testInvalidMajorVersionException() throws Exception {
- final byte majorVersion = (byte) 3;
- final InvalidMajorVersionException exception =
- new InvalidMajorVersionException(majorVersion);
- assertEquals(majorVersion, exception.getMajorVersion());
- }
-
- @Test
- public void testInvalidSelectorsException() throws Exception {
- final byte[] packetInfo =
- hexStringToByteArray("4500009cafcd4000403208adc0a80064c0a80001c9d8d74200000001");
- final int spi = 0xc9d8d742;
-
- final InvalidSelectorsException exception = new InvalidSelectorsException(spi, packetInfo);
- assertArrayEquals(packetInfo, exception.getIpSecPacketInfo());
- assertEquals(spi, exception.getIpSecSpi());
- }
-}
diff --git a/tests/cts/src/android/ipsec/ike/cts/IkeSessionDigitalSignatureTest.java b/tests/cts/src/android/ipsec/ike/cts/IkeSessionDigitalSignatureTest.java
index b616661..402769f 100644
--- a/tests/cts/src/android/ipsec/ike/cts/IkeSessionDigitalSignatureTest.java
+++ b/tests/cts/src/android/ipsec/ike/cts/IkeSessionDigitalSignatureTest.java
@@ -25,7 +25,7 @@
import androidx.test.ext.junit.runners.AndroidJUnit4;
-import com.android.internal.net.ipsec.test.ike.testutils.CertUtils;
+import com.android.internal.net.ipsec.ike.testutils.CertUtils;
import org.junit.BeforeClass;
import org.junit.Test;
@@ -150,7 +150,7 @@
private IkeSession openIkeSessionWithRemoteAddress(InetAddress remoteAddress) {
IkeSessionParams ikeParams =
new IkeSessionParams.Builder(sContext)
- .setNetwork(mTunNetworkContext.tunNetwork)
+ .setNetwork(mTunNetwork)
.setServerHostname(remoteAddress.getHostAddress())
.addSaProposal(SaProposalTest.buildIkeSaProposalWithNormalModeCipher())
.addSaProposal(SaProposalTest.buildIkeSaProposalWithCombinedModeCipher())
diff --git a/tests/cts/src/android/ipsec/ike/cts/IkeSessionMobikeTest.java b/tests/cts/src/android/ipsec/ike/cts/IkeSessionMobikeTest.java
deleted file mode 100644
index 9a366ba..0000000
--- a/tests/cts/src/android/ipsec/ike/cts/IkeSessionMobikeTest.java
+++ /dev/null
@@ -1,425 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.ipsec.ike.cts;
-
-import static android.net.ipsec.ike.IkeSessionConfiguration.EXTENSION_TYPE_FRAGMENTATION;
-import static android.net.ipsec.ike.IkeSessionConfiguration.EXTENSION_TYPE_MOBIKE;
-import static android.net.ipsec.ike.SaProposal.DH_GROUP_2048_BIT_MODP;
-import static android.net.ipsec.ike.SaProposal.ENCRYPTION_ALGORITHM_AES_CBC;
-import static android.net.ipsec.ike.SaProposal.INTEGRITY_ALGORITHM_AES_CMAC_96;
-import static android.net.ipsec.ike.SaProposal.KEY_LEN_AES_128;
-import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_AES128_CMAC;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-
-import android.net.Network;
-import android.net.ipsec.ike.IkeSaProposal;
-import android.net.ipsec.ike.IkeSession;
-import android.net.ipsec.ike.IkeSessionConfiguration;
-import android.net.ipsec.ike.IkeSessionConnectionInfo;
-import android.net.ipsec.ike.IkeSessionParams;
-import android.net.ipsec.ike.exceptions.IkeException;
-import android.net.ipsec.ike.exceptions.IkeNetworkLostException;
-import android.platform.test.annotations.AppModeFull;
-
-import androidx.test.ext.junit.runners.AndroidJUnit4;
-import androidx.test.filters.SdkSuppress;
-
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-
-import java.net.InetAddress;
-import java.util.Arrays;
-
-@RunWith(AndroidJUnit4.class)
-@AppModeFull(reason = "MANAGE_IPSEC_TUNNELS permission can't be granted to instant apps")
-@SdkSuppress(minSdkVersion = 31, codeName = "S")
-public class IkeSessionMobikeTest extends IkeSessionPskTestBase {
- private static final String IKE_INIT_RESP =
- "46b8eca1e0d72a189b9f8e0158e1c0a52120222000000000000001d022000030"
- + "0000002c010100040300000c0100000c800e0080030000080300000803000008"
- + "02000008000000080400000e28000108000e0000164d3413d855a1642d4d6355"
- + "a8ef6666bfaa28a4b5264600c9ffbaef7930bd33af49022926013aae0a48d764"
- + "750ccb3987605957e31a2ef0e6838cfa67af989933c2879434081c4e9787f0d4"
- + "4da0d7dacca5589702a4537ee4fb18e8db21a948b245260f55212a1c619f61c6"
- + "fa1caaff4474082f9714b14ef4bcc7b2b8f43fcb939931119e53b05274faec65"
- + "2816c563529e60c1a88183eba9c456ecb644faf57b726b83e3242e08489d95e9"
- + "81e59c7ad82cf3cdfb00fe0213c4e65d61e88bbefbd536261027da722a2bbf89"
- + "c6378e63ce6fbcef282421e5576bba1b2faa3c4c2d41028f91df7ba165a24a18"
- + "fcba4f96db3e5e0eed76dc7c3c432362dd4a82d32900002461cbd03c08819730"
- + "f1060ed0c0446f784eb8dd884d3f73f54eb2b0c3071cc4f32900001c00004004"
- + "07150f3fd9584dbebb7e88ad256c7bfb9b0bb55a2900001c00004005e3aa3788"
- + "7040e38dbb4de8fd435161cce904ec59290000080000402e290000100000402f"
- + "00020003000400050000000800004014";
- private static final String IKE_AUTH_RESP =
- "46b8eca1e0d72a189b9f8e0158e1c0a52e20232000000001000000fc240000e0"
- + "1a666eb2a02b37682436a18fff5e9cef67b9096d6c7887ed235f8b5173c9469e"
- + "361621b66849de2dbcabf956b3d055cafafd503530543540e81dac9bf8fb8826"
- + "e08bc99e9ed2185d8f1322c8885abe4f98a9832c694da775eaa4ae69f17b8cbf"
- + "b009bf82b4bf4012bca489595631c3168cd417f813e7d177d2ceb70766a0773c"
- + "8819d8763627ddc9455ae3d5a5a03224020a66c8e58c8073c4a1fcf5d67cfa95"
- + "15de86b392a63ff54ff5572302b9ce7725085b05839252794c3680f5d8f34019"
- + "fa1930ea045d2a9987850e2049235c7328ef148370b6a3403408b987";
- private static final String IKE_UPDATE_SA_RESP =
- "46b8eca1e0d72a189b9f8e0158e1c0a52e202520000000020000007c29000060"
- + "a1fd35f112d92d1df19ce734f6edf56ccda1bfd44ef6de428a097e04d5b40b28"
- + "3897e42f23dd53e444dc6c676cf9a7d9d73bb3975d663ec351fb5ae4e56a55d8"
- + "cbcf376a3b99cc6fd858621cc78b3017d895e4309f09a444028dba85";
- private static final String IKE_CREATE_CHILD_RESP =
- "46b8eca1e0d72a189b9f8e0158e1c0a52e20242000000003000000cc210000b0"
- + "e6bb78203dbe2189806c5cecef5040b8c4c0253895c7c0acea6483a1f0f72425"
- + "77ab46e18d553329d4ae1bd31cf57eec6ec31ceb1f2ed6b1195cac98b4b97a25"
- + "115d14c414e44dba8ebbdaf502e43f98a09036bee0ea2a621176300874a3eae8"
- + "c988357255b4e5923928d335b0ef62a565333fae6a64c85ac30e7da34ceeade4"
- + "1a161bcad0b51f8209ee1fdaf53d50359ad6b986ecd4290c9f69a34c64ddc0eb"
- + "73b8f3231f3f4e057404c18d";
- private static final String IKE_DELETE_CHILD_RESP =
- "46b8eca1e0d72a189b9f8e0158e1c0a52e202520000000040000004c2a000030"
- + "53d97806d48ce44e0d4e1adf1de36778f77c3823bfaf8186cc71d4dc73497099"
- + "a9049e7be8a2013affd56ab7";
- private static final String DELETE_IKE_RESP =
- "46b8eca1e0d72a189b9f8e0158e1c0a52e202520000000050000004c00000030"
- + "818e6679fef4924a27452805c98125660d4396ab002f5ae45dcf75ef0d1e2190"
- + "273b1c4527ba26ce37574852";
-
- private TunNetworkContext mSecondaryTunNetworkContext;
-
- private InetAddress mSecondaryLocalAddr;
-
- private IkeSession mIkeSession;
-
- @Before
- public void setUp() throws Exception {
- super.setUp();
-
- mSecondaryLocalAddr = getNextAvailableIpv4AddressLocal();
-
- mSecondaryTunNetworkContext = new TunNetworkContext(mSecondaryLocalAddr);
- }
-
- @After
- public void tearDown() throws Exception {
- mSecondaryTunNetworkContext.close();
-
- if (mIkeSession != null) {
- mIkeSession.kill();
- }
-
- super.tearDown();
- }
-
- @Override
- protected IkeSessionParams getIkeSessionParams(InetAddress remoteAddress) {
- return createIkeParamsBuilderBase(remoteAddress)
- .addIkeOption(IkeSessionParams.IKE_OPTION_MOBIKE)
- .build();
- }
-
- @Test
- public void testMigrateNetworksWithoutXfrmMigrate() throws Exception {
- if (!hasTunnelsFeature()) return;
-
- final IkeSession ikeSession =
- setupAndVerifyIkeSessionWithOptionMobike(
- IKE_INIT_RESP, IKE_AUTH_RESP, true /* mobikeSupportedByServer */);
-
- final IpSecTransformCallRecord firstTransformRecordA =
- mFirstChildSessionCallback.awaitNextCreatedIpSecTransform();
- final IpSecTransformCallRecord firstTransformRecordB =
- mFirstChildSessionCallback.awaitNextCreatedIpSecTransform();
- verifyCreateIpSecTransformPair(firstTransformRecordA, firstTransformRecordB);
-
- // Local request message ID starts from 2 because there is one IKE_INIT message and a single
- // IKE_AUTH message.
- int expectedMsgId = 2;
-
- setNetworkAndVerifyConnectionInfoChange(
- ikeSession, mSecondaryTunNetworkContext, expectedMsgId++, IKE_UPDATE_SA_RESP);
- final IpSecTransformCallRecord[] migrateRecords =
- injectCreateChildRespAndVerifyTransformsMigrated(
- mSecondaryTunNetworkContext, expectedMsgId++, IKE_CREATE_CHILD_RESP);
- injectDeleteChildRespAndVerifyTransformsDeleted(
- mSecondaryTunNetworkContext,
- expectedMsgId++,
- IKE_DELETE_CHILD_RESP,
- firstTransformRecordA,
- firstTransformRecordB);
-
- // Close IKE Session
- ikeSession.close();
- mSecondaryTunNetworkContext.tunUtils.awaitReqAndInjectResp(
- IKE_DETERMINISTIC_INITIATOR_SPI,
- expectedMsgId++,
- true /* expectedUseEncap */,
- DELETE_IKE_RESP);
- verifyCloseIkeAndChildBlocking(migrateRecords[0], migrateRecords[1]);
- }
-
- private IkeSession setupAndVerifyIkeSessionWithOptionMobike(
- String ikeInitRespHex, String ikeAuthRespHex, boolean mobikeSupportedByServer)
- throws Exception {
- final IkeSaProposal saProposal =
- new IkeSaProposal.Builder()
- .addEncryptionAlgorithm(ENCRYPTION_ALGORITHM_AES_CBC, KEY_LEN_AES_128)
- .addIntegrityAlgorithm(INTEGRITY_ALGORITHM_AES_CMAC_96)
- .addPseudorandomFunction(PSEUDORANDOM_FUNCTION_AES128_CMAC)
- .addDhGroup(DH_GROUP_2048_BIT_MODP)
- .build();
- final IkeSessionParams ikeParams =
- createIkeParamsBuilderBase(mRemoteAddress, saProposal)
- .addIkeOption(IkeSessionParams.IKE_OPTION_MOBIKE)
- .build();
-
- final IkeSession ikeSession = openIkeSessionWithTunnelModeChild(mRemoteAddress, ikeParams);
- performSetupIkeAndFirstChildBlocking(
- ikeInitRespHex, true /* expectedAuthUseEncap */, ikeAuthRespHex);
- if (mobikeSupportedByServer) {
- verifyIkeSessionSetupBlocking(EXTENSION_TYPE_FRAGMENTATION, EXTENSION_TYPE_MOBIKE);
- } else {
- verifyIkeSessionSetupBlocking(EXTENSION_TYPE_FRAGMENTATION);
- }
-
- verifyChildSessionSetupBlocking(
- mFirstChildSessionCallback,
- Arrays.asList(TUNNEL_MODE_INBOUND_TS),
- Arrays.asList(TUNNEL_MODE_OUTBOUND_TS),
- Arrays.asList(EXPECTED_INTERNAL_LINK_ADDR));
- return ikeSession;
- }
-
- private void setNetworkAndVerifyConnectionInfoChange(
- IkeSession ikeSession,
- TunNetworkContext tunNetworkContext,
- int expectedMsgId,
- String ikeUpdateSaResp)
- throws Exception {
- ikeSession.setNetwork(tunNetworkContext.tunNetwork);
-
- tunNetworkContext.tunUtils.awaitReqAndInjectResp(
- IKE_DETERMINISTIC_INITIATOR_SPI,
- expectedMsgId,
- true /* expectedUseEncap */,
- ikeUpdateSaResp);
-
- verifyConnectionInfoChange(tunNetworkContext.tunNetwork, mSecondaryLocalAddr);
- }
-
- private void verifyConnectionInfoChange(
- Network expectedNetwork, InetAddress expectedLocalAddress) throws Exception {
- final IkeSessionConnectionInfo connectionInfo =
- mIkeSessionCallback.awaitOnIkeSessionConnectionInfoChanged();
- assertNotNull(connectionInfo);
- assertEquals(expectedNetwork, connectionInfo.getNetwork());
- assertEquals(expectedLocalAddress, connectionInfo.getLocalAddress());
- assertEquals(mRemoteAddress, connectionInfo.getRemoteAddress());
- }
-
- private IpSecTransformCallRecord[] injectCreateChildRespAndVerifyTransformsMigrated(
- TunNetworkContext tunNetworkContext, int expectedMsgId, String ikeCreateChildResp)
- throws Exception {
- tunNetworkContext.tunUtils.awaitReqAndInjectResp(
- IKE_DETERMINISTIC_INITIATOR_SPI,
- expectedMsgId,
- true /* expectedUseEncap */,
- ikeCreateChildResp);
-
- final IpSecTransformCallRecord[] migrateRecords =
- mFirstChildSessionCallback.awaitNextMigratedIpSecTransform();
- assertNotNull(migrateRecords);
- verifyCreateIpSecTransformPair(migrateRecords[0], migrateRecords[1]);
- return migrateRecords;
- }
-
- private void injectDeleteChildRespAndVerifyTransformsDeleted(
- TunNetworkContext tunNetworkContext,
- int expectedMsgId,
- String ikeDeleteChildResp,
- IpSecTransformCallRecord transformRecordA,
- IpSecTransformCallRecord transformRecordB)
- throws Exception {
- tunNetworkContext.tunUtils.awaitReqAndInjectResp(
- IKE_DETERMINISTIC_INITIATOR_SPI,
- expectedMsgId,
- true /* expectedUseEncap */,
- ikeDeleteChildResp);
-
- verifyDeleteIpSecTransformPair(
- mFirstChildSessionCallback, transformRecordA, transformRecordB);
- }
-
- @Test
- public void testNetworkDied() throws Exception {
- if (!hasTunnelsFeature()) return;
-
- final IkeSession ikeSession =
- setupAndVerifyIkeSessionWithOptionMobike(
- IKE_INIT_RESP, IKE_AUTH_RESP, true /* mobikeSupportedByServer */);
-
- // Teardown test network to kill the IKE Session
- mTunNetworkContext.close();
-
- final IkeException exception = mIkeSessionCallback.awaitNextOnErrorException();
- assertTrue(exception instanceof IkeNetworkLostException);
- final IkeNetworkLostException networkLostException = (IkeNetworkLostException) exception;
- assertEquals(mTunNetworkContext.tunNetwork, networkLostException.getNetwork());
-
- ikeSession.kill();
- }
-
- @Test
- public void testSetNetworkWithoutMobikeEnabled() throws Exception {
- if (!hasTunnelsFeature()) return;
-
- final String ikeInitResp =
- "46B8ECA1E0D72A1821D31742E82FA9232120222000000000000001D022000030"
- + "0000002C010100040300000C0100000C800E0080030000080300000803000008"
- + "02000008000000080400000E28000108000E0000CE0DFFE121D30D2B5C4DBEC4"
- + "AEBD2F8D83F0F8EC5E2998CE98BD90492D8AA6C9360F32AE98402F853DF12FA9"
- + "A64ABFBB83D5FFAD1F18B6CB6FEBAB222AF5C98D4575BE2380B42F2A4E5B7B0B"
- + "5528F372C4E70B5B7D01D706E3F1C2E4A9E8A687C427DDB1002B190A4D73BBBA"
- + "E41801798408D73870657B846B84A5D9292A007A9EDA719CA3A820BB513EBE59"
- + "C6BF5BEB7CC9A86F0722D98F6E73B5BBC2F5EEDB39992D036406B54BF0355534"
- + "960D4771623ECFC561211F0580EEC051BD477076F4454E185DA7744E7B7D145B"
- + "08C874529C2BFE387BB7C09FCD762CEBFF6C2DE0C4912DF5747B16F51D0A9570"
- + "37EC652A1F025C4E80DEE9D91BF0DFEE17F3EF6F29000024196ADD342DBD954F"
- + "A1160542E5F312A6A44A9D19AF6799698A781F4CF717CD722900001C00004004"
- + "3EFFE36169090E6F6B6CB5B5BD321257E67C2B922900001C000040050AB409D2"
- + "60D9EE157D15483E001603BB43D918C1290000080000402E290000100000402F"
- + "00020003000400050000000800004014";
- final String IkeAuthRespWithoutMobikeSupport =
- "46B8ECA1E0D72A1821D31742E82FA9232E20232000000001000000EC240000D0"
- + "493A4E97A90AE4F3CB4561D82F9123C22436EE0BAB686965D1EF7C724B2B3979"
- + "594D3CBCF70C3C78F46B2D9F198DCB07CEE0F774A51CF4224B4A3223500214F2"
- + "0AFBB7472156EF8FF03391D03A2D78001EE0B23AD5818BDAC15F348F3D97E54D"
- + "0C6A3DBC7F89A764A883631CFCB6C8C5A4E939E7AF7AC744D6530A88CD8EDDAC"
- + "F003BD73CE73A79D7ADDF53F9B3CCCBBF92F21FB29317F4151B17F0BC5F98CEE"
- + "89B739E4A46BC80B10D34B159CCFA847F12F85DEE5B8AED854DC460EA92BE17A"
- + "E2C1F56C7497001BF5B22E88";
- final String createChildResp =
- "46B8ECA1E0D72A1821D31742E82FA9232E20242000000002000000CC210000B0"
- + "10869163B82783B650AD180040F191A516588586F051F77147F06FDDC70EA4A3"
- + "C4FCCD61C1E3AF3672150207F0AAB3540D4E20AB4F89B70D5D8F57E6A6AD2A42"
- + "F95516715BB3317B62878DA4D77170FD29994D8553300F05DC28973899F58FE2"
- + "A60D0C1158B7A711F20FC2A2F95351A14650F63160746CCEF73F32033B766DD4"
- + "730712D9EBB2D58CB1635CBF74559FA66CB56CFBE506CBC86C89F604D1A80E73"
- + "9B269A1CE93F46451C3307E4";
- final String deleteChildResp =
- "46B8ECA1E0D72A1821D31742E82FA9232E202520000000030000004C2A000030"
- + "E2D0B074AF644A5AA58F999AA376450780BB66BBCB64C84BD8E5CBC9549A2A1A"
- + "524091EFE5D1ADE9694813B1";
- final String deleteIkeResp =
- "46B8ECA1E0D72A1821D31742E82FA9232E202520000000040000004C00000030"
- + "59205A0B069A0D6C95B044B16DC655BA28A968463CCBCF60996EE56897C14F2C"
- + "FF9F15D1120A78DD2DE2E1C9";
-
- final IkeSession ikeSession =
- setupAndVerifyIkeSessionWithOptionMobike(
- ikeInitResp,
- IkeAuthRespWithoutMobikeSupport,
- false /* mobikeSupportedByServer */);
-
- final IpSecTransformCallRecord firstTransformRecordA =
- mFirstChildSessionCallback.awaitNextCreatedIpSecTransform();
- final IpSecTransformCallRecord firstTransformRecordB =
- mFirstChildSessionCallback.awaitNextCreatedIpSecTransform();
- verifyCreateIpSecTransformPair(firstTransformRecordA, firstTransformRecordB);
-
- // Rekey-based mobility
- ikeSession.setNetwork(mSecondaryTunNetworkContext.tunNetwork);
- verifyConnectionInfoChange(mSecondaryTunNetworkContext.tunNetwork, mSecondaryLocalAddr);
-
- // Local request message ID starts from 2 because there is one IKE_INIT message and a single
- // IKE_AUTH message.
- int expectedMsgId = 2;
- final IpSecTransformCallRecord[] migrateRecords =
- injectCreateChildRespAndVerifyTransformsMigrated(
- mSecondaryTunNetworkContext, expectedMsgId++, createChildResp);
- injectDeleteChildRespAndVerifyTransformsDeleted(
- mSecondaryTunNetworkContext,
- expectedMsgId++,
- deleteChildResp,
- firstTransformRecordA,
- firstTransformRecordB);
-
- // Close IKE Session
- ikeSession.close();
- mSecondaryTunNetworkContext.tunUtils.awaitReqAndInjectResp(
- IKE_DETERMINISTIC_INITIATOR_SPI,
- expectedMsgId++,
- true /* expectedUseEncap */,
- deleteIkeResp);
- verifyCloseIkeAndChildBlocking(migrateRecords[0], migrateRecords[1]);
- }
-
- @Test
- public void testSetNetworkWithoutOptionMobike() throws Exception {
- if (!hasTunnelsFeature()) return;
-
- final String ikeInitResp =
- "46B8ECA1E0D72A18B45427679F9245D421202220000000000000015022000030"
- + "0000002C010100040300000C0100000C800E0080030000080300000203000008"
- + "0200000200000008040000022800008800020000A7AA3435D088EC1A2B7C2A47"
- + "1FA1B85F1066C9B2006E7C353FB5B5FDBC2A88347ED2C6F5B7A265D03AE34039"
- + "6AAC0145CFCC93F8BDB219DDFF22A603B8856A5DC59B6FAB7F17C5660CF38670"
- + "8794FC72F273ADEB7A4F316519794AED6F8AB61F95DFB360FAF18C6C8CABE471"
- + "6E18FE215348C2E582171A57FC41146B16C4AFE429000024A634B61C0E5C90C6"
- + "8D8818B0955B125A9B1DF47BBD18775710792E651083105C2900001C00004004"
- + "406FA3C5685A16B9B72C7F2EEE9993462C619ABE2900001C00004005AF905A87"
- + "0A32222AA284A7070585601208A282F0290000080000402E290000100000402F"
- + "00020003000400050000000800004014";
- final String IkeAuthRespWithoutMobikeSupport =
- "46B8ECA1E0D72A18B45427679F9245D42E20232000000001000000EC240000D0"
- + "0D06D37198F3F0962DE8170D66F1A9008267F98CDD956D984BDCED2FC7FAF84A"
- + "A6664EF25049B46B93C9ED420488E0C172AA6635BF4011C49792EF2B88FE7190"
- + "E8859FEEF51724FD20C46E7B9A9C3DC4708EF7005707A18AB747C903ABCEAC5C"
- + "6ECF5A5FC13633DCE3844A920ED10EF202F115DBFBB5D6D2D7AB1F34EB08DE7C"
- + "A54DCE0A3A582753345CA2D05A0EFDB9DC61E81B2483B7D13EEE0A815D37252C"
- + "23D2F29E9C30658227D2BB0C9E1A481EAA80BC6BE9006BEDC13E925A755A0290"
- + "AEC4164D29997F52ED7DCC2E";
-
- // Open IKE Session without IKE_OPTION_MOBIKE
- mIkeSession =
- openIkeSessionWithTunnelModeChild(
- mRemoteAddress, createIkeParamsBuilderBase(mRemoteAddress).build());
- performSetupIkeAndFirstChildBlocking(ikeInitResp, IkeAuthRespWithoutMobikeSupport);
-
- verifyIkeSessionSetupBlocking();
-
- final IkeSessionConfiguration ikeConfig = mIkeSessionCallback.awaitIkeConfig();
- assertFalse(ikeConfig.isIkeExtensionEnabled(IkeSessionConfiguration.EXTENSION_TYPE_MOBIKE));
-
- try {
- // manually change network when IKE_OPTION_MOBIKE is not set
- mIkeSession.setNetwork(mSecondaryTunNetworkContext.tunNetwork);
-
- fail("Expected error for setNetwork() when IKE_OPTION_MOBIKE is not set");
- } catch (IllegalStateException expected) {
- }
- }
-
- /** The MOBIKE spec explicitly disallows Transport mode. */
- @Test(expected = IllegalArgumentException.class)
- public void testStartSessionWithMobikeAndTransportMode() {
- mIkeSession = openIkeSessionWithTransportModeChild(mRemoteAddress);
- }
-}
diff --git a/tests/cts/src/android/ipsec/ike/cts/IkeSessionMschapV2Test.java b/tests/cts/src/android/ipsec/ike/cts/IkeSessionMschapV2Test.java
index a7a0904..a104996 100644
--- a/tests/cts/src/android/ipsec/ike/cts/IkeSessionMschapV2Test.java
+++ b/tests/cts/src/android/ipsec/ike/cts/IkeSessionMschapV2Test.java
@@ -26,7 +26,7 @@
import androidx.test.ext.junit.runners.AndroidJUnit4;
-import com.android.internal.net.ipsec.test.ike.testutils.CertUtils;
+import com.android.internal.net.ipsec.ike.testutils.CertUtils;
import org.junit.BeforeClass;
import org.junit.Test;
@@ -148,7 +148,7 @@
private IkeSession openIkeSessionWithRemoteAddress(InetAddress remoteAddress) {
IkeSessionParams ikeParams =
new IkeSessionParams.Builder(sContext)
- .setNetwork(mTunNetworkContext.tunNetwork)
+ .setNetwork(mTunNetwork)
.setServerHostname(remoteAddress.getHostAddress())
.addSaProposal(SaProposalTest.buildIkeSaProposalWithNormalModeCipher())
.addSaProposal(SaProposalTest.buildIkeSaProposalWithCombinedModeCipher())
@@ -171,30 +171,30 @@
// Open IKE Session
IkeSession ikeSession = openIkeSessionWithRemoteAddress(mRemoteAddress);
int expectedMsgId = 0;
- mTunNetworkContext.tunUtils.awaitReqAndInjectResp(
+ mTunUtils.awaitReqAndInjectResp(
IKE_DETERMINISTIC_INITIATOR_SPI,
expectedMsgId++,
false /* expectedUseEncap */,
IKE_INIT_RESP);
- mTunNetworkContext.tunUtils.awaitReqAndInjectResp(
+ mTunUtils.awaitReqAndInjectResp(
IKE_DETERMINISTIC_INITIATOR_SPI,
expectedMsgId++,
true /* expectedUseEncap */,
IKE_AUTH_RESP_1_FRAG_1,
IKE_AUTH_RESP_1_FRAG_2);
- mTunNetworkContext.tunUtils.awaitReqAndInjectResp(
+ mTunUtils.awaitReqAndInjectResp(
IKE_DETERMINISTIC_INITIATOR_SPI,
expectedMsgId++,
true /* expectedUseEncap */,
IKE_AUTH_RESP_2);
- mTunNetworkContext.tunUtils.awaitReqAndInjectResp(
+ mTunUtils.awaitReqAndInjectResp(
IKE_DETERMINISTIC_INITIATOR_SPI,
expectedMsgId++,
true /* expectedUseEncap */,
IKE_AUTH_RESP_3);
- mTunNetworkContext.tunUtils.awaitReqAndInjectResp(
+ mTunUtils.awaitReqAndInjectResp(
IKE_DETERMINISTIC_INITIATOR_SPI,
expectedMsgId++,
true /* expectedUseEncap */,
diff --git a/tests/cts/src/android/ipsec/ike/cts/IkeSessionParamsTest.java b/tests/cts/src/android/ipsec/ike/cts/IkeSessionParamsTest.java
index 6c5e0aa..241e79b 100644
--- a/tests/cts/src/android/ipsec/ike/cts/IkeSessionParamsTest.java
+++ b/tests/cts/src/android/ipsec/ike/cts/IkeSessionParamsTest.java
@@ -23,8 +23,6 @@
import static android.net.ipsec.ike.IkeSessionParams.IkeAuthDigitalSignRemoteConfig;
import static android.net.ipsec.ike.IkeSessionParams.IkeAuthEapConfig;
import static android.net.ipsec.ike.IkeSessionParams.IkeAuthPskConfig;
-import static android.net.ipsec.ike.ike3gpp.Ike3gppDataListenerTest.TestIke3gppDataListener;
-import static android.os.Build.VERSION_CODES.R;
import static android.system.OsConstants.AF_INET;
import static android.system.OsConstants.AF_INET6;
import static android.telephony.TelephonyManager.APPTYPE_USIM;
@@ -43,18 +41,13 @@
import android.net.ipsec.ike.IkeSessionParams.ConfigRequestIpv4PcscfServer;
import android.net.ipsec.ike.IkeSessionParams.ConfigRequestIpv6PcscfServer;
import android.net.ipsec.ike.IkeSessionParams.IkeConfigRequest;
-import android.net.ipsec.ike.ike3gpp.Ike3gppExtension;
-import android.net.ipsec.ike.ike3gpp.Ike3gppParams;
import androidx.test.ext.junit.runners.AndroidJUnit4;
-import androidx.test.filters.SdkSuppress;
-import com.android.internal.net.ipsec.test.ike.testutils.CertUtils;
-import com.android.testutils.DevSdkIgnoreRule;
-import com.android.testutils.DevSdkIgnoreRule.IgnoreAfter;
+import com.android.internal.net.ipsec.ike.testutils.CertUtils;
+import org.junit.After;
import org.junit.Before;
-import org.junit.Rule;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -72,16 +65,11 @@
@RunWith(AndroidJUnit4.class)
public final class IkeSessionParamsTest extends IkeSessionTestBase {
- @Rule public final DevSdkIgnoreRule ignoreRule = new DevSdkIgnoreRule();
-
private static final int HARD_LIFETIME_SECONDS = (int) TimeUnit.HOURS.toSeconds(20L);
private static final int SOFT_LIFETIME_SECONDS = (int) TimeUnit.HOURS.toSeconds(10L);
private static final int DPD_DELAY_SECONDS = (int) TimeUnit.MINUTES.toSeconds(10L);
- private static final int NATT_KEEPALIVE_DELAY_SECONDS = (int) TimeUnit.MINUTES.toSeconds(5L);
private static final int[] RETRANS_TIMEOUT_MS_LIST = new int[] {500, 500, 500, 500, 500, 500};
- private static final int DSCP = 8;
-
private static final Map<Class<? extends IkeConfigRequest>, Integer> EXPECTED_REQ_COUNT =
new HashMap<>();
private static final HashSet<InetAddress> EXPECTED_PCSCF_SERVERS = new HashSet<>();
@@ -118,7 +106,8 @@
@Before
public void setUp() throws Exception {
- super.setUp();
+ // This address is never used except for setting up the test network
+ setUpTestNetwork(IPV4_ADDRESS_LOCAL);
mServerCaCert = CertUtils.createCertFromPemFile("server-a-self-signed-ca.pem");
mClientEndCert = CertUtils.createCertFromPemFile("client-a-end-cert.pem");
@@ -129,6 +118,11 @@
mClientPrivateKey = CertUtils.createRsaPrivateKeyFromKeyFile("client-a-private-key.key");
}
+ @After
+ public void tearDown() throws Exception {
+ tearDownTestNetwork();
+ }
+
private static EapSessionConfig.Builder createEapOnlySafeMethodsBuilder() {
return new EapSessionConfig.Builder()
.setEapIdentity(EAP_IDENTITY)
@@ -144,13 +138,9 @@
* <p>Authentication method is arbitrarily selected. Using other method (e.g. setAuthEap) also
* works.
*/
- private IkeSessionParams.Builder createIkeParamsBuilderMinimum(boolean useContext) {
- final IkeSessionParams.Builder builder =
- useContext
- ? new IkeSessionParams.Builder(sContext)
- : new IkeSessionParams.Builder();
-
- return builder.setNetwork(mTunNetworkContext.tunNetwork)
+ private IkeSessionParams.Builder createIkeParamsBuilderMinimum() {
+ return new IkeSessionParams.Builder(sContext)
+ .setNetwork(mTunNetwork)
.setServerHostname(IPV4_ADDRESS_REMOTE.getHostAddress())
.addSaProposal(SA_PROPOSAL)
.setLocalIdentification(LOCAL_ID)
@@ -158,17 +148,13 @@
.setAuthPsk(IKE_PSK);
}
- private IkeSessionParams.Builder createIkeParamsBuilderMinimum() {
- return createIkeParamsBuilderMinimum(true /* useContext */);
- }
-
/**
* Verify the minimum configurations to build an IkeSessionParams.
*
* @see #createIkeParamsBuilderMinimum
*/
private void verifyIkeParamsMinimum(IkeSessionParams sessionParams) {
- assertEquals(mTunNetworkContext.tunNetwork, sessionParams.getNetwork());
+ assertEquals(mTunNetwork, sessionParams.getNetwork());
assertEquals(IPV4_ADDRESS_REMOTE.getHostAddress(), sessionParams.getServerHostname());
assertEquals(Arrays.asList(SA_PROPOSAL), sessionParams.getSaProposals());
assertEquals(LOCAL_ID, sessionParams.getLocalIdentification());
@@ -202,15 +188,6 @@
}
@Test
- public void testBuildWithIkeSessionParams() throws Exception {
- IkeSessionParams sessionParams =
- createIkeParamsBuilderMinimum(false /* useContext */).build();
- IkeSessionParams result = new IkeSessionParams.Builder(sessionParams).build();
-
- assertEquals(sessionParams, result);
- }
-
- @Test
public void testSetLifetimes() throws Exception {
IkeSessionParams sessionParams =
createIkeParamsBuilderMinimum()
@@ -232,17 +209,6 @@
}
@Test
- public void testSetNattKeepaliveDelay() throws Exception {
- IkeSessionParams sessionParams =
- createIkeParamsBuilderMinimum()
- .setNattKeepAliveDelaySeconds(NATT_KEEPALIVE_DELAY_SECONDS)
- .build();
-
- verifyIkeParamsMinimum(sessionParams);
- assertEquals(NATT_KEEPALIVE_DELAY_SECONDS, sessionParams.getNattKeepAliveDelaySeconds());
- }
-
- @Test
public void testSetRetransmissionTimeouts() throws Exception {
IkeSessionParams sessionParams =
createIkeParamsBuilderMinimum()
@@ -283,14 +249,6 @@
}
@Test
- public void testSetDscp() throws Exception {
- IkeSessionParams sessionParams = createIkeParamsBuilderMinimum().setDscp(DSCP).build();
-
- verifyIkeParamsMinimum(sessionParams);
- assertEquals(DSCP, sessionParams.getDscp());
- }
-
- @Test
public void testAddIkeOption() throws Exception {
IkeSessionParams sessionParams =
createIkeParamsBuilderMinimum()
@@ -319,7 +277,7 @@
*/
private IkeSessionParams.Builder createIkeParamsBuilderMinimumWithoutAuth() {
return new IkeSessionParams.Builder(sContext)
- .setNetwork(mTunNetworkContext.tunNetwork)
+ .setNetwork(mTunNetwork)
.setServerHostname(IPV4_ADDRESS_REMOTE.getHostAddress())
.addSaProposal(SA_PROPOSAL)
.setLocalIdentification(LOCAL_ID)
@@ -333,22 +291,13 @@
* @see #createIkeParamsBuilderMinimumWithoutAuth
*/
private void verifyIkeParamsMinimumWithoutAuth(IkeSessionParams sessionParams) {
- assertEquals(mTunNetworkContext.tunNetwork, sessionParams.getNetwork());
+ assertEquals(mTunNetwork, sessionParams.getNetwork());
assertEquals(IPV4_ADDRESS_REMOTE.getHostAddress(), sessionParams.getServerHostname());
assertEquals(Arrays.asList(SA_PROPOSAL), sessionParams.getSaProposals());
assertEquals(LOCAL_ID, sessionParams.getLocalIdentification());
assertEquals(REMOTE_ID, sessionParams.getRemoteIdentification());
}
- private void verifyIkeParamsWithPsk(IkeSessionParams sessionParams) {
- IkeAuthConfig localConfig = sessionParams.getLocalAuthConfig();
- assertTrue(localConfig instanceof IkeAuthPskConfig);
- assertArrayEquals(IKE_PSK, ((IkeAuthPskConfig) localConfig).getPsk());
- IkeAuthConfig remoteConfig = sessionParams.getRemoteAuthConfig();
- assertTrue(remoteConfig instanceof IkeAuthPskConfig);
- assertArrayEquals(IKE_PSK, ((IkeAuthPskConfig) remoteConfig).getPsk());
- }
-
@Test
public void testBuildWithPsk() throws Exception {
IkeSessionParams sessionParams =
@@ -356,22 +305,12 @@
verifyIkeParamsMinimumWithoutAuth(sessionParams);
- verifyIkeParamsWithPsk(sessionParams);
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testBuildWithPskMobikeEnabled() throws Exception {
- IkeSessionParams sessionParams =
- createIkeParamsBuilderMinimumWithoutAuth()
- .setAuthPsk(IKE_PSK)
- .addIkeOption(IkeSessionParams.IKE_OPTION_MOBIKE)
- .build();
-
- verifyIkeParamsMinimumWithoutAuth(sessionParams);
-
- verifyIkeParamsWithPsk(sessionParams);
- assertTrue(sessionParams.hasIkeOption(IkeSessionParams.IKE_OPTION_MOBIKE));
+ IkeAuthConfig localConfig = sessionParams.getLocalAuthConfig();
+ assertTrue(localConfig instanceof IkeAuthPskConfig);
+ assertArrayEquals(IKE_PSK, ((IkeAuthPskConfig) localConfig).getPsk());
+ IkeAuthConfig remoteConfig = sessionParams.getRemoteAuthConfig();
+ assertTrue(remoteConfig instanceof IkeAuthPskConfig);
+ assertArrayEquals(IKE_PSK, ((IkeAuthPskConfig) remoteConfig).getPsk());
}
@Test
@@ -472,26 +411,4 @@
assertEquals(
mServerCaCert, ((IkeAuthDigitalSignRemoteConfig) remoteConfig).getRemoteCaCert());
}
-
- @Test
- public void testBuildWithIke3gppExtension() throws Exception {
- Ike3gppExtension ike3gppExtension =
- new Ike3gppExtension(
- new Ike3gppParams.Builder().build(), new TestIke3gppDataListener());
- IkeSessionParams sessionParams =
- createIkeParamsBuilderMinimum().setIke3gppExtension(ike3gppExtension).build();
-
- verifyIkeParamsMinimumWithoutAuth(sessionParams);
- assertEquals(ike3gppExtension, sessionParams.getIke3gppExtension());
- }
-
- @Test
- @IgnoreAfter(R)
- public void testBuildWithMobikeOptionPreS() throws Exception {
- try {
- new IkeSessionParams.Builder().addIkeOption(IkeSessionParams.IKE_OPTION_MOBIKE);
- fail("Expected UnsupportedOperationException for setting IKE_OPTION_MOBIKE before S");
- } catch (UnsupportedOperationException expected) {
- }
- }
}
diff --git a/tests/cts/src/android/ipsec/ike/cts/IkeSessionPskTest.java b/tests/cts/src/android/ipsec/ike/cts/IkeSessionPskTest.java
index 6bc79b4..b9b710d 100644
--- a/tests/cts/src/android/ipsec/ike/cts/IkeSessionPskTest.java
+++ b/tests/cts/src/android/ipsec/ike/cts/IkeSessionPskTest.java
@@ -16,11 +16,7 @@
package android.ipsec.ike.cts;
-import static android.net.ipsec.ike.SaProposal.DH_GROUP_2048_BIT_MODP;
-import static android.net.ipsec.ike.SaProposal.ENCRYPTION_ALGORITHM_AES_CBC;
-import static android.net.ipsec.ike.SaProposal.INTEGRITY_ALGORITHM_AES_CMAC_96;
-import static android.net.ipsec.ike.SaProposal.KEY_LEN_AES_128;
-import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_AES128_CMAC;
+import static android.app.AppOpsManager.OP_MANAGE_IPSEC_TUNNELS;
import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_AUTHENTICATION_FAILED;
import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_NO_PROPOSAL_CHOSEN;
import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_TS_UNACCEPTABLE;
@@ -29,15 +25,17 @@
import static org.junit.Assert.assertEquals;
import android.net.LinkAddress;
-import android.net.ipsec.ike.IkeSaProposal;
+import android.net.ipsec.ike.ChildSessionParams;
+import android.net.ipsec.ike.IkeFqdnIdentification;
import android.net.ipsec.ike.IkeSession;
import android.net.ipsec.ike.IkeSessionParams;
import android.net.ipsec.ike.exceptions.IkeProtocolException;
import android.platform.test.annotations.AppModeFull;
import androidx.test.ext.junit.runners.AndroidJUnit4;
-import androidx.test.filters.SdkSuppress;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -47,7 +45,7 @@
@RunWith(AndroidJUnit4.class)
@AppModeFull(reason = "MANAGE_IPSEC_TUNNELS permission can't be granted to instant apps")
-public class IkeSessionPskTest extends IkeSessionPskTestBase {
+public class IkeSessionPskTest extends IkeSessionTestBase {
// Test vectors for success workflow
private static final String SUCCESS_IKE_INIT_RESP =
"46B8ECA1E0D72A18B45427679F9245D421202220000000000000015022000030"
@@ -87,9 +85,47 @@
+ "9352D71100777B00ABCC6BD7DBEA697827FFAAA48DF9A54D1D68161939F5DC8"
+ "6743A7CEB2BE34AC00095A5B8";
- @Override
- protected IkeSessionParams getIkeSessionParams(InetAddress remoteAddress) {
- return createIkeParamsBuilderBase(remoteAddress).build();
+ private IkeSession openIkeSessionWithTunnelModeChild(InetAddress remoteAddress) {
+ return openIkeSession(remoteAddress, buildTunnelModeChildSessionParams());
+ }
+
+ private IkeSession openIkeSessionWithTransportModeChild(InetAddress remoteAddress) {
+ return openIkeSession(remoteAddress, buildTransportModeChildParamsWithDefaultTs());
+ }
+
+ private IkeSession openIkeSession(InetAddress remoteAddress, ChildSessionParams childParams) {
+ IkeSessionParams ikeParams =
+ new IkeSessionParams.Builder(sContext)
+ .setNetwork(mTunNetwork)
+ .setServerHostname(remoteAddress.getHostAddress())
+ .addSaProposal(SaProposalTest.buildIkeSaProposalWithNormalModeCipher())
+ .addSaProposal(SaProposalTest.buildIkeSaProposalWithCombinedModeCipher())
+ .setLocalIdentification(new IkeFqdnIdentification(LOCAL_HOSTNAME))
+ .setRemoteIdentification(new IkeFqdnIdentification(REMOTE_HOSTNAME))
+ .setAuthPsk(IKE_PSK)
+ .build();
+ return new IkeSession(
+ sContext,
+ ikeParams,
+ childParams,
+ mUserCbExecutor,
+ mIkeSessionCallback,
+ mFirstChildSessionCallback);
+ }
+
+ @BeforeClass
+ public static void setUpTunnelPermissionBeforeClass() throws Exception {
+ // Under normal circumstances, the MANAGE_IPSEC_TUNNELS appop would be auto-granted, and
+ // a standard permission is insufficient. So we shell out the appop, to give us the
+ // right appop permissions.
+ setAppOp(OP_MANAGE_IPSEC_TUNNELS, true);
+ }
+
+ // This method is guaranteed to run in subclasses and will run after subclasses' @AfterClass
+ // methods.
+ @AfterClass
+ public static void tearDownTunnelPermissionAfterClass() throws Exception {
+ setAppOp(OP_MANAGE_IPSEC_TUNNELS, false);
}
@Test
@@ -117,9 +153,9 @@
verifyCreateIpSecTransformPair(firstTransformRecordA, firstTransformRecordB);
// Open additional Child Session
- TestChildSessionCallback additionalChildCb = new DefaultTestChildSessionCallback();
+ TestChildSessionCallback additionalChildCb = new TestChildSessionCallback();
ikeSession.openChildSession(buildTunnelModeChildSessionParams(), additionalChildCb);
- mTunNetworkContext.tunUtils.awaitReqAndInjectResp(
+ mTunUtils.awaitReqAndInjectResp(
IKE_DETERMINISTIC_INITIATOR_SPI,
expectedMsgId++,
true /* expectedUseEncap */,
@@ -139,7 +175,7 @@
// Close additional Child Session
ikeSession.closeChildSession(additionalChildCb);
- mTunNetworkContext.tunUtils.awaitReqAndInjectResp(
+ mTunUtils.awaitReqAndInjectResp(
IKE_DETERMINISTIC_INITIATOR_SPI,
expectedMsgId++,
true /* expectedUseEncap */,
@@ -156,80 +192,6 @@
}
@Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testIkeSessionSetupAndChildSessionSetupWithAesCmac() throws Exception {
- if (!hasTunnelsFeature()) return;
-
- final String ikeInitResp =
- "46b8eca1e0d72a181571bb794f2d88d12120222000000000000001d022000030"
- + "0000002c010100040300000c0100000c800e0080030000080300000803000008"
- + "02000008000000080400000e28000108000e0000698f6f432a2a711c4bdd9c83"
- + "c7742f2b07a7c75b8d0d78ff0fe3d0f5940f782b5631ab109a82427508001b80"
- + "39aabdcd71af3d29f131aed4f5f018a5039c6a9884226771cf846b18b1a9ea88"
- + "d6ef99daacad4a81aa034ef9b73aa8b861976ea483d588cefee05a1e9d6b61fe"
- + "84d316c9b0b09e14e5fbaefed07dc2588391cab1363a0a8772114aff5a31c52f"
- + "9f1a75b16833203954e228ab43b6bf72860e0deb332961d5ee8ce09b8dc8033b"
- + "36cc7a769c790be07cb9177d9a9693396c6a76f5de4311d8174f5ad4a83236b7"
- + "233f0e713e97d2776ae65cf102d0c41cf4d306dcafff3ae9ca5d615c0cb00e20"
- + "0d43bb1476cf8c726f70ad0d20f5e02fb3cc003c2900002408c1ba8e08c5f87f"
- + "546bf302b3c45df0fe79275af94c63ed8f1615b7167937612900001c00004004"
- + "e9c337df6bc320e3511a9b746d25701c3ae6a2212900001c0000400558429be4"
- + "203e487f214627a71e0c77ac99666486290000080000402e290000100000402f"
- + "00020003000400050000000800004014";
- final String ikeAuthResp =
- "46b8eca1e0d72a181571bb794f2d88d12e20232000000001000000ec240000d0"
- + "0934e8476ec0d980f9ccd5f618be1a4be9ebbe294fa9a4d444eb5e6502b6479d"
- + "04e79b235336706744b443cbb96132e14757332e9902211c663e3aec4955dcb6"
- + "6f29f572925fd8641441b6a97256c727f22dcb8d68f436e85a203d044f367fa0"
- + "6571e433e5a3231fe403fb1bb891642a37416efd4ece8e63bae7a8d05f6e7162"
- + "79f2862848ae8ec9c36bc7b4b239161050dc97ae628f564a446379e235e37582"
- + "624724c41b607be1c06cb4bbc2f7c3f0c7be19796670f375e0c5d920a389b6e9"
- + "e6720b8f90b244279156f502";
- final String deleteIkeResp =
- "46b8eca1e0d72a181571bb794f2d88d12e202520000000020000004c00000030"
- + "462193d2d381b85205d234b1e20b5e8bd1931a6d6fabeeef0c61855a1882525f"
- + "1dd507d4e7119ad54349a3b1";
- // Create IkeSessionParams with an SaProposal with integrity algorithm 'aescmac' and prf
- // 'prfaescmac'.
- final IkeSaProposal saProposal =
- new IkeSaProposal.Builder()
- .addEncryptionAlgorithm(ENCRYPTION_ALGORITHM_AES_CBC, KEY_LEN_AES_128)
- .addIntegrityAlgorithm(INTEGRITY_ALGORITHM_AES_CMAC_96)
- .addPseudorandomFunction(PSEUDORANDOM_FUNCTION_AES128_CMAC)
- .addDhGroup(DH_GROUP_2048_BIT_MODP)
- .build();
-
- final IkeSessionParams params =
- createIkeParamsBuilderBase(mRemoteAddress, saProposal).build();
-
- // Open IKE Session
- final IkeSession ikeSession = openIkeSessionWithTunnelModeChild(mRemoteAddress, params);
- performSetupIkeAndFirstChildBlocking(ikeInitResp, ikeAuthResp);
-
- // Local request message ID starts from 2 because there is one IKE_INIT message and a single
- // IKE_AUTH message.
- int expectedMsgId = 2;
-
- verifyIkeSessionSetupBlocking();
- verifyChildSessionSetupBlocking(
- mFirstChildSessionCallback,
- Arrays.asList(TUNNEL_MODE_INBOUND_TS),
- Arrays.asList(TUNNEL_MODE_OUTBOUND_TS),
- Arrays.asList(EXPECTED_INTERNAL_LINK_ADDR));
-
- final IpSecTransformCallRecord firstTransformRecordA =
- mFirstChildSessionCallback.awaitNextCreatedIpSecTransform();
- final IpSecTransformCallRecord firstTransformRecordB =
- mFirstChildSessionCallback.awaitNextCreatedIpSecTransform();
- verifyCreateIpSecTransformPair(firstTransformRecordA, firstTransformRecordB);
-
- // Close IKE Session
- ikeSession.close();
- performCloseIkeBlocking(expectedMsgId++, true /* expectedUseEncap */, deleteIkeResp);
- verifyCloseIkeAndChildBlocking(firstTransformRecordA, firstTransformRecordB);
- }
-
- @Test
public void testIkeSessionSetupAndChildSessionSetupWithTunnelModeV6() throws Exception {
if (!hasTunnelsFeature()) return;
@@ -265,8 +227,8 @@
// Teardown current test network that uses IPv4 address and set up new network with IPv6
// address.
- mTunNetworkContext.close();
- mTunNetworkContext = new TunNetworkContext(mLocalAddress);
+ tearDownTestNetwork();
+ setUpTestNetwork(mLocalAddress);
// Open IKE Session
IkeSession ikeSession = openIkeSessionWithTunnelModeChild(mRemoteAddress);
@@ -313,14 +275,15 @@
mIkeSessionCallback.awaitOnClosed();
}
- private void verifyIkeInitFail() throws Exception {
+ @Test
+ public void testIkeInitFail() throws Exception {
final String ikeInitFailRespHex =
"46B8ECA1E0D72A180000000000000000292022200000000000000024000000080000000E";
// Open IKE Session
IkeSession ikeSession = openIkeSessionWithTransportModeChild(mRemoteAddress);
int expectedMsgId = 0;
- mTunNetworkContext.tunUtils.awaitReqAndInjectResp(
+ mTunUtils.awaitReqAndInjectResp(
IKE_DETERMINISTIC_INITIATOR_SPI,
expectedMsgId++,
false /* expectedUseEncap */,
@@ -335,18 +298,6 @@
}
@Test
- public void testIkeInitFail() throws Exception {
- verifyIkeInitFail();
- }
-
- @Test
- public void testIkeInitFailWithLegacyCb() throws Exception {
- mIkeSessionCallback = new LegacyTestIkeSessionCallback();
- mFirstChildSessionCallback = new LegacyTestChildSessionCallback();
- verifyIkeInitFail();
- }
-
- @Test
public void testIkeAuthHandlesAuthFailNotification() throws Exception {
final String ikeInitRespHex =
"46B8ECA1E0D72A18CF94CE3159486F002120222000000000000001502200"
@@ -377,7 +328,8 @@
assertArrayEquals(EXPECTED_PROTOCOL_ERROR_DATA_NONE, protocolException.getErrorData());
}
- private void verifyIkeAuthHandlesFirstChildCreationFail() throws Exception {
+ @Test
+ public void testIkeAuthHandlesFirstChildCreationFail() throws Exception {
final String ikeInitRespHex =
"46B8ECA1E0D72A18F5ABBF896A1240BE2120222000000000000001502200"
+ "00300000002C010100040300000C0100000C800E0100030000080300000C"
@@ -416,16 +368,4 @@
ikeSession.kill();
mIkeSessionCallback.awaitOnClosed();
}
-
- @Test
- public void testIkeAuthHandlesFirstChildCreationFail() throws Exception {
- verifyIkeAuthHandlesFirstChildCreationFail();
- }
-
- @Test
- public void testIkeAuthHandlesFirstChildCreationFailWithLegacyCb() throws Exception {
- mIkeSessionCallback = new LegacyTestIkeSessionCallback();
- mFirstChildSessionCallback = new LegacyTestChildSessionCallback();
- verifyIkeAuthHandlesFirstChildCreationFail();
- }
}
diff --git a/tests/cts/src/android/ipsec/ike/cts/IkeSessionPskTestBase.java b/tests/cts/src/android/ipsec/ike/cts/IkeSessionPskTestBase.java
deleted file mode 100644
index a489926..0000000
--- a/tests/cts/src/android/ipsec/ike/cts/IkeSessionPskTestBase.java
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.ipsec.ike.cts;
-
-import static android.app.AppOpsManager.OP_MANAGE_IPSEC_TUNNELS;
-
-import android.net.ipsec.ike.ChildSessionParams;
-import android.net.ipsec.ike.IkeFqdnIdentification;
-import android.net.ipsec.ike.IkeSaProposal;
-import android.net.ipsec.ike.IkeSession;
-import android.net.ipsec.ike.IkeSessionParams;
-
-import org.junit.AfterClass;
-import org.junit.BeforeClass;
-
-import java.net.InetAddress;
-
-abstract class IkeSessionPskTestBase extends IkeSessionTestBase {
- @BeforeClass
- public static void setUpTunnelPermissionBeforeClass() throws Exception {
- // Under normal circumstances, the MANAGE_IPSEC_TUNNELS appop would be auto-granted, and
- // a standard permission is insufficient. So we shell out the appop, to give us the
- // right appop permissions.
- setAppOp(OP_MANAGE_IPSEC_TUNNELS, true);
- }
-
- // This method is guaranteed to run in subclasses and will run after subclasses' @AfterClass
- // methods.
- @AfterClass
- public static void tearDownTunnelPermissionAfterClass() throws Exception {
- setAppOp(OP_MANAGE_IPSEC_TUNNELS, false);
- }
-
- protected IkeSession openIkeSessionWithTunnelModeChild(InetAddress remoteAddress) {
- return openIkeSession(remoteAddress, buildTunnelModeChildSessionParams());
- }
-
- protected IkeSession openIkeSessionWithTunnelModeChild(
- InetAddress remoteAddress, IkeSessionParams ikeParams) {
- return openIkeSession(remoteAddress, ikeParams, buildTunnelModeChildSessionParams());
- }
-
- protected IkeSession openIkeSessionWithTransportModeChild(InetAddress remoteAddress) {
- return openIkeSession(remoteAddress, buildTransportModeChildParamsWithDefaultTs());
- }
-
- protected IkeSessionParams.Builder createIkeParamsBuilderBase(InetAddress remoteAddress) {
- return createIkeParamsBuilderBase(
- remoteAddress,
- SaProposalTest.buildIkeSaProposalWithNormalModeCipher(),
- SaProposalTest.buildIkeSaProposalWithCombinedModeCipher());
- }
-
- protected IkeSessionParams.Builder createIkeParamsBuilderBase(
- InetAddress remoteAddress, IkeSaProposal... saProposals) {
- final IkeSessionParams.Builder builder =
- new IkeSessionParams.Builder(sContext)
- .setNetwork(mTunNetworkContext.tunNetwork)
- .setServerHostname(remoteAddress.getHostAddress())
- .setLocalIdentification(new IkeFqdnIdentification(LOCAL_HOSTNAME))
- .setRemoteIdentification(new IkeFqdnIdentification(REMOTE_HOSTNAME))
- .setAuthPsk(IKE_PSK);
-
- for (IkeSaProposal saProposal : saProposals) {
- builder.addSaProposal(saProposal);
- }
-
- return builder;
- }
-
- protected abstract IkeSessionParams getIkeSessionParams(InetAddress remoteAddress);
-
- private IkeSession openIkeSession(InetAddress remoteAddress, ChildSessionParams childParams) {
- return openIkeSession(remoteAddress, getIkeSessionParams(remoteAddress), childParams);
- }
-
- private IkeSession openIkeSession(
- InetAddress remoteAddress, IkeSessionParams ikeParams, ChildSessionParams childParams) {
- return new IkeSession(
- sContext,
- ikeParams,
- childParams,
- mUserCbExecutor,
- mIkeSessionCallback,
- mFirstChildSessionCallback);
- }
-}
diff --git a/tests/cts/src/android/ipsec/ike/cts/IkeSessionRekeyTest.java b/tests/cts/src/android/ipsec/ike/cts/IkeSessionRekeyTest.java
index 4ec32f8..0ca12ad 100644
--- a/tests/cts/src/android/ipsec/ike/cts/IkeSessionRekeyTest.java
+++ b/tests/cts/src/android/ipsec/ike/cts/IkeSessionRekeyTest.java
@@ -53,7 +53,7 @@
private IkeSession openIkeSessionWithRemoteAddress(InetAddress remoteAddress) {
IkeSessionParams ikeParams =
new IkeSessionParams.Builder(sContext)
- .setNetwork(mTunNetworkContext.tunNetwork)
+ .setNetwork(mTunNetwork)
.setServerHostname(remoteAddress.getHostAddress())
.addSaProposal(SaProposalTest.buildIkeSaProposalWithNormalModeCipher())
.addSaProposal(SaProposalTest.buildIkeSaProposalWithCombinedModeCipher())
@@ -149,13 +149,11 @@
verifyCreateIpSecTransformPair(firstTransformRecordA, firstTransformRecordB);
// Inject rekey IKE requests
- mTunNetworkContext.tunUtils.injectPacket(
- buildInboundPkt(localRemotePorts, rekeyIkeCreateReq));
- mTunNetworkContext.tunUtils.awaitResp(
+ mTunUtils.injectPacket(buildInboundPkt(localRemotePorts, rekeyIkeCreateReq));
+ mTunUtils.awaitResp(
IKE_DETERMINISTIC_INITIATOR_SPI, expectedRespMsgId++, true /* expectedUseEncap */);
- mTunNetworkContext.tunUtils.injectPacket(
- buildInboundPkt(localRemotePorts, rekeyIkeDeleteReq));
- mTunNetworkContext.tunUtils.awaitResp(
+ mTunUtils.injectPacket(buildInboundPkt(localRemotePorts, rekeyIkeDeleteReq));
+ mTunUtils.awaitResp(
IKE_DETERMINISTIC_INITIATOR_SPI, expectedRespMsgId++, true /* expectedUseEncap */);
// IKE has been rekeyed, reset message IDs
@@ -163,8 +161,8 @@
expectedRespMsgId = 0;
// Inject delete IKE request
- mTunNetworkContext.tunUtils.injectPacket(buildInboundPkt(localRemotePorts, deleteIkeReq));
- mTunNetworkContext.tunUtils.awaitResp(
+ mTunUtils.injectPacket(buildInboundPkt(localRemotePorts, deleteIkeReq));
+ mTunUtils.awaitResp(
newIkeDeterministicInitSpi, expectedRespMsgId++, true /* expectedUseEncap */);
verifyDeleteIpSecTransformPair(
@@ -238,13 +236,11 @@
verifyCreateIpSecTransformPair(oldTransformRecordA, oldTransformRecordB);
// Inject rekey Child requests
- mTunNetworkContext.tunUtils.injectPacket(
- buildInboundPkt(localRemotePorts, rekeyChildCreateReq));
- mTunNetworkContext.tunUtils.awaitResp(
+ mTunUtils.injectPacket(buildInboundPkt(localRemotePorts, rekeyChildCreateReq));
+ mTunUtils.awaitResp(
IKE_DETERMINISTIC_INITIATOR_SPI, expectedRespMsgId++, true /* expectedUseEncap */);
- mTunNetworkContext.tunUtils.injectPacket(
- buildInboundPkt(localRemotePorts, rekeyChildDeleteReq));
- mTunNetworkContext.tunUtils.awaitResp(
+ mTunUtils.injectPacket(buildInboundPkt(localRemotePorts, rekeyChildDeleteReq));
+ mTunUtils.awaitResp(
IKE_DETERMINISTIC_INITIATOR_SPI, expectedRespMsgId++, true /* expectedUseEncap */);
// Verify IpSecTransforms are renewed
@@ -257,8 +253,8 @@
mFirstChildSessionCallback, oldTransformRecordA, oldTransformRecordB);
// Inject delete IKE request
- mTunNetworkContext.tunUtils.injectPacket(buildInboundPkt(localRemotePorts, deleteIkeReq));
- mTunNetworkContext.tunUtils.awaitResp(
+ mTunUtils.injectPacket(buildInboundPkt(localRemotePorts, deleteIkeReq));
+ mTunUtils.awaitResp(
IKE_DETERMINISTIC_INITIATOR_SPI, expectedRespMsgId++, true /* expectedUseEncap */);
verifyDeleteIpSecTransformPair(
diff --git a/tests/cts/src/android/ipsec/ike/cts/IkeSessionTestBase.java b/tests/cts/src/android/ipsec/ike/cts/IkeSessionTestBase.java
index cc2bc90..745d8fb 100644
--- a/tests/cts/src/android/ipsec/ike/cts/IkeSessionTestBase.java
+++ b/tests/cts/src/android/ipsec/ike/cts/IkeSessionTestBase.java
@@ -25,12 +25,18 @@
import android.annotation.NonNull;
import android.app.AppOpsManager;
+import android.content.Context;
import android.content.pm.PackageManager;
import android.ipsec.ike.cts.IkeTunUtils.PortPair;
+import android.ipsec.ike.cts.TestNetworkUtils.TestNetworkCallback;
+import android.net.ConnectivityManager;
import android.net.InetAddresses;
import android.net.IpSecManager;
import android.net.IpSecTransform;
import android.net.LinkAddress;
+import android.net.Network;
+import android.net.TestNetworkInterface;
+import android.net.TestNetworkManager;
import android.net.annotations.PolicyDirection;
import android.net.ipsec.ike.ChildSessionCallback;
import android.net.ipsec.ike.ChildSessionConfiguration;
@@ -41,16 +47,21 @@
import android.net.ipsec.ike.TransportModeChildSessionParams;
import android.net.ipsec.ike.TunnelModeChildSessionParams;
import android.net.ipsec.ike.exceptions.IkeException;
-import android.os.UserHandle;
+import android.net.ipsec.ike.exceptions.IkeProtocolException;
+import android.os.Binder;
+import android.os.ParcelFileDescriptor;
import android.platform.test.annotations.AppModeFull;
+import androidx.test.InstrumentationRegistry;
import androidx.test.ext.junit.runners.AndroidJUnit4;
import com.android.compatibility.common.util.SystemUtil;
import com.android.net.module.util.ArrayTrackRecord;
import org.junit.After;
+import org.junit.AfterClass;
import org.junit.Before;
+import org.junit.BeforeClass;
import org.junit.runner.RunWith;
import java.net.Inet4Address;
@@ -80,7 +91,7 @@
*/
@RunWith(AndroidJUnit4.class)
@AppModeFull(reason = "MANAGE_TEST_NETWORKS permission can't be granted to instant apps")
-abstract class IkeSessionTestBase extends IkeTestNetworkBase {
+abstract class IkeSessionTestBase extends IkeTestBase {
// Package-wide common expected results that will be shared by all IKE/Child SA creation tests
static final String EXPECTED_REMOTE_APP_VERSION_EMPTY = "";
static final byte[] EXPECTED_PROTOCOL_ERROR_DATA_NONE = new byte[0];
@@ -118,7 +129,13 @@
static final long IKE_DETERMINISTIC_INITIATOR_SPI = Long.parseLong("46B8ECA1E0D72A18", 16);
- private static final int TIMEOUT_MS = 1000;
+ // Static state to reduce setup/teardown
+ static Context sContext = InstrumentationRegistry.getContext();
+ static ConnectivityManager sCM =
+ (ConnectivityManager) sContext.getSystemService(Context.CONNECTIVITY_SERVICE);
+ static TestNetworkManager sTNM;
+
+ private static final int TIMEOUT_MS = 500;
// Constants to be used for providing different IP addresses for each tests
private static final byte IP_ADDR_LAST_BYTE_MAX = (byte) 100;
@@ -129,7 +146,10 @@
private static final byte[] NEXT_AVAILABLE_IP4_ADDR_LOCAL = INITIAL_AVAILABLE_IP4_ADDR_LOCAL;
private static final byte[] NEXT_AVAILABLE_IP4_ADDR_REMOTE = INITIAL_AVAILABLE_IP4_ADDR_REMOTE;
- TunNetworkContext mTunNetworkContext;
+ ParcelFileDescriptor mTunFd;
+ TestNetworkCallback mTunNetworkCallback;
+ Network mTunNetwork;
+ IkeTunUtils mTunUtils;
InetAddress mLocalAddress;
InetAddress mRemoteAddress;
@@ -138,22 +158,60 @@
TestIkeSessionCallback mIkeSessionCallback;
TestChildSessionCallback mFirstChildSessionCallback;
+ // This method is guaranteed to run in subclasses and will run before subclasses' @BeforeClass
+ // methods.
+ @BeforeClass
+ public static void setUpPermissionBeforeClass() throws Exception {
+ InstrumentationRegistry.getInstrumentation()
+ .getUiAutomation()
+ .adoptShellPermissionIdentity();
+ sTNM = sContext.getSystemService(TestNetworkManager.class);
+ }
+
+ // This method is guaranteed to run in subclasses and will run after subclasses' @AfterClass
+ // methods.
+ @AfterClass
+ public static void tearDownPermissionAfterClass() throws Exception {
+ InstrumentationRegistry.getInstrumentation()
+ .getUiAutomation()
+ .dropShellPermissionIdentity();
+ }
+
@Before
public void setUp() throws Exception {
mLocalAddress = getNextAvailableIpv4AddressLocal();
mRemoteAddress = getNextAvailableIpv4AddressRemote();
- mTunNetworkContext = new TunNetworkContext(mLocalAddress);
+ setUpTestNetwork(mLocalAddress);
mUserCbExecutor = Executors.newSingleThreadExecutor();
- mIkeSessionCallback = new DefaultTestIkeSessionCallback();
- mFirstChildSessionCallback = new DefaultTestChildSessionCallback();
+ mIkeSessionCallback = new TestIkeSessionCallback();
+ mFirstChildSessionCallback = new TestChildSessionCallback();
}
@After
public void tearDown() throws Exception {
- if (mTunNetworkContext != null) {
- mTunNetworkContext.close();
- }
+ tearDownTestNetwork();
+ }
+
+ void setUpTestNetwork(InetAddress localAddr) throws Exception {
+ int prefixLen = localAddr instanceof Inet4Address ? IP4_PREFIX_LEN : IP6_PREFIX_LEN;
+
+ TestNetworkInterface testIface =
+ sTNM.createTunInterface(new LinkAddress[] {new LinkAddress(localAddr, prefixLen)});
+
+ mTunFd = testIface.getFileDescriptor();
+ mTunNetworkCallback =
+ TestNetworkUtils.setupAndGetTestNetwork(
+ sCM, sTNM, testIface.getInterfaceName(), new Binder());
+ mTunNetwork = mTunNetworkCallback.getNetworkBlocking();
+ mTunUtils = new IkeTunUtils(mTunFd);
+ }
+
+ void tearDownTestNetwork() throws Exception {
+ sCM.unregisterNetworkCallback(mTunNetworkCallback);
+
+ sTNM.teardownTestNetwork(mTunNetwork);
+ mTunFd.close();
}
static void setAppOp(int appop, boolean allow) {
@@ -161,11 +219,10 @@
for (String pkg : new String[] {"com.android.shell", sContext.getPackageName()}) {
String cmd =
String.format(
- "appops set %s %s %s --user %d",
+ "appops set %s %s %s",
pkg, // Package name
opName, // Appop
- (allow ? "allow" : "deny"), // Action
- UserHandle.myUserId());
+ (allow ? "allow" : "deny")); // Action
SystemUtil.runShellCommand(cmd);
}
@@ -260,15 +317,14 @@
boolean expectedAuthUseEncap,
String... ikeAuthRespHexes)
throws Exception {
- mTunNetworkContext.tunUtils.awaitReqAndInjectResp(
+ mTunUtils.awaitReqAndInjectResp(
IKE_DETERMINISTIC_INITIATOR_SPI,
0 /* expectedMsgId */,
false /* expectedUseEncap */,
ikeInitRespHex);
byte[] ikeAuthReqPkt =
- mTunNetworkContext
- .tunUtils
+ mTunUtils
.awaitReqAndInjectResp(
IKE_DETERMINISTIC_INITIATOR_SPI,
1 /* expectedMsgId */,
@@ -285,27 +341,22 @@
void performCloseIkeBlocking(
int expectedMsgId, boolean expectedUseEncap, String deleteIkeRespHex) throws Exception {
- mTunNetworkContext.tunUtils.awaitReqAndInjectResp(
+ mTunUtils.awaitReqAndInjectResp(
IKE_DETERMINISTIC_INITIATOR_SPI, expectedMsgId, expectedUseEncap, deleteIkeRespHex);
}
- /**
- * Base testing callback that allows caller to block current thread until a method get called
- */
- abstract static class TestIkeSessionCallback implements IkeSessionCallback {
+ /** Testing callback that allows caller to block current thread until a method get called */
+ static class TestIkeSessionCallback implements IkeSessionCallback {
private CompletableFuture<IkeSessionConfiguration> mFutureIkeConfig =
new CompletableFuture<>();
private CompletableFuture<Boolean> mFutureOnClosedCall = new CompletableFuture<>();
- private CompletableFuture<IkeSessionConnectionInfo> mFutureConnectionConfig =
+ private CompletableFuture<IkeException> mFutureOnClosedException =
new CompletableFuture<>();
private int mOnErrorExceptionsCount = 0;
- private ArrayTrackRecord<IkeException> mOnErrorExceptionsTrackRecord =
+ private ArrayTrackRecord<IkeProtocolException> mOnErrorExceptionsTrackRecord =
new ArrayTrackRecord<>();
- protected CompletableFuture<IkeException> mFutureOnClosedException =
- new CompletableFuture<>();
-
@Override
public void onOpened(@NonNull IkeSessionConfiguration sessionConfiguration) {
mFutureIkeConfig.complete(sessionConfiguration);
@@ -317,16 +368,13 @@
}
@Override
- public void onError(@NonNull IkeException exception) {
- IkeSessionCallback.super.onError(exception);
- mOnErrorExceptionsTrackRecord.add(exception);
+ public void onClosedExceptionally(@NonNull IkeException exception) {
+ mFutureOnClosedException.complete(exception);
}
@Override
- public void onIkeSessionConnectionInfoChanged(
- @NonNull IkeSessionConnectionInfo connectionInfo) {
- IkeSessionCallback.super.onIkeSessionConnectionInfoChanged(connectionInfo);
- mFutureConnectionConfig.complete(connectionInfo);
+ public void onError(@NonNull IkeProtocolException exception) {
+ mOnErrorExceptionsTrackRecord.add(exception);
}
public IkeSessionConfiguration awaitIkeConfig() throws Exception {
@@ -337,7 +385,7 @@
return mFutureOnClosedException.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
}
- public IkeException awaitNextOnErrorException() {
+ public IkeProtocolException awaitNextOnErrorException() {
return mOnErrorExceptionsTrackRecord.poll(
(long) TIMEOUT_MS,
mOnErrorExceptionsCount++,
@@ -349,46 +397,20 @@
public void awaitOnClosed() throws Exception {
mFutureOnClosedCall.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
}
-
- public IkeSessionConnectionInfo awaitOnIkeSessionConnectionInfoChanged() throws Exception {
- return mFutureConnectionConfig.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
- }
}
- /** Default testing callback for all IKE exchange tests */
- static class DefaultTestIkeSessionCallback extends TestIkeSessionCallback {
- @Override
- public void onClosedWithException(@NonNull IkeException exception) {
- mFutureOnClosedException.complete(exception);
- }
- }
-
- /** Testing callback to verify deprecated methods before they are removed */
- static class LegacyTestIkeSessionCallback extends TestIkeSessionCallback {
- @Override
- public void onClosedExceptionally(@NonNull IkeException exception) {
- mFutureOnClosedException.complete(exception);
- }
- }
-
- /**
- * Base testing callback that allows caller to block current thread until a method get called
- */
- abstract static class TestChildSessionCallback implements ChildSessionCallback {
+ /** Testing callback that allows caller to block current thread until a method get called */
+ static class TestChildSessionCallback implements ChildSessionCallback {
private CompletableFuture<ChildSessionConfiguration> mFutureChildConfig =
new CompletableFuture<>();
private CompletableFuture<Boolean> mFutureOnClosedCall = new CompletableFuture<>();
-
- protected CompletableFuture<IkeException> mFutureOnClosedException =
+ private CompletableFuture<IkeException> mFutureOnClosedException =
new CompletableFuture<>();
private int mCreatedIpSecTransformCount = 0;
- private int mMigratedIpSecTransformCount = 0;
private int mDeletedIpSecTransformCount = 0;
private ArrayTrackRecord<IpSecTransformCallRecord> mCreatedIpSecTransformsTrackRecord =
new ArrayTrackRecord<>();
- private ArrayTrackRecord<IpSecTransformCallRecord[]> mMigratedIpSecTransformsTrackRecord =
- new ArrayTrackRecord<>();
private ArrayTrackRecord<IpSecTransformCallRecord> mDeletedIpSecTransformsTrackRecord =
new ArrayTrackRecord<>();
@@ -403,23 +425,14 @@
}
@Override
- public void onIpSecTransformCreated(@NonNull IpSecTransform ipSecTransform, int direction) {
- mCreatedIpSecTransformsTrackRecord.add(
- new IpSecTransformCallRecord(ipSecTransform, direction));
+ public void onClosedExceptionally(@NonNull IkeException exception) {
+ mFutureOnClosedException.complete(exception);
}
@Override
- public void onIpSecTransformsMigrated(
- IpSecTransform inIpSecTransform, IpSecTransform outIpSecTransform) {
- ChildSessionCallback.super.onIpSecTransformsMigrated(
- inIpSecTransform, outIpSecTransform);
-
- IpSecTransformCallRecord inRecord =
- new IpSecTransformCallRecord(inIpSecTransform, IpSecManager.DIRECTION_IN);
- IpSecTransformCallRecord outRecord =
- new IpSecTransformCallRecord(outIpSecTransform, IpSecManager.DIRECTION_OUT);
- mMigratedIpSecTransformsTrackRecord.add(
- new IpSecTransformCallRecord[] {inRecord, outRecord});
+ public void onIpSecTransformCreated(@NonNull IpSecTransform ipSecTransform, int direction) {
+ mCreatedIpSecTransformsTrackRecord.add(
+ new IpSecTransformCallRecord(ipSecTransform, direction));
}
@Override
@@ -445,15 +458,6 @@
});
}
- public IpSecTransformCallRecord[] awaitNextMigratedIpSecTransform() {
- return mMigratedIpSecTransformsTrackRecord.poll(
- (long) TIMEOUT_MS,
- mMigratedIpSecTransformCount++,
- (transform) -> {
- return true;
- });
- }
-
public IpSecTransformCallRecord awaitNextDeletedIpSecTransform() {
return mDeletedIpSecTransformsTrackRecord.poll(
(long) TIMEOUT_MS,
@@ -468,22 +472,6 @@
}
}
- /** Default testing callback for all IKE exchange tests */
- static class DefaultTestChildSessionCallback extends TestChildSessionCallback {
- @Override
- public void onClosedWithException(@NonNull IkeException exception) {
- mFutureOnClosedException.complete(exception);
- }
- }
-
- /** Testing callback to verify deprecated methods before they are removed */
- static class LegacyTestChildSessionCallback extends TestChildSessionCallback {
- @Override
- public void onClosedExceptionally(@NonNull IkeException exception) {
- mFutureOnClosedException.complete(exception);
- }
- }
-
/**
* This class represents a created or deleted IpSecTransfrom that is provided by
* ChildSessionCallback
@@ -512,24 +500,18 @@
}
void verifyIkeSessionSetupBlocking() throws Exception {
- verifyIkeSessionSetupBlocking(EXTENSION_TYPE_FRAGMENTATION);
- }
-
- void verifyIkeSessionSetupBlocking(int... expectedIkeExtensions) throws Exception {
IkeSessionConfiguration ikeConfig = mIkeSessionCallback.awaitIkeConfig();
assertNotNull(ikeConfig);
assertEquals(EXPECTED_REMOTE_APP_VERSION_EMPTY, ikeConfig.getRemoteApplicationVersion());
assertTrue(ikeConfig.getRemoteVendorIds().isEmpty());
assertTrue(ikeConfig.getPcscfServers().isEmpty());
- for (int ikeExtension : expectedIkeExtensions) {
- assertTrue(ikeConfig.isIkeExtensionEnabled(ikeExtension));
- }
+ assertTrue(ikeConfig.isIkeExtensionEnabled(EXTENSION_TYPE_FRAGMENTATION));
IkeSessionConnectionInfo ikeConnectInfo = ikeConfig.getIkeSessionConnectionInfo();
assertNotNull(ikeConnectInfo);
assertEquals(mLocalAddress, ikeConnectInfo.getLocalAddress());
assertEquals(mRemoteAddress, ikeConnectInfo.getRemoteAddress());
- assertEquals(mTunNetworkContext.tunNetwork, ikeConnectInfo.getNetwork());
+ assertEquals(mTunNetwork, ikeConnectInfo.getNetwork());
}
void verifyChildSessionSetupBlocking(
diff --git a/tests/cts/src/android/ipsec/ike/cts/IkeTestNetworkBase.java b/tests/cts/src/android/ipsec/ike/cts/IkeTestNetworkBase.java
deleted file mode 100644
index 3285917..0000000
--- a/tests/cts/src/android/ipsec/ike/cts/IkeTestNetworkBase.java
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.ipsec.ike.cts;
-
-import android.content.Context;
-import android.ipsec.ike.cts.TestNetworkUtils.TestNetworkCallback;
-import android.net.ConnectivityManager;
-import android.net.LinkAddress;
-import android.net.Network;
-import android.net.TestNetworkInterface;
-import android.net.TestNetworkManager;
-import android.os.Binder;
-import android.os.ParcelFileDescriptor;
-
-import androidx.test.InstrumentationRegistry;
-import androidx.test.ext.junit.runners.AndroidJUnit4;
-
-import com.android.modules.utils.build.SdkLevel;
-
-import org.junit.AfterClass;
-import org.junit.BeforeClass;
-import org.junit.runner.RunWith;
-
-import java.io.Closeable;
-import java.io.IOException;
-import java.net.Inet4Address;
-import java.net.InetAddress;
-import java.util.Arrays;
-
-@RunWith(AndroidJUnit4.class)
-abstract class IkeTestNetworkBase extends IkeTestBase {
- // Static state to reduce setup/teardown
- static Context sContext = InstrumentationRegistry.getContext();
- static ConnectivityManager sCM = sContext.getSystemService(ConnectivityManager.class);
- static TestNetworkManager sTNM;
-
- // This method is guaranteed to run in subclasses and will run before subclasses' @BeforeClass
- // methods.
- @BeforeClass
- public static void setUpPermissionBeforeClass() throws Exception {
- InstrumentationRegistry.getInstrumentation()
- .getUiAutomation()
- .adoptShellPermissionIdentity();
- sTNM = sContext.getSystemService(TestNetworkManager.class);
- }
-
- // This method is guaranteed to run in subclasses and will run after subclasses' @AfterClass
- // methods.
- @AfterClass
- public static void tearDownPermissionAfterClass() throws Exception {
- InstrumentationRegistry.getInstrumentation()
- .getUiAutomation()
- .dropShellPermissionIdentity();
- }
-
- // Package private for use in IkeExceptionTest
- static class TunNetworkContext implements Closeable {
- public final ParcelFileDescriptor tunFd;
- public final TestNetworkCallback tunNetworkCallback;
- public final Network tunNetwork;
- public final IkeTunUtils tunUtils;
-
- TunNetworkContext(InetAddress... addresses) throws Exception {
- final LinkAddress[] linkAddresses = new LinkAddress[addresses.length];
- for (int i = 0; i < linkAddresses.length; i++) {
- InetAddress addr = addresses[i];
- if (addr instanceof Inet4Address) {
- linkAddresses[i] = new LinkAddress(addr, IP4_PREFIX_LEN);
- } else {
- linkAddresses[i] = new LinkAddress(addr, IP6_PREFIX_LEN);
- }
- }
-
- try {
- final TestNetworkInterface testIface =
- SdkLevel.isAtLeastS()
- ? sTNM.createTunInterface(Arrays.asList(linkAddresses))
- // createTunInterface(LinkAddress[]) was TestApi until R.
- // Wrap linkAddresses in an Object[], so Method#invoke(Object,
- // Object...) doesn't treat linkAddresses as the varargs input.
- : (TestNetworkInterface)
- sTNM.getClass()
- .getMethod(
- "createTunInterface", LinkAddress[].class)
- .invoke(sTNM, new Object[] {linkAddresses});
-
- tunFd = testIface.getFileDescriptor();
- tunNetworkCallback =
- TestNetworkUtils.setupAndGetTestNetwork(
- sCM, sTNM, testIface.getInterfaceName(), new Binder());
- tunNetwork = tunNetworkCallback.getNetworkBlocking();
- } catch (Exception e) {
- close();
- throw e;
- }
-
- tunUtils = new IkeTunUtils(tunFd);
- }
-
- @Override
- public void close() throws IOException {
- if (tunNetworkCallback != null) {
- sCM.unregisterNetworkCallback(tunNetworkCallback);
- }
-
- if (tunNetwork != null) {
- sTNM.teardownTestNetwork(tunNetwork);
- }
-
- if (tunFd != null) {
- tunFd.close();
- }
- }
- }
-}
diff --git a/tests/cts/src/android/ipsec/ike/cts/IkeTunUtils.java b/tests/cts/src/android/ipsec/ike/cts/IkeTunUtils.java
index dbfeb0e..193455a 100644
--- a/tests/cts/src/android/ipsec/ike/cts/IkeTunUtils.java
+++ b/tests/cts/src/android/ipsec/ike/cts/IkeTunUtils.java
@@ -221,18 +221,19 @@
}
private static int getIkeOffset(byte[] pkt, boolean useEncap) {
- int hdrLen = isIpv6(pkt) ? IP6_HDRLEN : IP4_HDRLEN;
- int ikeOffset = UDP_HDRLEN + hdrLen;
-
- // Port 4500 is used during MOBIKE (and a non-ESP marker is added). This is always done,
- // regardless of whether the IP address is IPv4 or IPv6
- return useEncap ? ikeOffset + NON_ESP_MARKER_LEN : ikeOffset;
+ if (isIpv6(pkt)) {
+ // IPv6 UDP expectedUseEncap not supported by kernels; assume non-expectedUseEncap.
+ return IP6_HDRLEN + UDP_HDRLEN;
+ } else {
+ // Use default IPv4 header length (assuming no options)
+ int ikeOffset = IP4_HDRLEN + UDP_HDRLEN;
+ return useEncap ? ikeOffset + NON_ESP_MARKER_LEN : ikeOffset;
+ }
}
private static boolean hasNonEspMarker(byte[] pkt) {
ByteBuffer buffer = ByteBuffer.wrap(pkt);
- int hdrLen = isIpv6(pkt) ? IP6_HDRLEN : IP4_HDRLEN;
- int ikeOffset = UDP_HDRLEN + hdrLen;
+ int ikeOffset = IP4_HDRLEN + UDP_HDRLEN;
if (buffer.remaining() < ikeOffset) return false;
buffer.get(new byte[ikeOffset]); // Skip IP and UDP header
diff --git a/tests/cts/src/android/ipsec/ike/cts/SaProposalTest.java b/tests/cts/src/android/ipsec/ike/cts/SaProposalTest.java
index 78cca45..e58a3fe 100644
--- a/tests/cts/src/android/ipsec/ike/cts/SaProposalTest.java
+++ b/tests/cts/src/android/ipsec/ike/cts/SaProposalTest.java
@@ -16,32 +16,14 @@
package android.ipsec.ike.cts;
-import static android.net.IpSecAlgorithm.AUTH_AES_CMAC;
-import static android.net.IpSecAlgorithm.AUTH_AES_XCBC;
-import static android.net.IpSecAlgorithm.AUTH_CRYPT_AES_GCM;
-import static android.net.IpSecAlgorithm.AUTH_CRYPT_CHACHA20_POLY1305;
-import static android.net.IpSecAlgorithm.AUTH_HMAC_MD5;
-import static android.net.IpSecAlgorithm.AUTH_HMAC_SHA1;
-import static android.net.IpSecAlgorithm.AUTH_HMAC_SHA256;
-import static android.net.IpSecAlgorithm.AUTH_HMAC_SHA384;
-import static android.net.IpSecAlgorithm.AUTH_HMAC_SHA512;
-import static android.net.IpSecAlgorithm.CRYPT_AES_CBC;
-import static android.net.IpSecAlgorithm.CRYPT_AES_CTR;
import static android.net.ipsec.ike.SaProposal.DH_GROUP_1024_BIT_MODP;
-import static android.net.ipsec.ike.SaProposal.DH_GROUP_1536_BIT_MODP;
import static android.net.ipsec.ike.SaProposal.DH_GROUP_2048_BIT_MODP;
-import static android.net.ipsec.ike.SaProposal.DH_GROUP_3072_BIT_MODP;
-import static android.net.ipsec.ike.SaProposal.DH_GROUP_4096_BIT_MODP;
-import static android.net.ipsec.ike.SaProposal.DH_GROUP_CURVE_25519;
import static android.net.ipsec.ike.SaProposal.DH_GROUP_NONE;
import static android.net.ipsec.ike.SaProposal.ENCRYPTION_ALGORITHM_3DES;
import static android.net.ipsec.ike.SaProposal.ENCRYPTION_ALGORITHM_AES_CBC;
-import static android.net.ipsec.ike.SaProposal.ENCRYPTION_ALGORITHM_AES_CTR;
import static android.net.ipsec.ike.SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12;
import static android.net.ipsec.ike.SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_16;
import static android.net.ipsec.ike.SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8;
-import static android.net.ipsec.ike.SaProposal.ENCRYPTION_ALGORITHM_CHACHA20_POLY1305;
-import static android.net.ipsec.ike.SaProposal.INTEGRITY_ALGORITHM_AES_CMAC_96;
import static android.net.ipsec.ike.SaProposal.INTEGRITY_ALGORITHM_AES_XCBC_96;
import static android.net.ipsec.ike.SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96;
import static android.net.ipsec.ike.SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA2_256_128;
@@ -52,154 +34,70 @@
import static android.net.ipsec.ike.SaProposal.KEY_LEN_AES_192;
import static android.net.ipsec.ike.SaProposal.KEY_LEN_AES_256;
import static android.net.ipsec.ike.SaProposal.KEY_LEN_UNUSED;
-import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_AES128_CMAC;
import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC;
import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1;
import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_SHA2_256;
import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_SHA2_384;
import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_SHA2_512;
-import static android.os.Build.VERSION.CODENAME;
-import static android.os.Build.VERSION.SDK_INT;
-import static android.os.Build.VERSION_CODES.CUR_DEVELOPMENT;
-import static android.os.Build.VERSION_CODES.R;
-import static android.os.Build.VERSION_CODES.S;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
-import static org.junit.Assume.assumeFalse;
-import static org.junit.Assume.assumeTrue;
-import android.net.IpSecAlgorithm;
import android.net.ipsec.ike.ChildSaProposal;
import android.net.ipsec.ike.IkeSaProposal;
-import android.net.ipsec.ike.SaProposal;
import android.util.Pair;
import androidx.test.ext.junit.runners.AndroidJUnit4;
-import com.android.testutils.DevSdkIgnoreRule;
-import com.android.testutils.DevSdkIgnoreRule.IgnoreAfter;
-import com.android.testutils.DevSdkIgnoreRule.IgnoreUpTo;
-
-import org.junit.Rule;
import org.junit.Test;
import org.junit.runner.RunWith;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Set;
@RunWith(AndroidJUnit4.class)
public class SaProposalTest {
- @Rule public final DevSdkIgnoreRule ignoreRule = new DevSdkIgnoreRule();
+ private static final List<Pair<Integer, Integer>> NORMAL_MODE_CIPHERS = new ArrayList<>();
+ private static final List<Pair<Integer, Integer>> COMBINED_MODE_CIPHERS = new ArrayList<>();
+ private static final List<Integer> INTEGRITY_ALGOS = new ArrayList<>();
+ private static final List<Integer> DH_GROUPS = new ArrayList<>();
+ private static final List<Integer> DH_GROUPS_WITH_NONE = new ArrayList<>();
+ private static final List<Integer> PRFS = new ArrayList<>();
- private static final List<Pair<Integer, Integer>> IKE_NORMAL_MODE_CIPHERS =
- getNormalModeCiphers(true /* isIke */);
- private static final List<Pair<Integer, Integer>> IKE_COMBINED_MODE_CIPHERS =
- getCombinedModeCiphers(true /* isIke */);
- private static final List<Pair<Integer, Integer>> CHILD_NORMAL_MODE_CIPHERS =
- getNormalModeCiphers(false /* isIke */);
- private static final List<Pair<Integer, Integer>> CHILD_COMBINED_MODE_CIPHERS =
- getCombinedModeCiphers(false /* isIke */);
+ static {
+ NORMAL_MODE_CIPHERS.add(new Pair<>(ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED));
+ NORMAL_MODE_CIPHERS.add(new Pair<>(ENCRYPTION_ALGORITHM_AES_CBC, KEY_LEN_AES_128));
+ NORMAL_MODE_CIPHERS.add(new Pair<>(ENCRYPTION_ALGORITHM_AES_CBC, KEY_LEN_AES_192));
+ NORMAL_MODE_CIPHERS.add(new Pair<>(ENCRYPTION_ALGORITHM_AES_CBC, KEY_LEN_AES_256));
- private static final List<Integer> IKE_INTEGRITY_ALGOS = getIntegrityAlgos(true /* isIke */);
- private static final List<Integer> CHILD_INTEGRITY_ALGOS = getIntegrityAlgos(false /* isIke */);
+ COMBINED_MODE_CIPHERS.add(new Pair<>(ENCRYPTION_ALGORITHM_AES_GCM_8, KEY_LEN_AES_128));
+ COMBINED_MODE_CIPHERS.add(new Pair<>(ENCRYPTION_ALGORITHM_AES_GCM_12, KEY_LEN_AES_192));
+ COMBINED_MODE_CIPHERS.add(new Pair<>(ENCRYPTION_ALGORITHM_AES_GCM_16, KEY_LEN_AES_256));
- private static final List<Integer> DH_GROUPS = getDhGroups(false /* includeNone */);
- private static final List<Integer> DH_GROUPS_WITH_NONE = getDhGroups(true /* includeNone */);
- private static final List<Integer> PRFS = getPrfs();
+ INTEGRITY_ALGOS.add(INTEGRITY_ALGORITHM_HMAC_SHA1_96);
+ INTEGRITY_ALGOS.add(INTEGRITY_ALGORITHM_AES_XCBC_96);
+ INTEGRITY_ALGOS.add(INTEGRITY_ALGORITHM_HMAC_SHA2_256_128);
+ INTEGRITY_ALGOS.add(INTEGRITY_ALGORITHM_HMAC_SHA2_384_192);
+ INTEGRITY_ALGOS.add(INTEGRITY_ALGORITHM_HMAC_SHA2_512_256);
- // Utility method for 3DES and ChaChaPoly
- private static void addCipherWithFixedKeyLenIfSupported(
- int cipherId, boolean isIke, List<Pair<Integer, Integer>> ciphers) {
- final Set<Integer> supportedAlgos =
- isIke
- ? IkeSaProposal.getSupportedEncryptionAlgorithms()
- : ChildSaProposal.getSupportedEncryptionAlgorithms();
+ DH_GROUPS.add(DH_GROUP_1024_BIT_MODP);
+ DH_GROUPS.add(DH_GROUP_2048_BIT_MODP);
- if (supportedAlgos.contains(cipherId)) {
- ciphers.add(new Pair<>(cipherId, KEY_LEN_UNUSED));
- }
- }
+ DH_GROUPS_WITH_NONE.add(DH_GROUP_NONE);
+ DH_GROUPS_WITH_NONE.addAll(DH_GROUPS);
- // Utility method for AES-CBC, AES-CTR and AES-GCM
- private static void addAesCipherIfSupported(
- int cipherId, boolean isIke, List<Pair<Integer, Integer>> ciphers) {
- final Set<Integer> supportedAlgos =
- isIke
- ? IkeSaProposal.getSupportedEncryptionAlgorithms()
- : ChildSaProposal.getSupportedEncryptionAlgorithms();
-
- if (supportedAlgos.contains(cipherId)) {
- ciphers.add(new Pair<>(cipherId, KEY_LEN_AES_128));
- ciphers.add(new Pair<>(cipherId, KEY_LEN_AES_192));
- ciphers.add(new Pair<>(cipherId, KEY_LEN_AES_256));
- }
- }
-
- private static List<Pair<Integer, Integer>> getNormalModeCiphers(boolean isIke) {
- final List<Pair<Integer, Integer>> ciphers = new ArrayList<>();
- addCipherWithFixedKeyLenIfSupported(ENCRYPTION_ALGORITHM_3DES, isIke, ciphers);
- addAesCipherIfSupported(ENCRYPTION_ALGORITHM_AES_CBC, isIke, ciphers);
- addAesCipherIfSupported(ENCRYPTION_ALGORITHM_AES_CTR, isIke, ciphers);
- return ciphers;
- }
-
- private static List<Pair<Integer, Integer>> getCombinedModeCiphers(boolean isIke) {
- final List<Pair<Integer, Integer>> ciphers = new ArrayList<>();
- addCipherWithFixedKeyLenIfSupported(ENCRYPTION_ALGORITHM_CHACHA20_POLY1305, isIke, ciphers);
- addAesCipherIfSupported(ENCRYPTION_ALGORITHM_AES_GCM_8, isIke, ciphers);
- addAesCipherIfSupported(ENCRYPTION_ALGORITHM_AES_GCM_12, isIke, ciphers);
- addAesCipherIfSupported(ENCRYPTION_ALGORITHM_AES_GCM_16, isIke, ciphers);
- return ciphers;
- }
-
- private static List<Integer> getIntegrityAlgos(boolean isIke) {
- final List<Integer> algoList = new ArrayList<>();
-
- if (isIke) {
- algoList.addAll(IkeSaProposal.getSupportedIntegrityAlgorithms());
- } else {
- algoList.addAll(ChildSaProposal.getSupportedIntegrityAlgorithms());
- }
- algoList.remove(INTEGRITY_ALGORITHM_NONE);
-
- return algoList;
- }
-
- private static List<Integer> getDhGroups(boolean includeNone) {
- final List<Integer> algoList = new ArrayList<>();
-
- algoList.addAll(SaProposal.getSupportedDhGroups());
- if (!includeNone) {
- algoList.remove(DH_GROUP_NONE);
- }
- return algoList;
- }
-
- private static List<Integer> getPrfs() {
- final List<Integer> algoList = new ArrayList<>();
- algoList.addAll(IkeSaProposal.getSupportedPseudorandomFunctions());
- return algoList;
+ PRFS.add(PSEUDORANDOM_FUNCTION_HMAC_SHA1);
+ PRFS.add(PSEUDORANDOM_FUNCTION_AES128_XCBC);
+ PRFS.add(PSEUDORANDOM_FUNCTION_SHA2_256);
+ PRFS.add(PSEUDORANDOM_FUNCTION_SHA2_384);
+ PRFS.add(PSEUDORANDOM_FUNCTION_SHA2_512);
}
// Package private
static IkeSaProposal buildIkeSaProposalWithNormalModeCipher() {
- // This IkeSaProposal will be used for IKE exchange tests with pre-captured responses
- // that expect KE payload with MODP 1024. Make sure MODP 1024 is the first DH group in the
- // proposal so that IKE client will sent KE payload using MODP 1024.
- return buildIkeSaProposalWithNormalModeCipher(true /* preferModp1024 */);
- }
-
- private static IkeSaProposal buildIkeSaProposalWithNormalModeCipher(boolean preferModp1024) {
- return buildIkeSaProposal(
- IKE_NORMAL_MODE_CIPHERS, IKE_INTEGRITY_ALGOS, PRFS, DH_GROUPS, preferModp1024);
+ return buildIkeSaProposal(NORMAL_MODE_CIPHERS, INTEGRITY_ALGOS, PRFS, DH_GROUPS);
}
// Package private
@@ -209,18 +107,11 @@
private static IkeSaProposal buildIkeSaProposalWithCombinedModeCipher(
boolean hasIntegrityNone) {
- return buildIkeSaProposalWithCombinedModeCipher(
- hasIntegrityNone, false /* preferModp1024 */);
- }
-
- private static IkeSaProposal buildIkeSaProposalWithCombinedModeCipher(
- boolean hasIntegrityNone, boolean preferModp1024) {
- final List<Integer> integerAlgos = new ArrayList<>();
+ List<Integer> integerAlgos = new ArrayList<>();
if (hasIntegrityNone) {
integerAlgos.add(INTEGRITY_ALGORITHM_NONE);
}
- return buildIkeSaProposal(
- IKE_COMBINED_MODE_CIPHERS, integerAlgos, PRFS, DH_GROUPS, preferModp1024);
+ return buildIkeSaProposal(COMBINED_MODE_CIPHERS, integerAlgos, PRFS, DH_GROUPS);
}
private static IkeSaProposal buildIkeSaProposal(
@@ -228,16 +119,6 @@
List<Integer> integrityAlgos,
List<Integer> prfs,
List<Integer> dhGroups) {
- return buildIkeSaProposal(
- ciphers, integrityAlgos, prfs, dhGroups, false /* preferModp1024 */);
- }
-
- private static IkeSaProposal buildIkeSaProposal(
- List<Pair<Integer, Integer>> ciphers,
- List<Integer> integrityAlgos,
- List<Integer> prfs,
- List<Integer> dhGroups,
- boolean preferModp1024) {
IkeSaProposal.Builder builder = new IkeSaProposal.Builder();
for (Pair<Integer, Integer> pair : ciphers) {
@@ -249,15 +130,8 @@
for (int algo : prfs) {
builder.addPseudorandomFunction(algo);
}
-
- // Make sure MODP 1024 is the first DH group if preferModp1024 is true
- if (preferModp1024) {
- builder.addDhGroup(DH_GROUP_1024_BIT_MODP);
- }
for (int algo : dhGroups) {
- if (algo != DH_GROUP_1024_BIT_MODP || !preferModp1024) {
- builder.addDhGroup(algo);
- }
+ builder.addDhGroup(algo);
}
return builder.build();
@@ -265,8 +139,7 @@
// Package private
static ChildSaProposal buildChildSaProposalWithNormalModeCipher() {
- return buildChildSaProposal(
- CHILD_NORMAL_MODE_CIPHERS, CHILD_INTEGRITY_ALGOS, DH_GROUPS_WITH_NONE);
+ return buildChildSaProposal(NORMAL_MODE_CIPHERS, INTEGRITY_ALGOS, DH_GROUPS_WITH_NONE);
}
// Package private
@@ -276,12 +149,12 @@
private static ChildSaProposal buildChildSaProposalWithCombinedModeCipher(
boolean hasIntegrityNone) {
- final List<Integer> integerAlgos = new ArrayList<>();
+ List<Integer> integerAlgos = new ArrayList<>();
if (hasIntegrityNone) {
integerAlgos.add(INTEGRITY_ALGORITHM_NONE);
}
- return buildChildSaProposal(CHILD_COMBINED_MODE_CIPHERS, integerAlgos, DH_GROUPS_WITH_NONE);
+ return buildChildSaProposal(COMBINED_MODE_CIPHERS, integerAlgos, DH_GROUPS_WITH_NONE);
}
private static ChildSaProposal buildChildSaProposal(
@@ -306,16 +179,15 @@
// Package private
static ChildSaProposal buildChildSaProposalWithOnlyCiphers() {
return buildChildSaProposal(
- CHILD_COMBINED_MODE_CIPHERS, Collections.EMPTY_LIST, Collections.EMPTY_LIST);
+ COMBINED_MODE_CIPHERS, Collections.EMPTY_LIST, Collections.EMPTY_LIST);
}
@Test
public void testBuildIkeSaProposalWithNormalModeCipher() {
- IkeSaProposal saProposal =
- buildIkeSaProposalWithNormalModeCipher(false /* preferModp1024 */);
+ IkeSaProposal saProposal = buildIkeSaProposalWithNormalModeCipher();
- assertEquals(IKE_NORMAL_MODE_CIPHERS, saProposal.getEncryptionAlgorithms());
- assertEquals(IKE_INTEGRITY_ALGOS, saProposal.getIntegrityAlgorithms());
+ assertEquals(NORMAL_MODE_CIPHERS, saProposal.getEncryptionAlgorithms());
+ assertEquals(INTEGRITY_ALGOS, saProposal.getIntegrityAlgorithms());
assertEquals(PRFS, saProposal.getPseudorandomFunctions());
assertEquals(DH_GROUPS, saProposal.getDhGroups());
}
@@ -325,7 +197,7 @@
IkeSaProposal saProposal =
buildIkeSaProposalWithCombinedModeCipher(false /* hasIntegrityNone */);
- assertEquals(IKE_COMBINED_MODE_CIPHERS, saProposal.getEncryptionAlgorithms());
+ assertEquals(COMBINED_MODE_CIPHERS, saProposal.getEncryptionAlgorithms());
assertEquals(PRFS, saProposal.getPseudorandomFunctions());
assertEquals(DH_GROUPS, saProposal.getDhGroups());
assertTrue(saProposal.getIntegrityAlgorithms().isEmpty());
@@ -336,7 +208,7 @@
IkeSaProposal saProposal =
buildIkeSaProposalWithCombinedModeCipher(true /* hasIntegrityNone */);
- assertEquals(IKE_COMBINED_MODE_CIPHERS, saProposal.getEncryptionAlgorithms());
+ assertEquals(COMBINED_MODE_CIPHERS, saProposal.getEncryptionAlgorithms());
assertEquals(PRFS, saProposal.getPseudorandomFunctions());
assertEquals(DH_GROUPS, saProposal.getDhGroups());
assertEquals(Arrays.asList(INTEGRITY_ALGORITHM_NONE), saProposal.getIntegrityAlgorithms());
@@ -346,8 +218,8 @@
public void testBuildChildSaProposalWithNormalModeCipher() {
ChildSaProposal saProposal = buildChildSaProposalWithNormalModeCipher();
- assertEquals(CHILD_NORMAL_MODE_CIPHERS, saProposal.getEncryptionAlgorithms());
- assertEquals(CHILD_INTEGRITY_ALGOS, saProposal.getIntegrityAlgorithms());
+ assertEquals(NORMAL_MODE_CIPHERS, saProposal.getEncryptionAlgorithms());
+ assertEquals(INTEGRITY_ALGOS, saProposal.getIntegrityAlgorithms());
assertEquals(DH_GROUPS_WITH_NONE, saProposal.getDhGroups());
}
@@ -356,7 +228,7 @@
ChildSaProposal saProposal =
buildChildSaProposalWithCombinedModeCipher(false /* hasIntegrityNone */);
- assertEquals(CHILD_COMBINED_MODE_CIPHERS, saProposal.getEncryptionAlgorithms());
+ assertEquals(COMBINED_MODE_CIPHERS, saProposal.getEncryptionAlgorithms());
assertTrue(saProposal.getIntegrityAlgorithms().isEmpty());
assertEquals(DH_GROUPS_WITH_NONE, saProposal.getDhGroups());
}
@@ -366,7 +238,7 @@
ChildSaProposal saProposal =
buildChildSaProposalWithCombinedModeCipher(true /* hasIntegrityNone */);
- assertEquals(CHILD_COMBINED_MODE_CIPHERS, saProposal.getEncryptionAlgorithms());
+ assertEquals(COMBINED_MODE_CIPHERS, saProposal.getEncryptionAlgorithms());
assertEquals(Arrays.asList(INTEGRITY_ALGORITHM_NONE), saProposal.getIntegrityAlgorithms());
assertEquals(DH_GROUPS_WITH_NONE, saProposal.getDhGroups());
}
@@ -375,179 +247,10 @@
public void testBuildChildSaProposalWithOnlyCiphers() {
ChildSaProposal saProposal = buildChildSaProposalWithOnlyCiphers();
- assertEquals(CHILD_COMBINED_MODE_CIPHERS, saProposal.getEncryptionAlgorithms());
+ assertEquals(COMBINED_MODE_CIPHERS, saProposal.getEncryptionAlgorithms());
assertTrue(saProposal.getIntegrityAlgorithms().isEmpty());
assertTrue(saProposal.getDhGroups().isEmpty());
}
- private static final String IPSEC_NAME_NA = "";
-
- private static class CryptoInfo {
- public final int minSdk;
- public final String ipSecName;
-
- CryptoInfo(int minSdk, String ipSecName) {
- this.minSdk = minSdk;
- this.ipSecName = ipSecName;
- }
- }
-
- private static final Map<Integer, CryptoInfo> ALL_ENCRYPT_ALGOS = getAllCiphers();
- private static final Map<Integer, CryptoInfo> ALL_INTEGRITY_ALGOS = getAllIntegrityAlgos();
- private static final Map<Integer, Integer> ALL_DH_GROUPS = getAllDhGroups();
- private static final Map<Integer, Integer> ALL_PRFS = getAllPrfs();
-
- private static Map<Integer, CryptoInfo> getAllCiphers() {
- final Map<Integer, CryptoInfo> ciphers = new HashMap<>();
- ciphers.put(ENCRYPTION_ALGORITHM_3DES, new CryptoInfo(R, IPSEC_NAME_NA));
- ciphers.put(ENCRYPTION_ALGORITHM_AES_CBC, new CryptoInfo(R, CRYPT_AES_CBC));
- ciphers.put(ENCRYPTION_ALGORITHM_AES_CTR, new CryptoInfo(R, CRYPT_AES_CTR));
- ciphers.put(ENCRYPTION_ALGORITHM_AES_GCM_8, new CryptoInfo(R, AUTH_CRYPT_AES_GCM));
- ciphers.put(ENCRYPTION_ALGORITHM_AES_GCM_12, new CryptoInfo(R, AUTH_CRYPT_AES_GCM));
- ciphers.put(ENCRYPTION_ALGORITHM_AES_GCM_16, new CryptoInfo(R, AUTH_CRYPT_AES_GCM));
- ciphers.put(
- ENCRYPTION_ALGORITHM_CHACHA20_POLY1305,
- new CryptoInfo(R, AUTH_CRYPT_CHACHA20_POLY1305));
- return ciphers;
- }
-
- private static Map<Integer, CryptoInfo> getAllIntegrityAlgos() {
- final Map<Integer, CryptoInfo> integrityAlgos = new HashMap<>();
- integrityAlgos.put(INTEGRITY_ALGORITHM_NONE, new CryptoInfo(R, IPSEC_NAME_NA));
- integrityAlgos.put(INTEGRITY_ALGORITHM_HMAC_SHA1_96, new CryptoInfo(R, AUTH_HMAC_SHA1));
- integrityAlgos.put(INTEGRITY_ALGORITHM_AES_XCBC_96, new CryptoInfo(R, AUTH_AES_XCBC));
- integrityAlgos.put(
- INTEGRITY_ALGORITHM_HMAC_SHA2_256_128, new CryptoInfo(R, AUTH_HMAC_SHA256));
- integrityAlgos.put(
- INTEGRITY_ALGORITHM_HMAC_SHA2_384_192, new CryptoInfo(R, AUTH_HMAC_SHA384));
- integrityAlgos.put(
- INTEGRITY_ALGORITHM_HMAC_SHA2_512_256, new CryptoInfo(R, AUTH_HMAC_SHA512));
- integrityAlgos.put(INTEGRITY_ALGORITHM_AES_CMAC_96, new CryptoInfo(S, AUTH_AES_CMAC));
-
- return integrityAlgos;
- }
-
- private static Map<Integer, Integer> getAllDhGroups() {
- final Map<Integer, Integer> dhGroups = new HashMap<>();
- dhGroups.put(DH_GROUP_NONE, R);
- dhGroups.put(DH_GROUP_1024_BIT_MODP, R);
- dhGroups.put(DH_GROUP_1536_BIT_MODP, R);
- dhGroups.put(DH_GROUP_2048_BIT_MODP, R);
- dhGroups.put(DH_GROUP_3072_BIT_MODP, R);
- dhGroups.put(DH_GROUP_4096_BIT_MODP, R);
- dhGroups.put(DH_GROUP_CURVE_25519, S);
- return dhGroups;
- }
-
- private static Map<Integer, Integer> getAllPrfs() {
- final Map<Integer, Integer> prfs = new HashMap<>();
- prfs.put(PSEUDORANDOM_FUNCTION_HMAC_SHA1, R);
- prfs.put(PSEUDORANDOM_FUNCTION_AES128_XCBC, R);
- prfs.put(PSEUDORANDOM_FUNCTION_SHA2_256, R);
- prfs.put(PSEUDORANDOM_FUNCTION_SHA2_384, R);
- prfs.put(PSEUDORANDOM_FUNCTION_SHA2_512, R);
- prfs.put(PSEUDORANDOM_FUNCTION_AES128_CMAC, S);
- return prfs;
- }
-
- private static Set<Integer> getExpectedSupportedCryptoAlgorithms(
- Map<Integer, CryptoInfo> algoMap, int sdkLevel) {
- final Set<Integer> supportedSet = new HashSet<>();
- for (Entry<Integer, CryptoInfo> entry : algoMap.entrySet()) {
- if (sdkLevel >= entry.getValue().minSdk) {
- supportedSet.add(entry.getKey());
- }
- }
-
- return supportedSet;
- }
-
- private static Set<Integer> getExpectedSupportedDhOrPrf(
- Map<Integer, Integer> algoMap, int sdkLevel) {
- final Set<Integer> supportedSet = new HashSet<>();
- for (Entry<Integer, Integer> entry : algoMap.entrySet()) {
- if (sdkLevel >= entry.getValue()) {
- supportedSet.add(entry.getKey());
- }
- }
-
- return supportedSet;
- }
-
- private static void checkGetSupportedIkeSaAlgos(int sdkLevel) {
- assertEquals(
- getExpectedSupportedCryptoAlgorithms(ALL_ENCRYPT_ALGOS, sdkLevel),
- IkeSaProposal.getSupportedEncryptionAlgorithms());
- assertEquals(
- getExpectedSupportedCryptoAlgorithms(ALL_INTEGRITY_ALGOS, sdkLevel),
- IkeSaProposal.getSupportedIntegrityAlgorithms());
- assertEquals(
- getExpectedSupportedDhOrPrf(ALL_DH_GROUPS, sdkLevel),
- IkeSaProposal.getSupportedDhGroups());
- assertEquals(
- getExpectedSupportedDhOrPrf(ALL_PRFS, sdkLevel),
- IkeSaProposal.getSupportedPseudorandomFunctions());
- }
-
- @Test
- public void testGetSupportedIkeAlgosOnReleasedSdk() {
- // It is a release branch.
- assumeTrue("REL".equals(CODENAME));
- checkGetSupportedIkeSaAlgos(SDK_INT);
- }
-
- @Test
- public void testGetSupportedIkeAlgosOnPrereleasedSdk() {
- // On a pre-released branch, the VERSION.SDK_INT is still the previous version code, and the
- // value of the current version code is CUR_DEVELOPMENT. For example, on an S development
- // branch, VERSION.SDK_INT is still VERSION_CODES.R (30), and VERSION_CODES.S is
- // CUR_DEVELOPMENT (1000).
- assumeFalse("REL".equals(CODENAME));
- checkGetSupportedIkeSaAlgos(CUR_DEVELOPMENT);
- }
-
- private static void checkGetSupportedChildSaAlgos(Set<String> expectedAlgos) {
- final Set<String> supportedIpSecAlgos = new HashSet<>();
-
- for (int algo : ChildSaProposal.getSupportedEncryptionAlgorithms()) {
- supportedIpSecAlgos.add(ALL_ENCRYPT_ALGOS.get(algo).ipSecName);
- }
-
- for (int algo : ChildSaProposal.getSupportedIntegrityAlgorithms()) {
- if (algo != INTEGRITY_ALGORITHM_NONE) {
- supportedIpSecAlgos.add(ALL_INTEGRITY_ALGOS.get(algo).ipSecName);
- }
- }
- assertEquals(expectedAlgos, supportedIpSecAlgos);
- }
-
- @Test
- @IgnoreUpTo(R)
- public void testGetSupportedChildAlgosAtLeastSdkS() {
- // MD5 is not allowed by IKE for security reasons
- final Set<String> expectedAlgos = new HashSet<>();
- expectedAlgos.addAll(IpSecAlgorithm.getSupportedAlgorithms());
- expectedAlgos.remove(AUTH_HMAC_MD5);
-
- checkGetSupportedChildSaAlgos(expectedAlgos);
- }
-
- @Test
- @IgnoreAfter(R)
- public void testGetSupportedChildAlgosPreS() {
- final Set<String> expectedAlgos = new HashSet<>();
- expectedAlgos.add(ALL_ENCRYPT_ALGOS.get(ENCRYPTION_ALGORITHM_AES_CBC).ipSecName);
- expectedAlgos.add(ALL_ENCRYPT_ALGOS.get(ENCRYPTION_ALGORITHM_AES_GCM_8).ipSecName);
- expectedAlgos.add(ALL_ENCRYPT_ALGOS.get(ENCRYPTION_ALGORITHM_AES_GCM_12).ipSecName);
- expectedAlgos.add(ALL_ENCRYPT_ALGOS.get(ENCRYPTION_ALGORITHM_AES_GCM_16).ipSecName);
-
- expectedAlgos.add(ALL_INTEGRITY_ALGOS.get(INTEGRITY_ALGORITHM_HMAC_SHA1_96).ipSecName);
- expectedAlgos.add(ALL_INTEGRITY_ALGOS.get(INTEGRITY_ALGORITHM_HMAC_SHA2_256_128).ipSecName);
- expectedAlgos.add(ALL_INTEGRITY_ALGOS.get(INTEGRITY_ALGORITHM_HMAC_SHA2_384_192).ipSecName);
- expectedAlgos.add(ALL_INTEGRITY_ALGOS.get(INTEGRITY_ALGORITHM_HMAC_SHA2_512_256).ipSecName);
-
- checkGetSupportedChildSaAlgos(expectedAlgos);
- }
-
// TODO(b/148689509): Test throwing exception when algorithm combination is invalid
}
diff --git a/tests/cts/src/android/ipsec/ike/cts/SessionConfigurationTest.java b/tests/cts/src/android/ipsec/ike/cts/SessionConfigurationTest.java
deleted file mode 100644
index fe7aa91..0000000
--- a/tests/cts/src/android/ipsec/ike/cts/SessionConfigurationTest.java
+++ /dev/null
@@ -1,189 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.ipsec.ike.cts;
-
-import static android.ipsec.ike.cts.IkeSessionTestBase.EXPECTED_DNS_SERVERS_ONE;
-import static android.ipsec.ike.cts.IkeSessionTestBase.EXPECTED_DNS_SERVERS_TWO;
-import static android.ipsec.ike.cts.IkeSessionTestBase.EXPECTED_INTERNAL_ADDR;
-import static android.ipsec.ike.cts.IkeSessionTestBase.EXPECTED_INTERNAL_ADDR_V6;
-import static android.ipsec.ike.cts.IkeSessionTestBase.EXPECTED_INTERNAL_LINK_ADDR;
-import static android.ipsec.ike.cts.IkeSessionTestBase.EXPECTED_INTERNAL_LINK_ADDR_V6;
-import static android.net.ipsec.ike.IkeSessionConfiguration.EXTENSION_TYPE_FRAGMENTATION;
-import static android.net.ipsec.ike.IkeSessionConfiguration.EXTENSION_TYPE_MOBIKE;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertTrue;
-
-import android.net.InetAddresses;
-import android.net.IpPrefix;
-import android.net.Network;
-import android.net.ipsec.ike.ChildSessionConfiguration;
-import android.net.ipsec.ike.IkeSessionConfiguration;
-import android.net.ipsec.ike.IkeSessionConnectionInfo;
-import android.net.ipsec.ike.IkeTrafficSelector;
-
-import androidx.test.ext.junit.runners.AndroidJUnit4;
-
-import org.junit.Test;
-import org.junit.runner.RunWith;
-
-import java.net.InetAddress;
-import java.util.Arrays;
-import java.util.List;
-
-@RunWith(AndroidJUnit4.class)
-public class SessionConfigurationTest extends IkeTestNetworkBase {
- private static final byte[] REMOTE_VENDOR_ID_1 = "REMOTE_VENDOR_ID_1".getBytes();
- private static final byte[] REMOTE_VENDOR_ID_2 = "REMOTE_VENDOR_ID_2".getBytes();
- private static final String REMOTE_APP_VERSION = "REMOTE_APP_VERSION";
- private static final String REMOTE_APP_VERSION_NONE = "";
-
- private static final List<IkeTrafficSelector> IN_TS_LIST =
- Arrays.asList(INBOUND_V4_TS, INBOUND_V6_TS);
- private static final List<IkeTrafficSelector> OUT_TS_LIST =
- Arrays.asList(OUTBOUND_V4_TS, OUTBOUND_V6_TS);
-
- private static final IpPrefix SUBNET_V4 = new IpPrefix(EXPECTED_INTERNAL_ADDR, 24);
- private static final IpPrefix SUBNET_V6 = new IpPrefix(EXPECTED_INTERNAL_ADDR_V6, 64);
- private static final InetAddress DHCP_SERVER =
- InetAddresses.parseNumericAddress("198.51.100.111");
-
- private interface IkeSessionConnectionInfoTestRunner {
- void run(IkeSessionConnectionInfo connectionInfo, Network network) throws Exception;
- }
-
- private void runTestWithIkeSessionConnectionInfo(IkeSessionConnectionInfoTestRunner testRunner)
- throws Exception {
- try (TunNetworkContext tunNwContext = new TunNetworkContext(IPV6_ADDRESS_LOCAL)) {
- final IkeSessionConnectionInfo connectionInfo =
- new IkeSessionConnectionInfo(
- IPV6_ADDRESS_LOCAL, IPV6_ADDRESS_REMOTE, tunNwContext.tunNetwork);
- testRunner.run(connectionInfo, tunNwContext.tunNetwork);
- }
- }
-
- @Test
- public void testIkeConnectionInfo() throws Exception {
- runTestWithIkeSessionConnectionInfo(
- (connectionInfo, network) -> {
- assertEquals(IPV6_ADDRESS_LOCAL, connectionInfo.getLocalAddress());
- assertEquals(IPV6_ADDRESS_REMOTE, connectionInfo.getRemoteAddress());
- assertEquals(network, connectionInfo.getNetwork());
- });
- }
-
- private void addToIkeSessionConfigBuilder(IkeSessionConfiguration.Builder builder) {
- builder.addIkeExtension(EXTENSION_TYPE_FRAGMENTATION)
- .addIkeExtension(EXTENSION_TYPE_MOBIKE)
- .addPcscfServer(PCSCF_IPV4_ADDRESS_1)
- .addPcscfServer(PCSCF_IPV6_ADDRESS_1)
- .addRemoteVendorId(REMOTE_VENDOR_ID_1)
- .addRemoteVendorId(REMOTE_VENDOR_ID_2)
- .setRemoteApplicationVersion(REMOTE_APP_VERSION);
- }
-
- @Test
- public void testIkeSessionConfiguration() throws Exception {
- runTestWithIkeSessionConnectionInfo(
- (connectionInfo, network) -> {
- final IkeSessionConfiguration.Builder builder =
- new IkeSessionConfiguration.Builder(connectionInfo);
- addToIkeSessionConfigBuilder(builder);
- final IkeSessionConfiguration config = builder.build();
-
- assertEquals(connectionInfo, config.getIkeSessionConnectionInfo());
- assertTrue(config.isIkeExtensionEnabled(EXTENSION_TYPE_FRAGMENTATION));
- assertTrue(config.isIkeExtensionEnabled(EXTENSION_TYPE_MOBIKE));
- assertEquals(
- Arrays.asList(PCSCF_IPV4_ADDRESS_1, PCSCF_IPV6_ADDRESS_1),
- config.getPcscfServers());
- assertEquals(
- Arrays.asList(REMOTE_VENDOR_ID_1, REMOTE_VENDOR_ID_2),
- config.getRemoteVendorIds());
- assertEquals(REMOTE_APP_VERSION, config.getRemoteApplicationVersion());
- });
- }
-
- @Test
- public void testIkeSessionConfigurationClearMethods() throws Exception {
- runTestWithIkeSessionConnectionInfo(
- (connectionInfo, network) -> {
- final IkeSessionConfiguration.Builder builder =
- new IkeSessionConfiguration.Builder(connectionInfo);
- addToIkeSessionConfigBuilder(builder);
- final IkeSessionConfiguration config =
- builder.clearIkeExtensions()
- .clearPcscfServers()
- .clearRemoteVendorIds()
- .clearRemoteApplicationVersion()
- .build();
-
- assertEquals(connectionInfo, config.getIkeSessionConnectionInfo());
- assertFalse(config.isIkeExtensionEnabled(EXTENSION_TYPE_FRAGMENTATION));
- assertFalse(config.isIkeExtensionEnabled(EXTENSION_TYPE_MOBIKE));
- assertTrue(config.getPcscfServers().isEmpty());
- assertTrue(config.getRemoteVendorIds().isEmpty());
- assertEquals(REMOTE_APP_VERSION_NONE, config.getRemoteApplicationVersion());
- });
- }
-
- private ChildSessionConfiguration.Builder createChildSessionConfigBuilder() {
- return new ChildSessionConfiguration.Builder(IN_TS_LIST, OUT_TS_LIST)
- .addInternalAddress(EXPECTED_INTERNAL_LINK_ADDR)
- .addInternalAddress(EXPECTED_INTERNAL_LINK_ADDR_V6)
- .addInternalSubnet(SUBNET_V4)
- .addInternalSubnet(SUBNET_V6)
- .addInternalDnsServer(EXPECTED_DNS_SERVERS_ONE)
- .addInternalDnsServer(EXPECTED_DNS_SERVERS_TWO)
- .addInternalDhcpServer(DHCP_SERVER);
- }
-
- @Test
- public void testChildSessionConfiguration() throws Exception {
- final ChildSessionConfiguration config = createChildSessionConfigBuilder().build();
-
- assertEquals(IN_TS_LIST, config.getInboundTrafficSelectors());
- assertEquals(OUT_TS_LIST, config.getOutboundTrafficSelectors());
- assertEquals(
- Arrays.asList(EXPECTED_INTERNAL_LINK_ADDR, EXPECTED_INTERNAL_LINK_ADDR_V6),
- config.getInternalAddresses());
- assertEquals(Arrays.asList(SUBNET_V4, SUBNET_V6), config.getInternalSubnets());
- assertEquals(
- Arrays.asList(EXPECTED_DNS_SERVERS_ONE, EXPECTED_DNS_SERVERS_TWO),
- config.getInternalDnsServers());
- assertEquals(Arrays.asList(DHCP_SERVER), config.getInternalDhcpServers());
- }
-
- @Test
- public void testChildSessionConfigurationClearMethods() throws Exception {
- final ChildSessionConfiguration config =
- createChildSessionConfigBuilder()
- .clearInternalAddresses()
- .clearInternalDhcpServers()
- .clearInternalDnsServers()
- .clearInternalSubnets()
- .build();
-
- assertEquals(IN_TS_LIST, config.getInboundTrafficSelectors());
- assertEquals(OUT_TS_LIST, config.getOutboundTrafficSelectors());
- assertTrue(config.getInternalAddresses().isEmpty());
- assertTrue(config.getInternalDhcpServers().isEmpty());
- assertTrue(config.getInternalDnsServers().isEmpty());
- assertTrue(config.getInternalSubnets().isEmpty());
- }
-}
diff --git a/tests/cts/src/android/ipsec/ike/cts/TestNetworkUtils.java b/tests/cts/src/android/ipsec/ike/cts/TestNetworkUtils.java
index 97273d9..2f2a6a4 100644
--- a/tests/cts/src/android/ipsec/ike/cts/TestNetworkUtils.java
+++ b/tests/cts/src/android/ipsec/ike/cts/TestNetworkUtils.java
@@ -32,7 +32,7 @@
// TODO(b/148689509): Share this class with net CTS test (e.g. IpSecManagerTunnelTest)
public class TestNetworkUtils {
- private static final int TIMEOUT_MS = 3000;
+ private static final int TIMEOUT_MS = 500;
/** Callback to receive requested test network. */
public static class TestNetworkCallback extends ConnectivityManager.NetworkCallback {
diff --git a/tests/cts/src/android/ipsec/ike/cts/TunUtils.java b/tests/cts/src/android/ipsec/ike/cts/TunUtils.java
index 23972b6..dc197f9 100644
--- a/tests/cts/src/android/ipsec/ike/cts/TunUtils.java
+++ b/tests/cts/src/android/ipsec/ike/cts/TunUtils.java
@@ -47,7 +47,7 @@
private static final String TAG = TunUtils.class.getSimpleName();
private static final int DATA_BUFFER_LEN = 4096;
- static final int TIMEOUT = 1000;
+ static final int TIMEOUT = 500;
static final int IP4_PROTO_OFFSET = 9;
static final int IP6_PROTO_OFFSET = 6;
diff --git a/tests/cts/src/android/ipsec/ike/cts/ike3gpp/Ike3gppBackoffTimerTest.java b/tests/cts/src/android/ipsec/ike/cts/ike3gpp/Ike3gppBackoffTimerTest.java
deleted file mode 100644
index a83c984..0000000
--- a/tests/cts/src/android/ipsec/ike/cts/ike3gpp/Ike3gppBackoffTimerTest.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net.ipsec.ike.ike3gpp;
-
-import static org.junit.Assert.assertEquals;
-
-import org.junit.Before;
-import org.junit.Test;
-
-public class Ike3gppBackoffTimerTest {
- private static final byte BACKOFF_TIMER = (byte) 0xAF;
- private static final int BACKOFF_CAUSE = Ike3gppBackoffTimer.ERROR_TYPE_NETWORK_FAILURE;
-
- private Ike3gppBackoffTimer mBackoffTimer;
-
- @Before
- public void setUp() {
- mBackoffTimer = new Ike3gppBackoffTimer(BACKOFF_TIMER, BACKOFF_CAUSE);
- }
-
- @Test
- public void testGetDataType() {
- assertEquals(Ike3gppData.DATA_TYPE_NOTIFY_BACKOFF_TIMER, mBackoffTimer.getDataType());
- }
-
- @Test
- public void testGetBackoffTimer() {
- assertEquals(BACKOFF_TIMER, mBackoffTimer.getBackoffTimer());
- }
-
- @Test
- public void testGetCause() {
- assertEquals(BACKOFF_CAUSE, mBackoffTimer.getBackoffCause());
- }
-}
diff --git a/tests/cts/src/android/ipsec/ike/cts/ike3gpp/Ike3gppDataListenerTest.java b/tests/cts/src/android/ipsec/ike/cts/ike3gpp/Ike3gppDataListenerTest.java
deleted file mode 100644
index 2bb83a0..0000000
--- a/tests/cts/src/android/ipsec/ike/cts/ike3gpp/Ike3gppDataListenerTest.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net.ipsec.ike.ike3gpp;
-
-import static org.junit.Assert.assertEquals;
-
-import android.net.ipsec.ike.ike3gpp.Ike3gppExtension.Ike3gppDataListener;
-
-import org.junit.Test;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-
-public class Ike3gppDataListenerTest {
- @Test
- public void testOnIke3gppDataReceived() {
- List<Ike3gppData> ike3gppData =
- Arrays.asList(Ike3gppN1ModeInformationTest.newN1ModeInformation());
-
- TestIke3gppDataListener dataListener = new TestIke3gppDataListener();
- dataListener.onIke3gppDataReceived(ike3gppData);
-
- assertEquals(ike3gppData, dataListener.lastDataList);
- }
-
- public static class TestIke3gppDataListener implements Ike3gppDataListener {
- public final List<Ike3gppData> lastDataList = new ArrayList<>();
-
- @Override
- public void onIke3gppDataReceived(List<Ike3gppData> ike3gppDataList) {
- lastDataList.clear();
- lastDataList.addAll(ike3gppDataList);
- }
- }
-}
diff --git a/tests/cts/src/android/ipsec/ike/cts/ike3gpp/Ike3gppExtensionTest.java b/tests/cts/src/android/ipsec/ike/cts/ike3gpp/Ike3gppExtensionTest.java
deleted file mode 100644
index 3c28ca5..0000000
--- a/tests/cts/src/android/ipsec/ike/cts/ike3gpp/Ike3gppExtensionTest.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net.ipsec.ike.ike3gpp;
-
-import static android.net.ipsec.ike.ike3gpp.Ike3gppDataListenerTest.TestIke3gppDataListener;
-
-import static org.junit.Assert.assertEquals;
-
-import android.net.ipsec.ike.ike3gpp.Ike3gppExtension.Ike3gppDataListener;
-
-import org.junit.Before;
-import org.junit.Test;
-
-public class Ike3gppExtensionTest {
- private Ike3gppParams mParams;
- private Ike3gppDataListener mDataListener;
- private Ike3gppExtension mIke3gppExtension;
-
- @Before
- public void setUp() {
- mParams = new Ike3gppParams.Builder().build();
- mDataListener = new TestIke3gppDataListener();
-
- mIke3gppExtension = new Ike3gppExtension(mParams, mDataListener);
- }
-
- @Test
- public void testGetIke3gppParams() {
- assertEquals(mParams, mIke3gppExtension.getIke3gppParams());
- }
-
- @Test
- public void testGetIke3gppDataListener() {
- assertEquals(mDataListener, mIke3gppExtension.getIke3gppDataListener());
- }
-}
diff --git a/tests/cts/src/android/ipsec/ike/cts/ike3gpp/Ike3gppN1ModeInformationTest.java b/tests/cts/src/android/ipsec/ike/cts/ike3gpp/Ike3gppN1ModeInformationTest.java
deleted file mode 100644
index 56fb581..0000000
--- a/tests/cts/src/android/ipsec/ike/cts/ike3gpp/Ike3gppN1ModeInformationTest.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net.ipsec.ike.ike3gpp;
-
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertEquals;
-
-import com.android.internal.util.HexDump;
-
-import org.junit.Before;
-import org.junit.Test;
-
-public class Ike3gppN1ModeInformationTest {
- private static final byte[] SNSSAI = HexDump.hexStringToByteArray("1122334455");
-
- private Ike3gppN1ModeInformation mN1ModeInformation;
-
- public static Ike3gppN1ModeInformation newN1ModeInformation() {
- return new Ike3gppN1ModeInformation(SNSSAI);
- }
-
- @Before
- public void setUp() {
- mN1ModeInformation = newN1ModeInformation();
- }
-
- @Test
- public void testGetDataType() {
- assertEquals(
- Ike3gppData.DATA_TYPE_NOTIFY_N1_MODE_INFORMATION, mN1ModeInformation.getDataType());
- }
-
- @Test
- public void testGetSnssai() {
- assertArrayEquals(SNSSAI, mN1ModeInformation.getSnssai());
- }
-}
diff --git a/tests/cts/src/android/ipsec/ike/cts/ike3gpp/Ike3gppParamsTest.java b/tests/cts/src/android/ipsec/ike/cts/ike3gpp/Ike3gppParamsTest.java
deleted file mode 100644
index b05def4..0000000
--- a/tests/cts/src/android/ipsec/ike/cts/ike3gpp/Ike3gppParamsTest.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net.ipsec.ike.ike3gpp;
-
-import static org.junit.Assert.assertEquals;
-
-import org.junit.Test;
-
-public class Ike3gppParamsTest {
- public static final byte PDU_SESSION_ID = (byte) 5;
-
- @Test
- public void testBuildIke3gppParams() {
- final Ike3gppParams params =
- new Ike3gppParams.Builder().setPduSessionId(PDU_SESSION_ID).build();
-
- assertEquals(PDU_SESSION_ID, params.getPduSessionId());
- }
-
- @Test
- public void testBuildIke3gppParamsWithoutPduSessionId() {
- final Ike3gppParams params = new Ike3gppParams.Builder().build();
-
- assertEquals(Ike3gppParams.PDU_SESSION_ID_UNSET, params.getPduSessionId());
- }
-}
diff --git a/tests/iketests/Android.bp b/tests/iketests/Android.bp
index 8d66453..9ae63b8 100644
--- a/tests/iketests/Android.bp
+++ b/tests/iketests/Android.bp
@@ -12,10 +12,6 @@
// See the License for the specific language governing permissions and
// limitations under the License.
-package {
- default_applicable_licenses: ["Android-Apache-2.0"],
-}
-
android_test {
name: "FrameworksIkeTests",
@@ -23,7 +19,7 @@
platform_apis: true,
certificate: "platform",
- test_suites: ["general-tests", "mts-ipsec"],
+ test_suites: ["device-tests", "mts-ipsec"],
compile_multilib: "both",
@@ -37,8 +33,6 @@
"androidx.test.rules",
"frameworks-base-testutils",
"mockito-target-inline-minus-junit4",
- "modules-utils-build",
- "net-tests-utils",
"services.core",
],
@@ -47,6 +41,9 @@
"libstaticjvmtiagent",
"libmultiplejvmtiagentsinterferenceagent",
],
-
- min_sdk_version: "30",
}
+
+ filegroup {
+ name: "ike-test-utils",
+ srcs: ["src/java/**/CertUtils.java"],
+ }
diff --git a/tests/iketests/AndroidManifest.xml b/tests/iketests/AndroidManifest.xml
index b8b3f2d..bdcfdb7 100644
--- a/tests/iketests/AndroidManifest.xml
+++ b/tests/iketests/AndroidManifest.xml
@@ -18,8 +18,6 @@
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.android.ike.tests">
- <uses-sdk android:minSdkVersion="30" android:targetSdkVersion="30" />
-
<!--Allow tests to create socket -->
<uses-permission android:name="android.permission.INTERNET"/>
<!--Allow tests to call ConnectivityManager#getActiveNetwork()-->
@@ -51,3 +49,5 @@
android:targetPackage="com.android.ike.tests"
android:label="Frameworks Ike Tests" />
</manifest>
+
+
diff --git a/tests/iketests/FrameworksIkeTests.xml b/tests/iketests/FrameworksIkeTests.xml
index 7a0a095..a7f0fd5 100644
--- a/tests/iketests/FrameworksIkeTests.xml
+++ b/tests/iketests/FrameworksIkeTests.xml
@@ -17,7 +17,6 @@
<configuration description="Runs Frameworks Ike Tests.">
<option name="test-suite-tag" value="apct" />
<option name="test-suite-tag" value="apct-instrumentation" />
- <option name="config-descriptor:metadata" key="mainline-param" value="com.google.android.ipsec.apex" />
<target_preparer class="com.android.tradefed.targetprep.suite.SuiteApkInstaller">
<option name="cleanup-apks" value="true" />
<option name="test-file-name" value="FrameworksIkeTests.apk" />
diff --git a/tests/iketests/src/java/android/net/eap/EapSessionConfigTest.java b/tests/iketests/src/java/android/net/eap/EapSessionConfigTest.java
index 6e5ccba..7944fb8 100644
--- a/tests/iketests/src/java/android/net/eap/EapSessionConfigTest.java
+++ b/tests/iketests/src/java/android/net/eap/EapSessionConfigTest.java
@@ -14,35 +14,28 @@
* limitations under the License.
*/
-package android.net.eap.test;
+package android.net.eap;
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_AKA;
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_AKA_PRIME;
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_MSCHAP_V2;
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_SIM;
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_TTLS;
import static android.telephony.TelephonyManager.APPTYPE_USIM;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_AKA;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_AKA_PRIME;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_MSCHAP_V2;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_SIM;
+
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotEquals;
import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-import android.net.eap.test.EapSessionConfig.EapAkaConfig;
-import android.net.eap.test.EapSessionConfig.EapAkaPrimeConfig;
-import android.net.eap.test.EapSessionConfig.EapMethodConfig;
-import android.net.eap.test.EapSessionConfig.EapMsChapV2Config;
-import android.net.eap.test.EapSessionConfig.EapSimConfig;
-import android.net.eap.test.EapSessionConfig.EapTtlsConfig;
-import android.os.PersistableBundle;
-
-import com.android.internal.net.ipsec.test.ike.testutils.CertUtils;
+import android.net.eap.EapSessionConfig.EapAkaConfig;
+import android.net.eap.EapSessionConfig.EapAkaPrimeConfig;
+import android.net.eap.EapSessionConfig.EapMethodConfig;
+import android.net.eap.EapSessionConfig.EapMsChapV2Config;
+import android.net.eap.EapSessionConfig.EapSimConfig;
import org.junit.Test;
import java.nio.charset.StandardCharsets;
-import java.security.cert.X509Certificate;
public class EapSessionConfigTest {
private static final byte[] DEFAULT_IDENTITY = new byte[0];
@@ -54,20 +47,6 @@
private static final String USERNAME = "username";
private static final String PASSWORD = "password";
- private static void verifyPersistableBundleEncodeDecodeIsLossless(EapMethodConfig config) {
- PersistableBundle bundle = config.toPersistableBundle();
- EapMethodConfig resultConfig = EapMethodConfig.fromPersistableBundle(bundle);
-
- assertEquals(config, resultConfig);
- }
-
- private static void verifyPersistableBundleEncodeDecodeIsLossless(EapSessionConfig config) {
- PersistableBundle bundle = config.toPersistableBundle();
- EapSessionConfig resultConfig = EapSessionConfig.fromPersistableBundle(bundle);
-
- assertEquals(config, resultConfig);
- }
-
@Test
public void testBuildEapSim() {
EapSessionConfig result = new EapSessionConfig.Builder()
@@ -85,11 +64,6 @@
}
@Test
- public void testPersistableBundleEncodeDecodeEapSim() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(new EapSimConfig(SUB_ID, APPTYPE_USIM));
- }
-
- @Test
public void testBuildEapAka() {
EapSessionConfig result = new EapSessionConfig.Builder()
.setEapAkaConfig(SUB_ID, APPTYPE_USIM)
@@ -104,11 +78,6 @@
}
@Test
- public void testPersistableBundleEncodeDecodeEapAka() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(new EapAkaConfig(SUB_ID, APPTYPE_USIM));
- }
-
- @Test
public void testBuildEapAkaPrime() {
EapSessionConfig result =
new EapSessionConfig.Builder()
@@ -127,13 +96,6 @@
}
@Test
- public void testPersistableBundleEncodeDecodeEapAkaPrime() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(
- new EapAkaPrimeConfig(
- SUB_ID, APPTYPE_USIM, NETWORK_NAME, ALLOW_MISMATCHED_NETWORK_NAMES));
- }
-
- @Test
public void testBuildEapMsChapV2() {
EapSessionConfig result =
new EapSessionConfig.Builder().setEapMsChapV2Config(USERNAME, PASSWORD).build();
@@ -145,50 +107,6 @@
assertEquals(PASSWORD, config.getPassword());
}
- @Test
- public void testPersistableBundleEncodeDecodeEapMsChapV2() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(new EapMsChapV2Config(USERNAME, PASSWORD));
- }
-
- @Test
- public void testBuildEapTtls() throws Exception {
- EapSessionConfig innerConfig =
- new EapSessionConfig.Builder().setEapMsChapV2Config(USERNAME, PASSWORD).build();
- X509Certificate trustedCa = CertUtils.createCertFromPemFile("self-signed-ca-a.pem");
-
- EapSessionConfig result =
- new EapSessionConfig.Builder().setEapTtlsConfig(trustedCa, innerConfig).build();
-
- assertArrayEquals(DEFAULT_IDENTITY, result.getEapIdentity());
- EapTtlsConfig config = (EapTtlsConfig) result.getEapConfigs().get(EAP_TYPE_TTLS);
- assertEquals(EAP_TYPE_TTLS, config.getMethodType());
- assertEquals(innerConfig, config.getInnerEapSessionConfig());
- assertEquals(trustedCa, config.getServerCaCert());
- }
-
- @Test
- public void testEqualsEapTtls() throws Exception {
- EapSessionConfig innerConfig =
- new EapSessionConfig.Builder().setEapMsChapV2Config(USERNAME, PASSWORD).build();
- X509Certificate trustedCa = CertUtils.createCertFromPemFile("self-signed-ca-a.pem");
-
- assertEquals(
- new EapTtlsConfig(trustedCa, innerConfig),
- new EapTtlsConfig(trustedCa, innerConfig));
- assertEquals(new EapTtlsConfig(null, innerConfig), new EapTtlsConfig(null, innerConfig));
- assertNotEquals(
- new EapTtlsConfig(trustedCa, innerConfig), new EapTtlsConfig(null, innerConfig));
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeEapTtls() throws Exception {
- EapSessionConfig innerConfig =
- new EapSessionConfig.Builder().setEapMsChapV2Config(USERNAME, PASSWORD).build();
- X509Certificate trustedCa = CertUtils.createCertFromPemFile("self-signed-ca-a.pem");
-
- verifyPersistableBundleEncodeDecodeIsLossless(new EapTtlsConfig(trustedCa, innerConfig));
- }
-
@Test(expected = NullPointerException.class)
public void testSetEapIdentityNull() {
new EapSessionConfig.Builder().setEapIdentity(null);
@@ -210,63 +128,8 @@
new EapSessionConfig.Builder().setEapMsChapV2Config(USERNAME, null);
}
- @Test(expected = IllegalArgumentException.class)
- public void testBuildEapTtls_invalidInnerConfig() throws Exception {
- EapSessionConfig msChapConfig =
- new EapSessionConfig.Builder().setEapMsChapV2Config(USERNAME, PASSWORD).build();
- EapSessionConfig innerTtlsConfig =
- new EapSessionConfig.Builder()
- .setEapTtlsConfig(null /* trustedCa */, msChapConfig)
- .build();
- X509Certificate trustedCa = CertUtils.createCertFromPemFile("self-signed-ca-a.pem");
-
- EapSessionConfig result =
- new EapSessionConfig.Builder().setEapTtlsConfig(trustedCa, innerTtlsConfig).build();
- }
-
- @Test(expected = NullPointerException.class)
- public void testBuildEapTtls_missingInnerConfig() throws Exception {
- X509Certificate trustedCa = CertUtils.createCertFromPemFile("self-signed-ca-a.pem");
-
- EapSessionConfig result =
- new EapSessionConfig.Builder().setEapTtlsConfig(trustedCa, null).build();
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeEapSessioConfig() throws Exception {
- EapSessionConfig config =
- new EapSessionConfig.Builder()
- .setEapIdentity(EAP_IDENTITY)
- .setEapSimConfig(SUB_ID, APPTYPE_USIM)
- .setEapAkaConfig(SUB_ID, APPTYPE_USIM)
- .setEapAkaPrimeConfig(
- SUB_ID, APPTYPE_USIM, NETWORK_NAME, ALLOW_MISMATCHED_NETWORK_NAMES)
- .setEapMsChapV2Config(USERNAME, PASSWORD)
- .build();
-
- verifyPersistableBundleEncodeDecodeIsLossless(config);
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeEapSessioConfigWithoutId() throws Exception {
- EapSessionConfig config =
- new EapSessionConfig.Builder()
- .setEapSimConfig(SUB_ID, APPTYPE_USIM)
- .setEapAkaConfig(SUB_ID, APPTYPE_USIM)
- .setEapAkaPrimeConfig(
- SUB_ID, APPTYPE_USIM, NETWORK_NAME, ALLOW_MISMATCHED_NETWORK_NAMES)
- .setEapMsChapV2Config(USERNAME, PASSWORD)
- .build();
-
- verifyPersistableBundleEncodeDecodeIsLossless(config);
- }
-
- @Test
+ @Test(expected = IllegalStateException.class)
public void testBuildWithoutConfigs() {
- try {
- new EapSessionConfig.Builder().build();
- fail("build() should throw an IllegalStateException if no EAP methods are configured");
- } catch (IllegalStateException expected) {
- }
+ new EapSessionConfig.Builder().build();
}
}
diff --git a/tests/iketests/src/java/android/net/ipsec/ike/ChildSessionConfigurationTest.java b/tests/iketests/src/java/android/net/ipsec/ike/ChildSessionConfigurationTest.java
index 475a806..e4987b8 100644
--- a/tests/iketests/src/java/android/net/ipsec/ike/ChildSessionConfigurationTest.java
+++ b/tests/iketests/src/java/android/net/ipsec/ike/ChildSessionConfigurationTest.java
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-package android.net.ipsec.test.ike;
+package android.net.ipsec.ike;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.fail;
@@ -24,17 +24,17 @@
import android.net.IpPrefix;
import android.net.LinkAddress;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttribute;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttributeIpv4Address;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttributeIpv4Dhcp;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttributeIpv4Dns;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttributeIpv4Netmask;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttributeIpv4Pcscf;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttributeIpv4Subnet;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttributeIpv6Address;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttributeIpv6Dns;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttributeIpv6Subnet;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttribute;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv4Address;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv4Dhcp;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv4Dns;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv4Netmask;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv4Pcscf;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv4Subnet;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv6Address;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv6Dns;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv6Subnet;
import org.junit.Before;
import org.junit.Test;
@@ -134,10 +134,7 @@
new ChildSessionConfiguration(mMockInTsList, mMockOutTsList, configPayload);
verifySessionConfigCommon(sessionConfig);
- validateInternalAddrList(sessionConfig);
- }
- private void validateInternalAddrList(ChildSessionConfiguration sessionConfig) {
List<LinkAddress> expectedInternalAddrList = new ArrayList<>();
expectedInternalAddrList.add(IPV4_LINK_ADDRESS);
expectedInternalAddrList.add(IPV6_LINK_ADDRESS);
@@ -202,10 +199,7 @@
new ChildSessionConfiguration(mMockInTsList, mMockOutTsList, configPayload);
verifySessionConfigCommon(sessionConfig);
- validateDnsAddrList(sessionConfig);
- }
- private void validateDnsAddrList(ChildSessionConfiguration sessionConfig) {
List<InetAddress> expectedDnsAddrList = new ArrayList<>();
expectedDnsAddrList.add(IPV4_ADDRESS);
expectedDnsAddrList.add(IPV6_ADDRESS);
@@ -228,10 +222,7 @@
new ChildSessionConfiguration(mMockInTsList, mMockOutTsList, configPayload);
verifySessionConfigCommon(sessionConfig);
- validateSubnetAddrList(sessionConfig);
- }
- private void validateSubnetAddrList(ChildSessionConfiguration sessionConfig) {
List<IpPrefix> expectedSubnetAddrList = new ArrayList<>();
expectedSubnetAddrList.add(IPV4_SUBNET_IP_PREFIX_ADDRESS);
expectedSubnetAddrList.add(IPV6_SUBNET_IP_PREFIX_ADDRESS);
@@ -253,31 +244,8 @@
new ChildSessionConfiguration(mMockInTsList, mMockOutTsList, configPayload);
verifySessionConfigCommon(sessionConfig);
- validateDhcpServers(sessionConfig);
- }
- private void validateDhcpServers(ChildSessionConfiguration sessionConfig) {
assertEquals(1, sessionConfig.getInternalDhcpServers().size());
assertEquals(sessionConfig.getInternalDhcpServers().get(0), IPV4_ADDRESS);
}
-
- @Test
- public void testBuildChildSessionConfigurationWithBuilder() {
- ChildSessionConfiguration sessionConfig =
- new ChildSessionConfiguration.Builder(mMockInTsList, mMockOutTsList)
- .addInternalAddress(IPV4_LINK_ADDRESS)
- .addInternalAddress(IPV6_LINK_ADDRESS)
- .addInternalSubnet(IPV4_SUBNET_IP_PREFIX_ADDRESS)
- .addInternalSubnet(IPV6_SUBNET_IP_PREFIX_ADDRESS)
- .addInternalDnsServer(IPV4_ADDRESS)
- .addInternalDnsServer(IPV6_ADDRESS)
- .addInternalDhcpServer(IPV4_ADDRESS)
- .build();
-
- verifySessionConfigCommon(sessionConfig);
- validateInternalAddrList(sessionConfig);
- validateSubnetAddrList(sessionConfig);
- validateDnsAddrList(sessionConfig);
- validateDhcpServers(sessionConfig);
- }
}
diff --git a/tests/iketests/src/java/android/net/ipsec/ike/ChildSessionParamsTest.java b/tests/iketests/src/java/android/net/ipsec/ike/ChildSessionParamsTest.java
index a9dcdc2..78a417be 100644
--- a/tests/iketests/src/java/android/net/ipsec/ike/ChildSessionParamsTest.java
+++ b/tests/iketests/src/java/android/net/ipsec/ike/ChildSessionParamsTest.java
@@ -14,18 +14,14 @@
* limitations under the License.
*/
-package android.net.ipsec.test.ike;
-
-import static android.system.OsConstants.AF_INET;
+package android.net.ipsec.ike;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.fail;
import android.net.InetAddresses;
-import android.os.PersistableBundle;
import org.junit.Test;
@@ -36,8 +32,6 @@
private static final int NUM_TS = 2;
private final ChildSaProposal mSaProposal;
- private final IkeTrafficSelector mTsInbound;
- private final IkeTrafficSelector mTsOutbound;
public ChildSessionParamsTest() {
mSaProposal =
@@ -46,18 +40,6 @@
SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12,
SaProposal.KEY_LEN_AES_128)
.build();
- mTsInbound =
- new IkeTrafficSelector(
- 16,
- 65520,
- InetAddress.parseNumericAddress("192.0.2.100"),
- InetAddress.parseNumericAddress("192.0.2.101"));
- mTsOutbound =
- new IkeTrafficSelector(
- 32,
- 256,
- InetAddress.parseNumericAddress("192.0.2.200"),
- InetAddress.parseNumericAddress("192.0.2.255"));
}
@Test
@@ -76,54 +58,30 @@
}
@Test
- public void testInternalGetterReturnsDifferentInstances() throws Exception {
- ChildSessionParams sessionParams =
- new TunnelModeChildSessionParams.Builder().addSaProposal(mSaProposal).build();
-
- sessionParams.getSaProposalsInternal()[0] = null;
- assertNotNull(sessionParams.getSaProposalsInternal()[0]);
- sessionParams.getInboundTrafficSelectorsInternal()[0] = null;
- assertNotNull(sessionParams.getInboundTrafficSelectorsInternal()[0]);
- sessionParams.getOutboundTrafficSelectorsInternal()[0] = null;
- assertNotNull(sessionParams.getOutboundTrafficSelectorsInternal()[0]);
- }
-
- private static void verifyPersistableBundleEncodeDecodeIsLossless(ChildSessionParams params) {
- PersistableBundle bundle = params.toPersistableBundle();
- ChildSessionParams result = ChildSessionParams.fromPersistableBundle(bundle);
-
- assertEquals(params, result);
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeIsLosslessTunnelMode() throws Exception {
- ChildSessionParams sessionParams =
- new TunnelModeChildSessionParams.Builder()
- .addSaProposal(mSaProposal)
- .addInternalAddressRequest(AF_INET)
- .build();
- verifyPersistableBundleEncodeDecodeIsLossless(sessionParams);
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeIsLosslessTransportMode() throws Exception {
- ChildSessionParams sessionParams =
- new TransportModeChildSessionParams.Builder().addSaProposal(mSaProposal).build();
- verifyPersistableBundleEncodeDecodeIsLossless(sessionParams);
- }
-
- @Test
public void testBuildTrafficSelectors() {
+ IkeTrafficSelector tsInbound =
+ new IkeTrafficSelector(
+ 16,
+ 65520,
+ InetAddress.parseNumericAddress("192.0.2.100"),
+ InetAddress.parseNumericAddress("192.0.2.101"));
+ IkeTrafficSelector tsOutbound =
+ new IkeTrafficSelector(
+ 32,
+ 256,
+ InetAddress.parseNumericAddress("192.0.2.200"),
+ InetAddress.parseNumericAddress("192.0.2.255"));
+
ChildSessionParams sessionParams =
new TunnelModeChildSessionParams.Builder()
.addSaProposal(mSaProposal)
- .addInboundTrafficSelectors(mTsInbound)
- .addOutboundTrafficSelectors(mTsOutbound)
+ .addInboundTrafficSelectors(tsInbound)
+ .addOutboundTrafficSelectors(tsOutbound)
.build();
assertEquals(Arrays.asList(mSaProposal), sessionParams.getSaProposals());
- assertEquals(Arrays.asList(mTsInbound), sessionParams.getInboundTrafficSelectors());
- assertEquals(Arrays.asList(mTsOutbound), sessionParams.getOutboundTrafficSelectors());
+ assertEquals(Arrays.asList(tsInbound), sessionParams.getInboundTrafficSelectors());
+ assertEquals(Arrays.asList(tsOutbound), sessionParams.getOutboundTrafficSelectors());
}
@Test
@@ -149,18 +107,4 @@
return new IkeTrafficSelector(0, 65535, tsStartAddress, tsEndAddress);
}
-
- @Test
- public void testConstructTransportModeChildParamsCopy() throws Exception {
- TransportModeChildSessionParams childParams =
- new TransportModeChildSessionParams.Builder()
- .addInboundTrafficSelectors(mTsInbound)
- .addOutboundTrafficSelectors(mTsOutbound)
- .addSaProposal(mSaProposal)
- .build();
-
- TransportModeChildSessionParams result =
- new TransportModeChildSessionParams.Builder(childParams).build();
- assertEquals(childParams, result);
- }
}
diff --git a/tests/iketests/src/java/android/net/ipsec/ike/IkeSessionCallbackTest.java b/tests/iketests/src/java/android/net/ipsec/ike/IkeSessionCallbackTest.java
deleted file mode 100644
index ebe8717..0000000
--- a/tests/iketests/src/java/android/net/ipsec/ike/IkeSessionCallbackTest.java
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net.ipsec.test.ike;
-
-import static org.junit.Assert.assertEquals;
-
-import android.net.ipsec.test.ike.exceptions.IkeException;
-import android.net.ipsec.test.ike.exceptions.IkeProtocolException;
-import android.net.ipsec.test.ike.exceptions.InvalidIkeSpiException;
-
-import org.junit.Before;
-import org.junit.Test;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-
-public final class IkeSessionCallbackTest {
- private OldOnErrorIkeSessionCallback mOldCallback;
- private UpdatedOnErrorIkeSessionCallback mUpdatedCallback;
- private IkeProtocolException mIkeException;
-
- @Before
- public void setUp() {
- mOldCallback = new OldOnErrorIkeSessionCallback();
- mUpdatedCallback = new UpdatedOnErrorIkeSessionCallback();
- mIkeException = new InvalidIkeSpiException();
- }
-
- @Test
- public void testOnErrorIkeExceptionNotOverridden() {
- mOldCallback.onError((IkeException) mIkeException);
- assertEquals(Arrays.asList(mIkeException), mOldCallback.mOnErrorIkeProtocolExceptions);
- }
-
- @Test
- public void testOnErrorIkeExceptionOverridden() {
- mUpdatedCallback.onError((IkeException) mIkeException);
- assertEquals(Arrays.asList(mIkeException), mUpdatedCallback.mOnErrorIkeExceptions);
- }
-
- private abstract class TestIkeSessionCallbackBase implements IkeSessionCallback {
- @Override
- public void onOpened(IkeSessionConfiguration sessionConfiguration) {}
-
- @Override
- public void onClosed() {}
-
- @Override
- public void onClosedExceptionally(IkeException exception) {}
-
- @Override
- public void onIkeSessionConnectionInfoChanged(IkeSessionConnectionInfo connectionInfo) {}
- }
-
- private final class OldOnErrorIkeSessionCallback extends TestIkeSessionCallbackBase {
- List<IkeProtocolException> mOnErrorIkeProtocolExceptions = new ArrayList<>();
-
- @Override
- public void onError(IkeProtocolException exception) {
- mOnErrorIkeProtocolExceptions.add(exception);
- }
- }
-
- private final class UpdatedOnErrorIkeSessionCallback extends TestIkeSessionCallbackBase {
- List<IkeException> mOnErrorIkeExceptions = new ArrayList<>();
-
- @Override
- public void onError(IkeProtocolException exception) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public void onError(IkeException exception) {
- mOnErrorIkeExceptions.add(exception);
- }
- }
-}
diff --git a/tests/iketests/src/java/android/net/ipsec/ike/IkeSessionConfigurationTest.java b/tests/iketests/src/java/android/net/ipsec/ike/IkeSessionConfigurationTest.java
index 62df2b8..b8d9252 100644
--- a/tests/iketests/src/java/android/net/ipsec/ike/IkeSessionConfigurationTest.java
+++ b/tests/iketests/src/java/android/net/ipsec/ike/IkeSessionConfigurationTest.java
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-package android.net.ipsec.test.ike;
+package android.net.ipsec.ike;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -25,11 +25,11 @@
import android.net.InetAddresses;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttribute;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttributeAppVersion;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttributeIpv4Pcscf;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttributeIpv6Pcscf;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttribute;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeAppVersion;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv4Pcscf;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv6Pcscf;
import org.junit.Test;
@@ -110,29 +110,6 @@
}
@Test
- public void testBuildWithBuilder() {
- IkeSessionConfiguration.Builder builder =
- new IkeSessionConfiguration.Builder(IKE_CONNECT_INFO)
- .addPcscfServer(PCSCF_IPV4_ADDRESS)
- .addPcscfServer(PCSCF_IPV6_ADDRESS)
- .setRemoteApplicationVersion(REMOTE_APP_VERSION);
-
- for (byte[] vendorId : REMOTE_VENDOR_IDS) {
- builder.addRemoteVendorId(vendorId);
- }
-
- for (int extension : ENABLED_EXTENSIONS) {
- builder.addIkeExtension(extension);
- }
-
- IkeSessionConfiguration config = builder.build();
- verifyBuildCommon(config);
- assertEquals(
- Arrays.asList(PCSCF_IPV4_ADDRESS, PCSCF_IPV6_ADDRESS), config.getPcscfServers());
- assertEquals(REMOTE_APP_VERSION, config.getRemoteApplicationVersion());
- }
-
- @Test
public void testBuildWithNullValueConnectionInfo() {
try {
new IkeSessionConfiguration(
diff --git a/tests/iketests/src/java/android/net/ipsec/ike/IkeSessionConnectionInfoTest.java b/tests/iketests/src/java/android/net/ipsec/ike/IkeSessionConnectionInfoTest.java
index 6022fcb..57b2e52 100644
--- a/tests/iketests/src/java/android/net/ipsec/ike/IkeSessionConnectionInfoTest.java
+++ b/tests/iketests/src/java/android/net/ipsec/ike/IkeSessionConnectionInfoTest.java
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-package android.net.ipsec.test.ike;
+package android.net.ipsec.ike;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.fail;
diff --git a/tests/iketests/src/java/android/net/ipsec/ike/IkeSessionParamsTest.java b/tests/iketests/src/java/android/net/ipsec/ike/IkeSessionParamsTest.java
index 0350ecd..7826ab7 100644
--- a/tests/iketests/src/java/android/net/ipsec/ike/IkeSessionParamsTest.java
+++ b/tests/iketests/src/java/android/net/ipsec/ike/IkeSessionParamsTest.java
@@ -14,54 +14,45 @@
* limitations under the License.
*/
-package android.net.ipsec.test.ike;
+package android.net.ipsec.ike;
-import static android.net.ipsec.test.ike.IkeSessionParams.IKE_DPD_DELAY_SEC_DEFAULT;
-import static android.net.ipsec.test.ike.IkeSessionParams.IKE_HARD_LIFETIME_SEC_DEFAULT;
-import static android.net.ipsec.test.ike.IkeSessionParams.IKE_HARD_LIFETIME_SEC_MAXIMUM;
-import static android.net.ipsec.test.ike.IkeSessionParams.IKE_HARD_LIFETIME_SEC_MINIMUM;
-import static android.net.ipsec.test.ike.IkeSessionParams.IKE_OPTION_ACCEPT_ANY_REMOTE_ID;
-import static android.net.ipsec.test.ike.IkeSessionParams.IKE_OPTION_EAP_ONLY_AUTH;
-import static android.net.ipsec.test.ike.IkeSessionParams.IKE_RETRANS_TIMEOUT_MS_LIST_DEFAULT;
-import static android.net.ipsec.test.ike.IkeSessionParams.IKE_SOFT_LIFETIME_SEC_DEFAULT;
-import static android.net.ipsec.test.ike.IkeSessionParams.IkeAuthConfig;
-import static android.net.ipsec.test.ike.IkeSessionParams.IkeAuthDigitalSignLocalConfig;
-import static android.net.ipsec.test.ike.IkeSessionParams.IkeAuthDigitalSignRemoteConfig;
-import static android.net.ipsec.test.ike.IkeSessionParams.IkeAuthEapConfig;
-import static android.net.ipsec.test.ike.IkeSessionParams.IkeAuthPskConfig;
+import static android.net.ipsec.ike.IkeSessionParams.IKE_DPD_DELAY_SEC_DEFAULT;
+import static android.net.ipsec.ike.IkeSessionParams.IKE_HARD_LIFETIME_SEC_DEFAULT;
+import static android.net.ipsec.ike.IkeSessionParams.IKE_HARD_LIFETIME_SEC_MAXIMUM;
+import static android.net.ipsec.ike.IkeSessionParams.IKE_HARD_LIFETIME_SEC_MINIMUM;
+import static android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_ACCEPT_ANY_REMOTE_ID;
+import static android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_EAP_ONLY_AUTH;
+import static android.net.ipsec.ike.IkeSessionParams.IKE_RETRANS_TIMEOUT_MS_LIST_DEFAULT;
+import static android.net.ipsec.ike.IkeSessionParams.IKE_SOFT_LIFETIME_SEC_DEFAULT;
+import static android.net.ipsec.ike.IkeSessionParams.IkeAuthConfig;
+import static android.net.ipsec.ike.IkeSessionParams.IkeAuthDigitalSignLocalConfig;
+import static android.net.ipsec.ike.IkeSessionParams.IkeAuthDigitalSignRemoteConfig;
+import static android.net.ipsec.ike.IkeSessionParams.IkeAuthEapConfig;
+import static android.net.ipsec.ike.IkeSessionParams.IkeAuthPskConfig;
import static android.system.OsConstants.AF_INET;
import static android.system.OsConstants.AF_INET6;
-import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_IP4_PCSCF;
-import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_IP6_PCSCF;
-import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttribute;
+import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_ATTR_IP4_PCSCF;
+import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_ATTR_IP6_PCSCF;
+import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttribute;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotEquals;
import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import static org.mockito.Mockito.doReturn;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
-import android.content.Context;
import android.net.ConnectivityManager;
import android.net.InetAddresses;
import android.net.Network;
-import android.net.eap.test.EapSessionConfig;
-import android.net.ipsec.test.ike.ike3gpp.Ike3gppExtension;
-import android.net.ipsec.test.ike.ike3gpp.Ike3gppExtension.Ike3gppDataListener;
-import android.net.ipsec.test.ike.ike3gpp.Ike3gppParams;
-import android.os.PersistableBundle;
+import android.net.eap.EapSessionConfig;
import android.telephony.TelephonyManager;
import android.util.SparseArray;
import com.android.internal.net.TestUtils;
-import com.android.internal.net.ipsec.test.ike.testutils.CertUtils;
import org.junit.Before;
import org.junit.Test;
@@ -72,12 +63,10 @@
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.RSAKey;
-import java.util.Arrays;
import java.util.concurrent.TimeUnit;
public final class IkeSessionParamsTest {
private static final int IKE_OPTION_INVALID = -1;
- private static final int SUB_ID = 0;
private static final String PSK_HEX_STRING = "6A756E69706572313233";
private static final byte[] PSK = TestUtils.hexStringToByteArray(PSK_HEX_STRING);
@@ -103,7 +92,6 @@
private static final String EAP_MSCHAP_V2_USERNAME = "username";
private static final String EAP_MSCHAP_V2_PASSWORD = "password";
- private Context mMockContext;
private ConnectivityManager mMockConnectManager;
private Network mMockDefaultNetwork;
private Network mMockUserConfigNetwork;
@@ -120,17 +108,9 @@
@Before
public void setUp() throws Exception {
- mMockContext = mock(Context.class);
mMockConnectManager = mock(ConnectivityManager.class);
mMockDefaultNetwork = mock(Network.class);
mMockUserConfigNetwork = mock(Network.class);
-
- doReturn(Context.CONNECTIVITY_SERVICE)
- .when(mMockContext)
- .getSystemServiceName(ConnectivityManager.class);
- doReturn(mMockConnectManager)
- .when(mMockContext)
- .getSystemService(Context.CONNECTIVITY_SERVICE);
when(mMockConnectManager.getActiveNetwork()).thenReturn(mMockDefaultNetwork);
mIkeSaProposal =
@@ -167,7 +147,7 @@
assertEquals(mLocalIdentification, sessionParams.getLocalIdentification());
assertEquals(mRemoteIdentification, sessionParams.getRemoteIdentification());
- assertTrue(sessionParams.isIkeFragmentationSupported());
+ assertFalse(sessionParams.isIkeFragmentationSupported());
}
private void verifyAuthPskConfig(IkeSessionParams sessionParams) {
@@ -199,7 +179,6 @@
verifyAuthPskConfig(sessionParams);
assertEquals(mMockDefaultNetwork, sessionParams.getNetwork());
- assertNull(sessionParams.getConfiguredNetwork());
assertEquals(IKE_HARD_LIFETIME_SEC_DEFAULT, sessionParams.getHardLifetimeSeconds());
assertEquals(IKE_SOFT_LIFETIME_SEC_DEFAULT, sessionParams.getSoftLifetimeSeconds());
@@ -259,49 +238,6 @@
assertFalse(sessionParams.hasIkeOption(IKE_OPTION_ACCEPT_ANY_REMOTE_ID));
}
- private IkeSessionParams.Builder createIkeParamsBuilderMinimum() {
- return new IkeSessionParams.Builder()
- .setServerHostname(REMOTE_IPV4_HOST_ADDRESS)
- .addSaProposal(mIkeSaProposal)
- .setLocalIdentification(mLocalIdentification)
- .setRemoteIdentification(mRemoteIdentification)
- .setAuthPsk(PSK);
- }
-
- @Test
- public void testIkeSessionParamsEncodeDecodeIsLossLess() throws Exception {
- IkeSessionParams sessionParams = createIkeParamsBuilderMinimum().build();
-
- PersistableBundle bundle = sessionParams.toPersistableBundle();
- IkeSessionParams result = IkeSessionParams.fromPersistableBundle(bundle);
-
- assertEquals(sessionParams, result);
- }
-
- @Test(expected = IllegalStateException.class)
- public void testEncodeIkeSessionParamsWithConfiguredNetwork() throws Exception {
- IkeSessionParams sessionParams =
- buildWithPskCommon(REMOTE_IPV4_HOST_ADDRESS)
- .setNetwork(mMockUserConfigNetwork)
- .build();
-
- PersistableBundle bundle = sessionParams.toPersistableBundle();
- }
-
- @Test(expected = IllegalStateException.class)
- public void testEncodeIkeSessionParamsWith3gppExtension() throws Exception {
- Ike3gppExtension ike3gppExtension =
- new Ike3gppExtension(
- new Ike3gppParams.Builder().build(), mock(Ike3gppDataListener.class));
-
- IkeSessionParams sessionParams =
- buildWithPskCommon(REMOTE_IPV4_HOST_ADDRESS)
- .setIke3gppExtension(ike3gppExtension)
- .build();
-
- PersistableBundle bundle = sessionParams.toPersistableBundle();
- }
-
@Test
public void testAddInvalidIkeOption() throws Exception {
try {
@@ -368,57 +304,6 @@
}
@Test
- public void testBuildWithPskAndNattKeepaliveDelay() throws Exception {
- final int nattKeepaliveDelay = 100;
-
- IkeSessionParams sessionParams =
- buildWithPskCommon(REMOTE_IPV4_HOST_ADDRESS)
- .setNattKeepAliveDelaySeconds(nattKeepaliveDelay)
- .build();
-
- // Verify NATT keepalive delay
- assertEquals(nattKeepaliveDelay, sessionParams.getNattKeepAliveDelaySeconds());
- }
-
- @Test
- public void testNattKeepaliveRange() {
- // SocketKeepalive#start is documented to require an interval between 10 and 3600 seconds.
- assertTrue(10 <= IkeSessionParams.IKE_NATT_KEEPALIVE_DELAY_SEC_MIN);
- assertTrue(3600 >= IkeSessionParams.IKE_NATT_KEEPALIVE_DELAY_SEC_MAX);
- }
-
- @Test
- public void testBuildWithPskAndDscp() throws Exception {
- final int dscp = 38;
-
- IkeSessionParams sessionParams =
- buildWithPskCommon(REMOTE_IPV4_HOST_ADDRESS).setDscp(dscp).build();
-
- // Verify DSCP value
- assertEquals(dscp, sessionParams.getDscp());
- }
-
- @Test(expected = IllegalArgumentException.class)
- public void testSetInvalidDscp() throws Exception {
- final int invalidDscp = 100;
- buildWithPskCommon(REMOTE_IPV4_HOST_ADDRESS).setDscp(invalidDscp).build();
- }
-
- @Test(expected = IllegalArgumentException.class)
- public void testBuildWithNattKeepaliveDelayTooShort() throws Exception {
- final int lowNattKeepaliveDelay = 1;
- new IkeSessionParams.Builder(mMockConnectManager)
- .setNattKeepAliveDelaySeconds(lowNattKeepaliveDelay);
- }
-
- @Test(expected = IllegalArgumentException.class)
- public void testBuildWithNattKeepaliveDelayTooLong() throws Exception {
- final int highNattKeepaliveDelay = 9999;
- new IkeSessionParams.Builder(mMockConnectManager)
- .setNattKeepAliveDelaySeconds(highNattKeepaliveDelay);
- }
-
- @Test
public void testBuildWithPskAndRetransmission() throws Exception {
final int[] retransmissionTimeoutList = new int[] {1000, 2000, 3000, 4000};
@@ -478,7 +363,6 @@
verifyIkeParamsWithSeverIpAndDefaultValues(sessionParams);
assertEquals(mMockDefaultNetwork, sessionParams.getNetwork());
- assertNull(sessionParams.getConfiguredNetwork());
IkeAuthConfig localConfig = sessionParams.getLocalAuthConfig();
assertTrue(localConfig instanceof IkeAuthEapConfig);
@@ -508,7 +392,6 @@
verifyIkeParamsWithSeverIpAndDefaultValues(sessionParams);
assertEquals(mMockUserConfigNetwork, sessionParams.getNetwork());
- assertEquals(mMockUserConfigNetwork, sessionParams.getConfiguredNetwork());
IkeAuthConfig localConfig = sessionParams.getLocalAuthConfig();
assertTrue(localConfig instanceof IkeAuthDigitalSignLocalConfig);
@@ -745,143 +628,4 @@
IkeAuthConfig localConfig = sessionParams.getLocalAuthConfig();
assertTrue(localConfig instanceof IkeAuthEapConfig);
}
-
- @Test
- public void testBuildWithIke3gppExtension() throws Exception {
- Ike3gppExtension ike3gppExtension =
- new Ike3gppExtension(
- new Ike3gppParams.Builder().build(), mock(Ike3gppDataListener.class));
-
- IkeSessionParams sessionParams =
- buildWithPskCommon(REMOTE_IPV4_HOST_ADDRESS)
- .setIke3gppExtension(ike3gppExtension)
- .build();
- assertEquals(ike3gppExtension, sessionParams.getIke3gppExtension());
- }
-
- private static void verifyPersistableBundleEncodeDecodeIsLossless(IkeAuthConfig config) {
- PersistableBundle bundle = config.toPersistableBundle();
- IkeAuthConfig result = IkeAuthConfig.fromPersistableBundle(bundle);
-
- assertEquals(config, result);
- }
-
- @Test
- public void testPersistableBundleEncodeDecodePskAuth() {
- verifyPersistableBundleEncodeDecodeIsLossless(new IkeAuthPskConfig(PSK));
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeAuthDigitalSignRemote() throws Exception {
- X509Certificate caCert = CertUtils.createCertFromPemFile("self-signed-ca-b.pem");
- verifyPersistableBundleEncodeDecodeIsLossless(new IkeAuthDigitalSignRemoteConfig(caCert));
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeAuthDigitalSignRemoteWithoutCaCert()
- throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(new IkeAuthDigitalSignRemoteConfig(null));
- }
-
- @Test
- public void testEqualsAuthConfigDigitalSignRemote() throws Exception {
- X509Certificate caCert = CertUtils.createCertFromPemFile("self-signed-ca-b.pem");
- assertEquals(
- new IkeAuthDigitalSignRemoteConfig(caCert),
- new IkeAuthDigitalSignRemoteConfig(caCert));
- assertEquals(
- new IkeAuthDigitalSignRemoteConfig(null), new IkeAuthDigitalSignRemoteConfig(null));
- assertNotEquals(
- new IkeAuthDigitalSignRemoteConfig(caCert),
- new IkeAuthDigitalSignRemoteConfig(null));
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeAuthDigitalSignLocal() throws Exception {
- X509Certificate endCert = CertUtils.createCertFromPemFile("end-cert-b.pem");
- X509Certificate intermediateCertOne =
- CertUtils.createCertFromPemFile("intermediate-ca-b-one.pem");
- X509Certificate intermediateCertTwo =
- CertUtils.createCertFromPemFile("intermediate-ca-b-two.pem");
- PrivateKey key = CertUtils.createRsaPrivateKeyFromKeyFile("end-cert-key-a.key");
-
- verifyPersistableBundleEncodeDecodeIsLossless(
- new IkeAuthDigitalSignLocalConfig(
- endCert, Arrays.asList(intermediateCertOne, intermediateCertTwo), key));
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeAuthEap() {
- EapSessionConfig eapSessionConfig =
- new EapSessionConfig.Builder()
- .setEapAkaConfig(SUB_ID, TelephonyManager.APPTYPE_ISIM)
- .build();
- verifyPersistableBundleEncodeDecodeIsLossless(new IkeAuthEapConfig(eapSessionConfig));
- }
-
- @Test
- public void testConstructBuilderWithIkeSessionParams() throws Exception {
- IkeSessionParams sessionParams = createIkeParamsBuilderMinimum().build();
-
- IkeSessionParams result = new IkeSessionParams.Builder(sessionParams).build();
- assertEquals(sessionParams, result);
- }
-
- @Test
- public void testCreateCopyWithNetworkCleared() throws Exception {
- IkeSessionParams sessionParams =
- createIkeParamsBuilderMinimum().setNetwork(mMockUserConfigNetwork).build();
-
- IkeSessionParams result =
- new IkeSessionParams.Builder(sessionParams).setNetwork(null).build();
- assertNull(result.getConfiguredNetwork());
- }
-
- @Test
- public void testCreateWithAndWithoutConnectivityMgr() throws Exception {
- IkeSessionParams withConnectivityMgr =
- new IkeSessionParams.Builder(mMockConnectManager)
- .setServerHostname(REMOTE_IPV4_HOST_ADDRESS)
- .addSaProposal(mIkeSaProposal)
- .setLocalIdentification(mLocalIdentification)
- .setRemoteIdentification(mRemoteIdentification)
- .setAuthPsk(PSK)
- .build();
-
- IkeSessionParams withoutConnectivityMgr =
- new IkeSessionParams.Builder()
- .setServerHostname(REMOTE_IPV4_HOST_ADDRESS)
- .addSaProposal(mIkeSaProposal)
- .setLocalIdentification(mLocalIdentification)
- .setRemoteIdentification(mRemoteIdentification)
- .setAuthPsk(PSK)
- .build();
- assertEquals(withConnectivityMgr, withoutConnectivityMgr);
- }
-
- @Test
- public void testCreateAndSetNetworkWithoutConnectivityMgr() throws Exception {
- IkeSessionParams sessionParams =
- createIkeParamsBuilderMinimum().setNetwork(mMockUserConfigNetwork).build();
- assertEquals(mMockUserConfigNetwork, sessionParams.getNetwork());
- assertEquals(mMockUserConfigNetwork, sessionParams.getConfiguredNetwork());
- }
-
- @Test
- public void testNotEqualsWhenNattKeepaliveDelaysAreDifferent() throws Exception {
- IkeSessionParams sessionParamsA =
- createIkeParamsBuilderMinimum().setNattKeepAliveDelaySeconds(100).build();
- IkeSessionParams sessionParamsB =
- createIkeParamsBuilderMinimum().setNattKeepAliveDelaySeconds(200).build();
-
- assertNotEquals(sessionParamsA, sessionParamsB);
- }
-
- @Test
- public void testNotEqualsWhenDscpsAreDifferent() throws Exception {
- IkeSessionParams sessionParamsA = createIkeParamsBuilderMinimum().setDscp(8).build();
- IkeSessionParams sessionParamsB = createIkeParamsBuilderMinimum().setDscp(48).build();
-
- assertNotEquals(sessionParamsA, sessionParamsB);
- }
}
diff --git a/tests/iketests/src/java/android/net/ipsec/ike/IkeSessionTest.java b/tests/iketests/src/java/android/net/ipsec/ike/IkeSessionTest.java
index 60462ea..8443bd2 100644
--- a/tests/iketests/src/java/android/net/ipsec/ike/IkeSessionTest.java
+++ b/tests/iketests/src/java/android/net/ipsec/ike/IkeSessionTest.java
@@ -14,9 +14,7 @@
* limitations under the License.
*/
-package android.net.ipsec.test.ike;
-
-import static android.net.ipsec.test.ike.IkeSessionParams.IKE_OPTION_MOBIKE;
+package android.net.ipsec.ike;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
@@ -30,11 +28,9 @@
import android.os.test.TestLooper;
import android.util.Log;
-import androidx.test.filters.SdkSuppress;
-
-import com.android.internal.net.ipsec.test.ike.IkeSessionStateMachine;
-import com.android.internal.net.ipsec.test.ike.IkeSessionStateMachineTest;
-import com.android.internal.net.ipsec.test.ike.IkeSessionTestBase;
+import com.android.internal.net.ipsec.ike.IkeSessionStateMachine;
+import com.android.internal.net.ipsec.ike.IkeSessionStateMachineTest;
+import com.android.internal.net.ipsec.ike.IkeSessionTestBase;
import org.junit.Before;
import org.junit.Test;
@@ -69,17 +65,14 @@
private IkeSessionParams buildIkeSessionParams() throws Exception {
- return buildIkeSessionParamsBase().build();
- }
-
- private IkeSessionParams.Builder buildIkeSessionParamsBase() throws Exception {
return new IkeSessionParams.Builder(mMockConnectManager)
.setServerHostname(REMOTE_ADDRESS.getHostAddress())
.addSaProposal(IkeSessionStateMachineTest.buildSaProposal())
.setLocalIdentification(new IkeIpv4AddrIdentification((Inet4Address) LOCAL_ADDRESS))
.setRemoteIdentification(
new IkeIpv4AddrIdentification((Inet4Address) REMOTE_ADDRESS))
- .setAuthPsk(new byte[0] /* psk, unused */);
+ .setAuthPsk(new byte[0] /* psk, unused */)
+ .build();
}
@Test
@@ -187,19 +180,4 @@
}
}
-
- @Test(expected = IllegalArgumentException.class)
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testThrowWhenSetupMobikeWithTransport() throws Exception {
- IkeSession ikeSession =
- new IkeSession(
- new TestLooper().getLooper(),
- mSpyContext,
- mIpSecManager,
- buildIkeSessionParamsBase().addIkeOption(IKE_OPTION_MOBIKE).build(),
- mock(TransportModeChildSessionParams.class),
- mUserCbExecutor,
- mMockIkeSessionCb,
- mMockChildSessionCb);
- }
}
diff --git a/tests/iketests/src/java/android/net/ipsec/ike/IkeTrafficSelectorTest.java b/tests/iketests/src/java/android/net/ipsec/ike/IkeTrafficSelectorTest.java
index 68881a6..734fa4e 100644
--- a/tests/iketests/src/java/android/net/ipsec/ike/IkeTrafficSelectorTest.java
+++ b/tests/iketests/src/java/android/net/ipsec/ike/IkeTrafficSelectorTest.java
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-package android.net.ipsec.test.ike;
+package android.net.ipsec.ike;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -24,10 +24,9 @@
import static org.junit.Assert.fail;
import android.net.InetAddresses;
-import android.net.ipsec.test.ike.exceptions.InvalidSyntaxException;
-import android.os.PersistableBundle;
import com.android.internal.net.TestUtils;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidSyntaxException;
import org.junit.Test;
@@ -176,22 +175,6 @@
assertFalse(mTsOne.contains(mTsTwo));
}
- private static void verifyPersistableBundleEncodeDecodeIsLossless(IkeTrafficSelector ts) {
- PersistableBundle bundle = ts.toPersistableBundle();
- IkeTrafficSelector resultTs = IkeTrafficSelector.fromPersistableBundle(bundle);
- assertEquals(ts, resultTs);
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeIsLosslessIpv4Ts() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(mTsOne);
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeIsLosslessIpv6Ts() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(mTsIpv6Three);
- }
-
@Test
public void testDecodeIkeTrafficSelectorWithInvalidTsType() throws Exception {
int numTs = 1;
diff --git a/tests/iketests/src/java/android/net/ipsec/ike/IkeTunnelConnectionParamsTest.java b/tests/iketests/src/java/android/net/ipsec/ike/IkeTunnelConnectionParamsTest.java
deleted file mode 100644
index 9c5d60e..0000000
--- a/tests/iketests/src/java/android/net/ipsec/ike/IkeTunnelConnectionParamsTest.java
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net.ipsec.test.ike;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotSame;
-import static org.junit.Assert.fail;
-
-import org.junit.Test;
-
-public class IkeTunnelConnectionParamsTest {
- private static final IkeSessionParams IKE_PARAMS =
- new IkeSessionParams.Builder()
- .setServerHostname("192.0.2.100")
- .addSaProposal(SaProposalTest.buildTestIkeProposal())
- .setLocalIdentification(new IkeFqdnIdentification("test.client.com"))
- .setRemoteIdentification(new IkeFqdnIdentification("test.server.com"))
- .setAuthPsk("psk".getBytes())
- .build();
- private static final TunnelModeChildSessionParams CHILD_PARAMS =
- new TunnelModeChildSessionParams.Builder()
- .addSaProposal(SaProposalTest.buildTestChildProposal())
- .build();
-
- @Test
- public void testBuildAndGetters() {
- final IkeTunnelConnectionParams tunnelParams =
- new IkeTunnelConnectionParams(IKE_PARAMS, CHILD_PARAMS);
-
- assertEquals(IKE_PARAMS, tunnelParams.getIkeSessionParams());
- assertEquals(CHILD_PARAMS, tunnelParams.getTunnelModeChildSessionParams());
- }
-
- @Test
- public void testEquals() {
- final IkeTunnelConnectionParams tunnelParams =
- new IkeTunnelConnectionParams(IKE_PARAMS, CHILD_PARAMS);
- final IkeTunnelConnectionParams otherTunnelParams =
- new IkeTunnelConnectionParams(IKE_PARAMS, CHILD_PARAMS);
-
- assertEquals(tunnelParams, otherTunnelParams);
- assertNotSame(tunnelParams, otherTunnelParams);
- }
-
- @Test
- public void testConstructConfigWithoutIkeParams() {
- try {
- new IkeTunnelConnectionParams(null, CHILD_PARAMS);
- fail("Expect to fail because ikeParams was null");
- } catch (NullPointerException expected) {
- }
- }
-
- @Test
- public void testBuilderConfigWithoutChildParams() {
- try {
- new IkeTunnelConnectionParams(IKE_PARAMS, null);
- fail("Expect to fail because childParams was null");
- } catch (NullPointerException expected) {
- }
- }
-}
diff --git a/tests/iketests/src/java/android/net/ipsec/ike/SaProposalTest.java b/tests/iketests/src/java/android/net/ipsec/ike/SaProposalTest.java
index 28135ca..0c98bfa 100644
--- a/tests/iketests/src/java/android/net/ipsec/ike/SaProposalTest.java
+++ b/tests/iketests/src/java/android/net/ipsec/ike/SaProposalTest.java
@@ -14,18 +14,17 @@
* limitations under the License.
*/
-package android.net.ipsec.test.ike;
+package android.net.ipsec.ike;
-import static android.net.ipsec.test.ike.SaProposal.DH_GROUP_1024_BIT_MODP;
-import static android.net.ipsec.test.ike.SaProposal.DH_GROUP_2048_BIT_MODP;
-import static android.net.ipsec.test.ike.SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12;
-import static android.net.ipsec.test.ike.SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8;
-import static android.net.ipsec.test.ike.SaProposal.INTEGRITY_ALGORITHM_NONE;
-import static android.net.ipsec.test.ike.SaProposal.KEY_LEN_AES_128;
-import static android.net.ipsec.test.ike.SaProposal.KEY_LEN_UNUSED;
-import static android.net.ipsec.test.ike.SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC;
-import static android.net.ipsec.test.ike.SaProposal.PSEUDORANDOM_FUNCTION_SHA2_256;
-import static android.os.Build.VERSION_CODES.R;
+import static android.net.ipsec.ike.SaProposal.DH_GROUP_1024_BIT_MODP;
+import static android.net.ipsec.ike.SaProposal.DH_GROUP_2048_BIT_MODP;
+import static android.net.ipsec.ike.SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12;
+import static android.net.ipsec.ike.SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8;
+import static android.net.ipsec.ike.SaProposal.INTEGRITY_ALGORITHM_NONE;
+import static android.net.ipsec.ike.SaProposal.KEY_LEN_AES_128;
+import static android.net.ipsec.ike.SaProposal.KEY_LEN_UNUSED;
+import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC;
+import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_SHA2_256;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -33,25 +32,17 @@
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import android.os.PersistableBundle;
+import com.android.internal.net.ipsec.ike.message.IkePayload;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.DhGroupTransform;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.EncryptionTransform;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.IntegrityTransform;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.PrfTransform;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.Transform;
-import com.android.internal.net.ipsec.test.ike.message.IkePayload;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.DhGroupTransform;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.EncryptionTransform;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.IntegrityTransform;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.PrfTransform;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.Transform;
-import com.android.testutils.DevSdkIgnoreRule;
-import com.android.testutils.DevSdkIgnoreRule.IgnoreUpTo;
-
-import org.junit.Rule;
import org.junit.Test;
public final class SaProposalTest {
- @Rule public final DevSdkIgnoreRule ignoreRule = new DevSdkIgnoreRule();
-
private final EncryptionTransform mEncryption3DesTransform;
- private final EncryptionTransform mEncryptionAesCbcTransform;
private final EncryptionTransform mEncryptionAesGcm8Transform;
private final EncryptionTransform mEncryptionAesGcm12Transform;
private final IntegrityTransform mIntegrityHmacSha1Transform;
@@ -59,15 +50,9 @@
private final PrfTransform mPrfAes128XCbcTransform;
private final DhGroupTransform mDhGroup1024Transform;
- // For all crypto algorithms, private use range starts from 1024
- private static final int ALGORITHM_ID_INVALID = 1024;
-
public SaProposalTest() {
mEncryption3DesTransform =
new EncryptionTransform(SaProposal.ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED);
- mEncryptionAesCbcTransform =
- new EncryptionTransform(
- SaProposal.ENCRYPTION_ALGORITHM_AES_CBC, SaProposal.KEY_LEN_AES_128);
mEncryptionAesGcm8Transform =
new EncryptionTransform(
SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, SaProposal.KEY_LEN_AES_128);
@@ -81,19 +66,16 @@
mDhGroup1024Transform = new DhGroupTransform(SaProposal.DH_GROUP_1024_BIT_MODP);
}
- // Package private for use in IkeTunnelConnectionParamsTest
- static IkeSaProposal buildTestIkeProposal() {
- return new IkeSaProposal.Builder()
- .addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED)
- .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96)
- .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC)
- .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP)
- .build();
- }
-
@Test
public void testBuildIkeSaProposalWithNormalModeCipher() throws Exception {
- IkeSaProposal proposal = buildTestIkeProposal();
+ IkeSaProposal proposal =
+ new IkeSaProposal.Builder()
+ .addEncryptionAlgorithm(
+ SaProposal.ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED)
+ .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96)
+ .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC)
+ .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP)
+ .build();
assertEquals(IkePayload.PROTOCOL_ID_IKE, proposal.getProtocolId());
assertArrayEquals(
@@ -130,28 +112,19 @@
assertTrue(proposal.getIntegrityTransforms().length == 0);
}
- // Package private for use in IkeTunnelParamsTest
- static ChildSaProposal buildTestChildProposal() {
- return new ChildSaProposal.Builder()
- .addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_AES_CBC, KEY_LEN_AES_128)
- .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE)
- .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP)
- .build();
- }
-
@Test
public void testBuildChildSaProposalWithNormalCipher() throws Exception {
ChildSaProposal proposal =
new ChildSaProposal.Builder()
.addEncryptionAlgorithm(
- SaProposal.ENCRYPTION_ALGORITHM_AES_CBC, KEY_LEN_AES_128)
+ SaProposal.ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED)
.addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE)
.addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP)
.build();
assertEquals(IkePayload.PROTOCOL_ID_ESP, proposal.getProtocolId());
assertArrayEquals(
- new EncryptionTransform[] {mEncryptionAesCbcTransform},
+ new EncryptionTransform[] {mEncryption3DesTransform},
proposal.getEncryptionTransforms());
assertArrayEquals(
new IntegrityTransform[] {mIntegrityNoneTransform},
@@ -160,46 +133,12 @@
new DhGroupTransform[] {mDhGroup1024Transform}, proposal.getDhGroupTransforms());
}
- private static void verifyPersistableBundleEncodeDecodeIsLossless(SaProposal proposal) {
- PersistableBundle bundle = proposal.toPersistableBundle();
- SaProposal resultProposal = SaProposal.fromPersistableBundle(bundle);
-
- assertEquals(proposal, resultProposal);
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeIsLosslessChildProposal() throws Exception {
- ChildSaProposal proposal =
- new ChildSaProposal.Builder()
- .addEncryptionAlgorithm(
- SaProposal.ENCRYPTION_ALGORITHM_AES_CBC, KEY_LEN_AES_128)
- .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE)
- .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP)
- .build();
-
- verifyPersistableBundleEncodeDecodeIsLossless(proposal);
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeIsLosslessIkeProposal() throws Exception {
- IkeSaProposal proposal =
- new IkeSaProposal.Builder()
- .addEncryptionAlgorithm(
- SaProposal.ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED)
- .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96)
- .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC)
- .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP)
- .build();
-
- verifyPersistableBundleEncodeDecodeIsLossless(proposal);
- }
-
@Test
public void testGetCopyWithoutDhGroup() throws Exception {
ChildSaProposal proposal =
new ChildSaProposal.Builder()
.addEncryptionAlgorithm(
- SaProposal.ENCRYPTION_ALGORITHM_AES_CBC, KEY_LEN_AES_128)
+ SaProposal.ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED)
.addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE)
.addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP)
.build();
@@ -412,21 +351,4 @@
assertTrue(respProposal.isNegotiatedFrom(reqProposal));
}
-
- @IgnoreUpTo(R)
- @Test(expected = IllegalArgumentException.class)
- public void testBuildChildProposalWithUnsupportedEncryptionAlgo() throws Exception {
- new ChildSaProposal.Builder()
- .addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED);
- }
-
- @Test(expected = IllegalArgumentException.class)
- public void testBuildChildProposalWithInvalidEncryptionAlgo() throws Exception {
- new ChildSaProposal.Builder().addEncryptionAlgorithm(ALGORITHM_ID_INVALID, KEY_LEN_UNUSED);
- }
-
- @Test(expected = IllegalArgumentException.class)
- public void testBuildChildProposalWithInvalidIntegrityAlgo() throws Exception {
- new ChildSaProposal.Builder().addIntegrityAlgorithm(ALGORITHM_ID_INVALID);
- }
}
diff --git a/tests/iketests/src/java/android/net/ipsec/ike/TunnelModeChildSessionParamsTest.java b/tests/iketests/src/java/android/net/ipsec/ike/TunnelModeChildSessionParamsTest.java
index 76cd0b3..29ee677 100644
--- a/tests/iketests/src/java/android/net/ipsec/ike/TunnelModeChildSessionParamsTest.java
+++ b/tests/iketests/src/java/android/net/ipsec/ike/TunnelModeChildSessionParamsTest.java
@@ -14,21 +14,21 @@
* limitations under the License.
*/
-package android.net.ipsec.test.ike;
+package android.net.ipsec.ike;
-import static android.net.ipsec.test.ike.ChildSessionParams.CHILD_HARD_LIFETIME_SEC_DEFAULT;
-import static android.net.ipsec.test.ike.ChildSessionParams.CHILD_HARD_LIFETIME_SEC_MAXIMUM;
-import static android.net.ipsec.test.ike.ChildSessionParams.CHILD_HARD_LIFETIME_SEC_MINIMUM;
-import static android.net.ipsec.test.ike.ChildSessionParams.CHILD_SOFT_LIFETIME_SEC_DEFAULT;
+import static android.net.ipsec.ike.ChildSessionParams.CHILD_HARD_LIFETIME_SEC_DEFAULT;
+import static android.net.ipsec.ike.ChildSessionParams.CHILD_HARD_LIFETIME_SEC_MAXIMUM;
+import static android.net.ipsec.ike.ChildSessionParams.CHILD_HARD_LIFETIME_SEC_MINIMUM;
+import static android.net.ipsec.ike.ChildSessionParams.CHILD_SOFT_LIFETIME_SEC_DEFAULT;
import static android.system.OsConstants.AF_INET;
import static android.system.OsConstants.AF_INET6;
-import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_ADDRESS;
-import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_DHCP;
-import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_DNS;
-import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_NETMASK;
-import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP6_ADDRESS;
-import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP6_DNS;
+import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_ADDRESS;
+import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_DHCP;
+import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_DNS;
+import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_NETMASK;
+import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP6_ADDRESS;
+import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP6_DNS;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -39,7 +39,7 @@
import android.net.InetAddresses;
import android.util.SparseArray;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttribute;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttribute;
import org.junit.Before;
import org.junit.Test;
@@ -264,27 +264,5 @@
} catch (IllegalArgumentException expected) {
}
}
-
- @Test
- public void testConstructTunnelModeChildParamsCopy() throws Exception {
- TunnelModeChildSessionParams childParams =
- new TunnelModeChildSessionParams.Builder()
- .addSaProposal(mSaProposal)
- .setLifetimeSeconds(
- (int) TimeUnit.HOURS.toSeconds(3L),
- (int) TimeUnit.HOURS.toSeconds(1L))
- .addInternalAddressRequest(AF_INET)
- .addInternalAddressRequest(AF_INET6)
- .addInternalAddressRequest(IPV4_ADDRESS)
- .addInternalAddressRequest(IPV6_ADDRESS, IP6_PREFIX_LEN)
- .addInternalDnsServerRequest(AF_INET)
- .addInternalDnsServerRequest(AF_INET6)
- .addInternalDhcpServerRequest(AF_INET)
- .build();
-
- TunnelModeChildSessionParams result =
- new TunnelModeChildSessionParams.Builder(childParams).build();
- assertEquals(childParams, result);
- }
}
diff --git a/tests/iketests/src/java/android/net/ipsec/ike/exceptions/IkeProtocolExceptionTest.java b/tests/iketests/src/java/android/net/ipsec/ike/exceptions/IkeProtocolExceptionTest.java
index 6d5e1da..c438420 100644
--- a/tests/iketests/src/java/android/net/ipsec/ike/exceptions/IkeProtocolExceptionTest.java
+++ b/tests/iketests/src/java/android/net/ipsec/ike/exceptions/IkeProtocolExceptionTest.java
@@ -14,15 +14,17 @@
* limitations under the License.
*/
-package android.net.ipsec.test.ike.exceptions;
+package android.net.ipsec.ike.exceptions;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_NO_PROPOSAL_CHOSEN;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD;
+import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_NO_PROPOSAL_CHOSEN;
+import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
-import com.android.internal.net.ipsec.test.ike.message.IkeNotifyPayload;
+import com.android.internal.net.ipsec.ike.exceptions.NoValidProposalChosenException;
+import com.android.internal.net.ipsec.ike.exceptions.UnsupportedCriticalPayloadException;
+import com.android.internal.net.ipsec.ike.message.IkeNotifyPayload;
import org.junit.Test;
diff --git a/tests/iketests/src/java/android/net/ipsec/ike/ike3gpp/Ike3gppBackoffTimerTest.java b/tests/iketests/src/java/android/net/ipsec/ike/ike3gpp/Ike3gppBackoffTimerTest.java
deleted file mode 100644
index 3214e63..0000000
--- a/tests/iketests/src/java/android/net/ipsec/ike/ike3gpp/Ike3gppBackoffTimerTest.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net.ipsec.test.ike.ike3gpp;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertTrue;
-
-import android.net.ipsec.test.ike.exceptions.IkeProtocolException;
-
-import org.junit.Test;
-
-public class Ike3gppBackoffTimerTest {
- private static final byte BACKOFF_TIMER = (byte) 0xAF;
- private static final int BACKOFF_CAUSE = Ike3gppBackoffTimer.ERROR_TYPE_NETWORK_FAILURE;
-
- @Test
- public void testIke3gppBackoffTimer() {
- Ike3gppBackoffTimer backoffTimer = new Ike3gppBackoffTimer(BACKOFF_TIMER, BACKOFF_CAUSE);
-
- assertEquals(Ike3gppData.DATA_TYPE_NOTIFY_BACKOFF_TIMER, backoffTimer.getDataType());
- assertEquals(BACKOFF_TIMER, backoffTimer.getBackoffTimer());
- assertEquals(BACKOFF_CAUSE, backoffTimer.getBackoffCause());
- }
-
- @Test
- public void testIsValidErrorNotifyCause() {
- assertTrue(
- Ike3gppBackoffTimer.isValidErrorNotifyCause(
- Ike3gppBackoffTimer.ERROR_TYPE_NO_APN_SUBSCRIPTION));
- assertTrue(
- Ike3gppBackoffTimer.isValidErrorNotifyCause(
- Ike3gppBackoffTimer.ERROR_TYPE_NETWORK_FAILURE));
- assertFalse(
- Ike3gppBackoffTimer.isValidErrorNotifyCause(
- IkeProtocolException.ERROR_TYPE_AUTHENTICATION_FAILED));
- }
-}
diff --git a/tests/iketests/src/java/android/net/ipsec/ike/ike3gpp/Ike3gppExtensionTest.java b/tests/iketests/src/java/android/net/ipsec/ike/ike3gpp/Ike3gppExtensionTest.java
deleted file mode 100644
index d3e3368..0000000
--- a/tests/iketests/src/java/android/net/ipsec/ike/ike3gpp/Ike3gppExtensionTest.java
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net.ipsec.test.ike.ike3gpp;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotEquals;
-import static org.mockito.Mockito.mock;
-
-import android.net.ipsec.test.ike.ike3gpp.Ike3gppExtension.Ike3gppDataListener;
-
-import org.junit.Before;
-import org.junit.Test;
-
-public class Ike3gppExtensionTest {
- private static final byte PDU_SESSION_ID = (byte) 0x01;
-
- private Ike3gppDataListener mMockIke3gppDataListener;
- private Ike3gppParams mIke3gppParams;
-
- @Before
- public void setUp() {
- mMockIke3gppDataListener = mock(Ike3gppDataListener.class);
- mIke3gppParams = new Ike3gppParams.Builder().build();
- }
-
- @Test
- public void testIke3gppExtensionConstructor() {
- Ike3gppExtension ike3gppExtension =
- new Ike3gppExtension(mIke3gppParams, mMockIke3gppDataListener);
-
- assertEquals(mMockIke3gppDataListener, ike3gppExtension.getIke3gppDataListener());
- assertEquals(mIke3gppParams, ike3gppExtension.getIke3gppParams());
- }
-
- @Test(expected = NullPointerException.class)
- public void testIke3gppExtensionConstructorInvalidCallback() {
- Ike3gppExtension ike3gppExtension = new Ike3gppExtension(mIke3gppParams, null);
- }
-
- @Test(expected = NullPointerException.class)
- public void testIke3gppExtensionConstructorInvalidParams() {
- Ike3gppExtension ike3gppExtension = new Ike3gppExtension(null, mMockIke3gppDataListener);
- }
-
- @Test
- public void testEquals() {
- Ike3gppExtension extensionA =
- new Ike3gppExtension(
- new Ike3gppParams.Builder().setPduSessionId(PDU_SESSION_ID).build(),
- mMockIke3gppDataListener);
-
- Ike3gppExtension extensionB =
- new Ike3gppExtension(
- new Ike3gppParams.Builder().setPduSessionId(PDU_SESSION_ID).build(),
- mMockIke3gppDataListener);
-
- assertEquals(extensionA, extensionB);
- }
-
- @Test
- public void testNotEquals() {
- Ike3gppExtension extensionA =
- new Ike3gppExtension(new Ike3gppParams.Builder().build(), mMockIke3gppDataListener);
-
- Ike3gppExtension extensionB =
- new Ike3gppExtension(
- new Ike3gppParams.Builder().setPduSessionId(PDU_SESSION_ID).build(),
- mMockIke3gppDataListener);
-
- assertNotEquals(extensionA, extensionB);
- }
-}
diff --git a/tests/iketests/src/java/android/net/ipsec/ike/ike3gpp/Ike3gppN1ModeInformationTest.java b/tests/iketests/src/java/android/net/ipsec/ike/ike3gpp/Ike3gppN1ModeInformationTest.java
deleted file mode 100644
index 5ab5c9c..0000000
--- a/tests/iketests/src/java/android/net/ipsec/ike/ike3gpp/Ike3gppN1ModeInformationTest.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net.ipsec.test.ike.ike3gpp;
-
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertEquals;
-
-import com.android.internal.util.HexDump;
-
-import org.junit.Test;
-
-public class Ike3gppN1ModeInformationTest {
- private static final byte[] SNSSAI = HexDump.hexStringToByteArray("1122334455");
-
- @Test
- public void testIke3gppN1ModeInformation() {
- Ike3gppN1ModeInformation n1ModeInformation = new Ike3gppN1ModeInformation(SNSSAI);
-
- assertEquals(
- Ike3gppData.DATA_TYPE_NOTIFY_N1_MODE_INFORMATION, n1ModeInformation.getDataType());
- assertArrayEquals(SNSSAI, n1ModeInformation.getSnssai());
- }
-
- @Test(expected = NullPointerException.class)
- public void testIke3gppN1ModeInformationNullSnssai() {
- new Ike3gppN1ModeInformation(null);
- }
-}
diff --git a/tests/iketests/src/java/android/net/ipsec/ike/ike3gpp/Ike3gppParamsTest.java b/tests/iketests/src/java/android/net/ipsec/ike/ike3gpp/Ike3gppParamsTest.java
deleted file mode 100644
index 2f30f2a..0000000
--- a/tests/iketests/src/java/android/net/ipsec/ike/ike3gpp/Ike3gppParamsTest.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net.ipsec.test.ike.ike3gpp;
-
-import static android.net.ipsec.test.ike.ike3gpp.Ike3gppParams.PDU_SESSION_ID_UNSET;
-
-import static org.junit.Assert.assertEquals;
-
-import org.junit.Test;
-
-public class Ike3gppParamsTest {
- private static final byte PDU_SESSION_ID = (byte) 0x01;
-
- @Test
- public void testBuildWithPduSessionId() {
- Ike3gppParams ike3gppParams =
- new Ike3gppParams.Builder().setPduSessionId(PDU_SESSION_ID).build();
-
- assertEquals(PDU_SESSION_ID, ike3gppParams.getPduSessionId());
- }
-
- @Test
- public void testBuildIke3gppParamsDefault() {
- Ike3gppParams ike3gppParams = new Ike3gppParams.Builder().build();
-
- assertEquals(PDU_SESSION_ID_UNSET, ike3gppParams.getPduSessionId());
- }
-
- @Test
- public void testBuildIke3gppParamsClearPduSessionId() {
- Ike3gppParams ike3gppParams =
- new Ike3gppParams.Builder()
- .setPduSessionId(PDU_SESSION_ID)
- .setPduSessionId(PDU_SESSION_ID_UNSET)
- .build();
-
- assertEquals(PDU_SESSION_ID_UNSET, ike3gppParams.getPduSessionId());
- }
-}
diff --git a/tests/iketests/src/java/com/android/internal/net/TestUtils.java b/tests/iketests/src/java/com/android/internal/net/TestUtils.java
index ae6731a..0b344cd 100644
--- a/tests/iketests/src/java/com/android/internal/net/TestUtils.java
+++ b/tests/iketests/src/java/com/android/internal/net/TestUtils.java
@@ -23,8 +23,8 @@
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.spy;
-import com.android.internal.net.ipsec.test.ike.utils.RandomnessFactory;
-import com.android.internal.net.utils.test.Log;
+import com.android.internal.net.ipsec.ike.utils.RandomnessFactory;
+import com.android.internal.net.utils.Log;
import java.nio.ByteBuffer;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/EapAkaPrimeTest.java b/tests/iketests/src/java/com/android/internal/net/eap/EapAkaPrimeTest.java
index 14d3b59..544bcd8 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/EapAkaPrimeTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/EapAkaPrimeTest.java
@@ -14,12 +14,12 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test;
+package com.android.internal.net.eap;
import static android.telephony.TelephonyManager.APPTYPE_USIM;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_REQUEST_SIM_START_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_REQUEST_SIM_START_PACKET;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.doReturn;
@@ -29,10 +29,10 @@
import static org.mockito.Mockito.when;
import android.content.Context;
-import android.net.eap.test.EapSessionConfig;
+import android.net.eap.EapSessionConfig;
import android.telephony.TelephonyManager;
-import com.android.internal.net.eap.test.statemachine.EapStateMachine;
+import com.android.internal.net.eap.statemachine.EapStateMachine;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/EapAkaTest.java b/tests/iketests/src/java/com/android/internal/net/eap/EapAkaTest.java
index a0eb98d..a28a6e0 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/EapAkaTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/EapAkaTest.java
@@ -14,12 +14,12 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test;
+package com.android.internal.net.eap;
import static android.telephony.TelephonyManager.APPTYPE_USIM;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_REQUEST_SIM_START_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_REQUEST_SIM_START_PACKET;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.doReturn;
@@ -29,10 +29,10 @@
import static org.mockito.Mockito.when;
import android.content.Context;
-import android.net.eap.test.EapSessionConfig;
+import android.net.eap.EapSessionConfig;
import android.telephony.TelephonyManager;
-import com.android.internal.net.eap.test.statemachine.EapStateMachine;
+import com.android.internal.net.eap.statemachine.EapStateMachine;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/EapAuthenticatorTest.java b/tests/iketests/src/java/com/android/internal/net/eap/EapAuthenticatorTest.java
index ed4db0b..ee7cc33 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/EapAuthenticatorTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/EapAuthenticatorTest.java
@@ -14,14 +14,14 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test;
+package com.android.internal.net.eap;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_FAILURE_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_REQUEST_SIM_START_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_SIM_RESPONSE_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_SUCCESS_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.REQUEST_UNSUPPORTED_TYPE_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_FAILURE_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_REQUEST_SIM_START_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_SIM_RESPONSE_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_SUCCESS_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.REQUEST_UNSUPPORTED_TYPE_PACKET;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertFalse;
@@ -36,12 +36,12 @@
import android.os.Looper;
import android.os.test.TestLooper;
-import com.android.internal.net.eap.test.EapResult.EapError;
-import com.android.internal.net.eap.test.EapResult.EapFailure;
-import com.android.internal.net.eap.test.EapResult.EapResponse;
-import com.android.internal.net.eap.test.EapResult.EapSuccess;
-import com.android.internal.net.eap.test.exceptions.EapInvalidRequestException;
-import com.android.internal.net.eap.test.statemachine.EapStateMachine;
+import com.android.internal.net.eap.EapResult.EapError;
+import com.android.internal.net.eap.EapResult.EapFailure;
+import com.android.internal.net.eap.EapResult.EapResponse;
+import com.android.internal.net.eap.EapResult.EapSuccess;
+import com.android.internal.net.eap.exceptions.EapInvalidRequestException;
+import com.android.internal.net.eap.statemachine.EapStateMachine;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/EapErrorTest.java b/tests/iketests/src/java/com/android/internal/net/eap/EapErrorTest.java
index ccf7fc8..ce49763 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/EapErrorTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/EapErrorTest.java
@@ -14,11 +14,11 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test;
+package com.android.internal.net.eap;
import static org.junit.Assert.assertEquals;
-import com.android.internal.net.eap.test.EapResult.EapError;
+import com.android.internal.net.eap.EapResult.EapError;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/EapMethodEndToEndTest.java b/tests/iketests/src/java/com/android/internal/net/eap/EapMethodEndToEndTest.java
index 5bf0119..b5d964f 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/EapMethodEndToEndTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/EapMethodEndToEndTest.java
@@ -14,12 +14,12 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test;
+package com.android.internal.net.eap;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_FAILURE_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_REQUEST_NOTIFICATION_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_RESPONSE_NOTIFICATION_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_SUCCESS;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_FAILURE_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_REQUEST_NOTIFICATION_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_RESPONSE_NOTIFICATION_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_SUCCESS;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.eq;
@@ -29,10 +29,10 @@
import static org.mockito.Mockito.verifyNoMoreInteractions;
import android.content.Context;
-import android.net.eap.test.EapSessionConfig;
+import android.net.eap.EapSessionConfig;
import android.os.test.TestLooper;
-import com.android.internal.net.eap.test.exceptions.EapInvalidRequestException;
+import com.android.internal.net.eap.exceptions.EapInvalidRequestException;
import org.junit.Before;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/EapMsChapV2Test.java b/tests/iketests/src/java/com/android/internal/net/eap/EapMsChapV2Test.java
index 39bf954..7b08bfa 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/EapMsChapV2Test.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/EapMsChapV2Test.java
@@ -14,10 +14,10 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test;
+package com.android.internal.net.eap;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_REQUEST_AKA_IDENTITY_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_REQUEST_AKA_IDENTITY_PACKET;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.eq;
@@ -25,9 +25,9 @@
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
-import android.net.eap.test.EapSessionConfig;
+import android.net.eap.EapSessionConfig;
-import com.android.internal.net.eap.test.statemachine.EapStateMachine;
+import com.android.internal.net.eap.statemachine.EapStateMachine;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/EapResponseTest.java b/tests/iketests/src/java/com/android/internal/net/eap/EapResponseTest.java
index a3d0295..0c6dd52 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/EapResponseTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/EapResponseTest.java
@@ -14,19 +14,19 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test;
+package com.android.internal.net.eap;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_RESPONSE_NAK_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_SUCCESS_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_RESPONSE_NAK_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_SUCCESS_PACKET;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import com.android.internal.net.eap.test.EapResult.EapError;
-import com.android.internal.net.eap.test.EapResult.EapResponse;
-import com.android.internal.net.eap.test.exceptions.InvalidEapResponseException;
-import com.android.internal.net.eap.test.message.EapMessage;
+import com.android.internal.net.eap.EapResult.EapError;
+import com.android.internal.net.eap.EapResult.EapResponse;
+import com.android.internal.net.eap.exceptions.InvalidEapResponseException;
+import com.android.internal.net.eap.message.EapMessage;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/EapSimTest.java b/tests/iketests/src/java/com/android/internal/net/eap/EapSimTest.java
index 47ae3b3..c6a0b28 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/EapSimTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/EapSimTest.java
@@ -14,13 +14,13 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test;
+package com.android.internal.net.eap;
import static android.telephony.TelephonyManager.APPTYPE_USIM;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_REQUEST_AKA_IDENTITY_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_RESPONSE_NAK_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_REQUEST_AKA_IDENTITY_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_RESPONSE_NAK_PACKET;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.eq;
@@ -32,10 +32,10 @@
import static org.mockito.Mockito.when;
import android.content.Context;
-import android.net.eap.test.EapSessionConfig;
+import android.net.eap.EapSessionConfig;
import android.telephony.TelephonyManager;
-import com.android.internal.net.eap.test.statemachine.EapStateMachine;
+import com.android.internal.net.eap.statemachine.EapStateMachine;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/EapSuccessTest.java b/tests/iketests/src/java/com/android/internal/net/eap/EapSuccessTest.java
index 2ff0dfb..f2f8e74 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/EapSuccessTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/EapSuccessTest.java
@@ -14,14 +14,14 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test;
+package com.android.internal.net.eap;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.fail;
-import com.android.internal.net.eap.test.EapResult.EapSuccess;
+import com.android.internal.net.eap.EapResult.EapSuccess;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/EapTestUtils.java b/tests/iketests/src/java/com/android/internal/net/eap/EapTestUtils.java
index c7531ae..de058d1 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/EapTestUtils.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/EapTestUtils.java
@@ -14,11 +14,11 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test;
+package com.android.internal.net.eap;
import static android.telephony.TelephonyManager.APPTYPE_USIM;
-import android.net.eap.test.EapSessionConfig;
+import android.net.eap.EapSessionConfig;
import java.util.HashMap;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/EapTtlsTest.java b/tests/iketests/src/java/com/android/internal/net/eap/EapTtlsTest.java
deleted file mode 100644
index a0d42be..0000000
--- a/tests/iketests/src/java/com/android/internal/net/eap/EapTtlsTest.java
+++ /dev/null
@@ -1,776 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.eap.test;
-
-import static com.android.internal.net.TestUtils.hexStringToByteArray;
-import static com.android.internal.net.eap.test.crypto.TlsSessionTest.RESULT_FINISHED_OK;
-import static com.android.internal.net.eap.test.crypto.TlsSessionTest.RESULT_NEED_UNWRAP_OK;
-import static com.android.internal.net.eap.test.crypto.TlsSessionTest.RESULT_NEED_WRAP_OK;
-import static com.android.internal.net.eap.test.crypto.TlsSessionTest.RESULT_NOT_HANDSHAKING_OK;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_REQUEST_AKA_IDENTITY_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_SUCCESS;
-
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.any;
-import static org.mockito.Mockito.argThat;
-import static org.mockito.Mockito.doAnswer;
-import static org.mockito.Mockito.doReturn;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.spy;
-import static org.mockito.Mockito.times;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.verifyNoMoreInteractions;
-import static org.mockito.Mockito.when;
-
-import android.net.eap.test.EapSessionConfig;
-
-import com.android.internal.net.eap.test.crypto.TlsSession;
-import com.android.internal.net.eap.test.crypto.TlsSessionFactory;
-import com.android.internal.net.eap.test.statemachine.EapStateMachine;
-import com.android.internal.net.eap.test.statemachine.EapTtlsMethodStateMachine;
-
-import org.junit.AfterClass;
-import org.junit.Before;
-import org.junit.Test;
-import org.mockito.ArgumentMatcher;
-
-import java.nio.ByteBuffer;
-import java.util.Arrays;
-
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLEngine;
-import javax.net.ssl.SSLEngineResult;
-import javax.net.ssl.SSLSession;
-
-/**
- * End-to-end tests for EAP-TTLS
- *
- * <p>Due to limitations where Conscrypt's SSLEngine offloads to native BoringSSL code, the TLS
- * client random is generated by hardware and CANNOT be seeded or mocked. As such, this test mocks
- * out the entire SSLEngine code.
- *
- * <p>The same is true for TLS keying material generation which is mocked via a TlsSession spy.
- */
-// TODO(b/166781047): Add second SSLEngine to EAP-TTLS end-to-end testing
-public class EapTtlsTest extends EapMethodEndToEndTest {
- private static final long AUTHENTICATOR_TIMEOUT_MILLIS = 250L;
-
- private static final int APPLICATION_BUFFER_SIZE_TLS_MESSAGE = 16384;
- private static final int PACKET_BUFFER_SIZE_TLS_MESSAGE = 16384;
- private static final byte[] EMPTY_BYTE_ARRAY = new byte[PACKET_BUFFER_SIZE_TLS_MESSAGE];
-
- public static final byte[] TLS_MSK =
- hexStringToByteArray(
- "00112233445566778899AABBCCDDEEFF"
- + "00112233445566778899AABBCCDDEEFF"
- + "00112233445566778899AABBCCDDEEFF"
- + "00112233445566778899AABBCCDDEEFF");
-
- public static final byte[] TLS_EMSK =
- hexStringToByteArray(
- "FFEEDDCCBBAA99887766554433221100"
- + "FFEEDDCCBBAA99887766554433221100"
- + "FFEEDDCCBBAA99887766554433221100"
- + "FFEEDDCCBBAA99887766554433221100");
-
- // TUNNELED MSCHAPV2 (Phase 2)
-
- private static final String MSCHAPV2_USERNAME = "mschapv2.android.net";
- private static final String MSCHAPV2_PASSWORD = "mschappwd";
- private static final byte[] PEER_CHALLENGE =
- hexStringToByteArray("6592788337ED192AA396532E0AE65579");
- private static final byte[] MSCHAPV2_MSK =
- hexStringToByteArray(
- "FA90B81CFF52D4FE37E029C84EC1E8B442AE19E482B0CA63FAEFF833C2DC86E60000"
- + "000000000000000000000000000000000000000000000000000000000000");
- private static final int EMSK_LEN = 64;
- private static final byte[] MSCHAPV2_EMSK = new byte[EMSK_LEN];
-
- // TLSv1.2 Handshake Messages
-
- private static final String CLIENT_HELLO_STRING =
- "1603010085010000810303DE76A65F038E90315BB25B49CB9AB4E2540586C3B25851604C8D6E"
- + "FECA11C16D00001CC02BC02CCCA9C02FC030CCA8C009C00AC013C014009C009D00"
- + "2F00350100003C00170000FF01000100000A00080006001D00170018000B000201"
- + "00000500050100000000000D001400120403080404010503080505010806060102"
- + "01";
- private static final byte[] CLIENT_HELLO_BYTES = hexStringToByteArray(CLIENT_HELLO_STRING);
-
- private static final String SERVER_HELLO_INITIAL_FRAGMENT_STRING =
- "16030304140200003603035F46FED4999A26EE4CA1E4DB034E3BADAD262359A36885E19187F8"
- + "5454F08E9E105188276593B74D74C1E95C9779EE83E9002F000B00037300037000"
- + "036D3082036930820251A0030201020208570C6688A0ABF919300D06092A864886"
- + "F70D01010B05003042310B30090603550406130255533110300E060355040A1307"
- + "416E64726F69643121301F06035504031318726F6F742E63612E746573742E616E"
- + "64726F69642E6E6574301E170D3230303530393031323331305A170D3233303530"
- + "393031323331305A3045310B30090603550406130255533110300E060355040A13"
- + "07416E64726F6964312430220603550403131B7365727665722E746573742E696B"
- + "652E616E64726F69642E6E657430820122300D06092A864886F70D010101050003"
- + "82010F003082010A0282010100C66872A68B0CFDD8453EF987A62AA4F9B251DB27"
- + "F0E4079686CA678EE2090755F7FD314245398B2EC43C5464509D2298940609DABE"
- + "57A60610D3DAF80D801B1F02F6A1262D92D333A9AC76D89951EF7733647E03DD44"
- + "ED2A4EC274BB5CD4D3C55D8166949F6E13F4C3D695EF5F08FDBDD629F2D56E96CD"
- + "91BFE84136D80CE274F516AC8CA69D6CAF9B762C8771F96A434783C2F02EC71317"
- + "AEC38C0E058EA65A9E2E12B5AA0C505F40D237773C29C9246D9EE3152925F941C8"
- + "FA67E6EA2A6B408009D9A9DA0B7A09F8B016C42C3156D5060DAA9F5081D24EF4FF"
- + "51DA523C2D9BCA71DDB207CCC9DBE24AD447E1F44AF386A16745CD41CDBB01C4A2"
- + "416E9A595D0203010001A360305E301F0603551D23041830168014499FA84785D7"
- + "8363F757A422947EB1584212801A30260603551D11041F301D821B736572766572"
- + "2E746573742E696B652E616E64726F69642E6E657430130603551D25040C300A06"
- + "082B06010505070301300D06092A864886F70D01010B050003820101007067F0B9"
- + "9698CA73410D703C83D294646D8734EF92C6CCBBE5E80A37A2B57DDD471739A8E2"
- + "5BF03C3BB571CEBA423B80B294AAD8341690A9094D680910057B36C5AF58431421"
- + "AE038A71A56FC9EA1C1B160C6B97F7326B364A0A5033A818DC37EDE5031FCF7D75"
- + "2683DAAFDE59FBB030F754F3D32FBCCD74D7A594967F2F8E2A921099689A61B7BF"
- + "9678F48F817BCF873B04A45112A17A4818981E7BF83F1DCB038C000DDCFD372A9D"
- + "00DADC7A43A5DA3C9C0BB36111844A72110CE7B3CED711705D5774B64C2419AAF7"
- + "888BBBC093CA0B7CFA8E118279B2AE30C0D28E0EE203B1D9DE34C29E58A8BA50B5"
- + "4CBB917CFFC87604C2646CFFB7511A557F951CDD4E0D00005B020140000E000C04"
- + "0105010601030102010101004600443042310B3009060355040613025553311030"
- + "0E060355040A1307416E64726F69643121301F";
- private static final byte[] SERVER_HELLO_INITIAL_FRAGMENT_BYTES =
- hexStringToByteArray(SERVER_HELLO_INITIAL_FRAGMENT_STRING);
- private static final String SERVER_HELLO_FINAL_FRAGMENT_STRING =
- "06035504031318726F6F742E63612E746573742E616E64726F69642E6E65740E000000";
- private static final byte[] SERVER_HELLO_FINAL_FRAGMENT_BYTES =
- hexStringToByteArray(SERVER_HELLO_FINAL_FRAGMENT_STRING);
- private static final byte[] SERVER_HELLO_BYTES =
- hexStringToByteArray(
- SERVER_HELLO_INITIAL_FRAGMENT_STRING + SERVER_HELLO_FINAL_FRAGMENT_STRING);
-
- private static final String CLIENT_FINISHED_STRING =
- "16030300070B0000030000001603030106100001020100A061D18580E2ACA2FDBB714012D180C"
- + "595CB51ED7B89EF394CFF7265C68756CF55CBEE47284A0992B3FC64A77F28E5E98F"
- + "B4F681BD67A87CD4DA115D70C74F96EB7AFCA822C0000824AA6C73DAA1233535EE0"
- + "B63D0E52F5EB645BC617170957B68ADEDE770559899813C0F174787F0C73ED87A2A"
- + "ED88D3C4438D8990D16DE9D6125EA772342123609941DD99CDE4A79E24D6C300AE5"
- + "245266275EA73B5FE4955ED7C25D34D60E7E925B33EDA75BE14A5B16FC45E7E6BDA"
- + "11C449A21D7455DD42D6B9418D04210CF50FD7D0A2B79882A4BE3EE68C2E9149F65"
- + "465432B483255B1D0076F74030D252131FE92DEB72B7FA40DE649F51AAE4BC28A31"
- + "ED8670E3AC221403030001011603030040016BFABBF2C74A11DDCFAFC8D815FA7C0"
- + "B4D8705A4BC44699242B5C4D413A1EEDBAAD2F1951713E35B35A99D9B3EA916F12F"
- + "297CEEC349173FE75C1B87F1CD66";
- private static final byte[] CLIENT_FINISHED_BYTES =
- hexStringToByteArray(CLIENT_FINISHED_STRING);
-
- private static final String SERVER_FINISHED_STRING =
- "14030300010116030300404570EA39954A9A370FDFCADC5DEDC072B9C204974645FD9D3E22383"
- + "26B76D2160F6EB88433C2E64FEB0F9204AC963D92399417166EC7CBF2E4F723C879"
- + "0C1255";
- private static final byte[] SERVER_FINISHED_BYTES =
- hexStringToByteArray(SERVER_FINISHED_STRING);
-
- // Phase 2 Messages (EAP-MSCHAPV2)
-
- private static final String ENCRYPTED_EAP_IDENTITY_AVP_STRING =
- "170303004070739851715B5BA7CC0237522560F811BFB47A7877E6882B524A3225B30EED1C66E7"
- + "BE834C94B411995CF01C824E19B51E9E6D17AB273E218733071390D16752";
- private static final byte[] ENCRYPTED_EAP_IDENTITY_AVP_BYTES =
- hexStringToByteArray(ENCRYPTED_EAP_IDENTITY_AVP_STRING);
- private static final String DECRYPTED_EAP_IDENTITY_AVP_STRING =
- "0000004F" + "40" + "00000D" // AVP Code | AVP Flags | AVP Length
- + "0210000501" // EAP-Response/Identity
- + "000000"; // Padding
- private static final byte[] DECRYPTED_EAP_IDENTITY_AVP_BYTES =
- hexStringToByteArray(DECRYPTED_EAP_IDENTITY_AVP_STRING);
-
- private static final String EAP_MSCHAP_V2_ENCRYPTED_CHALLENGE_REQUEST_AVP_STRING =
- "1703030060AB010671AA326B4421D4F7336C476D0595E7C9104ADD9975FAC10CDA63DB82DB989F7"
- + "6A6E41C2FAFE6C4C3BA4D4F49F08FF1FC88F0AD47BA9913D962A2D6F0C95D68AE879E"
- + "A305FFE6A9D999C79A4B20D3B4C067A0E17F848D44C16AF61B27F5";
- private static final byte[] EAP_MSCHAP_V2_ENCRYPTED_CHALLENGE_REQUEST_AVP_BYTES =
- hexStringToByteArray(EAP_MSCHAP_V2_ENCRYPTED_CHALLENGE_REQUEST_AVP_STRING);
- private static final String EAP_MSCHAP_V2_DECRYPTED_CHALLENGE_REQUEST_AVP_STRING =
- "0000004F" + "40" + "00002C" // AVP Code | AVP Flags | AVP Length
- + "01640024" // EAP-Request | ID | length in bytes
- + "1A0164" // EAP-MSCHAPv2 | Request | MSCHAPv2 ID
- + "001F10" // MS length | Value Size (0x10)
- + "DCB648175C0A8200F226F94F0964F9DE" // Authenticator-Challenge
- + "6D736368617074657374"; // Server-Name hex("mschaptest")
- private static final byte[] EAP_MSCHAP_V2_DECRYPTED_CHALLENGE_REQUEST_AVP_BYTES =
- hexStringToByteArray(EAP_MSCHAP_V2_DECRYPTED_CHALLENGE_REQUEST_AVP_STRING);
-
- private static final String EAP_MSCHAP_V2_ENCRYPTED_CHALLENGE_RESPONSE_AVP_STRING =
- "17030300805D5941EECB4D1F040B3C199FBB078393220526B3C7A7F73D16C0D45EBE56CBA1E80E0"
- + "1EB5B56E367B27B211C05D3713E389516B14568FB95679F960D61B5620F23D49B2A8F"
- + "999C308004B389111F49B56F3AFDFEE4765ADF2ADBBB82E7D5AE8D4E25FB10D67091E"
- + "E39E3A39F0F1AFB720231E3D824565349550BC7988C4E2E39";
- private static final byte[] EAP_MSCHAP_V2_ENCRYPTED_CHALLENGE_RESPONSE_AVP_BYTES =
- hexStringToByteArray(EAP_MSCHAP_V2_ENCRYPTED_CHALLENGE_RESPONSE_AVP_STRING);
- private static final String EAP_MSCHAP_V2_DECRYPTED_CHALLENGE_RESPONSE_AVP_STRING =
- "0000004F" + "40" + "000057" // AVP Code | AVP Flags | AVP Length
- + "0264004F" // EAP-Response | ID | length in bytes
- + "1A0264" // EAP-MSCHAPv2 | Response | MSCHAPv2 ID
- + "004A31" // MS length | Value Size (0x31)
- + "6592788337ED192AA396532E0AE65579" // Peer-Challenge
- + "0000000000000000" // 8B (reserved)
- + "6027E628F0090D596D4FF5FE451FC537CD54F7BD70F05C73" // NT-Response
- + "00" // Flags
- + "6D736368617076322E616E64726F69642E6E657400"; // hex(USERNAME)
- private static final byte[] EAP_MSCHAP_V2_DECRYPTED_CHALLENGE_RESPONSE_AVP_BYTES =
- hexStringToByteArray(EAP_MSCHAP_V2_DECRYPTED_CHALLENGE_RESPONSE_AVP_STRING);
-
- private static final String EAP_MSCHAP_V2_ENCRYPTED_SUCCESS_REQUEST_AVP_STRING =
- "17030300800A7516313DA811E690BAF1E76B5C25A1B57B891FC03AECDE89B5C75044B3111966EF91"
- + "49ADA96F0720C055C9A124001097F1BD5E9728A38CA160BA433A95077B5B5367EDF8E3"
- + "2EAAD7CDDED43BBDAEC4C1AD2CC919D591B3A744CCE1868295AD5F0115E7443E74AEA4"
- + "38CFF96E13ED36F0E539537CE676E251B82BA9B1153569";
- private static final byte[] EAP_MSCHAP_V2_ENCRYPTED_SUCCESS_REQUEST_AVP_BYTES =
- hexStringToByteArray(EAP_MSCHAP_V2_ENCRYPTED_SUCCESS_REQUEST_AVP_STRING);
- private static final String EAP_MSCHAP_V2_DECRYPTED_SUCCESS_REQUEST_AVP_STRING =
- "0000004F" + "40" + "000051" // AVP Code | AVP Flags | AVP Length
- + "01650049" // EAP-Request | ID | length in bytes
- + "1A03640044" // EAP-MSCHAPv2 | Success | MSCHAPv2 ID | MS length
- + "533D" // hex("S=")
- + "3744354237394335353736334632433341323442"
- + "4345334134323845353245364430314146444636" // hex("<auth_string>")
- + "204D3D" // hex(" M=")
- + "57656C636F6D65326561706D73636861703200000000"; // hex("Welcome2eapmschap2")
- private static final byte[] EAP_MSCHAP_V2_DECRYPTED_SUCCESS_REQUEST_AVP_BYTES =
- hexStringToByteArray(EAP_MSCHAP_V2_DECRYPTED_SUCCESS_REQUEST_AVP_STRING);
-
- private static final String EAP_MSCHAP_V2_ENCRYPTED_SUCCESS_RESPONSE_AVP_STRING =
- "1703030040CD43A46C500065962396E4BEDA72CD43B3316F923AB2108DF93ECFA70192A852485E6D"
- + "69105B0C57E2C57780C9C8D74BE705CC87F5C862FF30C1138390C8BE73";
- private static final byte[] EAP_MSCHAP_V2_ENCRYPTED_SUCCESS_RESPONSE_AVP_BYTES =
- hexStringToByteArray(EAP_MSCHAP_V2_ENCRYPTED_SUCCESS_RESPONSE_AVP_STRING);
- private static final String EAP_MSCHAP_V2_DECRYPTED_SUCCESS_RESPONSE_AVP_STRING =
- "0000004F" + "40" + "00000E" // AVP Code | AVP Flags | AVP Length
- + "02650006" // EAP-Response | ID | length in bytes
- + "1A030000"; // EAP-MSCHAPv2 | Success
- private static final byte[] EAP_MSCHAP_V2_DECRYPTED_SUCCESS_RESPONSE_AVP_BYTES =
- hexStringToByteArray(EAP_MSCHAP_V2_DECRYPTED_SUCCESS_RESPONSE_AVP_STRING);
-
- private static final String EAP_MSCHAP_V2_ENCRYPTED_FAILURE_REQUEST_AVP_STRING =
- "1703030040CD43A46C500065962396E4BEDA72CD43B3316F923AB2108DF93ECFA70192A852485E6D"
- + "69105B0C57E2C57780C9C8D74BE705CC87F5C862FF30C1138390C8BE73";
- private static final byte[] EAP_MSCHAP_V2_ENCRYPTED_FAILURE_REQUEST_AVP_BYTES =
- hexStringToByteArray(EAP_MSCHAP_V2_ENCRYPTED_FAILURE_REQUEST_AVP_STRING);
- private static final String EAP_MSCHAP_V2_DECRYPTED_FAILURE_REQUEST_AVP_STRING =
- "0000004F" + "40" + "000055" // AVP Code | AVP Flags | AVP Length
- + "0113004D" // EAP-Request | ID | length in bytes
- + "1A04420044" // EAP-MSCHAPv2 | Failure | MSCHAPv2 ID | MS length
- + "453D363437" // hex("E=647")
- + "20523D31" // hex(" R=1")
- + "20433D" // hex(" C=")
- + "30303031303230333034303530363037"
- + "30383039304130423043304430453046" // hex("<authenticator challenge>")
- + "20563D33" // hex(" V=3")
- + "204D3D" // hex(" M=")
- + "57656C636F6D65326561706D7363686170320000"; // hex("Welcome2eapmschap2")
- private static final byte[] EAP_MSCHAP_V2_DECRYPTED_FAILURE_REQUEST_AVP_BYTES =
- hexStringToByteArray(EAP_MSCHAP_V2_DECRYPTED_FAILURE_REQUEST_AVP_STRING);
-
- private static final String EAP_MSCHAP_V2_ENCRYPTED_FAILURE_RESPONSE_AVP_STRING =
- "1703030040CD43A46C500065962396E4BEDA72CD43B3316F923AB21074BE705CC87F5C862F85E6D83"
- + "69105B0C57E2C57780CDA72CD43B3316F923AB21074BE70CC87F5C862F85E862F";
- private static final byte[] EAP_MSCHAP_V2_ENCRYPTED_FAILURE_RESPONSE_AVP_BYTES =
- hexStringToByteArray(EAP_MSCHAP_V2_ENCRYPTED_FAILURE_RESPONSE_AVP_STRING);
- private static final String EAP_MSCHAP_V2_DECRYPTED_FAILURE_RESPONSE_AVP_STRING =
- "0000004F" + "40" + "00000E" // AVP Code | AVP Flags | AVP Length
- + "02130006" // EAP-Response | ID | length in bytes
- + "1A040000"; // EAP-MSCHAPv2 | Failure
- private static final byte[] EAP_MSCHAP_V2_DECRYPTED_FAILURE_RESPONSE_AVP_BYTES =
- hexStringToByteArray(EAP_MSCHAP_V2_DECRYPTED_FAILURE_RESPONSE_AVP_STRING);
-
- private static final String ENCRYPTED_EAP_AKA_IDENTITY_REQUEST_AVP_STRING =
- "1703030040CD43A46C500065962396E4BEDA72CD43B3316F923AB21074BE705CC87F5C862F85E6D83"
- + "F9F56678251443C56";
- private static final byte[] ENCRYPTED_EAP_AKA_IDENTITY_REQUEST_AVP_BYTES =
- hexStringToByteArray(ENCRYPTED_EAP_AKA_IDENTITY_REQUEST_AVP_STRING);
- private static final String DECRYPTED_EAP_AKA_IDENTITY_REQUEST_AVP_STRING =
- "0000004F" + "40" + "00000D" // AVP Code | AVP Flags | AVP Length
- + "0110000517000000"; // AKA EAP-Identity Request
- private static final byte[] DECRYPTED_EAP_AKA_IDENTITY_REQUEST_AVP_BYTES =
- hexStringToByteArray(DECRYPTED_EAP_AKA_IDENTITY_REQUEST_AVP_STRING);
-
- private static final String ENCRYPTED_NAK_RESPONSE_AVP_STRING =
- "1703030040CD43A46C500065962396E4BEDA72CD43B3316F923AB21074BE705CC87F5C862F85E6D83"
- + "605B0C57E2C577923";
- private static final byte[] ENCRYPTED_NAK_RESPONSE_AVP_BYTES =
- hexStringToByteArray(ENCRYPTED_NAK_RESPONSE_AVP_STRING);
- private static final String DECRYPTED_NAK_RESPONSE_AVP_STRING =
- "0000004F" + "40" + "00000E" // AVP Code | AVP Flags | AVP Length
- + "02100006031A0000"; // NAK
- private static final byte[] DECRYPTED_NAK_RESPONSE_AVP_BYTES =
- hexStringToByteArray(DECRYPTED_NAK_RESPONSE_AVP_STRING);
-
-
- private static final String ENCRYPTED_EAP_NOTIFICATION_REQUEST_AVP_STRING =
- "1703030040CD43A46C500065962396E4BEDA72CD43B3316F923AB21074BE705CC87F5C862F85E6D83"
- + "17E15E7443E74AEA4";
- private static final byte[] ENCRYPTED_EAP_NOTIFICATION_REQUEST_AVP_BYTES =
- hexStringToByteArray(ENCRYPTED_EAP_NOTIFICATION_REQUEST_AVP_STRING);
- private static final String DECRYPTED_EAP_NOTIFICATION_REQUEST_AVP_STRING =
- "0000004F" + "40" + "000010" // AVP Code | AVP Flags | AVP Length
- + "0110000802AABBCC"; // Notification Request
- private static final byte[] DECRYPTED_EAP_NOTIFICATION_REQUEST_AVP_BYTES =
- hexStringToByteArray(DECRYPTED_EAP_NOTIFICATION_REQUEST_AVP_STRING);
-
- private static final String ENCRYPTED_EAP_NOTIFICATION_RESPONSE_AVP_STRING =
- "1703030040CD43A46C500065962396E4BEDA72CD43B3317F923AB21074BE705CC87F1C862F85E6D83"
- + "107FAA4BE705CCBE8";
- private static final byte[] ENCRYPTED_EAP_NOTIFICATION_RESPONSE_AVP_BYTES =
- hexStringToByteArray(ENCRYPTED_EAP_NOTIFICATION_RESPONSE_AVP_STRING);
- private static final String DECRYPTED_EAP_NOTIFICATION_RESPONSE_AVP_STRING =
- "0000004F" + "40" + "00000D" // AVP Code | AVP Flags | AVP Length
- + "0210000502000000"; // Notification Response
- private static final byte[] DECRYPTED_EAP_NOTIFICATION_RESPONSE_AVP_BYTES =
- hexStringToByteArray(DECRYPTED_EAP_NOTIFICATION_RESPONSE_AVP_STRING);
-
- // EAP-TTLS Request/Responses
-
- private static final byte[] EAP_RESPONSE_NAK_PACKET_TTLS = hexStringToByteArray("021000060315");
- private static final byte[] EAP_RESPONSE_NAK_PACKET_MSCHAPV2 =
- hexStringToByteArray("02080006031D");
-
- // Phase 1 (Handshake)
-
- private static final byte[] EAP_TTLS_START_REQUEST =
- hexStringToByteArray(
- "01" + "10" + "0006" // EAP-Request | ID | length in bytes
- + "1520"); // EAP-TTLS | flags);
- private static final byte[] EAP_TTLS_CLIENT_HELLO_RESPONSE =
- hexStringToByteArray(
- "02" + "10" + "0094" // EAP-Response | ID | length in bytes
- + "15800000008A" // EAP-TTLS | Flags | message length
- + CLIENT_HELLO_STRING);
- private static final byte[] EAP_TTLS_SERVER_HELLO_REQUEST_INITIAL_FRAGMENT =
- hexStringToByteArray(
- "01" + "10" + "0400" // EAP-Request | ID | length in bytes
- + "15C000000419" // EAP-TTLS | Flags | message length
- + SERVER_HELLO_INITIAL_FRAGMENT_STRING);
- private static final byte[] EAP_TTLS_ACKNOWLEDGEMENT_RESPONSE_SERVER_HELLO_FRAGMENT =
- hexStringToByteArray(
- "02" + "10" + "0006" // EAP-Response | ID | length in bytes
- + "1500"); // EAP-TTLS | Flags
- private static final byte[] EAP_TTLS_SERVER_HELLO_REQUEST_FINAL_FRAGMENT =
- hexStringToByteArray(
- "01" + "10" + "0029" // EAP-Request | ID | length in bytes
- + "1500" // EAP-TTLS | Flags
- + SERVER_HELLO_FINAL_FRAGMENT_STRING);
- private static final byte[] EAP_TTLS_CLIENT_FINISHED_RESPONSE =
- hexStringToByteArray(
- "02" + "10" + "016C" // EAP-Response | ID | length in bytes
- + "158000000162" // EAP-TTLS | Flags | message length
- + CLIENT_FINISHED_STRING);
- private static final byte[] EAP_TTLS_SERVER_FINISHED_REQUEST =
- hexStringToByteArray(
- "01" + "10" + "0055" // EAP-Request | ID | length in bytes
- + "15800000004B" // EAP-TTLS | Flags | message length
- + SERVER_FINISHED_STRING);
-
- // Phase 2 (Tunnel)
-
- private static final byte[] EAP_TTLS_TUNNELED_IDENTITY_RESPONSE =
- hexStringToByteArray(
- "02" + "10" + "004F" // EAP-Response | ID | length in bytes
- + "158000000045" // EAP-TTLS | Flags | message length
- + ENCRYPTED_EAP_IDENTITY_AVP_STRING);
- private static final byte[] EAP_TTLS_TUNNELED_CHALLENGE_REQUEST =
- hexStringToByteArray(
- "01" + "05" + "006F" // EAP-Request | ID | length in bytes
- + "158000000065" // EAP-TTLS | Flags | message length
- + EAP_MSCHAP_V2_ENCRYPTED_CHALLENGE_REQUEST_AVP_STRING);
- private static final byte[] EAP_TTLS_TUNNELED_CHALLENGE_RESPONSE =
- hexStringToByteArray(
- "02" + "05" + "008F" // EAP-Response | ID | length in bytes
- + "158000000085" // EAP-TTLS | Flags | message length
- + EAP_MSCHAP_V2_ENCRYPTED_CHALLENGE_RESPONSE_AVP_STRING);
- private static final byte[] EAP_TTLS_TUNNELED_SUCCESS_REQUEST =
- hexStringToByteArray(
- "01" + "06" + "008F" // EAP-Request | ID | length in bytes
- + "158000000085" // EAP-TTLS | Flags | message length
- + EAP_MSCHAP_V2_ENCRYPTED_SUCCESS_REQUEST_AVP_STRING);
- private static final byte[] EAP_TTLS_TUNNELED_SUCCESS_RESPONSE =
- hexStringToByteArray(
- "02" + "06" + "004F" // EAP-Response | ID | length in bytes
- + "158000000045" // EAP-TTLS | Flags | message length
- + EAP_MSCHAP_V2_ENCRYPTED_SUCCESS_RESPONSE_AVP_STRING);
- private static final byte[] EAP_TTLS_TUNNELED_FAILURE_REQUEST =
- hexStringToByteArray(
- "01" + "07" + "004F" // EAP-Request | ID | length in bytes
- + "158000000045" // EAP-TTLS | Flags | message length
- + EAP_MSCHAP_V2_ENCRYPTED_FAILURE_REQUEST_AVP_STRING);
- private static final byte[] EAP_TTLS_TUNNELED_FAILURE_RESPONSE =
- hexStringToByteArray(
- "02" + "07" + "0053" // EAP-Response | ID | length in bytes
- + "158000000049" // EAP-TTLS | Flags | message length
- + EAP_MSCHAP_V2_ENCRYPTED_FAILURE_RESPONSE_AVP_STRING);
- private static final byte[] EAP_TTLS_TUNNELED_AKA_IDENTITY_AVP_REQUEST =
- hexStringToByteArray(
- "01" + "08" + "003B" // EAP-Request | ID | length in bytes
- + "158000000031" // EAP-TTLS | Flags | message length
- + ENCRYPTED_EAP_AKA_IDENTITY_REQUEST_AVP_STRING);
- private static final byte[] EAP_TTLS_TUNNELED_NAK_RESPONSE =
- hexStringToByteArray(
- "02" + "08" + "003B" // EAP-Response | ID | length in bytes
- + "158000000031" // EAP-TTLS | Flags | message length
- + ENCRYPTED_NAK_RESPONSE_AVP_STRING);
- private static final byte[] EAP_TTLS_TUNNELED_EAP_NOTIFICATION_REQUEST =
- hexStringToByteArray(
- "01" + "08" + "003B" // EAP-Response | ID | length in bytes
- + "158000000031" // EAP-TTLS | Flags | message length
- + ENCRYPTED_EAP_NOTIFICATION_REQUEST_AVP_STRING);
- private static final byte[] EAP_TTLS_TUNNELED_EAP_NOTIFICATION_RESPONSE =
- hexStringToByteArray(
- "02" + "08" + "003B" // EAP-Response | ID | length in bytes
- + "158000000031" // EAP-TTLS | Flags | message length
- + ENCRYPTED_EAP_NOTIFICATION_RESPONSE_AVP_STRING);
-
- private final TlsSessionFactory mMockTlsSessionFactory = mock(TlsSessionFactory.class);
- private final SSLEngine mMockSslEngine = mock(SSLEngine.class);
- private final SSLSession mMockSslSession = mock(SSLSession.class);
- private TlsSession mTlsSessionSpy;
-
- @Before
- @Override
- public void setUp() {
- super.setUp();
- EapSessionConfig innerEapSessionConfig =
- new EapSessionConfig.Builder()
- .setEapMsChapV2Config(MSCHAPV2_USERNAME, MSCHAPV2_PASSWORD)
- .build();
- mEapSessionConfig =
- new EapSessionConfig.Builder()
- .setEapTtlsConfig(null, innerEapSessionConfig)
- .build();
- mEapAuthenticator =
- new EapAuthenticator(
- mTestLooper.getLooper(),
- mMockCallback,
- new EapStateMachine(mMockContext, mEapSessionConfig, mMockSecureRandom),
- Runnable::run,
- AUTHENTICATOR_TIMEOUT_MILLIS);
-
- when(mMockSslSession.getApplicationBufferSize())
- .thenReturn(APPLICATION_BUFFER_SIZE_TLS_MESSAGE);
- when(mMockSslSession.getPacketBufferSize()).thenReturn(PACKET_BUFFER_SIZE_TLS_MESSAGE);
-
- // TODO(b/165823103): Switch EAP-TTLS to use CorePlatformApi for
- // Conscrypt#exportKeyingMaterial
- mTlsSessionSpy =
- spy(
- new TlsSession(
- mock(SSLContext.class),
- mMockSslEngine,
- mMockSslSession,
- mMockSecureRandom));
- when(mTlsSessionSpy.generateKeyingMaterial())
- .thenReturn(mTlsSessionSpy.new EapTtlsKeyingMaterial(TLS_MSK, TLS_EMSK));
-
- EapTtlsMethodStateMachine.sTlsSessionFactory = mMockTlsSessionFactory;
- try {
- when(mMockTlsSessionFactory.newInstance(eq(null), eq(mMockSecureRandom)))
- .thenReturn(mTlsSessionSpy);
- } catch (Exception e) {
- throw new AssertionError("TLS Session setup failed", e);
- }
- }
-
- @AfterClass
- public static void teardown() {
- EapTtlsMethodStateMachine.sTlsSessionFactory = new TlsSessionFactory();
- }
-
- @Test
- public void testEapTtlsEndToEndSuccess() throws Exception {
- processAndVerifyStartRequest();
- processAndVerifyServerHello_initialFragment();
- processAndVerifyServerHello_finalFragment();
- processAndVerifyServerFinished();
- processAndVerifyMsChapV2ChallengeRequest();
- processAndVerifyMsChapV2SuccessRequest();
- processAndVerifyEapSuccess(TLS_MSK, TLS_EMSK);
- }
-
- @Test
- public void testEapTtlsWithEapNotifications() throws Exception {
- verifyEapNotification(1);
- processAndVerifyStartRequest();
-
- verifyEapNotification(2);
- processAndVerifyServerHello_initialFragment();
- processAndVerifyServerHello_finalFragment();
-
- verifyEapNotification(3);
- processAndVerifyServerFinished();
-
- verifyEapNotification(4);
- processAndVerifyMsChapV2ChallengeRequest();
-
- verifyEapNotification(5);
- processAndVerifyMsChapV2SuccessRequest();
-
- verifyEapNotification(6);
- processAndVerifyEapSuccess(TLS_MSK, TLS_EMSK);
- }
-
- @Test
- public void testEapTtlsWithTunneledEapNotifications() throws Exception {
- processAndVerifyStartRequest();
- processAndVerifyServerHello_initialFragment();
- processAndVerifyServerHello_finalFragment();
- processAndVerifyServerFinished();
-
- processAndVerifyTunneledEapNotification(1);
- processAndVerifyMsChapV2ChallengeRequest();
-
- processAndVerifyTunneledEapNotification(2);
- processAndVerifyMsChapV2SuccessRequest();
-
- processAndVerifyTunneledEapNotification(3);
- processAndVerifyEapSuccess(TLS_MSK, TLS_EMSK);
- }
-
- @Test
- public void testEapMsChapV2EndToEndFailure() throws Exception {
- processAndVerifyStartRequest();
- processAndVerifyServerHello_initialFragment();
- processAndVerifyServerHello_finalFragment();
- processAndVerifyServerFinished();
- processAndVerifyMsChapV2ChallengeRequest();
- processMessageAndVerifyMsChapV2FailureRequest();
- verifyEapFailure();
- }
-
- @Test
- public void testEapTtlsUnsupportedType() throws Exception {
- verifyUnsupportedType(EAP_REQUEST_AKA_IDENTITY_PACKET, EAP_RESPONSE_NAK_PACKET_TTLS);
-
- processAndVerifyStartRequest();
- processAndVerifyServerHello_initialFragment();
- processAndVerifyServerHello_finalFragment();
- processAndVerifyServerFinished();
- processAndVerifyMsChapV2ChallengeRequest();
- processAndVerifyMsChapV2SuccessRequest();
- processAndVerifyEapSuccess(TLS_MSK, TLS_EMSK);
- }
-
- @Test
- public void testEapTtlsTunneledUnsupportedType() throws Exception {
- processAndVerifyStartRequest();
- processAndVerifyServerHello_initialFragment();
- processAndVerifyServerHello_finalFragment();
- processAndVerifyServerFinished();
-
- processAndVerifyTunneledUnsupportedType();
-
- processAndVerifyMsChapV2ChallengeRequest();
- processAndVerifyMsChapV2SuccessRequest();
- processAndVerifyEapSuccess(TLS_MSK, TLS_EMSK);
- }
-
- private void processAndVerifyStartRequest() throws Exception {
- setupWrap(EMPTY_BYTE_ARRAY, CLIENT_HELLO_BYTES, RESULT_NEED_UNWRAP_OK);
-
- mEapAuthenticator.processEapMessage(EAP_TTLS_START_REQUEST);
- mTestLooper.dispatchAll();
-
- // TODO(b/166794957): Verify SSLEngine wrap/unwrap in EAP-TTLS end-to-end tests
- verify(mMockCallback).onResponse(eq(EAP_TTLS_CLIENT_HELLO_RESPONSE));
- verifyNoMoreInteractions(mMockCallback);
- }
-
- private void processAndVerifyServerHello_initialFragment() throws Exception {
- mEapAuthenticator.processEapMessage(EAP_TTLS_SERVER_HELLO_REQUEST_INITIAL_FRAGMENT);
- mTestLooper.dispatchAll();
-
- verify(mMockCallback)
- .onResponse(eq(EAP_TTLS_ACKNOWLEDGEMENT_RESPONSE_SERVER_HELLO_FRAGMENT));
- verifyNoMoreInteractions(mMockCallback);
- }
-
- private void processAndVerifyServerHello_finalFragment() throws Exception {
- doReturn(RESULT_NEED_WRAP_OK)
- .when(mMockSslEngine)
- .unwrap(
- argThat(containsData(SERVER_HELLO_BYTES)),
- argThat(containsData(DECRYPTED_EAP_IDENTITY_AVP_BYTES)));
- setupWrap(DECRYPTED_EAP_IDENTITY_AVP_BYTES, CLIENT_FINISHED_BYTES, RESULT_NEED_UNWRAP_OK);
-
- mEapAuthenticator.processEapMessage(EAP_TTLS_SERVER_HELLO_REQUEST_FINAL_FRAGMENT);
- mTestLooper.dispatchAll();
-
- // TODO(b/166794957): Verify SSLEngine wrap/unwrap in EAP-TTLS end-to-end tests
- verify(mMockCallback).onResponse(eq(EAP_TTLS_CLIENT_FINISHED_RESPONSE));
- verifyNoMoreInteractions(mMockCallback);
- }
-
- private void processAndVerifyServerFinished() throws Exception {
- doReturn(RESULT_NEED_UNWRAP_OK, RESULT_NEED_WRAP_OK)
- .when(mMockSslEngine)
- .unwrap(
- argThat(containsData(SERVER_FINISHED_BYTES)),
- argThat(containsData(DECRYPTED_EAP_IDENTITY_AVP_BYTES)));
- setupWrap(
- DECRYPTED_EAP_IDENTITY_AVP_BYTES,
- ENCRYPTED_EAP_IDENTITY_AVP_BYTES,
- RESULT_FINISHED_OK);
-
- mEapAuthenticator.processEapMessage(EAP_TTLS_SERVER_FINISHED_REQUEST);
- mTestLooper.dispatchAll();
-
- // TODO(b/166794957): Verify SSLEngine wrap/unwrap in EAP-TTLS end-to-end tests
- verify(mMockCallback).onResponse(eq(EAP_TTLS_TUNNELED_IDENTITY_RESPONSE));
- verifyNoMoreInteractions(mMockCallback);
- }
-
- private void processAndVerifyMsChapV2ChallengeRequest() throws Exception {
- doAnswer(invocation -> {
- byte[] dst = invocation.getArgument(0);
- System.arraycopy(PEER_CHALLENGE, 0, dst, 0, PEER_CHALLENGE.length);
- return null;
- })
- .when(mMockSecureRandom)
- .nextBytes(argThat(arr -> arr.length == PEER_CHALLENGE.length));
- setupUnwrap(
- EAP_MSCHAP_V2_DECRYPTED_CHALLENGE_REQUEST_AVP_BYTES,
- EAP_MSCHAP_V2_ENCRYPTED_CHALLENGE_REQUEST_AVP_BYTES,
- RESULT_NOT_HANDSHAKING_OK);
- setupWrap(
- EAP_MSCHAP_V2_DECRYPTED_CHALLENGE_RESPONSE_AVP_BYTES,
- EAP_MSCHAP_V2_ENCRYPTED_CHALLENGE_RESPONSE_AVP_BYTES,
- RESULT_NOT_HANDSHAKING_OK);
-
- mEapAuthenticator.processEapMessage(EAP_TTLS_TUNNELED_CHALLENGE_REQUEST);
- mTestLooper.dispatchAll();
-
- // TODO(b/166794957): Verify SSLEngine wrap/unwrap in EAP-TTLS end-to-end tests
- verify(mMockCallback).onResponse(eq(EAP_TTLS_TUNNELED_CHALLENGE_RESPONSE));
- verify(mMockSecureRandom).nextBytes(argThat(arr -> arr.length == PEER_CHALLENGE.length));
- verifyNoMoreInteractions(mMockCallback);
- }
-
- private void processAndVerifyMsChapV2SuccessRequest() throws Exception {
- setupUnwrap(
- EAP_MSCHAP_V2_DECRYPTED_SUCCESS_REQUEST_AVP_BYTES,
- EAP_MSCHAP_V2_ENCRYPTED_SUCCESS_REQUEST_AVP_BYTES,
- RESULT_NOT_HANDSHAKING_OK);
- setupWrap(
- EAP_MSCHAP_V2_DECRYPTED_SUCCESS_RESPONSE_AVP_BYTES,
- EAP_MSCHAP_V2_ENCRYPTED_SUCCESS_RESPONSE_AVP_BYTES,
- RESULT_NOT_HANDSHAKING_OK);
-
- mEapAuthenticator.processEapMessage(EAP_TTLS_TUNNELED_SUCCESS_REQUEST);
- mTestLooper.dispatchAll();
-
- // TODO(b/166794957): Verify SSLEngine wrap/unwrap in EAP-TTLS end-to-end tests
- verify(mMockCallback).onResponse(eq(EAP_TTLS_TUNNELED_SUCCESS_RESPONSE));
- verifyNoMoreInteractions(mMockCallback);
- }
-
- private void processAndVerifyTunneledEapNotification(int callsToVerify) throws Exception {
- setupUnwrap(
- DECRYPTED_EAP_NOTIFICATION_REQUEST_AVP_BYTES,
- ENCRYPTED_EAP_NOTIFICATION_REQUEST_AVP_BYTES,
- RESULT_NOT_HANDSHAKING_OK);
- setupWrap(
- DECRYPTED_EAP_NOTIFICATION_RESPONSE_AVP_BYTES,
- ENCRYPTED_EAP_NOTIFICATION_RESPONSE_AVP_BYTES,
- RESULT_NOT_HANDSHAKING_OK);
-
- mEapAuthenticator.processEapMessage(EAP_TTLS_TUNNELED_EAP_NOTIFICATION_REQUEST);
- mTestLooper.dispatchAll();
-
- // TODO(b/166794957): Verify SSLEngine wrap/unwrap in EAP-TTLS end-to-end tests
- verify(mMockCallback, times(callsToVerify))
- .onResponse(eq(EAP_TTLS_TUNNELED_EAP_NOTIFICATION_RESPONSE));
- verifyNoMoreInteractions(mMockCallback);
- }
-
- private void processMessageAndVerifyMsChapV2FailureRequest() throws Exception {
- setupUnwrap(
- EAP_MSCHAP_V2_DECRYPTED_FAILURE_REQUEST_AVP_BYTES,
- EAP_MSCHAP_V2_ENCRYPTED_FAILURE_REQUEST_AVP_BYTES,
- RESULT_NOT_HANDSHAKING_OK);
- setupWrap(
- EAP_MSCHAP_V2_DECRYPTED_FAILURE_RESPONSE_AVP_BYTES,
- EAP_MSCHAP_V2_ENCRYPTED_FAILURE_RESPONSE_AVP_BYTES,
- RESULT_NOT_HANDSHAKING_OK);
-
- mEapAuthenticator.processEapMessage(EAP_TTLS_TUNNELED_FAILURE_REQUEST);
- mTestLooper.dispatchAll();
-
- // TODO(b/166794957): Verify SSLEngine wrap/unwrap in EAP-TTLS end-to-end tests
- verify(mMockCallback).onResponse(eq(EAP_TTLS_TUNNELED_FAILURE_RESPONSE));
- verifyNoMoreInteractions(mMockCallback);
- }
-
- private void processAndVerifyTunneledUnsupportedType()
- throws Exception {
- setupUnwrap(
- DECRYPTED_EAP_AKA_IDENTITY_REQUEST_AVP_BYTES,
- ENCRYPTED_EAP_AKA_IDENTITY_REQUEST_AVP_BYTES,
- RESULT_NOT_HANDSHAKING_OK);
- setupWrap(
- DECRYPTED_NAK_RESPONSE_AVP_BYTES,
- ENCRYPTED_NAK_RESPONSE_AVP_BYTES,
- RESULT_NOT_HANDSHAKING_OK);
-
- mEapAuthenticator.processEapMessage(EAP_TTLS_TUNNELED_AKA_IDENTITY_AVP_REQUEST);
- mTestLooper.dispatchAll();
-
- // TODO(b/166794957): Verify SSLEngine wrap/unwrap in EAP-TTLS end-to-end tests
- // verify EAP-Response/Nak returned
- verify(mMockCallback).onResponse(eq(EAP_TTLS_TUNNELED_NAK_RESPONSE));
- verifyNoMoreInteractions(mMockCallback);
- }
-
- private void processAndVerifyEapSuccess(byte[] msk, byte[] emsk) throws Exception {
- // EAP-Success
- mEapAuthenticator.processEapMessage(EAP_SUCCESS);
- mTestLooper.dispatchAll();
-
- // verify that onSuccess callback made
- verify(mMockCallback).onSuccess(eq(msk), eq(emsk));
- verify(mTlsSessionSpy).generateKeyingMaterial();
- verifyNoMoreInteractions(mMockContext, mMockSecureRandom, mMockCallback);
- }
-
- private void setupUnwrap(
- byte[] applicationData, byte[] packetData, SSLEngineResult result) throws Exception {
- doAnswer(invocation -> {
- ByteBuffer buffer = invocation.getArgument(1);
- buffer.put(applicationData);
- return result;
- })
- .when(mMockSslEngine)
- .unwrap(argThat(containsData(packetData)), any(ByteBuffer.class));
- }
-
- void setupWrap(byte[] applicationData, byte[] packetData, SSLEngineResult result)
- throws Exception {
- doAnswer(invocation -> {
- ByteBuffer buffer = invocation.getArgument(1);
- buffer.put(packetData);
- return result;
- })
- .when(mMockSslEngine)
- .wrap(argThat(containsData(applicationData)), any(ByteBuffer.class));
- }
-
- private ArgumentMatcher<ByteBuffer> containsData(byte[] data) {
- return buffer -> Arrays.equals(getByteArrayFromBufferLimit(buffer), data);
- }
-
- // The ByteBuffer is always initialized by ByteBuffer#allocate
- @SuppressWarnings("ByteBufferBackingArray")
- private byte[] getByteArrayFromBufferLimit(ByteBuffer buffer) {
- return Arrays.copyOfRange(buffer.array(), 0, buffer.limit());
- }
-}
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/crypto/Fips186_2PrfTest.java b/tests/iketests/src/java/com/android/internal/net/eap/crypto/Fips186_2PrfTest.java
index c237b83..978f070 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/crypto/Fips186_2PrfTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/crypto/Fips186_2PrfTest.java
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.crypto;
+package com.android.internal.net.eap.crypto;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.fail;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/crypto/HmacSha256ByteSignerTest.java b/tests/iketests/src/java/com/android/internal/net/eap/crypto/HmacSha256ByteSignerTest.java
index 1a3dd91..355c1db 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/crypto/HmacSha256ByteSignerTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/crypto/HmacSha256ByteSignerTest.java
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.crypto;
+package com.android.internal.net.eap.crypto;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/crypto/ParityBitUtilTest.java b/tests/iketests/src/java/com/android/internal/net/eap/crypto/ParityBitUtilTest.java
index ede64ac..7ba024e 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/crypto/ParityBitUtilTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/crypto/ParityBitUtilTest.java
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.crypto;
+package com.android.internal.net.eap.crypto;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/crypto/TlsSessionHandshakeTest.java b/tests/iketests/src/java/com/android/internal/net/eap/crypto/TlsSessionHandshakeTest.java
deleted file mode 100644
index 7e69222..0000000
--- a/tests/iketests/src/java/com/android/internal/net/eap/crypto/TlsSessionHandshakeTest.java
+++ /dev/null
@@ -1,272 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.eap.test.crypto;
-
-import static com.android.internal.net.TestUtils.hexStringToByteArray;
-import static com.android.internal.net.eap.test.crypto.TlsSession.TLS_STATUS_CLOSED;
-import static com.android.internal.net.eap.test.crypto.TlsSession.TLS_STATUS_FAILURE;
-import static com.android.internal.net.eap.test.crypto.TlsSession.TLS_STATUS_SUCCESS;
-import static com.android.internal.net.eap.test.crypto.TlsSession.TLS_STATUS_TUNNEL_ESTABLISHED;
-
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertEquals;
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.times;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
-
-import com.android.internal.net.eap.test.crypto.TlsSession.TlsResult;
-
-import org.junit.Before;
-import org.junit.Test;
-
-import java.nio.ByteBuffer;
-
-import javax.net.ssl.SSLEngineResult;
-import javax.net.ssl.SSLException;
-
-public class TlsSessionHandshakeTest extends TlsSessionTest {
-
- private static final byte[] EAP_IDENTITY_AVP = hexStringToByteArray("0000004F4000000B16030400");
- private static final ByteBuffer APPLICATION_BUFFER_AVP_POSITION_RESET =
- (ByteBuffer)
- ByteBuffer.allocate(APPLICATION_BUFFER_SIZE_TLS_MESSAGE)
- .put(EAP_IDENTITY_AVP)
- .flip();
- private static final ByteBuffer APPLICATION_BUFFER_AVP_CLEARED =
- (ByteBuffer)
- ByteBuffer.allocate(APPLICATION_BUFFER_SIZE_TLS_MESSAGE)
- .put(EAP_IDENTITY_AVP)
- .clear();
-
- @Before
- @Override
- public void setUp() {
- super.setUp();
- mTlsSession.mHandshakeStatus = SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
- }
-
- @Test
- public void testStartHandshake() throws Exception {
- setupWrap(EMPTY_APPLICATION_BUFFER, EMPTY_PACKET_BUFFER, RESULT_NEED_UNWRAP_OK);
-
- TlsResult result = mTlsSession.startHandshake();
-
- assertEquals(TLS_STATUS_SUCCESS, result.status);
- assertArrayEquals(SAMPLE_PACKET_TLS_MESSAGE, result.data);
- verify(mMockSslEngine).wrap(eq(EMPTY_APPLICATION_BUFFER), eq(PACKET_BUFFER_POSITION_LIMIT));
- }
-
- @Test
- public void testStartHandshake_fail() throws Exception {
- when(mMockSslEngine.wrap(eq(EMPTY_APPLICATION_BUFFER), eq(EMPTY_PACKET_BUFFER)))
- .thenThrow(SSLException.class);
-
- TlsResult result = mTlsSession.startHandshake();
-
- assertEquals(TLS_STATUS_FAILURE, result.status);
- assertArrayEquals(EMPTY_BYTE_ARRAY, result.data);
- verify(mMockSslEngine).wrap(eq(EMPTY_APPLICATION_BUFFER), eq(EMPTY_PACKET_BUFFER));
- }
-
- @Test
- public void testprocessHandshakeData_success() throws Exception {
- when(mMockSslEngine.unwrap(
- eq(PACKET_BUFFER_POSITION_RESET),
- eq(APPLICATION_BUFFER_AVP_POSITION_RESET)))
- .thenReturn(RESULT_NEED_WRAP_OK);
- setupWrap(
- APPLICATION_BUFFER_AVP_POSITION_RESET,
- PACKET_BUFFER_POSITION_RESET,
- RESULT_NEED_UNWRAP_OK);
-
- TlsResult result =
- mTlsSession.processHandshakeData(SAMPLE_PACKET_TLS_MESSAGE, EAP_IDENTITY_AVP);
-
- assertEquals(TLS_STATUS_SUCCESS, result.status);
- assertArrayEquals(SAMPLE_PACKET_TLS_MESSAGE, result.data);
- verify(mMockSslEngine)
- .unwrap(
- eq(PACKET_BUFFER_POSITION_LIMIT),
- eq(APPLICATION_BUFFER_AVP_POSITION_RESET));
- verify(mMockSslEngine)
- .wrap(eq(APPLICATION_BUFFER_AVP_POSITION_RESET), eq(PACKET_BUFFER_POSITION_LIMIT));
- }
-
- @Test
- public void testprocessHandshakeData_wrapFailure() throws Exception {
- when(mMockSslEngine.unwrap(
- eq(PACKET_BUFFER_POSITION_RESET),
- eq(APPLICATION_BUFFER_AVP_POSITION_RESET)))
- .thenReturn(RESULT_NEED_WRAP_OK);
- when(mMockSslEngine.wrap(
- eq(APPLICATION_BUFFER_AVP_POSITION_RESET),
- eq(PACKET_BUFFER_POSITION_RESET)))
- .thenThrow(SSLException.class);
- setupWrap(
- APPLICATION_BUFFER_AVP_CLEARED,
- PACKET_BUFFER_POSITION_RESET,
- RESULT_NOT_HANDSHAKING_CLOSED);
- when(mMockSslEngine.getHandshakeStatus())
- .thenReturn(SSLEngineResult.HandshakeStatus.NEED_WRAP);
-
- TlsResult result =
- mTlsSession.processHandshakeData(SAMPLE_PACKET_TLS_MESSAGE, EAP_IDENTITY_AVP);
-
- assertEquals(TLS_STATUS_CLOSED, result.status);
- assertArrayEquals(SAMPLE_PACKET_TLS_MESSAGE, result.data);
- verify(mMockSslEngine)
- .unwrap(eq(PACKET_BUFFER_POSITION_LIMIT), eq(APPLICATION_BUFFER_AVP_CLEARED));
- verify(mMockSslEngine, times(2))
- .wrap(eq(APPLICATION_BUFFER_AVP_CLEARED), eq(PACKET_BUFFER_POSITION_LIMIT));
- }
-
- @Test
- public void testprocessHandshakeData_unwrapFailure() throws Exception {
- when(mMockSslEngine.unwrap(
- eq(PACKET_BUFFER_POSITION_RESET),
- eq(APPLICATION_BUFFER_AVP_POSITION_RESET)))
- .thenThrow(SSLException.class);
-
- verifyCloseConnection();
- }
-
- @Test
- public void testprocessHandshakeData_underflow() throws Exception {
- when(mMockSslEngine.unwrap(
- eq(PACKET_BUFFER_POSITION_RESET),
- eq(APPLICATION_BUFFER_AVP_POSITION_RESET)))
- .thenReturn(RESULT_NEED_UNWRAP_UNDERFLOW);
-
- verifyCloseConnection();
- }
-
- @Test
- public void testprocessHandshakeData_overflow() throws Exception {
- when(mMockSslEngine.unwrap(
- eq(PACKET_BUFFER_POSITION_RESET),
- eq(APPLICATION_BUFFER_AVP_POSITION_RESET)))
- .thenReturn(RESULT_NEED_UNWRAP_OVERFLOW);
-
- verifyCloseConnection();
- }
-
- @Test
- public void testprocessHandshakeData_wrapClosed() throws Exception {
- setupWrap(
- APPLICATION_BUFFER_AVP_POSITION_RESET,
- PACKET_BUFFER_POSITION_RESET,
- RESULT_NOT_HANDSHAKING_CLOSED);
- when(mMockSslEngine.getHandshakeStatus())
- .thenReturn(SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING);
-
- mTlsSession.mHandshakeStatus = SSLEngineResult.HandshakeStatus.NEED_WRAP;
- TlsResult result =
- mTlsSession.processHandshakeData(SAMPLE_PACKET_TLS_MESSAGE, EAP_IDENTITY_AVP);
-
- assertEquals(TLS_STATUS_CLOSED, result.status);
- assertArrayEquals(EMPTY_BYTE_ARRAY, result.data);
- verify(mMockSslEngine)
- .wrap(eq(APPLICATION_BUFFER_AVP_POSITION_RESET), eq(PACKET_BUFFER_POSITION_LIMIT));
- }
-
- @Test
- public void testprocessHandshakeData_unwrapClosed() throws Exception {
- when(mMockSslEngine.unwrap(
- eq(PACKET_BUFFER_POSITION_RESET),
- eq(APPLICATION_BUFFER_AVP_POSITION_RESET)))
- .thenReturn(RESULT_NEED_WRAP_CLOSED);
-
- verifyCloseConnection();
- }
-
- @Test
- public void testprocessHandshakeData_wrapFinished() throws Exception {
- when(mMockSslEngine.unwrap(
- eq(PACKET_BUFFER_POSITION_RESET),
- eq(APPLICATION_BUFFER_AVP_POSITION_RESET)))
- .thenReturn(RESULT_NEED_UNWRAP_OK)
- .thenReturn(RESULT_NEED_WRAP_OK);
- setupWrap(
- APPLICATION_BUFFER_AVP_POSITION_RESET,
- PACKET_BUFFER_POSITION_RESET,
- RESULT_FINISHED_OK);
-
- TlsResult result =
- mTlsSession.processHandshakeData(SAMPLE_PACKET_TLS_MESSAGE, EAP_IDENTITY_AVP);
-
- assertEquals(TLS_STATUS_TUNNEL_ESTABLISHED, result.status);
- assertArrayEquals(SAMPLE_PACKET_TLS_MESSAGE, result.data);
- verify(mMockSslEngine, times(2))
- .unwrap(
- eq(PACKET_BUFFER_POSITION_LIMIT),
- eq(APPLICATION_BUFFER_AVP_POSITION_RESET));
- verify(mMockSslEngine)
- .wrap(eq(APPLICATION_BUFFER_AVP_POSITION_RESET), eq(PACKET_BUFFER_POSITION_LIMIT));
- }
-
- @Test
- public void testprocessHandshakeData_notHandshaking() throws Exception {
- mTlsSession.mHandshakeStatus = SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
- TlsResult result =
- mTlsSession.processHandshakeData(SAMPLE_PACKET_TLS_MESSAGE, EAP_IDENTITY_AVP);
-
- assertArrayEquals(EMPTY_BYTE_ARRAY, result.data);
- assertEquals(TLS_STATUS_FAILURE, result.status);
- }
-
- @Test
- public void testprocessHandshakeData_delegatedTasks() throws Exception {
- when(mMockSslEngine.getDelegatedTask()).thenReturn(mMockRunnable);
- when(mMockSslEngine.getHandshakeStatus())
- .thenReturn(SSLEngineResult.HandshakeStatus.NEED_WRAP);
- setupWrap(
- APPLICATION_BUFFER_AVP_POSITION_RESET,
- PACKET_BUFFER_POSITION_RESET,
- RESULT_NEED_UNWRAP_OK);
-
- mTlsSession.mHandshakeStatus = SSLEngineResult.HandshakeStatus.NEED_TASK;
- TlsResult result =
- mTlsSession.processHandshakeData(SAMPLE_PACKET_TLS_MESSAGE, EAP_IDENTITY_AVP);
-
- assertEquals(TLS_STATUS_SUCCESS, result.status);
- assertArrayEquals(SAMPLE_PACKET_TLS_MESSAGE, result.data);
- verify(mMockSslEngine)
- .wrap(eq(APPLICATION_BUFFER_AVP_POSITION_RESET), eq(PACKET_BUFFER_POSITION_LIMIT));
- verify(mMockRunnable).run();
- }
-
- /** Shared logic for any failure case that requires the connection to be closed */
- private void verifyCloseConnection() throws Exception {
- setupWrap(
- APPLICATION_BUFFER_AVP_CLEARED,
- PACKET_BUFFER_POSITION_RESET,
- RESULT_NOT_HANDSHAKING_CLOSED);
- when(mMockSslEngine.getHandshakeStatus())
- .thenReturn(SSLEngineResult.HandshakeStatus.NEED_WRAP);
-
- TlsResult result =
- mTlsSession.processHandshakeData(SAMPLE_PACKET_TLS_MESSAGE, EAP_IDENTITY_AVP);
-
- assertEquals(TLS_STATUS_CLOSED, result.status);
- assertArrayEquals(SAMPLE_PACKET_TLS_MESSAGE, result.data);
- verify(mMockSslEngine)
- .unwrap(eq(PACKET_BUFFER_POSITION_LIMIT), eq(APPLICATION_BUFFER_AVP_CLEARED));
- verify(mMockSslEngine)
- .wrap(eq(APPLICATION_BUFFER_AVP_CLEARED), eq(PACKET_BUFFER_POSITION_LIMIT));
- }
-}
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/crypto/TlsSessionTest.java b/tests/iketests/src/java/com/android/internal/net/eap/crypto/TlsSessionTest.java
deleted file mode 100644
index 0597972..0000000
--- a/tests/iketests/src/java/com/android/internal/net/eap/crypto/TlsSessionTest.java
+++ /dev/null
@@ -1,272 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.eap.test.crypto;
-
-import static com.android.internal.net.TestUtils.hexStringToByteArray;
-import static com.android.internal.net.eap.test.crypto.TlsSession.TLS_STATUS_CLOSED;
-import static com.android.internal.net.eap.test.crypto.TlsSession.TLS_STATUS_FAILURE;
-
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertTrue;
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
-
-import com.android.internal.net.eap.test.crypto.TlsSession.EapTtlsKeyingMaterial;
-import com.android.internal.net.eap.test.crypto.TlsSession.TlsResult;
-import com.android.internal.net.eap.test.exceptions.EapInvalidRequestException;
-
-import org.junit.Before;
-import org.junit.Test;
-
-import java.nio.ByteBuffer;
-import java.security.SecureRandom;
-
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLEngine;
-import javax.net.ssl.SSLEngineResult;
-import javax.net.ssl.SSLEngineResult.HandshakeStatus;
-import javax.net.ssl.SSLEngineResult.Status;
-import javax.net.ssl.SSLException;
-import javax.net.ssl.SSLSession;
-
-public class TlsSessionTest {
-
- // Package-private
- SSLEngine mMockSslEngine;
- SSLContext mMockSslContext;
- SSLSession mMockSslSession;
- SecureRandom mMockSecureRandom;
- Runnable mMockRunnable;
- TlsSession mTlsSession;
-
- static final byte[] SAMPLE_PACKET_TLS_MESSAGE =
- hexStringToByteArray(
- "17030300800A7516313DA811E690BAF1E76B5C25A1B57B891FC03AECDE89B5C75044B3111"
- + "966EF9149ADA96F07255C9A169105B0C57E2C57780CDA72CD43B3316F923AB2"
- + "1074BE70CC87F5C862F85E862F69105B0C57E2C57780C9C8D74BE705CC87F5C"
- + "8");
- static final byte[] SAMPLE_APPLICATION_TLS_MESSAGE =
- hexStringToByteArray(
- "1603010085010000810303DE76A65F038E90315BB25B49CB9AB4E2540586C3B25851604C8"
- + "D6EFECA11C16D00001CC02BC02C");
- static final byte[] EMPTY_BYTE_ARRAY = new byte[0];
-
- static final int APPLICATION_BUFFER_SIZE_TLS_MESSAGE = 50;
- private static final int PACKET_BUFFER_SIZE_TLS_MESSAGE = 100;
-
- static final ByteBuffer EMPTY_APPLICATION_BUFFER =
- ByteBuffer.allocate(APPLICATION_BUFFER_SIZE_TLS_MESSAGE);
- static final ByteBuffer EMPTY_PACKET_BUFFER =
- ByteBuffer.allocate(PACKET_BUFFER_SIZE_TLS_MESSAGE);
- static final ByteBuffer APPLICATION_BUFFER_POSITION_RESET =
- (ByteBuffer)
- ByteBuffer.allocate(APPLICATION_BUFFER_SIZE_TLS_MESSAGE)
- .put(SAMPLE_APPLICATION_TLS_MESSAGE)
- .flip();
- static final ByteBuffer PACKET_BUFFER_POSITION_RESET =
- (ByteBuffer)
- ByteBuffer.allocate(PACKET_BUFFER_SIZE_TLS_MESSAGE)
- .put(SAMPLE_PACKET_TLS_MESSAGE)
- .flip();
- static final ByteBuffer PACKET_BUFFER_POSITION_LIMIT =
- ByteBuffer.allocate(PACKET_BUFFER_SIZE_TLS_MESSAGE).put(SAMPLE_PACKET_TLS_MESSAGE);
- static final ByteBuffer APPLICATION_BUFFER_POSITION_LIMIT =
- (ByteBuffer)
- ByteBuffer.allocate(APPLICATION_BUFFER_SIZE_TLS_MESSAGE)
- .put(SAMPLE_APPLICATION_TLS_MESSAGE);
-
- public static final SSLEngineResult RESULT_NEED_WRAP_OK =
- new SSLEngineResult(Status.OK, HandshakeStatus.NEED_WRAP, 0, 0);
- public static final SSLEngineResult RESULT_NEED_UNWRAP_OK =
- new SSLEngineResult(Status.OK, HandshakeStatus.NEED_UNWRAP, 0, 0);
- public static final SSLEngineResult RESULT_FINISHED_OK =
- new SSLEngineResult(Status.OK, HandshakeStatus.FINISHED, 0, 0);
- public static final SSLEngineResult RESULT_NOT_HANDSHAKING_OK =
- new SSLEngineResult(Status.OK, HandshakeStatus.NOT_HANDSHAKING, 0, 0);
-
- static final SSLEngineResult RESULT_NEED_WRAP_CLOSED =
- new SSLEngineResult(Status.CLOSED, HandshakeStatus.NEED_WRAP, 0, 0);
- static final SSLEngineResult RESULT_NEED_UNWRAP_OVERFLOW =
- new SSLEngineResult(Status.BUFFER_OVERFLOW, HandshakeStatus.NEED_UNWRAP, 0, 0);
- static final SSLEngineResult RESULT_NEED_UNWRAP_UNDERFLOW =
- new SSLEngineResult(Status.BUFFER_UNDERFLOW, HandshakeStatus.NEED_UNWRAP, 0, 0);
- static final SSLEngineResult RESULT_NEED_UNWRAP_CLOSED =
- new SSLEngineResult(Status.CLOSED, HandshakeStatus.NEED_UNWRAP, 0, 0);
- static final SSLEngineResult RESULT_NOT_HANDSHAKING_OVERFLOW =
- new SSLEngineResult(Status.BUFFER_OVERFLOW, HandshakeStatus.NOT_HANDSHAKING, 0, 0);
- static final SSLEngineResult RESULT_NOT_HANDSHAKING_UNDERFLOW =
- new SSLEngineResult(Status.BUFFER_UNDERFLOW, HandshakeStatus.NOT_HANDSHAKING, 0, 0);
- static final SSLEngineResult RESULT_NOT_HANDSHAKING_CLOSED =
- new SSLEngineResult(Status.CLOSED, HandshakeStatus.NOT_HANDSHAKING, 0, 0);
-
- @Before
- public void setUp() {
- mMockSslContext = mock(SSLContext.class);
- mMockSslEngine = mock(SSLEngine.class);
- mMockSslSession = mock(SSLSession.class);
- mMockSecureRandom = mock(SecureRandom.class);
- mMockRunnable = mock(Runnable.class);
-
- when(mMockSslSession.getApplicationBufferSize())
- .thenReturn(APPLICATION_BUFFER_SIZE_TLS_MESSAGE);
- when(mMockSslSession.getPacketBufferSize()).thenReturn(PACKET_BUFFER_SIZE_TLS_MESSAGE);
- mTlsSession =
- new TlsSession(mMockSslContext, mMockSslEngine, mMockSslSession, mMockSecureRandom);
- }
-
- @Test
- public void testCloseConnection_success_withData() throws Exception {
- when(mMockSslEngine.getHandshakeStatus()).thenReturn(HandshakeStatus.NEED_WRAP);
- setupWrap(EMPTY_APPLICATION_BUFFER, EMPTY_PACKET_BUFFER, RESULT_NOT_HANDSHAKING_CLOSED);
-
- TlsResult result = mTlsSession.closeConnection();
-
- assertEquals(TLS_STATUS_CLOSED, result.status);
- assertArrayEquals(SAMPLE_PACKET_TLS_MESSAGE, result.data);
- verify(mMockSslEngine).wrap(eq(EMPTY_APPLICATION_BUFFER), eq(PACKET_BUFFER_POSITION_LIMIT));
- }
-
- @Test
- public void testCloseConnection_success_withoutData() throws Exception {
- when(mMockSslEngine.getHandshakeStatus()).thenReturn(HandshakeStatus.NOT_HANDSHAKING);
-
- TlsResult result = mTlsSession.closeConnection();
-
- assertEquals(TLS_STATUS_CLOSED, result.status);
- assertArrayEquals(EMPTY_BYTE_ARRAY, result.data);
- }
-
- @Test
- public void testCloseConnection_failure_sslException() throws Exception {
- when(mMockSslEngine.getHandshakeStatus()).thenReturn(HandshakeStatus.NEED_WRAP);
- when(mMockSslEngine.wrap(eq(EMPTY_APPLICATION_BUFFER), eq(EMPTY_PACKET_BUFFER)))
- .thenThrow(SSLException.class);
-
- TlsResult result = mTlsSession.closeConnection();
-
- assertEquals(TLS_STATUS_FAILURE, result.status);
- assertArrayEquals(EMPTY_BYTE_ARRAY, result.data);
- verify(mMockSslEngine).wrap(eq(EMPTY_APPLICATION_BUFFER), eq(EMPTY_PACKET_BUFFER));
- }
-
- @Test
- public void testCloseConnection_failure_bufferOverflow() throws Exception {
- when(mMockSslEngine.getHandshakeStatus()).thenReturn(HandshakeStatus.NEED_WRAP);
- when(mMockSslEngine.wrap(eq(EMPTY_APPLICATION_BUFFER), eq(EMPTY_PACKET_BUFFER)))
- .thenReturn(RESULT_NEED_UNWRAP_OVERFLOW);
-
- TlsResult result = mTlsSession.closeConnection();
-
- assertEquals(TLS_STATUS_FAILURE, result.status);
- assertArrayEquals(EMPTY_BYTE_ARRAY, result.data);
- verify(mMockSslEngine).wrap(eq(EMPTY_APPLICATION_BUFFER), eq(EMPTY_PACKET_BUFFER));
- }
-
- @Test
- public void testGenerateKeyingMaterial_handshakeNotComplete() throws Exception {
- EapTtlsKeyingMaterial result = mTlsSession.generateKeyingMaterial();
-
- assertFalse(result.isSuccessful());
- assertTrue(result.eapError.cause instanceof EapInvalidRequestException);
- }
-
- /**
- * Mocks a wrap operation and inserts data into the packet buffer
- *
- * @param applicationBuffer the application (source) buffer
- * @param packetBuffer the packet (destination) buffer
- * @param result the SSLEngineResult to return
- */
- void setupWrap(ByteBuffer applicationBuffer, ByteBuffer packetBuffer, SSLEngineResult result)
- throws Exception {
- when(mMockSslEngine.wrap(eq(applicationBuffer), eq(packetBuffer)))
- .thenAnswer(
- invocation -> {
- ByteBuffer buffer = invocation.getArgument(1);
- buffer.put(SAMPLE_PACKET_TLS_MESSAGE);
- return result;
- });
- }
-
- /**
- * Mocks a chained wrap operation and inserts data into the packet buffer
- *
- * @param applicationBuffer the application (source) buffer
- * @param packetBuffer the packet (destination) buffer
- * @param firstResult the first SSLEngineResult to return
- * @param secondResult the second SSLEngineResult to return
- */
- void setupChainedWrap(
- ByteBuffer applicationBuffer,
- ByteBuffer packetBuffer,
- SSLEngineResult firstResult,
- SSLEngineResult secondResult)
- throws Exception {
- when(mMockSslEngine.wrap(eq(applicationBuffer), eq(packetBuffer)))
- .thenReturn(firstResult)
- .thenAnswer(
- invocation -> {
- ByteBuffer buffer = invocation.getArgument(1);
- buffer.put(SAMPLE_PACKET_TLS_MESSAGE);
- return secondResult;
- });
- }
-
- /**
- * Mocks an unwrap operation and inserts data into the application buffer
- *
- * @param applicationBuffer the application (destination) buffer
- * @param packetBuffer the packet (source) buffer
- * @param result the SSLEngineResult to return
- */
- void setupUnwrap(ByteBuffer applicationBuffer, ByteBuffer packetBuffer, SSLEngineResult result)
- throws Exception {
- when(mMockSslEngine.unwrap(eq(packetBuffer), eq(applicationBuffer)))
- .thenAnswer(
- invocation -> {
- ByteBuffer buffer = invocation.getArgument(1);
- buffer.put(SAMPLE_APPLICATION_TLS_MESSAGE);
- return result;
- });
- }
-
- /**
- * Mocks a chained wrap operation and inserts data into the packet buffer
- *
- * <p>The first result during a wrap will be an exception in this case
- *
- * @param applicationBuffer the application (source) buffer
- * @param packetBuffer the packet (destination) buffer
- * @param result the SSLEngineResult to return
- */
- void setupChainedWrap_exception(
- ByteBuffer applicationBuffer, ByteBuffer packetBuffer, SSLEngineResult result)
- throws Exception {
- when(mMockSslEngine.wrap(eq(applicationBuffer), eq(packetBuffer)))
- .thenThrow(SSLException.class)
- .thenAnswer(
- invocation -> {
- ByteBuffer buffer = invocation.getArgument(1);
- buffer.put(SAMPLE_PACKET_TLS_MESSAGE);
- return result;
- });
- }
-}
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/crypto/TlsSessionTunnelTest.java b/tests/iketests/src/java/com/android/internal/net/eap/crypto/TlsSessionTunnelTest.java
deleted file mode 100644
index 651d30e..0000000
--- a/tests/iketests/src/java/com/android/internal/net/eap/crypto/TlsSessionTunnelTest.java
+++ /dev/null
@@ -1,203 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.eap.test.crypto;
-
-import static com.android.internal.net.eap.test.crypto.TlsSession.TLS_STATUS_CLOSED;
-import static com.android.internal.net.eap.test.crypto.TlsSession.TLS_STATUS_SUCCESS;
-
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertEquals;
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.times;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
-
-import com.android.internal.net.eap.test.crypto.TlsSession.TlsResult;
-
-import org.junit.Test;
-
-import javax.net.ssl.SSLEngineResult;
-import javax.net.ssl.SSLException;
-
-public class TlsSessionTunnelTest extends TlsSessionTest {
-
- @Test
- public void testEncryptMessage_success() throws Exception {
- setupWrap(
- APPLICATION_BUFFER_POSITION_RESET, EMPTY_PACKET_BUFFER, RESULT_NOT_HANDSHAKING_OK);
-
- TlsResult result = mTlsSession.processOutgoingData(SAMPLE_APPLICATION_TLS_MESSAGE);
-
- assertEquals(TLS_STATUS_SUCCESS, result.status);
- assertArrayEquals(SAMPLE_PACKET_TLS_MESSAGE, result.data);
- verify(mMockSslEngine)
- .wrap(eq(APPLICATION_BUFFER_POSITION_RESET), eq(PACKET_BUFFER_POSITION_LIMIT));
- }
-
- @Test
- public void testEncryptMessage_failure() throws Exception {
- setupChainedWrap_exception(
- APPLICATION_BUFFER_POSITION_RESET,
- EMPTY_PACKET_BUFFER,
- RESULT_NOT_HANDSHAKING_CLOSED);
- when(mMockSslEngine.getHandshakeStatus())
- .thenReturn(SSLEngineResult.HandshakeStatus.NEED_WRAP);
-
- TlsResult result = mTlsSession.processOutgoingData(SAMPLE_APPLICATION_TLS_MESSAGE);
-
- assertEquals(TLS_STATUS_CLOSED, result.status);
- assertArrayEquals(SAMPLE_PACKET_TLS_MESSAGE, result.data);
- verify(mMockSslEngine, times(2))
- .wrap(eq(APPLICATION_BUFFER_POSITION_RESET), eq(PACKET_BUFFER_POSITION_LIMIT));
- }
-
- @Test
- public void testEncryptMessage_overflow() throws Exception {
- setupChainedWrap(
- APPLICATION_BUFFER_POSITION_RESET,
- EMPTY_PACKET_BUFFER,
- RESULT_NOT_HANDSHAKING_OVERFLOW,
- RESULT_NOT_HANDSHAKING_CLOSED);
- when(mMockSslEngine.getHandshakeStatus())
- .thenReturn(SSLEngineResult.HandshakeStatus.NEED_WRAP);
-
- TlsResult result = mTlsSession.processOutgoingData(SAMPLE_APPLICATION_TLS_MESSAGE);
-
- assertEquals(TLS_STATUS_CLOSED, result.status);
- assertArrayEquals(SAMPLE_PACKET_TLS_MESSAGE, result.data);
- verify(mMockSslEngine, times(2))
- .wrap(eq(APPLICATION_BUFFER_POSITION_RESET), eq(PACKET_BUFFER_POSITION_LIMIT));
- }
-
- @Test
- public void testEncryptMessage_underflow() throws Exception {
- setupChainedWrap(
- APPLICATION_BUFFER_POSITION_RESET,
- EMPTY_PACKET_BUFFER,
- RESULT_NOT_HANDSHAKING_UNDERFLOW,
- RESULT_NOT_HANDSHAKING_CLOSED);
- when(mMockSslEngine.getHandshakeStatus())
- .thenReturn(SSLEngineResult.HandshakeStatus.NEED_WRAP);
-
- TlsResult result = mTlsSession.processOutgoingData(SAMPLE_APPLICATION_TLS_MESSAGE);
-
- assertEquals(TLS_STATUS_CLOSED, result.status);
- assertArrayEquals(SAMPLE_PACKET_TLS_MESSAGE, result.data);
- verify(mMockSslEngine, times(2))
- .wrap(eq(APPLICATION_BUFFER_POSITION_RESET), eq(PACKET_BUFFER_POSITION_LIMIT));
- }
-
- @Test
- public void testEncryptMessage_closed() throws Exception {
- when(mMockSslEngine.wrap(eq(APPLICATION_BUFFER_POSITION_RESET), eq(EMPTY_PACKET_BUFFER)))
- .thenReturn(RESULT_NOT_HANDSHAKING_CLOSED);
- when(mMockSslEngine.getHandshakeStatus())
- .thenReturn(SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING);
-
- TlsResult result = mTlsSession.processOutgoingData(SAMPLE_APPLICATION_TLS_MESSAGE);
-
- assertEquals(TLS_STATUS_CLOSED, result.status);
- assertArrayEquals(EMPTY_BYTE_ARRAY, result.data);
- }
-
- @Test
- public void testDecryptMessage_success() throws Exception {
- setupUnwrap(
- EMPTY_APPLICATION_BUFFER, PACKET_BUFFER_POSITION_RESET, RESULT_NOT_HANDSHAKING_OK);
-
- TlsResult result = mTlsSession.processIncomingData(SAMPLE_PACKET_TLS_MESSAGE);
-
- assertEquals(TLS_STATUS_SUCCESS, result.status);
- assertArrayEquals(SAMPLE_APPLICATION_TLS_MESSAGE, result.data);
- verify(mMockSslEngine)
- .unwrap(eq(PACKET_BUFFER_POSITION_RESET), eq(APPLICATION_BUFFER_POSITION_LIMIT));
- }
-
- @Test
- public void testDecryptMessage_failure() throws Exception {
- when(mMockSslEngine.unwrap(eq(PACKET_BUFFER_POSITION_RESET), eq(EMPTY_APPLICATION_BUFFER)))
- .thenThrow(SSLException.class);
- setupWrap(
- EMPTY_APPLICATION_BUFFER,
- PACKET_BUFFER_POSITION_RESET,
- RESULT_NOT_HANDSHAKING_CLOSED);
- when(mMockSslEngine.getHandshakeStatus())
- .thenReturn(SSLEngineResult.HandshakeStatus.NEED_WRAP);
-
- TlsResult result = mTlsSession.processIncomingData(SAMPLE_PACKET_TLS_MESSAGE);
-
- assertEquals(TLS_STATUS_CLOSED, result.status);
- assertArrayEquals(SAMPLE_PACKET_TLS_MESSAGE, result.data);
- verify(mMockSslEngine)
- .unwrap(eq(PACKET_BUFFER_POSITION_LIMIT), eq(EMPTY_APPLICATION_BUFFER));
- verify(mMockSslEngine).wrap(eq(EMPTY_APPLICATION_BUFFER), eq(PACKET_BUFFER_POSITION_LIMIT));
- }
-
- @Test
- public void testDecryptMessage_overflow() throws Exception {
- when(mMockSslEngine.unwrap(eq(PACKET_BUFFER_POSITION_RESET), eq(EMPTY_APPLICATION_BUFFER)))
- .thenReturn(RESULT_NOT_HANDSHAKING_OVERFLOW);
- setupWrap(
- EMPTY_APPLICATION_BUFFER,
- PACKET_BUFFER_POSITION_RESET,
- RESULT_NOT_HANDSHAKING_CLOSED);
- when(mMockSslEngine.getHandshakeStatus())
- .thenReturn(SSLEngineResult.HandshakeStatus.NEED_WRAP);
-
- TlsResult result = mTlsSession.processIncomingData(SAMPLE_PACKET_TLS_MESSAGE);
-
- assertEquals(TLS_STATUS_CLOSED, result.status);
- assertArrayEquals(SAMPLE_PACKET_TLS_MESSAGE, result.data);
- verify(mMockSslEngine)
- .unwrap(eq(PACKET_BUFFER_POSITION_LIMIT), eq(EMPTY_APPLICATION_BUFFER));
- verify(mMockSslEngine).wrap(eq(EMPTY_APPLICATION_BUFFER), eq(PACKET_BUFFER_POSITION_LIMIT));
- }
-
- @Test
- public void testDecryptMessage_underflow() throws Exception {
- when(mMockSslEngine.unwrap(eq(PACKET_BUFFER_POSITION_RESET), eq(EMPTY_APPLICATION_BUFFER)))
- .thenReturn(RESULT_NOT_HANDSHAKING_UNDERFLOW);
- setupWrap(
- EMPTY_APPLICATION_BUFFER,
- PACKET_BUFFER_POSITION_RESET,
- RESULT_NOT_HANDSHAKING_CLOSED);
- when(mMockSslEngine.getHandshakeStatus())
- .thenReturn(SSLEngineResult.HandshakeStatus.NEED_WRAP);
-
- TlsResult result = mTlsSession.processIncomingData(SAMPLE_PACKET_TLS_MESSAGE);
-
- assertEquals(TLS_STATUS_CLOSED, result.status);
- assertArrayEquals(SAMPLE_PACKET_TLS_MESSAGE, result.data);
- }
-
- @Test
- public void testDecryptMessage_closed() throws Exception {
- when(mMockSslEngine.unwrap(eq(PACKET_BUFFER_POSITION_RESET), eq(EMPTY_APPLICATION_BUFFER)))
- .thenReturn(RESULT_NOT_HANDSHAKING_CLOSED);
- setupWrap(
- EMPTY_APPLICATION_BUFFER,
- PACKET_BUFFER_POSITION_RESET,
- RESULT_NOT_HANDSHAKING_CLOSED);
- when(mMockSslEngine.getHandshakeStatus())
- .thenReturn(SSLEngineResult.HandshakeStatus.NEED_WRAP);
-
- TlsResult result = mTlsSession.processIncomingData(SAMPLE_PACKET_TLS_MESSAGE);
-
- assertEquals(TLS_STATUS_CLOSED, result.status);
- assertArrayEquals(SAMPLE_PACKET_TLS_MESSAGE, result.data);
- }
-}
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/EapDataTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/EapDataTest.java
index 0208903..9d4cc7c 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/EapDataTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/EapDataTest.java
@@ -14,9 +14,9 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message;
+package com.android.internal.net.eap.message;
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_SIM;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_SIM;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/EapMessageTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/EapMessageTest.java
index a4394f0..3056716 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/EapMessageTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/EapMessageTest.java
@@ -14,30 +14,29 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message;
-
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_SIM;
+package com.android.internal.net.eap.message;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
-import static com.android.internal.net.eap.test.message.EapData.EAP_IDENTITY;
-import static com.android.internal.net.eap.test.message.EapData.EAP_NAK;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_REQUEST;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_RESPONSE;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_SUCCESS;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_REQUEST_IDENTITY_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_REQUEST_IDENTITY_PACKET_TOO_LONG;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_REQUEST_SIM_START_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_REQUEST_SIM_TYPE_DATA;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_RESPONSE_NAK_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_RESPONSE_NOTIFICATION_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_SUCCESS_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.ID_INT;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.INCOMPLETE_HEADER_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.INVALID_CODE_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.LONG_SUCCESS_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.REQUEST_MISSING_TYPE_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.REQUEST_UNSUPPORTED_TYPE_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.SHORT_PACKET;
+import static com.android.internal.net.eap.message.EapData.EAP_IDENTITY;
+import static com.android.internal.net.eap.message.EapData.EAP_NAK;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_SIM;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_REQUEST;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_RESPONSE;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_SUCCESS;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_REQUEST_IDENTITY_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_REQUEST_IDENTITY_PACKET_TOO_LONG;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_REQUEST_SIM_START_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_REQUEST_SIM_TYPE_DATA;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_RESPONSE_NAK_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_RESPONSE_NOTIFICATION_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_SUCCESS_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.ID_INT;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.INCOMPLETE_HEADER_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.INVALID_CODE_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.LONG_SUCCESS_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.REQUEST_MISSING_TYPE_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.REQUEST_UNSUPPORTED_TYPE_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.SHORT_PACKET;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -45,11 +44,11 @@
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import com.android.internal.net.eap.test.EapResult;
-import com.android.internal.net.eap.test.EapResult.EapResponse;
-import com.android.internal.net.eap.test.exceptions.EapInvalidPacketLengthException;
-import com.android.internal.net.eap.test.exceptions.InvalidEapCodeException;
-import com.android.internal.net.eap.test.exceptions.UnsupportedEapTypeException;
+import com.android.internal.net.eap.EapResult;
+import com.android.internal.net.eap.EapResult.EapResponse;
+import com.android.internal.net.eap.exceptions.EapInvalidPacketLengthException;
+import com.android.internal.net.eap.exceptions.InvalidEapCodeException;
+import com.android.internal.net.eap.exceptions.UnsupportedEapTypeException;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/EapTestMessageDefinitions.java b/tests/iketests/src/java/com/android/internal/net/eap/message/EapTestMessageDefinitions.java
index d5d790a..ccd580e 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/EapTestMessageDefinitions.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/EapTestMessageDefinitions.java
@@ -14,15 +14,15 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message;
+package com.android.internal.net.eap.message;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_VERSION_LIST_DATA;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.IDENTITY_STRING;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.NONCE_MT_STRING;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.RAND_1;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.RAND_2;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.RES;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_VERSION_LIST_DATA;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.IDENTITY_STRING;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.NONCE_MT_STRING;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.RAND_1;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.RAND_2;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.RES;
/**
* EapTestMessageDefinitions provides byte[] encodings of commonly used EAP Messages.
@@ -332,72 +332,4 @@
hexStringToByteArray(
"02" + ID + "0008" // EAP-Response | ID | length in bytes
+ "32020000"); // EAP-AKA' | Authentication Reject | 2B padding
-
- // EAP-TTLS test vectors
- public static final String EAP_DUMMY_REQUEST = "011000051A";
- public static final String EAP_DUMMY_RESPONSE = "021000051A";
- public static final String EAP_TTLS_DUMMY_DATA =
- "17010160301000E050010a516030100a010000a151603010036313233343"
- + "5363738393031323334003A31316030100a55a51603320500000100a516030100a50";
- public static final String EAP_TTLS_DUMMY_DATA_INITIAL_FRAGMENT =
- "36313233343536373839303132333435030100a010000a151603010036313"
- + "2333435363738393031323334003A31316030100a55a51603320500000100a51603";
- public static final String EAP_TTLS_DUMMY_DATA_FINAL_FRAGMENT =
- "010000a10E050010320200000000000000000000";
- public static final String EAP_TTLS_DUMMY_DATA_ASSEMBLED_FRAGMENT =
- EAP_TTLS_DUMMY_DATA_INITIAL_FRAGMENT + EAP_TTLS_DUMMY_DATA_FINAL_FRAGMENT;
-
- public static final byte[] EAP_DUMMY_REQUEST_BYTES = hexStringToByteArray(EAP_DUMMY_REQUEST);
- public static final byte[] EAP_DUMMY_RESPONSE_BYTES = hexStringToByteArray(EAP_DUMMY_RESPONSE);
- public static final byte[] EAP_TTLS_DUMMY_DATA_BYTES =
- hexStringToByteArray(EAP_TTLS_DUMMY_DATA);
- public static final byte[] EAP_TTLS_DUMMY_DATA_ASSEMBLED_FRAGMENT_BYTES =
- hexStringToByteArray(EAP_TTLS_DUMMY_DATA_ASSEMBLED_FRAGMENT);
- public static final byte[] EAP_TTLS_DUMMY_DATA_INITIAL_FRAGMENT_BYTES =
- hexStringToByteArray(EAP_TTLS_DUMMY_DATA_INITIAL_FRAGMENT);
- public static final byte[] EAP_TTLS_DUMMY_DATA_FINAL_FRAGMENT_BYTES =
- hexStringToByteArray(EAP_TTLS_DUMMY_DATA_FINAL_FRAGMENT);
-
- public static final byte[] EAP_REQUEST_TTLS_START =
- hexStringToByteArray(
- "01" + ID + "0006" // EAP-REQUEST | ID | length in bytes
- + "1520"); // EAP-TTLS | flags
- public static final byte[] EAP_RESPONSE_TTLS_WITH_LENGTH =
- hexStringToByteArray(
- "02" + ID + "004A" // EAP-RESPONSE | ID | length in bytes
- + "158000000040" // EAP-TTLS | flags | message length in bytes
- + EAP_TTLS_DUMMY_DATA);
- public static final byte[] EAP_RESPONSE_TTLS_WITHOUT_LENGTH =
- hexStringToByteArray(
- "02" + ID + "0046" // EAP-RESPONSE | ID | length in bytes
- + "1500" // EAP-TTLS | flags
- + EAP_TTLS_DUMMY_DATA);
- public static final byte[] EAP_RESPONSE_TTLS_INITIAL_FRAGMENT =
- hexStringToByteArray(
- "02" + ID + "004A" // EAP-RESPONSE | ID | length in bytes
- + "15C000000054" // EAP-TTLS | flags | message length in bytes
- + EAP_TTLS_DUMMY_DATA_INITIAL_FRAGMENT);
- public static final byte[] EAP_RESPONSE_TTLS_FINAL_FRAGMENT =
- hexStringToByteArray(
- "02" + ID + "001A" // EAP-RESPONSE | ID | length in bytes
- + "1500" // EAP-TTLS | flags
- + EAP_TTLS_DUMMY_DATA_FINAL_FRAGMENT);
- public static final byte[] EAP_RESPONSE_TTLS_ACK =
- hexStringToByteArray(
- "02" + ID + "0006" // EAP-RESPONSE | ID | length in bytes
- + "1500"); // EAP-TTLS | flags
- public static final byte[] EAP_MESSAGE_AVP_EAP_REQUEST =
- hexStringToByteArray(
- "0000004F"
- + "40"
- + "00000D" // AVP Code | AVP Flags | Avp Length
- + EAP_DUMMY_REQUEST // EAP-REQUEST
- + "000000"); // Padding
- public static final byte[] EAP_MESSAGE_AVP_EAP_RESPONSE =
- hexStringToByteArray(
- "0000004F"
- + "40"
- + "00000D" // AVP Code | AVP Flags | Avp Length
- + EAP_DUMMY_RESPONSE // EAP-RESPONSE
- + "000000"); // Padding
}
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2ChallengeRequestTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2ChallengeRequestTest.java
index 3c032a2..45a8673 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2ChallengeRequestTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2ChallengeRequestTest.java
@@ -14,17 +14,17 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.mschapv2;
+package com.android.internal.net.eap.message.mschapv2;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.CHALLENGE_BYTES;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.CHALLENGE_REQUEST_LONG_MS_LENGTH;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.CHALLENGE_REQUEST_SHORT_CHALLENGE;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.CHALLENGE_REQUEST_SHORT_MS_LENGTH;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.CHALLENGE_REQUEST_WRONG_OP_CODE;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.EAP_MSCHAP_V2_CHALLENGE_REQUEST;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.ID_INT;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.SERVER_NAME_BYTES;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EAP_MSCHAP_V2_CHALLENGE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.CHALLENGE_BYTES;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.CHALLENGE_REQUEST_LONG_MS_LENGTH;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.CHALLENGE_REQUEST_SHORT_CHALLENGE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.CHALLENGE_REQUEST_SHORT_MS_LENGTH;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.CHALLENGE_REQUEST_WRONG_OP_CODE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.EAP_MSCHAP_V2_CHALLENGE_REQUEST;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.ID_INT;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.SERVER_NAME_BYTES;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EAP_MSCHAP_V2_CHALLENGE;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -32,11 +32,11 @@
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import com.android.internal.net.eap.test.EapResult.EapError;
-import com.android.internal.net.eap.test.exceptions.mschapv2.EapMsChapV2ParsingException;
-import com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2ChallengeRequest;
-import com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2TypeDataDecoder;
-import com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2TypeDataDecoder.DecodeResult;
+import com.android.internal.net.eap.EapResult.EapError;
+import com.android.internal.net.eap.exceptions.mschapv2.EapMsChapV2ParsingException;
+import com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2ChallengeRequest;
+import com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2TypeDataDecoder;
+import com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2TypeDataDecoder.DecodeResult;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2ChallengeResponseTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2ChallengeResponseTest.java
index 2445ebc..3e243a9 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2ChallengeResponseTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2ChallengeResponseTest.java
@@ -14,23 +14,23 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.mschapv2;
+package com.android.internal.net.eap.message.mschapv2;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.EAP_MSCHAP_V2_CHALLENGE_RESPONSE;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.ID_INT;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.NT_RESPONSE_BYTES;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.PEER_CHALLENGE_BYTES;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.PEER_NAME_BYTES;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.SHORT_CHALLENGE_BYTES;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.SHORT_NT_RESPONSE;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EAP_MSCHAP_V2_RESPONSE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.EAP_MSCHAP_V2_CHALLENGE_RESPONSE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.ID_INT;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.NT_RESPONSE_BYTES;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.PEER_CHALLENGE_BYTES;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.PEER_NAME_BYTES;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.SHORT_CHALLENGE_BYTES;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.SHORT_NT_RESPONSE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EAP_MSCHAP_V2_RESPONSE;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.fail;
-import com.android.internal.net.eap.test.exceptions.mschapv2.EapMsChapV2ParsingException;
-import com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2ChallengeResponse;
+import com.android.internal.net.eap.exceptions.mschapv2.EapMsChapV2ParsingException;
+import com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2ChallengeResponse;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2FailureRequestTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2FailureRequestTest.java
index 5848544..ead8022 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2FailureRequestTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2FailureRequestTest.java
@@ -14,34 +14,34 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.mschapv2;
+package com.android.internal.net.eap.message.mschapv2;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.CHALLENGE_BYTES;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.EAP_MSCHAP_V2_FAILURE_REQUEST;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.EAP_MSCHAP_V2_FAILURE_REQUEST_MISSING_MESSAGE;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.EAP_MSCHAP_V2_FAILURE_REQUEST_MISSING_MESSAGE_WITH_SPACE;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.ERROR_CODE;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.FAILURE_REQUEST_EXTRA_ATTRIBUTE;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.FAILURE_REQUEST_INVALID_CHALLENGE;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.FAILURE_REQUEST_INVALID_ERROR_CODE;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.FAILURE_REQUEST_INVALID_PASSWORD_CHANGE_PROTOCOL;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.FAILURE_REQUEST_SHORT_CHALLENGE;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.ID_INT;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.MESSAGE;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.MESSAGE_MISSING_TEXT;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.PASSWORD_CHANGE_PROTOCOL;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.RETRY_BIT;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EAP_MSCHAP_V2_FAILURE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.CHALLENGE_BYTES;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.EAP_MSCHAP_V2_FAILURE_REQUEST;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.EAP_MSCHAP_V2_FAILURE_REQUEST_MISSING_MESSAGE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.EAP_MSCHAP_V2_FAILURE_REQUEST_MISSING_MESSAGE_WITH_SPACE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.ERROR_CODE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.FAILURE_REQUEST_EXTRA_ATTRIBUTE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.FAILURE_REQUEST_INVALID_CHALLENGE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.FAILURE_REQUEST_INVALID_ERROR_CODE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.FAILURE_REQUEST_INVALID_PASSWORD_CHANGE_PROTOCOL;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.FAILURE_REQUEST_SHORT_CHALLENGE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.ID_INT;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.MESSAGE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.MESSAGE_MISSING_TEXT;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.PASSWORD_CHANGE_PROTOCOL;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.RETRY_BIT;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EAP_MSCHAP_V2_FAILURE;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import com.android.internal.net.eap.test.exceptions.mschapv2.EapMsChapV2ParsingException;
-import com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2FailureRequest;
-import com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2TypeDataDecoder;
-import com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2TypeDataDecoder.DecodeResult;
+import com.android.internal.net.eap.exceptions.mschapv2.EapMsChapV2ParsingException;
+import com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2FailureRequest;
+import com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2TypeDataDecoder;
+import com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2TypeDataDecoder.DecodeResult;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2FailureResponseTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2FailureResponseTest.java
index a5d2d63..261ddb2 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2FailureResponseTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2FailureResponseTest.java
@@ -14,15 +14,15 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.mschapv2;
+package com.android.internal.net.eap.message.mschapv2;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.EAP_MSCHAP_V2_FAILURE_RESPONSE;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EAP_MSCHAP_V2_FAILURE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.EAP_MSCHAP_V2_FAILURE_RESPONSE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EAP_MSCHAP_V2_FAILURE;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
-import com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2FailureResponse;
+import com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2FailureResponse;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2PacketDefinitions.java b/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2PacketDefinitions.java
index 1630c2d..e70c2a2 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2PacketDefinitions.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2PacketDefinitions.java
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.mschapv2;
+package com.android.internal.net.eap.message.mschapv2;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2SuccessRequestTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2SuccessRequestTest.java
index f7ccbf9..1e0909e 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2SuccessRequestTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2SuccessRequestTest.java
@@ -14,22 +14,22 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.mschapv2;
+package com.android.internal.net.eap.message.mschapv2;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.AUTH_BYTES;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.EAP_MSCHAP_V2_SUCCESS_REQUEST;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.EAP_MSCHAP_V2_SUCCESS_REQUEST_EMPTY_MESSAGE;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.EAP_MSCHAP_V2_SUCCESS_REQUEST_MISSING_MESSAGE;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.EAP_MSCHAP_V2_SUCCESS_REQUEST_MISSING_MESSAGE_WITH_SPACE;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.ID_INT;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.MESSAGE;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.MESSAGE_MISSING_TEXT;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.SUCCESS_REQUEST_EXTRA_ATTRIBUTE;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.SUCCESS_REQUEST_INVALID_AUTH_STRING;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.SUCCESS_REQUEST_SHORT_AUTH_STRING;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.SUCCESS_REQUEST_WRONG_OP_CODE;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.SUCCESS_REQUEST_WRONG_PREFIX;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EAP_MSCHAP_V2_SUCCESS;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.AUTH_BYTES;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.EAP_MSCHAP_V2_SUCCESS_REQUEST;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.EAP_MSCHAP_V2_SUCCESS_REQUEST_EMPTY_MESSAGE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.EAP_MSCHAP_V2_SUCCESS_REQUEST_MISSING_MESSAGE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.EAP_MSCHAP_V2_SUCCESS_REQUEST_MISSING_MESSAGE_WITH_SPACE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.ID_INT;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.MESSAGE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.MESSAGE_MISSING_TEXT;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.SUCCESS_REQUEST_EXTRA_ATTRIBUTE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.SUCCESS_REQUEST_INVALID_AUTH_STRING;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.SUCCESS_REQUEST_SHORT_AUTH_STRING;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.SUCCESS_REQUEST_WRONG_OP_CODE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.SUCCESS_REQUEST_WRONG_PREFIX;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EAP_MSCHAP_V2_SUCCESS;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -37,11 +37,11 @@
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import com.android.internal.net.eap.test.EapResult.EapError;
-import com.android.internal.net.eap.test.exceptions.mschapv2.EapMsChapV2ParsingException;
-import com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2SuccessRequest;
-import com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2TypeDataDecoder;
-import com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2TypeDataDecoder.DecodeResult;
+import com.android.internal.net.eap.EapResult.EapError;
+import com.android.internal.net.eap.exceptions.mschapv2.EapMsChapV2ParsingException;
+import com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2SuccessRequest;
+import com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2TypeDataDecoder;
+import com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2TypeDataDecoder.DecodeResult;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2SuccessResponseTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2SuccessResponseTest.java
index 8488397..524b3ec 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2SuccessResponseTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2SuccessResponseTest.java
@@ -14,15 +14,15 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.mschapv2;
+package com.android.internal.net.eap.message.mschapv2;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.EAP_MSCHAP_V2_SUCCESS_RESPONSE;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EAP_MSCHAP_V2_SUCCESS;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.EAP_MSCHAP_V2_SUCCESS_RESPONSE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EAP_MSCHAP_V2_SUCCESS;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
-import com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2SuccessResponse;
+import com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2SuccessResponse;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2TypeDataTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2TypeDataTest.java
index dc6a824..45f1c64 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2TypeDataTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/mschapv2/EapMsChapV2TypeDataTest.java
@@ -14,19 +14,19 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.mschapv2;
+package com.android.internal.net.eap.message.mschapv2;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.AUTH_BYTES;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.AUTH_STRING;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.EXTRA_M_MESSAGE;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.MESSAGE;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.MESSAGE_MISSING_TEXT;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.SUCCESS_REQUEST;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.SUCCESS_REQUEST_DUPLICATE_KEY;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.SUCCESS_REQUEST_EXTRA_M;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.SUCCESS_REQUEST_INVALID_FORMAT;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.SUCCESS_REQUEST_MISSING_M;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EAP_MSCHAP_V2_CHALLENGE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.AUTH_BYTES;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.AUTH_STRING;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.EXTRA_M_MESSAGE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.MESSAGE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.MESSAGE_MISSING_TEXT;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.SUCCESS_REQUEST;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.SUCCESS_REQUEST_DUPLICATE_KEY;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.SUCCESS_REQUEST_EXTRA_M;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.SUCCESS_REQUEST_INVALID_FORMAT;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.SUCCESS_REQUEST_MISSING_M;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EAP_MSCHAP_V2_CHALLENGE;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -34,10 +34,10 @@
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import com.android.internal.net.eap.test.EapResult.EapError;
-import com.android.internal.net.eap.test.exceptions.mschapv2.EapMsChapV2ParsingException;
-import com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2TypeDataDecoder.DecodeResult;
-import com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2VariableTypeData;
+import com.android.internal.net.eap.EapResult.EapError;
+import com.android.internal.net.eap.exceptions.mschapv2.EapMsChapV2ParsingException;
+import com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2TypeDataDecoder.DecodeResult;
+import com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2VariableTypeData;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/EapAkaPrimeTypeDataTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/EapAkaPrimeTypeDataTest.java
index 543f70a..d5aa9d1 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/EapAkaPrimeTypeDataTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/EapAkaPrimeTypeDataTest.java
@@ -14,33 +14,33 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.simaka;
+package com.android.internal.net.eap.message.simaka;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
-import static com.android.internal.net.eap.test.message.simaka.EapAkaTypeData.EAP_AKA_CHALLENGE;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_AUTN;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_KDF;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_KDF_INPUT;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_MAC;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_RAND;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_KDF_INPUT;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.KDF_VERSION;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.NETWORK_NAME_BYTES;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.NETWORK_NAME_HEX;
+import static com.android.internal.net.eap.message.simaka.EapAkaTypeData.EAP_AKA_CHALLENGE;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_AUTN;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_KDF;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_KDF_INPUT;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_MAC;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_RAND;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_KDF_INPUT;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.KDF_VERSION;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.NETWORK_NAME_BYTES;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.NETWORK_NAME_HEX;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
-import com.android.internal.net.eap.test.message.simaka.EapAkaPrimeTypeData.EapAkaPrimeTypeDataDecoder;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtAutn;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtClientErrorCode;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtKdf;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtKdfInput;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtMac;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtRandAka;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaTypeData.DecodeResult;
+import com.android.internal.net.eap.message.simaka.EapAkaPrimeTypeData.EapAkaPrimeTypeDataDecoder;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtAutn;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtClientErrorCode;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtKdf;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtKdfInput;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtMac;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtRandAka;
+import com.android.internal.net.eap.message.simaka.EapSimAkaTypeData.DecodeResult;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/EapAkaTypeDataTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/EapAkaTypeDataTest.java
index a7f4bbe..cb27cd1 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/EapAkaTypeDataTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/EapAkaTypeDataTest.java
@@ -14,38 +14,38 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.simaka;
+package com.android.internal.net.eap.message.simaka;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_AKA_CHALLENGE_RESPONSE_MAC_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_AKA_CHALLENGE_RESPONSE_TYPE_DATA;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_AKA_IDENTITY_REQUEST;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.INVALID_SUBTYPE;
-import static com.android.internal.net.eap.test.message.simaka.EapAkaTypeData.EAP_AKA_CHALLENGE;
-import static com.android.internal.net.eap.test.message.simaka.EapAkaTypeData.EAP_AKA_IDENTITY;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_ANY_ID_REQ;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_AUTN;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_CHECKCODE;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_MAC;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_RAND;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_RES;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.RES_BYTES;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_AKA_CHALLENGE_RESPONSE_MAC_BYTES;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_AKA_CHALLENGE_RESPONSE_TYPE_DATA;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_AKA_IDENTITY_REQUEST;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.INVALID_SUBTYPE;
+import static com.android.internal.net.eap.message.simaka.EapAkaTypeData.EAP_AKA_CHALLENGE;
+import static com.android.internal.net.eap.message.simaka.EapAkaTypeData.EAP_AKA_IDENTITY;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_ANY_ID_REQ;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_AUTN;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_CHECKCODE;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_MAC;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_RAND;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_RES;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.RES_BYTES;
+import static junit.framework.TestCase.fail;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-import com.android.internal.net.eap.test.message.simaka.EapAkaTypeData.EapAkaTypeDataDecoder;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtAnyIdReq;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtAutn;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtMac;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtRandAka;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtRes;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EapSimAkaUnsupportedAttribute;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaTypeData.DecodeResult;
+import com.android.internal.net.eap.message.simaka.EapAkaTypeData.EapAkaTypeDataDecoder;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtAnyIdReq;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtAutn;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtMac;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtRandAka;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtRes;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EapSimAkaUnsupportedAttribute;
+import com.android.internal.net.eap.message.simaka.EapSimAkaTypeData.DecodeResult;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/EapSimAkaAttributeFactoryTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/EapSimAkaAttributeFactoryTest.java
index 1ac2648..5b6f5d6 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/EapSimAkaAttributeFactoryTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/EapSimAkaAttributeFactoryTest.java
@@ -14,20 +14,20 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.simaka;
+package com.android.internal.net.eap.message.simaka;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.SKIPPABLE_DATA;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.SKIPPABLE_DATA_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.SKIPPABLE_INVALID_ATTRIBUTE;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.SKIPPABLE_DATA;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.SKIPPABLE_DATA_BYTES;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.SKIPPABLE_INVALID_ATTRIBUTE;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import com.android.internal.net.eap.test.exceptions.simaka.EapSimAkaUnsupportedAttributeException;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EapSimAkaUnsupportedAttribute;
+import com.android.internal.net.eap.exceptions.simaka.EapSimAkaUnsupportedAttributeException;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EapSimAkaUnsupportedAttribute;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/EapSimTypeDataTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/EapSimTypeDataTest.java
index a35c81c..bd6352a 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/EapSimTypeDataTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/EapSimTypeDataTest.java
@@ -14,30 +14,31 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.simaka;
+package com.android.internal.net.eap.message.simaka;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_SIM_START_DUPLICATE_ATTRIBUTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_SIM_START_SUBTYPE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.INVALID_SUBTYPE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.SHORT_TYPE_DATA;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.TYPE_DATA_INVALID_ATTRIBUTE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.TYPE_DATA_INVALID_AT_RAND;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_PERMANENT_ID_REQ;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_VERSION_LIST;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.RAND_1;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.RAND_2;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_SIM_START_DUPLICATE_ATTRIBUTES;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_SIM_START_SUBTYPE;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.INVALID_SUBTYPE;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.SHORT_TYPE_DATA;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.TYPE_DATA_INVALID_ATTRIBUTE;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.TYPE_DATA_INVALID_AT_RAND;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_PERMANENT_ID_REQ;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_VERSION_LIST;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.RAND_1;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.RAND_2;
+
+import static junit.framework.TestCase.fail;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtPermanentIdReq;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtVersionList;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaTypeData.DecodeResult;
-import com.android.internal.net.eap.test.message.simaka.EapSimTypeData.EapSimTypeDataDecoder;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtPermanentIdReq;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtVersionList;
+import com.android.internal.net.eap.message.simaka.EapSimAkaTypeData.DecodeResult;
+import com.android.internal.net.eap.message.simaka.EapSimTypeData.EapSimTypeDataDecoder;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtAutnTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtAutnTest.java
index fe56a86..ebf22e4 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtAutnTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtAutnTest.java
@@ -14,22 +14,22 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.simaka.attributes;
+package com.android.internal.net.eap.message.simaka.attributes;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_AUTN;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_AUTN;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_AUTN_INVALID_LENGTH;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AUTN_BYTES;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_AUTN;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_AUTN;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_AUTN_INVALID_LENGTH;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AUTN_BYTES;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.fail;
-import com.android.internal.net.eap.test.exceptions.simaka.EapSimAkaInvalidAttributeException;
-import com.android.internal.net.eap.test.message.simaka.EapAkaAttributeFactory;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtAutn;
+import com.android.internal.net.eap.exceptions.simaka.EapSimAkaInvalidAttributeException;
+import com.android.internal.net.eap.message.simaka.EapAkaAttributeFactory;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtAutn;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtAutsTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtAutsTest.java
index 89082d3..d65a735 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtAutsTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtAutsTest.java
@@ -14,22 +14,22 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.simaka.attributes;
+package com.android.internal.net.eap.message.simaka.attributes;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_AUTS;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_AUTS;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_AUTS_INVALID_LENGTH;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AUTS_BYTES;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_AUTS;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_AUTS;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_AUTS_INVALID_LENGTH;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AUTS_BYTES;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.fail;
-import com.android.internal.net.eap.test.exceptions.simaka.EapSimAkaInvalidAttributeException;
-import com.android.internal.net.eap.test.message.simaka.EapAkaAttributeFactory;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtAuts;
+import com.android.internal.net.eap.exceptions.simaka.EapSimAkaInvalidAttributeException;
+import com.android.internal.net.eap.message.simaka.EapAkaAttributeFactory;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtAuts;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtBiddingTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtBiddingTest.java
index a5eab55..efdfcc2 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtBiddingTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtBiddingTest.java
@@ -14,12 +14,12 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.simaka.attributes;
+package com.android.internal.net.eap.message.simaka.attributes;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_BIDDING;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_BIDDING_DOES_NOT_SUPPORT_AKA_PRIME;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_BIDDING_INVALID_LENGTH;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_BIDDING_SUPPORTS_AKA_PRIME;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_BIDDING;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_BIDDING_DOES_NOT_SUPPORT_AKA_PRIME;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_BIDDING_INVALID_LENGTH;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_BIDDING_SUPPORTS_AKA_PRIME;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -27,10 +27,10 @@
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import com.android.internal.net.eap.test.exceptions.simaka.EapSimAkaInvalidAttributeException;
-import com.android.internal.net.eap.test.message.simaka.EapAkaAttributeFactory;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtBidding;
+import com.android.internal.net.eap.exceptions.simaka.EapSimAkaInvalidAttributeException;
+import com.android.internal.net.eap.message.simaka.EapAkaAttributeFactory;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtBidding;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtClientErrorCodeTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtClientErrorCodeTest.java
index b07a078..2051414 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtClientErrorCodeTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtClientErrorCodeTest.java
@@ -14,13 +14,13 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.simaka.attributes;
+package com.android.internal.net.eap.message.simaka.attributes;
import static com.android.internal.net.TestUtils.hexStringToInt;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_CLIENT_ERROR_CODE;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_CLIENT_ERROR_CODE;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_CLIENT_ERROR_CODE_INVALID_LENGTH;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.ERROR_CODE;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_CLIENT_ERROR_CODE;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_CLIENT_ERROR_CODE;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_CLIENT_ERROR_CODE_INVALID_LENGTH;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.ERROR_CODE;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -28,9 +28,9 @@
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtClientErrorCode;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttributeFactory;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtClientErrorCode;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttributeFactory;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtCounterTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtCounterTest.java
index cf360d2..eb1086d 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtCounterTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtCounterTest.java
@@ -14,15 +14,15 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.simaka.attributes;
+package com.android.internal.net.eap.message.simaka.attributes;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_COUNTER;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_COUNTER_TOO_SMALL;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_COUNTER;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_COUNTER_INVALID_LENGTH;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_COUNTER_TOO_SMALL;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_COUNTER_TOO_SMALL_INVALID_LENGTH;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.COUNTER_INT;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_COUNTER;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_COUNTER_TOO_SMALL;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_COUNTER;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_COUNTER_INVALID_LENGTH;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_COUNTER_TOO_SMALL;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_COUNTER_TOO_SMALL_INVALID_LENGTH;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.COUNTER_INT;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -30,11 +30,11 @@
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import com.android.internal.net.eap.test.exceptions.simaka.EapSimAkaInvalidAttributeException;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtCounter;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtCounterTooSmall;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttributeFactory;
+import com.android.internal.net.eap.exceptions.simaka.EapSimAkaInvalidAttributeException;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtCounter;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtCounterTooSmall;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttributeFactory;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtIdReqTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtIdReqTest.java
index 078be6b..d006053 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtIdReqTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtIdReqTest.java
@@ -14,17 +14,17 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.simaka.attributes;
+package com.android.internal.net.eap.message.simaka.attributes;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_ANY_ID_REQ;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_FULLAUTH_ID_REQ;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_PERMANENT_ID_REQ;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.ANY_ID_INVALID_LENGTH;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_ANY_ID_REQ;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_FULL_AUTH_ID_REQ;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_PERMANENT_ID_REQ;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.FULL_AUTH_ID_INVALID_LENGTH;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.PERMANENT_ID_INVALID_LENGTH;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_ANY_ID_REQ;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_FULLAUTH_ID_REQ;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_PERMANENT_ID_REQ;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.ANY_ID_INVALID_LENGTH;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_ANY_ID_REQ;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_FULL_AUTH_ID_REQ;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_PERMANENT_ID_REQ;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.FULL_AUTH_ID_INVALID_LENGTH;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.PERMANENT_ID_INVALID_LENGTH;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -32,12 +32,12 @@
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import com.android.internal.net.eap.test.exceptions.simaka.EapSimAkaInvalidAttributeException;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtAnyIdReq;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtFullauthIdReq;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtPermanentIdReq;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttributeFactory;
+import com.android.internal.net.eap.exceptions.simaka.EapSimAkaInvalidAttributeException;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtAnyIdReq;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtFullauthIdReq;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtPermanentIdReq;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttributeFactory;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtIdentityTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtIdentityTest.java
index aaa924d..cf8e880 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtIdentityTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtIdentityTest.java
@@ -14,21 +14,21 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.simaka.attributes;
+package com.android.internal.net.eap.message.simaka.attributes;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_IDENTITY;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_IDENTITY;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.IDENTITY;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_IDENTITY;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_IDENTITY;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.IDENTITY;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtIdentity;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttributeFactory;
-import com.android.internal.net.eap.test.message.simaka.EapSimAttributeFactory;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtIdentity;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttributeFactory;
+import com.android.internal.net.eap.message.simaka.EapSimAttributeFactory;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtKdfInputTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtKdfInputTest.java
index 4be4a35..51ea3f1 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtKdfInputTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtKdfInputTest.java
@@ -14,20 +14,20 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.simaka.attributes;
+package com.android.internal.net.eap.message.simaka.attributes;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_KDF_INPUT;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_KDF_INPUT;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_KDF_INPUT_EMPTY_NETWORK_NAME;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.NETWORK_NAME_BYTES;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_KDF_INPUT;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_KDF_INPUT;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_KDF_INPUT_EMPTY_NETWORK_NAME;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.NETWORK_NAME_BYTES;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
-import com.android.internal.net.eap.test.message.simaka.EapAkaPrimeAttributeFactory;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtKdfInput;
+import com.android.internal.net.eap.message.simaka.EapAkaPrimeAttributeFactory;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtKdfInput;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtKdfTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtKdfTest.java
index 3c23e0a..0bb0732 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtKdfTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtKdfTest.java
@@ -14,22 +14,22 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.simaka.attributes;
+package com.android.internal.net.eap.message.simaka.attributes;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_KDF;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_KDF;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_KDF_INVALID_LENGTH;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.KDF_VERSION;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_KDF;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_KDF;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_KDF_INVALID_LENGTH;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.KDF_VERSION;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.fail;
-import com.android.internal.net.eap.test.exceptions.simaka.EapSimAkaInvalidAttributeException;
-import com.android.internal.net.eap.test.message.simaka.EapAkaPrimeAttributeFactory;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtKdf;
+import com.android.internal.net.eap.exceptions.simaka.EapSimAkaInvalidAttributeException;
+import com.android.internal.net.eap.message.simaka.EapAkaPrimeAttributeFactory;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtKdf;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtMacTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtMacTest.java
index 06afb69..042519a 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtMacTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtMacTest.java
@@ -14,13 +14,13 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.simaka.attributes;
+package com.android.internal.net.eap.message.simaka.attributes;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_MAC;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_MAC;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_MAC_INVALID_LENGTH;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.MAC;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_MAC;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_MAC;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_MAC_INVALID_LENGTH;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.MAC;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -28,10 +28,10 @@
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import com.android.internal.net.eap.test.exceptions.simaka.EapSimAkaInvalidAttributeException;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtMac;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttributeFactory;
+import com.android.internal.net.eap.exceptions.simaka.EapSimAkaInvalidAttributeException;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtMac;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttributeFactory;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtNonceMtTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtNonceMtTest.java
index e14fa21..751908a 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtNonceMtTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtNonceMtTest.java
@@ -14,12 +14,12 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.simaka.attributes;
+package com.android.internal.net.eap.message.simaka.attributes;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_NONCE_MT;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_NONCE_INVALID_LENGTH;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_NONCE_MT;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.NONCE_MT;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_NONCE_MT;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_NONCE_INVALID_LENGTH;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_NONCE_MT;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.NONCE_MT;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -27,10 +27,10 @@
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import com.android.internal.net.eap.test.exceptions.simaka.EapSimAkaInvalidAttributeException;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtNonceMt;
-import com.android.internal.net.eap.test.message.simaka.EapSimAttributeFactory;
+import com.android.internal.net.eap.exceptions.simaka.EapSimAkaInvalidAttributeException;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtNonceMt;
+import com.android.internal.net.eap.message.simaka.EapSimAttributeFactory;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtNonceSTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtNonceSTest.java
index e170033..1ad6466 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtNonceSTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtNonceSTest.java
@@ -14,13 +14,13 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.simaka.attributes;
+package com.android.internal.net.eap.message.simaka.attributes;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_NONCE_S;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_NONCE_S;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_NONCE_S_INVALID_LENGTH;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.NONCE_S;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_NONCE_S;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_NONCE_S;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_NONCE_S_INVALID_LENGTH;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.NONCE_S;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -28,10 +28,10 @@
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import com.android.internal.net.eap.test.exceptions.simaka.EapSimAkaInvalidAttributeException;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtNonceS;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttributeFactory;
+import com.android.internal.net.eap.exceptions.simaka.EapSimAkaInvalidAttributeException;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtNonceS;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttributeFactory;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtNotificationTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtNotificationTest.java
index af0b0b7..2db3cbb 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtNotificationTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtNotificationTest.java
@@ -14,15 +14,15 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.simaka.attributes;
+package com.android.internal.net.eap.message.simaka.attributes;
import static com.android.internal.net.TestUtils.hexStringToInt;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtNotification.GENERAL_FAILURE_POST_CHALLENGE;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_NOTIFICATION;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_NOTIFICATION;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_NOTIFICATION_INVALID_LENGTH;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_NOTIFICATION_INVALID_STATE;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.NOTIFICATION_CODE;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtNotification.GENERAL_FAILURE_POST_CHALLENGE;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_NOTIFICATION;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_NOTIFICATION;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_NOTIFICATION_INVALID_LENGTH;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_NOTIFICATION_INVALID_STATE;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.NOTIFICATION_CODE;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -32,10 +32,10 @@
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import com.android.internal.net.eap.test.exceptions.simaka.EapSimAkaInvalidAttributeException;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtNotification;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttributeFactory;
+import com.android.internal.net.eap.exceptions.simaka.EapSimAkaInvalidAttributeException;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtNotification;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttributeFactory;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtPaddingTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtPaddingTest.java
index db1e11a..d310d50 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtPaddingTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtPaddingTest.java
@@ -14,11 +14,11 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.simaka.attributes;
+package com.android.internal.net.eap.message.simaka.attributes;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_PADDING;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_PADDING;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_PADDING_INVALID_PADDING;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_PADDING;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_PADDING;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_PADDING_INVALID_PADDING;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -26,10 +26,10 @@
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import com.android.internal.net.eap.test.exceptions.simaka.EapSimAkaInvalidAtPaddingException;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtPadding;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttributeFactory;
+import com.android.internal.net.eap.exceptions.simaka.EapSimAkaInvalidAtPaddingException;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtPadding;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttributeFactory;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtRandAkaTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtRandAkaTest.java
index d647819..bdffdda 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtRandAkaTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtRandAkaTest.java
@@ -14,22 +14,22 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.simaka.attributes;
+package com.android.internal.net.eap.message.simaka.attributes;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_RAND;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_RAND_AKA;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_RAND_AKA_INVALID_LENGTH;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.RAND_1_BYTES;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_RAND;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_RAND_AKA;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_RAND_AKA_INVALID_LENGTH;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.RAND_1_BYTES;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.fail;
-import com.android.internal.net.eap.test.exceptions.simaka.EapSimAkaInvalidAttributeException;
-import com.android.internal.net.eap.test.message.simaka.EapAkaAttributeFactory;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtRandAka;
+import com.android.internal.net.eap.exceptions.simaka.EapSimAkaInvalidAttributeException;
+import com.android.internal.net.eap.message.simaka.EapAkaAttributeFactory;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtRandAka;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtRandSimTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtRandSimTest.java
index 0fff81d..7456be6 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtRandSimTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtRandSimTest.java
@@ -14,15 +14,15 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.simaka.attributes;
+package com.android.internal.net.eap.message.simaka.attributes;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_RAND;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_RAND_SIM;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_RAND_SIM_DUPLICATE_RANDS;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_RAND_SIM_INVALID_NUM_RANDS;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.RAND_1;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.RAND_2;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_RAND;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_RAND_SIM;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_RAND_SIM_DUPLICATE_RANDS;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_RAND_SIM_INVALID_NUM_RANDS;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.RAND_1;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.RAND_2;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -30,11 +30,11 @@
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import com.android.internal.net.eap.test.exceptions.simaka.EapSimAkaInvalidAttributeException;
-import com.android.internal.net.eap.test.exceptions.simaka.EapSimInvalidAtRandException;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtRandSim;
-import com.android.internal.net.eap.test.message.simaka.EapSimAttributeFactory;
+import com.android.internal.net.eap.exceptions.simaka.EapSimAkaInvalidAttributeException;
+import com.android.internal.net.eap.exceptions.simaka.EapSimInvalidAtRandException;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtRandSim;
+import com.android.internal.net.eap.message.simaka.EapSimAttributeFactory;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtResTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtResTest.java
index 75efaf5..34c2ff3 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtResTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtResTest.java
@@ -14,14 +14,14 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.simaka.attributes;
+package com.android.internal.net.eap.message.simaka.attributes;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_RES;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_RES;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_RES_INVALID_RES_LENGTH;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_RES_LONG_RES;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_RES_SHORT_RES;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.RES_BYTES;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_RES;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_RES;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_RES_INVALID_RES_LENGTH;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_RES_LONG_RES;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_RES_SHORT_RES;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.RES_BYTES;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -29,10 +29,10 @@
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import com.android.internal.net.eap.test.exceptions.simaka.EapSimAkaInvalidAttributeException;
-import com.android.internal.net.eap.test.message.simaka.EapAkaAttributeFactory;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtRes;
+import com.android.internal.net.eap.exceptions.simaka.EapSimAkaInvalidAttributeException;
+import com.android.internal.net.eap.message.simaka.EapAkaAttributeFactory;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtRes;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtSelectedVersionTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtSelectedVersionTest.java
index bdd9f30..659fe9a 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtSelectedVersionTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtSelectedVersionTest.java
@@ -14,11 +14,11 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.simaka.attributes;
+package com.android.internal.net.eap.message.simaka.attributes;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_SELECTED_VERSION;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_SELECTED_VERSION;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_SELECTED_VERSION_INVALID_LENGTH;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_SELECTED_VERSION;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_SELECTED_VERSION;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_SELECTED_VERSION_INVALID_LENGTH;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -26,10 +26,10 @@
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import com.android.internal.net.eap.test.exceptions.simaka.EapSimAkaInvalidAttributeException;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtSelectedVersion;
-import com.android.internal.net.eap.test.message.simaka.EapSimAttributeFactory;
+import com.android.internal.net.eap.exceptions.simaka.EapSimAkaInvalidAttributeException;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtSelectedVersion;
+import com.android.internal.net.eap.message.simaka.EapSimAttributeFactory;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtVersionListTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtVersionListTest.java
index 358bfc9..96bb7ca 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtVersionListTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/AtVersionListTest.java
@@ -14,13 +14,13 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.simaka.attributes;
+package com.android.internal.net.eap.message.simaka.attributes;
import static com.android.internal.net.TestUtils.hexStringToInt;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_VERSION_LIST;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_VERSION_LIST;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_VERSION_LIST_INVALID_LENGTH;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.VERSION;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_VERSION_LIST;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_VERSION_LIST;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_VERSION_LIST_INVALID_LENGTH;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.VERSION;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -28,10 +28,10 @@
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import com.android.internal.net.eap.test.exceptions.simaka.EapSimAkaInvalidAttributeException;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtVersionList;
-import com.android.internal.net.eap.test.message.simaka.EapSimAttributeFactory;
+import com.android.internal.net.eap.exceptions.simaka.EapSimAkaInvalidAttributeException;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtVersionList;
+import com.android.internal.net.eap.message.simaka.EapSimAttributeFactory;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/EapSimAkaAttributeTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/EapSimAkaAttributeTest.java
index 86753e1..4efbf25 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/EapSimAkaAttributeTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/EapSimAkaAttributeTest.java
@@ -14,12 +14,12 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.simaka.attributes;
+package com.android.internal.net.eap.message.simaka.attributes;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertFalse;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/EapTestAttributeDefinitions.java b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/EapTestAttributeDefinitions.java
index 5b9c37c..60397e1 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/EapTestAttributeDefinitions.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/message/simaka/attributes/EapTestAttributeDefinitions.java
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.message.simaka.attributes;
+package com.android.internal.net.eap.message.simaka.attributes;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/ttls/EapTtlsAvpTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/ttls/EapTtlsAvpTest.java
deleted file mode 100644
index 4066a74..0000000
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/ttls/EapTtlsAvpTest.java
+++ /dev/null
@@ -1,303 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.eap.test.message.ttls;
-
-import static com.android.internal.net.TestUtils.hexStringToByteArray;
-
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertTrue;
-
-import com.android.internal.net.eap.test.EapResult.EapError;
-import com.android.internal.net.eap.test.crypto.TlsSession;
-import com.android.internal.net.eap.test.exceptions.ttls.EapTtlsParsingException;
-import com.android.internal.net.eap.test.message.ttls.EapTtlsAvp.EapTtlsAvpDecoder;
-import com.android.internal.net.eap.test.message.ttls.EapTtlsAvp.EapTtlsAvpDecoder.AvpDecodeResult;
-
-import org.junit.Test;
-
-import java.nio.BufferUnderflowException;
-import java.nio.ByteBuffer;
-
-public class EapTtlsAvpTest {
- private static final int EAP_MESSAGE_AVP_CODE = 79;
- private static final int SAMPLE_VENDOR_ID = 100;
- private static final int DEFAULT_VENDOR_ID = 0;
-
- private static final String AVP_DUMMY_DATA_PADDING_REQUIRED = "160304";
- private static final String AVP_DUMMY_DATA_PADDING_NOT_REQUIRED = "16030406";
-
- private static final byte[] AVP_DUMMY_DATA_PADDING_REQUIRED_BYTES =
- hexStringToByteArray(AVP_DUMMY_DATA_PADDING_REQUIRED);
- private static final byte[] AVP_DUMMY_DATA_PADDING_NOT_REQUIRED_BYTES =
- hexStringToByteArray(AVP_DUMMY_DATA_PADDING_NOT_REQUIRED);
-
- private static final String EAP_MESSAGE_AVP_WITHOUT_VENDOR_ID_PADDING_REQUIRED =
- "0000004F" + "40" + "00000B" // AVP Code | AVP Flags | AVP Length
- + AVP_DUMMY_DATA_PADDING_REQUIRED
- + "00"; // Padding
- private static final String EAP_MESSAGE_AVP_WITH_VENDOR_ID_PADDING_REQUIRED =
- "0000004F" + "C0" + "00000F" // AVP Code | AVP Flags | AVP Length
- + "00000064" // Vendor-ID
- + AVP_DUMMY_DATA_PADDING_REQUIRED
- + "00"; // Padding
- private static final String OTHER_AVP_WITH_VENDOR_ID =
- "0000000F" + "80" + "00000F" // AVP Code | AVP Flags | AVP Length
- + "00000064" // Vendor-ID
- + AVP_DUMMY_DATA_PADDING_REQUIRED
- + "00"; // Padding
- private static final String OTHER_AVP_WITHOUT_VENDOR_ID =
- "0000000F" + "00" + "00000B" // AVP Code | AVP Flags | AVP Length
- + AVP_DUMMY_DATA_PADDING_REQUIRED
- + "00"; // Padding
-
- private static final byte[] EAP_MESSAGE_AVP_WITHOUT_VENDOR_ID_PADDING_REQUIRED_BYTES =
- hexStringToByteArray(EAP_MESSAGE_AVP_WITHOUT_VENDOR_ID_PADDING_REQUIRED);
- private static final byte[] EAP_MESSAGE_AVP_WITH_VENDOR_ID_PADDING_REQUIRED_BYTES =
- hexStringToByteArray(EAP_MESSAGE_AVP_WITH_VENDOR_ID_PADDING_REQUIRED);
- private static final byte[] MULTIPLE_AVPS_EAP_MESSAGE_WITH_VENDOR_ID_BYTES =
- hexStringToByteArray(
- OTHER_AVP_WITH_VENDOR_ID
- + OTHER_AVP_WITH_VENDOR_ID
- + OTHER_AVP_WITHOUT_VENDOR_ID
- + EAP_MESSAGE_AVP_WITH_VENDOR_ID_PADDING_REQUIRED);
- private static final byte[] MULTIPLE_AVPS_EAP_MESSAGE_WITHOUT_VENDOR_ID_BYTES =
- hexStringToByteArray(
- OTHER_AVP_WITHOUT_VENDOR_ID
- + OTHER_AVP_WITH_VENDOR_ID
- + EAP_MESSAGE_AVP_WITHOUT_VENDOR_ID_PADDING_REQUIRED
- + OTHER_AVP_WITH_VENDOR_ID);
- private static final byte[] MULTIPLE_EAP_MESSAGE_AVPS_BYTES =
- hexStringToByteArray(
- OTHER_AVP_WITH_VENDOR_ID
- + EAP_MESSAGE_AVP_WITHOUT_VENDOR_ID_PADDING_REQUIRED
- + OTHER_AVP_WITHOUT_VENDOR_ID
- + EAP_MESSAGE_AVP_WITH_VENDOR_ID_PADDING_REQUIRED);
- private static final byte[] MULTIPLE_AVPS_WITHOUT_EAP_MESSAGE_BYTES =
- hexStringToByteArray(
- OTHER_AVP_WITHOUT_VENDOR_ID
- + OTHER_AVP_WITH_VENDOR_ID
- + OTHER_AVP_WITH_VENDOR_ID);
- private static final byte[] EAP_MESSAGE_AVP_WITHOUT_VENDOR_ID_PADDING_NOT_REQUIRED_BYTES =
- hexStringToByteArray(
- "0000004F" + "40" + "00000C" // AVP Code | AVP Flags | AVP Length
- + AVP_DUMMY_DATA_PADDING_NOT_REQUIRED);
- private static final byte[] EAP_MESSAGE_AVP_WITH_VENDOR_ID_PADDING_NOT_REQUIRED_BYTES =
- hexStringToByteArray(
- "0000004F" + "C0" + "000010" // AVP Code | AVP Flags | AVP Length
- + "00000064" // Vendor-ID
- + AVP_DUMMY_DATA_PADDING_NOT_REQUIRED);
- private static final byte[] EAP_MESSAGE_AVP_INVALID_UNDERFLOW_BYTES =
- hexStringToByteArray(
- "0000004F" + "40" + "00000F" // AVP Code | AVP Flags | AVP Length
- + AVP_DUMMY_DATA_PADDING_REQUIRED
- + "00"); // Padding
- private static final byte[] EAP_MESSAGE_AVP_INVALID_PADDING_BYTES =
- hexStringToByteArray(
- "0000004F" + "40" + "00000B" // AVP Code | AVP Flags | AVP Length
- + AVP_DUMMY_DATA_PADDING_REQUIRED);
- private static final byte[] EAP_MESSAGE_AVP_INVALID_LENGTH_BYTES =
- hexStringToByteArray(
- "0000004F" + "40" + "000007" // AVP Code | AVP Flags | AVP Length
- + AVP_DUMMY_DATA_PADDING_REQUIRED
- + "00");
- private static final byte[] OTHER_AVP_MANDATORY_BIT_SET_BYTES =
- hexStringToByteArray(
- "0000000F" + "40" + "00000B" // AVP Code | AVP Flags | AVP Length
- + AVP_DUMMY_DATA_PADDING_REQUIRED
- + "00"); // Padding
-
- private static final int AVP_LENGTH_WITH_VENDOR_ID_PADDING_NOT_REQUIRED = 16;
- private static final int AVP_LENGTH_WITH_VENDOR_ID_PADDING_REQUIRED = 15;
- private static final int AVP_LENGTH_WITHOUT_VENDOR_ID_PADDING_NOT_REQUIRED = 12;
- private static final int AVP_LENGTH_WITHOUT_VENDOR_ID_PADDING_REQUIRED = 11;
-
- // This is an unreastically large number in order to validate behaviour when the most
- // significant bit is set
- private static final byte[] AVP_LENGTH_BYTE_ARRAY = hexStringToByteArray("FFEEED");
- private static final ByteBuffer AVP_LENGTH_BUFFER = ByteBuffer.wrap(AVP_LENGTH_BYTE_ARRAY);
- private static final int AVP_LENGTH_BUFFER_HEX = 0xFFEEED;
-
- private final EapTtlsAvpDecoder mAvpDecoder = new EapTtlsAvpDecoder();
-
- @Test
- public void testEapTtlsAvp_success_withoutVendorId() throws Exception {
- EapTtlsAvp avp =
- new EapTtlsAvp(
- ByteBuffer.wrap(EAP_MESSAGE_AVP_WITHOUT_VENDOR_ID_PADDING_REQUIRED_BYTES));
-
- assertEquals(EAP_MESSAGE_AVP_CODE, avp.avpCode);
- assertFalse(avp.isVendorIdPresent);
- assertTrue(avp.isMandatory);
- assertEquals(DEFAULT_VENDOR_ID, avp.vendorId);
- assertEquals(AVP_LENGTH_WITHOUT_VENDOR_ID_PADDING_REQUIRED, avp.avpLength);
- assertArrayEquals(AVP_DUMMY_DATA_PADDING_REQUIRED_BYTES, avp.data);
- }
-
- @Test
- public void testEapTtlsAvp_success_withVendorId() throws Exception {
- EapTtlsAvp avp =
- new EapTtlsAvp(
- ByteBuffer.wrap(EAP_MESSAGE_AVP_WITH_VENDOR_ID_PADDING_REQUIRED_BYTES));
-
- assertEquals(EAP_MESSAGE_AVP_CODE, avp.avpCode);
- assertTrue(avp.isVendorIdPresent);
- assertTrue(avp.isMandatory);
- assertEquals(SAMPLE_VENDOR_ID, avp.vendorId);
- assertEquals(AVP_LENGTH_WITH_VENDOR_ID_PADDING_REQUIRED, avp.avpLength);
- assertArrayEquals(AVP_DUMMY_DATA_PADDING_REQUIRED_BYTES, avp.data);
- }
-
- @Test(expected = BufferUnderflowException.class)
- public void testEapTtlsAvp_failure_invalidUnderflow() throws Exception {
- EapTtlsAvp avp = new EapTtlsAvp(ByteBuffer.wrap(EAP_MESSAGE_AVP_INVALID_UNDERFLOW_BYTES));
- }
-
- @Test(expected = BufferUnderflowException.class)
- public void testEapTtlsAvp_failure_invalidPadding() throws Exception {
- EapTtlsAvp avp = new EapTtlsAvp(ByteBuffer.wrap(EAP_MESSAGE_AVP_INVALID_PADDING_BYTES));
- }
-
- @Test(expected = EapTtlsParsingException.class)
- public void testEapTtlsAvp_failure_invalidLength() throws Exception {
- EapTtlsAvp avp = new EapTtlsAvp(ByteBuffer.wrap(EAP_MESSAGE_AVP_INVALID_LENGTH_BYTES));
- }
-
- @Test
- public void testAvpDecoding_success_multipleAvps_withoutVendorId() throws Exception {
- AvpDecodeResult decodeResult =
- mAvpDecoder.decode(MULTIPLE_AVPS_EAP_MESSAGE_WITHOUT_VENDOR_ID_BYTES);
- assertTrue(decodeResult.isSuccessfulDecode());
- EapTtlsAvp avp = decodeResult.eapTtlsAvp;
-
- assertEquals(EAP_MESSAGE_AVP_CODE, avp.avpCode);
- assertFalse(avp.isVendorIdPresent);
- assertTrue(avp.isMandatory);
- assertEquals(DEFAULT_VENDOR_ID, avp.vendorId);
- assertEquals(AVP_LENGTH_WITHOUT_VENDOR_ID_PADDING_REQUIRED, avp.avpLength);
- assertArrayEquals(AVP_DUMMY_DATA_PADDING_REQUIRED_BYTES, avp.data);
- }
-
- @Test
- public void testAvpDecoding_success_multipleAvps_withVendorId() throws Exception {
- AvpDecodeResult decodeResult =
- mAvpDecoder.decode(MULTIPLE_AVPS_EAP_MESSAGE_WITH_VENDOR_ID_BYTES);
- assertTrue(decodeResult.isSuccessfulDecode());
- EapTtlsAvp avp = decodeResult.eapTtlsAvp;
-
- assertEquals(EAP_MESSAGE_AVP_CODE, avp.avpCode);
- assertTrue(avp.isVendorIdPresent);
- assertTrue(avp.isMandatory);
- assertEquals(SAMPLE_VENDOR_ID, avp.vendorId);
- assertEquals(AVP_LENGTH_WITH_VENDOR_ID_PADDING_REQUIRED, avp.avpLength);
- assertArrayEquals(AVP_DUMMY_DATA_PADDING_REQUIRED_BYTES, avp.data);
- }
-
- @Test
- public void testAvpDecoding_failure_multipleAvps_noEapMessage() throws Exception {
- verifyAvpDecodingFailure(mAvpDecoder.decode(MULTIPLE_AVPS_WITHOUT_EAP_MESSAGE_BYTES));
- }
-
- @Test
- public void testAvpDecoding_failure_multipleEapMessageAvps() throws Exception {
- verifyAvpDecodingFailure(mAvpDecoder.decode(MULTIPLE_EAP_MESSAGE_AVPS_BYTES));
- }
-
- @Test
- public void testAvpDecoding_failure_mandatoryUnsupportedAvp() throws Exception {
- verifyAvpDecodingFailure(mAvpDecoder.decode(OTHER_AVP_MANDATORY_BIT_SET_BYTES));
- }
-
- private void verifyAvpDecodingFailure(AvpDecodeResult decodeResult) {
- assertFalse(decodeResult.isSuccessfulDecode());
- EapError eapError = decodeResult.eapError;
- assertTrue(eapError.cause instanceof EapTtlsParsingException);
- }
-
- @Test
- public void testEapMessageAvpEncoding_withoutVendorId_paddingRequired() {
- verifyEapMessageAvpEncoding(
- DEFAULT_VENDOR_ID,
- AVP_DUMMY_DATA_PADDING_REQUIRED_BYTES,
- EAP_MESSAGE_AVP_WITHOUT_VENDOR_ID_PADDING_REQUIRED_BYTES);
- }
-
- @Test
- public void testEapMessageAvpEncoding_withoutVendorId_paddingNotRequired() {
- verifyEapMessageAvpEncoding(
- DEFAULT_VENDOR_ID,
- AVP_DUMMY_DATA_PADDING_NOT_REQUIRED_BYTES,
- EAP_MESSAGE_AVP_WITHOUT_VENDOR_ID_PADDING_NOT_REQUIRED_BYTES);
- }
-
- @Test
- public void testEapMessageAvpEncoding_withVendorId_paddingRequired() {
- verifyEapMessageAvpEncoding(
- SAMPLE_VENDOR_ID,
- AVP_DUMMY_DATA_PADDING_REQUIRED_BYTES,
- EAP_MESSAGE_AVP_WITH_VENDOR_ID_PADDING_REQUIRED_BYTES);
- }
-
- @Test
- public void testEapMessageAvpEncoding_withVendorId_paddingNotRequired() {
- verifyEapMessageAvpEncoding(
- SAMPLE_VENDOR_ID,
- AVP_DUMMY_DATA_PADDING_NOT_REQUIRED_BYTES,
- EAP_MESSAGE_AVP_WITH_VENDOR_ID_PADDING_NOT_REQUIRED_BYTES);
- }
-
- private void verifyEapMessageAvpEncoding(int vendorId, byte[] avpData, byte[] expectedResult) {
- EapTtlsAvp eapTtlsAvp = EapTtlsAvp.getEapMessageAvp(vendorId, avpData);
-
- assertArrayEquals(expectedResult, eapTtlsAvp.encode());
- }
-
- @Test
- public void testDecodeAndEncodeAvp() {
- AvpDecodeResult decodeResult =
- mAvpDecoder.decode(MULTIPLE_AVPS_EAP_MESSAGE_WITHOUT_VENDOR_ID_BYTES);
- assertTrue(decodeResult.isSuccessfulDecode());
- byte[] encodedAvp = decodeResult.eapTtlsAvp.encode();
-
- assertArrayEquals(EAP_MESSAGE_AVP_WITHOUT_VENDOR_ID_PADDING_REQUIRED_BYTES, encodedAvp);
- }
-
- @Test
- public void testGetAvpPadding() throws Exception {
- assertEquals(1, EapTtlsAvp.getAvpPadding(AVP_LENGTH_WITHOUT_VENDOR_ID_PADDING_REQUIRED));
- }
-
- @Test
- public void testGetAvpPadding_alreadyPadded() throws Exception {
- assertEquals(
- 0, EapTtlsAvp.getAvpPadding(AVP_LENGTH_WITHOUT_VENDOR_ID_PADDING_NOT_REQUIRED));
- }
-
- @Test
- public void testGetAvpLengthFromBuffer_success() throws Exception {
- assertEquals(AVP_LENGTH_BUFFER_HEX, EapTtlsAvp.getAvpLength(AVP_LENGTH_BUFFER));
- }
-
- @Test
- public void testEncodeAvpLength_success() throws Exception {
- ByteBuffer buffer = ByteBuffer.allocate(AVP_LENGTH_WITH_VENDOR_ID_PADDING_REQUIRED);
- EapTtlsAvp.encodeAvpLength(buffer, AVP_LENGTH_BUFFER_HEX);
-
- assertArrayEquals(AVP_LENGTH_BYTE_ARRAY, TlsSession.getByteArrayFromBuffer(buffer));
- }
-}
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/ttls/EapTtlsInboundFragmentationHelperTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/ttls/EapTtlsInboundFragmentationHelperTest.java
deleted file mode 100644
index 0d0a2c7..0000000
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/ttls/EapTtlsInboundFragmentationHelperTest.java
+++ /dev/null
@@ -1,146 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.eap.test.message.ttls;
-
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_TTLS_DUMMY_DATA_ASSEMBLED_FRAGMENT_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_TTLS_DUMMY_DATA_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_TTLS_DUMMY_DATA_FINAL_FRAGMENT_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_TTLS_DUMMY_DATA_INITIAL_FRAGMENT_BYTES;
-import static com.android.internal.net.eap.test.message.ttls.EapTtlsInboundFragmentationHelper.FRAGMENTATION_STATUS_ACK;
-import static com.android.internal.net.eap.test.message.ttls.EapTtlsInboundFragmentationHelper.FRAGMENTATION_STATUS_ASSEMBLED;
-import static com.android.internal.net.eap.test.message.ttls.EapTtlsInboundFragmentationHelper.FRAGMENTATION_STATUS_INVALID;
-
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertTrue;
-
-import com.android.internal.net.eap.test.crypto.TlsSession;
-
-import org.junit.Before;
-import org.junit.Test;
-
-import java.nio.ByteBuffer;
-
-public class EapTtlsInboundFragmentationHelperTest {
-
- static final int BUFFER_SIZE_INVALID = EAP_TTLS_DUMMY_DATA_INITIAL_FRAGMENT_BYTES.length / 2;
- static final int BUFFER_SIZE_FRAGMENT_ONE = EAP_TTLS_DUMMY_DATA_INITIAL_FRAGMENT_BYTES.length;
- static final int BUFFER_SIZE_FRAGMENT_TWO = EAP_TTLS_DUMMY_DATA_FINAL_FRAGMENT_BYTES.length;
- static final int BUFFER_SIZE_ASSEMBLED_FRAGMENTS =
- BUFFER_SIZE_FRAGMENT_ONE + BUFFER_SIZE_FRAGMENT_TWO;
-
- static final EapTtlsTypeData EAP_TTLS_TYPE_DATA_INITIAL_FRAGMENT =
- EapTtlsTypeData.getEapTtlsTypeData(
- true /* isFragmented */,
- false /* start */,
- 0 /* version */,
- BUFFER_SIZE_ASSEMBLED_FRAGMENTS,
- EAP_TTLS_DUMMY_DATA_INITIAL_FRAGMENT_BYTES);
- static final EapTtlsTypeData EAP_TTLS_TYPE_DATA_FINAL_FRAGMENT =
- EapTtlsTypeData.getEapTtlsTypeData(
- false /* isFragmented */,
- false /* start */,
- 0 /* version */,
- 0 /* length */,
- EAP_TTLS_DUMMY_DATA_FINAL_FRAGMENT_BYTES);
- static final EapTtlsTypeData EAP_TTLS_TYPE_DATA =
- EapTtlsTypeData.getEapTtlsTypeData(
- false /* isFragmented */,
- false /* start */,
- 0 /* version */,
- 0 /* length */,
- EAP_TTLS_DUMMY_DATA_BYTES);
- static final EapTtlsTypeData EAP_TTLS_TYPE_FINAL_FRAGMENT_LENGTH_INCLUDED =
- EapTtlsTypeData.getEapTtlsTypeData(
- false /* isFragmented */,
- false /* start */,
- 0 /* version */,
- BUFFER_SIZE_FRAGMENT_TWO,
- EAP_TTLS_DUMMY_DATA_FINAL_FRAGMENT_BYTES);
- static final EapTtlsTypeData EAP_TTLS_TYPE_INITIAL_FRAGMENT_INVALID_LENGTH =
- EapTtlsTypeData.getEapTtlsTypeData(
- true /* isFragmented */,
- false /* start */,
- 0 /* version */,
- BUFFER_SIZE_INVALID,
- EAP_TTLS_DUMMY_DATA_INITIAL_FRAGMENT_BYTES);
-
- private EapTtlsInboundFragmentationHelper mFragmentationHelper;
-
- @Before
- public void setUp() {
- mFragmentationHelper = new EapTtlsInboundFragmentationHelper();
- }
-
- @Test
- public void testInboundFragmentation_initialFragment() {
- int status =
- mFragmentationHelper.assembleInboundMessage(EAP_TTLS_TYPE_DATA_INITIAL_FRAGMENT);
-
- assertEquals(FRAGMENTATION_STATUS_ACK, status);
- assertTrue(mFragmentationHelper.isAwaitingFragments());
- assertArrayEquals(
- EAP_TTLS_DUMMY_DATA_INITIAL_FRAGMENT_BYTES,
- TlsSession.getByteArrayFromBuffer(mFragmentationHelper.mFragmentedData));
- }
-
- @Test
- public void testInboundFragmentation_finalFragment() {
- mFragmentationHelper.mIsAwaitingFragments = true;
- mFragmentationHelper.mFragmentedData = ByteBuffer.allocate(BUFFER_SIZE_ASSEMBLED_FRAGMENTS);
- mFragmentationHelper.mFragmentedData.put(EAP_TTLS_DUMMY_DATA_INITIAL_FRAGMENT_BYTES);
-
- int status = mFragmentationHelper.assembleInboundMessage(EAP_TTLS_TYPE_DATA_FINAL_FRAGMENT);
-
- assertEquals(FRAGMENTATION_STATUS_ASSEMBLED, status);
- assertFalse(mFragmentationHelper.isAwaitingFragments());
- assertArrayEquals(
- EAP_TTLS_DUMMY_DATA_ASSEMBLED_FRAGMENT_BYTES,
- mFragmentationHelper.getAssembledInboundFragment());
- }
-
- @Test
- public void testInboundFragmentation_secondFragment_lengthIncluded() {
- mFragmentationHelper.mIsAwaitingFragments = true;
-
- int status =
- mFragmentationHelper.assembleInboundMessage(
- EAP_TTLS_TYPE_FINAL_FRAGMENT_LENGTH_INCLUDED);
-
- assertEquals(FRAGMENTATION_STATUS_INVALID, status);
- }
-
- @Test
- public void testInboundFragmentation_invalidLength() {
- int status =
- mFragmentationHelper.assembleInboundMessage(
- EAP_TTLS_TYPE_INITIAL_FRAGMENT_INVALID_LENGTH);
-
- assertEquals(FRAGMENTATION_STATUS_INVALID, status);
- }
-
- @Test
- public void testInboundFragmentation_noFragmentation() {
- int status = mFragmentationHelper.assembleInboundMessage(EAP_TTLS_TYPE_DATA);
-
- assertEquals(FRAGMENTATION_STATUS_ASSEMBLED, status);
- assertFalse(mFragmentationHelper.isAwaitingFragments());
- assertArrayEquals(
- EAP_TTLS_DUMMY_DATA_BYTES, mFragmentationHelper.getAssembledInboundFragment());
- }
-}
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/ttls/EapTtlsOutboundFragmentationHelperTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/ttls/EapTtlsOutboundFragmentationHelperTest.java
deleted file mode 100644
index 7963159..0000000
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/ttls/EapTtlsOutboundFragmentationHelperTest.java
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.eap.test.message.ttls;
-
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_TTLS_DUMMY_DATA_ASSEMBLED_FRAGMENT_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_TTLS_DUMMY_DATA_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_TTLS_DUMMY_DATA_FINAL_FRAGMENT_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_TTLS_DUMMY_DATA_INITIAL_FRAGMENT_BYTES;
-
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertTrue;
-
-import com.android.internal.net.eap.test.message.ttls.EapTtlsOutboundFragmentationHelper.FragmentationResult;
-
-import org.junit.Before;
-import org.junit.Test;
-
-public class EapTtlsOutboundFragmentationHelperTest {
- private static final int FRAGMENT_SIZE = EAP_TTLS_DUMMY_DATA_INITIAL_FRAGMENT_BYTES.length;
-
- private EapTtlsOutboundFragmentationHelper mFragmentationHelper;
-
- @Before
- public void setUp() {
- mFragmentationHelper = new EapTtlsOutboundFragmentationHelper(FRAGMENT_SIZE);
- }
-
- @Test
- public void testOutboundFragmentation_initialFragment() {
- mFragmentationHelper.setupOutboundFragmentation(
- EAP_TTLS_DUMMY_DATA_ASSEMBLED_FRAGMENT_BYTES);
-
- FragmentationResult result = mFragmentationHelper.getNextOutboundFragment();
-
- assertTrue(result.hasRemainingFragments);
- assertTrue(mFragmentationHelper.hasRemainingFragments());
- assertArrayEquals(EAP_TTLS_DUMMY_DATA_INITIAL_FRAGMENT_BYTES, result.fragmentedData);
- }
-
- @Test
- public void testOutboundFragmentation_finalFragment() {
- mFragmentationHelper.setupOutboundFragmentation(
- EAP_TTLS_DUMMY_DATA_ASSEMBLED_FRAGMENT_BYTES);
- mFragmentationHelper.getNextOutboundFragment();
-
- FragmentationResult result = mFragmentationHelper.getNextOutboundFragment();
-
- assertFalse(result.hasRemainingFragments);
- assertFalse(mFragmentationHelper.hasRemainingFragments());
- assertArrayEquals(EAP_TTLS_DUMMY_DATA_FINAL_FRAGMENT_BYTES, result.fragmentedData);
- }
-
- @Test
- public void testOutboundFragmentation_noFragmentation() {
- mFragmentationHelper.setupOutboundFragmentation(EAP_TTLS_DUMMY_DATA_BYTES);
-
- FragmentationResult result = mFragmentationHelper.getNextOutboundFragment();
-
- assertFalse(result.hasRemainingFragments);
- assertFalse(mFragmentationHelper.hasRemainingFragments());
- assertArrayEquals(EAP_TTLS_DUMMY_DATA_BYTES, result.fragmentedData);
- }
-
- @Test(expected = IllegalStateException.class)
- public void testOutboundFragmentation_nullBuffer() {
- mFragmentationHelper.getNextOutboundFragment();
- }
-
- @Test(expected = IllegalStateException.class)
- public void testOutboundFragmentation_endOfBuffer() {
- mFragmentationHelper.setupOutboundFragmentation(EAP_TTLS_DUMMY_DATA_BYTES);
- mFragmentationHelper.getNextOutboundFragment();
-
- mFragmentationHelper.getNextOutboundFragment();
- }
-}
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/message/ttls/EapTtlsTypeDataTest.java b/tests/iketests/src/java/com/android/internal/net/eap/message/ttls/EapTtlsTypeDataTest.java
deleted file mode 100644
index b1dc54b..0000000
--- a/tests/iketests/src/java/com/android/internal/net/eap/message/ttls/EapTtlsTypeDataTest.java
+++ /dev/null
@@ -1,173 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.eap.test.message.ttls;
-
-import static com.android.internal.net.TestUtils.hexStringToByteArray;
-
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertTrue;
-
-import com.android.internal.net.eap.test.EapResult.EapError;
-import com.android.internal.net.eap.test.exceptions.ttls.EapTtlsParsingException;
-import com.android.internal.net.eap.test.message.ttls.EapTtlsTypeData.EapTtlsAcknowledgement;
-import com.android.internal.net.eap.test.message.ttls.EapTtlsTypeData.EapTtlsTypeDataDecoder;
-import com.android.internal.net.eap.test.message.ttls.EapTtlsTypeData.EapTtlsTypeDataDecoder.DecodeResult;
-
-import org.junit.Test;
-
-public class EapTtlsTypeDataTest {
- private static final String TAG = EapTtlsTypeDataTest.class.getSimpleName();
-
- private static final String EAP_TTLS_REQUEST_DATA =
- "16030300310200002d03037071727374757677787"
- + "97a7b7c7d7e7f808182838485868788898a8b8c8d8e8f00c013000005ff01000100";
- private static final byte[] EAP_TTLS_REQUEST_DATA_BYTES =
- hexStringToByteArray(EAP_TTLS_REQUEST_DATA);
-
- private static final byte[] EAP_TTLS_REQUEST =
- hexStringToByteArray("00" + EAP_TTLS_REQUEST_DATA);
- private static final byte[] EAP_TTLS_REQUEST_START_SET =
- hexStringToByteArray("20" + EAP_TTLS_REQUEST_DATA);
- private static final byte[] EAP_TTLS_REQUEST_NO_FRAG_LENGTH_SET =
- hexStringToByteArray("80" + "00000000" + EAP_TTLS_REQUEST_DATA);
- private static final byte[] EAP_TTLS_REQUEST_START = hexStringToByteArray("20");
- // to test an expected start request without a start bit set
- private static final byte[] EAP_TTLS_REQUEST_START_NOT_SET = hexStringToByteArray("00");
- private static final byte[] EAP_TTLS_RESPONSE_ACK = hexStringToByteArray("00");
-
- private final EapTtlsTypeDataDecoder mTypeDataDecoder = new EapTtlsTypeDataDecoder();
-
- @Test
- public void testDecodeResult_successfulDecode() throws Exception {
- DecodeResult result =
- new DecodeResult(
- EapTtlsTypeData.getEapTtlsTypeData(
- false /* isDataFragmented */,
- false /* isStart */,
- 0 /* version */,
- 0 /* isLengthIncluded */,
- EAP_TTLS_REQUEST_DATA_BYTES));
-
- assertTrue(result.isSuccessfulDecode());
- }
-
- @Test
- public void testDecodeResult_unsuccessfulDecode() throws Exception {
- DecodeResult result = new DecodeResult(new EapError(new Exception()));
-
- assertFalse(result.isSuccessfulDecode());
- }
-
- @Test
- public void testDecodeEapTtlsRequest() {
- DecodeResult decodeResult = mTypeDataDecoder.decodeEapTtlsRequestPacket(EAP_TTLS_REQUEST);
- assertTrue(decodeResult.isSuccessfulDecode());
- EapTtlsTypeData typeData = decodeResult.eapTypeData;
-
- assertFalse(typeData.isLengthIncluded);
- assertFalse(typeData.isDataFragmented);
- assertFalse(typeData.isStart);
- assertEquals(0, typeData.version);
- assertEquals(0, typeData.messageLength);
- assertArrayEquals(EAP_TTLS_REQUEST_DATA_BYTES, typeData.data);
- }
-
- @Test
- public void testDecodeEapTtlsRequest_incorrectMessageLength() {
- DecodeResult decodeResult =
- mTypeDataDecoder.decodeEapTtlsRequestPacket(EAP_TTLS_REQUEST_NO_FRAG_LENGTH_SET);
-
- assertFalse(decodeResult.isSuccessfulDecode());
- EapError eapError = decodeResult.eapError;
- assertTrue(eapError.cause instanceof EapTtlsParsingException);
- }
-
- @Test
- public void testDecodeEapTtlsStart() {
- DecodeResult decodeResult =
- mTypeDataDecoder.decodeEapTtlsRequestPacket(EAP_TTLS_REQUEST_START);
- assertTrue(decodeResult.isSuccessfulDecode());
- EapTtlsTypeData typeData = decodeResult.eapTypeData;
-
- assertFalse(typeData.isLengthIncluded);
- assertFalse(typeData.isDataFragmented);
- assertTrue(typeData.isStart);
- assertEquals(0, typeData.version);
- assertEquals(0, typeData.messageLength);
- assertArrayEquals(new byte[0], typeData.data);
- }
-
- @Test
- public void testEncodeEapTtlsTypeData() {
- EapTtlsTypeData typeData =
- EapTtlsTypeData.getEapTtlsTypeData(
- false /* isDataFragmented */,
- false /* isStart */,
- 0 /* version */,
- 0 /* isLengthIncluded */,
- EAP_TTLS_REQUEST_DATA_BYTES);
- byte[] encodeResult = typeData.encode();
-
- assertArrayEquals(EAP_TTLS_REQUEST, encodeResult);
- }
-
- @Test
- public void testEapTtlsAcknowledgementResponse() {
- EapTtlsAcknowledgement eapTtlsAcknowledgement =
- EapTtlsAcknowledgement.getEapTtlsAcknowledgement();
- byte[] encodeResult = eapTtlsAcknowledgement.encode();
-
- assertArrayEquals(EAP_TTLS_RESPONSE_ACK, encodeResult);
- }
-
- @Test
- public void testEapTtlsIsAcknowledgment_valid() {
- EapTtlsAcknowledgement eapTtlsAcknowledgement =
- EapTtlsAcknowledgement.getEapTtlsAcknowledgement();
-
- assertTrue(eapTtlsAcknowledgement.isAcknowledgmentPacket());
- assertArrayEquals(EAP_TTLS_RESPONSE_ACK, eapTtlsAcknowledgement.encode());
- }
-
- @Test
- public void testEapTtlsIsAcknowledgment_invalidWithData() {
- EapTtlsTypeData eapTtlsTypeData =
- EapTtlsTypeData.getEapTtlsTypeData(
- false /* packetFragmented */,
- false /* start */,
- 0 /* version */,
- 0 /* messageLength */,
- EAP_TTLS_REQUEST);
-
- assertFalse(eapTtlsTypeData.isAcknowledgmentPacket());
- }
-
- @Test
- public void testEapTtlsIsAcknowledgment_invalidWithoutData() {
- EapTtlsTypeData eapTtlsTypeData =
- EapTtlsTypeData.getEapTtlsTypeData(
- false /* packetFragmented */,
- true /* start */,
- 0 /* version */,
- 0 /* messageLength */,
- new byte[0]);
-
- assertFalse(eapTtlsTypeData.isAcknowledgmentPacket());
- }
-}
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/CreatedStateTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/CreatedStateTest.java
index 25bd2df..a452fa6 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/CreatedStateTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/CreatedStateTest.java
@@ -14,12 +14,12 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.statemachine;
+package com.android.internal.net.eap.statemachine;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_REQUEST_IDENTITY_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_REQUEST_NOTIFICATION_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_REQUEST_SIM_START_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_RESPONSE_NOTIFICATION_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_REQUEST_IDENTITY_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_REQUEST_NOTIFICATION_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_REQUEST_SIM_START_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_RESPONSE_NOTIFICATION_PACKET;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertTrue;
@@ -29,10 +29,10 @@
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.verify;
-import com.android.internal.net.eap.test.EapResult;
-import com.android.internal.net.eap.test.EapResult.EapResponse;
-import com.android.internal.net.eap.test.statemachine.EapStateMachine.IdentityState;
-import com.android.internal.net.eap.test.statemachine.EapStateMachine.MethodState;
+import com.android.internal.net.eap.EapResult;
+import com.android.internal.net.eap.EapResult.EapResponse;
+import com.android.internal.net.eap.statemachine.EapStateMachine.IdentityState;
+import com.android.internal.net.eap.statemachine.EapStateMachine.MethodState;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaChallengeStateTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaChallengeStateTest.java
index 75d10f8..810248e 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaChallengeStateTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaChallengeStateTest.java
@@ -14,33 +14,32 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.statemachine;
-
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_AKA;
+package com.android.internal.net.eap.statemachine;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
-import static com.android.internal.net.eap.test.message.EapData.EAP_IDENTITY;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_FAILURE;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_REQUEST;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_SUCCESS;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.CK_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_AKA_AUTHENTICATION_REJECT;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_AKA_CHALLENGE_RESPONSE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_AKA_CLIENT_ERROR_UNABLE_TO_PROCESS;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_AKA_SYNCHRONIZATION_FAILURE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_AKA_UICC_RESP_INVALID_TAG;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_AKA_UICC_RESP_SUCCESS_BASE_64;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_AKA_UICC_RESP_SYNCHRONIZE_BASE_64;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EMSK;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.ID_INT;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.IK_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSK;
-import static com.android.internal.net.eap.test.message.simaka.EapAkaTypeData.EAP_AKA_CHALLENGE;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AUTN_BYTES;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AUTS_BYTES;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.IDENTITY;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.RAND_1_BYTES;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.RES_BYTES;
+import static com.android.internal.net.eap.message.EapData.EAP_IDENTITY;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_AKA;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_FAILURE;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_REQUEST;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_SUCCESS;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.CK_BYTES;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_AKA_AUTHENTICATION_REJECT;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_AKA_CHALLENGE_RESPONSE;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_AKA_CLIENT_ERROR_UNABLE_TO_PROCESS;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_AKA_SYNCHRONIZATION_FAILURE;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_AKA_UICC_RESP_INVALID_TAG;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_AKA_UICC_RESP_SUCCESS_BASE_64;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_AKA_UICC_RESP_SYNCHRONIZE_BASE_64;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EMSK;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.ID_INT;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.IK_BYTES;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSK;
+import static com.android.internal.net.eap.message.simaka.EapAkaTypeData.EAP_AKA_CHALLENGE;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AUTN_BYTES;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AUTS_BYTES;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.IDENTITY;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.RAND_1_BYTES;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.RES_BYTES;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertNull;
@@ -54,25 +53,25 @@
import android.telephony.TelephonyManager;
-import com.android.internal.net.eap.test.EapResult;
-import com.android.internal.net.eap.test.EapResult.EapError;
-import com.android.internal.net.eap.test.EapResult.EapFailure;
-import com.android.internal.net.eap.test.EapResult.EapResponse;
-import com.android.internal.net.eap.test.EapResult.EapSuccess;
-import com.android.internal.net.eap.test.exceptions.EapInvalidRequestException;
-import com.android.internal.net.eap.test.exceptions.simaka.EapAkaInvalidAuthenticationResponse;
-import com.android.internal.net.eap.test.exceptions.simaka.EapSimAkaInvalidLengthException;
-import com.android.internal.net.eap.test.message.EapData;
-import com.android.internal.net.eap.test.message.EapMessage;
-import com.android.internal.net.eap.test.message.simaka.EapAkaTypeData;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtAutn;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtBidding;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtMac;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtRandAka;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaTypeData.DecodeResult;
-import com.android.internal.net.eap.test.statemachine.EapAkaMethodStateMachine.ChallengeState;
-import com.android.internal.net.eap.test.statemachine.EapAkaMethodStateMachine.ChallengeState.RandChallengeResult;
-import com.android.internal.net.eap.test.statemachine.EapMethodStateMachine.FinalState;
+import com.android.internal.net.eap.EapResult;
+import com.android.internal.net.eap.EapResult.EapError;
+import com.android.internal.net.eap.EapResult.EapFailure;
+import com.android.internal.net.eap.EapResult.EapResponse;
+import com.android.internal.net.eap.EapResult.EapSuccess;
+import com.android.internal.net.eap.exceptions.EapInvalidRequestException;
+import com.android.internal.net.eap.exceptions.simaka.EapAkaInvalidAuthenticationResponse;
+import com.android.internal.net.eap.exceptions.simaka.EapSimAkaInvalidLengthException;
+import com.android.internal.net.eap.message.EapData;
+import com.android.internal.net.eap.message.EapMessage;
+import com.android.internal.net.eap.message.simaka.EapAkaTypeData;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtAutn;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtBidding;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtMac;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtRandAka;
+import com.android.internal.net.eap.message.simaka.EapSimAkaTypeData.DecodeResult;
+import com.android.internal.net.eap.statemachine.EapAkaMethodStateMachine.ChallengeState;
+import com.android.internal.net.eap.statemachine.EapAkaMethodStateMachine.ChallengeState.RandChallengeResult;
+import com.android.internal.net.eap.statemachine.EapMethodStateMachine.FinalState;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaCreatedStateTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaCreatedStateTest.java
index 55c92f6..e2732aa 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaCreatedStateTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaCreatedStateTest.java
@@ -14,16 +14,15 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.statemachine;
+package com.android.internal.net.eap.statemachine;
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_AKA;
-
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_FAILURE;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_REQUEST;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_SUCCESS;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.ID_INT;
-import static com.android.internal.net.eap.test.message.simaka.EapAkaTypeData.EAP_AKA_CHALLENGE;
-import static com.android.internal.net.eap.test.message.simaka.EapAkaTypeData.EAP_AKA_IDENTITY;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_AKA;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_FAILURE;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_REQUEST;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_SUCCESS;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.ID_INT;
+import static com.android.internal.net.eap.message.simaka.EapAkaTypeData.EAP_AKA_CHALLENGE;
+import static com.android.internal.net.eap.message.simaka.EapAkaTypeData.EAP_AKA_IDENTITY;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertTrue;
@@ -33,17 +32,17 @@
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
-import com.android.internal.net.eap.test.EapResult;
-import com.android.internal.net.eap.test.EapResult.EapError;
-import com.android.internal.net.eap.test.EapResult.EapFailure;
-import com.android.internal.net.eap.test.exceptions.EapInvalidRequestException;
-import com.android.internal.net.eap.test.message.EapData;
-import com.android.internal.net.eap.test.message.EapMessage;
-import com.android.internal.net.eap.test.message.simaka.EapAkaTypeData;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaTypeData.DecodeResult;
-import com.android.internal.net.eap.test.statemachine.EapAkaMethodStateMachine.ChallengeState;
-import com.android.internal.net.eap.test.statemachine.EapAkaMethodStateMachine.IdentityState;
-import com.android.internal.net.eap.test.statemachine.EapMethodStateMachine.FinalState;
+import com.android.internal.net.eap.EapResult;
+import com.android.internal.net.eap.EapResult.EapError;
+import com.android.internal.net.eap.EapResult.EapFailure;
+import com.android.internal.net.eap.exceptions.EapInvalidRequestException;
+import com.android.internal.net.eap.message.EapData;
+import com.android.internal.net.eap.message.EapMessage;
+import com.android.internal.net.eap.message.simaka.EapAkaTypeData;
+import com.android.internal.net.eap.message.simaka.EapSimAkaTypeData.DecodeResult;
+import com.android.internal.net.eap.statemachine.EapAkaMethodStateMachine.ChallengeState;
+import com.android.internal.net.eap.statemachine.EapAkaMethodStateMachine.IdentityState;
+import com.android.internal.net.eap.statemachine.EapMethodStateMachine.FinalState;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaIdentityStateTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaIdentityStateTest.java
index e648b4f..d7b0f9f 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaIdentityStateTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaIdentityStateTest.java
@@ -14,17 +14,16 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.statemachine;
+package com.android.internal.net.eap.statemachine;
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_AKA;
-
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_REQUEST;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_AKA_CLIENT_ERROR_UNABLE_TO_PROCESS;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_AKA_IDENTITY_RESPONSE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.ID_INT;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.IMSI;
-import static com.android.internal.net.eap.test.message.simaka.EapAkaTypeData.EAP_AKA_CHALLENGE;
-import static com.android.internal.net.eap.test.message.simaka.EapAkaTypeData.EAP_AKA_IDENTITY;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_AKA;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_REQUEST;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_AKA_CLIENT_ERROR_UNABLE_TO_PROCESS;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_AKA_IDENTITY_RESPONSE;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.ID_INT;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.IMSI;
+import static com.android.internal.net.eap.message.simaka.EapAkaTypeData.EAP_AKA_CHALLENGE;
+import static com.android.internal.net.eap.message.simaka.EapAkaTypeData.EAP_AKA_IDENTITY;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertTrue;
@@ -34,17 +33,17 @@
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
-import com.android.internal.net.eap.test.EapResult.EapError;
-import com.android.internal.net.eap.test.EapResult.EapResponse;
-import com.android.internal.net.eap.test.exceptions.simaka.EapSimAkaIdentityUnavailableException;
-import com.android.internal.net.eap.test.message.EapData;
-import com.android.internal.net.eap.test.message.EapMessage;
-import com.android.internal.net.eap.test.message.simaka.EapAkaTypeData;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtAnyIdReq;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtPermanentIdReq;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaTypeData.DecodeResult;
-import com.android.internal.net.eap.test.statemachine.EapAkaMethodStateMachine.ChallengeState;
-import com.android.internal.net.eap.test.statemachine.EapAkaMethodStateMachine.IdentityState;
+import com.android.internal.net.eap.EapResult.EapError;
+import com.android.internal.net.eap.EapResult.EapResponse;
+import com.android.internal.net.eap.exceptions.simaka.EapSimAkaIdentityUnavailableException;
+import com.android.internal.net.eap.message.EapData;
+import com.android.internal.net.eap.message.EapMessage;
+import com.android.internal.net.eap.message.simaka.EapAkaTypeData;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtAnyIdReq;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtPermanentIdReq;
+import com.android.internal.net.eap.message.simaka.EapSimAkaTypeData.DecodeResult;
+import com.android.internal.net.eap.statemachine.EapAkaMethodStateMachine.ChallengeState;
+import com.android.internal.net.eap.statemachine.EapAkaMethodStateMachine.IdentityState;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaMethodStateMachineTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaMethodStateMachineTest.java
index a0d11f3..edf50db 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaMethodStateMachineTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaMethodStateMachineTest.java
@@ -14,20 +14,20 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.statemachine;
+package com.android.internal.net.eap.statemachine;
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_AKA;
import static android.telephony.TelephonyManager.APPTYPE_USIM;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_REQUEST;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_AKA_CLIENT_ERROR_UNABLE_TO_PROCESS;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_AKA_NOTIFICATION_RESPONSE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.ID_INT;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.IMSI;
-import static com.android.internal.net.eap.test.message.simaka.EapAkaTypeData.EAP_AKA_IDENTITY;
-import static com.android.internal.net.eap.test.message.simaka.EapAkaTypeData.EAP_AKA_NOTIFICATION;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtNotification.GENERAL_FAILURE_PRE_CHALLENGE;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_AKA;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_REQUEST;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_AKA_CLIENT_ERROR_UNABLE_TO_PROCESS;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_AKA_NOTIFICATION_RESPONSE;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.ID_INT;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.IMSI;
+import static com.android.internal.net.eap.message.simaka.EapAkaTypeData.EAP_AKA_IDENTITY;
+import static com.android.internal.net.eap.message.simaka.EapAkaTypeData.EAP_AKA_NOTIFICATION;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtNotification.GENERAL_FAILURE_PRE_CHALLENGE;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -40,20 +40,20 @@
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
-import android.net.eap.test.EapSessionConfig.EapAkaConfig;
+import android.net.eap.EapSessionConfig.EapAkaConfig;
import android.telephony.TelephonyManager;
-import com.android.internal.net.eap.test.EapResult.EapError;
-import com.android.internal.net.eap.test.EapResult.EapResponse;
-import com.android.internal.net.eap.test.exceptions.EapInvalidRequestException;
-import com.android.internal.net.eap.test.message.EapData;
-import com.android.internal.net.eap.test.message.EapMessage;
-import com.android.internal.net.eap.test.message.simaka.EapAkaTypeData;
-import com.android.internal.net.eap.test.message.simaka.EapAkaTypeData.EapAkaTypeDataDecoder;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtAnyIdReq;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtNotification;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaTypeData.DecodeResult;
-import com.android.internal.net.eap.test.statemachine.EapAkaMethodStateMachine.CreatedState;
+import com.android.internal.net.eap.EapResult.EapError;
+import com.android.internal.net.eap.EapResult.EapResponse;
+import com.android.internal.net.eap.exceptions.EapInvalidRequestException;
+import com.android.internal.net.eap.message.EapData;
+import com.android.internal.net.eap.message.EapMessage;
+import com.android.internal.net.eap.message.simaka.EapAkaTypeData;
+import com.android.internal.net.eap.message.simaka.EapAkaTypeData.EapAkaTypeDataDecoder;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtAnyIdReq;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtNotification;
+import com.android.internal.net.eap.message.simaka.EapSimAkaTypeData.DecodeResult;
+import com.android.internal.net.eap.statemachine.EapAkaMethodStateMachine.CreatedState;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaPrimeChallengeStateTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaPrimeChallengeStateTest.java
index dc082ed..1586e65 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaPrimeChallengeStateTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaPrimeChallengeStateTest.java
@@ -14,26 +14,26 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.statemachine;
+package com.android.internal.net.eap.statemachine;
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_AKA_PRIME;
import static android.telephony.TelephonyManager.APPTYPE_USIM;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_REQUEST;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.CK_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_AKA_PRIME_AUTHENTICATION_REJECT;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_AKA_PRIME_IDENTITY_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_AKA_PRIME_IDENTITY_RESPONSE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.ID_INT;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.IK_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.IMSI;
-import static com.android.internal.net.eap.test.message.simaka.EapAkaTypeData.EAP_AKA_CHALLENGE;
-import static com.android.internal.net.eap.test.message.simaka.EapAkaTypeData.EAP_AKA_IDENTITY;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AUTN_BYTES;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.MAC_BYTES;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.RAND_1_BYTES;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.RES_BYTES;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_AKA_PRIME;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_REQUEST;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.CK_BYTES;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_AKA_PRIME_AUTHENTICATION_REJECT;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_AKA_PRIME_IDENTITY_BYTES;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_AKA_PRIME_IDENTITY_RESPONSE;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.ID_INT;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.IK_BYTES;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.IMSI;
+import static com.android.internal.net.eap.message.simaka.EapAkaTypeData.EAP_AKA_CHALLENGE;
+import static com.android.internal.net.eap.message.simaka.EapAkaTypeData.EAP_AKA_IDENTITY;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AUTN_BYTES;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.MAC_BYTES;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.RAND_1_BYTES;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.RES_BYTES;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertFalse;
@@ -44,22 +44,22 @@
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
-import android.net.eap.test.EapSessionConfig;
+import android.net.eap.EapSessionConfig;
-import com.android.internal.net.eap.test.EapResult.EapResponse;
-import com.android.internal.net.eap.test.message.EapData;
-import com.android.internal.net.eap.test.message.EapMessage;
-import com.android.internal.net.eap.test.message.simaka.EapAkaPrimeTypeData;
-import com.android.internal.net.eap.test.message.simaka.EapAkaTypeData;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtAnyIdReq;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtAutn;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtKdf;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtKdfInput;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtMac;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtRandAka;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaTypeData.DecodeResult;
-import com.android.internal.net.eap.test.statemachine.EapAkaMethodStateMachine.ChallengeState.RandChallengeResult;
-import com.android.internal.net.eap.test.statemachine.EapAkaPrimeMethodStateMachine.ChallengeState;
+import com.android.internal.net.eap.EapResult.EapResponse;
+import com.android.internal.net.eap.message.EapData;
+import com.android.internal.net.eap.message.EapMessage;
+import com.android.internal.net.eap.message.simaka.EapAkaPrimeTypeData;
+import com.android.internal.net.eap.message.simaka.EapAkaTypeData;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtAnyIdReq;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtAutn;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtKdf;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtKdfInput;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtMac;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtRandAka;
+import com.android.internal.net.eap.message.simaka.EapSimAkaTypeData.DecodeResult;
+import com.android.internal.net.eap.statemachine.EapAkaMethodStateMachine.ChallengeState.RandChallengeResult;
+import com.android.internal.net.eap.statemachine.EapAkaPrimeMethodStateMachine.ChallengeState;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaPrimeCreatedStateTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaPrimeCreatedStateTest.java
index bb6e402..8243c60 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaPrimeCreatedStateTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaPrimeCreatedStateTest.java
@@ -14,14 +14,13 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.statemachine;
+package com.android.internal.net.eap.statemachine;
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_AKA_PRIME;
-
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_REQUEST;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.ID_INT;
-import static com.android.internal.net.eap.test.message.simaka.EapAkaTypeData.EAP_AKA_CHALLENGE;
-import static com.android.internal.net.eap.test.message.simaka.EapAkaTypeData.EAP_AKA_IDENTITY;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_AKA_PRIME;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_REQUEST;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.ID_INT;
+import static com.android.internal.net.eap.message.simaka.EapAkaTypeData.EAP_AKA_CHALLENGE;
+import static com.android.internal.net.eap.message.simaka.EapAkaTypeData.EAP_AKA_IDENTITY;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertTrue;
@@ -31,12 +30,12 @@
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
-import com.android.internal.net.eap.test.message.EapData;
-import com.android.internal.net.eap.test.message.EapMessage;
-import com.android.internal.net.eap.test.message.simaka.EapAkaPrimeTypeData;
-import com.android.internal.net.eap.test.message.simaka.EapAkaTypeData;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaTypeData.DecodeResult;
-import com.android.internal.net.eap.test.statemachine.EapAkaPrimeMethodStateMachine.ChallengeState;
+import com.android.internal.net.eap.message.EapData;
+import com.android.internal.net.eap.message.EapMessage;
+import com.android.internal.net.eap.message.simaka.EapAkaPrimeTypeData;
+import com.android.internal.net.eap.message.simaka.EapAkaTypeData;
+import com.android.internal.net.eap.message.simaka.EapSimAkaTypeData.DecodeResult;
+import com.android.internal.net.eap.statemachine.EapAkaPrimeMethodStateMachine.ChallengeState;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaPrimeIdentityStateTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaPrimeIdentityStateTest.java
index bee8553..6046ec2 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaPrimeIdentityStateTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaPrimeIdentityStateTest.java
@@ -14,16 +14,15 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.statemachine;
+package com.android.internal.net.eap.statemachine;
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_AKA_PRIME;
-
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_REQUEST;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_AKA_PRIME_IDENTITY_RESPONSE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.ID_INT;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.IMSI;
-import static com.android.internal.net.eap.test.message.simaka.EapAkaTypeData.EAP_AKA_CHALLENGE;
-import static com.android.internal.net.eap.test.message.simaka.EapAkaTypeData.EAP_AKA_IDENTITY;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_AKA_PRIME;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_REQUEST;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_AKA_PRIME_IDENTITY_RESPONSE;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.ID_INT;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.IMSI;
+import static com.android.internal.net.eap.message.simaka.EapAkaTypeData.EAP_AKA_CHALLENGE;
+import static com.android.internal.net.eap.message.simaka.EapAkaTypeData.EAP_AKA_IDENTITY;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertTrue;
@@ -33,14 +32,14 @@
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
-import com.android.internal.net.eap.test.EapResult.EapResponse;
-import com.android.internal.net.eap.test.message.EapData;
-import com.android.internal.net.eap.test.message.EapMessage;
-import com.android.internal.net.eap.test.message.simaka.EapAkaPrimeTypeData;
-import com.android.internal.net.eap.test.message.simaka.EapAkaTypeData;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtAnyIdReq;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaTypeData.DecodeResult;
-import com.android.internal.net.eap.test.statemachine.EapAkaPrimeMethodStateMachine.ChallengeState;
+import com.android.internal.net.eap.EapResult.EapResponse;
+import com.android.internal.net.eap.message.EapData;
+import com.android.internal.net.eap.message.EapMessage;
+import com.android.internal.net.eap.message.simaka.EapAkaPrimeTypeData;
+import com.android.internal.net.eap.message.simaka.EapAkaTypeData;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtAnyIdReq;
+import com.android.internal.net.eap.message.simaka.EapSimAkaTypeData.DecodeResult;
+import com.android.internal.net.eap.statemachine.EapAkaPrimeMethodStateMachine.ChallengeState;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaPrimeMethodStateMachineTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaPrimeMethodStateMachineTest.java
index ae90083..125b323 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaPrimeMethodStateMachineTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaPrimeMethodStateMachineTest.java
@@ -14,27 +14,26 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.statemachine;
-
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_AKA_PRIME;
+package com.android.internal.net.eap.statemachine;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_REQUEST;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.ID_INT;
-import static com.android.internal.net.eap.test.message.simaka.EapAkaTypeData.EAP_AKA_CHALLENGE;
-import static com.android.internal.net.eap.test.statemachine.EapAkaPrimeMethodStateMachine.K_AUT_LEN;
-import static com.android.internal.net.eap.test.statemachine.EapAkaPrimeMethodStateMachine.K_RE_LEN;
-import static com.android.internal.net.eap.test.statemachine.EapSimAkaMethodStateMachine.KEY_LEN;
-import static com.android.internal.net.eap.test.statemachine.EapSimAkaMethodStateMachine.SESSION_KEY_LENGTH;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_AKA_PRIME;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_REQUEST;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.ID_INT;
+import static com.android.internal.net.eap.message.simaka.EapAkaTypeData.EAP_AKA_CHALLENGE;
+import static com.android.internal.net.eap.statemachine.EapAkaPrimeMethodStateMachine.K_AUT_LEN;
+import static com.android.internal.net.eap.statemachine.EapAkaPrimeMethodStateMachine.K_RE_LEN;
+import static com.android.internal.net.eap.statemachine.EapSimAkaMethodStateMachine.KEY_LEN;
+import static com.android.internal.net.eap.statemachine.EapSimAkaMethodStateMachine.SESSION_KEY_LENGTH;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
-import com.android.internal.net.eap.test.message.EapData;
-import com.android.internal.net.eap.test.message.EapMessage;
-import com.android.internal.net.eap.test.message.simaka.EapAkaPrimeTypeData;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtMac;
-import com.android.internal.net.eap.test.statemachine.EapAkaMethodStateMachine.CreatedState;
+import com.android.internal.net.eap.message.EapData;
+import com.android.internal.net.eap.message.EapMessage;
+import com.android.internal.net.eap.message.simaka.EapAkaPrimeTypeData;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtMac;
+import com.android.internal.net.eap.statemachine.EapAkaMethodStateMachine.CreatedState;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaPrimeStateTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaPrimeStateTest.java
index b955c42..ac71556 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaPrimeStateTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaPrimeStateTest.java
@@ -14,17 +14,16 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.statemachine;
+package com.android.internal.net.eap.statemachine;
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_AKA_PRIME;
-
-import static com.android.internal.net.eap.test.message.EapData.EAP_NOTIFICATION;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_FAILURE;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_REQUEST;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_SUCCESS;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_AKA_PRIME_CLIENT_ERROR_UNABLE_TO_PROCESS;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_RESPONSE_NOTIFICATION_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.ID_INT;
+import static com.android.internal.net.eap.message.EapData.EAP_NOTIFICATION;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_AKA_PRIME;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_FAILURE;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_REQUEST;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_SUCCESS;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_AKA_PRIME_CLIENT_ERROR_UNABLE_TO_PROCESS;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_RESPONSE_NOTIFICATION_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.ID_INT;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -34,18 +33,18 @@
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
-import com.android.internal.net.eap.test.EapResult;
-import com.android.internal.net.eap.test.EapResult.EapError;
-import com.android.internal.net.eap.test.EapResult.EapFailure;
-import com.android.internal.net.eap.test.EapResult.EapResponse;
-import com.android.internal.net.eap.test.exceptions.EapInvalidRequestException;
-import com.android.internal.net.eap.test.message.EapData;
-import com.android.internal.net.eap.test.message.EapMessage;
-import com.android.internal.net.eap.test.message.simaka.EapAkaTypeData;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtClientErrorCode;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaTypeData.DecodeResult;
-import com.android.internal.net.eap.test.statemachine.EapMethodStateMachine.EapMethodState;
-import com.android.internal.net.eap.test.statemachine.EapMethodStateMachine.FinalState;
+import com.android.internal.net.eap.EapResult;
+import com.android.internal.net.eap.EapResult.EapError;
+import com.android.internal.net.eap.EapResult.EapFailure;
+import com.android.internal.net.eap.EapResult.EapResponse;
+import com.android.internal.net.eap.exceptions.EapInvalidRequestException;
+import com.android.internal.net.eap.message.EapData;
+import com.android.internal.net.eap.message.EapMessage;
+import com.android.internal.net.eap.message.simaka.EapAkaTypeData;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtClientErrorCode;
+import com.android.internal.net.eap.message.simaka.EapSimAkaTypeData.DecodeResult;
+import com.android.internal.net.eap.statemachine.EapMethodStateMachine.EapMethodState;
+import com.android.internal.net.eap.statemachine.EapMethodStateMachine.FinalState;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaPrimeTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaPrimeTest.java
index d8217db..b1192a8 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaPrimeTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaPrimeTest.java
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.statemachine;
+package com.android.internal.net.eap.statemachine;
import static android.telephony.TelephonyManager.APPTYPE_USIM;
@@ -26,10 +26,10 @@
import static org.mockito.Mockito.verify;
import android.content.Context;
-import android.net.eap.test.EapSessionConfig.EapAkaPrimeConfig;
+import android.net.eap.EapSessionConfig.EapAkaPrimeConfig;
import android.telephony.TelephonyManager;
-import com.android.internal.net.eap.test.message.simaka.EapAkaPrimeTypeData;
+import com.android.internal.net.eap.message.simaka.EapAkaPrimeTypeData;
import org.junit.Before;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaStateTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaStateTest.java
index 9bb79e6..69b0f0f 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaStateTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapAkaStateTest.java
@@ -14,20 +14,20 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.statemachine;
+package com.android.internal.net.eap.statemachine;
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_AKA;
import static android.telephony.TelephonyManager.APPTYPE_USIM;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
-import static com.android.internal.net.eap.test.message.EapData.EAP_NOTIFICATION;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_REQUEST;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_AKA_CLIENT_ERROR_UNABLE_TO_PROCESS;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_AKA_NOTIFICATION_RESPONSE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_RESPONSE_NOTIFICATION_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.ID_INT;
-import static com.android.internal.net.eap.test.message.simaka.EapAkaTypeData.EAP_AKA_NOTIFICATION;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtNotification.GENERAL_FAILURE_PRE_CHALLENGE;
+import static com.android.internal.net.eap.message.EapData.EAP_NOTIFICATION;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_AKA;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_REQUEST;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_AKA_CLIENT_ERROR_UNABLE_TO_PROCESS;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_AKA_NOTIFICATION_RESPONSE;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_RESPONSE_NOTIFICATION_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.ID_INT;
+import static com.android.internal.net.eap.message.simaka.EapAkaTypeData.EAP_AKA_NOTIFICATION;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtNotification.GENERAL_FAILURE_PRE_CHALLENGE;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -38,19 +38,19 @@
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
-import android.net.eap.test.EapSessionConfig.EapAkaConfig;
+import android.net.eap.EapSessionConfig.EapAkaConfig;
import android.telephony.TelephonyManager;
-import com.android.internal.net.eap.test.EapResult;
-import com.android.internal.net.eap.test.EapResult.EapResponse;
-import com.android.internal.net.eap.test.message.EapData;
-import com.android.internal.net.eap.test.message.EapMessage;
-import com.android.internal.net.eap.test.message.simaka.EapAkaTypeData;
-import com.android.internal.net.eap.test.message.simaka.EapAkaTypeData.EapAkaTypeDataDecoder;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtClientErrorCode;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtNotification;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaTypeData.DecodeResult;
-import com.android.internal.net.eap.test.statemachine.EapMethodStateMachine.EapMethodState;
+import com.android.internal.net.eap.EapResult;
+import com.android.internal.net.eap.EapResult.EapResponse;
+import com.android.internal.net.eap.message.EapData;
+import com.android.internal.net.eap.message.EapMessage;
+import com.android.internal.net.eap.message.simaka.EapAkaTypeData;
+import com.android.internal.net.eap.message.simaka.EapAkaTypeData.EapAkaTypeDataDecoder;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtClientErrorCode;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtNotification;
+import com.android.internal.net.eap.message.simaka.EapSimAkaTypeData.DecodeResult;
+import com.android.internal.net.eap.statemachine.EapMethodStateMachine.EapMethodState;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2AwaitingEapFailureStateTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2AwaitingEapFailureStateTest.java
index 2515295..1dd60c0 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2AwaitingEapFailureStateTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2AwaitingEapFailureStateTest.java
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.statemachine;
+package com.android.internal.net.eap.statemachine;
import org.junit.Before;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2AwaitingEapSuccessStateTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2AwaitingEapSuccessStateTest.java
index ce7e28f..0de0444 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2AwaitingEapSuccessStateTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2AwaitingEapSuccessStateTest.java
@@ -14,21 +14,21 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.statemachine;
+package com.android.internal.net.eap.statemachine;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_SUCCESS;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.ID_INT;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_EMSK;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_MSK;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_NT_RESPONSE;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_SUCCESS;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.ID_INT;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSCHAP_V2_EMSK;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSCHAP_V2_MSK;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSCHAP_V2_NT_RESPONSE;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertTrue;
-import com.android.internal.net.eap.test.EapResult;
-import com.android.internal.net.eap.test.EapResult.EapSuccess;
-import com.android.internal.net.eap.test.message.EapMessage;
-import com.android.internal.net.eap.test.statemachine.EapMethodStateMachine.FinalState;
+import com.android.internal.net.eap.EapResult;
+import com.android.internal.net.eap.EapResult.EapSuccess;
+import com.android.internal.net.eap.message.EapMessage;
+import com.android.internal.net.eap.statemachine.EapMethodStateMachine.FinalState;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2ChallengeStateTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2ChallengeStateTest.java
index 85e4134..57109ab 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2ChallengeStateTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2ChallengeStateTest.java
@@ -14,19 +14,18 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.statemachine;
+package com.android.internal.net.eap.statemachine;
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_MSCHAP_V2;
-
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_REQUEST;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_MSCHAP_V2_CHALLENGE_RESPONSE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.ID_INT;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_AUTHENTICATOR_CHALLENGE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_ID_INT;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_PEER_CHALLENGE;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.SERVER_NAME_BYTES;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2ChallengeRequest.TYPE_DATA_HEADER_SIZE;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2ChallengeRequest.VALUE_SIZE;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_MSCHAP_V2;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_REQUEST;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_MSCHAP_V2_CHALLENGE_RESPONSE;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.ID_INT;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSCHAP_V2_AUTHENTICATOR_CHALLENGE;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSCHAP_V2_ID_INT;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSCHAP_V2_PEER_CHALLENGE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.SERVER_NAME_BYTES;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2ChallengeRequest.TYPE_DATA_HEADER_SIZE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2ChallengeRequest.VALUE_SIZE;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertTrue;
@@ -37,15 +36,15 @@
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
-import com.android.internal.net.eap.test.EapResult;
-import com.android.internal.net.eap.test.EapResult.EapError;
-import com.android.internal.net.eap.test.EapResult.EapResponse;
-import com.android.internal.net.eap.test.exceptions.mschapv2.EapMsChapV2ParsingException;
-import com.android.internal.net.eap.test.message.EapData;
-import com.android.internal.net.eap.test.message.EapMessage;
-import com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2ChallengeRequest;
-import com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2TypeDataDecoder.DecodeResult;
-import com.android.internal.net.eap.test.statemachine.EapMsChapV2MethodStateMachine.ValidateAuthenticatorState;
+import com.android.internal.net.eap.EapResult;
+import com.android.internal.net.eap.EapResult.EapError;
+import com.android.internal.net.eap.EapResult.EapResponse;
+import com.android.internal.net.eap.exceptions.mschapv2.EapMsChapV2ParsingException;
+import com.android.internal.net.eap.message.EapData;
+import com.android.internal.net.eap.message.EapMessage;
+import com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2ChallengeRequest;
+import com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2TypeDataDecoder.DecodeResult;
+import com.android.internal.net.eap.statemachine.EapMsChapV2MethodStateMachine.ValidateAuthenticatorState;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2CreatedStateTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2CreatedStateTest.java
index 5814616..633e0eb 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2CreatedStateTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2CreatedStateTest.java
@@ -14,14 +14,13 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.statemachine;
+package com.android.internal.net.eap.statemachine;
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_MSCHAP_V2;
-
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_REQUEST;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.ID_INT;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.CHALLENGE_BYTES;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.SERVER_NAME_BYTES;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_MSCHAP_V2;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_REQUEST;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.ID_INT;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.CHALLENGE_BYTES;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.SERVER_NAME_BYTES;
import static org.junit.Assert.assertTrue;
import static org.mockito.ArgumentMatchers.any;
@@ -30,14 +29,14 @@
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
-import com.android.internal.net.eap.test.EapResult;
-import com.android.internal.net.eap.test.EapResult.EapError;
-import com.android.internal.net.eap.test.exceptions.mschapv2.EapMsChapV2ParsingException;
-import com.android.internal.net.eap.test.message.EapData;
-import com.android.internal.net.eap.test.message.EapMessage;
-import com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2ChallengeRequest;
-import com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2TypeDataDecoder.DecodeResult;
-import com.android.internal.net.eap.test.statemachine.EapMsChapV2MethodStateMachine.ValidateAuthenticatorState;
+import com.android.internal.net.eap.EapResult;
+import com.android.internal.net.eap.EapResult.EapError;
+import com.android.internal.net.eap.exceptions.mschapv2.EapMsChapV2ParsingException;
+import com.android.internal.net.eap.message.EapData;
+import com.android.internal.net.eap.message.EapMessage;
+import com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2ChallengeRequest;
+import com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2TypeDataDecoder.DecodeResult;
+import com.android.internal.net.eap.statemachine.EapMsChapV2MethodStateMachine.ValidateAuthenticatorState;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2MethodStateMachineTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2MethodStateMachineTest.java
index 8f0b4b2..b24c3f8 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2MethodStateMachineTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2MethodStateMachineTest.java
@@ -14,34 +14,33 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.statemachine;
+package com.android.internal.net.eap.statemachine;
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_MSCHAP_V2;
-
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_AUTHENTICATOR_CHALLENGE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_AUTHENTICATOR_RESPONSE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_CHALLENGE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_MASTER_KEY;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_MSK;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_NT_RESPONSE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_PASSWORD;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_PASSWORD_HASH;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_PASSWORD_HASH_HASH;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_PASSWORD_UTF_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_PEER_CHALLENGE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_RECEIVE_START_KEY;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_SEND_START_KEY;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_USERNAME;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_USERNAME_ASCII_BYTES;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_MSCHAP_V2;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSCHAP_V2_AUTHENTICATOR_CHALLENGE;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSCHAP_V2_AUTHENTICATOR_RESPONSE;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSCHAP_V2_CHALLENGE;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSCHAP_V2_MASTER_KEY;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSCHAP_V2_MSK;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSCHAP_V2_NT_RESPONSE;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSCHAP_V2_PASSWORD;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSCHAP_V2_PASSWORD_HASH;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSCHAP_V2_PASSWORD_HASH_HASH;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSCHAP_V2_PASSWORD_UTF_BYTES;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSCHAP_V2_PEER_CHALLENGE;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSCHAP_V2_RECEIVE_START_KEY;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSCHAP_V2_SEND_START_KEY;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSCHAP_V2_USERNAME;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSCHAP_V2_USERNAME_ASCII_BYTES;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
-import android.net.eap.test.EapSessionConfig.EapMsChapV2Config;
+import android.net.eap.EapSessionConfig.EapMsChapV2Config;
-import com.android.internal.net.eap.test.statemachine.EapMsChapV2MethodStateMachine.CreatedState;
-import com.android.internal.net.utils.test.Log;
+import com.android.internal.net.eap.statemachine.EapMsChapV2MethodStateMachine.CreatedState;
+import com.android.internal.net.utils.Log;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2StateTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2StateTest.java
index 5e92c08..1e4a0c5 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2StateTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2StateTest.java
@@ -14,35 +14,35 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.statemachine;
+package com.android.internal.net.eap.statemachine;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
-import static com.android.internal.net.eap.test.message.EapData.EAP_NOTIFICATION;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_FAILURE;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_REQUEST;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_SUCCESS;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_RESPONSE_NOTIFICATION_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.ID_INT;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_PASSWORD;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_USERNAME;
+import static com.android.internal.net.eap.message.EapData.EAP_NOTIFICATION;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_FAILURE;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_REQUEST;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_SUCCESS;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_RESPONSE_NOTIFICATION_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.ID_INT;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSCHAP_V2_PASSWORD;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSCHAP_V2_USERNAME;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.mockito.Mockito.mock;
-import android.net.eap.test.EapSessionConfig.EapMsChapV2Config;
+import android.net.eap.EapSessionConfig.EapMsChapV2Config;
-import com.android.internal.net.eap.test.EapResult;
-import com.android.internal.net.eap.test.EapResult.EapError;
-import com.android.internal.net.eap.test.EapResult.EapFailure;
-import com.android.internal.net.eap.test.EapResult.EapResponse;
-import com.android.internal.net.eap.test.exceptions.EapInvalidRequestException;
-import com.android.internal.net.eap.test.message.EapData;
-import com.android.internal.net.eap.test.message.EapMessage;
-import com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2TypeDataDecoder;
-import com.android.internal.net.eap.test.statemachine.EapMethodStateMachine.EapMethodState;
-import com.android.internal.net.eap.test.statemachine.EapMethodStateMachine.FinalState;
+import com.android.internal.net.eap.EapResult;
+import com.android.internal.net.eap.EapResult.EapError;
+import com.android.internal.net.eap.EapResult.EapFailure;
+import com.android.internal.net.eap.EapResult.EapResponse;
+import com.android.internal.net.eap.exceptions.EapInvalidRequestException;
+import com.android.internal.net.eap.message.EapData;
+import com.android.internal.net.eap.message.EapMessage;
+import com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2TypeDataDecoder;
+import com.android.internal.net.eap.statemachine.EapMethodStateMachine.EapMethodState;
+import com.android.internal.net.eap.statemachine.EapMethodStateMachine.FinalState;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2ValidateAuthenticatorStateTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2ValidateAuthenticatorStateTest.java
index d1ac926..7c4440d 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2ValidateAuthenticatorStateTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapMsChapV2ValidateAuthenticatorStateTest.java
@@ -14,27 +14,26 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.statemachine;
+package com.android.internal.net.eap.statemachine;
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_MSCHAP_V2;
-
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_REQUEST;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_MSCHAP_V2_FAILURE_RESPONSE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_MSCHAP_V2_SUCCESS_RESPONSE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.ID_INT;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.INVALID_AUTHENTICATOR_RESPONSE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_AUTHENTICATOR_CHALLENGE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_AUTHENTICATOR_RESPONSE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_ID_INT;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_NT_RESPONSE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_PEER_CHALLENGE;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.CHALLENGE_BYTES;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.ERROR_CODE;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.MESSAGE;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.PASSWORD_CHANGE_PROTOCOL;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2PacketDefinitions.RETRY_BIT;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EAP_MSCHAP_V2_FAILURE;
-import static com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EAP_MSCHAP_V2_SUCCESS;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_MSCHAP_V2;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_REQUEST;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_MSCHAP_V2_FAILURE_RESPONSE;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_MSCHAP_V2_SUCCESS_RESPONSE;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.ID_INT;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.INVALID_AUTHENTICATOR_RESPONSE;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSCHAP_V2_AUTHENTICATOR_CHALLENGE;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSCHAP_V2_AUTHENTICATOR_RESPONSE;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSCHAP_V2_ID_INT;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSCHAP_V2_NT_RESPONSE;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSCHAP_V2_PEER_CHALLENGE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.CHALLENGE_BYTES;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.ERROR_CODE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.MESSAGE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.PASSWORD_CHANGE_PROTOCOL;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2PacketDefinitions.RETRY_BIT;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EAP_MSCHAP_V2_FAILURE;
+import static com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EAP_MSCHAP_V2_SUCCESS;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertTrue;
@@ -44,19 +43,19 @@
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
-import com.android.internal.net.eap.test.EapResult;
-import com.android.internal.net.eap.test.EapResult.EapError;
-import com.android.internal.net.eap.test.EapResult.EapFailure;
-import com.android.internal.net.eap.test.EapResult.EapResponse;
-import com.android.internal.net.eap.test.exceptions.EapInvalidRequestException;
-import com.android.internal.net.eap.test.message.EapData;
-import com.android.internal.net.eap.test.message.EapMessage;
-import com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2FailureRequest;
-import com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2SuccessRequest;
-import com.android.internal.net.eap.test.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2TypeDataDecoder.DecodeResult;
-import com.android.internal.net.eap.test.statemachine.EapMethodStateMachine.FinalState;
-import com.android.internal.net.eap.test.statemachine.EapMsChapV2MethodStateMachine.AwaitingEapFailureState;
-import com.android.internal.net.eap.test.statemachine.EapMsChapV2MethodStateMachine.AwaitingEapSuccessState;
+import com.android.internal.net.eap.EapResult;
+import com.android.internal.net.eap.EapResult.EapError;
+import com.android.internal.net.eap.EapResult.EapFailure;
+import com.android.internal.net.eap.EapResult.EapResponse;
+import com.android.internal.net.eap.exceptions.EapInvalidRequestException;
+import com.android.internal.net.eap.message.EapData;
+import com.android.internal.net.eap.message.EapMessage;
+import com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2FailureRequest;
+import com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2SuccessRequest;
+import com.android.internal.net.eap.message.mschapv2.EapMsChapV2TypeData.EapMsChapV2TypeDataDecoder.DecodeResult;
+import com.android.internal.net.eap.statemachine.EapMethodStateMachine.FinalState;
+import com.android.internal.net.eap.statemachine.EapMsChapV2MethodStateMachine.AwaitingEapFailureState;
+import com.android.internal.net.eap.statemachine.EapMsChapV2MethodStateMachine.AwaitingEapSuccessState;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapSimAkaMethodStateMachineTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapSimAkaMethodStateMachineTest.java
index 758f5d5..686555b 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapSimAkaMethodStateMachineTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapSimAkaMethodStateMachineTest.java
@@ -14,62 +14,61 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.statemachine;
-
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_AKA;
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_SIM;
+package com.android.internal.net.eap.statemachine;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_REQUEST;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.COMPUTED_MAC;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_SIM_CHALLENGE_RESPONSE_MAC_INPUT;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_SIM_CHALLENGE_RESPONSE_WITH_MAC;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_SIM_CLIENT_ERROR_RESPONSE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_SIM_CLIENT_ERROR_UNABLE_TO_PROCESS;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_SIM_IDENTITY;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_SIM_NOTIFICATION_REQUEST_WITH_EMPTY_MAC;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_SIM_NOTIFICATION_RESPONSE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_SIM_NOTIFICATION_RESPONSE_WITH_EMPTY_MAC;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_SIM_NOTIFICATION_RESPONSE_WITH_MAC;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_SIM_RESPONSE_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EMSK;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EMSK_STRING;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.ID_INT;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.KC_1;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.KC_2;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.K_AUT;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.K_AUT_STRING;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.K_ENCR;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.K_ENCR_STRING;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MAC_INPUT;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MK;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSK;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSK_STRING;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.ORIGINAL_MAC;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.SRES_1;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.SRES_BYTES;
-import static com.android.internal.net.eap.test.message.simaka.EapAkaTypeData.EAP_AKA_CHALLENGE;
-import static com.android.internal.net.eap.test.message.simaka.EapAkaTypeData.EAP_AKA_CLIENT_ERROR;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtNotification.GENERAL_FAILURE_POST_CHALLENGE;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtNotification.GENERAL_FAILURE_PRE_CHALLENGE;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_CHECKCODE;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_ENCR_DATA;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_IV;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_MAC;
-import static com.android.internal.net.eap.test.message.simaka.EapSimTypeData.EAP_SIM_CHALLENGE;
-import static com.android.internal.net.eap.test.message.simaka.EapSimTypeData.EAP_SIM_CLIENT_ERROR;
-import static com.android.internal.net.eap.test.message.simaka.EapSimTypeData.EAP_SIM_NOTIFICATION;
-import static com.android.internal.net.eap.test.message.simaka.EapSimTypeData.EAP_SIM_START;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.AT_IDENTITY;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.IDENTITY;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.NONCE_MT;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.NONCE_MT_STRING;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.RAND_1_BYTES;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.RAND_2_BYTES;
-import static com.android.internal.net.eap.test.statemachine.EapSimAkaMethodStateMachine.KEY_LEN;
-import static com.android.internal.net.eap.test.statemachine.EapSimAkaMethodStateMachine.MAC_ALGORITHM_STRING;
-import static com.android.internal.net.eap.test.statemachine.EapSimAkaMethodStateMachine.MASTER_KEY_GENERATION_ALG;
-import static com.android.internal.net.eap.test.statemachine.EapSimAkaMethodStateMachine.SESSION_KEY_LENGTH;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_AKA;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_SIM;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_REQUEST;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.COMPUTED_MAC;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_SIM_CHALLENGE_RESPONSE_MAC_INPUT;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_SIM_CHALLENGE_RESPONSE_WITH_MAC;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_SIM_CLIENT_ERROR_RESPONSE;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_SIM_CLIENT_ERROR_UNABLE_TO_PROCESS;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_SIM_IDENTITY;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_SIM_NOTIFICATION_REQUEST_WITH_EMPTY_MAC;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_SIM_NOTIFICATION_RESPONSE;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_SIM_NOTIFICATION_RESPONSE_WITH_EMPTY_MAC;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_SIM_NOTIFICATION_RESPONSE_WITH_MAC;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_SIM_RESPONSE_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EMSK;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EMSK_STRING;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.ID_INT;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.KC_1;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.KC_2;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.K_AUT;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.K_AUT_STRING;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.K_ENCR;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.K_ENCR_STRING;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MAC_INPUT;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MK;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSK;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSK_STRING;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.ORIGINAL_MAC;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.SRES_1;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.SRES_BYTES;
+import static com.android.internal.net.eap.message.simaka.EapAkaTypeData.EAP_AKA_CHALLENGE;
+import static com.android.internal.net.eap.message.simaka.EapAkaTypeData.EAP_AKA_CLIENT_ERROR;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtNotification.GENERAL_FAILURE_POST_CHALLENGE;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtNotification.GENERAL_FAILURE_PRE_CHALLENGE;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_CHECKCODE;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_ENCR_DATA;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_IV;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_MAC;
+import static com.android.internal.net.eap.message.simaka.EapSimTypeData.EAP_SIM_CHALLENGE;
+import static com.android.internal.net.eap.message.simaka.EapSimTypeData.EAP_SIM_CLIENT_ERROR;
+import static com.android.internal.net.eap.message.simaka.EapSimTypeData.EAP_SIM_NOTIFICATION;
+import static com.android.internal.net.eap.message.simaka.EapSimTypeData.EAP_SIM_START;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.AT_IDENTITY;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.IDENTITY;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.NONCE_MT;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.NONCE_MT_STRING;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.RAND_1_BYTES;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.RAND_2_BYTES;
+import static com.android.internal.net.eap.statemachine.EapSimAkaMethodStateMachine.KEY_LEN;
+import static com.android.internal.net.eap.statemachine.EapSimAkaMethodStateMachine.MAC_ALGORITHM_STRING;
+import static com.android.internal.net.eap.statemachine.EapSimAkaMethodStateMachine.MASTER_KEY_GENERATION_ALG;
+import static com.android.internal.net.eap.statemachine.EapSimAkaMethodStateMachine.SESSION_KEY_LENGTH;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -87,32 +86,32 @@
import static org.mockito.Mockito.verifyNoMoreInteractions;
import static org.mockito.Mockito.when;
-import android.net.eap.test.EapSessionConfig.EapAkaConfig;
-import android.net.eap.test.EapSessionConfig.EapSimConfig;
+import android.net.eap.EapSessionConfig.EapAkaConfig;
+import android.net.eap.EapSessionConfig.EapSimConfig;
import android.telephony.TelephonyManager;
-import com.android.internal.net.eap.test.EapResult;
-import com.android.internal.net.eap.test.EapResult.EapError;
-import com.android.internal.net.eap.test.EapResult.EapResponse;
-import com.android.internal.net.eap.test.crypto.Fips186_2Prf;
-import com.android.internal.net.eap.test.exceptions.EapInvalidRequestException;
-import com.android.internal.net.eap.test.exceptions.simaka.EapSimAkaAuthenticationFailureException;
-import com.android.internal.net.eap.test.message.EapData;
-import com.android.internal.net.eap.test.message.EapMessage;
-import com.android.internal.net.eap.test.message.simaka.EapAkaTypeData;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtAutn;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtClientErrorCode;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtIdentity;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtMac;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtNotification;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtRandAka;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtRandSim;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtSelectedVersion;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EapSimAkaUnsupportedAttribute;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaTypeData;
-import com.android.internal.net.eap.test.message.simaka.EapSimTypeData;
-import com.android.internal.net.eap.test.statemachine.EapMethodStateMachine.EapMethodState;
+import com.android.internal.net.eap.EapResult;
+import com.android.internal.net.eap.EapResult.EapError;
+import com.android.internal.net.eap.EapResult.EapResponse;
+import com.android.internal.net.eap.crypto.Fips186_2Prf;
+import com.android.internal.net.eap.exceptions.EapInvalidRequestException;
+import com.android.internal.net.eap.exceptions.simaka.EapSimAkaAuthenticationFailureException;
+import com.android.internal.net.eap.message.EapData;
+import com.android.internal.net.eap.message.EapMessage;
+import com.android.internal.net.eap.message.simaka.EapAkaTypeData;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtAutn;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtClientErrorCode;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtIdentity;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtMac;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtNotification;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtRandAka;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtRandSim;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtSelectedVersion;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EapSimAkaUnsupportedAttribute;
+import com.android.internal.net.eap.message.simaka.EapSimAkaTypeData;
+import com.android.internal.net.eap.message.simaka.EapSimTypeData;
+import com.android.internal.net.eap.statemachine.EapMethodStateMachine.EapMethodState;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapSimChallengeStateTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapSimChallengeStateTest.java
index 115cf23..ed0e023 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapSimChallengeStateTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapSimChallengeStateTest.java
@@ -14,34 +14,33 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.statemachine;
-
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_SIM;
+package com.android.internal.net.eap.statemachine;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
-import static com.android.internal.net.eap.test.message.EapData.EAP_IDENTITY;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_FAILURE;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_REQUEST;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_SUCCESS;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.CHALLENGE_RESPONSE_INVALID_KC;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.CHALLENGE_RESPONSE_INVALID_SRES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_SIM_IDENTITY_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EMSK;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.ID_INT;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.KC_1_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.KC_2_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSK;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.SRES_1_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.SRES_2_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.VALID_CHALLENGE_RESPONSE;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_MAC;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_RAND;
-import static com.android.internal.net.eap.test.message.simaka.EapSimTypeData.EAP_SIM_CHALLENGE;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.NONCE_MT;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.RAND_1;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.RAND_1_BYTES;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.RAND_2;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.RAND_2_BYTES;
+import static com.android.internal.net.eap.message.EapData.EAP_IDENTITY;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_SIM;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_FAILURE;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_REQUEST;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_SUCCESS;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.CHALLENGE_RESPONSE_INVALID_KC;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.CHALLENGE_RESPONSE_INVALID_SRES;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_SIM_IDENTITY_BYTES;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EMSK;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.ID_INT;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.KC_1_BYTES;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.KC_2_BYTES;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSK;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.SRES_1_BYTES;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.SRES_2_BYTES;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.VALID_CHALLENGE_RESPONSE;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_MAC;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_RAND;
+import static com.android.internal.net.eap.message.simaka.EapSimTypeData.EAP_SIM_CHALLENGE;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.NONCE_MT;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.RAND_1;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.RAND_1_BYTES;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.RAND_2;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.RAND_2_BYTES;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -57,25 +56,25 @@
import android.telephony.TelephonyManager;
-import com.android.internal.net.eap.test.EapResult;
-import com.android.internal.net.eap.test.EapResult.EapError;
-import com.android.internal.net.eap.test.EapResult.EapFailure;
-import com.android.internal.net.eap.test.EapResult.EapSuccess;
-import com.android.internal.net.eap.test.exceptions.EapInvalidRequestException;
-import com.android.internal.net.eap.test.exceptions.simaka.EapSimAkaAuthenticationFailureException;
-import com.android.internal.net.eap.test.exceptions.simaka.EapSimAkaInvalidAttributeException;
-import com.android.internal.net.eap.test.exceptions.simaka.EapSimAkaInvalidLengthException;
-import com.android.internal.net.eap.test.message.EapData;
-import com.android.internal.net.eap.test.message.EapMessage;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtMac;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtNonceMt;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtRandSim;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaTypeData.DecodeResult;
-import com.android.internal.net.eap.test.message.simaka.EapSimTypeData;
-import com.android.internal.net.eap.test.statemachine.EapMethodStateMachine.FinalState;
-import com.android.internal.net.eap.test.statemachine.EapSimMethodStateMachine.ChallengeState;
-import com.android.internal.net.eap.test.statemachine.EapSimMethodStateMachine.ChallengeState.RandChallengeResult;
+import com.android.internal.net.eap.EapResult;
+import com.android.internal.net.eap.EapResult.EapError;
+import com.android.internal.net.eap.EapResult.EapFailure;
+import com.android.internal.net.eap.EapResult.EapSuccess;
+import com.android.internal.net.eap.exceptions.EapInvalidRequestException;
+import com.android.internal.net.eap.exceptions.simaka.EapSimAkaAuthenticationFailureException;
+import com.android.internal.net.eap.exceptions.simaka.EapSimAkaInvalidAttributeException;
+import com.android.internal.net.eap.exceptions.simaka.EapSimAkaInvalidLengthException;
+import com.android.internal.net.eap.message.EapData;
+import com.android.internal.net.eap.message.EapMessage;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtMac;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtNonceMt;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtRandSim;
+import com.android.internal.net.eap.message.simaka.EapSimAkaTypeData.DecodeResult;
+import com.android.internal.net.eap.message.simaka.EapSimTypeData;
+import com.android.internal.net.eap.statemachine.EapMethodStateMachine.FinalState;
+import com.android.internal.net.eap.statemachine.EapSimMethodStateMachine.ChallengeState;
+import com.android.internal.net.eap.statemachine.EapSimMethodStateMachine.ChallengeState.RandChallengeResult;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapSimCreatedStateTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapSimCreatedStateTest.java
index ae780cc..42d81aa 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapSimCreatedStateTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapSimCreatedStateTest.java
@@ -14,15 +14,14 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.statemachine;
+package com.android.internal.net.eap.statemachine;
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_SIM;
-
-import static com.android.internal.net.eap.test.message.EapData.EAP_IDENTITY;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_FAILURE;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_REQUEST;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_SUCCESS;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.ID_INT;
+import static com.android.internal.net.eap.message.EapData.EAP_IDENTITY;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_SIM;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_FAILURE;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_REQUEST;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_SUCCESS;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.ID_INT;
import static org.junit.Assert.assertTrue;
import static org.mockito.ArgumentMatchers.eq;
@@ -31,20 +30,20 @@
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
-import com.android.internal.net.eap.test.EapResult;
-import com.android.internal.net.eap.test.EapResult.EapError;
-import com.android.internal.net.eap.test.EapResult.EapFailure;
-import com.android.internal.net.eap.test.exceptions.EapInvalidRequestException;
-import com.android.internal.net.eap.test.message.EapData;
-import com.android.internal.net.eap.test.message.EapMessage;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtPermanentIdReq;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtVersionList;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaTypeData.DecodeResult;
-import com.android.internal.net.eap.test.message.simaka.EapSimTypeData;
-import com.android.internal.net.eap.test.statemachine.EapMethodStateMachine.FinalState;
-import com.android.internal.net.eap.test.statemachine.EapSimMethodStateMachine.CreatedState;
-import com.android.internal.net.eap.test.statemachine.EapSimMethodStateMachine.StartState;
+import com.android.internal.net.eap.EapResult;
+import com.android.internal.net.eap.EapResult.EapError;
+import com.android.internal.net.eap.EapResult.EapFailure;
+import com.android.internal.net.eap.exceptions.EapInvalidRequestException;
+import com.android.internal.net.eap.message.EapData;
+import com.android.internal.net.eap.message.EapMessage;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtPermanentIdReq;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtVersionList;
+import com.android.internal.net.eap.message.simaka.EapSimAkaTypeData.DecodeResult;
+import com.android.internal.net.eap.message.simaka.EapSimTypeData;
+import com.android.internal.net.eap.statemachine.EapMethodStateMachine.FinalState;
+import com.android.internal.net.eap.statemachine.EapSimMethodStateMachine.CreatedState;
+import com.android.internal.net.eap.statemachine.EapSimMethodStateMachine.StartState;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapSimMethodStateMachineTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapSimMethodStateMachineTest.java
index 613f103..6212473 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapSimMethodStateMachineTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapSimMethodStateMachineTest.java
@@ -14,19 +14,19 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.statemachine;
+package com.android.internal.net.eap.statemachine;
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_SIM;
import static android.telephony.TelephonyManager.APPTYPE_USIM;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_REQUEST;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_SIM_CLIENT_ERROR_UNABLE_TO_PROCESS;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_SIM_NOTIFICATION_RESPONSE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.ID_INT;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtNotification.GENERAL_FAILURE_PRE_CHALLENGE;
-import static com.android.internal.net.eap.test.message.simaka.EapSimTypeData.EAP_SIM_NOTIFICATION;
-import static com.android.internal.net.eap.test.message.simaka.EapSimTypeData.EAP_SIM_START;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_SIM;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_REQUEST;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_SIM_CLIENT_ERROR_UNABLE_TO_PROCESS;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_SIM_NOTIFICATION_RESPONSE;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.ID_INT;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtNotification.GENERAL_FAILURE_PRE_CHALLENGE;
+import static com.android.internal.net.eap.message.simaka.EapSimTypeData.EAP_SIM_NOTIFICATION;
+import static com.android.internal.net.eap.message.simaka.EapSimTypeData.EAP_SIM_START;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -39,21 +39,21 @@
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
-import android.net.eap.test.EapSessionConfig.EapSimConfig;
+import android.net.eap.EapSessionConfig.EapSimConfig;
import android.telephony.TelephonyManager;
-import com.android.internal.net.eap.test.EapResult.EapError;
-import com.android.internal.net.eap.test.EapResult.EapResponse;
-import com.android.internal.net.eap.test.exceptions.EapInvalidRequestException;
-import com.android.internal.net.eap.test.message.EapData;
-import com.android.internal.net.eap.test.message.EapMessage;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtNotification;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtVersionList;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaTypeData;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaTypeData.DecodeResult;
-import com.android.internal.net.eap.test.message.simaka.EapSimTypeData;
-import com.android.internal.net.eap.test.message.simaka.EapSimTypeData.EapSimTypeDataDecoder;
-import com.android.internal.net.eap.test.statemachine.EapSimMethodStateMachine.CreatedState;
+import com.android.internal.net.eap.EapResult.EapError;
+import com.android.internal.net.eap.EapResult.EapResponse;
+import com.android.internal.net.eap.exceptions.EapInvalidRequestException;
+import com.android.internal.net.eap.message.EapData;
+import com.android.internal.net.eap.message.EapMessage;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtNotification;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtVersionList;
+import com.android.internal.net.eap.message.simaka.EapSimAkaTypeData;
+import com.android.internal.net.eap.message.simaka.EapSimAkaTypeData.DecodeResult;
+import com.android.internal.net.eap.message.simaka.EapSimTypeData;
+import com.android.internal.net.eap.message.simaka.EapSimTypeData.EapSimTypeDataDecoder;
+import com.android.internal.net.eap.statemachine.EapSimMethodStateMachine.CreatedState;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapSimStartStateTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapSimStartStateTest.java
index 4a22fadf..c97324c 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapSimStartStateTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapSimStartStateTest.java
@@ -14,27 +14,26 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.statemachine;
+package com.android.internal.net.eap.statemachine;
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_SIM;
-
-import static com.android.internal.net.eap.test.message.EapData.EAP_IDENTITY;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_FAILURE;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_REQUEST;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_SUCCESS;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_SIM_IDENTITY;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_SIM_RESPONSE_WITHOUT_IDENTITY;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.ID_INT;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.IMSI;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_ANY_ID_REQ;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_ENCR_DATA;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_IV;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_MAC;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_PERMANENT_ID_REQ;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.EAP_AT_VERSION_LIST;
-import static com.android.internal.net.eap.test.message.simaka.EapSimTypeData.EAP_SIM_CHALLENGE;
-import static com.android.internal.net.eap.test.message.simaka.EapSimTypeData.EAP_SIM_START;
-import static com.android.internal.net.eap.test.message.simaka.attributes.EapTestAttributeDefinitions.NONCE_MT;
+import static com.android.internal.net.eap.message.EapData.EAP_IDENTITY;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_SIM;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_FAILURE;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_REQUEST;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_SUCCESS;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_SIM_IDENTITY;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_SIM_RESPONSE_WITHOUT_IDENTITY;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.ID_INT;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.IMSI;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_ANY_ID_REQ;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_ENCR_DATA;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_IV;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_MAC;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_PERMANENT_ID_REQ;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.EAP_AT_VERSION_LIST;
+import static com.android.internal.net.eap.message.simaka.EapSimTypeData.EAP_SIM_CHALLENGE;
+import static com.android.internal.net.eap.message.simaka.EapSimTypeData.EAP_SIM_START;
+import static com.android.internal.net.eap.message.simaka.attributes.EapTestAttributeDefinitions.NONCE_MT;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertFalse;
@@ -46,27 +45,27 @@
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
-import com.android.internal.net.eap.test.EapResult;
-import com.android.internal.net.eap.test.EapResult.EapError;
-import com.android.internal.net.eap.test.EapResult.EapFailure;
-import com.android.internal.net.eap.test.EapResult.EapResponse;
-import com.android.internal.net.eap.test.exceptions.EapInvalidRequestException;
-import com.android.internal.net.eap.test.exceptions.simaka.EapSimAkaIdentityUnavailableException;
-import com.android.internal.net.eap.test.message.EapData;
-import com.android.internal.net.eap.test.message.EapMessage;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtAnyIdReq;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtIdentity;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtMac;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtNonceMt;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtPermanentIdReq;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtVersionList;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaTypeData.DecodeResult;
-import com.android.internal.net.eap.test.message.simaka.EapSimTypeData;
-import com.android.internal.net.eap.test.statemachine.EapMethodStateMachine.FinalState;
-import com.android.internal.net.eap.test.statemachine.EapSimMethodStateMachine.ChallengeState;
-import com.android.internal.net.eap.test.statemachine.EapSimMethodStateMachine.StartState;
-import com.android.internal.net.utils.test.Log;
+import com.android.internal.net.eap.EapResult;
+import com.android.internal.net.eap.EapResult.EapError;
+import com.android.internal.net.eap.EapResult.EapFailure;
+import com.android.internal.net.eap.EapResult.EapResponse;
+import com.android.internal.net.eap.exceptions.EapInvalidRequestException;
+import com.android.internal.net.eap.exceptions.simaka.EapSimAkaIdentityUnavailableException;
+import com.android.internal.net.eap.message.EapData;
+import com.android.internal.net.eap.message.EapMessage;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtAnyIdReq;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtIdentity;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtMac;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtNonceMt;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtPermanentIdReq;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtVersionList;
+import com.android.internal.net.eap.message.simaka.EapSimAkaTypeData.DecodeResult;
+import com.android.internal.net.eap.message.simaka.EapSimTypeData;
+import com.android.internal.net.eap.statemachine.EapMethodStateMachine.FinalState;
+import com.android.internal.net.eap.statemachine.EapSimMethodStateMachine.ChallengeState;
+import com.android.internal.net.eap.statemachine.EapSimMethodStateMachine.StartState;
+import com.android.internal.net.utils.Log;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapSimStateTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapSimStateTest.java
index 4591c3d..a396f08 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapSimStateTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapSimStateTest.java
@@ -14,20 +14,20 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.statemachine;
+package com.android.internal.net.eap.statemachine;
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_SIM;
import static android.telephony.TelephonyManager.APPTYPE_USIM;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
-import static com.android.internal.net.eap.test.message.EapData.EAP_NOTIFICATION;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_REQUEST;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_RESPONSE_NOTIFICATION_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_SIM_CLIENT_ERROR_INSUFFICIENT_CHALLENGES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_SIM_NOTIFICATION_RESPONSE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.ID_INT;
-import static com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtNotification.GENERAL_FAILURE_PRE_CHALLENGE;
-import static com.android.internal.net.eap.test.message.simaka.EapSimTypeData.EAP_SIM_NOTIFICATION;
+import static com.android.internal.net.eap.message.EapData.EAP_NOTIFICATION;
+import static com.android.internal.net.eap.message.EapData.EAP_TYPE_SIM;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_REQUEST;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_RESPONSE_NOTIFICATION_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_SIM_CLIENT_ERROR_INSUFFICIENT_CHALLENGES;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_SIM_NOTIFICATION_RESPONSE;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.ID_INT;
+import static com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtNotification.GENERAL_FAILURE_PRE_CHALLENGE;
+import static com.android.internal.net.eap.message.simaka.EapSimTypeData.EAP_SIM_NOTIFICATION;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -38,19 +38,19 @@
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
-import android.net.eap.test.EapSessionConfig.EapSimConfig;
+import android.net.eap.EapSessionConfig.EapSimConfig;
import android.telephony.TelephonyManager;
-import com.android.internal.net.eap.test.EapResult;
-import com.android.internal.net.eap.test.EapResult.EapResponse;
-import com.android.internal.net.eap.test.message.EapData;
-import com.android.internal.net.eap.test.message.EapMessage;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtClientErrorCode;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaAttribute.AtNotification;
-import com.android.internal.net.eap.test.message.simaka.EapSimAkaTypeData.DecodeResult;
-import com.android.internal.net.eap.test.message.simaka.EapSimTypeData;
-import com.android.internal.net.eap.test.message.simaka.EapSimTypeData.EapSimTypeDataDecoder;
-import com.android.internal.net.eap.test.statemachine.EapMethodStateMachine.EapMethodState;
+import com.android.internal.net.eap.EapResult;
+import com.android.internal.net.eap.EapResult.EapResponse;
+import com.android.internal.net.eap.message.EapData;
+import com.android.internal.net.eap.message.EapMessage;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtClientErrorCode;
+import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute.AtNotification;
+import com.android.internal.net.eap.message.simaka.EapSimAkaTypeData.DecodeResult;
+import com.android.internal.net.eap.message.simaka.EapSimTypeData;
+import com.android.internal.net.eap.message.simaka.EapSimTypeData.EapSimTypeDataDecoder;
+import com.android.internal.net.eap.statemachine.EapMethodStateMachine.EapMethodState;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapStateMachineTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapStateMachineTest.java
index a1e061f..288fc85 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapStateMachineTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapStateMachineTest.java
@@ -14,24 +14,24 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.statemachine;
+package com.android.internal.net.eap.statemachine;
import static androidx.test.InstrumentationRegistry.getInstrumentation;
-import static com.android.internal.net.eap.test.EapTestUtils.getDummyEapSessionConfig;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_SUCCESS_PACKET;
+import static com.android.internal.net.eap.EapTestUtils.getDummyEapSessionConfig;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_SUCCESS_PACKET;
import static org.junit.Assert.assertTrue;
import android.content.Context;
-import android.net.eap.test.EapSessionConfig;
+import android.net.eap.EapSessionConfig;
-import com.android.internal.net.eap.test.EapResult;
-import com.android.internal.net.eap.test.EapResult.EapError;
-import com.android.internal.net.eap.test.exceptions.EapInvalidRequestException;
-import com.android.internal.net.eap.test.statemachine.EapStateMachine.CreatedState;
-import com.android.internal.net.eap.test.statemachine.EapStateMachine.FailureState;
-import com.android.internal.net.eap.test.statemachine.EapStateMachine.SuccessState;
+import com.android.internal.net.eap.EapResult;
+import com.android.internal.net.eap.EapResult.EapError;
+import com.android.internal.net.eap.exceptions.EapInvalidRequestException;
+import com.android.internal.net.eap.statemachine.EapStateMachine.CreatedState;
+import com.android.internal.net.eap.statemachine.EapStateMachine.FailureState;
+import com.android.internal.net.eap.statemachine.EapStateMachine.SuccessState;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapStateTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapStateTest.java
index d113a20..0193cb4 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapStateTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapStateTest.java
@@ -14,30 +14,30 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.statemachine;
+package com.android.internal.net.eap.statemachine;
import static androidx.test.InstrumentationRegistry.getInstrumentation;
-import static com.android.internal.net.eap.test.EapTestUtils.getDummyEapSimSessionConfig;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_REQUEST_MD5_CHALLENGE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_REQUEST_NAK_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_RESPONSE_NAK_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_RESPONSE_NOTIFICATION_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.REQUEST_UNSUPPORTED_TYPE_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.SHORT_PACKET;
+import static com.android.internal.net.eap.EapTestUtils.getDummyEapSimSessionConfig;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_REQUEST_MD5_CHALLENGE;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_REQUEST_NAK_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_RESPONSE_NAK_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_RESPONSE_NOTIFICATION_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.REQUEST_UNSUPPORTED_TYPE_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.SHORT_PACKET;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertTrue;
import android.content.Context;
-import android.net.eap.test.EapSessionConfig;
+import android.net.eap.EapSessionConfig;
-import com.android.internal.net.eap.test.EapResult;
-import com.android.internal.net.eap.test.EapResult.EapError;
-import com.android.internal.net.eap.test.EapResult.EapResponse;
-import com.android.internal.net.eap.test.exceptions.EapInvalidPacketLengthException;
-import com.android.internal.net.eap.test.exceptions.EapInvalidRequestException;
-import com.android.internal.net.eap.test.statemachine.EapStateMachine.EapState;
+import com.android.internal.net.eap.EapResult;
+import com.android.internal.net.eap.EapResult.EapError;
+import com.android.internal.net.eap.EapResult.EapResponse;
+import com.android.internal.net.eap.exceptions.EapInvalidPacketLengthException;
+import com.android.internal.net.eap.exceptions.EapInvalidRequestException;
+import com.android.internal.net.eap.statemachine.EapStateMachine.EapState;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapTtlsCreatedStateTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapTtlsCreatedStateTest.java
deleted file mode 100644
index 7174608..0000000
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapTtlsCreatedStateTest.java
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.eap.test.statemachine;
-
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_TTLS;
-
-import static com.android.internal.net.eap.test.crypto.TlsSession.TLS_STATUS_SUCCESS;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_REQUEST;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_TTLS_DUMMY_DATA_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.ID_INT;
-
-import static org.junit.Assert.assertTrue;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.times;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
-
-import com.android.internal.net.eap.test.exceptions.EapInvalidRequestException;
-import com.android.internal.net.eap.test.message.EapData;
-import com.android.internal.net.eap.test.message.EapMessage;
-import com.android.internal.net.eap.test.message.ttls.EapTtlsTypeData.EapTtlsAcknowledgement;
-import com.android.internal.net.eap.test.statemachine.EapTtlsMethodStateMachine.CreatedState;
-import com.android.internal.net.eap.test.statemachine.EapTtlsMethodStateMachine.HandshakeState;
-
-import org.junit.Test;
-
-public class EapTtlsCreatedStateTest extends EapTtlsStateTest {
-
- @Test
- public void testStartRequest() throws Exception {
- EapData eapData = new EapData(EAP_TYPE_TTLS, DUMMY_EAP_TYPE_DATA);
- EapMessage eapMessage = new EapMessage(EAP_CODE_REQUEST, ID_INT, eapData);
-
- mockTypeDataDecoding(getEapTtlsStartTypeData());
- when(mMockTlsSessionFactory.newInstance(any(), any())).thenReturn(mMockTlsSession);
- when(mMockTlsSession.startHandshake())
- .thenReturn(
- mMockTlsSession
- .new TlsResult(EAP_TTLS_DUMMY_DATA_BYTES, TLS_STATUS_SUCCESS));
-
- mStateMachine.process(eapMessage);
- verify(mMockTypeDataDecoder, times(2)).decodeEapTtlsRequestPacket(eq(DUMMY_EAP_TYPE_DATA));
- assertTrue(mStateMachine.getState() instanceof HandshakeState);
- }
-
- @Test
- public void testUnexpectedRequest() throws Exception {
- mockTypeDataDecoding(EapTtlsAcknowledgement.getEapTtlsAcknowledgement());
-
- processMessageAndVerifyEapError(EapInvalidRequestException.class);
- verify(mMockTypeDataDecoder).decodeEapTtlsRequestPacket(eq(DUMMY_EAP_TYPE_DATA));
- assertTrue(mStateMachine.getState() instanceof CreatedState);
- }
-}
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapTtlsErroredAndAwaitingClosureStateTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapTtlsErroredAndAwaitingClosureStateTest.java
deleted file mode 100644
index c05af48..0000000
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapTtlsErroredAndAwaitingClosureStateTest.java
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.eap.test.statemachine;
-
-import static com.android.internal.net.eap.test.crypto.TlsSession.TLS_STATUS_CLOSED;
-import static com.android.internal.net.eap.test.crypto.TlsSession.TLS_STATUS_FAILURE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_RESPONSE_TTLS_WITH_LENGTH;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_TTLS_DUMMY_DATA_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.ID_INT;
-
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertTrue;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
-
-import com.android.internal.net.eap.test.EapResult.EapError;
-import com.android.internal.net.eap.test.EapResult.EapResponse;
-import com.android.internal.net.eap.test.exceptions.ttls.EapTtlsParsingException;
-import com.android.internal.net.eap.test.statemachine.EapTtlsMethodStateMachine.ErroredAndAwaitingClosureState;
-
-import org.junit.Before;
-import org.junit.Test;
-
-public class EapTtlsErroredAndAwaitingClosureStateTest extends EapTtlsStateTest {
- private static final String TAG = EapTtlsHandshakeStateTest.class.getSimpleName();
-
- @Before
- @Override
- public void setUp() throws Exception {
- super.setUp();
- mStateMachine.mTlsSession = mMockTlsSession;
- }
-
- @Test
- public void testTransitionToClosureState_closureResponse() throws Exception {
- when(mMockTlsSession.closeConnection())
- .thenReturn(
- mMockTlsSession
- .new TlsResult(EAP_TTLS_DUMMY_DATA_BYTES, TLS_STATUS_CLOSED));
-
- EapResponse eapResponse =
- (EapResponse)
- mStateMachine.transitionToErroredAndAwaitingClosureState(
- TAG,
- ID_INT,
- new EapError(new EapTtlsParsingException("Sample Exception")));
- assertArrayEquals(EAP_RESPONSE_TTLS_WITH_LENGTH, eapResponse.packet);
- assertTrue(mStateMachine.getState() instanceof ErroredAndAwaitingClosureState);
- verify(mMockTlsSession).closeConnection();
- }
-
- @Test
- public void testTransitionToClosureState_eapError() throws Exception {
- when(mMockTlsSession.closeConnection())
- .thenReturn(mMockTlsSession.new TlsResult(TLS_STATUS_FAILURE));
-
- EapError eapError =
- (EapError)
- mStateMachine.transitionToErroredAndAwaitingClosureState(
- TAG,
- ID_INT,
- new EapError(new EapTtlsParsingException("Sample Exception")));
- assertTrue(eapError.cause instanceof EapTtlsParsingException);
- verify(mMockTlsSession).closeConnection();
- }
-
- @Test
- public void testClosureState_closureNotifyRequest() throws Exception {
- mStateMachine.transitionTo(
- mStateMachine
- .new ErroredAndAwaitingClosureState(
- new EapError(new EapTtlsParsingException("Sample Exception"))));
- mockTypeDataDecoding(getEapTtlsTypeData(EAP_TTLS_DUMMY_DATA_BYTES));
-
- processMessageAndVerifyEapError(EapTtlsParsingException.class);
- }
-}
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapTtlsHandshakeStateTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapTtlsHandshakeStateTest.java
deleted file mode 100644
index f5da505..0000000
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapTtlsHandshakeStateTest.java
+++ /dev/null
@@ -1,345 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.eap.test.statemachine;
-
-import static com.android.internal.net.TestUtils.hexStringToByteArray;
-import static com.android.internal.net.eap.test.crypto.TlsSession.TLS_STATUS_CLOSED;
-import static com.android.internal.net.eap.test.crypto.TlsSession.TLS_STATUS_FAILURE;
-import static com.android.internal.net.eap.test.crypto.TlsSession.TLS_STATUS_SUCCESS;
-import static com.android.internal.net.eap.test.crypto.TlsSession.TLS_STATUS_TUNNEL_ESTABLISHED;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_RESPONSE_TTLS_ACK;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_RESPONSE_TTLS_FINAL_FRAGMENT;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_RESPONSE_TTLS_INITIAL_FRAGMENT;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_RESPONSE_TTLS_WITH_LENGTH;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_TTLS_DUMMY_DATA_ASSEMBLED_FRAGMENT_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_TTLS_DUMMY_DATA_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_TTLS_DUMMY_DATA_FINAL_FRAGMENT_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_TTLS_DUMMY_DATA_INITIAL_FRAGMENT_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.ID_INT;
-
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertTrue;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
-
-import com.android.internal.net.eap.test.crypto.TlsSession.TlsResult;
-import com.android.internal.net.eap.test.exceptions.ttls.EapTtlsHandshakeException;
-import com.android.internal.net.eap.test.message.ttls.EapTtlsTypeData;
-import com.android.internal.net.eap.test.message.ttls.EapTtlsTypeData.EapTtlsAcknowledgement;
-import com.android.internal.net.eap.test.statemachine.EapMethodStateMachine.EapMethodState;
-import com.android.internal.net.eap.test.statemachine.EapMethodStateMachine.FinalState;
-import com.android.internal.net.eap.test.statemachine.EapTtlsMethodStateMachine.ErroredAndAwaitingClosureState;
-import com.android.internal.net.eap.test.statemachine.EapTtlsMethodStateMachine.HandshakeState;
-import com.android.internal.net.eap.test.statemachine.EapTtlsMethodStateMachine.TunnelState;
-
-import org.junit.Before;
-import org.junit.Test;
-
-import java.security.GeneralSecurityException;
-
-public class EapTtlsHandshakeStateTest extends EapTtlsStateTest {
-
- private static final byte[] DUMMY_EAP_IDENTITY_AVP =
- hexStringToByteArray(
- "0000004F" + "40" + "00000D" // AVP Code | AVP Flags | AVP Length
- + "0210000501" // EAP-Response/Identity
- + "000000"); // Padding
-
- private HandshakeState mHandshakeState;
-
- @Before
- @Override
- public void setUp() throws Exception {
- super.setUp();
-
- mHandshakeState = mStateMachine.new HandshakeState();
- mStateMachine.mTlsSession = mMockTlsSession;
- mStateMachine.transitionTo(mHandshakeState);
- }
-
- @Test
- public void testBuildEapIdentityResponseAvp() throws Exception {
- assertArrayEquals(
- DUMMY_EAP_IDENTITY_AVP, mHandshakeState.buildEapIdentityResponseAvp(ID_INT));
- }
-
- @Test
- public void testStartHandshake_success() throws Exception {
- mStateMachine.mTlsSession = null;
- mockTypeDataDecoding(getEapTtlsStartTypeData());
- when(mMockTlsSessionFactory.newInstance(any(), any())).thenReturn(mMockTlsSession);
- when(mMockTlsSession.startHandshake())
- .thenReturn(
- mMockTlsSession
- .new TlsResult(EAP_TTLS_DUMMY_DATA_BYTES, TLS_STATUS_SUCCESS));
-
- processMessageAndVerifyEapResponse(EAP_RESPONSE_TTLS_WITH_LENGTH);
- verify(mMockTypeDataDecoder).decodeEapTtlsRequestPacket(eq(DUMMY_EAP_TYPE_DATA));
- assertTrue(mStateMachine.getState() instanceof HandshakeState);
- }
-
- @Test
- public void testStartHandshake_tlsSetUpFailure() throws Exception {
- mStateMachine.mTlsSession = null;
- when(mMockTlsSessionFactory.newInstance(any(), any()))
- .thenThrow(GeneralSecurityException.class);
-
- testHandshakeFailure_eapError(getEapTtlsStartTypeData(), EapTtlsHandshakeException.class);
- }
-
- @Test
- public void testStartHandshake_failure() throws Exception {
- mStateMachine.mTlsSession = null;
- when(mMockTlsSessionFactory.newInstance(any(), any())).thenReturn(mMockTlsSession);
- when(mMockTlsSession.startHandshake())
- .thenReturn(mMockTlsSession.new TlsResult(TLS_STATUS_FAILURE));
-
- testHandshakeFailure_eapError(getEapTtlsStartTypeData(), EapTtlsHandshakeException.class);
- assertTrue(mStateMachine.getState() instanceof FinalState);
- }
-
- @Test
- public void testSecondStartRequest() throws Exception {
- processMessageAndVerifyConnectionClosed(getEapTtlsStartTypeData());
- }
-
- @Test
- public void testHandshake_handshakeComplete() throws Exception {
- testHandshake(
- getEapTtlsTypeData(EAP_TTLS_DUMMY_DATA_BYTES),
- TLS_STATUS_TUNNEL_ESTABLISHED,
- EAP_TTLS_DUMMY_DATA_BYTES,
- EAP_RESPONSE_TTLS_WITH_LENGTH,
- TunnelState.class);
- }
-
- @Test
- public void testHandshake_intermediateResponse() throws Exception {
- testHandshake(
- getEapTtlsTypeData(EAP_TTLS_DUMMY_DATA_BYTES),
- TLS_STATUS_SUCCESS,
- EAP_TTLS_DUMMY_DATA_BYTES,
- EAP_RESPONSE_TTLS_WITH_LENGTH,
- HandshakeState.class);
- }
-
- @Test
- public void testHandshake_failure() throws Exception {
- when(mMockTlsSession.processHandshakeData(
- eq(EAP_TTLS_DUMMY_DATA_BYTES), eq(DUMMY_EAP_IDENTITY_AVP)))
- .thenReturn(mMockTlsSession.new TlsResult(TLS_STATUS_FAILURE));
-
- testHandshakeFailure_eapError(
- getEapTtlsTypeData(EAP_TTLS_DUMMY_DATA_BYTES), EapTtlsHandshakeException.class);
-
- verify(mMockTlsSession)
- .processHandshakeData(eq(EAP_TTLS_DUMMY_DATA_BYTES), eq(DUMMY_EAP_IDENTITY_AVP));
- assertTrue(mStateMachine.getState() instanceof FinalState);
- }
-
- @Test
- public void testHandshake_closed() throws Exception {
- testHandshake(
- getEapTtlsTypeData(EAP_TTLS_DUMMY_DATA_BYTES),
- TLS_STATUS_CLOSED,
- EAP_TTLS_DUMMY_DATA_BYTES,
- EAP_RESPONSE_TTLS_WITH_LENGTH,
- ErroredAndAwaitingClosureState.class);
- }
-
- @Test
- public void testHandshake_inboundFragmentation_initialFragment() throws Exception {
- mockTypeDataDecoding(
- getEapTtlsFragmentTypeData(
- true /* isFragmented */,
- BUFFER_SIZE_ASSEMBLED_FRAGMENTS,
- EAP_TTLS_DUMMY_DATA_INITIAL_FRAGMENT_BYTES));
-
- processMessageAndVerifyEapResponse(EAP_RESPONSE_TTLS_ACK);
- assertTrue(mInboundFragmentationHelper.isAwaitingFragments());
- verify(mMockTypeDataDecoder).decodeEapTtlsRequestPacket(eq(DUMMY_EAP_TYPE_DATA));
- assertTrue(mStateMachine.getState() instanceof HandshakeState);
- }
-
- @Test
- public void testHandshake_inboundFragmentation_finalFragment() throws Exception {
- mInboundFragmentationHelper.assembleInboundMessage(
- getEapTtlsFragmentTypeData(
- true /* isFragmented */,
- BUFFER_SIZE_ASSEMBLED_FRAGMENTS,
- EAP_TTLS_DUMMY_DATA_INITIAL_FRAGMENT_BYTES));
-
- testHandshake(
- getEapTtlsTypeData(EAP_TTLS_DUMMY_DATA_FINAL_FRAGMENT_BYTES),
- EAP_TTLS_DUMMY_DATA_ASSEMBLED_FRAGMENT_BYTES,
- TLS_STATUS_SUCCESS,
- EAP_TTLS_DUMMY_DATA_BYTES,
- EAP_RESPONSE_TTLS_WITH_LENGTH,
- HandshakeState.class);
- }
-
- @Test
- public void testHandshake_inboundFragmentation_noLength() throws Exception {
- processMessageAndVerifyConnectionClosed(
- getEapTtlsFragmentTypeData(
- true /* isFragmented */,
- 0 /* messageLength */,
- EAP_TTLS_DUMMY_DATA_INITIAL_FRAGMENT_BYTES));
- }
-
- @Test
- public void testHandshake_inboundFragmentation_overflow() throws Exception {
- mInboundFragmentationHelper.assembleInboundMessage(
- getEapTtlsFragmentTypeData(
- true /* isFragmented */,
- BUFFER_SIZE_FRAGMENT_ONE,
- EAP_TTLS_DUMMY_DATA_INITIAL_FRAGMENT_BYTES));
-
- processMessageAndVerifyConnectionClosed(
- getEapTtlsFragmentTypeData(
- true /* isFragmented */,
- 0 /* messageLength */,
- EAP_TTLS_DUMMY_DATA_FINAL_FRAGMENT_BYTES));
- }
-
- @Test
- public void testHandshake_inboundFragmentation_lengthBitSet() throws Exception {
- mInboundFragmentationHelper.assembleInboundMessage(
- getEapTtlsFragmentTypeData(
- true /* isFragmented */,
- BUFFER_SIZE_ASSEMBLED_FRAGMENTS,
- EAP_TTLS_DUMMY_DATA_INITIAL_FRAGMENT_BYTES));
-
- processMessageAndVerifyConnectionClosed(
- getEapTtlsFragmentTypeData(
- true /* isFragmented */,
- BUFFER_SIZE_ASSEMBLED_FRAGMENTS,
- EAP_TTLS_DUMMY_DATA_FINAL_FRAGMENT_BYTES));
- }
-
- @Test
- public void testHandshake_outboundFragmentation_initialFragment() throws Exception {
- testHandshake(
- getEapTtlsTypeData(EAP_TTLS_DUMMY_DATA_BYTES),
- TLS_STATUS_SUCCESS,
- EAP_TTLS_DUMMY_DATA_ASSEMBLED_FRAGMENT_BYTES,
- EAP_RESPONSE_TTLS_INITIAL_FRAGMENT,
- HandshakeState.class);
-
- verify(mMockTypeDataDecoder).decodeEapTtlsRequestPacket(eq(DUMMY_EAP_TYPE_DATA));
- }
-
- @Test
- public void testHandshake_outboundFragmentation_finalFragment() throws Exception {
- mOutboundFragmentationHelper.setupOutboundFragmentation(
- EAP_TTLS_DUMMY_DATA_ASSEMBLED_FRAGMENT_BYTES);
- mOutboundFragmentationHelper.getNextOutboundFragment();
-
- mockTypeDataDecoding(getEapTtlsTypeData(EMPTY_BYTE_ARRAY));
-
- processMessageAndVerifyEapResponse(EAP_RESPONSE_TTLS_FINAL_FRAGMENT);
- verify(mMockTypeDataDecoder).decodeEapTtlsRequestPacket(eq(DUMMY_EAP_TYPE_DATA));
- assertTrue(mStateMachine.getState() instanceof HandshakeState);
- }
-
- @Test
- public void testHandshake_outboundFragmentation_receivedNonAck() throws Exception {
- mOutboundFragmentationHelper.setupOutboundFragmentation(
- EAP_TTLS_DUMMY_DATA_ASSEMBLED_FRAGMENT_BYTES);
- mOutboundFragmentationHelper.getNextOutboundFragment();
-
- processMessageAndVerifyConnectionClosed(getEapTtlsTypeData(EAP_TTLS_DUMMY_DATA_BYTES));
- }
-
- @Test
- public void testHandshake_unexpectedAck() throws Exception {
- processMessageAndVerifyConnectionClosed(EapTtlsAcknowledgement.getEapTtlsAcknowledgement());
- }
-
- /**
- * Completes an entire run of all operations in the handshake state
- *
- * <p>Note that in this case, the decoded data is used in processIncomingData. In other words,
- * this method does not test for fragmentation.
- *
- * @param decodedTypeData the type data that is decoded by the type data decoder
- * @param tlsStatus the status returned by processHandshakeData
- * @param tlsResultData the data returned by processHandshakeData
- * @param expectedResponse the expected EAP-Response
- * @param expectedState the expected method state following a response
- */
- private void testHandshake(
- EapTtlsTypeData decodedTypeData,
- int tlsStatus,
- byte[] tlsResultData,
- byte[] expectedResponse,
- Class<? extends EapMethodState> expectedState)
- throws Exception {
- testHandshake(
- decodedTypeData,
- decodedTypeData.data,
- tlsStatus,
- tlsResultData,
- expectedResponse,
- expectedState);
- }
-
- /**
- * Completes an entire run of all operations in the handshake state
- *
- * @param decodedTypeData the type data that is decoded by the type data decoder
- * @param assembledData the data passed into processHandshakeData
- * @param tlsStatus the status returned by processHandshakeData
- * @param tlsResultData the data returned by processHandshakeData
- * @param expectedResponse the expected EAP-Response
- * @param expectedState the expected method state following a response
- */
- private void testHandshake(
- EapTtlsTypeData decodedTypeData,
- byte[] assembledData,
- int tlsStatus,
- byte[] tlsResultData,
- byte[] expectedResponse,
- Class<? extends EapMethodState> expectedState)
- throws Exception {
- mockTypeDataDecoding(decodedTypeData);
- when(mMockTlsSession.processHandshakeData(eq(assembledData), eq(DUMMY_EAP_IDENTITY_AVP)))
- .thenReturn(mMockTlsSession.new TlsResult(tlsResultData, tlsStatus));
-
- processMessageAndVerifyEapResponse(expectedResponse);
- verify(mMockTypeDataDecoder).decodeEapTtlsRequestPacket(eq(DUMMY_EAP_TYPE_DATA));
- verify(mMockTlsSession).processHandshakeData(eq(assembledData), eq(DUMMY_EAP_IDENTITY_AVP));
- assertTrue(expectedState.isInstance(mStateMachine.getState()));
- }
-
- /**
- * Completes a run of operations in the handshake state that results in an EapError
- *
- * @param decodedTypeData the type data that is decoded by the type data decoder
- * @param expectedError the expected error within the EapError
- */
- private void testHandshakeFailure_eapError(
- EapTtlsTypeData decodedTypeData, Class<? extends Exception> expectedError)
- throws Exception {
- mockTypeDataDecoding(decodedTypeData);
-
- processMessageAndVerifyEapError(expectedError);
- verify(mMockTypeDataDecoder).decodeEapTtlsRequestPacket(eq(DUMMY_EAP_TYPE_DATA));
- }
-}
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapTtlsStateTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapTtlsStateTest.java
deleted file mode 100644
index 4044e1e..0000000
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapTtlsStateTest.java
+++ /dev/null
@@ -1,232 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.eap.test.statemachine;
-
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_TTLS;
-
-import static androidx.test.InstrumentationRegistry.getInstrumentation;
-
-import static com.android.internal.net.TestUtils.hexStringToByteArray;
-import static com.android.internal.net.eap.test.crypto.TlsSession.TLS_STATUS_CLOSED;
-import static com.android.internal.net.eap.test.message.EapData.EAP_NOTIFICATION;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_FAILURE;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_REQUEST;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_SUCCESS;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_RESPONSE_NOTIFICATION_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_RESPONSE_TTLS_WITH_LENGTH;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_TTLS_DUMMY_DATA_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_TTLS_DUMMY_DATA_FINAL_FRAGMENT_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_TTLS_DUMMY_DATA_INITIAL_FRAGMENT_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.ID_INT;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_PASSWORD;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_USERNAME;
-
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.any;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
-
-import android.content.Context;
-import android.net.eap.test.EapSessionConfig;
-import android.net.eap.test.EapSessionConfig.EapTtlsConfig;
-
-import com.android.internal.net.eap.test.EapResult;
-import com.android.internal.net.eap.test.EapResult.EapError;
-import com.android.internal.net.eap.test.EapResult.EapFailure;
-import com.android.internal.net.eap.test.EapResult.EapResponse;
-import com.android.internal.net.eap.test.crypto.TlsSession;
-import com.android.internal.net.eap.test.crypto.TlsSession.TlsResult;
-import com.android.internal.net.eap.test.crypto.TlsSessionFactory;
-import com.android.internal.net.eap.test.exceptions.EapInvalidRequestException;
-import com.android.internal.net.eap.test.message.EapData;
-import com.android.internal.net.eap.test.message.EapMessage;
-import com.android.internal.net.eap.test.message.ttls.EapTtlsInboundFragmentationHelper;
-import com.android.internal.net.eap.test.message.ttls.EapTtlsOutboundFragmentationHelper;
-import com.android.internal.net.eap.test.message.ttls.EapTtlsTypeData;
-import com.android.internal.net.eap.test.message.ttls.EapTtlsTypeData.EapTtlsTypeDataDecoder;
-import com.android.internal.net.eap.test.message.ttls.EapTtlsTypeData.EapTtlsTypeDataDecoder.DecodeResult;
-import com.android.internal.net.eap.test.statemachine.EapMethodStateMachine.EapMethodState;
-import com.android.internal.net.eap.test.statemachine.EapMethodStateMachine.FinalState;
-import com.android.internal.net.eap.test.statemachine.EapTtlsMethodStateMachine.ErroredAndAwaitingClosureState;
-
-import org.junit.AfterClass;
-import org.junit.Before;
-import org.junit.Test;
-
-import java.security.SecureRandom;
-
-public class EapTtlsStateTest {
-
- static final String NOTIFICATION_MESSAGE = "test";
- static final byte[] DUMMY_EAP_TYPE_DATA = hexStringToByteArray("112233445566");
- static final byte[] EMPTY_BYTE_ARRAY = new byte[0];
-
- static final int BUFFER_SIZE_FRAGMENT_ONE = EAP_TTLS_DUMMY_DATA_INITIAL_FRAGMENT_BYTES.length;
- static final int BUFFER_SIZE_FRAGMENT_TWO = EAP_TTLS_DUMMY_DATA_FINAL_FRAGMENT_BYTES.length;
- static final int BUFFER_SIZE_ASSEMBLED_FRAGMENTS =
- BUFFER_SIZE_FRAGMENT_ONE + BUFFER_SIZE_FRAGMENT_TWO;
-
- Context mContext;
- SecureRandom mMockSecureRandom;
- EapTtlsTypeDataDecoder mMockTypeDataDecoder;
- TlsSessionFactory mMockTlsSessionFactory;
- TlsSession mMockTlsSession;
-
- EapTtlsConfig mEapTtlsConfig;
- EapTtlsMethodStateMachine mStateMachine;
- EapTtlsInboundFragmentationHelper mInboundFragmentationHelper;
- EapTtlsOutboundFragmentationHelper mOutboundFragmentationHelper;
-
- @Before
- public void setUp() throws Exception {
- mContext = getInstrumentation().getContext();
- mMockSecureRandom = mock(SecureRandom.class);
- mMockTypeDataDecoder = mock(EapTtlsTypeDataDecoder.class);
- mMockTlsSessionFactory = mock(TlsSessionFactory.class);
- mMockTlsSession = mock(TlsSession.class);
-
- EapSessionConfig innerEapSessionConfig =
- new EapSessionConfig.Builder()
- .setEapMsChapV2Config(MSCHAP_V2_USERNAME, MSCHAP_V2_PASSWORD)
- .build();
- EapSessionConfig eapSessionConfig =
- new EapSessionConfig.Builder()
- .setEapTtlsConfig(null /* trustedCa */, innerEapSessionConfig)
- .build();
- mEapTtlsConfig = eapSessionConfig.getEapTtlsConfig();
-
- mInboundFragmentationHelper = new EapTtlsInboundFragmentationHelper();
- mOutboundFragmentationHelper =
- new EapTtlsOutboundFragmentationHelper(BUFFER_SIZE_FRAGMENT_ONE);
-
- mStateMachine =
- new EapTtlsMethodStateMachine(
- mContext,
- mEapTtlsConfig,
- mMockSecureRandom,
- mMockTypeDataDecoder,
- mInboundFragmentationHelper,
- mOutboundFragmentationHelper);
- EapTtlsMethodStateMachine.sTlsSessionFactory = mMockTlsSessionFactory;
- when(mMockTlsSessionFactory.newInstance(any(), any())).thenReturn(mMockTlsSession);
- }
-
- @AfterClass
- public static void teardown() {
- EapTtlsMethodStateMachine.sTlsSessionFactory = new TlsSessionFactory();
- }
-
- @Test
- public void testHandleEapFailureNotification() throws Exception {
- EapResult result = mStateMachine.process(new EapMessage(EAP_CODE_FAILURE, ID_INT, null));
- assertTrue(result instanceof EapFailure);
- assertTrue(mStateMachine.getState() instanceof FinalState);
- }
-
- @Test
- public void testHandleEapSuccessNotification() throws Exception {
- EapResult result = mStateMachine.process(new EapMessage(EAP_CODE_SUCCESS, ID_INT, null));
- EapError eapError = (EapError) result;
- assertTrue(eapError.cause instanceof EapInvalidRequestException);
- }
-
- @Test
- public void testHandleEapNotification() throws Exception {
- EapData eapData = new EapData(EAP_NOTIFICATION, NOTIFICATION_MESSAGE.getBytes());
- EapMessage eapMessage = new EapMessage(EAP_CODE_REQUEST, ID_INT, eapData);
- EapMethodState preNotification = (EapMethodState) mStateMachine.getState();
-
- EapResult result = mStateMachine.process(eapMessage);
- assertEquals(preNotification, mStateMachine.getState());
-
- EapResponse eapResponse = (EapResponse) result;
- assertArrayEquals(EAP_RESPONSE_NOTIFICATION_PACKET, eapResponse.packet);
- }
-
- EapTtlsTypeData getEapTtlsStartTypeData() throws Exception {
- return getEapTtlsTypeData(
- false /* isFragmented */, true /* isStart */, 0 /* length */, EMPTY_BYTE_ARRAY);
- }
-
- EapTtlsTypeData getEapTtlsFragmentTypeData(boolean isFragment, int length, byte[] data)
- throws Exception {
- return getEapTtlsTypeData(isFragment, false /* isStart */, length, data);
- }
-
- EapTtlsTypeData getEapTtlsTypeData(byte[] data) throws Exception {
- return getEapTtlsTypeData(
- false /* isFragmented */, false /* isStart */, 0 /* length */, data);
- }
-
- EapTtlsTypeData getEapTtlsTypeData(
- boolean isFragmented, boolean isStart, int length, byte[] data) throws Exception {
- return EapTtlsTypeData.getEapTtlsTypeData(
- isFragmented, isStart, 0 /* version */, length, data);
- }
-
- void mockTypeDataDecoding(EapTtlsTypeData decodedTypeData) throws Exception {
- when(mMockTypeDataDecoder.decodeEapTtlsRequestPacket(eq(DUMMY_EAP_TYPE_DATA)))
- .thenReturn(new DecodeResult(decodedTypeData));
- }
-
- /** Runs a test and verifies the EAP response returned by the state */
- void processMessageAndVerifyEapResponse(byte[] expectedResponse) throws Exception {
- EapData eapData = new EapData(EAP_TYPE_TTLS, DUMMY_EAP_TYPE_DATA);
- EapMessage eapMessage = new EapMessage(EAP_CODE_REQUEST, ID_INT, eapData);
-
- EapResult result = mStateMachine.process(eapMessage);
- EapResponse eapResponse = (EapResponse) result;
- assertArrayEquals(expectedResponse, eapResponse.packet);
- }
-
- /**
- * Completes a run of operations that requires CloseConnection to be called
- *
- * @param decodedTypeData the type data that is decoded by the type data decoder
- */
- void processMessageAndVerifyConnectionClosed(EapTtlsTypeData decodedTypeData) throws Exception {
- mockTypeDataDecoding(decodedTypeData);
- when(mMockTlsSession.closeConnection())
- .thenReturn(
- mMockTlsSession
- .new TlsResult(EAP_TTLS_DUMMY_DATA_BYTES, TLS_STATUS_CLOSED));
-
- processMessageAndVerifyEapResponse(EAP_RESPONSE_TTLS_WITH_LENGTH);
- verify(mMockTypeDataDecoder).decodeEapTtlsRequestPacket(eq(DUMMY_EAP_TYPE_DATA));
- verify(mMockTlsSession).closeConnection();
- assertTrue(mStateMachine.getState() instanceof ErroredAndAwaitingClosureState);
- }
-
- /**
- * Runs a test and verifies the EAP error returned by the state
- *
- * @param error the exception within the EapError
- */
- void processMessageAndVerifyEapError(Class<? extends Exception> error) throws Exception {
- EapData eapData = new EapData(EAP_TYPE_TTLS, DUMMY_EAP_TYPE_DATA);
- EapMessage eapMessage = new EapMessage(EAP_CODE_REQUEST, ID_INT, eapData);
-
- EapResult result = mStateMachine.process(eapMessage);
- EapError eapError = (EapError) result;
- assertTrue(error.isInstance(eapError.cause));
- }
-}
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapTtlsTunnelStateTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapTtlsTunnelStateTest.java
deleted file mode 100644
index 1f6248f..0000000
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/EapTtlsTunnelStateTest.java
+++ /dev/null
@@ -1,387 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.eap.test.statemachine;
-
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_MSCHAP_V2;
-
-import static com.android.internal.net.eap.test.crypto.TlsSession.TLS_STATUS_CLOSED;
-import static com.android.internal.net.eap.test.crypto.TlsSession.TLS_STATUS_FAILURE;
-import static com.android.internal.net.eap.test.crypto.TlsSession.TLS_STATUS_SUCCESS;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_FAILURE;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_RESPONSE;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_SUCCESS;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_DUMMY_REQUEST_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_FAILURE_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_MESSAGE_AVP_EAP_REQUEST;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_MESSAGE_AVP_EAP_RESPONSE;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_RESPONSE_TTLS_ACK;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_RESPONSE_TTLS_FINAL_FRAGMENT;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_RESPONSE_TTLS_INITIAL_FRAGMENT;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_RESPONSE_TTLS_WITH_LENGTH;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_SUCCESS_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_TTLS_DUMMY_DATA_ASSEMBLED_FRAGMENT_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_TTLS_DUMMY_DATA_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_TTLS_DUMMY_DATA_FINAL_FRAGMENT_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_TTLS_DUMMY_DATA_INITIAL_FRAGMENT_BYTES;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EMSK;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.ID_INT;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_EMSK;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSCHAP_V2_MSK;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSK;
-
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertTrue;
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
-
-import com.android.internal.net.eap.test.EapResult;
-import com.android.internal.net.eap.test.EapResult.EapError;
-import com.android.internal.net.eap.test.EapResult.EapFailure;
-import com.android.internal.net.eap.test.EapResult.EapResponse;
-import com.android.internal.net.eap.test.EapResult.EapSuccess;
-import com.android.internal.net.eap.test.exceptions.EapInvalidRequestException;
-import com.android.internal.net.eap.test.exceptions.mschapv2.EapMsChapV2ParsingException;
-import com.android.internal.net.eap.test.exceptions.ttls.EapTtlsParsingException;
-import com.android.internal.net.eap.test.message.EapData;
-import com.android.internal.net.eap.test.message.EapMessage;
-import com.android.internal.net.eap.test.message.ttls.EapTtlsAvp;
-import com.android.internal.net.eap.test.message.ttls.EapTtlsAvp.EapTtlsAvpDecoder;
-import com.android.internal.net.eap.test.message.ttls.EapTtlsAvp.EapTtlsAvpDecoder.AvpDecodeResult;
-import com.android.internal.net.eap.test.message.ttls.EapTtlsTypeData;
-import com.android.internal.net.eap.test.message.ttls.EapTtlsTypeData.EapTtlsAcknowledgement;
-import com.android.internal.net.eap.test.statemachine.EapMethodStateMachine.EapMethodState;
-import com.android.internal.net.eap.test.statemachine.EapMethodStateMachine.FinalState;
-import com.android.internal.net.eap.test.statemachine.EapTtlsMethodStateMachine.ErroredAndAwaitingClosureState;
-import com.android.internal.net.eap.test.statemachine.EapTtlsMethodStateMachine.TunnelState;
-
-import org.junit.Before;
-import org.junit.Test;
-
-import java.nio.ByteBuffer;
-
-import javax.net.ssl.SSLException;
-
-public class EapTtlsTunnelStateTest extends EapTtlsStateTest {
-
- private static final EapTtlsAvp EAP_MESSAGE_AVP_WITH_EAP_REQUEST =
- EapTtlsAvp.getEapMessageAvp(0 /* default Vendor-ID */, EAP_DUMMY_REQUEST_BYTES);
-
- private EapTtlsAvpDecoder mMockAvpDecoder;
- private EapStateMachine mMockInnerEapStateMachine;
-
- private TunnelState mTunnelState;
- private EapResult mDummyEapResponse;
-
- @Before
- @Override
- public void setUp() throws Exception {
- super.setUp();
-
- mDummyEapResponse =
- EapResponse.getEapResponse(
- new EapMessage(
- EAP_CODE_RESPONSE,
- ID_INT,
- new EapData(EAP_TYPE_MSCHAP_V2, EMPTY_BYTE_ARRAY)));
- mMockAvpDecoder = mock(EapTtlsAvpDecoder.class);
- mMockInnerEapStateMachine = mock(EapStateMachine.class);
-
- mTunnelState = mStateMachine.new TunnelState();
- mTunnelState.mEapTtlsAvpDecoder = mMockAvpDecoder;
- mTunnelState.mInnerEapStateMachine = mMockInnerEapStateMachine;
- mStateMachine.mTlsSession = mMockTlsSession;
-
- mStateMachine.transitionTo(mTunnelState);
- }
-
- @Test
- @Override
- public void testHandleEapFailureNotification() throws Exception {
- EapMessage eapMessage = new EapMessage(EAP_CODE_FAILURE, ID_INT, null);
-
- when(mMockInnerEapStateMachine.process(eq(EAP_FAILURE_PACKET)))
- .thenReturn(new EapFailure());
-
- EapResult result = mStateMachine.process(eapMessage);
- assertTrue(mStateMachine.getState() instanceof FinalState);
- assertTrue(result instanceof EapFailure);
- verify(mMockInnerEapStateMachine).process(eq(EAP_FAILURE_PACKET));
- assertTrue(mStateMachine.getState() instanceof FinalState);
- }
-
- @Test
- @Override
- public void testHandleEapSuccessNotification() throws Exception {
- // TODO(b/161233250): Implement keying material generation in EAP-TTLS
- EapSuccess msChapV2Success = new EapSuccess(MSCHAP_V2_MSK, MSCHAP_V2_EMSK);
- EapMessage eapMessage = new EapMessage(EAP_CODE_SUCCESS, ID_INT, null);
-
- when(mMockInnerEapStateMachine.process(eq(EAP_SUCCESS_PACKET))).thenReturn(msChapV2Success);
- when(mMockTlsSession.generateKeyingMaterial())
- .thenReturn(mMockTlsSession.new EapTtlsKeyingMaterial(MSK, EMSK));
-
- EapResult result = mStateMachine.process(eapMessage);
- EapSuccess eapSuccess = (EapSuccess) result;
- assertArrayEquals(MSK, eapSuccess.msk);
- assertArrayEquals(EMSK, eapSuccess.emsk);
- assertTrue(mStateMachine.getState() instanceof FinalState);
- verify(mMockInnerEapStateMachine).process(eq(EAP_SUCCESS_PACKET));
- verify(mMockTlsSession).generateKeyingMaterial();
- }
-
- @Test
- public void testTunnel_prematureSuccess() throws Exception {
- EapMessage eapMessage = new EapMessage(EAP_CODE_SUCCESS, ID_INT, null);
-
- when(mMockInnerEapStateMachine.process(eq(EAP_SUCCESS_PACKET)))
- .thenReturn(new EapError(new EapInvalidRequestException("Error")));
-
- EapResult result = mStateMachine.process(eapMessage);
- EapError eapError = (EapError) result;
- assertTrue(eapError.cause instanceof EapInvalidRequestException);
- verify(mMockInnerEapStateMachine).process(eq(EAP_SUCCESS_PACKET));
- }
-
- @Test
- public void testTunnel_intermediateResponse() throws Exception {
- processMessageAndVerifyEapResponse(
- getEapTtlsTypeData(EAP_TTLS_DUMMY_DATA_BYTES),
- EAP_TTLS_DUMMY_DATA_BYTES,
- TLS_STATUS_SUCCESS,
- EAP_TTLS_DUMMY_DATA_BYTES,
- EAP_RESPONSE_TTLS_WITH_LENGTH,
- TunnelState.class);
- }
-
- @Test
- public void testTunnel_encryptClosed() throws Exception {
- processMessageAndVerifyEapResponse(
- getEapTtlsTypeData(EAP_TTLS_DUMMY_DATA_BYTES),
- EAP_TTLS_DUMMY_DATA_BYTES,
- TLS_STATUS_CLOSED,
- EAP_TTLS_DUMMY_DATA_BYTES,
- EAP_RESPONSE_TTLS_WITH_LENGTH,
- ErroredAndAwaitingClosureState.class);
- }
-
- @Test
- public void testTunnel_encryptFailure() throws Exception {
- mockTypeDataDecoding(getEapTtlsTypeData(EAP_TTLS_DUMMY_DATA_BYTES));
- mockInnerEapStateMachineProcessing(EAP_TTLS_DUMMY_DATA_BYTES, mDummyEapResponse);
- when(mMockTlsSession.processOutgoingData(eq(EAP_MESSAGE_AVP_EAP_RESPONSE)))
- .thenReturn(mMockTlsSession.new TlsResult(TLS_STATUS_FAILURE));
-
- processMessageAndVerifyEapError(SSLException.class);
- verify(mMockTypeDataDecoder).decodeEapTtlsRequestPacket(eq(DUMMY_EAP_TYPE_DATA));
- verify(mMockTlsSession).processIncomingData(eq(EAP_TTLS_DUMMY_DATA_BYTES));
- verify(mMockAvpDecoder).decode(eq(EAP_MESSAGE_AVP_EAP_REQUEST));
- verify(mMockInnerEapStateMachine).process(eq(EAP_DUMMY_REQUEST_BYTES));
- verify(mMockTlsSession).processOutgoingData(eq(EAP_MESSAGE_AVP_EAP_RESPONSE));
- assertTrue(mStateMachine.getState() instanceof FinalState);
- }
-
- @Test
- public void testTunnel_decryptClosed() throws Exception {
- mockTypeDataDecoding(getEapTtlsTypeData(EAP_TTLS_DUMMY_DATA_BYTES));
- when(mMockTlsSession.processIncomingData(eq(EAP_TTLS_DUMMY_DATA_BYTES)))
- .thenReturn(
- mMockTlsSession
- .new TlsResult(EAP_TTLS_DUMMY_DATA_BYTES, TLS_STATUS_CLOSED));
-
- processMessageAndVerifyEapResponse(EAP_RESPONSE_TTLS_WITH_LENGTH);
- verify(mMockTypeDataDecoder).decodeEapTtlsRequestPacket(eq(DUMMY_EAP_TYPE_DATA));
- verify(mMockTlsSession).processIncomingData(eq(EAP_TTLS_DUMMY_DATA_BYTES));
- assertTrue(mStateMachine.getState() instanceof ErroredAndAwaitingClosureState);
- }
-
- @Test
- public void testTunnel_decryptFailure() throws Exception {
- mockTypeDataDecoding(getEapTtlsTypeData(EAP_TTLS_DUMMY_DATA_BYTES));
- when(mMockTlsSession.processIncomingData(eq(EAP_TTLS_DUMMY_DATA_BYTES)))
- .thenReturn(mMockTlsSession.new TlsResult(TLS_STATUS_FAILURE));
-
- processMessageAndVerifyEapError(SSLException.class);
- verify(mMockTypeDataDecoder).decodeEapTtlsRequestPacket(eq(DUMMY_EAP_TYPE_DATA));
- verify(mMockTlsSession).processIncomingData(eq(EAP_TTLS_DUMMY_DATA_BYTES));
- assertTrue(mStateMachine.getState() instanceof FinalState);
- }
-
- @Test
- public void testTunnel_invalidAvp() throws Exception {
- when(mMockTlsSession.processIncomingData(eq(EAP_TTLS_DUMMY_DATA_BYTES)))
- .thenReturn(
- mMockTlsSession
- .new TlsResult(EAP_MESSAGE_AVP_EAP_REQUEST, TLS_STATUS_SUCCESS));
- when(mMockAvpDecoder.decode(eq(EAP_MESSAGE_AVP_EAP_REQUEST)))
- .thenReturn(
- new AvpDecodeResult(
- new EapError(new EapTtlsParsingException("Received bad AVP!"))));
-
- processMessageAndVerifyConnectionClosed(getEapTtlsTypeData(EAP_TTLS_DUMMY_DATA_BYTES));
- verify(mMockTlsSession).processIncomingData(eq(EAP_TTLS_DUMMY_DATA_BYTES));
- verify(mMockAvpDecoder).decode(eq(EAP_MESSAGE_AVP_EAP_REQUEST));
- }
-
- @Test
- public void testTunnel_innerMethodError() throws Exception {
- processMessageAndVerifyConnectionClosed(
- getEapTtlsTypeData(EAP_TTLS_DUMMY_DATA_BYTES),
- EAP_TTLS_DUMMY_DATA_BYTES,
- new EapError(new EapMsChapV2ParsingException("Random Inner Error")));
- }
-
- @Test
- public void testTunnel_inboundFragmentation_initialFragment() throws Exception {
- mockTypeDataDecoding(
- getEapTtlsFragmentTypeData(
- true /* isFragmented */,
- BUFFER_SIZE_ASSEMBLED_FRAGMENTS,
- EAP_TTLS_DUMMY_DATA_INITIAL_FRAGMENT_BYTES));
-
- processMessageAndVerifyEapResponse(EAP_RESPONSE_TTLS_ACK);
- assertTrue(mInboundFragmentationHelper.isAwaitingFragments());
- verify(mMockTypeDataDecoder).decodeEapTtlsRequestPacket(eq(DUMMY_EAP_TYPE_DATA));
- assertTrue(mStateMachine.getState() instanceof TunnelState);
- }
-
- @Test
- public void testTunnel_inboundFragmentation_finalFragment() throws Exception {
- mInboundFragmentationHelper.mIsAwaitingFragments = true;
- mInboundFragmentationHelper.mFragmentedData =
- ByteBuffer.allocate(BUFFER_SIZE_ASSEMBLED_FRAGMENTS);
- mInboundFragmentationHelper.mFragmentedData.put(EAP_TTLS_DUMMY_DATA_INITIAL_FRAGMENT_BYTES);
-
- processMessageAndVerifyEapResponse(
- getEapTtlsTypeData(EAP_TTLS_DUMMY_DATA_FINAL_FRAGMENT_BYTES),
- EAP_TTLS_DUMMY_DATA_ASSEMBLED_FRAGMENT_BYTES,
- TLS_STATUS_SUCCESS,
- EAP_TTLS_DUMMY_DATA_BYTES,
- EAP_RESPONSE_TTLS_WITH_LENGTH,
- TunnelState.class);
- assertFalse(mStateMachine.mInboundFragmentationHelper.isAwaitingFragments());
- }
-
- @Test
- public void testTunnel_outboundFragmentation_initialFragment() throws Exception {
- processMessageAndVerifyEapResponse(
- getEapTtlsTypeData(EAP_TTLS_DUMMY_DATA_BYTES),
- EAP_TTLS_DUMMY_DATA_BYTES,
- TLS_STATUS_SUCCESS,
- EAP_TTLS_DUMMY_DATA_ASSEMBLED_FRAGMENT_BYTES,
- EAP_RESPONSE_TTLS_INITIAL_FRAGMENT,
- TunnelState.class);
- assertTrue(mStateMachine.mOutboundFragmentationHelper.hasRemainingFragments());
- }
-
- @Test
- public void testTunnel_outboundFragmentation_finalFragment() throws Exception {
- mOutboundFragmentationHelper.setupOutboundFragmentation(
- EAP_TTLS_DUMMY_DATA_ASSEMBLED_FRAGMENT_BYTES);
- mOutboundFragmentationHelper.getNextOutboundFragment();
-
- mockTypeDataDecoding(EapTtlsAcknowledgement.getEapTtlsAcknowledgement());
-
- processMessageAndVerifyEapResponse(EAP_RESPONSE_TTLS_FINAL_FRAGMENT);
- verify(mMockTypeDataDecoder).decodeEapTtlsRequestPacket(eq(DUMMY_EAP_TYPE_DATA));
- assertFalse(mStateMachine.mOutboundFragmentationHelper.hasRemainingFragments());
- assertTrue(mStateMachine.getState() instanceof TunnelState);
- }
-
- @Test
- public void testTunnel_outboundFragmentation_receivedNonAck() throws Exception {
- mOutboundFragmentationHelper.setupOutboundFragmentation(
- EAP_TTLS_DUMMY_DATA_ASSEMBLED_FRAGMENT_BYTES);
- mOutboundFragmentationHelper.getNextOutboundFragment();
-
- processMessageAndVerifyConnectionClosed(getEapTtlsTypeData(EAP_TTLS_DUMMY_DATA_BYTES));
- }
-
- @Test
- public void testTunnel_unexpectedAck() throws Exception {
- processMessageAndVerifyConnectionClosed(EapTtlsAcknowledgement.getEapTtlsAcknowledgement());
- }
-
- /**
- * Completes an entire run of all operations in the handshake state
- *
- * @param decodedTypeData the type data that is decoded by the type data decoder
- * @param assembledData the data passed into processIncomingData
- * @param encryptTlsStatus the status returned by processOutgoingData
- * @param encryptedOutgoingData the data returned by processOutgoingData
- * @param expectedResponse the expected EAP-Response
- */
- private void processMessageAndVerifyEapResponse(
- EapTtlsTypeData decodedTypeData,
- byte[] assembledData,
- int encryptResultStatus,
- byte[] encryptResultData,
- byte[] expectedResponse,
- Class<? extends EapMethodState> expectedState)
- throws Exception {
- mockTypeDataDecoding(decodedTypeData);
- mockInnerEapStateMachineProcessing(assembledData, mDummyEapResponse);
- when(mMockTlsSession.processOutgoingData(eq(EAP_MESSAGE_AVP_EAP_RESPONSE)))
- .thenReturn(mMockTlsSession.new TlsResult(encryptResultData, encryptResultStatus));
-
- processMessageAndVerifyEapResponse(expectedResponse);
- verify(mMockTypeDataDecoder).decodeEapTtlsRequestPacket(eq(DUMMY_EAP_TYPE_DATA));
- verify(mMockTlsSession).processIncomingData(eq(assembledData));
- verify(mMockAvpDecoder).decode(eq(EAP_MESSAGE_AVP_EAP_REQUEST));
- verify(mMockInnerEapStateMachine).process(eq(EAP_DUMMY_REQUEST_BYTES));
- verify(mMockTlsSession).processOutgoingData(eq(EAP_MESSAGE_AVP_EAP_RESPONSE));
- assertTrue(expectedState.isInstance(mStateMachine.getState()));
- }
-
- /**
- * Completes a run where the inner state machine returns a result that requires the TLS session
- * to be closed
- *
- * @param decodedTypeData the type data that is decoded by the type data decoder
- * @param assembledData the data passed into processIncomingData
- * @param innerResult the EAP result to return from the inner state machine
- */
- private void processMessageAndVerifyConnectionClosed(
- EapTtlsTypeData decodedTypeData, byte[] assembledData, EapResult innerResult)
- throws Exception {
- mockInnerEapStateMachineProcessing(assembledData, innerResult);
-
- processMessageAndVerifyConnectionClosed(decodedTypeData);
- verify(mMockTlsSession).processIncomingData(eq(assembledData));
- verify(mMockAvpDecoder).decode(eq(EAP_MESSAGE_AVP_EAP_REQUEST));
- verify(mMockInnerEapStateMachine).process(eq(EAP_DUMMY_REQUEST_BYTES));
- }
-
- /**
- * Mocks TLS Session operations including encrypt/decrypt as well as inner eap state processing
- *
- * @param assembledData the incoming data processed by TLS Session
- * @param innerResult the EAP result to return from the inner state machine
- */
- private void mockInnerEapStateMachineProcessing(byte[] assembledData, EapResult innerResult) {
- when(mMockTlsSession.processIncomingData(eq(assembledData)))
- .thenReturn(
- mMockTlsSession
- .new TlsResult(EAP_MESSAGE_AVP_EAP_REQUEST, TLS_STATUS_SUCCESS));
- when(mMockAvpDecoder.decode(eq(EAP_MESSAGE_AVP_EAP_REQUEST)))
- .thenReturn(new AvpDecodeResult(EAP_MESSAGE_AVP_WITH_EAP_REQUEST));
- when(mMockInnerEapStateMachine.process(eq(EAP_DUMMY_REQUEST_BYTES)))
- .thenReturn(innerResult);
- }
-}
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/IdentityStateTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/IdentityStateTest.java
index 79542fc..abe4e82 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/IdentityStateTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/IdentityStateTest.java
@@ -14,16 +14,16 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.statemachine;
+package com.android.internal.net.eap.statemachine;
-import static com.android.internal.net.eap.test.EapTestUtils.getDummyEapSessionConfig;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_IDENTITY;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_REQUEST_IDENTITY_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_REQUEST_NOTIFICATION_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_REQUEST_SIM_START_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_RESPONSE_IDENTITY_DEFAULT_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_RESPONSE_IDENTITY_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_RESPONSE_NOTIFICATION_PACKET;
+import static com.android.internal.net.eap.EapTestUtils.getDummyEapSessionConfig;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_IDENTITY;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_REQUEST_IDENTITY_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_REQUEST_NOTIFICATION_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_REQUEST_SIM_START_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_RESPONSE_IDENTITY_DEFAULT_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_RESPONSE_IDENTITY_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_RESPONSE_NOTIFICATION_PACKET;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertTrue;
@@ -33,9 +33,9 @@
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.verify;
-import com.android.internal.net.eap.test.EapResult;
-import com.android.internal.net.eap.test.EapResult.EapResponse;
-import com.android.internal.net.eap.test.statemachine.EapStateMachine.MethodState;
+import com.android.internal.net.eap.EapResult;
+import com.android.internal.net.eap.EapResult.EapResponse;
+import com.android.internal.net.eap.statemachine.EapStateMachine.MethodState;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/MethodStateTest.java b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/MethodStateTest.java
index 12297ad..ac675ed 100644
--- a/tests/iketests/src/java/com/android/internal/net/eap/statemachine/MethodStateTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/eap/statemachine/MethodStateTest.java
@@ -14,31 +14,28 @@
* limitations under the License.
*/
-package com.android.internal.net.eap.test.statemachine;
+package com.android.internal.net.eap.statemachine;
-import static android.net.eap.test.EapSessionConfig.EapMethodConfig.EAP_TYPE_TTLS;
import static android.telephony.TelephonyManager.APPTYPE_USIM;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_FAILURE;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_CODE_SUCCESS;
-import static com.android.internal.net.eap.test.message.EapMessage.EAP_HEADER_LENGTH;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_AKA_PRIME_REQUEST;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_FAILURE_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_REQUEST_AKA;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_REQUEST_IDENTITY_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_REQUEST_MSCHAP_V2;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_REQUEST_NOTIFICATION_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_REQUEST_SIM_START_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_REQUEST_TTLS_START;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_RESPONSE_NAK_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_RESPONSE_NOTIFICATION_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EAP_SUCCESS_PACKET;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.EMSK;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.ID_INT;
-import static com.android.internal.net.eap.test.message.EapTestMessageDefinitions.MSK;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_FAILURE;
+import static com.android.internal.net.eap.message.EapMessage.EAP_CODE_SUCCESS;
+import static com.android.internal.net.eap.message.EapMessage.EAP_HEADER_LENGTH;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_AKA_PRIME_REQUEST;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_FAILURE_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_REQUEST_AKA;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_REQUEST_IDENTITY_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_REQUEST_MSCHAP_V2;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_REQUEST_NOTIFICATION_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_REQUEST_SIM_START_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_RESPONSE_NAK_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_RESPONSE_NOTIFICATION_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EAP_SUCCESS_PACKET;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.EMSK;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.ID_INT;
+import static com.android.internal.net.eap.message.EapTestMessageDefinitions.MSK;
import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.mockito.ArgumentMatchers.argThat;
import static org.mockito.Mockito.doReturn;
@@ -46,18 +43,18 @@
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
-import android.net.eap.test.EapSessionConfig;
+import android.net.eap.EapSessionConfig;
-import com.android.internal.net.eap.test.EapResult;
-import com.android.internal.net.eap.test.EapResult.EapError;
-import com.android.internal.net.eap.test.EapResult.EapFailure;
-import com.android.internal.net.eap.test.EapResult.EapResponse;
-import com.android.internal.net.eap.test.EapResult.EapSuccess;
-import com.android.internal.net.eap.test.exceptions.EapInvalidRequestException;
-import com.android.internal.net.eap.test.message.EapMessage;
-import com.android.internal.net.eap.test.statemachine.EapStateMachine.FailureState;
-import com.android.internal.net.eap.test.statemachine.EapStateMachine.MethodState;
-import com.android.internal.net.eap.test.statemachine.EapStateMachine.SuccessState;
+import com.android.internal.net.eap.EapResult;
+import com.android.internal.net.eap.EapResult.EapError;
+import com.android.internal.net.eap.EapResult.EapFailure;
+import com.android.internal.net.eap.EapResult.EapResponse;
+import com.android.internal.net.eap.EapResult.EapSuccess;
+import com.android.internal.net.eap.exceptions.EapInvalidRequestException;
+import com.android.internal.net.eap.message.EapMessage;
+import com.android.internal.net.eap.statemachine.EapStateMachine.FailureState;
+import com.android.internal.net.eap.statemachine.EapStateMachine.MethodState;
+import com.android.internal.net.eap.statemachine.EapStateMachine.SuccessState;
import org.junit.Before;
import org.junit.Test;
@@ -143,25 +140,6 @@
}
@Test
- public void testProcessTransitionToEapTtls() {
- // make EapStateMachine with EAP TTLS configurations
- EapSessionConfig innerEapSessionConfig =
- new EapSessionConfig.Builder().setEapMsChapV2Config(USERNAME, PASSWORD).build();
- EapSessionConfig eapSessionConfig =
- new EapSessionConfig.Builder()
- .setEapTtlsConfig(null /* trustedCa */, innerEapSessionConfig)
- .build();
- mEapStateMachine = new EapStateMachine(mContext, eapSessionConfig, new SecureRandom());
-
- mEapStateMachine.process(EAP_REQUEST_TTLS_START);
-
- assertTrue(mEapStateMachine.getState() instanceof MethodState);
- MethodState methodState = (MethodState) mEapStateMachine.getState();
- assertTrue(methodState.mEapMethodStateMachine instanceof EapTtlsMethodStateMachine);
- assertEquals(methodState.mEapMethodStateMachine.getEapMethod(), EAP_TYPE_TTLS);
- }
-
- @Test
public void testProcessTransitionToSuccessState() {
EapSuccess eapSuccess = new EapSuccess(MSK, EMSK);
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/AbstractSessionStateMachineTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/AbstractSessionStateMachineTest.java
deleted file mode 100644
index 6caa466..0000000
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/AbstractSessionStateMachineTest.java
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.ipsec.test.ike;
-
-import static com.android.internal.net.ipsec.test.ike.AbstractSessionStateMachine.CMD_KILL_SESSION;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNull;
-import static org.mockito.Mockito.mock;
-
-import android.os.Looper;
-import android.os.Message;
-import android.os.test.TestLooper;
-
-import com.android.internal.net.ipsec.test.ike.AbstractSessionStateMachine.ExceptionHandlerBase;
-import com.android.internal.net.ipsec.test.ike.utils.State;
-
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.concurrent.Executor;
-
-public final class AbstractSessionStateMachineTest {
- private TestLooper mLooper;
- private TestSessionStateMachine mTestSm;
-
- @Before
- public void setup() throws Exception {
- mLooper = new TestLooper();
- mTestSm = new TestSessionStateMachine(mLooper.getLooper());
-
- mTestSm.start();
- mLooper.dispatchAll();
- }
-
- @After
- public void tearDown() {
- mTestSm.quitNow();
- mLooper.dispatchAll();
- }
-
- private static final class TestSessionStateMachine extends AbstractSessionStateMachine {
- static final int CMD_TEST = CMD_PRIVATE_BASE + 1;
-
- final ArrayList mExecutedCmds = new ArrayList<>();
-
- private final State mInitial = new Initial();
-
- TestSessionStateMachine(Looper looper) {
- super("TestSessionStateMachine", looper, mock(Executor.class));
-
- addState(mInitial);
- setInitialState(mInitial);
- }
-
- class Initial extends ExceptionHandlerBase {
- @Override
- public boolean processStateMessage(Message message) {
- mExecutedCmds.add(message.what);
-
- switch (message.what) {
- case CMD_TEST:
- return HANDLED;
- case CMD_KILL_SESSION:
- quitNow();
- return HANDLED;
- default:
- return NOT_HANDLED;
- }
- }
-
- @Override
- protected void cleanUpAndQuit(RuntimeException e) {
- // do nothing
- }
-
- @Override
- protected String getCmdString(int cmd) {
- return Integer.toString(cmd);
- }
- }
- }
-
- @Test
- public void testKillSessionDiscardsOtherCmds() throws Exception {
- mTestSm.sendMessage(TestSessionStateMachine.CMD_TEST);
- mTestSm.killSession();
- mLooper.dispatchAll();
-
- assertEquals(Arrays.asList(CMD_KILL_SESSION), mTestSm.mExecutedCmds);
- assertNull(mTestSm.getCurrentState());
- }
-}
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/ChildSessionStateMachineTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/ChildSessionStateMachineTest.java
index 2d5450e..43d36b5 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/ChildSessionStateMachineTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/ChildSessionStateMachineTest.java
@@ -14,35 +14,32 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike;
+package com.android.internal.net.ipsec.ike;
-import static android.net.ipsec.test.ike.SaProposal.DH_GROUP_2048_BIT_MODP;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_INTERNAL_ADDRESS_FAILURE;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_INVALID_KE_PAYLOAD;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_INVALID_SYNTAX;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_NO_PROPOSAL_CHOSEN;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_TEMPORARY_FAILURE;
+import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_INTERNAL_ADDRESS_FAILURE;
+import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_NO_PROPOSAL_CHOSEN;
+import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_TEMPORARY_FAILURE;
import static android.system.OsConstants.AF_INET;
import static com.android.internal.net.TestUtils.createMockRandomFactory;
-import static com.android.internal.net.ipsec.test.ike.AbstractSessionStateMachine.CMD_LOCAL_REQUEST_CREATE_CHILD;
-import static com.android.internal.net.ipsec.test.ike.AbstractSessionStateMachine.RETRY_INTERVAL_MS;
-import static com.android.internal.net.ipsec.test.ike.ChildSessionStateMachine.CMD_FORCE_TRANSITION;
-import static com.android.internal.net.ipsec.test.ike.IkeSessionStateMachine.IKE_EXCHANGE_SUBTYPE_DELETE_CHILD;
-import static com.android.internal.net.ipsec.test.ike.IkeSessionStateMachine.IKE_EXCHANGE_SUBTYPE_REKEY_CHILD;
-import static com.android.internal.net.ipsec.test.ike.IkeSessionStateMachine.REKEY_DELETE_TIMEOUT_MS;
-import static com.android.internal.net.ipsec.test.ike.message.IkeHeader.EXCHANGE_TYPE_CREATE_CHILD_SA;
-import static com.android.internal.net.ipsec.test.ike.message.IkeHeader.EXCHANGE_TYPE_INFORMATIONAL;
-import static com.android.internal.net.ipsec.test.ike.message.IkeNotifyPayload.NOTIFY_TYPE_REKEY_SA;
-import static com.android.internal.net.ipsec.test.ike.message.IkePayload.PAYLOAD_TYPE_CP;
-import static com.android.internal.net.ipsec.test.ike.message.IkePayload.PAYLOAD_TYPE_DELETE;
-import static com.android.internal.net.ipsec.test.ike.message.IkePayload.PAYLOAD_TYPE_KE;
-import static com.android.internal.net.ipsec.test.ike.message.IkePayload.PAYLOAD_TYPE_NONCE;
-import static com.android.internal.net.ipsec.test.ike.message.IkePayload.PAYLOAD_TYPE_NOTIFY;
-import static com.android.internal.net.ipsec.test.ike.message.IkePayload.PAYLOAD_TYPE_SA;
-import static com.android.internal.net.ipsec.test.ike.message.IkePayload.PAYLOAD_TYPE_TS_INITIATOR;
-import static com.android.internal.net.ipsec.test.ike.message.IkePayload.PAYLOAD_TYPE_TS_RESPONDER;
-import static com.android.internal.net.ipsec.test.ike.message.IkePayload.PROTOCOL_ID_ESP;
+import static com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.CMD_LOCAL_REQUEST_CREATE_CHILD;
+import static com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.RETRY_INTERVAL_MS;
+import static com.android.internal.net.ipsec.ike.ChildSessionStateMachine.CMD_FORCE_TRANSITION;
+import static com.android.internal.net.ipsec.ike.IkeSessionStateMachine.IKE_EXCHANGE_SUBTYPE_DELETE_CHILD;
+import static com.android.internal.net.ipsec.ike.IkeSessionStateMachine.IKE_EXCHANGE_SUBTYPE_REKEY_CHILD;
+import static com.android.internal.net.ipsec.ike.IkeSessionStateMachine.REKEY_DELETE_TIMEOUT_MS;
+import static com.android.internal.net.ipsec.ike.message.IkeHeader.EXCHANGE_TYPE_CREATE_CHILD_SA;
+import static com.android.internal.net.ipsec.ike.message.IkeHeader.EXCHANGE_TYPE_INFORMATIONAL;
+import static com.android.internal.net.ipsec.ike.message.IkeNotifyPayload.NOTIFY_TYPE_REKEY_SA;
+import static com.android.internal.net.ipsec.ike.message.IkePayload.PAYLOAD_TYPE_CP;
+import static com.android.internal.net.ipsec.ike.message.IkePayload.PAYLOAD_TYPE_DELETE;
+import static com.android.internal.net.ipsec.ike.message.IkePayload.PAYLOAD_TYPE_KE;
+import static com.android.internal.net.ipsec.ike.message.IkePayload.PAYLOAD_TYPE_NONCE;
+import static com.android.internal.net.ipsec.ike.message.IkePayload.PAYLOAD_TYPE_NOTIFY;
+import static com.android.internal.net.ipsec.ike.message.IkePayload.PAYLOAD_TYPE_SA;
+import static com.android.internal.net.ipsec.ike.message.IkePayload.PAYLOAD_TYPE_TS_INITIATOR;
+import static com.android.internal.net.ipsec.ike.message.IkePayload.PAYLOAD_TYPE_TS_RESPONDER;
+import static com.android.internal.net.ipsec.ike.message.IkePayload.PROTOCOL_ID_ESP;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -68,63 +65,63 @@
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
+import android.app.AlarmManager;
import android.content.Context;
import android.net.InetAddresses;
import android.net.IpSecManager;
import android.net.IpSecManager.UdpEncapsulationSocket;
import android.net.IpSecTransform;
import android.net.LinkAddress;
-import android.net.ipsec.test.ike.ChildSaProposal;
-import android.net.ipsec.test.ike.ChildSessionCallback;
-import android.net.ipsec.test.ike.ChildSessionConfiguration;
-import android.net.ipsec.test.ike.ChildSessionParams;
-import android.net.ipsec.test.ike.IkeManager;
-import android.net.ipsec.test.ike.IkeTrafficSelector;
-import android.net.ipsec.test.ike.SaProposal;
-import android.net.ipsec.test.ike.TunnelModeChildSessionParams;
-import android.net.ipsec.test.ike.exceptions.IkeException;
-import android.net.ipsec.test.ike.exceptions.IkeInternalException;
-import android.net.ipsec.test.ike.exceptions.InvalidKeException;
-import android.net.ipsec.test.ike.exceptions.InvalidSyntaxException;
-import android.net.ipsec.test.ike.exceptions.NoValidProposalChosenException;
-import android.os.Handler;
-import android.os.Message;
+import android.net.ipsec.ike.ChildSaProposal;
+import android.net.ipsec.ike.ChildSessionCallback;
+import android.net.ipsec.ike.ChildSessionConfiguration;
+import android.net.ipsec.ike.ChildSessionParams;
+import android.net.ipsec.ike.IkeManager;
+import android.net.ipsec.ike.IkeSaProposal;
+import android.net.ipsec.ike.IkeTrafficSelector;
+import android.net.ipsec.ike.SaProposal;
+import android.net.ipsec.ike.TunnelModeChildSessionParams;
+import android.net.ipsec.ike.exceptions.IkeException;
+import android.net.ipsec.ike.exceptions.IkeInternalException;
import android.os.test.TestLooper;
import androidx.test.InstrumentationRegistry;
import com.android.internal.net.TestUtils;
-import com.android.internal.net.ipsec.test.ike.ChildSessionStateMachine.CreateChildSaHelper;
-import com.android.internal.net.ipsec.test.ike.ChildSessionStateMachine.IChildSessionSmCallback;
-import com.android.internal.net.ipsec.test.ike.ChildSessionStateMachine.IdleWithDeferredRequest;
-import com.android.internal.net.ipsec.test.ike.SaRecord.ChildSaRecord;
-import com.android.internal.net.ipsec.test.ike.SaRecord.ChildSaRecordConfig;
-import com.android.internal.net.ipsec.test.ike.SaRecord.ISaRecordHelper;
-import com.android.internal.net.ipsec.test.ike.SaRecord.SaLifetimeAlarmScheduler;
-import com.android.internal.net.ipsec.test.ike.SaRecord.SaRecordHelper;
-import com.android.internal.net.ipsec.test.ike.crypto.IkeCipher;
-import com.android.internal.net.ipsec.test.ike.crypto.IkeMacIntegrity;
-import com.android.internal.net.ipsec.test.ike.crypto.IkeMacPrf;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttribute;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttributeIpv4Address;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttributeIpv4Netmask;
-import com.android.internal.net.ipsec.test.ike.message.IkeDeletePayload;
-import com.android.internal.net.ipsec.test.ike.message.IkeKePayload;
-import com.android.internal.net.ipsec.test.ike.message.IkeNoncePayload;
-import com.android.internal.net.ipsec.test.ike.message.IkeNotifyPayload;
-import com.android.internal.net.ipsec.test.ike.message.IkePayload;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.DhGroupTransform;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.EncryptionTransform;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.IntegrityTransform;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.PrfTransform;
-import com.android.internal.net.ipsec.test.ike.message.IkeTestUtils;
-import com.android.internal.net.ipsec.test.ike.message.IkeTsPayload;
-import com.android.internal.net.ipsec.test.ike.testutils.MockIpSecTestUtils;
-import com.android.internal.net.ipsec.test.ike.utils.IpSecSpiGenerator;
-import com.android.internal.net.ipsec.test.ike.utils.RandomnessFactory;
-import com.android.internal.net.utils.test.Log;
+import com.android.internal.net.ipsec.ike.ChildSessionStateMachine.CreateChildSaHelper;
+import com.android.internal.net.ipsec.ike.ChildSessionStateMachine.IChildSessionSmCallback;
+import com.android.internal.net.ipsec.ike.ChildSessionStateMachine.IdleWithDeferredRequest;
+import com.android.internal.net.ipsec.ike.SaRecord.ChildSaRecord;
+import com.android.internal.net.ipsec.ike.SaRecord.ChildSaRecordConfig;
+import com.android.internal.net.ipsec.ike.SaRecord.ISaRecordHelper;
+import com.android.internal.net.ipsec.ike.SaRecord.SaLifetimeAlarmScheduler;
+import com.android.internal.net.ipsec.ike.SaRecord.SaRecordHelper;
+import com.android.internal.net.ipsec.ike.crypto.IkeCipher;
+import com.android.internal.net.ipsec.ike.crypto.IkeMacIntegrity;
+import com.android.internal.net.ipsec.ike.crypto.IkeMacPrf;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidKeException;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidSyntaxException;
+import com.android.internal.net.ipsec.ike.exceptions.NoValidProposalChosenException;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttribute;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv4Address;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv4Netmask;
+import com.android.internal.net.ipsec.ike.message.IkeDeletePayload;
+import com.android.internal.net.ipsec.ike.message.IkeKePayload;
+import com.android.internal.net.ipsec.ike.message.IkeNoncePayload;
+import com.android.internal.net.ipsec.ike.message.IkeNotifyPayload;
+import com.android.internal.net.ipsec.ike.message.IkePayload;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.DhGroupTransform;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.EncryptionTransform;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.IntegrityTransform;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.PrfTransform;
+import com.android.internal.net.ipsec.ike.message.IkeTestUtils;
+import com.android.internal.net.ipsec.ike.message.IkeTsPayload;
+import com.android.internal.net.ipsec.ike.testutils.MockIpSecTestUtils;
+import com.android.internal.net.ipsec.ike.utils.IpSecSpiGenerator;
+import com.android.internal.net.ipsec.ike.utils.RandomnessFactory;
+import com.android.internal.net.utils.Log;
import com.android.server.IpSecService;
import org.junit.After;
@@ -146,8 +143,6 @@
private static final Inet4Address LOCAL_ADDRESS =
(Inet4Address) InetAddresses.parseNumericAddress("192.0.2.200");
- private static final Inet4Address UPDATED_LOCAL_ADDRESS =
- (Inet4Address) InetAddresses.parseNumericAddress("192.0.2.201");
private static final Inet4Address REMOTE_ADDRESS =
(Inet4Address) InetAddresses.parseNumericAddress("192.0.2.100");
private static final Inet4Address INTERNAL_ADDRESS =
@@ -183,12 +178,11 @@
private static final int KEY_LEN_IKE_SKD = 20;
private static final int IKE_SESSION_UNIQUE_ID = 1;
- private static final int IKE_DH_GROUP = SaProposal.DH_GROUP_4096_BIT_MODP;
private IkeMacPrf mIkePrf;
private Context mContext;
- private Handler mMockIkeHandler;
+ private AlarmManager mMockAlarmManager;
private IpSecService mMockIpSecService;
private IpSecManager mMockIpSecManager;
private UdpEncapsulationSocket mMockUdpEncapSocket;
@@ -248,9 +242,7 @@
mIkePrf = IkeMacPrf.create(new PrfTransform(SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1));
mContext = InstrumentationRegistry.getContext();
- mMockIkeHandler = mock(Handler.class);
- when(mMockIkeHandler.obtainMessage(anyInt(), anyInt(), anyInt(), any()))
- .thenReturn(mock(Message.class));
+ mMockAlarmManager = mock(AlarmManager.class);
mMockIpSecService = mock(IpSecService.class);
mMockIpSecManager = new IpSecManager(mContext, mMockIpSecService);
@@ -408,27 +400,16 @@
int initSpi,
int respSpi,
boolean isLocalInit) {
- verifyChildSaRecordConfig(
- childSaRecordConfig, initSpi, respSpi, isLocalInit, LOCAL_ADDRESS, REMOTE_ADDRESS);
- }
-
- private void verifyChildSaRecordConfig(
- ChildSaRecordConfig childSaRecordConfig,
- int initSpi,
- int respSpi,
- boolean isLocalInit,
- InetAddress localAddress,
- InetAddress remoteAddress) {
assertEquals(mContext, childSaRecordConfig.context);
assertEquals(initSpi, childSaRecordConfig.initSpi.getSpi());
assertEquals(respSpi, childSaRecordConfig.respSpi.getSpi());
if (isLocalInit) {
- assertEquals(localAddress, childSaRecordConfig.initAddress);
- assertEquals(remoteAddress, childSaRecordConfig.respAddress);
+ assertEquals(LOCAL_ADDRESS, childSaRecordConfig.initAddress);
+ assertEquals(REMOTE_ADDRESS, childSaRecordConfig.respAddress);
} else {
- assertEquals(remoteAddress, childSaRecordConfig.initAddress);
- assertEquals(localAddress, childSaRecordConfig.respAddress);
+ assertEquals(REMOTE_ADDRESS, childSaRecordConfig.initAddress);
+ assertEquals(LOCAL_ADDRESS, childSaRecordConfig.respAddress);
}
assertEquals(mMockUdpEncapSocket, childSaRecordConfig.udpEncapSocket);
@@ -534,7 +515,6 @@
REMOTE_ADDRESS,
mMockUdpEncapSocket,
mIkePrf,
- IKE_DH_GROUP,
SK_D);
mLooper.dispatchAll();
@@ -543,30 +523,6 @@
quitAndVerify();
}
- private void validateCreateChild(boolean isFirstChild) {
- assertEquals(mChildSessionStateMachine.mLocalAddress, LOCAL_ADDRESS);
- assertEquals(mChildSessionStateMachine.mRemoteAddress, REMOTE_ADDRESS);
- assertEquals(mChildSessionStateMachine.mUdpEncapSocket, mMockUdpEncapSocket);
- assertEquals(mChildSessionStateMachine.mIkePrf, mIkePrf);
- assertEquals(mChildSessionStateMachine.mIkeDhGroup, IKE_DH_GROUP);
- assertEquals(mChildSessionStateMachine.mSkD, SK_D);
- assertEquals(mChildSessionStateMachine.mIsFirstChild, isFirstChild);
- }
-
- @Test
- public void testHandleFirstChildExchange() throws Exception {
- mChildSessionStateMachine.handleFirstChildExchange(
- mFirstSaReqPayloads,
- mFirstSaRespPayloads,
- LOCAL_ADDRESS,
- REMOTE_ADDRESS,
- mMockUdpEncapSocket,
- mIkePrf,
- IKE_DH_GROUP,
- SK_D);
- validateCreateChild(true /* isFirstChild */);
- }
-
private void verifyOutboundCreatePayloadTypes(
List<IkePayload> outboundPayloads, boolean isRekey) {
assertNotNull(
@@ -596,13 +552,14 @@
}
}
- private List<IkePayload> checkCreateChildAndGetRequest() throws Exception {
+ @Test
+ public void testCreateChild() throws Exception {
doReturn(mSpyCurrentChildSaRecord)
.when(mMockSaRecordHelper)
.makeChildSaRecord(any(), any(), any());
mChildSessionStateMachine.createChildSession(
- LOCAL_ADDRESS, REMOTE_ADDRESS, mMockUdpEncapSocket, mIkePrf, IKE_DH_GROUP, SK_D);
+ LOCAL_ADDRESS, REMOTE_ADDRESS, mMockUdpEncapSocket, mIkePrf, SK_D);
mLooper.dispatchAll();
// Validate outbound payload list
@@ -624,51 +581,23 @@
EXCHANGE_TYPE_CREATE_CHILD_SA, mFirstSaRespPayloads);
mLooper.dispatchAll();
- return reqPayloadList;
- }
-
- @Test
- public void testCreateChild() throws Exception {
- List<IkePayload> reqPayloadList = checkCreateChildAndGetRequest();
- validateCreateChild(false /* isFirstChild */);
-
verifyInitCreateChildResp(reqPayloadList, mFirstSaRespPayloads);
+
quitAndVerify();
}
- @Test
- public void testCreateChildExecuteCbAfterKillSession() throws Exception {
- mChildSessionStateMachine.quitNow();
- mLooper.dispatchAll();
-
- LateExecuteExecutor lateExecutor = spy(new LateExecuteExecutor());
- mChildSessionStateMachine = buildAndStartChildSession(lateExecutor);
-
- List<IkePayload> reqPayloadList = checkCreateChildAndGetRequest();
-
- mChildSessionStateMachine.killSession();
- mLooper.dispatchAll();
-
- lateExecutor.actuallyExecute();
-
- // Verify users have been notified
- verifyNotifyUsersCreateIpSecSa(mSpyCurrentChildSaRecord, true /*expectInbound*/);
- verifyNotifyUsersCreateIpSecSa(mSpyCurrentChildSaRecord, false /*expectInbound*/);
- verify(mMockChildSessionCallback).onOpened(any(ChildSessionConfiguration.class));
- }
-
private <T extends IkeException> void verifyHandleFatalErrorAndQuit(Class<T> exceptionClass) {
assertNull(mChildSessionStateMachine.getCurrentState());
verify(mMockChildSessionSmCallback).onProcedureFinished(mChildSessionStateMachine);
verify(mMockChildSessionSmCallback).onChildSessionClosed(mMockChildSessionCallback);
- verify(mMockChildSessionCallback).onClosedWithException(any(exceptionClass));
+ verify(mMockChildSessionCallback).onClosedExceptionally(any(exceptionClass));
}
private void createChildSessionAndReceiveErrorNotification(int notifyType) throws Exception {
// Send out Create request
mChildSessionStateMachine.createChildSession(
- LOCAL_ADDRESS, REMOTE_ADDRESS, mMockUdpEncapSocket, mIkePrf, IKE_DH_GROUP, SK_D);
+ LOCAL_ADDRESS, REMOTE_ADDRESS, mMockUdpEncapSocket, mIkePrf, SK_D);
mLooper.dispatchAll();
// Receive error notification in Create response
@@ -716,7 +645,7 @@
public void testCreateChildHandlesRespWithMissingPayload() throws Exception {
// Send out Create request
mChildSessionStateMachine.createChildSession(
- LOCAL_ADDRESS, REMOTE_ADDRESS, mMockUdpEncapSocket, mIkePrf, IKE_DH_GROUP, SK_D);
+ LOCAL_ADDRESS, REMOTE_ADDRESS, mMockUdpEncapSocket, mIkePrf, SK_D);
mLooper.dispatchAll();
// Receive response with no Nonce Payload
@@ -746,7 +675,7 @@
// Send out and receive Create Child message
mChildSessionStateMachine.createChildSession(
- LOCAL_ADDRESS, REMOTE_ADDRESS, mMockUdpEncapSocket, mIkePrf, IKE_DH_GROUP, SK_D);
+ LOCAL_ADDRESS, REMOTE_ADDRESS, mMockUdpEncapSocket, mIkePrf, SK_D);
mLooper.dispatchAll();
mChildSessionStateMachine.receiveResponse(
EXCHANGE_TYPE_CREATE_CHILD_SA, mFirstSaRespPayloads);
@@ -766,7 +695,6 @@
mChildSessionStateMachine.mRemoteAddress = REMOTE_ADDRESS;
mChildSessionStateMachine.mUdpEncapSocket = mMockUdpEncapSocket;
mChildSessionStateMachine.mIkePrf = mIkePrf;
- mChildSessionStateMachine.mIkeDhGroup = IKE_DH_GROUP;
mChildSessionStateMachine.mSkD = SK_D;
mChildSessionStateMachine.mSaProposal = buildSaProposal();
@@ -825,11 +753,7 @@
}
private void verifyNotifyUsersDeleteSession() {
- verifyNotifyUsersDeleteSession(mSpyUserCbExecutor);
- }
-
- private void verifyNotifyUsersDeleteSession(Executor spyExecutor) {
- verify(spyExecutor).execute(any(Runnable.class));
+ verify(mSpyUserCbExecutor).execute(any(Runnable.class));
verify(mMockChildSessionCallback).onClosed();
verifyNotifyUserDeleteChildSa(mSpyCurrentChildSaRecord);
}
@@ -859,28 +783,6 @@
}
@Test
- public void testDeleteChildLocalExecuteCbAfterKillSession() throws Exception {
- mChildSessionStateMachine.quitNow();
- mLooper.dispatchAll();
-
- LateExecuteExecutor lateExecutor = spy(new LateExecuteExecutor());
- mChildSessionStateMachine = buildAndStartChildSession(lateExecutor);
-
- setupIdleStateMachine();
-
- mChildSessionStateMachine.deleteChildSession();
- mChildSessionStateMachine.receiveResponse(
- EXCHANGE_TYPE_INFORMATIONAL,
- makeDeletePayloads(mSpyCurrentChildSaRecord.getRemoteSpi()));
- mLooper.dispatchAll();
-
- assertNull(mChildSessionStateMachine.getCurrentState());
-
- lateExecutor.actuallyExecute();
- verifyNotifyUsersDeleteSession(lateExecutor);
- }
-
- @Test
public void testDeleteChildLocalHandlesInvalidResp() throws Exception {
setupIdleStateMachine();
@@ -893,7 +795,7 @@
mLooper.dispatchAll();
assertNull(mChildSessionStateMachine.getCurrentState());
- verify(mMockChildSessionCallback).onClosedWithException(any(InvalidSyntaxException.class));
+ verify(mMockChildSessionCallback).onClosedExceptionally(any(InvalidSyntaxException.class));
verifyNotifyUserDeleteChildSa(mSpyCurrentChildSaRecord);
}
@@ -1122,14 +1024,9 @@
}
private void setupStateMachineAndSpiForLocalRekey() throws Exception {
- setupStateMachineAndSpiForLocalRekey(LOCAL_ADDRESS, REMOTE_ADDRESS);
- }
-
- private void setupStateMachineAndSpiForLocalRekey(
- InetAddress updatedLocalAddress, InetAddress updatedRemoteAddress) throws Exception {
setupIdleStateMachine();
- setUpSpiResource(updatedLocalAddress, LOCAL_INIT_NEW_CHILD_SA_SPI_IN);
- setUpSpiResource(updatedRemoteAddress, LOCAL_INIT_NEW_CHILD_SA_SPI_OUT);
+ setUpSpiResource(LOCAL_ADDRESS, LOCAL_INIT_NEW_CHILD_SA_SPI_IN);
+ setUpSpiResource(REMOTE_ADDRESS, LOCAL_INIT_NEW_CHILD_SA_SPI_OUT);
}
@Test
@@ -1139,32 +1036,15 @@
// Send Rekey-Create request
mChildSessionStateMachine.rekeyChildSession();
mLooper.dispatchAll();
-
- verifyRekeyChildLocalCreateHandlesResponse(
- ChildSessionStateMachine.RekeyChildLocalCreate.class,
- false /* isMobikeRekey */,
- LOCAL_ADDRESS,
- REMOTE_ADDRESS);
- }
-
- private void verifyRekeyChildLocalCreateHandlesResponse(
- Class<?> expectedState,
- boolean isMobikeRekey,
- InetAddress localAddress,
- InetAddress remoteAddress)
- throws Exception {
- assertTrue(expectedState.isInstance(mChildSessionStateMachine.getCurrentState()));
+ assertTrue(
+ mChildSessionStateMachine.getCurrentState()
+ instanceof ChildSessionStateMachine.RekeyChildLocalCreate);
List<IkePayload> rekeyRespPayloads = receiveRekeyChildResponse();
- verifyLocalRekeyCreateIsDone(rekeyRespPayloads, isMobikeRekey, localAddress, remoteAddress);
+ verifyLocalRekeyCreateIsDone(rekeyRespPayloads);
}
- private void verifyLocalRekeyCreateIsDone(
- List<IkePayload> rekeyRespPayloads,
- boolean isMobikeRekey,
- InetAddress localAddress,
- InetAddress remoteAddress)
- throws Exception {
+ private void verifyLocalRekeyCreateIsDone(List<IkePayload> rekeyRespPayloads) throws Exception {
// Verify state transition
assertTrue(
mChildSessionStateMachine.getCurrentState()
@@ -1189,22 +1069,12 @@
childSaRecordConfig,
LOCAL_INIT_NEW_CHILD_SA_SPI_IN,
LOCAL_INIT_NEW_CHILD_SA_SPI_OUT,
- true /*isLocalInit*/,
- localAddress,
- remoteAddress);
+ true /*isLocalInit*/);
// Verify users have been notified
verify(mSpyUserCbExecutor).execute(any(Runnable.class));
-
- if (isMobikeRekey) {
- verify(mMockChildSessionCallback)
- .onIpSecTransformsMigrated(
- mSpyLocalInitNewChildSaRecord.getInboundIpSecTransform(),
- mSpyLocalInitNewChildSaRecord.getOutboundIpSecTransform());
- } else {
- verifyNotifyUsersCreateIpSecSa(mSpyLocalInitNewChildSaRecord, true /*expectInbound*/);
- verifyNotifyUsersCreateIpSecSa(mSpyLocalInitNewChildSaRecord, false /*expectInbound*/);
- }
+ verifyNotifyUsersCreateIpSecSa(mSpyLocalInitNewChildSaRecord, true /*expectInbound*/);
+ verifyNotifyUsersCreateIpSecSa(mSpyLocalInitNewChildSaRecord, false /*expectInbound*/);
}
@Test
@@ -1252,8 +1122,7 @@
// Receive Rekey Create response and verify creation is done
List<IkePayload> rekeyRespPayloads = receiveRekeyChildResponse();
- verifyLocalRekeyCreateIsDone(
- rekeyRespPayloads, false /* isMobikeRekey */, LOCAL_ADDRESS, REMOTE_ADDRESS);
+ verifyLocalRekeyCreateIsDone(rekeyRespPayloads);
}
@Test
@@ -1851,8 +1720,7 @@
.getDhGroupTransforms();
List<IkePayload> payloadList = new ArrayList<>();
payloadList.add(
- IkeKePayload.createOutboundKePayload(
- SaProposal.DH_GROUP_1024_BIT_MODP, createMockRandomFactory()));
+ new IkeKePayload(SaProposal.DH_GROUP_1024_BIT_MODP, createMockRandomFactory()));
CreateChildSaHelper.validateKePayloads(
payloadList, true /*isResp*/, mMockNegotiatedProposal);
@@ -1900,8 +1768,7 @@
.getDhGroupTransforms();
List<IkePayload> payloadList = new ArrayList<>();
payloadList.add(
- IkeKePayload.createOutboundKePayload(
- SaProposal.DH_GROUP_2048_BIT_MODP, createMockRandomFactory()));
+ new IkeKePayload(SaProposal.DH_GROUP_2048_BIT_MODP, createMockRandomFactory()));
try {
CreateChildSaHelper.validateKePayloads(
@@ -1926,8 +1793,7 @@
.getDhGroupTransforms();
List<IkePayload> payloadList = new ArrayList<>();
payloadList.add(
- IkeKePayload.createOutboundKePayload(
- SaProposal.DH_GROUP_2048_BIT_MODP, createMockRandomFactory()));
+ new IkeKePayload(SaProposal.DH_GROUP_2048_BIT_MODP, createMockRandomFactory()));
try {
CreateChildSaHelper.validateKePayloads(
@@ -1946,12 +1812,7 @@
IkeManager.setIkeLog(spyIkeLog);
mChildSessionStateMachine.createChildSession(
- null /*localAddress*/,
- REMOTE_ADDRESS,
- mMockUdpEncapSocket,
- mIkePrf,
- IKE_DH_GROUP,
- SK_D);
+ null /*localAddress*/, REMOTE_ADDRESS, mMockUdpEncapSocket, mIkePrf, SK_D);
mLooper.dispatchAll();
verifyHandleFatalErrorAndQuit(IkeInternalException.class);
@@ -2003,53 +1864,21 @@
PAYLOAD_TYPE_KE, IkeKePayload.class, reqPayloadList));
}
- private ChildSessionStateMachine buildChildSession(
- ChildSessionParams childSessionParams, Executor executor) {
+ private ChildSessionStateMachine buildChildSession(ChildSessionParams childSessionParams) {
return new ChildSessionStateMachine(
mLooper.getLooper(),
mContext,
IKE_SESSION_UNIQUE_ID,
- mMockIkeHandler,
+ mMockAlarmManager,
createMockRandomFactory(),
mMockIpSecManager,
mIpSecSpiGenerator,
childSessionParams,
- executor,
+ mSpyUserCbExecutor,
mMockChildSessionCallback,
mMockChildSessionSmCallback);
}
- private ChildSessionStateMachine buildChildSession(ChildSessionParams childSessionParams) {
- return buildChildSession(childSessionParams, mSpyUserCbExecutor);
- }
-
- private ChildSessionStateMachine buildChildSession(Executor executor) {
- return buildChildSession(mChildSessionParams, executor);
- }
-
- private ChildSessionStateMachine buildAndStartChildSession(Executor executor) {
- ChildSessionStateMachine childSession = buildChildSession(executor);
- childSession.setDbg(true);
- childSession.start();
- mLooper.dispatchAll();
-
- return childSession;
- }
-
- private ChildSessionStateMachine buildAndStartStateMachineWithProposal(
- ChildSaProposal childProposal) {
- ChildSessionParams childSessionParams =
- new TunnelModeChildSessionParams.Builder()
- .addSaProposal(childProposal)
- .addInternalAddressRequest(AF_INET)
- .addInternalAddressRequest(INTERNAL_ADDRESS)
- .build();
- ChildSessionStateMachine childSession = buildChildSession(childSessionParams);
- childSession.setDbg(true);
- childSession.start();
- return childSession;
- }
-
private ChildSaProposal buildSaProposalWithDhGroup(int dhGroup) {
return new ChildSaProposal.Builder()
.addEncryptionAlgorithm(
@@ -2059,28 +1888,42 @@
.build();
}
- private void verifyRemoteRekeyWithKePayload(ChildSaProposal requestSaProposal, int expectedDh)
- throws Exception {
+ @Test
+ public void testRemoteRekeyWithKePayload() throws Exception {
+ // Use child session params with dh group to initiate the state machine
+ ChildSaProposal saProposal = buildSaProposalWithDhGroup(SaProposal.DH_GROUP_2048_BIT_MODP);
+ ChildSessionParams childSessionParams =
+ new TunnelModeChildSessionParams.Builder()
+ .addSaProposal(saProposal)
+ .addInternalAddressRequest(AF_INET)
+ .addInternalAddressRequest(INTERNAL_ADDRESS)
+ .build();
+ mChildSessionStateMachine = buildChildSession(childSessionParams);
+ mChildSessionStateMachine.setDbg(true);
+ mChildSessionStateMachine.start();
+
+ setupIdleStateMachine();
+
// Setup for new Child SA negotiation.
setUpSpiResource(LOCAL_ADDRESS, REMOTE_INIT_NEW_CHILD_SA_SPI_IN);
setUpSpiResource(REMOTE_ADDRESS, REMOTE_INIT_NEW_CHILD_SA_SPI_OUT);
IkeSaPayload saPayload =
IkeSaPayload.createChildSaRequestPayload(
- new ChildSaProposal[] {requestSaProposal},
- mIpSecSpiGenerator,
- LOCAL_ADDRESS);
+ new ChildSaProposal[] {saProposal}, mIpSecSpiGenerator, LOCAL_ADDRESS);
List<IkePayload> rekeyReqPayloads =
makeInboundRekeyChildPayloads(
REMOTE_INIT_NEW_CHILD_SA_SPI_OUT, saPayload, false /*isLocalInitRekey*/);
rekeyReqPayloads.add(
- IkeKePayload.createOutboundKePayload(expectedDh, createMockRandomFactory()));
+ new IkeKePayload(IkeSaProposal.DH_GROUP_2048_BIT_MODP, createMockRandomFactory()));
when(mMockSaRecordHelper.makeChildSaRecord(
eq(rekeyReqPayloads), any(List.class), any(ChildSaRecordConfig.class)))
.thenReturn(mSpyRemoteInitNewChildSaRecord);
+ assertEquals(0, mChildSessionStateMachine.mSaProposal.getDhGroups().size());
+
// Receive rekey Child request
mChildSessionStateMachine.receiveRequest(
IKE_EXCHANGE_SUBTYPE_REKEY_CHILD, EXCHANGE_TYPE_CREATE_CHILD_SA, rekeyReqPayloads);
@@ -2092,186 +1935,6 @@
verifyOutboundRekeyKePayload(true /*isResp*/);
- assertEquals(expectedDh, (int) mChildSessionStateMachine.mSaProposal.getDhGroups().get(0));
- }
-
- @Test
- public void testRemoteRekeyWithUserSpecifiedKePayload() throws Exception {
- // Use child session params with dh group to initiate the state machine
- ChildSaProposal saProposal = buildSaProposalWithDhGroup(SaProposal.DH_GROUP_2048_BIT_MODP);
- mChildSessionStateMachine.quitNow();
- mChildSessionStateMachine = buildAndStartStateMachineWithProposal(saProposal);
-
- setupIdleStateMachine();
- assertEquals(0, mChildSessionStateMachine.mSaProposal.getDhGroups().size());
-
- verifyRemoteRekeyWithKePayload(saProposal, SaProposal.DH_GROUP_2048_BIT_MODP);
- }
-
- @Test
- public void testRemoteRekeyWithIkeNegotiatedKePayload() throws Exception {
- setupIdleStateMachine();
-
- assertEquals(0, mChildSessionStateMachine.mSaProposal.getDhGroups().size());
- assertEquals(IKE_DH_GROUP, mChildSessionStateMachine.mIkeDhGroup);
- for (SaProposal userProposal :
- mChildSessionStateMachine.mChildSessionParams.getChildSaProposals()) {
- assertTrue(userProposal.getDhGroups().isEmpty());
- }
-
- ChildSaProposal saProposal = buildSaProposalWithDhGroup(IKE_DH_GROUP);
- verifyRemoteRekeyWithKePayload(saProposal, IKE_DH_GROUP);
- }
-
- private void verifyRcvRekeyReqAndRejectWithErrorNotify(
- List<IkePayload> rekeyReqPayloads, int expectedErrorType) {
- mChildSessionStateMachine.receiveRequest(
- IKE_EXCHANGE_SUBTYPE_REKEY_CHILD, EXCHANGE_TYPE_CREATE_CHILD_SA, rekeyReqPayloads);
- mLooper.dispatchAll();
-
- assertTrue(
- mChildSessionStateMachine.getCurrentState()
- instanceof ChildSessionStateMachine.Idle);
-
- verifyOutboundErrorNotify(EXCHANGE_TYPE_CREATE_CHILD_SA, expectedErrorType);
- }
-
- @Test
- public void testRemoteRekeyWithInvalidKePayload() throws Exception {
- setupIdleStateMachine();
-
- assertEquals(0, mChildSessionStateMachine.mSaProposal.getDhGroups().size());
- assertEquals(IKE_DH_GROUP, mChildSessionStateMachine.mIkeDhGroup);
- for (SaProposal userProposal :
- mChildSessionStateMachine.mChildSessionParams.getChildSaProposals()) {
- assertTrue(userProposal.getDhGroups().isEmpty());
- }
-
- // Build an inbound Rekey Child request
- // Build an SA Payload that includes a Proposal with IKE_DH_GROUP
- IkeSaPayload saPayload =
- IkeSaPayload.createChildSaRequestPayload(
- new ChildSaProposal[] {buildSaProposalWithDhGroup(IKE_DH_GROUP)},
- mIpSecSpiGenerator,
- LOCAL_ADDRESS);
- List<IkePayload> rekeyReqPayloads =
- makeInboundRekeyChildPayloads(
- REMOTE_INIT_NEW_CHILD_SA_SPI_OUT, saPayload, false /*isLocalInitRekey*/);
-
- // Build a KE Payload that uses a different DH group from the IKE_DH_GROUP
- rekeyReqPayloads.add(
- IkeKePayload.createOutboundKePayload(
- DH_GROUP_2048_BIT_MODP, createMockRandomFactory()));
-
- verifyRcvRekeyReqAndRejectWithErrorNotify(rekeyReqPayloads, ERROR_TYPE_INVALID_KE_PAYLOAD);
- }
-
- @Test
- public void testRejectRemoteRekeyWithoutDhGroupInProposal() throws Exception {
- // Use child session params with dh group to initiate the state machine
- mChildSessionStateMachine.quitNow();
- ChildSaProposal saProposal = buildSaProposalWithDhGroup(SaProposal.DH_GROUP_2048_BIT_MODP);
- mChildSessionStateMachine = buildAndStartStateMachineWithProposal(saProposal);
-
- setupIdleStateMachine();
- mChildSessionStateMachine.mSaProposal = saProposal;
-
- // Build a Rekey request that does not propose DH groups.
- IkeSaPayload saPayload =
- IkeSaPayload.createChildSaRequestPayload(
- new ChildSaProposal[] {buildSaProposal()}, // Proposal with no DH group
- mIpSecSpiGenerator,
- LOCAL_ADDRESS);
- List<IkePayload> rekeyReqPayloads =
- makeInboundRekeyChildPayloads(
- REMOTE_INIT_NEW_CHILD_SA_SPI_OUT, saPayload, false /* isLocalInitRekey */);
- rekeyReqPayloads.add(
- IkeKePayload.createOutboundKePayload(
- DH_GROUP_2048_BIT_MODP, createMockRandomFactory()));
-
- verifyRcvRekeyReqAndRejectWithErrorNotify(rekeyReqPayloads, ERROR_TYPE_NO_PROPOSAL_CHOSEN);
- }
-
- @Test
- public void testRejectRemoteRekeyWithoutKePayload() throws Exception {
- // Use child session params with dh group to initiate the state machine
- mChildSessionStateMachine.quitNow();
- ChildSaProposal saProposal = buildSaProposalWithDhGroup(SaProposal.DH_GROUP_2048_BIT_MODP);
- mChildSessionStateMachine = buildAndStartStateMachineWithProposal(saProposal);
-
- setupIdleStateMachine();
- mChildSessionStateMachine.mSaProposal = saProposal;
-
- // Build a Rekey request that proposes DH groups but does not include a KE payload
- IkeSaPayload saPayload =
- IkeSaPayload.createChildSaRequestPayload(
- new ChildSaProposal[] {saProposal}, mIpSecSpiGenerator, LOCAL_ADDRESS);
- List<IkePayload> rekeyReqPayloads =
- makeInboundRekeyChildPayloads(
- REMOTE_INIT_NEW_CHILD_SA_SPI_OUT, saPayload, false /* isLocalInitRekey */);
-
- verifyRcvRekeyReqAndRejectWithErrorNotify(rekeyReqPayloads, ERROR_TYPE_INVALID_SYNTAX);
- }
-
- @Test
- public void testMobikeRekeyChildLocalCreateHandlesResp() throws Exception {
- setupStateMachineAndSpiForLocalRekey(UPDATED_LOCAL_ADDRESS, REMOTE_ADDRESS);
-
- // Send MOBIKE Rekey-Create request
- mChildSessionStateMachine.rekeyChildSessionForMobike(
- UPDATED_LOCAL_ADDRESS, REMOTE_ADDRESS, mMockUdpEncapSocket);
- mLooper.dispatchAll();
-
- verifyRekeyChildLocalCreateHandlesResponse(
- ChildSessionStateMachine.MobikeRekeyChildLocalCreate.class,
- true /* isMobikeRekey */,
- UPDATED_LOCAL_ADDRESS,
- REMOTE_ADDRESS);
-
- assertEquals(UPDATED_LOCAL_ADDRESS, mChildSessionStateMachine.mLocalAddress);
- assertEquals(REMOTE_ADDRESS, mChildSessionStateMachine.mRemoteAddress);
- assertEquals(mMockUdpEncapSocket, mChildSessionStateMachine.mUdpEncapSocket);
- }
-
- @Test
- public void testMobikeRekeyChildExecuteCbAfterKillSession() throws Exception {
- mChildSessionStateMachine.quitNow();
- mLooper.dispatchAll();
-
- LateExecuteExecutor lateExecutor = spy(new LateExecuteExecutor());
- mChildSessionStateMachine = buildAndStartChildSession(lateExecutor);
-
- setupStateMachineAndSpiForLocalRekey(UPDATED_LOCAL_ADDRESS, REMOTE_ADDRESS);
-
- // MOBIKE Rekey
- mChildSessionStateMachine.rekeyChildSessionForMobike(
- UPDATED_LOCAL_ADDRESS, REMOTE_ADDRESS, mMockUdpEncapSocket);
- mLooper.dispatchAll();
- receiveRekeyChildResponse();
- mLooper.dispatchAll();
-
- mChildSessionStateMachine.killSession();
- mLooper.dispatchAll();
-
- lateExecutor.actuallyExecute();
- verify(mMockChildSessionCallback)
- .onIpSecTransformsMigrated(
- mSpyLocalInitNewChildSaRecord.getInboundIpSecTransform(),
- mSpyLocalInitNewChildSaRecord.getOutboundIpSecTransform());
- }
-
- private static class LateExecuteExecutor implements Executor {
- private final List<Runnable> mCommands = new ArrayList<>();
-
- @Override
- public void execute(Runnable command) {
- mCommands.add(command);
- }
-
- public void actuallyExecute() {
- for (Runnable c : mCommands) {
- c.run();
- }
- }
+ assertEquals(1, mChildSessionStateMachine.mSaProposal.getDhGroups().size());
}
}
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeLocalRequestSchedulerTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeLocalRequestSchedulerTest.java
index e7ae658..85942e2 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeLocalRequestSchedulerTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeLocalRequestSchedulerTest.java
@@ -14,16 +14,8 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike;
+package com.android.internal.net.ipsec.ike;
-import static com.android.internal.net.ipsec.test.ike.IkeLocalRequestScheduler.REQUEST_PRIORITY_HIGH;
-import static com.android.internal.net.ipsec.test.ike.IkeLocalRequestScheduler.REQUEST_PRIORITY_NORMAL;
-import static com.android.internal.net.ipsec.test.ike.IkeLocalRequestScheduler.REQUEST_PRIORITY_URGENT;
-import static com.android.internal.net.ipsec.test.ike.IkeSessionStateMachine.CMD_LOCAL_REQUEST_CREATE_IKE;
-import static com.android.internal.net.ipsec.test.ike.IkeSessionStateMachine.CMD_LOCAL_REQUEST_DELETE_IKE;
-import static com.android.internal.net.ipsec.test.ike.IkeSessionStateMachine.CMD_LOCAL_REQUEST_MOBIKE;
-
-import static org.junit.Assert.assertEquals;
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.any;
import static org.mockito.Mockito.anyInt;
@@ -36,7 +28,6 @@
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
import android.content.Context;
import android.os.PowerManager;
@@ -44,9 +35,8 @@
import androidx.test.InstrumentationRegistry;
-import com.android.internal.net.ipsec.test.ike.IkeLocalRequestScheduler.IProcedureConsumer;
-import com.android.internal.net.ipsec.test.ike.IkeLocalRequestScheduler.LocalRequest;
-import com.android.internal.net.ipsec.test.ike.IkeLocalRequestScheduler.LocalRequestFactory;
+import com.android.internal.net.ipsec.ike.IkeLocalRequestScheduler.IProcedureConsumer;
+import com.android.internal.net.ipsec.ike.IkeLocalRequestScheduler.LocalRequest;
import org.junit.Before;
import org.junit.Test;
@@ -54,15 +44,11 @@
import org.mockito.InOrder;
public final class IkeLocalRequestSchedulerTest {
- private static final int REQUESTS_TO_QUEUE = 10;
-
private IkeLocalRequestScheduler mScheduler;
private IProcedureConsumer mMockConsumer;
private LocalRequest[] mMockRequestArray;
- private int mNextRequestId;
-
private ArgumentCaptor<LocalRequest> mLocalRequestCaptor =
ArgumentCaptor.forClass(LocalRequest.class);
@@ -83,18 +69,15 @@
mScheduler = new IkeLocalRequestScheduler(mMockConsumer, mSpyContext);
- mNextRequestId = 0;
-
- mMockRequestArray = new LocalRequest[REQUESTS_TO_QUEUE];
+ mMockRequestArray = new LocalRequest[10];
for (int i = 0; i < mMockRequestArray.length; i++) {
mMockRequestArray[i] = mock(LocalRequest.class);
- when(mMockRequestArray[i].getPriority()).thenReturn(REQUEST_PRIORITY_NORMAL);
}
}
@Test
public void testAddMultipleRequestProcessOnlyOne() {
- addAllRequestsToScheduler(mMockRequestArray);
+ for (LocalRequest r : mMockRequestArray) mScheduler.addRequest(r);
// Verify that no procedure was preemptively pulled from the queue
verify(mMockConsumer, never()).onNewProcedureReady(any());
@@ -108,18 +91,11 @@
}
}
- private void addAllRequestsToScheduler(LocalRequest[] mockRequests) {
- for (LocalRequest r : mockRequests) {
- when(r.getRequestId()).thenReturn(mNextRequestId++);
- mScheduler.addRequest(r);
- }
- }
-
@Test
public void testProcessOrder() {
InOrder inOrder = inOrder(mMockConsumer);
- addAllRequestsToScheduler(mMockRequestArray);
+ for (LocalRequest r : mMockRequestArray) mScheduler.addRequest(r);
for (int i = 0; i < mMockRequestArray.length; i++) mScheduler.readyForNextProcedure();
for (LocalRequest r : mMockRequestArray) {
@@ -128,59 +104,27 @@
}
@Test
- public void testPriorityProcessOrder() {
+ public void testAddRequestToFrontProcessOrder() {
InOrder inOrder = inOrder(mMockConsumer);
- LocalRequest[] mockUrgentPriorityRequestArray =
- createMockRequestArrayWithPriority(REQUEST_PRIORITY_URGENT);
- LocalRequest[] mockHighPriorityRequestArray =
- createMockRequestArrayWithPriority(REQUEST_PRIORITY_HIGH);
+ LocalRequest[] mockHighPriorityRequestArray = new LocalRequest[10];
+ for (int i = 0; i < mockHighPriorityRequestArray.length; i++) {
+ mockHighPriorityRequestArray[i] = mock(LocalRequest.class);
+ }
- addAllRequestsToScheduler(mMockRequestArray);
- addAllRequestsToScheduler(mockHighPriorityRequestArray);
- addAllRequestsToScheduler(mockUrgentPriorityRequestArray);
+ for (LocalRequest r : mMockRequestArray) mScheduler.addRequest(r);
+ for (LocalRequest r : mockHighPriorityRequestArray) mScheduler.addRequestAtFront(r);
- int requestsToHandle =
- mockUrgentPriorityRequestArray.length
- + mockHighPriorityRequestArray.length
- + mMockRequestArray.length;
- for (int i = 0; i < requestsToHandle; i++) {
+ for (int i = 0; i < mockHighPriorityRequestArray.length + mMockRequestArray.length; i++) {
mScheduler.readyForNextProcedure();
}
- // Verify processing order: mockUrgentPriorityRequestArray before
- // mockHighPriorityRequestArray before mMockRequestArray
- for (LocalRequest r : mockUrgentPriorityRequestArray) {
- inOrder.verify(mMockConsumer).onNewProcedureReady(r);
- }
- for (LocalRequest r : mockHighPriorityRequestArray) {
- inOrder.verify(mMockConsumer).onNewProcedureReady(r);
+ // Verify processing order. mockHighPriorityRequestArray is processed in reverse order
+ for (int i = mockHighPriorityRequestArray.length - 1; i >= 0; i--) {
+ inOrder.verify(mMockConsumer).onNewProcedureReady(mockHighPriorityRequestArray[i]);
}
for (LocalRequest r : mMockRequestArray) {
inOrder.verify(mMockConsumer).onNewProcedureReady(r);
}
}
-
- private LocalRequest[] createMockRequestArrayWithPriority(int requestPriority) {
- LocalRequest[] mockRequestArray = new LocalRequest[REQUESTS_TO_QUEUE];
- for (int i = 0; i < mockRequestArray.length; i++) {
- mockRequestArray[i] = mock(LocalRequest.class);
-
- when(mockRequestArray[i].getPriority()).thenReturn(requestPriority);
- }
- return mockRequestArray;
- }
-
- @Test
- public void testProcedureTypeToPriority() {
- assertEquals(
- REQUEST_PRIORITY_URGENT,
- LocalRequestFactory.procedureTypeToPriority(CMD_LOCAL_REQUEST_DELETE_IKE));
- assertEquals(
- REQUEST_PRIORITY_HIGH,
- LocalRequestFactory.procedureTypeToPriority(CMD_LOCAL_REQUEST_MOBIKE));
- assertEquals(
- REQUEST_PRIORITY_NORMAL,
- LocalRequestFactory.procedureTypeToPriority(CMD_LOCAL_REQUEST_CREATE_IKE));
- }
}
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeSessionStateMachineTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeSessionStateMachineTest.java
index 917f838..8e28011 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeSessionStateMachineTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeSessionStateMachineTest.java
@@ -14,61 +14,45 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike;
+package com.android.internal.net.ipsec.ike;
-import static android.net.ipsec.test.ike.IkeSessionConfiguration.EXTENSION_TYPE_FRAGMENTATION;
-import static android.net.ipsec.test.ike.IkeSessionParams.IKE_OPTION_EAP_ONLY_AUTH;
-import static android.net.ipsec.test.ike.IkeSessionParams.IKE_OPTION_FORCE_PORT_4500;
-import static android.net.ipsec.test.ike.IkeSessionParams.IKE_OPTION_MOBIKE;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_AUTHENTICATION_FAILED;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_CHILD_SA_NOT_FOUND;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_INTERNAL_ADDRESS_FAILURE;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_INVALID_KE_PAYLOAD;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_INVALID_SYNTAX;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_NO_ADDITIONAL_SAS;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_NO_PROPOSAL_CHOSEN;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_TEMPORARY_FAILURE;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD;
-import static android.net.ipsec.test.ike.ike3gpp.Ike3gppBackoffTimer.ERROR_TYPE_NETWORK_FAILURE;
-import static android.net.ipsec.test.ike.ike3gpp.Ike3gppBackoffTimer.ERROR_TYPE_NO_APN_SUBSCRIPTION;
+import static android.net.ipsec.ike.IkeSessionConfiguration.EXTENSION_TYPE_FRAGMENTATION;
+import static android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_EAP_ONLY_AUTH;
+import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_AUTHENTICATION_FAILED;
+import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_CHILD_SA_NOT_FOUND;
+import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_INTERNAL_ADDRESS_FAILURE;
+import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_INVALID_SYNTAX;
+import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_NO_ADDITIONAL_SAS;
+import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_NO_PROPOSAL_CHOSEN;
+import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_TEMPORARY_FAILURE;
+import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD;
import static android.system.OsConstants.AF_INET;
import static android.system.OsConstants.AF_INET6;
import static com.android.internal.net.TestUtils.createMockRandomFactory;
-import static com.android.internal.net.ipsec.test.ike.AbstractSessionStateMachine.RETRY_INTERVAL_MS;
-import static com.android.internal.net.ipsec.test.ike.IkeSessionStateMachine.CMD_FORCE_TRANSITION;
-import static com.android.internal.net.ipsec.test.ike.IkeSessionStateMachine.CMD_RECEIVE_IKE_PACKET;
-import static com.android.internal.net.ipsec.test.ike.IkeSessionStateMachine.IKE_EXCHANGE_SUBTYPE_DELETE_CHILD;
-import static com.android.internal.net.ipsec.test.ike.IkeSessionStateMachine.IKE_EXCHANGE_SUBTYPE_REKEY_CHILD;
-import static com.android.internal.net.ipsec.test.ike.IkeSessionStateMachine.RETRY_INTERVAL_MS;
-import static com.android.internal.net.ipsec.test.ike.IkeSessionStateMachine.TEMP_FAILURE_RETRY_TIMEOUT_MS;
-import static com.android.internal.net.ipsec.test.ike.IkeSocket.SERVER_PORT_NON_UDP_ENCAPSULATED;
-import static com.android.internal.net.ipsec.test.ike.IkeSocket.SERVER_PORT_UDP_ENCAPSULATED;
-import static com.android.internal.net.ipsec.test.ike.ike3gpp.Ike3gppExtensionExchange.NOTIFY_TYPE_BACKOFF_TIMER;
-import static com.android.internal.net.ipsec.test.ike.ike3gpp.Ike3gppExtensionExchange.NOTIFY_TYPE_N1_MODE_CAPABILITY;
-import static com.android.internal.net.ipsec.test.ike.ike3gpp.Ike3gppExtensionExchange.NOTIFY_TYPE_N1_MODE_INFORMATION;
-import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_APPLICATION_VERSION;
-import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_ADDRESS;
-import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_NETMASK;
-import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP6_ADDRESS;
-import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_IP4_PCSCF;
-import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_IP6_PCSCF;
-import static com.android.internal.net.ipsec.test.ike.message.IkeHeader.EXCHANGE_TYPE_CREATE_CHILD_SA;
-import static com.android.internal.net.ipsec.test.ike.message.IkeHeader.EXCHANGE_TYPE_INFORMATIONAL;
-import static com.android.internal.net.ipsec.test.ike.message.IkeNotifyPayload.NOTIFY_TYPE_COOKIE;
-import static com.android.internal.net.ipsec.test.ike.message.IkeNotifyPayload.NOTIFY_TYPE_COOKIE2;
-import static com.android.internal.net.ipsec.test.ike.message.IkeNotifyPayload.NOTIFY_TYPE_EAP_ONLY_AUTHENTICATION;
-import static com.android.internal.net.ipsec.test.ike.message.IkeNotifyPayload.NOTIFY_TYPE_IKEV2_FRAGMENTATION_SUPPORTED;
-import static com.android.internal.net.ipsec.test.ike.message.IkeNotifyPayload.NOTIFY_TYPE_MOBIKE_SUPPORTED;
-import static com.android.internal.net.ipsec.test.ike.message.IkeNotifyPayload.NOTIFY_TYPE_NAT_DETECTION_DESTINATION_IP;
-import static com.android.internal.net.ipsec.test.ike.message.IkeNotifyPayload.NOTIFY_TYPE_NAT_DETECTION_SOURCE_IP;
-import static com.android.internal.net.ipsec.test.ike.message.IkeNotifyPayload.NOTIFY_TYPE_SIGNATURE_HASH_ALGORITHMS;
-import static com.android.internal.net.ipsec.test.ike.message.IkeNotifyPayload.NOTIFY_TYPE_UPDATE_SA_ADDRESSES;
-import static com.android.internal.net.ipsec.test.ike.message.IkePayload.PAYLOAD_TYPE_AUTH;
-import static com.android.internal.net.ipsec.test.ike.message.IkePayload.PAYLOAD_TYPE_KE;
-import static com.android.internal.net.ipsec.test.ike.message.IkePayload.PAYLOAD_TYPE_NONCE;
-import static com.android.internal.net.ipsec.test.ike.message.IkePayload.PAYLOAD_TYPE_NOTIFY;
-import static com.android.internal.net.ipsec.test.ike.message.IkePayload.PAYLOAD_TYPE_SA;
+import static com.android.internal.net.ipsec.ike.AbstractSessionStateMachine.RETRY_INTERVAL_MS;
+import static com.android.internal.net.ipsec.ike.IkeSessionStateMachine.CMD_FORCE_TRANSITION;
+import static com.android.internal.net.ipsec.ike.IkeSessionStateMachine.CMD_RECEIVE_IKE_PACKET;
+import static com.android.internal.net.ipsec.ike.IkeSessionStateMachine.IKE_EXCHANGE_SUBTYPE_DELETE_CHILD;
+import static com.android.internal.net.ipsec.ike.IkeSessionStateMachine.IKE_EXCHANGE_SUBTYPE_REKEY_CHILD;
+import static com.android.internal.net.ipsec.ike.IkeSessionStateMachine.RETRY_INTERVAL_MS;
+import static com.android.internal.net.ipsec.ike.IkeSessionStateMachine.TEMP_FAILURE_RETRY_TIMEOUT_MS;
+import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_ATTR_APPLICATION_VERSION;
+import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_ADDRESS;
+import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_NETMASK;
+import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP6_ADDRESS;
+import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_ATTR_IP4_PCSCF;
+import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_ATTR_IP6_PCSCF;
+import static com.android.internal.net.ipsec.ike.message.IkeHeader.EXCHANGE_TYPE_CREATE_CHILD_SA;
+import static com.android.internal.net.ipsec.ike.message.IkeHeader.EXCHANGE_TYPE_INFORMATIONAL;
+import static com.android.internal.net.ipsec.ike.message.IkeNotifyPayload.NOTIFY_TYPE_EAP_ONLY_AUTHENTICATION;
+import static com.android.internal.net.ipsec.ike.message.IkeNotifyPayload.NOTIFY_TYPE_IKEV2_FRAGMENTATION_SUPPORTED;
+import static com.android.internal.net.ipsec.ike.message.IkeNotifyPayload.NOTIFY_TYPE_NAT_DETECTION_DESTINATION_IP;
+import static com.android.internal.net.ipsec.ike.message.IkeNotifyPayload.NOTIFY_TYPE_NAT_DETECTION_SOURCE_IP;
+import static com.android.internal.net.ipsec.ike.message.IkeNotifyPayload.NOTIFY_TYPE_SIGNATURE_HASH_ALGORITHMS;
+import static com.android.internal.net.ipsec.ike.message.IkePayload.PAYLOAD_TYPE_AUTH;
+import static com.android.internal.net.ipsec.ike.message.IkePayload.PAYLOAD_TYPE_NOTIFY;
+import static com.android.internal.net.ipsec.ike.message.IkePayload.PAYLOAD_TYPE_SA;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -76,7 +60,6 @@
import static org.junit.Assert.assertNotEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertSame;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import static org.mockito.Matchers.any;
@@ -87,8 +70,6 @@
import static org.mockito.Matchers.anyString;
import static org.mockito.Matchers.argThat;
import static org.mockito.Matchers.eq;
-import static org.mockito.Mockito.atLeast;
-import static org.mockito.Mockito.atLeastOnce;
import static org.mockito.Mockito.doAnswer;
import static org.mockito.Mockito.doNothing;
import static org.mockito.Mockito.doReturn;
@@ -101,110 +82,89 @@
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
-import android.annotation.Nullable;
+import android.app.AlarmManager;
import android.content.Context;
-import android.net.LinkAddress;
-import android.net.LinkProperties;
-import android.net.Network;
-import android.net.eap.test.EapSessionConfig;
-import android.net.ipsec.test.ike.ChildSaProposal;
-import android.net.ipsec.test.ike.ChildSessionCallback;
-import android.net.ipsec.test.ike.ChildSessionParams;
-import android.net.ipsec.test.ike.IkeFqdnIdentification;
-import android.net.ipsec.test.ike.IkeIdentification;
-import android.net.ipsec.test.ike.IkeIpv4AddrIdentification;
-import android.net.ipsec.test.ike.IkeManager;
-import android.net.ipsec.test.ike.IkeSaProposal;
-import android.net.ipsec.test.ike.IkeSessionCallback;
-import android.net.ipsec.test.ike.IkeSessionConfiguration;
-import android.net.ipsec.test.ike.IkeSessionConnectionInfo;
-import android.net.ipsec.test.ike.IkeSessionParams;
-import android.net.ipsec.test.ike.SaProposal;
-import android.net.ipsec.test.ike.TransportModeChildSessionParams;
-import android.net.ipsec.test.ike.TunnelModeChildSessionParams;
-import android.net.ipsec.test.ike.exceptions.AuthenticationFailedException;
-import android.net.ipsec.test.ike.exceptions.IkeException;
-import android.net.ipsec.test.ike.exceptions.IkeInternalException;
-import android.net.ipsec.test.ike.exceptions.IkeNetworkLostException;
-import android.net.ipsec.test.ike.exceptions.IkeProtocolException;
-import android.net.ipsec.test.ike.exceptions.InvalidSyntaxException;
-import android.net.ipsec.test.ike.exceptions.NoValidProposalChosenException;
-import android.net.ipsec.test.ike.exceptions.UnrecognizedIkeProtocolException;
-import android.net.ipsec.test.ike.exceptions.UnsupportedCriticalPayloadException;
-import android.net.ipsec.test.ike.ike3gpp.Ike3gppBackoffTimer;
-import android.net.ipsec.test.ike.ike3gpp.Ike3gppData;
-import android.net.ipsec.test.ike.ike3gpp.Ike3gppExtension;
-import android.net.ipsec.test.ike.ike3gpp.Ike3gppExtension.Ike3gppDataListener;
-import android.net.ipsec.test.ike.ike3gpp.Ike3gppN1ModeInformation;
-import android.net.ipsec.test.ike.ike3gpp.Ike3gppParams;
-import android.os.Handler;
+import android.net.eap.EapSessionConfig;
+import android.net.ipsec.ike.ChildSaProposal;
+import android.net.ipsec.ike.ChildSessionCallback;
+import android.net.ipsec.ike.ChildSessionParams;
+import android.net.ipsec.ike.IkeFqdnIdentification;
+import android.net.ipsec.ike.IkeIdentification;
+import android.net.ipsec.ike.IkeIpv4AddrIdentification;
+import android.net.ipsec.ike.IkeManager;
+import android.net.ipsec.ike.IkeSaProposal;
+import android.net.ipsec.ike.IkeSessionCallback;
+import android.net.ipsec.ike.IkeSessionConfiguration;
+import android.net.ipsec.ike.IkeSessionConnectionInfo;
+import android.net.ipsec.ike.IkeSessionParams;
+import android.net.ipsec.ike.SaProposal;
+import android.net.ipsec.ike.TunnelModeChildSessionParams;
+import android.net.ipsec.ike.exceptions.IkeException;
+import android.net.ipsec.ike.exceptions.IkeInternalException;
+import android.net.ipsec.ike.exceptions.IkeProtocolException;
import android.os.Looper;
import android.os.test.TestLooper;
import android.telephony.TelephonyManager;
-import androidx.test.filters.SdkSuppress;
-
import com.android.internal.net.TestUtils;
-import com.android.internal.net.eap.test.EapAuthenticator;
-import com.android.internal.net.eap.test.IEapCallback;
-import com.android.internal.net.ipsec.test.ike.ChildSessionStateMachine.IChildSessionSmCallback;
-import com.android.internal.net.ipsec.test.ike.ChildSessionStateMachineFactory.ChildSessionFactoryHelper;
-import com.android.internal.net.ipsec.test.ike.ChildSessionStateMachineFactory.IChildSessionFactoryHelper;
-import com.android.internal.net.ipsec.test.ike.IkeLocalRequestScheduler.ChildLocalRequest;
-import com.android.internal.net.ipsec.test.ike.IkeLocalRequestScheduler.IkeLocalRequest;
-import com.android.internal.net.ipsec.test.ike.IkeLocalRequestScheduler.LocalRequestFactory;
-import com.android.internal.net.ipsec.test.ike.IkeSessionStateMachine.ReceivedIkePacket;
-import com.android.internal.net.ipsec.test.ike.SaRecord.ISaRecordHelper;
-import com.android.internal.net.ipsec.test.ike.SaRecord.IkeSaRecord;
-import com.android.internal.net.ipsec.test.ike.SaRecord.IkeSaRecordConfig;
-import com.android.internal.net.ipsec.test.ike.SaRecord.SaLifetimeAlarmScheduler;
-import com.android.internal.net.ipsec.test.ike.SaRecord.SaRecordHelper;
-import com.android.internal.net.ipsec.test.ike.crypto.IkeCipher;
-import com.android.internal.net.ipsec.test.ike.crypto.IkeMacIntegrity;
-import com.android.internal.net.ipsec.test.ike.crypto.IkeMacPrf;
-import com.android.internal.net.ipsec.test.ike.keepalive.IkeNattKeepalive;
-import com.android.internal.net.ipsec.test.ike.message.IkeAuthDigitalSignPayload;
-import com.android.internal.net.ipsec.test.ike.message.IkeAuthPayload;
-import com.android.internal.net.ipsec.test.ike.message.IkeAuthPskPayload;
-import com.android.internal.net.ipsec.test.ike.message.IkeCertX509CertPayload;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload;
-import com.android.internal.net.ipsec.test.ike.message.IkeDeletePayload;
-import com.android.internal.net.ipsec.test.ike.message.IkeEapPayload;
-import com.android.internal.net.ipsec.test.ike.message.IkeHeader;
-import com.android.internal.net.ipsec.test.ike.message.IkeIdPayload;
-import com.android.internal.net.ipsec.test.ike.message.IkeInformationalPayload;
-import com.android.internal.net.ipsec.test.ike.message.IkeKePayload;
-import com.android.internal.net.ipsec.test.ike.message.IkeMessage;
-import com.android.internal.net.ipsec.test.ike.message.IkeMessage.DecodeResult;
-import com.android.internal.net.ipsec.test.ike.message.IkeMessage.DecodeResultOk;
-import com.android.internal.net.ipsec.test.ike.message.IkeMessage.DecodeResultPartial;
-import com.android.internal.net.ipsec.test.ike.message.IkeMessage.DecodeResultProtectedError;
-import com.android.internal.net.ipsec.test.ike.message.IkeMessage.DecodeResultUnprotectedError;
-import com.android.internal.net.ipsec.test.ike.message.IkeMessage.IIkeMessageHelper;
-import com.android.internal.net.ipsec.test.ike.message.IkeMessage.IkeMessageHelper;
-import com.android.internal.net.ipsec.test.ike.message.IkeNoncePayload;
-import com.android.internal.net.ipsec.test.ike.message.IkeNotifyPayload;
-import com.android.internal.net.ipsec.test.ike.message.IkePayload;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.DhGroupTransform;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.EncryptionTransform;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.IntegrityTransform;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.PrfTransform;
-import com.android.internal.net.ipsec.test.ike.message.IkeSkfPayload;
-import com.android.internal.net.ipsec.test.ike.message.IkeTestUtils;
-import com.android.internal.net.ipsec.test.ike.message.IkeTsPayload;
-import com.android.internal.net.ipsec.test.ike.net.IkeDefaultNetworkCallback;
-import com.android.internal.net.ipsec.test.ike.net.IkeLocalAddressGenerator;
-import com.android.internal.net.ipsec.test.ike.net.IkeNetworkCallbackBase;
-import com.android.internal.net.ipsec.test.ike.net.IkeSpecificNetworkCallback;
-import com.android.internal.net.ipsec.test.ike.testmode.DeterministicSecureRandom;
-import com.android.internal.net.ipsec.test.ike.testutils.CertUtils;
-import com.android.internal.net.ipsec.test.ike.utils.IkeSecurityParameterIndex;
-import com.android.internal.net.ipsec.test.ike.utils.IkeSpiGenerator;
-import com.android.internal.net.ipsec.test.ike.utils.IpSecSpiGenerator;
-import com.android.internal.net.ipsec.test.ike.utils.RandomnessFactory;
-import com.android.internal.net.ipsec.test.ike.utils.State;
-import com.android.internal.net.utils.test.Log;
+import com.android.internal.net.eap.EapAuthenticator;
+import com.android.internal.net.eap.IEapCallback;
+import com.android.internal.net.ipsec.ike.ChildSessionStateMachine.IChildSessionSmCallback;
+import com.android.internal.net.ipsec.ike.ChildSessionStateMachineFactory.ChildSessionFactoryHelper;
+import com.android.internal.net.ipsec.ike.ChildSessionStateMachineFactory.IChildSessionFactoryHelper;
+import com.android.internal.net.ipsec.ike.IkeLocalRequestScheduler.ChildLocalRequest;
+import com.android.internal.net.ipsec.ike.IkeLocalRequestScheduler.IkeLocalRequest;
+import com.android.internal.net.ipsec.ike.IkeSessionStateMachine.ReceivedIkePacket;
+import com.android.internal.net.ipsec.ike.SaRecord.ISaRecordHelper;
+import com.android.internal.net.ipsec.ike.SaRecord.IkeSaRecord;
+import com.android.internal.net.ipsec.ike.SaRecord.IkeSaRecordConfig;
+import com.android.internal.net.ipsec.ike.SaRecord.SaLifetimeAlarmScheduler;
+import com.android.internal.net.ipsec.ike.SaRecord.SaRecordHelper;
+import com.android.internal.net.ipsec.ike.crypto.IkeCipher;
+import com.android.internal.net.ipsec.ike.crypto.IkeMacIntegrity;
+import com.android.internal.net.ipsec.ike.crypto.IkeMacPrf;
+import com.android.internal.net.ipsec.ike.exceptions.AuthenticationFailedException;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidSyntaxException;
+import com.android.internal.net.ipsec.ike.exceptions.NoValidProposalChosenException;
+import com.android.internal.net.ipsec.ike.exceptions.UnsupportedCriticalPayloadException;
+import com.android.internal.net.ipsec.ike.message.IkeAuthDigitalSignPayload;
+import com.android.internal.net.ipsec.ike.message.IkeAuthPayload;
+import com.android.internal.net.ipsec.ike.message.IkeAuthPskPayload;
+import com.android.internal.net.ipsec.ike.message.IkeCertX509CertPayload;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload;
+import com.android.internal.net.ipsec.ike.message.IkeDeletePayload;
+import com.android.internal.net.ipsec.ike.message.IkeEapPayload;
+import com.android.internal.net.ipsec.ike.message.IkeHeader;
+import com.android.internal.net.ipsec.ike.message.IkeIdPayload;
+import com.android.internal.net.ipsec.ike.message.IkeInformationalPayload;
+import com.android.internal.net.ipsec.ike.message.IkeKePayload;
+import com.android.internal.net.ipsec.ike.message.IkeMessage;
+import com.android.internal.net.ipsec.ike.message.IkeMessage.DecodeResult;
+import com.android.internal.net.ipsec.ike.message.IkeMessage.DecodeResultOk;
+import com.android.internal.net.ipsec.ike.message.IkeMessage.DecodeResultPartial;
+import com.android.internal.net.ipsec.ike.message.IkeMessage.DecodeResultProtectedError;
+import com.android.internal.net.ipsec.ike.message.IkeMessage.DecodeResultUnprotectedError;
+import com.android.internal.net.ipsec.ike.message.IkeMessage.IIkeMessageHelper;
+import com.android.internal.net.ipsec.ike.message.IkeMessage.IkeMessageHelper;
+import com.android.internal.net.ipsec.ike.message.IkeNoncePayload;
+import com.android.internal.net.ipsec.ike.message.IkeNotifyPayload;
+import com.android.internal.net.ipsec.ike.message.IkePayload;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.DhGroupTransform;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.EncryptionTransform;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.IntegrityTransform;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.PrfTransform;
+import com.android.internal.net.ipsec.ike.message.IkeSkfPayload;
+import com.android.internal.net.ipsec.ike.message.IkeTestUtils;
+import com.android.internal.net.ipsec.ike.message.IkeTsPayload;
+import com.android.internal.net.ipsec.ike.testmode.DeterministicSecureRandom;
+import com.android.internal.net.ipsec.ike.testutils.CertUtils;
+import com.android.internal.net.ipsec.ike.utils.IkeSecurityParameterIndex;
+import com.android.internal.net.ipsec.ike.utils.IkeSpiGenerator;
+import com.android.internal.net.ipsec.ike.utils.IpSecSpiGenerator;
+import com.android.internal.net.ipsec.ike.utils.RandomnessFactory;
+import com.android.internal.net.ipsec.ike.utils.State;
+import com.android.internal.net.utils.Log;
import org.junit.After;
import org.junit.Before;
@@ -212,14 +172,10 @@
import org.junit.Test;
import org.mockito.ArgumentCaptor;
import org.mockito.invocation.InvocationOnMock;
-import org.mockito.stubbing.Answer;
import java.io.IOException;
import java.net.Inet4Address;
-import java.net.Inet6Address;
import java.net.InetAddress;
-import java.net.UnknownHostException;
-import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.SecureRandom;
@@ -228,11 +184,8 @@
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
-import java.util.HashSet;
import java.util.List;
import java.util.Map;
-import java.util.Random;
-import java.util.Set;
import java.util.concurrent.Executor;
public final class IkeSessionStateMachineTest extends IkeSessionTestBase {
@@ -281,7 +234,7 @@
"2900001c00004005d915368ca036004cb578ae3e3fb268509aeab190";
private static final String FRAGMENTATION_SUPPORTED_PAYLOAD_HEX_STRING = "290000080000402e";
private static final String SIGNATURE_HASH_SUPPORTED_PAYLOAD_HEX_STRING =
- "2b0000100000402f0001000200030004";
+ "2b00000F0000402f0001000200030004";
private static final String DELETE_IKE_PAYLOAD_HEX_STRING = "0000000801000000";
private static final String NOTIFY_REKEY_IKE_PAYLOAD_HEX_STRING = "2100000800004009";
private static final String ID_PAYLOAD_INITIATOR_HEX_STRING =
@@ -333,13 +286,6 @@
private static final IkeIdentification REMOTE_ID_IPV4 =
new IkeIpv4AddrIdentification((Inet4Address) REMOTE_ADDRESS);
- private static final byte PDU_SESSION_ID = (byte) 0x7B;
- private static final String N1_MODE_CAPABILITY_PAYLOAD_DATA = "017B";
- private static final byte[] SNSSAI = {(byte) 456};
-
- private static final byte BACKOFF_TIMER = (byte) 0xAF;
- private static final byte[] BACKOFF_TIMER_DATA = {0x01, BACKOFF_TIMER};
-
private static final int KEY_LEN_IKE_INTE = 20;
private static final int KEY_LEN_IKE_ENCR = 16;
private static final int KEY_LEN_IKE_PRF = 20;
@@ -352,36 +298,16 @@
private static final int PAYLOAD_TYPE_UNSUPPORTED = 127;
- private static final int COOKIE_DATA_LEN = 64;
- private static final int COOKIE2_DATA_LEN = 64;
-
- private static final byte[] COOKIE_DATA = new byte[COOKIE_DATA_LEN];
- private static final byte[] COOKIE2_DATA = new byte[COOKIE2_DATA_LEN];
-
- private static final int NATT_KEEPALIVE_DELAY = 20;
-
- static {
- new Random().nextBytes(COOKIE_DATA);
- new Random().nextBytes(COOKIE2_DATA);
- }
-
private static final long RETRANSMIT_BACKOFF_TIMEOUT_MS = 5000L;
private static final IkeSpiGenerator IKE_SPI_GENERATOR =
new IkeSpiGenerator(createMockRandomFactory());
- private static final Ike3gppParams IKE_3GPP_PARAMS =
- new Ike3gppParams.Builder().setPduSessionId(PDU_SESSION_ID).build();
-
private IkeUdpEncapSocket mSpyIkeUdpEncapSocket;
private IkeUdp4Socket mSpyIkeUdp4Socket;
private IkeUdp6Socket mSpyIkeUdp6Socket;
private IkeSocket mSpyCurrentIkeSocket;
- private LinkAddress mMockLinkAddressGlobalV6;
-
- private IkeNattKeepalive mMockIkeNattKeepalive;
-
private TestLooper mLooper;
private IkeSessionStateMachine mIkeSessionStateMachine;
@@ -418,18 +344,11 @@
private IkeEapAuthenticatorFactory mMockEapAuthenticatorFactory;
private EapAuthenticator mMockEapAuthenticator;
- private IkeLocalAddressGenerator mMockIkeLocalAddressGenerator;
-
- private Ike3gppDataListener mMockIke3gppDataListener;
- private Ike3gppExtension mIke3gppExtension;
-
private X509Certificate mRootCertificate;
private X509Certificate mServerEndCertificate;
private PrivateKey mUserPrivateKey;
private X509Certificate mUserEndCert;
- private LocalRequestFactory mLocalRequestFactory;
-
private ArgumentCaptor<IkeMessage> mIkeMessageCaptor =
ArgumentCaptor.forClass(IkeMessage.class);
private ArgumentCaptor<IkeSaRecordConfig> mIkeSaRecordConfigCaptor =
@@ -439,39 +358,31 @@
private ArgumentCaptor<List<IkePayload>> mPayloadListCaptor =
ArgumentCaptor.forClass(List.class);
- private ReceivedIkePacket makeDummyReceivedIkeInitRespPacket(List<IkePayload> payloadList)
+ private ReceivedIkePacket makeDummyReceivedIkeInitRespPacket(
+ long initiatorSpi,
+ long responderSpi,
+ @IkeHeader.ExchangeType int eType,
+ boolean isResp,
+ boolean fromIkeInit,
+ List<Integer> payloadTypeList,
+ List<String> payloadHexStringList)
throws Exception {
- long dummyInitSpi = 1L;
- long dummyRespSpi = 2L;
+ List<IkePayload> payloadList =
+ hexStrListToIkePayloadList(payloadTypeList, payloadHexStringList, isResp);
// Build a remotely generated NAT_DETECTION_SOURCE_IP payload to mock a remote node's
// network that is not behind NAT.
IkePayload sourceNatPayload =
new IkeNotifyPayload(
NOTIFY_TYPE_NAT_DETECTION_SOURCE_IP,
IkeNotifyPayload.generateNatDetectionData(
- dummyInitSpi,
- dummyRespSpi,
+ initiatorSpi,
+ responderSpi,
REMOTE_ADDRESS,
IkeSocket.SERVER_PORT_UDP_ENCAPSULATED));
payloadList.add(sourceNatPayload);
-
return makeDummyUnencryptedReceivedIkePacket(
- dummyInitSpi,
- dummyRespSpi,
- IkeHeader.EXCHANGE_TYPE_IKE_SA_INIT,
- true /*isResp*/,
- false /*fromIkeInit*/,
- payloadList);
- }
-
- private ReceivedIkePacket makeDummyReceivedIkeInitRespPacket(
- List<Integer> payloadTypeList, List<String> payloadHexStringList) throws Exception {
-
- List<IkePayload> payloadList =
- hexStrListToIkePayloadList(
- payloadTypeList, payloadHexStringList, true /* isResp */);
- return makeDummyReceivedIkeInitRespPacket(payloadList);
+ initiatorSpi, responderSpi, eType, isResp, fromIkeInit, payloadList);
}
private ReceivedIkePacket makeDummyUnencryptedReceivedIkePacket(
@@ -748,8 +659,7 @@
private void mockScheduleRekey(SaLifetimeAlarmScheduler mockSaLifetimeAlarmScheduler) {
IkeLocalRequest rekeyReq =
- mLocalRequestFactory.getIkeLocalRequest(
- IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE);
+ new IkeLocalRequest(IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE);
doAnswer(
(invocation) -> {
mIkeSessionStateMachine.sendMessageDelayed(
@@ -776,18 +686,6 @@
.setEapSimConfig(EAP_SIM_SUB_ID, TelephonyManager.APPTYPE_USIM)
.build();
- mMockIkeLocalAddressGenerator = mock(IkeLocalAddressGenerator.class);
- when(mMockIkeLocalAddressGenerator.generateLocalAddress(
- eq(mMockDefaultNetwork), eq(true /* isIpv4 */), any(), anyInt()))
- .thenReturn(LOCAL_ADDRESS);
- when(mMockIkeLocalAddressGenerator.generateLocalAddress(
- eq(mMockDefaultNetwork), eq(false /* isIpv4 */), any(), anyInt()))
- .thenReturn(LOCAL_ADDRESS_V6);
-
- mMockLinkAddressGlobalV6 = mock(LinkAddress.class);
- when(mMockLinkAddressGlobalV6.getAddress()).thenReturn(UPDATED_LOCAL_ADDRESS_V6);
- when(mMockLinkAddressGlobalV6.isGlobalPreferred()).thenReturn(true);
-
mMockEapAuthenticatorFactory = mock(IkeEapAuthenticatorFactory.class);
mMockEapAuthenticator = mock(EapAuthenticator.class);
doReturn(mMockEapAuthenticator)
@@ -825,8 +723,6 @@
mMockIkeSessionCallback = mock(IkeSessionCallback.class);
mMockChildSessionCallback = mock(ChildSessionCallback.class);
- mLocalRequestFactory = new LocalRequestFactory();
-
mLooper = new TestLooper();
mMockChildSessionStateMachine = mock(ChildSessionStateMachine.class);
@@ -851,10 +747,6 @@
mExpectedCurrentSaLocalReqMsgId = 0;
mExpectedCurrentSaRemoteReqMsgId = 0;
-
- mMockIke3gppDataListener = mock(Ike3gppDataListener.class);
-
- mMockIkeNattKeepalive = mock(IkeNattKeepalive.class);
}
@After
@@ -876,71 +768,36 @@
private IkeSessionStateMachine makeAndStartIkeSession(IkeSessionParams ikeParams)
throws Exception {
- return makeAndStartIkeSession(ikeParams, true /* needSetMockIkeSocket */);
- }
-
- private IkeSessionStateMachine makeAndStartIkeSession(
- IkeSessionParams ikeParams, boolean needSetMockIkeSocket) throws Exception {
- return makeAndStartIkeSession(
- ikeParams, needSetMockIkeSocket, LOCAL_ADDRESS, REMOTE_ADDRESS);
- }
-
- private IkeSessionStateMachine makeAndStartIkeSession(
- IkeSessionParams ikeParams,
- boolean needSetMockIkeSocket,
- InetAddress localAddress,
- InetAddress expectedRemoteAddress)
- throws Exception {
IkeSessionStateMachine ikeSession =
new IkeSessionStateMachine(
mLooper.getLooper(),
mSpyContext,
mIpSecManager,
- mMockConnectManager,
ikeParams,
mChildSessionParams,
mSpyUserCbExecutor,
mMockIkeSessionCallback,
mMockChildSessionCallback,
- mMockEapAuthenticatorFactory,
- mMockIkeLocalAddressGenerator,
- mLocalRequestFactory);
+ mMockEapAuthenticatorFactory);
ikeSession.setDbg(true);
mLooper.dispatchAll();
- ikeSession.mLocalAddress = localAddress;
- assertEquals(expectedRemoteAddress, ikeSession.mRemoteAddress);
+ ikeSession.mLocalAddress = LOCAL_ADDRESS;
+ assertEquals(REMOTE_ADDRESS, ikeSession.mRemoteAddress);
- if (ikeParams.getConfiguredNetwork() == null) {
- verify(mMockConnectManager, atLeast(1)).getActiveNetwork();
- } else {
- verify(mMockConnectManager, never()).getActiveNetwork();
- }
+ // Setup socket instances used by the IkeSessionStateMachine
+ // TODO: rename these from spy to mock.
+ mSpyIkeUdp4Socket = mock(IkeUdp4Socket.class);
+ mSpyIkeUdp6Socket = mock(IkeUdp6Socket.class);
+ mSpyIkeUdpEncapSocket = mock(IkeUdpEncapSocket.class);
- if (needSetMockIkeSocket) {
- // Setup socket instances used by the IkeSessionStateMachine
- // TODO: rename these from spy to mock.
- mSpyIkeUdp4Socket = mock(IkeUdp4Socket.class);
- mSpyIkeUdp6Socket = mock(IkeUdp6Socket.class);
- mSpyIkeUdpEncapSocket = mock(IkeUdpEncapSocket.class);
+ doNothing().when(mSpyIkeUdp4Socket).sendIkePacket(any(), any());
+ doNothing().when(mSpyIkeUdp6Socket).sendIkePacket(any(), any());
+ doNothing().when(mSpyIkeUdpEncapSocket).sendIkePacket(any(), any());
- doNothing().when(mSpyIkeUdp4Socket).sendIkePacket(any(), any());
- doNothing().when(mSpyIkeUdp6Socket).sendIkePacket(any(), any());
- doNothing().when(mSpyIkeUdpEncapSocket).sendIkePacket(any(), any());
-
- // Always start with unencap'd socket.
- if (expectedRemoteAddress instanceof Inet6Address) {
- mSpyCurrentIkeSocket = mSpyIkeUdp6Socket;
- } else {
- mSpyCurrentIkeSocket = mSpyIkeUdp4Socket;
- }
- ikeSession.mIkeSocket = mSpyCurrentIkeSocket;
- }
-
- doReturn(SERVER_PORT_NON_UDP_ENCAPSULATED).when(mSpyIkeUdp4Socket).getIkeServerPort();
- doReturn(SERVER_PORT_NON_UDP_ENCAPSULATED).when(mSpyIkeUdp6Socket).getIkeServerPort();
- doReturn(SERVER_PORT_UDP_ENCAPSULATED).when(mSpyIkeUdpEncapSocket).getIkeServerPort();
-
+ // Always start with unencap'd socket.
+ mSpyCurrentIkeSocket = mSpyIkeUdp4Socket;
+ ikeSession.mIkeSocket = mSpyCurrentIkeSocket;
return ikeSession;
}
@@ -963,7 +820,7 @@
private IkeSessionParams.Builder buildIkeSessionParamsCommon() throws Exception {
return new IkeSessionParams.Builder(mMockConnectManager)
- .setServerHostname(REMOTE_HOSTNAME)
+ .setServerHostname(REMOTE_ADDRESS.getHostAddress())
.addSaProposal(buildSaProposal())
.setLocalIdentification(LOCAL_ID_IPV4)
.setRemoteIdentification(REMOTE_ID_FQDN)
@@ -993,28 +850,6 @@
.build();
}
- private IkeSessionParams buildIkeSessionParamsIke3gppExtension(byte pduSessionId)
- throws Exception {
- Ike3gppExtension ike3gppExtension =
- new Ike3gppExtension(
- new Ike3gppParams.Builder().setPduSessionId(pduSessionId).build(),
- mMockIke3gppDataListener);
- return buildIkeSessionParamsCommon()
- .setAuthPsk(mPsk)
- .setIke3gppExtension(ike3gppExtension)
- .build();
- }
-
- private IkeSessionParams buildIkeSessionParamsWithIkeOptions(int... ikeOptions)
- throws Exception {
- IkeSessionParams.Builder builder = buildIkeSessionParamsCommon().setAuthPsk(mPsk);
- for (int option : ikeOptions) {
- builder.addIkeOption(option);
- }
-
- return builder.build();
- }
-
private ChildSessionParams buildChildSessionParams() throws Exception {
ChildSaProposal saProposal =
new ChildSaProposal.Builder()
@@ -1030,44 +865,39 @@
.build();
}
- // Common IKE INIT response
private ReceivedIkePacket makeIkeInitResponse() throws Exception {
- List<Integer> payloadTypeList = new ArrayList<>();
- List<String> payloadHexStringList = new ArrayList<>();
-
- payloadTypeList.add(IkePayload.PAYLOAD_TYPE_NOTIFY);
- payloadTypeList.add(IkePayload.PAYLOAD_TYPE_NOTIFY);
- payloadTypeList.add(IkePayload.PAYLOAD_TYPE_NOTIFY);
- payloadTypeList.add(IkePayload.PAYLOAD_TYPE_NOTIFY);
- payloadTypeList.add(IkePayload.PAYLOAD_TYPE_VENDOR);
-
- payloadHexStringList.add(NAT_DETECTION_SOURCE_PAYLOAD_HEX_STRING);
- payloadHexStringList.add(NAT_DETECTION_DESTINATION_PAYLOAD_HEX_STRING);
- payloadHexStringList.add(FRAGMENTATION_SUPPORTED_PAYLOAD_HEX_STRING);
- payloadHexStringList.add(SIGNATURE_HASH_SUPPORTED_PAYLOAD_HEX_STRING);
- payloadHexStringList.add(VENDOR_ID_PAYLOAD_HEX_STRING);
-
- return makeIkeInitResponseWithRequiredPayloads(payloadTypeList, payloadHexStringList);
- }
-
- // Simplest IKE INIT response that does not include any optional payloads
- private ReceivedIkePacket makeIkeInitResponseWithRequiredPayloads(
- List<Integer> optionalPayloadTypes, List<String> optionalPayloadHexStrings)
- throws Exception {
+ // TODO: Build real IKE INIT response when IKE INIT response validation is implemented.
List<Integer> payloadTypeList = new ArrayList<>();
List<String> payloadHexStringList = new ArrayList<>();
payloadTypeList.add(IkePayload.PAYLOAD_TYPE_SA);
payloadTypeList.add(IkePayload.PAYLOAD_TYPE_KE);
payloadTypeList.add(IkePayload.PAYLOAD_TYPE_NONCE);
- payloadTypeList.addAll(optionalPayloadTypes);
+ payloadTypeList.add(IkePayload.PAYLOAD_TYPE_NOTIFY);
+ payloadTypeList.add(IkePayload.PAYLOAD_TYPE_NOTIFY);
+ payloadTypeList.add(IkePayload.PAYLOAD_TYPE_NOTIFY);
+ payloadTypeList.add(IkePayload.PAYLOAD_TYPE_NOTIFY);
+ payloadTypeList.add(IkePayload.PAYLOAD_TYPE_VENDOR);
payloadHexStringList.add(IKE_SA_PAYLOAD_HEX_STRING);
payloadHexStringList.add(KE_PAYLOAD_HEX_STRING);
payloadHexStringList.add(NONCE_RESP_PAYLOAD_HEX_STRING);
- payloadHexStringList.addAll(optionalPayloadHexStrings);
+ payloadHexStringList.add(NAT_DETECTION_SOURCE_PAYLOAD_HEX_STRING);
+ payloadHexStringList.add(NAT_DETECTION_DESTINATION_PAYLOAD_HEX_STRING);
+ payloadHexStringList.add(FRAGMENTATION_SUPPORTED_PAYLOAD_HEX_STRING);
+ payloadHexStringList.add(SIGNATURE_HASH_SUPPORTED_PAYLOAD_HEX_STRING);
+ payloadHexStringList.add(VENDOR_ID_PAYLOAD_HEX_STRING);
+ // In each test assign different IKE responder SPI in IKE INIT response to avoid remote SPI
+ // collision during response validation.
+ // STOPSHIP: b/131617794 allow #mockIkeSetup to be independent in each test after we can
+ // support IkeSession cleanup.
return makeDummyReceivedIkeInitRespPacket(
+ 1L /*initiator SPI*/,
+ 2L /*responder SPI*/,
+ IkeHeader.EXCHANGE_TYPE_IKE_SA_INIT,
+ true /*isResp*/,
+ false /*fromIkeInit*/,
payloadTypeList,
payloadHexStringList);
}
@@ -1214,15 +1044,6 @@
dummyIkePacketBytes);
}
- private ReceivedIkePacket makeRoutabilityCheckIkeRequest() throws Exception {
- IkeNotifyPayload cookie2Notify = new IkeNotifyPayload(NOTIFY_TYPE_COOKIE2, COOKIE2_DATA);
- return makeDummyEncryptedReceivedIkePacketWithPayloadList(
- mSpyCurrentIkeSaRecord,
- EXCHANGE_TYPE_INFORMATIONAL,
- false /*isResp*/,
- Arrays.asList(cookie2Notify));
- }
-
private ReceivedIkePacket makeRekeyIkeRequest() throws Exception {
IkeSaPayload saPayload =
(IkeSaPayload)
@@ -1243,15 +1064,6 @@
return makeRekeyIkeRequest(saPayload);
}
- private ReceivedIkePacket makeRekeyIkeRequestWithPayloads(List<IkePayload> payloads)
- throws Exception {
- return makeDummyEncryptedReceivedIkePacketWithPayloadList(
- mSpyCurrentIkeSaRecord,
- IkeHeader.EXCHANGE_TYPE_CREATE_CHILD_SA,
- false /*isResp*/,
- payloads);
- }
-
private ReceivedIkePacket makeRekeyIkeRequest(IkeSaPayload saPayload) throws Exception {
List<Integer> payloadTypeList = new ArrayList<>();
List<String> payloadHexStringList = new ArrayList<>();
@@ -1266,7 +1078,11 @@
hexStrListToIkePayloadList(payloadTypeList, payloadHexStringList, false /*isResp*/);
payloadList.add(saPayload);
- return makeRekeyIkeRequestWithPayloads(payloadList);
+ return makeDummyEncryptedReceivedIkePacketWithPayloadList(
+ mSpyCurrentIkeSaRecord,
+ IkeHeader.EXCHANGE_TYPE_CREATE_CHILD_SA,
+ false /*isResp*/,
+ payloadList);
}
private ReceivedIkePacket makeDeleteIkeRequest(IkeSaRecord saRecord) throws Exception {
@@ -1387,10 +1203,6 @@
.encryptAndEncode(any(), any(), any(), any(), anyBoolean(), anyInt());
}
- private void resetSpyUserCbExecutor() {
- reset(mSpyUserCbExecutor);
- }
-
@Test
public void testQuit() {
mIkeSessionStateMachine.quit();
@@ -1471,81 +1283,18 @@
config.respSpi.close();
}
- private void setupDnsResolutionForNetwork(
- Network network, int dnsLookupsForSuccess, InetAddress remoteAddress)
- throws Exception {
- doAnswer(new Answer() {
- private int mAttempedDnsLookups = 0;
-
- public Object answer(InvocationOnMock invocation) throws IOException {
- mAttempedDnsLookups++;
- if (mAttempedDnsLookups < dnsLookupsForSuccess) {
- throw new UnknownHostException("DNS failed");
- } else {
- return new InetAddress[] {remoteAddress};
- }
- }
- }).when(network).getAllByName(REMOTE_HOSTNAME);
- }
-
- private void setupAndVerifyDnsResolutionForIkeSession(
- int dnsLookupsForSuccess, int expectedDnsLookups, boolean expectSessionClosed)
- throws Exception {
+ @Test
+ public void testResolveRemoteHostName() throws Exception {
mIkeSessionStateMachine.quitNow();
- // Reset the network to ignore DNS resolution from mIkeSessionStateMachine creation in
- // setUp()
- resetDefaultNetwork();
-
- setupDnsResolutionForNetwork(mMockDefaultNetwork, dnsLookupsForSuccess, REMOTE_ADDRESS);
-
IkeSessionParams ikeParams =
buildIkeSessionParamsCommon()
.setAuthPsk(mPsk)
.setServerHostname(REMOTE_HOSTNAME)
.build();
- mIkeSessionStateMachine =
- makeAndStartIkeSession(
- ikeParams,
- false /* needSetMockIkeSocket */,
- LOCAL_ADDRESS,
- expectSessionClosed ? null : REMOTE_ADDRESS);
+ mIkeSessionStateMachine = makeAndStartIkeSession(ikeParams);
- verify(mMockDefaultNetwork, times(expectedDnsLookups)).getAllByName(REMOTE_HOSTNAME);
- if (expectSessionClosed) {
- assertNull(mIkeSessionStateMachine.getCurrentState());
- verify(mMockIkeSessionCallback)
- .onClosedWithException(
- argThat(
- e ->
- e instanceof IkeInternalException
- && e.getCause() instanceof IOException));
- }
- }
-
- @Test
- public void testResolveRemoteHostName() throws Exception {
- setupAndVerifyDnsResolutionForIkeSession(
- 1 /* dnsLookupsForSuccess */,
- 1 /* expectedDnsLookups */,
- false /* expectSessionClosed */);
- }
-
- @Test
- public void testResolveRemoteHostNameWithDnsRetries() throws Exception {
- setupAndVerifyDnsResolutionForIkeSession(
- 2 /* dnsLookupsForSuccess */,
- 2 /* expectedDnsLookups */,
- false /* expectSessionClosed */);
- }
-
- @Test
- public void testResolveRemoteHostNameWithDnsFailure() throws Exception {
- // Require more lookups for successful DNS than IKE allows to force failure
- setupAndVerifyDnsResolutionForIkeSession(
- 4 /* dnsLookupsForSuccess */,
- 3 /* expectedDnsLookups */,
- true /* expectSessionClosed */);
+ verify(mMockDefaultNetwork).getByName(REMOTE_HOSTNAME);
}
@Test
@@ -1586,6 +1335,11 @@
// Send back a INVALID_KE_PAYLOAD, and verify that the selected DH group changes
ReceivedIkePacket resp =
makeDummyReceivedIkeInitRespPacket(
+ 1L /*initiator SPI*/,
+ 2L /*responder SPI*/,
+ IkeHeader.EXCHANGE_TYPE_IKE_SA_INIT,
+ true /*isResp*/,
+ false /*fromIkeInit*/,
Arrays.asList(IkePayload.PAYLOAD_TYPE_NOTIFY),
Arrays.asList(INVALID_KE_PAYLOAD_HEX_STRING));
mIkeSessionStateMachine.sendMessage(IkeSessionStateMachine.CMD_RECEIVE_IKE_PACKET, resp);
@@ -1595,82 +1349,6 @@
SaProposal.DH_GROUP_2048_BIT_MODP, mIkeSessionStateMachine.mPeerSelectedDhGroup);
}
- private ReceivedIkePacket getIkeInitRespWithCookie() throws Exception {
- IkeNotifyPayload inCookieNotify = new IkeNotifyPayload(NOTIFY_TYPE_COOKIE, COOKIE_DATA);
- List<IkePayload> payloads = new ArrayList<>();
- payloads.add(inCookieNotify);
- return makeDummyReceivedIkeInitRespPacket(payloads);
- }
-
- @Test
- public void testCreateIkeLocalIkeInitReceivesCookie() throws Exception {
- setupFirstIkeSa();
-
- mIkeSessionStateMachine.sendMessage(IkeSessionStateMachine.CMD_LOCAL_REQUEST_CREATE_IKE);
- mLooper.dispatchAll();
-
- // Encode 2 times: one for mIkeInitRequestBytes and one for sending packets
- verify(mMockIkeMessageHelper, times(2)).encode(mIkeMessageCaptor.capture());
- IkeMessage originalReqMsg = mIkeMessageCaptor.getValue();
- List<IkePayload> originalPayloadList = originalReqMsg.ikePayloadList;
-
- // Reset to forget sending original IKE INIT request
- resetMockIkeMessageHelper();
-
- // Send back a Notify-Cookie
- ReceivedIkePacket resp = getIkeInitRespWithCookie();
- mIkeSessionStateMachine.sendMessage(IkeSessionStateMachine.CMD_RECEIVE_IKE_PACKET, resp);
- mLooper.dispatchAll();
-
- // Verify retry IKE INIT request
- verify(mMockIkeMessageHelper, times(2)).encode(mIkeMessageCaptor.capture());
- IkeMessage ikeInitReqMessage = mIkeMessageCaptor.getValue();
- List<IkePayload> payloadList = ikeInitReqMessage.ikePayloadList;
-
- IkeNotifyPayload outCookieNotify = (IkeNotifyPayload) payloadList.get(0);
- assertEquals(NOTIFY_TYPE_COOKIE, outCookieNotify.notifyType);
- assertArrayEquals(COOKIE_DATA, outCookieNotify.notifyData);
-
- // First 4 payloads MUST follow RFC 4306 so that IKE library can be compatible with old
- // implementations.
- int[] expectedPayloadType =
- new int[] {
- PAYLOAD_TYPE_NOTIFY, PAYLOAD_TYPE_SA, PAYLOAD_TYPE_KE, PAYLOAD_TYPE_NONCE
- };
- int len = expectedPayloadType.length;
- for (int i = 0; i < len; i++) {
- assertEquals(expectedPayloadType[i], payloadList.get(i).payloadType);
- }
-
- assertEquals(originalPayloadList, payloadList.subList(1, payloadList.size()));
-
- assertTrue(
- mIkeSessionStateMachine.getCurrentState()
- instanceof IkeSessionStateMachine.CreateIkeLocalIkeInit);
- }
-
- @Test
- public void testCreateIkeLocalIkeInitRcvRespAfterRcvCookie() throws Exception {
- setupFirstIkeSa();
-
- mIkeSessionStateMachine.sendMessage(IkeSessionStateMachine.CMD_LOCAL_REQUEST_CREATE_IKE);
- mLooper.dispatchAll();
-
- // Receive IKE INIT response with Cookie
- mIkeSessionStateMachine.sendMessage(
- IkeSessionStateMachine.CMD_RECEIVE_IKE_PACKET, getIkeInitRespWithCookie());
-
- // Receive IKE INIT response
- mIkeSessionStateMachine.sendMessage(
- IkeSessionStateMachine.CMD_RECEIVE_IKE_PACKET, makeIkeInitResponse());
- mLooper.dispatchAll();
-
- assertTrue(
- mIkeSessionStateMachine.getCurrentState()
- instanceof IkeSessionStateMachine.CreateIkeLocalIkeAuth);
- verifyIkeSaNegotiationResult();
- }
-
@Test
public void testCreateIkeLocalIkeInitSwitchesToEncapPorts() throws Exception {
setupFirstIkeSa();
@@ -1685,81 +1363,25 @@
// Validate socket switched
assertTrue(mIkeSessionStateMachine.mIkeSocket instanceof IkeUdpEncapSocket);
- assertTrue(mIkeSessionStateMachine.mHasCheckedNattSupport);
- assertTrue(mIkeSessionStateMachine.mSupportNatTraversal);
- assertTrue(
- mIkeSessionStateMachine.mLocalNatDetected
- || mIkeSessionStateMachine.mRemoteNatDetected);
verify(mSpyIkeUdp4Socket).unregisterIke(anyLong());
}
- private void restartIkeSessionWithEnforcePort4500AndVerifyIkeSocket() throws Exception {
- // Quit and start a new IKE Session with IKE_OPTION_FORCE_PORT_4500
- mIkeSessionStateMachine.quitNow();
- IkeSessionParams ikeParams =
- buildIkeSessionParamsWithIkeOptions(IKE_OPTION_FORCE_PORT_4500);
- mIkeSessionStateMachine =
- makeAndStartIkeSession(ikeParams, false /* needSetMockIkeSocket */);
- mLooper.dispatchAll();
-
- assertTrue(mIkeSessionStateMachine.mIkeSocket instanceof IkeUdpEncapSocket);
- }
-
- @Test
- public void testInitialStateWithEnforcePort4500() throws Exception {
- restartIkeSessionWithEnforcePort4500AndVerifyIkeSocket();
- }
-
- @Test
- public void testCreateIkeLocalIkeInitNatTraversalWithEnforcePort4500() throws Exception {
- restartIkeSessionWithEnforcePort4500AndVerifyIkeSocket();
+ @Ignore
+ public void disableTestCreateIkeLocalIkeInit() throws Exception {
setupFirstIkeSa();
- final IkeSocket ikeSocket = mIkeSessionStateMachine.mIkeSocket;
-
- mIkeSessionStateMachine.sendMessage(IkeSessionStateMachine.CMD_LOCAL_REQUEST_CREATE_IKE);
- mLooper.dispatchAll();
-
- receiveAndGetIkeInitResp();
-
- assertEquals(ikeSocket, mIkeSessionStateMachine.mIkeSocket);
- assertTrue(mIkeSessionStateMachine.mHasCheckedNattSupport);
- assertTrue(mIkeSessionStateMachine.mSupportNatTraversal);
- assertTrue(mIkeSessionStateMachine.mLocalNatDetected);
- assertTrue(
- mIkeSessionStateMachine.mLocalNatDetected
- || mIkeSessionStateMachine.mRemoteNatDetected);
- }
-
- @Test
- public void testCreateIkeLocalIkeInitNatTraversalNotSupported() throws Exception {
- setupFirstIkeSa();
- mIkeSessionStateMachine.sendMessage(IkeSessionStateMachine.CMD_LOCAL_REQUEST_CREATE_IKE);
- mLooper.dispatchAll();
-
- // Receive IKE INIT response
- ReceivedIkePacket dummyReceivedIkePacket =
- makeIkeInitResponseWithRequiredPayloads(
- Collections.emptyList(), Collections.emptyList());
- mIkeSessionStateMachine.sendMessage(
- IkeSessionStateMachine.CMD_RECEIVE_IKE_PACKET, dummyReceivedIkePacket);
- mLooper.dispatchAll();
-
- // Validate socket switched
- assertEquals(mSpyIkeUdp4Socket, mIkeSessionStateMachine.mIkeSocket);
- assertTrue(mIkeSessionStateMachine.mHasCheckedNattSupport);
- assertFalse(mIkeSessionStateMachine.mSupportNatTraversal);
- assertFalse(mIkeSessionStateMachine.mLocalNatDetected);
- assertFalse(mIkeSessionStateMachine.mRemoteNatDetected);
- verify(mSpyIkeUdp4Socket, never()).unregisterIke(anyLong());
- }
-
- private void triggerAndVerifyIkeInitReq(boolean expectingNatDetection) throws Exception {
// Send IKE INIT request
mIkeSessionStateMachine.sendMessage(IkeSessionStateMachine.CMD_LOCAL_REQUEST_CREATE_IKE);
mLooper.dispatchAll();
verifyRetransmissionStarted();
+ // Receive IKE INIT response
+ ReceivedIkePacket dummyReceivedIkePacket = makeIkeInitResponse();
+ mIkeSessionStateMachine.sendMessage(
+ IkeSessionStateMachine.CMD_RECEIVE_IKE_PACKET, dummyReceivedIkePacket);
+ mLooper.dispatchAll();
+ verifyIncrementLocaReqMsgId();
+
// Validate outbound IKE INIT request
verify(mMockIkeMessageHelper, times(2)).encode(mIkeMessageCaptor.capture());
IkeMessage ikeInitReqMessage = mIkeMessageCaptor.getValue();
@@ -1773,67 +1395,11 @@
assertTrue(isIkePayloadExist(payloadList, IkePayload.PAYLOAD_TYPE_SA));
assertTrue(isIkePayloadExist(payloadList, IkePayload.PAYLOAD_TYPE_KE));
assertTrue(isIkePayloadExist(payloadList, IkePayload.PAYLOAD_TYPE_NONCE));
+ assertTrue(isNotifyExist(payloadList, NOTIFY_TYPE_NAT_DETECTION_SOURCE_IP));
+ assertTrue(isNotifyExist(payloadList, NOTIFY_TYPE_NAT_DETECTION_DESTINATION_IP));
assertTrue(isNotifyExist(payloadList, NOTIFY_TYPE_IKEV2_FRAGMENTATION_SUPPORTED));
assertTrue(isNotifyExist(payloadList, NOTIFY_TYPE_SIGNATURE_HASH_ALGORITHMS));
- assertEquals(
- expectingNatDetection,
- isNotifyExist(payloadList, NOTIFY_TYPE_NAT_DETECTION_SOURCE_IP));
- assertEquals(
- expectingNatDetection,
- isNotifyExist(payloadList, NOTIFY_TYPE_NAT_DETECTION_DESTINATION_IP));
- }
-
- private ReceivedIkePacket receiveAndGetIkeInitResp() throws Exception {
- ReceivedIkePacket dummyReceivedIkePacket = makeIkeInitResponse();
- mIkeSessionStateMachine.sendMessage(
- IkeSessionStateMachine.CMD_RECEIVE_IKE_PACKET, dummyReceivedIkePacket);
- mLooper.dispatchAll();
- verifyIncrementLocaReqMsgId();
- return dummyReceivedIkePacket;
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testCreateIkeLocalIkeInitWithoutIpv6NatD() throws Exception {
- mIkeSessionStateMachine.quitNow();
- resetMockConnectManager();
- resetMockIkeMessageHelper();
-
- // Restart mIkeSessionStateMachine so it uses IPv6 addresses
- final Network v6OnlyNetwork =
- mockNewNetworkAndAddress(false /* isIpv4 */, LOCAL_ADDRESS_V6, REMOTE_ADDRESS_V6);
- final IkeSessionParams params =
- buildIkeSessionParamsCommon()
- .setAuthPsk(mPsk)
- .setNetwork(v6OnlyNetwork)
- .addIkeOption(IKE_OPTION_MOBIKE)
- .build();
- mIkeSessionStateMachine =
- makeAndStartIkeSession(
- params,
- true /* needSetMockIkeSocket */,
- LOCAL_ADDRESS_V6,
- REMOTE_ADDRESS_V6);
- setupFirstIkeSa();
-
- triggerAndVerifyIkeInitReq(false /* expectingNatDetection */);
- receiveAndGetIkeInitResp();
-
- assertTrue(mIkeSessionStateMachine.mIkeSocket instanceof IkeUdp6Socket);
- assertFalse(mIkeSessionStateMachine.mHasCheckedNattSupport);
- assertFalse(mIkeSessionStateMachine.mSupportNatTraversal);
- assertFalse(mIkeSessionStateMachine.mLocalNatDetected);
- assertFalse(mIkeSessionStateMachine.mRemoteNatDetected);
- }
-
- @Ignore
- public void disableTestCreateIkeLocalIkeInit() throws Exception {
- setupFirstIkeSa();
-
- triggerAndVerifyIkeInitReq(true /* expectingNatDetection */);
- final ReceivedIkePacket dummyReceivedIkePacket = receiveAndGetIkeInitResp();
-
verify(mSpyCurrentIkeSocket)
.registerIke(eq(mSpyCurrentIkeSaRecord.getLocalSpi()), eq(mIkeSessionStateMachine));
@@ -1843,10 +1409,7 @@
mIkeSessionStateMachine.getCurrentState()
instanceof IkeSessionStateMachine.CreateIkeLocalIkeAuth);
verifyRetransmissionStarted();
- verifyIkeSaNegotiationResult();
- }
- private void verifyIkeSaNegotiationResult() throws Exception {
// Validate negotiated SA proposal.
IkeSaProposal negotiatedProposal = mIkeSessionStateMachine.mSaProposal;
assertNotNull(negotiatedProposal);
@@ -1873,10 +1436,8 @@
assertNotNull(ikeSaRecordConfig.saLifetimeAlarmScheduler);
// Validate NAT detection
- assertTrue(mIkeSessionStateMachine.mLocalNatDetected);
- assertTrue(mIkeSessionStateMachine.mRemoteNatDetected);
- assertTrue(mIkeSessionStateMachine.mHasCheckedNattSupport);
- assertTrue(mIkeSessionStateMachine.mSupportNatTraversal);
+ assertTrue(mIkeSessionStateMachine.mIsLocalBehindNat);
+ assertFalse(mIkeSessionStateMachine.mIsRemoteBehindNat);
// Validate vendor IDs
List<byte[]> vendorIds = new ArrayList<>();
@@ -1888,13 +1449,6 @@
assertEquals(
Arrays.asList(EXTENSION_TYPE_FRAGMENTATION),
mIkeSessionStateMachine.mEnabledExtensions);
-
- // Validate Signature Hash Algorithms received in IKE INIT response
- Set<Short> expectedHashAlgos = new HashSet<Short>();
- for (short algo : IkeAuthDigitalSignPayload.ALL_SIGNATURE_ALGO_TYPES) {
- expectedHashAlgos.add(algo);
- }
- assertEquals(expectedHashAlgos, mIkeSessionStateMachine.mPeerSignatureHashAlgorithms);
}
private void setIkeInitResults() throws Exception {
@@ -1904,16 +1458,12 @@
mIkeSessionStateMachine.mSaProposal = buildNegotiatedSaProposal();
mIkeSessionStateMachine.mCurrentIkeSaRecord = mSpyCurrentIkeSaRecord;
mIkeSessionStateMachine.mLocalAddress = LOCAL_ADDRESS;
- mIkeSessionStateMachine.mHasCheckedNattSupport = true;
- mIkeSessionStateMachine.mSupportNatTraversal = true;
- mIkeSessionStateMachine.mLocalNatDetected = true;
- mIkeSessionStateMachine.mRemoteNatDetected = false;
- mIkeSessionStateMachine.mIkeNattKeepalive = mMockIkeNattKeepalive;
+ mIkeSessionStateMachine.mIsLocalBehindNat = true;
+ mIkeSessionStateMachine.mIsRemoteBehindNat = false;
mIkeSessionStateMachine.mSupportFragment = true;
mIkeSessionStateMachine.mRemoteVendorIds =
Arrays.asList(REMOTE_VENDOR_ID_ONE, REMOTE_VENDOR_ID_TWO);
- mIkeSessionStateMachine.mEnabledExtensions = new ArrayList<>();
- mIkeSessionStateMachine.mEnabledExtensions.add(EXTENSION_TYPE_FRAGMENTATION);
+ mIkeSessionStateMachine.mEnabledExtensions = Arrays.asList(EXTENSION_TYPE_FRAGMENTATION);
mIkeSessionStateMachine.addIkeSaRecord(mSpyCurrentIkeSaRecord);
mSpyCurrentIkeSocket = mSpyIkeUdpEncapSocket;
@@ -1969,7 +1519,7 @@
eq(mLooper.getLooper()),
eq(mSpyContext),
anyInt(),
- any(Handler.class),
+ any(AlarmManager.class),
any(RandomnessFactory.class),
any(IpSecSpiGenerator.class),
eq(mChildSessionParams),
@@ -2005,7 +1555,7 @@
mIkeSessionStateMachine.sendMessage(
IkeSessionStateMachine.CMD_EXECUTE_LOCAL_REQ,
- mLocalRequestFactory.getChildLocalRequest(
+ new ChildLocalRequest(
IkeSessionStateMachine.CMD_LOCAL_REQUEST_CREATE_CHILD,
childCallback,
mChildSessionParams));
@@ -2020,7 +1570,6 @@
eq(REMOTE_ADDRESS),
any(), // udpEncapSocket
eq(mIkeSessionStateMachine.mIkePrf),
- eq(mIkeSessionStateMachine.mSaProposal.getDhGroupTransforms()[0].id),
any()); // sk_d
// Once for initial child, a second time for the additional child.
@@ -2029,7 +1578,7 @@
eq(mLooper.getLooper()),
eq(mSpyContext),
anyInt(),
- any(Handler.class),
+ any(AlarmManager.class),
any(RandomnessFactory.class),
any(IpSecSpiGenerator.class),
eq(mChildSessionParams),
@@ -2093,7 +1642,7 @@
mIkeSessionStateMachine.sendMessage(
IkeSessionStateMachine.CMD_EXECUTE_LOCAL_REQ,
- mLocalRequestFactory.getChildLocalRequest(
+ new ChildLocalRequest(
IkeSessionStateMachine.CMD_LOCAL_REQUEST_DELETE_CHILD,
mMockChildSessionCallback,
null /*childParams*/));
@@ -2112,7 +1661,7 @@
mIkeSessionStateMachine.sendMessage(
IkeSessionStateMachine.CMD_EXECUTE_LOCAL_REQ,
- mLocalRequestFactory.getChildLocalRequest(
+ new ChildLocalRequest(
IkeSessionStateMachine.CMD_LOCAL_REQUEST_DELETE_CHILD,
mock(ChildSessionCallback.class),
null /*childParams*/));
@@ -2128,7 +1677,7 @@
mIkeSessionStateMachine.sendMessage(
IkeSessionStateMachine.CMD_EXECUTE_LOCAL_REQ,
- mLocalRequestFactory.getChildLocalRequest(
+ new ChildLocalRequest(
IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_CHILD,
mMockChildSessionCallback,
null /*childParams*/));
@@ -2427,10 +1976,9 @@
}
@Test
- public void testRemoteRekeyChild() throws Exception {
+ public void testTriggerRemoteRekeyChild() throws Exception {
setupIdleStateMachine();
- // Receive Rekey Create request
mIkeSessionStateMachine.sendMessage(
CMD_RECEIVE_IKE_PACKET,
makeRekeyChildCreateMessage(false /*isResp*/, CHILD_SPI_REMOTE));
@@ -2444,49 +1992,6 @@
assertTrue(
mIkeSessionStateMachine.getCurrentState()
instanceof IkeSessionStateMachine.ChildProcedureOngoing);
-
- // Send Rekey Create response
- List<IkePayload> mockRekeyCreatePayloads = Arrays.asList(mock(IkePayload.class));
- mDummyChildSmCallback.onOutboundPayloadsReady(
- IkeHeader.EXCHANGE_TYPE_CREATE_CHILD_SA,
- true /*isResp*/,
- mockRekeyCreatePayloads,
- mMockChildSessionStateMachine);
- mLooper.dispatchAll();
-
- IkeMessage rekeyCreateResp =
- verifyAndGetOutboundEncryptedResp(IkeHeader.EXCHANGE_TYPE_CREATE_CHILD_SA);
- assertEquals(mockRekeyCreatePayloads, rekeyCreateResp.ikePayloadList);
-
- // Forget sending Rekey Create response
- resetMockIkeMessageHelper();
-
- // Receive Delete Child Request
- IkeDeletePayload[] inboundDelPayloads =
- new IkeDeletePayload[] {new IkeDeletePayload(new int[] {CHILD_SPI_REMOTE})};
- mIkeSessionStateMachine.sendMessage(
- IkeSessionStateMachine.CMD_RECEIVE_IKE_PACKET,
- makeDeleteChildPacket(inboundDelPayloads, false /*isResp*/));
- mLooper.dispatchAll();
-
- verify(mMockChildSessionStateMachine)
- .receiveRequest(
- eq(IKE_EXCHANGE_SUBTYPE_DELETE_CHILD),
- eq(EXCHANGE_TYPE_INFORMATIONAL),
- any(List.class));
-
- // Send Rekey Delete response
- List<IkePayload> mockRekeyDeletePayloads = Arrays.asList(mock(IkePayload.class));
- mDummyChildSmCallback.onOutboundPayloadsReady(
- IkeHeader.EXCHANGE_TYPE_INFORMATIONAL,
- true /*isResp*/,
- mockRekeyDeletePayloads,
- mMockChildSessionStateMachine);
- mLooper.dispatchAll();
-
- IkeMessage rekeyDeleteResp =
- verifyAndGetOutboundEncryptedResp(IkeHeader.EXCHANGE_TYPE_INFORMATIONAL);
- assertEquals(mockRekeyDeletePayloads, rekeyDeleteResp.ikePayloadList);
}
@Test
@@ -2659,10 +2164,7 @@
respIdPayload,
authRelatedPayloads,
hasChildPayloads,
- hasConfigPayloadInResp,
- false /* isMobikeEnabled */,
- true /* isIpv4 */,
- 0 /* ike3gppCallbackInvocations */);
+ hasConfigPayloadInResp);
verify(spyAuthPayload)
.verifyInboundSignature(
@@ -2678,43 +2180,19 @@
IkePayload.PAYLOAD_TYPE_AUTH, IkeAuthDigitalSignPayload.class));
}
- private IkeMessage verifySharedKeyAuthentication(
+ private void verifySharedKeyAuthentication(
IkeAuthPskPayload spyAuthPayload,
IkeIdPayload respIdPayload,
List<IkePayload> authRelatedPayloads,
boolean hasChildPayloads,
boolean hasConfigPayloadInResp)
throws Exception {
- return verifySharedKeyAuthentication(
- spyAuthPayload,
- respIdPayload,
- authRelatedPayloads,
- hasChildPayloads,
- hasConfigPayloadInResp,
- false /* isMobikeEnabled */,
- true /* isIpv4 */,
- 0 /* ike3gppDataListenerInvocations */);
- }
-
- private IkeMessage verifySharedKeyAuthentication(
- IkeAuthPskPayload spyAuthPayload,
- IkeIdPayload respIdPayload,
- List<IkePayload> authRelatedPayloads,
- boolean hasChildPayloads,
- boolean hasConfigPayloadInResp,
- boolean isMobikeEnabled,
- boolean isIpv4,
- int ike3gppDataListenerInvocations)
- throws Exception {
IkeMessage ikeAuthReqMessage =
verifyAuthenticationCommonAndGetIkeMessage(
respIdPayload,
authRelatedPayloads,
hasChildPayloads,
- hasConfigPayloadInResp,
- isMobikeEnabled,
- isIpv4,
- ike3gppDataListenerInvocations);
+ hasConfigPayloadInResp);
// Validate authentication is done. Cannot use matchers because IkeAuthPskPayload is final.
verify(spyAuthPayload)
@@ -2729,18 +2207,13 @@
assertNotNull(
ikeAuthReqMessage.getPayloadForType(
IkePayload.PAYLOAD_TYPE_AUTH, IkeAuthPskPayload.class));
-
- return ikeAuthReqMessage;
}
private IkeMessage verifyAuthenticationCommonAndGetIkeMessage(
IkeIdPayload respIdPayload,
List<IkePayload> authRelatedPayloads,
boolean hasChildPayloads,
- boolean hasConfigPayloadInResp,
- boolean isMobikeEnabled,
- boolean isIpv4,
- int ike3gppDataListenerInvocations)
+ boolean hasConfigPayloadInResp)
throws Exception {
// Send IKE AUTH response to IKE state machine
ReceivedIkePacket authResp = makeIkeAuthRespWithChildPayloads(authRelatedPayloads);
@@ -2762,18 +2235,12 @@
IkePayload.PAYLOAD_TYPE_NOTIFY, IkeNotifyPayload.class);
assertFalse(hasEapOnlyNotifyPayload(notifyPayloads));
- // Validate the N1 Mode Capability payload
- verifyN1ModeCapabilityPayload(notifyPayloads);
-
// Validate inbound IKE AUTH response
verifyIncrementLocaReqMsgId();
verifyDecodeEncryptedMessage(mSpyCurrentIkeSaRecord, authResp);
- // Validate that user has been notified. Expect one invocation for
- // IkeSessionCallback#onOpened and 'ike3gppDataListenerInvocations' invocations for
- // Ike3gppDataListener#onIke3gppDataReceived
- verify(mSpyUserCbExecutor, times(1 + ike3gppDataListenerInvocations))
- .execute(any(Runnable.class));
+ // Validate that user has been notified
+ verify(mSpyUserCbExecutor).execute(any(Runnable.class));
// Verify IkeSessionConfiguration
ArgumentCaptor<IkeSessionConfiguration> ikeSessionConfigurationArgumentCaptor =
@@ -2800,17 +2267,10 @@
assertTrue(
sessionConfig.isIkeExtensionEnabled(
IkeSessionConfiguration.EXTENSION_TYPE_FRAGMENTATION));
- assertEquals(
- isMobikeEnabled,
- sessionConfig.isIkeExtensionEnabled(IkeSessionConfiguration.EXTENSION_TYPE_MOBIKE));
IkeSessionConnectionInfo ikeConnInfo = sessionConfig.getIkeSessionConnectionInfo();
-
- InetAddress expectedLocalAddress = isIpv4 ? LOCAL_ADDRESS : LOCAL_ADDRESS_V6;
- InetAddress expectedRemoteAddress = isIpv4 ? REMOTE_ADDRESS : REMOTE_ADDRESS_V6;
-
- assertEquals(expectedLocalAddress, ikeConnInfo.getLocalAddress());
- assertEquals(expectedRemoteAddress, ikeConnInfo.getRemoteAddress());
+ assertEquals(LOCAL_ADDRESS, ikeConnInfo.getLocalAddress());
+ assertEquals(REMOTE_ADDRESS, ikeConnInfo.getRemoteAddress());
assertEquals(mMockDefaultNetwork, ikeConnInfo.getNetwork());
// Verify payload list pair for first Child negotiation
@@ -2822,11 +2282,10 @@
.handleFirstChildExchange(
mReqPayloadListCaptor.capture(),
mRespPayloadListCaptor.capture(),
- eq(expectedLocalAddress),
- eq(expectedRemoteAddress),
+ eq(LOCAL_ADDRESS),
+ eq(REMOTE_ADDRESS),
any(), // udpEncapSocket
eq(mIkeSessionStateMachine.mIkePrf),
- eq(mIkeSessionStateMachine.mSaProposal.getDhGroupTransforms()[0].id),
any()); // sk_d
List<IkePayload> childReqList = mReqPayloadListCaptor.getValue();
List<IkePayload> childRespList = mRespPayloadListCaptor.getValue();
@@ -2864,7 +2323,7 @@
eq(mLooper.getLooper()),
eq(mSpyContext),
anyInt(),
- any(Handler.class),
+ any(AlarmManager.class),
any(RandomnessFactory.class),
any(IpSecSpiGenerator.class),
eq(mChildSessionParams),
@@ -2881,28 +2340,6 @@
return ikeAuthReqMessage;
}
- private void verifyN1ModeCapabilityPayload(List<IkeNotifyPayload> notifyPayloads)
- throws Exception {
- IkeNotifyPayload n1ModeCapabilityPayload = null;
- for (IkeNotifyPayload notifyPayload : notifyPayloads) {
- if (notifyPayload.notifyType == NOTIFY_TYPE_N1_MODE_CAPABILITY) {
- n1ModeCapabilityPayload = notifyPayload;
- }
- }
-
- // Only expect a N1_MODE_CAPABILITY payload if an Ike3gppExtension and PDU Session ID
- // are specified.
- Ike3gppExtension ike3gppExtension =
- mIkeSessionStateMachine.mIkeSessionParams.getIke3gppExtension();
- if (ike3gppExtension == null || !ike3gppExtension.getIke3gppParams().hasPduSessionId()) {
- assertNull(n1ModeCapabilityPayload);
- } else {
- byte[] expectedNotifyData =
- TestUtils.hexStringToByteArray(N1_MODE_CAPABILITY_PAYLOAD_DATA);
- assertArrayEquals(expectedNotifyData, n1ModeCapabilityPayload.notifyData);
- }
- }
-
private IkeAuthPskPayload makeSpyRespPskPayload() throws Exception {
IkeAuthPskPayload spyAuthPayload =
spy(
@@ -3101,7 +2538,7 @@
// Verify IKE Session was closed properly
assertNull(mIkeSessionStateMachine.getCurrentState());
verify(mMockIkeSessionCallback)
- .onClosedWithException(any(AuthenticationFailedException.class));
+ .onClosedExceptionally(any(AuthenticationFailedException.class));
}
@Test
@@ -3110,7 +2547,7 @@
verifyRetransmissionStarted();
resetMockIkeMessageHelper();
- // Mock rejecting IKE AUTH with Authentication Failure notification
+ // Mock rejecting IKE AUTH with Authenticatio Failure notification
ReceivedIkePacket mockAuthFailPacket =
makeIkeAuthRespWithoutChildPayloads(
Arrays.asList(new IkeNotifyPayload(ERROR_TYPE_AUTHENTICATION_FAILED)));
@@ -3120,7 +2557,7 @@
// Verify IKE Session is closed properly
assertNull(mIkeSessionStateMachine.getCurrentState());
verify(mMockIkeSessionCallback)
- .onClosedWithException(any(AuthenticationFailedException.class));
+ .onClosedExceptionally(any(AuthenticationFailedException.class));
}
@Test
@@ -3141,7 +2578,7 @@
ArgumentCaptor<IkeProtocolException> captor =
ArgumentCaptor.forClass(IkeProtocolException.class);
- verify(mMockIkeSessionCallback).onClosedWithException(captor.capture());
+ verify(mMockIkeSessionCallback).onClosedExceptionally(captor.capture());
IkeProtocolException exception = captor.getValue();
assertEquals(ERROR_TYPE_INTERNAL_ADDRESS_FAILURE, exception.getErrorType());
}
@@ -3166,7 +2603,7 @@
// Verify IKE Session is closed properly
assertNull(mIkeSessionStateMachine.getCurrentState());
- verify(mMockIkeSessionCallback).onClosedWithException(any(InvalidSyntaxException.class));
+ verify(mMockIkeSessionCallback).onClosedExceptionally(any(InvalidSyntaxException.class));
}
@Test
@@ -3176,8 +2613,10 @@
setupChildStateMachineFactory(mMockChildSessionStateMachine);
IkeSessionParams ikeSessionParams =
- buildIkeSessionParamsWithIkeOptions(
- IkeSessionParams.IKE_OPTION_ACCEPT_ANY_REMOTE_ID);
+ buildIkeSessionParamsCommon()
+ .setAuthPsk(mPsk)
+ .addIkeOption(IkeSessionParams.IKE_OPTION_ACCEPT_ANY_REMOTE_ID)
+ .build();
mIkeSessionStateMachine = makeAndStartIkeSession(ikeSessionParams);
// Mock IKE INIT
@@ -3226,7 +2665,7 @@
// Verify IKE Session is closed properly
assertNull(mIkeSessionStateMachine.getCurrentState());
verify(mMockIkeSessionCallback)
- .onClosedWithException(any(AuthenticationFailedException.class));
+ .onClosedExceptionally(any(AuthenticationFailedException.class));
}
@Test
@@ -3350,7 +2789,7 @@
// Verify state machine quit properly
verify(mMockIkeSessionCallback)
- .onClosedWithException(any(AuthenticationFailedException.class));
+ .onClosedExceptionally(any(AuthenticationFailedException.class));
assertNull(mIkeSessionStateMachine.getCurrentState());
}
@@ -3394,7 +2833,7 @@
// Fires user error callbacks
verify(mMockIkeSessionCallback)
- .onClosedWithException(argThat(err -> err.getCause() == error));
+ .onClosedExceptionally(argThat(err -> err.getCause() == error));
// Verify state machine quit properly
verify(mSpyCurrentIkeSaRecord).close();
@@ -3416,7 +2855,7 @@
// Fires user error callbacks
verify(mMockIkeSessionCallback)
- .onClosedWithException(any(AuthenticationFailedException.class));
+ .onClosedExceptionally(any(AuthenticationFailedException.class));
// Verify state machine quit properly
verify(mSpyCurrentIkeSaRecord).close();
@@ -3425,19 +2864,10 @@
@Test
public void testCreateIkeLocalIkeAuthPostEap() throws Exception {
- verifyCreateIkeLocalIkeAuthPostEap(
- buildIkeSessionParamsEap(),
- new ArrayList<>() /* authRelatedPayloads */,
- false /* isMobikeEnabled */);
- }
-
- private void verifyCreateIkeLocalIkeAuthPostEap(
- IkeSessionParams params, List<IkePayload> authRelatedPayloads, boolean isMobikeEnabled)
- throws Exception {
mIkeSessionStateMachine.quitNow();
reset(mMockChildSessionFactoryHelper);
setupChildStateMachineFactory(mMockChildSessionStateMachine);
- mIkeSessionStateMachine = makeAndStartIkeSession(params);
+ mIkeSessionStateMachine = makeAndStartIkeSession(buildIkeSessionParamsEap());
// Setup dummy state from IkeAuthPreEap for next state.
mIkeSessionStateMachine.mInitIdPayload = mock(IkeIdPayload.class);
@@ -3465,6 +2895,7 @@
verifyRetransmissionStarted();
// Build IKE AUTH response with Auth-PSK Payload and ID-Responder Payload.
+ List<IkePayload> authRelatedPayloads = new ArrayList<>();
IkeAuthPskPayload spyAuthPayload = makeSpyRespPskPayload();
authRelatedPayloads.add(spyAuthPayload);
@@ -3475,10 +2906,7 @@
respIdPayload,
authRelatedPayloads,
false /*hasChildPayloads*/,
- false /*hasConfigPayloadInResp*/,
- isMobikeEnabled,
- true /* isIpv4 */,
- 0 /* ike3gppDataListenerInvocations */);
+ false /*hasConfigPayloadInResp*/);
verifyRetransmissionStopped();
}
@@ -3591,7 +3019,7 @@
// Verify IKE Session is closed properly
assertNull(mIkeSessionStateMachine.getCurrentState());
- verify(mMockIkeSessionCallback).onClosedWithException(any(InvalidSyntaxException.class));
+ verify(mMockIkeSessionCallback).onClosedExceptionally(any(InvalidSyntaxException.class));
// Collected response fragments are cleared
assertNull(mSpyCurrentIkeSaRecord.getCollectedFragments(true /*isResp*/));
@@ -3605,8 +3033,7 @@
// Send Rekey-Create request
mIkeSessionStateMachine.sendMessage(
IkeSessionStateMachine.CMD_EXECUTE_LOCAL_REQ,
- mLocalRequestFactory.getIkeLocalRequest(
- IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE));
+ new IkeLocalRequest(IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE));
mLooper.dispatchAll();
assertTrue(
mIkeSessionStateMachine.getCurrentState()
@@ -3650,15 +3077,10 @@
public void testRekeyIkeLocalCreateHandlesResponse() throws Exception {
setupIdleStateMachine();
- verifyRekeyIkeLocalCreateHandlesResponse();
- }
-
- private void verifyRekeyIkeLocalCreateHandlesResponse() throws Exception {
// Send Rekey-Create request
mIkeSessionStateMachine.sendMessage(
IkeSessionStateMachine.CMD_EXECUTE_LOCAL_REQ,
- mLocalRequestFactory.getIkeLocalRequest(
- IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE));
+ new IkeLocalRequest(IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE));
mLooper.dispatchAll();
verifyRetransmissionStarted();
@@ -3691,8 +3113,7 @@
// Send Rekey-Create request
mIkeSessionStateMachine.sendMessage(
IkeSessionStateMachine.CMD_EXECUTE_LOCAL_REQ,
- mLocalRequestFactory.getIkeLocalRequest(
- IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE));
+ new IkeLocalRequest(IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE));
mLooper.dispatchAll();
verifyRetransmissionStarted();
resetMockIkeMessageHelper();
@@ -3713,7 +3134,7 @@
// Verify IKE Session is closed properly
assertNull(mIkeSessionStateMachine.getCurrentState());
- verify(mMockIkeSessionCallback).onClosedWithException(any(InvalidSyntaxException.class));
+ verify(mMockIkeSessionCallback).onClosedExceptionally(any(InvalidSyntaxException.class));
}
@Test
@@ -3723,8 +3144,7 @@
// Send Rekey-Create request
mIkeSessionStateMachine.sendMessage(
IkeSessionStateMachine.CMD_EXECUTE_LOCAL_REQ,
- mLocalRequestFactory.getIkeLocalRequest(
- IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE));
+ new IkeLocalRequest(IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE));
mLooper.dispatchAll();
// Mock receiving packet with NO_PROPOSAL_CHOSEN
@@ -3746,8 +3166,7 @@
// Send Rekey-Create request
mIkeSessionStateMachine.sendMessage(
IkeSessionStateMachine.CMD_EXECUTE_LOCAL_REQ,
- mLocalRequestFactory.getIkeLocalRequest(
- IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE));
+ new IkeLocalRequest(IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE));
mLooper.dispatchAll();
resetMockIkeMessageHelper();
@@ -3762,7 +3181,7 @@
// Verify IKE Session is closed properly
assertNull(mIkeSessionStateMachine.getCurrentState());
- verify(mMockIkeSessionCallback).onClosedWithException(any(InvalidSyntaxException.class));
+ verify(mMockIkeSessionCallback).onClosedExceptionally(any(InvalidSyntaxException.class));
}
@Test
@@ -3776,8 +3195,7 @@
// Send Rekey-Create request
mIkeSessionStateMachine.sendMessage(
IkeSessionStateMachine.CMD_EXECUTE_LOCAL_REQ,
- mLocalRequestFactory.getIkeLocalRequest(
- IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE));
+ new IkeLocalRequest(IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE));
mLooper.dispatchAll();
resetMockIkeMessageHelper();
@@ -3794,7 +3212,7 @@
// Verify IKE Session is closed properly
assertNull(mIkeSessionStateMachine.getCurrentState());
- verify(mMockIkeSessionCallback).onClosedWithException(any(IkeInternalException.class));
+ verify(mMockIkeSessionCallback).onClosedExceptionally(any(IkeInternalException.class));
}
@Test
@@ -3804,8 +3222,7 @@
// Send Rekey-Create request
mIkeSessionStateMachine.sendMessage(
IkeSessionStateMachine.CMD_EXECUTE_LOCAL_REQ,
- mLocalRequestFactory.getIkeLocalRequest(
- IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE));
+ new IkeLocalRequest(IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE));
mLooper.dispatchAll();
verifyRetransmissionStarted();
resetMockIkeMessageHelper();
@@ -3843,8 +3260,7 @@
private void mockRescheduleRekey(IkeSaRecord spySaRecord) {
IkeLocalRequest rekeyReq =
- mLocalRequestFactory.getIkeLocalRequest(
- IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE);
+ new IkeLocalRequest(IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE);
doAnswer(
(invocation) -> {
mIkeSessionStateMachine.sendMessageDelayed(
@@ -3864,8 +3280,7 @@
// Send Rekey-Create request
mIkeSessionStateMachine.sendMessage(
IkeSessionStateMachine.CMD_EXECUTE_LOCAL_REQ,
- mLocalRequestFactory.getIkeLocalRequest(
- IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE));
+ new IkeLocalRequest(IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE));
mLooper.dispatchAll();
// Mock sending TEMPORARY_FAILURE response
@@ -4079,8 +3494,12 @@
assertEquals(IKE_REKEY_SA_INITIATOR_SPI, recordConfigCaptor.getValue().initSpi.getSpi());
// Verify outbound CREATE_CHILD_SA message
- IkeMessage rekeyCreateResp =
- verifyAndGetOutboundEncryptedResp(IkeHeader.EXCHANGE_TYPE_CREATE_CHILD_SA);
+ IkeMessage rekeyCreateResp = verifyEncryptAndEncodeAndGetMessage(mSpyCurrentIkeSaRecord);
+ IkeHeader rekeyCreateRespHeader = rekeyCreateResp.ikeHeader;
+ assertEquals(IkePayload.PAYLOAD_TYPE_SK, rekeyCreateRespHeader.nextPayloadType);
+ assertEquals(IkeHeader.EXCHANGE_TYPE_CREATE_CHILD_SA, rekeyCreateRespHeader.exchangeType);
+ assertTrue(rekeyCreateRespHeader.isResponseMsg);
+ assertTrue(rekeyCreateRespHeader.fromIkeInitiator);
assertNotNull(
rekeyCreateResp.getPayloadForType(IkePayload.PAYLOAD_TYPE_SA, IkeSaPayload.class));
assertNotNull(
@@ -4127,102 +3546,6 @@
verifyProcessRekeyReqFailure(ERROR_TYPE_NO_PROPOSAL_CHOSEN);
}
- @Test
- public void testRekeyIkeRemoteCreateHandlesInvalidKePayload() throws Exception {
- setupIdleStateMachine();
-
- // Build Rekey request
- // SA Payload: ENCR_AES_CBC(128)|AUTH_HMAC_SHA1_96|DH_1024_BIT_MODP|PRF_HMAC_SHA1
- IkePayload saPayload =
- IkeTestUtils.hexStringToIkePayload(
- IkePayload.PAYLOAD_TYPE_SA,
- false /*isResp*/,
- IKE_REKEY_SA_PAYLOAD_HEX_STRING);
-
- // Unrecognized DH Group: 0x0fff
- String unrecognizedKePayload =
- "280000880fff0000b4a2faf4bb54878ae21d638512ece55d9236fc50"
- + "46ab6cef82220f421f3ce6361faf36564ecb6d28798a94aa"
- + "d7b2b4b603ddeaaa5630adb9ece8ac37534036040610ebdd"
- + "92f46bef84f0be7db860351843858f8acf87056e272377f7"
- + "0c9f2d81e29c7b0ce4f291a3a72476bb0b278fd4b7b0a4c2"
- + "6bbeb08214c7071376079587";
- IkePayload kePayload =
- IkeTestUtils.hexStringToIkePayload(
- IkePayload.PAYLOAD_TYPE_KE, false /*isResp*/, unrecognizedKePayload);
-
- IkePayload noncePayload =
- IkeTestUtils.hexStringToIkePayload(
- IkePayload.PAYLOAD_TYPE_NONCE,
- false /*isResp*/,
- NONCE_INIT_PAYLOAD_HEX_STRING);
-
- ReceivedIkePacket request =
- makeDummyEncryptedReceivedIkePacketWithPayloadList(
- mSpyCurrentIkeSaRecord,
- IkeHeader.EXCHANGE_TYPE_CREATE_CHILD_SA,
- false /*isResp*/,
- Arrays.asList(saPayload, kePayload, noncePayload));
-
- // Receive Rekey request
- mIkeSessionStateMachine.sendMessage(IkeSessionStateMachine.CMD_RECEIVE_IKE_PACKET, request);
- mLooper.dispatchAll();
-
- verifyProcessRekeyReqFailure(ERROR_TYPE_INVALID_KE_PAYLOAD);
- }
-
- @Test
- public void testRejectRemoteRekeyWithoutDhGroupInProposal() throws Exception {
- setupIdleStateMachine();
-
- // Build a Rekey request that does not propose DH groups.
- String rekeySaPayloadWithoutDhGroup =
- "22000038000000340101080400000000000000FF0300000c0100000c800e0080030"
- + "000080300000203000008020000020000000802000002";
- IkePayload saPayload =
- IkeTestUtils.hexStringToIkePayload(
- IkePayload.PAYLOAD_TYPE_SA, false /*isResp*/, rekeySaPayloadWithoutDhGroup);
- IkePayload kePayload =
- IkeTestUtils.hexStringToIkePayload(
- IkePayload.PAYLOAD_TYPE_KE, false /*isResp*/, KE_PAYLOAD_HEX_STRING);
- IkePayload noncePayload =
- IkeTestUtils.hexStringToIkePayload(
- IkePayload.PAYLOAD_TYPE_NONCE,
- false /*isResp*/,
- NONCE_INIT_PAYLOAD_HEX_STRING);
- ReceivedIkePacket request =
- makeRekeyIkeRequestWithPayloads(Arrays.asList(saPayload, kePayload, noncePayload));
-
- mIkeSessionStateMachine.sendMessage(IkeSessionStateMachine.CMD_RECEIVE_IKE_PACKET, request);
- mLooper.dispatchAll();
-
- verifyProcessRekeyReqFailure(ERROR_TYPE_NO_PROPOSAL_CHOSEN);
- }
-
- @Test
- public void testRejectRemoteRekeyWithoutKePayload() throws Exception {
- setupIdleStateMachine();
-
- // Build a Rekey request that proposes DH groups but does not include a KE payload
- IkePayload saPayload =
- IkeTestUtils.hexStringToIkePayload(
- IkePayload.PAYLOAD_TYPE_SA,
- false /*isResp*/,
- IKE_REKEY_SA_PAYLOAD_HEX_STRING);
- IkePayload noncePayload =
- IkeTestUtils.hexStringToIkePayload(
- IkePayload.PAYLOAD_TYPE_NONCE,
- false /*isResp*/,
- NONCE_INIT_PAYLOAD_HEX_STRING);
- ReceivedIkePacket request =
- makeRekeyIkeRequestWithPayloads(Arrays.asList(saPayload, noncePayload));
-
- mIkeSessionStateMachine.sendMessage(IkeSessionStateMachine.CMD_RECEIVE_IKE_PACKET, request);
- mLooper.dispatchAll();
-
- verifyProcessRekeyReqFailure(ERROR_TYPE_INVALID_SYNTAX);
- }
-
private void verifyProcessRekeyReqFailure(int expectedErrorCode) {
// Verify IKE Session is back to Idle
assertTrue(
@@ -4343,8 +3666,7 @@
// Send Rekey request on mSpyCurrentIkeSaRecord
mIkeSessionStateMachine.sendMessage(
IkeSessionStateMachine.CMD_EXECUTE_LOCAL_REQ,
- mLocalRequestFactory.getIkeLocalRequest(
- IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE));
+ new IkeLocalRequest(IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE));
// Receive Rekey request on mSpyCurrentIkeSaRecord
ReceivedIkePacket dummyRekeyIkeRequestReceivedPacket = makeRekeyIkeRequest();
@@ -4431,8 +3753,7 @@
// Send Rekey-Create request
mIkeSessionStateMachine.sendMessage(
IkeSessionStateMachine.CMD_EXECUTE_LOCAL_REQ,
- mLocalRequestFactory.getIkeLocalRequest(
- IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE));
+ new IkeLocalRequest(IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE));
mLooper.dispatchAll();
// Prepare "rekeyed" SA
@@ -4503,9 +3824,7 @@
setupIdleStateMachine();
byte[][] dummyLastRespBytes =
new byte[][] {"testRetransmitterSendsRequestLastResp".getBytes()};
- mSpyCurrentIkeSaRecord.updateLastSentRespAllPackets(
- Arrays.asList(dummyLastRespBytes),
- mSpyCurrentIkeSaRecord.getRemoteRequestMessageId() - 1);
+ mSpyCurrentIkeSaRecord.updateLastSentRespAllPackets(Arrays.asList(dummyLastRespBytes));
IkeMessage spyIkeReqMessage =
spy(
@@ -4541,41 +3860,13 @@
verifyLastSentRespAllPackets(dummyLastRespBytes, mSpyCurrentIkeSaRecord);
}
- @Test
- public void testRetransmittedPacketsAreIdentical() throws Exception {
- setupIdleStateMachine();
-
- IkeMessage mockIkeReqMsg = mock(IkeMessage.class);
- byte[][] dummyReqBytesList =
- new byte[][] {"testRetransmittedPacketsAreIdentical".getBytes()};
- doReturn(dummyReqBytesList)
- .when(mockIkeReqMsg)
- .encryptAndEncode(any(), any(), eq(mSpyCurrentIkeSaRecord), anyBoolean(), anyInt());
-
- IkeSessionStateMachine.EncryptedRetransmitter retransmitter =
- mIkeSessionStateMachine.new EncryptedRetransmitter(mockIkeReqMsg);
-
- // Packet is immediately sent out
- verify(mSpyCurrentIkeSocket).sendIkePacket(eq(dummyReqBytesList[0]), eq(REMOTE_ADDRESS));
- verify(mockIkeReqMsg)
- .encryptAndEncode(any(), any(), eq(mSpyCurrentIkeSaRecord), anyBoolean(), anyInt());
-
- // Retransmit packet
- retransmitter.retransmit();
- verify(mSpyCurrentIkeSocket, times(2))
- .sendIkePacket(eq(dummyReqBytesList[0]), eq(REMOTE_ADDRESS));
- verify(mockIkeReqMsg)
- .encryptAndEncode(any(), any(), eq(mSpyCurrentIkeSaRecord), anyBoolean(), anyInt());
- }
-
// TODO: b/141275871 Test retransmisstions are fired for correct times within certain time.
@Test
public void testCacheLastRequestAndResponse() throws Exception {
setupIdleStateMachine();
mSpyCurrentIkeSaRecord.updateLastReceivedReqFirstPacket(null /*reqPacket*/);
- mSpyCurrentIkeSaRecord.updateLastSentRespAllPackets(
- null /*respPacketList*/, mSpyCurrentIkeSaRecord.getRemoteRequestMessageId() - 1);
+ mSpyCurrentIkeSaRecord.updateLastSentRespAllPackets(null /*respPacketList*/);
byte[] dummyIkeReqFirstPacket = "testLastSentRequest".getBytes();
byte[][] dummyIkeResp =
@@ -4620,9 +3911,8 @@
byte[][] dummyIkeResp = new byte[][] {"testRcvRetransmittedRequestResp".getBytes()};
mSpyCurrentIkeSaRecord.updateLastReceivedReqFirstPacket(dummyIkeReqFirstPacket);
- mSpyCurrentIkeSaRecord.updateLastSentRespAllPackets(
- Arrays.asList(dummyIkeResp),
- mSpyCurrentIkeSaRecord.getRemoteRequestMessageId() - 1);
+ mSpyCurrentIkeSaRecord.updateLastSentRespAllPackets(Arrays.asList(dummyIkeResp));
+ mSpyCurrentIkeSaRecord.incrementRemoteRequestMessageId();
// Build request with last validated message ID
ReceivedIkePacket request =
@@ -4649,9 +3939,8 @@
byte[] dummyIkeReqFirstPacket = "testDiscardFakeRetransmittedRequestReq".getBytes();
byte[][] dummyIkeResp = new byte[][] {"testDiscardFakeRetransmittedRequestResp".getBytes()};
mSpyCurrentIkeSaRecord.updateLastReceivedReqFirstPacket(dummyIkeReqFirstPacket);
- mSpyCurrentIkeSaRecord.updateLastSentRespAllPackets(
- Arrays.asList(dummyIkeResp),
- mSpyCurrentIkeSaRecord.getRemoteRequestMessageId() - 1);
+ mSpyCurrentIkeSaRecord.updateLastSentRespAllPackets(Arrays.asList(dummyIkeResp));
+ mSpyCurrentIkeSaRecord.incrementRemoteRequestMessageId();
// Build request with last validated message ID but different bytes
ReceivedIkePacket request =
@@ -4670,42 +3959,6 @@
}
@Test
- public void testRcvRetransmittedRequestBeforeReplyOriginalRequest() throws Exception {
- setupIdleStateMachine();
-
- // Mock last sent response
- byte[][] dummyIkeResp = new byte[][] {"testLastSentResponse".getBytes()};
- mSpyCurrentIkeSaRecord.updateLastSentRespAllPackets(
- Arrays.asList(dummyIkeResp),
- mSpyCurrentIkeSaRecord.getRemoteRequestMessageId() - 1);
-
- // Send request with next message ID
- IkeDeletePayload[] inboundDelPayloads =
- new IkeDeletePayload[] {new IkeDeletePayload(new int[] {CHILD_SPI_REMOTE})};
- ReceivedIkePacket request = makeDeleteChildPacket(inboundDelPayloads, false /*isResp*/);
- mIkeSessionStateMachine.sendMessage(IkeSessionStateMachine.CMD_RECEIVE_IKE_PACKET, request);
- mLooper.dispatchAll();
-
- // Verify that no response has been sent out since we didn't configure Child Session to
- // respond
- verify(mSpyCurrentIkeSocket, never()).sendIkePacket(any(), any());
- assertTrue(
- mIkeSessionStateMachine.getCurrentState()
- instanceof IkeSessionStateMachine.ChildProcedureOngoing);
-
- // Retransmit the request
- mIkeSessionStateMachine.sendMessage(IkeSessionStateMachine.CMD_RECEIVE_IKE_PACKET, request);
- mLooper.dispatchAll();
-
- // Verify that no response has been sent out and state machine is still in
- // ChildProcedureOngoing
- verify(mSpyCurrentIkeSocket, never()).sendIkePacket(any(), any());
- assertTrue(
- mIkeSessionStateMachine.getCurrentState()
- instanceof IkeSessionStateMachine.ChildProcedureOngoing);
- }
-
- @Test
public void testDiscardRetransmittedResponse() throws Exception {
mockIkeInitAndTransitionToIkeAuth(mIkeSessionStateMachine.mCreateIkeLocalIkeAuth);
verifyRetransmissionStarted();
@@ -4736,8 +3989,7 @@
mIkeSessionStateMachine.sendMessage(
IkeSessionStateMachine.CMD_EXECUTE_LOCAL_REQ,
- mLocalRequestFactory.getIkeLocalRequest(
- IkeSessionStateMachine.CMD_LOCAL_REQUEST_DELETE_IKE));
+ new IkeLocalRequest(IkeSessionStateMachine.CMD_LOCAL_REQUEST_DELETE_IKE));
mLooper.dispatchAll();
verifyRetransmissionStarted();
@@ -4768,8 +4020,7 @@
mIkeSessionStateMachine.sendMessage(
IkeSessionStateMachine.CMD_EXECUTE_LOCAL_REQ,
- mLocalRequestFactory.getIkeLocalRequest(
- IkeSessionStateMachine.CMD_LOCAL_REQUEST_DELETE_IKE));
+ new IkeLocalRequest(IkeSessionStateMachine.CMD_LOCAL_REQUEST_DELETE_IKE));
mLooper.dispatchAll();
verifyRetransmissionStarted();
@@ -4791,8 +4042,7 @@
mIkeSessionStateMachine.sendMessage(
IkeSessionStateMachine.CMD_EXECUTE_LOCAL_REQ,
- mLocalRequestFactory.getIkeLocalRequest(
- IkeSessionStateMachine.CMD_LOCAL_REQUEST_DELETE_IKE));
+ new IkeLocalRequest(IkeSessionStateMachine.CMD_LOCAL_REQUEST_DELETE_IKE));
mLooper.dispatchAll();
verifyRetransmissionStarted();
resetMockIkeMessageHelper();
@@ -4810,7 +4060,7 @@
verifyEncryptAndEncodeNeverCalled(mSpyCurrentIkeSaRecord);
// Verify state machine quit properly
- verify(mMockIkeSessionCallback).onClosedWithException(any(InvalidSyntaxException.class));
+ verify(mMockIkeSessionCallback).onClosedExceptionally(any(InvalidSyntaxException.class));
assertNull(mIkeSessionStateMachine.getCurrentState());
}
@@ -4821,8 +4071,7 @@
// Send delete request
mIkeSessionStateMachine.sendMessage(
IkeSessionStateMachine.CMD_EXECUTE_LOCAL_REQ,
- mLocalRequestFactory.getIkeLocalRequest(
- IkeSessionStateMachine.CMD_LOCAL_REQUEST_DELETE_IKE));
+ new IkeLocalRequest(IkeSessionStateMachine.CMD_LOCAL_REQUEST_DELETE_IKE));
mLooper.dispatchAll();
// Receive response with wrong exchange type
@@ -4835,7 +4084,7 @@
mLooper.dispatchAll();
// Verify state machine quit properly
- verify(mMockIkeSessionCallback).onClosedWithException(any(InvalidSyntaxException.class));
+ verify(mMockIkeSessionCallback).onClosedExceptionally(any(InvalidSyntaxException.class));
assertNull(mIkeSessionStateMachine.getCurrentState());
}
@@ -4845,8 +4094,7 @@
mIkeSessionStateMachine.sendMessage(
IkeSessionStateMachine.CMD_EXECUTE_LOCAL_REQ,
- mLocalRequestFactory.getIkeLocalRequest(
- IkeSessionStateMachine.CMD_LOCAL_REQUEST_DELETE_IKE));
+ new IkeLocalRequest(IkeSessionStateMachine.CMD_LOCAL_REQUEST_DELETE_IKE));
mLooper.dispatchAll();
verifyRetransmissionStarted();
@@ -4886,11 +4134,6 @@
@Test
public void testDeleteIkeRemoteDelete() throws Exception {
setupIdleStateMachine();
-
- verifyIkeDeleteRequestHandled();
- }
-
- private void verifyIkeDeleteRequestHandled() throws Exception {
mIkeSessionStateMachine.sendMessage(
IkeSessionStateMachine.CMD_RECEIVE_IKE_PACKET,
makeDeleteIkeRequest(mSpyCurrentIkeSaRecord));
@@ -4948,7 +4191,6 @@
mIkeSessionStateMachine.sendMessage(
IkeSessionStateMachine.CMD_FORCE_TRANSITION,
mIkeSessionStateMachine.mCreateIkeLocalIkeInit);
- mLooper.dispatchAll();
mIkeSessionStateMachine.killSession();
mLooper.dispatchAll();
@@ -4965,20 +4207,6 @@
verify(mMockBusyWakelock).release();
}
- private IkeMessage verifyAndGetOutboundEncryptedResp(int exchangeType) {
- IkeMessage resp = verifyEncryptAndEncodeAndGetMessage(mSpyCurrentIkeSaRecord);
- IkeHeader ikeHeader = resp.ikeHeader;
- assertEquals(IkePayload.PAYLOAD_TYPE_SK, ikeHeader.nextPayloadType);
- assertEquals(exchangeType, ikeHeader.exchangeType);
- assertTrue(ikeHeader.isResponseMsg);
- assertEquals(mSpyCurrentIkeSaRecord.isLocalInit, ikeHeader.fromIkeInitiator);
- return resp;
- }
-
- private IkeMessage verifyAndGetOutboundInformationalResp() {
- return verifyAndGetOutboundEncryptedResp(IkeHeader.EXCHANGE_TYPE_INFORMATIONAL);
- }
-
@Test
public void testReceiveDpd() throws Exception {
setupIdleStateMachine();
@@ -4994,7 +4222,12 @@
verifyDecodeEncryptedMessage(mSpyCurrentIkeSaRecord, dummyDpdRequest);
// Verify outbound response
- IkeMessage resp = verifyAndGetOutboundInformationalResp();
+ IkeMessage resp = verifyEncryptAndEncodeAndGetMessage(mSpyCurrentIkeSaRecord);
+ IkeHeader ikeHeader = resp.ikeHeader;
+ assertEquals(IkePayload.PAYLOAD_TYPE_SK, ikeHeader.nextPayloadType);
+ assertEquals(IkeHeader.EXCHANGE_TYPE_INFORMATIONAL, ikeHeader.exchangeType);
+ assertTrue(ikeHeader.isResponseMsg);
+ assertEquals(mSpyCurrentIkeSaRecord.isLocalInit, ikeHeader.fromIkeInitiator);
assertTrue(resp.ikePayloadList.isEmpty());
}
@@ -5020,7 +4253,12 @@
verifyDecodeEncryptedMessage(mSpyCurrentIkeSaRecord, dummyDpdRequest);
// Verify outbound response
- IkeMessage resp = verifyAndGetOutboundInformationalResp();
+ IkeMessage resp = verifyEncryptAndEncodeAndGetMessage(mSpyCurrentIkeSaRecord);
+ IkeHeader ikeHeader = resp.ikeHeader;
+ assertEquals(IkePayload.PAYLOAD_TYPE_SK, ikeHeader.nextPayloadType);
+ assertEquals(IkeHeader.EXCHANGE_TYPE_INFORMATIONAL, ikeHeader.exchangeType);
+ assertTrue(ikeHeader.isResponseMsg);
+ assertEquals(mSpyCurrentIkeSaRecord.isLocalInit, ikeHeader.fromIkeInitiator);
assertTrue(resp.ikePayloadList.isEmpty());
}
@@ -5077,8 +4315,7 @@
mIkeSessionStateMachine.sendMessage(
IkeSessionStateMachine.CMD_EXECUTE_LOCAL_REQ,
- mLocalRequestFactory.getIkeLocalRequest(
- IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE));
+ new IkeLocalRequest(IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE));
mLooper.dispatchAll();
// Verify that the command is executed, and the state machine transitions to the right state
@@ -5101,8 +4338,7 @@
// Queue a local request, and expect that it is not run (yet)
mIkeSessionStateMachine.sendMessage(
IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE,
- mLocalRequestFactory.getIkeLocalRequest(
- IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE));
+ new IkeLocalRequest(IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE));
mLooper.dispatchAll();
// Verify that the state machine is still in the Receiving state
@@ -5162,7 +4398,7 @@
eq(mLooper.getLooper()),
eq(mSpyContext),
anyInt(),
- any(Handler.class),
+ any(AlarmManager.class),
any(RandomnessFactory.class),
any(IpSecSpiGenerator.class),
eq(mChildSessionParams),
@@ -5181,15 +4417,6 @@
}
}
- @Test(expected = IllegalArgumentException.class)
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testOpenChildSessionWithMobikeAndTransport() throws Exception {
- mIkeSessionStateMachine = restartStateMachineWithMobikeConfigured();
-
- mIkeSessionStateMachine.openChildSession(
- mock(TransportModeChildSessionParams.class), mock(ChildSessionCallback.class));
- }
-
@Test
public void testCloseChildSessionValidatesArgs() throws Exception {
setupIdleStateMachine();
@@ -5245,36 +4472,32 @@
IkeManager.setIkeLog(spyIkeLog);
IkeSessionParams mockSessionParams = mock(IkeSessionParams.class);
- when(mockSessionParams.getServerHostname()).thenReturn(REMOTE_HOSTNAME);
-
- RuntimeException cause = new RuntimeException();
- when(mockSessionParams.getSaProposalsInternal()).thenThrow(cause);
+ when(mockSessionParams.getSaProposalsInternal()).thenThrow(mock(RuntimeException.class));
DhGroupTransform dhGroupTransform = new DhGroupTransform(SaProposal.DH_GROUP_2048_BIT_MODP);
IkeSaProposal mockSaProposal = mock(IkeSaProposal.class);
when(mockSaProposal.getDhGroupTransforms())
.thenReturn(new DhGroupTransform[] {dhGroupTransform});
when(mockSessionParams.getSaProposals()).thenReturn(Arrays.asList(mockSaProposal));
-
- mIkeSessionStateMachine.quitNow();
- mIkeSessionStateMachine = makeAndStartIkeSession(mockSessionParams);
-
+ IkeSessionStateMachine ikeSession =
+ new IkeSessionStateMachine(
+ mLooper.getLooper(),
+ mSpyContext,
+ mIpSecManager,
+ mockSessionParams,
+ mChildSessionParams,
+ mSpyUserCbExecutor,
+ mMockIkeSessionCallback,
+ mMockChildSessionCallback,
+ mMockEapAuthenticatorFactory);
// Send IKE INIT request
mIkeSessionStateMachine.sendMessage(IkeSessionStateMachine.CMD_LOCAL_REQUEST_CREATE_IKE);
mLooper.dispatchAll();
- assertNull(mIkeSessionStateMachine.getCurrentState());
+ assertNull(ikeSession.getCurrentState());
verify(mSpyUserCbExecutor).execute(any(Runnable.class));
+ verify(mMockIkeSessionCallback).onClosedExceptionally(any(IkeInternalException.class));
verify(spyIkeLog).wtf(anyString(), anyString(), any(RuntimeException.class));
-
- ArgumentCaptor<IkeInternalException> internalExceptionCaptor =
- ArgumentCaptor.forClass(IkeInternalException.class);
- verify(mMockIkeSessionCallback).onClosedWithException(internalExceptionCaptor.capture());
- IkeInternalException internalException = internalExceptionCaptor.getValue();
-
- // Verify that the Exception which caused the IkeSessionStateMachine to close is the same
- // one mocked for IkeSessionParams#getSaProposalsInternal
- assertSame(cause, internalException.getCause());
}
@Test
@@ -5289,7 +4512,7 @@
assertNull(mIkeSessionStateMachine.getCurrentState());
verify(mSpyUserCbExecutor).execute(any(Runnable.class));
- verify(mMockIkeSessionCallback).onClosedWithException(any(IkeInternalException.class));
+ verify(mMockIkeSessionCallback).onClosedExceptionally(any(IkeInternalException.class));
verify(spyIkeLog).wtf(anyString(), anyString(), any(RuntimeException.class));
}
@@ -5317,7 +4540,7 @@
// Fires user error callbacks
verify(mMockIkeSessionCallback)
- .onClosedWithException(
+ .onClosedExceptionally(
argThat(err -> err instanceof NoValidProposalChosenException));
// Verify state machine quit properly
assertNull(mIkeSessionStateMachine.getCurrentState());
@@ -5327,7 +4550,7 @@
setupIdleStateMachine();
ChildLocalRequest childLocalRequest =
- mLocalRequestFactory.getChildLocalRequest(
+ new ChildLocalRequest(
IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_CHILD,
mMockChildSessionCallback,
null /*childParams*/);
@@ -5382,7 +4605,7 @@
mLooper.dispatchAll();
assertNull(mIkeSessionStateMachine.getCurrentState());
- verify(mMockIkeSessionCallback).onClosedWithException(any(IkeInternalException.class));
+ verify(mMockIkeSessionCallback).onClosedExceptionally(any(IkeInternalException.class));
}
@Test
@@ -5393,8 +4616,7 @@
// Send Rekey-Create request
mIkeSessionStateMachine.sendMessage(
IkeSessionStateMachine.CMD_EXECUTE_LOCAL_REQ,
- mLocalRequestFactory.getIkeLocalRequest(
- IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE));
+ new IkeLocalRequest(IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE));
mLooper.dispatchAll();
verifyRetransmissionStarted();
@@ -5462,7 +4684,7 @@
// Verify IKE Session is closed properly
assertNull(mIkeSessionStateMachine.getCurrentState());
- verify(mMockIkeSessionCallback).onClosedWithException(any(InvalidSyntaxException.class));
+ verify(mMockIkeSessionCallback).onClosedExceptionally(any(InvalidSyntaxException.class));
}
@Test
@@ -5491,7 +4713,7 @@
// Verify IKE Session has quit
assertNull(mIkeSessionStateMachine.getCurrentState());
- verify(mMockIkeSessionCallback).onClosedWithException(any(InvalidSyntaxException.class));
+ verify(mMockIkeSessionCallback).onClosedExceptionally(any(InvalidSyntaxException.class));
}
@Test
@@ -5611,1184 +4833,4 @@
mLooper.dispatchAll();
verify(mMockLocalRequestWakelock, times(localReqCnt)).release();
}
-
- @Test
- public void testIkeAuthWithN1Mode() throws Exception {
- verifyIkeAuthWith3gppEnabled(
- makeN1ModeInformationPayload(), 1 /* ike3gppDataListenerInvocations */);
-
- verifyN1ModeReceived();
- }
-
- private void verifyIkeAuthWith3gppEnabled(
- IkePayload ike3gppPayload, int ike3gppDataListenerInvocations) throws Exception {
- // Quit and restart IKE Session with N1 Mode Capability params
- mIkeSessionStateMachine.quitNow();
- reset(mMockChildSessionFactoryHelper);
- setupChildStateMachineFactory(mMockChildSessionStateMachine);
- mIkeSessionStateMachine =
- makeAndStartIkeSession(buildIkeSessionParamsIke3gppExtension(PDU_SESSION_ID));
- mockIkeInitAndTransitionToIkeAuth(mIkeSessionStateMachine.mCreateIkeLocalIkeAuth);
-
- // Build IKE AUTH response with Auth-PSK, ID-Responder and config payloads.
- List<IkePayload> authRelatedPayloads = new ArrayList<>();
- authRelatedPayloads.add(ike3gppPayload);
- IkeAuthPskPayload spyAuthPayload = makeSpyRespPskPayload();
- authRelatedPayloads.add(spyAuthPayload);
-
- IkeIdPayload respIdPayload = makeRespIdPayload();
- authRelatedPayloads.add(respIdPayload);
- authRelatedPayloads.add(makeConfigPayload());
-
- verifySharedKeyAuthentication(
- spyAuthPayload,
- respIdPayload,
- authRelatedPayloads,
- true /*hasChildPayloads*/,
- true /*hasConfigPayloadInResp*/,
- false /* isMobikeEnabled */,
- true /* isIpv4 */,
- ike3gppDataListenerInvocations);
- verifyRetransmissionStopped();
- }
-
- private IkeNotifyPayload makeN1ModeInformationPayload() {
- ByteBuffer n1ModeInformationBuffer = ByteBuffer.allocate(SNSSAI.length + 1);
- n1ModeInformationBuffer.put((byte) SNSSAI.length);
- n1ModeInformationBuffer.put(SNSSAI);
- return new IkeNotifyPayload(
- NOTIFY_TYPE_N1_MODE_INFORMATION, n1ModeInformationBuffer.array());
- }
-
- private void verifyN1ModeReceived() {
- ArgumentCaptor<List<Ike3gppData>> ike3gppDataCaptor = ArgumentCaptor.forClass(List.class);
- verify(mMockIke3gppDataListener).onIke3gppDataReceived(ike3gppDataCaptor.capture());
-
- Ike3gppN1ModeInformation n1ModeInformation = null;
- for (Ike3gppData payload : ike3gppDataCaptor.getValue()) {
- if (payload.getDataType() == Ike3gppData.DATA_TYPE_NOTIFY_N1_MODE_INFORMATION) {
- n1ModeInformation = (Ike3gppN1ModeInformation) payload;
- }
- }
-
- assertNotNull(n1ModeInformation);
- assertArrayEquals(SNSSAI, n1ModeInformation.getSnssai());
- }
-
- @Test
- public void testIkeAuthWithBackoffTimerNetworkError() throws Exception {
- verifyIkeAuthWithBackoffTimer(ERROR_TYPE_NETWORK_FAILURE);
- }
-
- @Test
- public void testIkeAuthWithBackoffTimerNoApnSubscription() throws Exception {
- verifyIkeAuthWithBackoffTimer(ERROR_TYPE_NO_APN_SUBSCRIPTION);
- }
-
- private void verifyIkeAuthWithBackoffTimer(int expectedNotifyErrorCause) throws Exception {
- // Quit and restart IKE Session with N1 Mode Capability params
- mIkeSessionStateMachine.quitNow();
- reset(mMockChildSessionFactoryHelper);
- setupChildStateMachineFactory(mMockChildSessionStateMachine);
- mIkeSessionStateMachine =
- makeAndStartIkeSession(buildIkeSessionParamsIke3gppExtension(PDU_SESSION_ID));
- mockIkeInitAndTransitionToIkeAuth(mIkeSessionStateMachine.mCreateIkeLocalIkeAuth);
-
- // Build IKE AUTH response with BackoffTimer and Error-Notify
- IkeNotifyPayload backoffTimerPayload =
- new IkeNotifyPayload(NOTIFY_TYPE_BACKOFF_TIMER, BACKOFF_TIMER_DATA);
- IkeNotifyPayload errorNotify = new IkeNotifyPayload(expectedNotifyErrorCause);
-
- ReceivedIkePacket mockBackoffTimerResponsePacket =
- makeIkeAuthRespWithoutChildPayloads(
- Arrays.asList(backoffTimerPayload, errorNotify));
- mIkeSessionStateMachine.sendMessage(CMD_RECEIVE_IKE_PACKET, mockBackoffTimerResponsePacket);
- mLooper.dispatchAll();
-
- // Verify IKE Session is closed properly
- assertNull(mIkeSessionStateMachine.getCurrentState());
- verify(mMockIkeSessionCallback)
- .onClosedWithException(any(UnrecognizedIkeProtocolException.class));
-
- verifyBackoffTimer(expectedNotifyErrorCause);
- }
-
- private void verifyBackoffTimer(int expectedNotifyErrorCause) {
- ArgumentCaptor<List<Ike3gppData>> ike3gppDataCaptor = ArgumentCaptor.forClass(List.class);
- verify(mMockIke3gppDataListener).onIke3gppDataReceived(ike3gppDataCaptor.capture());
-
- Ike3gppBackoffTimer backoffTimer = null;
- for (Ike3gppData payload : ike3gppDataCaptor.getValue()) {
- if (payload.getDataType() == Ike3gppData.DATA_TYPE_NOTIFY_BACKOFF_TIMER) {
- backoffTimer = (Ike3gppBackoffTimer) payload;
- }
- }
-
- assertNotNull(backoffTimer);
- assertEquals(BACKOFF_TIMER, backoffTimer.getBackoffTimer());
- assertEquals(expectedNotifyErrorCause, backoffTimer.getBackoffCause());
- }
-
- @Test
- public void testIkeAuthWithBackoffTimerWithoutError() throws Exception {
- verifyIkeAuthWith3gppEnabled(
- new IkeNotifyPayload(NOTIFY_TYPE_BACKOFF_TIMER, BACKOFF_TIMER_DATA),
- 0 /* ike3gppDataListenerInvocations */);
-
- // BackoffTimer should be ignored
- verify(mMockIke3gppDataListener, never()).onIke3gppDataReceived(any());
- }
-
- @Test(expected = IllegalArgumentException.class)
- public void testIke3gppReuseCallback() throws Exception {
- mIkeSessionStateMachine =
- makeAndStartIkeSession(buildIkeSessionParamsIke3gppExtension(PDU_SESSION_ID));
- makeAndStartIkeSession(buildIkeSessionParamsIke3gppExtension(PDU_SESSION_ID));
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testMobikeEnabled() throws Exception {
- verifyMobikeEnabled(true /* doesPeerSupportMobike */);
-
- killSessionAndVerifyNetworkCallback(true /* expectCallbackUnregistered */);
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testMobikeEnabledPeerUnsupported() throws Exception {
- verifyMobikeEnabled(false /* doesPeerSupportMobike */);
-
- killSessionAndVerifyNetworkCallback(true /* expectCallbackUnregistered */);
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testMobikeEnabledWithEap() throws Exception {
- List<IkePayload> authRelatedPayloads = new ArrayList<>();
- authRelatedPayloads.add(new IkeNotifyPayload(NOTIFY_TYPE_MOBIKE_SUPPORTED));
-
- verifyCreateIkeLocalIkeAuthPostEap(
- buildIkeSessionParamsWithIkeOptions(IKE_OPTION_MOBIKE),
- authRelatedPayloads,
- true /* isMobikeEnabled */);
- assertTrue(mIkeSessionStateMachine.mSupportMobike);
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testMobikeEnabledNattSupportedIpv4() throws Exception {
- verifyMobikeEnabled(true /* doesPeerSupportNatt */, true /* isIpv4 */);
-
- killSessionAndVerifyNetworkCallback(true /* expectCallbackUnregistered */);
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testMobikeEnabledNattUnsupportedIpv4() throws Exception {
- verifyMobikeEnabled(false /* doesPeerSupportNatt */, true /* isIpv4 */);
-
- killSessionAndVerifyNetworkCallback(true /* expectCallbackUnregistered */);
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testMobikeEnabledNattUnsupportedIpv6() throws Exception {
- verifyMobikeEnabled(false /* doesPeerSupportNatt */, false /* isIpv4 */);
-
- killSessionAndVerifyNetworkCallback(true /* expectCallbackUnregistered */);
- }
-
- /**
- * Restarts the IkeSessionStateMachine with MOBIKE enabled. If doesPeerSupportMobike, MOBIKE
- * will be active for the Session.
- *
- * @return the registered IkeDefaultNetworkCallack is returned if MOBIKE is active, else null
- */
- @Nullable
- private IkeDefaultNetworkCallback verifyMobikeEnabled(boolean doesPeerSupportMobike)
- throws Exception {
- // Can cast to IkeDefaultNetworkCallback because no Network is specified
- return (IkeDefaultNetworkCallback)
- verifyMobikeEnabled(doesPeerSupportMobike, null /* configuredNetwork */);
- }
-
- @Nullable
- private IkeNetworkCallbackBase verifyMobikeEnabled(
- boolean doesPeerSupportMobike, Network configuredNetwork) throws Exception {
- return verifyMobikeEnabled(
- doesPeerSupportMobike,
- true /* doesPeerSupportNatt */,
- true /* isIpv4 */,
- false /* isEnforcePort4500*/,
- configuredNetwork);
- }
-
- @Nullable
- private IkeDefaultNetworkCallback verifyMobikeEnabled(
- boolean doesPeerSupportNatt, boolean isIpv4) throws Exception {
- // Can cast to IkeDefaultNetworkCallback because no Network is specified
- return (IkeDefaultNetworkCallback)
- verifyMobikeEnabled(
- true /* doesPeerSupportMobike */,
- doesPeerSupportNatt,
- isIpv4,
- false /* isEnforcePort4500*/,
- null /* configuredNetwork */);
- }
-
- /** Returns the expected IkeSocket type when MOBIKE is supported by both sides */
- private Class<? extends IkeSocket> getExpectedSocketType(
- boolean doesPeerSupportNatt, boolean isIpv4) {
- if (doesPeerSupportNatt) {
- if (isIpv4) {
- return IkeUdpEncapSocket.class;
- } else {
- return IkeUdp6WithEncapPortSocket.class;
- }
- } else {
- if (isIpv4) {
- return IkeUdp4Socket.class;
- } else {
- return IkeUdp6Socket.class;
- }
- }
- }
-
- @Nullable
- private IkeNetworkCallbackBase verifyMobikeEnabled(
- boolean doesPeerSupportMobike,
- boolean doesPeerSupportNatt,
- boolean isIpv4,
- boolean isEnforcePort4500,
- Network configuredNetwork)
- throws Exception {
- mIkeSessionStateMachine =
- restartStateMachineWithMobikeConfigured(configuredNetwork, isEnforcePort4500);
- mockIkeInitAndTransitionToIkeAuth(mIkeSessionStateMachine.mCreateIkeLocalIkeAuth);
-
- if (isIpv4) {
- mIkeSessionStateMachine.mLocalAddress = LOCAL_ADDRESS;
- mIkeSessionStateMachine.mRemoteAddress = REMOTE_ADDRESS;
- mIkeSessionStateMachine.mRemoteAddressesV4.add(REMOTE_ADDRESS);
-
- // IKE client always supports IPv4 NAT-T. So the peer decides if both sides support
- // NAT-T.
- mIkeSessionStateMachine.mHasCheckedNattSupport = true;
- mIkeSessionStateMachine.mSupportNatTraversal = doesPeerSupportNatt;
- } else {
- mIkeSessionStateMachine.mLocalAddress = LOCAL_ADDRESS_V6;
- mIkeSessionStateMachine.mRemoteAddress = REMOTE_ADDRESS_V6;
- mIkeSessionStateMachine.mRemoteAddressesV6.add(REMOTE_ADDRESS_V6);
-
- // IKE client does not support IPv6 NAT-T and will not check if the server supports
- // NAT-T when using IPv6 for IKE Session setup.
- mIkeSessionStateMachine.mHasCheckedNattSupport = false;
- mIkeSessionStateMachine.mSupportNatTraversal = false;
- }
-
- if (doesPeerSupportNatt && isIpv4) {
- // Assume NATs are detected on both sides
- mIkeSessionStateMachine.mLocalNatDetected = true;
- mIkeSessionStateMachine.mRemoteNatDetected = true;
-
- mIkeSessionStateMachine.mIkeSocket = mSpyIkeUdpEncapSocket;
- } else {
- mIkeSessionStateMachine.mLocalNatDetected = false;
- mIkeSessionStateMachine.mRemoteNatDetected = false;
-
- if (isIpv4) {
- mIkeSessionStateMachine.mIkeSocket = mSpyIkeUdp4Socket;
- } else {
- mIkeSessionStateMachine.mIkeSocket = mSpyIkeUdp6Socket;
- }
- }
-
- // Build IKE AUTH response. Include MOBIKE_SUPPORTED if doesPeerSupportMobike is true
- List<IkePayload> authRelatedPayloads = new ArrayList<>();
- IkeAuthPskPayload spyAuthPayload = makeSpyRespPskPayload();
- authRelatedPayloads.add(spyAuthPayload);
-
- IkeIdPayload respIdPayload = makeRespIdPayload();
- authRelatedPayloads.add(respIdPayload);
- authRelatedPayloads.add(makeConfigPayload());
-
- if (doesPeerSupportMobike) {
- authRelatedPayloads.add(new IkeNotifyPayload(NOTIFY_TYPE_MOBIKE_SUPPORTED));
- }
-
- IkeMessage ikeAuthReqMessage =
- verifySharedKeyAuthentication(
- spyAuthPayload,
- respIdPayload,
- authRelatedPayloads,
- true /* hasChildPayloads */,
- true /* hasConfigPayloadInResp */,
- doesPeerSupportMobike,
- isIpv4,
- 0 /* ike3gppDataListenerInvocations */);
- verifyRetransmissionStopped();
-
- boolean isMobikeSupportIndicated = false;
- List<IkeNotifyPayload> reqNotifyPayloads =
- ikeAuthReqMessage.getPayloadListForType(
- PAYLOAD_TYPE_NOTIFY, IkeNotifyPayload.class);
- for (IkeNotifyPayload notifyPayload : reqNotifyPayloads) {
- if (notifyPayload.notifyType == NOTIFY_TYPE_MOBIKE_SUPPORTED) {
- isMobikeSupportIndicated = true;
- break;
- }
- }
- assertTrue(isMobikeSupportIndicated);
-
- assertEquals(doesPeerSupportMobike, mIkeSessionStateMachine.mSupportMobike);
-
- ArgumentCaptor<IkeNetworkCallbackBase> networkCallbackCaptor =
- ArgumentCaptor.forClass(IkeNetworkCallbackBase.class);
-
- // Expect different NetworkCallback registrations if there is a caller-configured Network
- if (configuredNetwork == null) {
- verify(mMockConnectManager)
- .registerDefaultNetworkCallback(networkCallbackCaptor.capture(), any());
- } else {
- verify(mMockConnectManager)
- .registerNetworkCallback(any(), networkCallbackCaptor.capture(), any());
- }
-
- IkeNetworkCallbackBase networkCallback = networkCallbackCaptor.getValue();
- Class<? extends IkeNetworkCallbackBase> expectedCallbackType =
- configuredNetwork == null
- ? IkeDefaultNetworkCallback.class
- : IkeSpecificNetworkCallback.class;
- assertTrue(expectedCallbackType.isInstance(networkCallback));
- assertTrue(
- getExpectedSocketType(doesPeerSupportNatt, isIpv4)
- .isInstance(mIkeSessionStateMachine.mIkeSocket));
- return networkCallback;
- }
-
- private void killSessionAndVerifyNetworkCallback(boolean expectCallbackUnregistered) {
- mIkeSessionStateMachine.killSession();
- mLooper.dispatchAll();
-
- verify(mMockConnectManager, expectCallbackUnregistered ? times(1) : never())
- .unregisterNetworkCallback(any(IkeDefaultNetworkCallback.class));
- }
-
- /** Restarts the IkeSessionStateMachine with MOBIKE configured in the IkeSessionParams. */
- private IkeSessionStateMachine restartStateMachineWithMobikeConfigured() throws Exception {
- return restartStateMachineWithMobikeConfigured(
- null /* network */, false /* isEnforcePort4500*/);
- }
-
- private IkeSessionStateMachine restartStateMachineWithMobikeConfigured(
- @Nullable Network configuredNetwork, boolean isEnforcePort4500) throws Exception {
- mIkeSessionStateMachine.quitNow();
- reset(mMockChildSessionFactoryHelper);
-
- // makeAndStartIkeSession() expects no use of ConnectivityManager#getActiveNetwork when
- // there is a configured Network. Use reset() to forget usage in setUp()
- if (configuredNetwork != null) {
- resetMockConnectManager();
- }
-
- setupChildStateMachineFactory(mMockChildSessionStateMachine);
-
- IkeSessionParams.Builder ikeSessionParamsBuilder =
- buildIkeSessionParamsCommon().setAuthPsk(mPsk).addIkeOption(IKE_OPTION_MOBIKE);
- if (isEnforcePort4500) {
- ikeSessionParamsBuilder.addIkeOption(IKE_OPTION_FORCE_PORT_4500);
- }
- if (configuredNetwork != null) {
- ikeSessionParamsBuilder.setNetwork(configuredNetwork);
- }
- return makeAndStartIkeSession(ikeSessionParamsBuilder.build());
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testMobikeNetworkCallbackRegistrationFails() throws Exception {
- doThrow(new RuntimeException("Failed to register IKE NetworkCallback"))
- .when(mMockConnectManager)
- .registerDefaultNetworkCallback(any(IkeDefaultNetworkCallback.class), any());
-
- mIkeSessionStateMachine = restartStateMachineWithMobikeConfigured();
- mockIkeInitAndTransitionToIkeAuth(mIkeSessionStateMachine.mCreateIkeLocalIkeAuth);
-
- // Send IKE_AUTH resp and indicate MOBIKE support
- List<IkePayload> authRelatedPayloads = new ArrayList<>();
- authRelatedPayloads.add(makeSpyRespPskPayload());
- authRelatedPayloads.add(makeRespIdPayload());
- authRelatedPayloads.add(new IkeNotifyPayload(NOTIFY_TYPE_MOBIKE_SUPPORTED));
- ReceivedIkePacket authResp = makeIkeAuthRespWithChildPayloads(authRelatedPayloads);
- mIkeSessionStateMachine.sendMessage(
- IkeSessionStateMachine.CMD_RECEIVE_IKE_PACKET, authResp);
- mLooper.dispatchAll();
-
- verify(mMockConnectManager)
- .registerDefaultNetworkCallback(any(IkeDefaultNetworkCallback.class), any());
- verify(mMockIkeSessionCallback).onClosedWithException(any(IkeInternalException.class));
- verify(mMockConnectManager).unregisterNetworkCallback(any(IkeDefaultNetworkCallback.class));
- assertNull(mIkeSessionStateMachine.getCurrentState());
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testMobikeEnabledNetworkDies() throws Exception {
- IkeDefaultNetworkCallback callback = verifyMobikeEnabled(true /* doesPeerSupportMobike */);
- callback.onLost(mMockDefaultNetwork);
-
- ArgumentCaptor<IkeException> exceptionCaptor = ArgumentCaptor.forClass(IkeException.class);
- verify(mMockIkeSessionCallback).onError(exceptionCaptor.capture());
- IkeNetworkLostException cause = (IkeNetworkLostException) exceptionCaptor.getValue();
- assertEquals(mMockDefaultNetwork, cause.getNetwork());
- }
-
- private void verifyMobikeActiveMobilityEvent(boolean isEnforcePort4500) throws Exception {
- IkeDefaultNetworkCallback callback =
- (IkeDefaultNetworkCallback)
- verifyMobikeEnabled(
- true /* doesPeerSupportMobike */,
- false /* doesPeerSupportNatt */,
- true /* isIpv4 */,
- isEnforcePort4500,
- null /* configuredNetwork */);
-
- Network newNetwork = mockNewNetworkAndAddress(true /* isIpv4 */);
-
- callback.onAvailable(newNetwork);
- mLooper.dispatchAll();
-
- verifyNetworkAndLocalAddressUpdated(
- newNetwork, UPDATED_LOCAL_ADDRESS, REMOTE_ADDRESS, callback);
- verify(mMockIkeLocalAddressGenerator)
- .generateLocalAddress(
- eq(newNetwork), eq(true /* isIpv4 */), eq(REMOTE_ADDRESS), anyInt());
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testMobikeActiveMobilityEvent() throws Exception {
- verifyMobikeActiveMobilityEvent(false /* isEnforcePort4500 */);
- assertTrue(mIkeSessionStateMachine.mIkeSocket instanceof IkeUdp4Socket);
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testMobikeActiveMobilityEventWithEnforcePort4500() throws Exception {
- verifyMobikeActiveMobilityEvent(true /* isEnforcePort4500 */);
- assertTrue(mIkeSessionStateMachine.mIkeSocket instanceof IkeUdpEncapSocket);
- }
-
- private Network mockNewNetworkAndAddress(boolean isIpv4) throws Exception {
- InetAddress expectedRemoteAddress;
- InetAddress injectedLocalAddress;
- if (isIpv4) {
- expectedRemoteAddress = REMOTE_ADDRESS;
- injectedLocalAddress = UPDATED_LOCAL_ADDRESS;
- } else {
- expectedRemoteAddress = REMOTE_ADDRESS_V6;
- injectedLocalAddress = UPDATED_LOCAL_ADDRESS_V6;
- }
-
- return mockNewNetworkAndAddress(isIpv4, injectedLocalAddress, expectedRemoteAddress);
- }
-
- private Network mockNewNetworkAndAddress(
- boolean isIpv4, InetAddress localAddress, InetAddress remoteAddress) throws Exception {
- return mockNewNetworkAndAddress(isIpv4, localAddress, remoteAddress, 1 /* dnsLookups */);
- }
-
- private Network mockNewNetworkAndAddress(
- boolean isIpv4, InetAddress localAddress, InetAddress remoteAddress, int dnsLookups)
- throws Exception {
- Network newNetwork = mock(Network.class);
-
- if (isIpv4) {
- mIkeSessionStateMachine.mRemoteAddressesV4.add((Inet4Address) remoteAddress);
- } else {
- mIkeSessionStateMachine.mRemoteAddressesV6.add((Inet6Address) remoteAddress);
-
- LinkProperties linkProperties = new LinkProperties();
- linkProperties.addLinkAddress(mMockLinkAddressGlobalV6);
- when(mMockConnectManager.getLinkProperties(eq(newNetwork))).thenReturn(linkProperties);
- }
-
- setupDnsResolutionForNetwork(newNetwork, dnsLookups, remoteAddress);
-
- when(mMockIkeLocalAddressGenerator.generateLocalAddress(
- eq(newNetwork), eq(isIpv4), eq(remoteAddress), anyInt()))
- .thenReturn(localAddress);
-
- return newNetwork;
- }
-
- private void verifyNetworkAndLocalAddressUpdated(
- Network underlyingNetwork,
- InetAddress localAddress,
- InetAddress remoteAddress,
- IkeNetworkCallbackBase networkCallback)
- throws Exception {
- assertEquals(underlyingNetwork, mIkeSessionStateMachine.mNetwork);
- assertEquals(
- underlyingNetwork,
- mIkeSessionStateMachine.mIkeSocket.getIkeSocketConfig().getNetwork());
- assertEquals(localAddress, mIkeSessionStateMachine.mLocalAddress);
- assertEquals(remoteAddress, mIkeSessionStateMachine.mRemoteAddress);
-
- verifyIkeSaAddresses(
- mIkeSessionStateMachine.mCurrentIkeSaRecord, localAddress, remoteAddress);
-
- verify(underlyingNetwork, atLeastOnce()).getAllByName(REMOTE_HOSTNAME);
-
- assertEquals(underlyingNetwork, networkCallback.getNetwork());
- assertEquals(localAddress, networkCallback.getAddress());
- }
-
- private void verifyIkeSaAddresses(
- IkeSaRecord saRecord, InetAddress localAddress, InetAddress remoteAddress) {
- assertEquals(
- localAddress, saRecord.getInitiatorIkeSecurityParameterIndex().getSourceAddress());
- assertEquals(
- remoteAddress, saRecord.getResponderIkeSecurityParameterIndex().getSourceAddress());
- }
-
- @Test(expected = IllegalArgumentException.class)
- public void testSetNetworkNull() throws Exception {
- mIkeSessionStateMachine.setNetwork(null);
- }
-
- @Test(expected = IllegalStateException.class)
- public void testSetNetworkMobikeNotActive() throws Exception {
- Network newNetwork = mock(Network.class);
-
- mIkeSessionStateMachine.setNetwork(newNetwork);
- }
-
- @Test(expected = IllegalStateException.class)
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testSetNetworkMobikeActiveNetworkNotSpecified() throws Exception {
- Network newNetwork = mock(Network.class);
-
- verifyMobikeEnabled(true /* doesPeerSupportMobike */);
-
- mIkeSessionStateMachine.setNetwork(newNetwork);
- }
-
- private void verifySetNetwork(
- IkeNetworkCallbackBase callback, IkeSaRecord rekeySaRecord, State expectedState)
- throws Exception {
- verifySetNetwork(callback, rekeySaRecord, expectedState, true /* isIpv4 */);
- }
-
- private void verifySetNetwork(
- IkeNetworkCallbackBase callback,
- IkeSaRecord rekeySaRecord,
- State expectedState,
- boolean isIpv4)
- throws Exception {
- Network newNetwork = mockNewNetworkAndAddress(isIpv4);
-
- mIkeSessionStateMachine.setNetwork(newNetwork);
- mLooper.dispatchAll();
-
- InetAddress expectedUpdatedLocalAddress =
- isIpv4 ? UPDATED_LOCAL_ADDRESS : UPDATED_LOCAL_ADDRESS_V6;
- InetAddress expectedRemoteAddress = isIpv4 ? REMOTE_ADDRESS : REMOTE_ADDRESS_V6;
-
- verifyNetworkAndLocalAddressUpdated(
- newNetwork, expectedUpdatedLocalAddress, expectedRemoteAddress, callback);
- verify(mMockIkeLocalAddressGenerator)
- .generateLocalAddress(
- eq(newNetwork), eq(isIpv4), eq(expectedRemoteAddress), anyInt());
-
- assertEquals(
- mIkeSessionStateMachine,
- mIkeSessionStateMachine.mIkeSocket.mSpiToIkeSession.get(
- mIkeSessionStateMachine.mCurrentIkeSaRecord.getLocalSpi()));
-
- if (rekeySaRecord != null) {
- verifyIkeSaAddresses(rekeySaRecord, expectedUpdatedLocalAddress, expectedRemoteAddress);
- assertEquals(
- mIkeSessionStateMachine,
- mIkeSessionStateMachine.mIkeSocket.mSpiToIkeSession.get(
- rekeySaRecord.getLocalSpi()));
- }
-
- assertEquals(expectedState, mIkeSessionStateMachine.getCurrentState());
- }
-
- private IkeNetworkCallbackBase setupIdleStateMachineWithMobike() throws Exception {
- return setupIdleStateMachineWithMobike(true /* doesPeerSupportNatt */, true /* isIpv4 */);
- }
-
- private IkeNetworkCallbackBase setupIdleStateMachineWithMobike(
- boolean doesPeerSupportNatt, boolean isIpv4) throws Exception {
- IkeNetworkCallbackBase callback =
- verifyMobikeEnabled(
- true /* doesPeerSupportMobike */,
- doesPeerSupportNatt,
- isIpv4,
- false /* isEnforcePort4500*/,
- mMockDefaultNetwork);
-
- // reset IkeMessageHelper to make verifying outbound req easier
- resetMockIkeMessageHelper();
-
- mDummyChildSmCallback =
- createChildAndGetChildSessionSmCallback(
- mMockChildSessionStateMachine, CHILD_SPI_REMOTE, mMockChildSessionCallback);
-
- mIkeSessionStateMachine.sendMessage(
- IkeSessionStateMachine.CMD_FORCE_TRANSITION, mIkeSessionStateMachine.mIdle);
- mLooper.dispatchAll();
-
- return callback;
- }
-
- private void verifySetNetworkInIdleState(
- boolean doesPeerSupportNatt,
- boolean isIpv4BeforeNetworkChange,
- boolean isIpv4AfterNetworkChange)
- throws Exception {
- IkeNetworkCallbackBase callback =
- setupIdleStateMachineWithMobike(doesPeerSupportNatt, isIpv4BeforeNetworkChange);
-
- verifySetNetwork(
- callback,
- null /* rekeySaRecord */,
- mIkeSessionStateMachine.mMobikeLocalInfo,
- isIpv4AfterNetworkChange);
- assertTrue(
- getExpectedSocketType(doesPeerSupportNatt, isIpv4AfterNetworkChange)
- .isInstance(mIkeSessionStateMachine.mIkeSocket));
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testSetNetworkInIdleStateNattSupportedIpv4ToIpv6() throws Exception {
- verifySetNetworkInIdleState(
- true /* doesPeerSupportNatt */,
- true /* isIpv4BeforeNetworkChange */,
- false /* isIpv4AfterNetworkChange */);
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testSetNetworkInIdleStateNattSupportedIpv6ToIpv4() throws Exception {
- verifySetNetworkInIdleState(
- true /* doesPeerSupportNatt */,
- true /* isIpv4BeforeNetworkChange */,
- false /* isIpv4AfterNetworkChange */);
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testSetNetworkInIdleStateNattSupportedIpv4ToIpv4() throws Exception {
- verifySetNetworkInIdleState(
- true /* doesPeerSupportNatt */,
- true /* isIpv4BeforeNetworkChange */,
- true /* isIpv4AfterNetworkChange */);
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testSetNetworkInIdleStateNattUnsupportedIpv4ToIpv4() throws Exception {
- verifySetNetworkInIdleState(
- false /* doesPeerSupportNatt */,
- true /* isIpv4BeforeNetworkChange */,
- true /* isIpv4AfterNetworkChange */);
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testSetNetworkInIdleStateNattUnsupportedIpv6ToIpv6() throws Exception {
- verifySetNetworkInIdleState(
- false /* doesPeerSupportNatt */,
- false /* isIpv4BeforeNetworkChange */,
- false /* isIpv4AfterNetworkChange */);
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testSetNetworkLocalRekeyState() throws Exception {
- // Start IKE Session + transition to Idle
- IkeNetworkCallbackBase callback =
- verifyMobikeEnabled(true /* doesPeerSupportMobike */, mMockDefaultNetwork);
- mIkeSessionStateMachine.sendMessage(
- IkeSessionStateMachine.CMD_FORCE_TRANSITION, mIkeSessionStateMachine.mIdle);
-
- verifyRekeyIkeLocalCreateHandlesResponse();
-
- verifySetNetwork(
- callback,
- mIkeSessionStateMachine.mLocalInitNewIkeSaRecord,
- mIkeSessionStateMachine.mRekeyIkeLocalDelete);
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testSetNetworkRemoteRekeyState() throws Exception {
- // Start IKE Session + transition to remote rekey
- IkeNetworkCallbackBase callback =
- verifyMobikeEnabled(true /* doesPeerSupportMobike */, mMockDefaultNetwork);
-
- mIkeSessionStateMachine.mRemoteInitNewIkeSaRecord = mSpyRemoteInitIkeSaRecord;
- mIkeSessionStateMachine.addIkeSaRecord(mSpyRemoteInitIkeSaRecord);
- mIkeSessionStateMachine.sendMessage(
- IkeSessionStateMachine.CMD_FORCE_TRANSITION,
- mIkeSessionStateMachine.mRekeyIkeRemoteDelete);
- mLooper.dispatchAll();
-
- verifySetNetwork(
- callback,
- mIkeSessionStateMachine.mRemoteInitNewIkeSaRecord,
- mIkeSessionStateMachine.mRekeyIkeRemoteDelete);
- }
-
- private void verifyRcvRoutabilityCheckReqAndReply() throws Exception {
- // Receive a routability check request
- ReceivedIkePacket dummyRequest = makeRoutabilityCheckIkeRequest();
- mIkeSessionStateMachine.sendMessage(
- IkeSessionStateMachine.CMD_RECEIVE_IKE_PACKET, dummyRequest);
- mLooper.dispatchAll();
-
- IkeMessage resp = verifyAndGetOutboundInformationalResp();
-
- List<IkeNotifyPayload> notifyPayloads =
- resp.getPayloadListForType(PAYLOAD_TYPE_NOTIFY, IkeNotifyPayload.class);
- assertEquals(1, notifyPayloads.size());
- IkeNotifyPayload cookie2 = notifyPayloads.get(0);
- assertEquals(NOTIFY_TYPE_COOKIE2, cookie2.notifyType);
- assertArrayEquals(COOKIE2_DATA, cookie2.notifyData);
- }
-
- @Test
- public void testRcvRoutabilityCheckReqInIdle() throws Exception {
- setupIdleStateMachine();
-
- verifyRcvRoutabilityCheckReqAndReply();
- assertTrue(
- mIkeSessionStateMachine.getCurrentState() instanceof IkeSessionStateMachine.Idle);
- }
-
- @Test
- public void testRcvRoutabilityCheckReqInDpd() throws Exception {
- executeAndVerifySendLocalDPD();
- verifyRcvRoutabilityCheckReqAndReply();
- assertTrue(
- mIkeSessionStateMachine.getCurrentState()
- instanceof IkeSessionStateMachine.DpdIkeLocalInfo);
- }
-
- @Test
- public void testRcvRoutabilityCheckReqInChildProcedureOngoing() throws Exception {
- setupIdleStateMachine();
-
- mIkeSessionStateMachine.sendMessage(
- IkeSessionStateMachine.CMD_EXECUTE_LOCAL_REQ,
- mLocalRequestFactory.getChildLocalRequest(
- IkeSessionStateMachine.CMD_LOCAL_REQUEST_DELETE_CHILD,
- mMockChildSessionCallback,
- null /*childParams*/));
- mLooper.dispatchAll();
-
- // For conveniency to verify outbound routability check response, reset IkeMessageHelper to
- // forget sending Delete Child request
- resetMockIkeMessageHelper();
-
- verifyRcvRoutabilityCheckReqAndReply();
- assertTrue(
- mIkeSessionStateMachine.getCurrentState()
- instanceof IkeSessionStateMachine.ChildProcedureOngoing);
- }
-
- @Test
- public void testRcvRoutabilityCheckReqInLocalRekeyIkeCreate() throws Exception {
- setupIdleStateMachine();
-
- // Send Rekey-Create request
- mIkeSessionStateMachine.sendMessage(
- IkeSessionStateMachine.CMD_EXECUTE_LOCAL_REQ,
- mLocalRequestFactory.getIkeLocalRequest(
- IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_IKE));
- mLooper.dispatchAll();
-
- // For conveniency to verify outbound routability check response, reset IkeMessageHelper to
- // forget sending Rekey Create request
- resetMockIkeMessageHelper();
-
- verifyRcvRoutabilityCheckReqAndReply();
- assertTrue(
- mIkeSessionStateMachine.getCurrentState()
- instanceof IkeSessionStateMachine.RekeyIkeLocalCreate);
- }
-
- private void verifyMobikeLocalInfoSendsRequest(
- boolean migrateToIpv4,
- boolean natSupported,
- boolean natDetected,
- boolean expectNatDetection)
- throws Exception {
- // IKE Session is set up with IPv4 address and with NAT detected
- setupIdleStateMachineWithMobike();
-
- mIkeSessionStateMachine.mSupportNatTraversal = natSupported;
- mIkeSessionStateMachine.mLocalNatDetected = natDetected;
- mIkeSessionStateMachine.mRemoteNatDetected = natDetected;
-
- if (!migrateToIpv4) {
- mIkeSessionStateMachine.mLocalAddress = LOCAL_ADDRESS_V6;
- mIkeSessionStateMachine.mRemoteAddress = REMOTE_ADDRESS_V6;
- }
-
- mIkeSessionStateMachine.sendMessage(
- CMD_FORCE_TRANSITION, mIkeSessionStateMachine.mMobikeLocalInfo);
- mLooper.dispatchAll();
-
- verifyUpdateSaAddressesReq(expectNatDetection);
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testMobikeLocalInfoSendsRequestNatDetectedIpv4() throws Exception {
- verifyMobikeLocalInfoSendsRequest(
- true /* migrateToIpv4 */,
- true /* natSupported */,
- true /* natDetected */,
- true /* expectNatDetection */);
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testMobikeLocalInfoSendsRequestNatNotDetectedIpv4() throws Exception {
- verifyMobikeLocalInfoSendsRequest(
- true /* migrateToIpv4 */,
- true /* natSupported */,
- false /* natDetected */,
- true /* expectNatDetection */);
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testMobikeLocalInfoSendsRequestNattUnsupportedIpv4() throws Exception {
- verifyMobikeLocalInfoSendsRequest(
- true /* migrateToIpv4 */,
- false /* natSupported */,
- false /* natDetected */,
- false /* expectNatDetection */);
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testMobikeLocalInfoSendsRequestNatDetectedIpv6() throws Exception {
- verifyMobikeLocalInfoSendsRequest(
- false /* migrateToIpv4 */,
- true /* natSupported */,
- true /* natDetected */,
- true /* expectNatDetection */);
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testMobikeLocalInfoSendsRequestNatNotDetectedIpv6() throws Exception {
- verifyMobikeLocalInfoSendsRequest(
- false /* migrateToIpv4 */,
- true /* natSupported */,
- false /* natDetected */,
- false /* expectNatDetection */);
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testMobikeLocalInfoSendsRequestNattUnsupportedIpv6() throws Exception {
- verifyMobikeLocalInfoSendsRequest(
- false /* migrateToIpv4 */,
- false /* natSupported */,
- false /* natDetected */,
- false /* expectNatDetection */);
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testMobikeLocalInfoHandlesResponseWithNatDetection() throws Exception {
- setupIdleStateMachineWithMobike();
-
- mIkeSessionStateMachine.sendMessage(
- CMD_FORCE_TRANSITION, mIkeSessionStateMachine.mMobikeLocalInfo);
- mLooper.dispatchAll();
-
- verifyUpdateSaAddressesResp(
- true /* natTraversalSupported */,
- true /* localNatDetected */,
- true /* remoteNatDetected */,
- mIkeSessionStateMachine.mNetwork,
- mIkeSessionStateMachine.mLocalAddress,
- mIkeSessionStateMachine.mRemoteAddress);
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testMobikeLocalInfoHandlesResponseWithoutNatDetection() throws Exception {
- setupIdleStateMachineWithMobike();
- mIkeSessionStateMachine.mSupportNatTraversal = false;
- mIkeSessionStateMachine.mLocalNatDetected = false;
- mIkeSessionStateMachine.mRemoteNatDetected = false;
-
- mIkeSessionStateMachine.sendMessage(
- CMD_FORCE_TRANSITION, mIkeSessionStateMachine.mMobikeLocalInfo);
- mLooper.dispatchAll();
-
- verifyUpdateSaAddressesResp(
- false /* natTraversalSupported */,
- false /* localNatDetected */,
- false /* remoteNatDetected */,
- mIkeSessionStateMachine.mNetwork,
- mIkeSessionStateMachine.mLocalAddress,
- mIkeSessionStateMachine.mRemoteAddress);
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testMobikeLocalInfoHandlesResponseWithNatDetectedIpv6() throws Exception {
- setupIdleStateMachineWithMobike();
-
- // Migrate to Ipv6
- mIkeSessionStateMachine.mLocalAddress = LOCAL_ADDRESS_V6;
- mIkeSessionStateMachine.mRemoteAddress = REMOTE_ADDRESS_V6;
-
- mIkeSessionStateMachine.sendMessage(
- CMD_FORCE_TRANSITION, mIkeSessionStateMachine.mMobikeLocalInfo);
- mLooper.dispatchAll();
-
- // Send response with NAT_DETECTION payloads
- List<Integer> respPayloadTypeList = new ArrayList<>();
- List<String> respPayloadHexStringList = new ArrayList<>();
- respPayloadTypeList.add(PAYLOAD_TYPE_NOTIFY);
- respPayloadTypeList.add(PAYLOAD_TYPE_NOTIFY);
- respPayloadHexStringList.add(NAT_DETECTION_SOURCE_PAYLOAD_HEX_STRING);
- respPayloadHexStringList.add(NAT_DETECTION_DESTINATION_PAYLOAD_HEX_STRING);
-
- ReceivedIkePacket respIkePacket =
- makeDummyEncryptedReceivedIkePacket(
- mSpyCurrentIkeSaRecord,
- EXCHANGE_TYPE_INFORMATIONAL,
- true /* isResp */,
- respPayloadTypeList,
- respPayloadHexStringList);
- mIkeSessionStateMachine.sendMessage(CMD_RECEIVE_IKE_PACKET, respIkePacket);
- mLooper.dispatchAll();
-
- // Verify IKE Session was closed properly
- assertNull(mIkeSessionStateMachine.getCurrentState());
- verify(mMockIkeSessionCallback).onClosedWithException(any(IkeInternalException.class));
- }
-
- private void verifyUpdateSaAddressesReq(boolean expectNatDetection) throws Exception {
- List<IkePayload> reqPayloadList = verifyOutInfoMsgHeaderAndGetPayloads(false /* isResp */);
- int expectedPayloads = expectNatDetection ? 3 : 1;
- assertEquals(expectedPayloads, reqPayloadList.size());
- assertTrue(isNotifyExist(reqPayloadList, NOTIFY_TYPE_UPDATE_SA_ADDRESSES));
-
- if (expectNatDetection) {
- assertTrue(isNotifyExist(reqPayloadList, NOTIFY_TYPE_NAT_DETECTION_SOURCE_IP));
- assertTrue(isNotifyExist(reqPayloadList, NOTIFY_TYPE_NAT_DETECTION_DESTINATION_IP));
- }
- }
-
- private void verifyUpdateSaAddressesResp(
- boolean natTraversalSupported,
- boolean localNatDetected,
- boolean remoteNatDetected,
- Network expectedNetwork,
- InetAddress expectedLocalAddr,
- InetAddress expectedRemoteAddr)
- throws Exception {
- List<Integer> respPayloadTypeList = new ArrayList<>();
- List<String> respPayloadHexStringList = new ArrayList<>();
- if (natTraversalSupported) {
- respPayloadTypeList.add(PAYLOAD_TYPE_NOTIFY);
- respPayloadHexStringList.add(NAT_DETECTION_SOURCE_PAYLOAD_HEX_STRING);
-
- respPayloadTypeList.add(PAYLOAD_TYPE_NOTIFY);
- respPayloadHexStringList.add(NAT_DETECTION_DESTINATION_PAYLOAD_HEX_STRING);
- }
-
- ReceivedIkePacket respIkePacket =
- makeDummyEncryptedReceivedIkePacket(
- mSpyCurrentIkeSaRecord,
- EXCHANGE_TYPE_INFORMATIONAL,
- true /* isResp */,
- respPayloadTypeList,
- respPayloadHexStringList);
- mIkeSessionStateMachine.sendMessage(CMD_RECEIVE_IKE_PACKET, respIkePacket);
- mLooper.dispatchAll();
-
- assertEquals(natTraversalSupported, mIkeSessionStateMachine.mSupportNatTraversal);
- assertEquals(localNatDetected, mIkeSessionStateMachine.mLocalNatDetected);
- assertEquals(remoteNatDetected, mIkeSessionStateMachine.mRemoteNatDetected);
-
- ArgumentCaptor<IkeSessionConnectionInfo> connectionInfoCaptor =
- ArgumentCaptor.forClass(IkeSessionConnectionInfo.class);
- verify(mMockIkeSessionCallback)
- .onIkeSessionConnectionInfoChanged(connectionInfoCaptor.capture());
-
- IkeSessionConnectionInfo newConnectionInfo = connectionInfoCaptor.getValue();
- assertEquals(expectedNetwork, newConnectionInfo.getNetwork());
- assertEquals(expectedLocalAddr, newConnectionInfo.getLocalAddress());
- assertEquals(expectedRemoteAddr, newConnectionInfo.getRemoteAddress());
-
- // TODO(b/172015298): verify IPsec SAs migrated instead of rekey when kernel supports it
-
- // Verify that Child Rekey (MOBIKE) initiated after successful UPDATE_SA_ADDRESSES resp
- assertTrue(
- mIkeSessionStateMachine.getCurrentState()
- instanceof IkeSessionStateMachine.ChildProcedureOngoing);
- verify(mMockChildSessionStateMachine)
- .rekeyChildSessionForMobike(eq(expectedLocalAddr), eq(expectedRemoteAddr), any());
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testNattKeepaliveStoppedDuringMobilityEvent() throws Exception {
- IkeNetworkCallbackBase callback = setupIdleStateMachineWithMobike();
-
- verifySetNetwork(
- callback, null /* rekeySaRecord */, mIkeSessionStateMachine.mMobikeLocalInfo);
-
- // Keepalive for the old UDP encap socket stopped
- verify(mMockIkeNattKeepalive).stop();
-
- // Keepalive for the new UDP encap socket started
- assertNotNull(mIkeSessionStateMachine.mIkeNattKeepalive);
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testMobikeLocalInfoHandlesDeleteRequest() throws Exception {
- setupIdleStateMachineWithMobike();
-
- mIkeSessionStateMachine.sendMessage(
- CMD_FORCE_TRANSITION, mIkeSessionStateMachine.mMobikeLocalInfo);
- mLooper.dispatchAll();
-
- // Reset to ignore UPDATE_SA_ADDRESSES req sent when entering MobikeLocalInfo
- resetMockIkeMessageHelper();
-
- // Reset to ignore IkeSessionCallback#onOpened from setting up the state machine
- resetSpyUserCbExecutor();
-
- verifyIkeDeleteRequestHandled();
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testMobikeLocalInfoHandlesNonDeleteRequest() throws Exception {
- setupIdleStateMachineWithMobike();
-
- mIkeSessionStateMachine.sendMessage(
- CMD_FORCE_TRANSITION, mIkeSessionStateMachine.mMobikeLocalInfo);
- mLooper.dispatchAll();
-
- // Reset to ignore UPDATE_SA_ADDRESSES req sent when entering MobikeLocalInfo
- resetMockIkeMessageHelper();
-
- mIkeSessionStateMachine.sendMessage(
- CMD_RECEIVE_IKE_PACKET, makeRoutabilityCheckIkeRequest());
- mLooper.dispatchAll();
-
- verifyIncrementRemoteReqMsgId();
-
- List<IkePayload> respPayloads = verifyOutInfoMsgHeaderAndGetPayloads(true /* isResp */);
- assertEquals(1, respPayloads.size());
- IkeNotifyPayload notifyPayload = (IkeNotifyPayload) respPayloads.get(0);
- assertEquals(ERROR_TYPE_TEMPORARY_FAILURE, notifyPayload.notifyType);
-
- assertEquals(
- mIkeSessionStateMachine.mMobikeLocalInfo,
- mIkeSessionStateMachine.getCurrentState());
- }
-
- private void setupAndVerifyDnsLookupsOnSetNetwork(
- int dnsLookupsForSuccess, int expectedDnsLookups, boolean expectSessionClosed)
- throws Exception {
- final IkeNetworkCallbackBase callback = setupIdleStateMachineWithMobike();
-
- final Network newNetwork =
- mockNewNetworkAndAddress(
- false /* isIpv4 */,
- UPDATED_LOCAL_ADDRESS_V6,
- REMOTE_ADDRESS_V6,
- dnsLookupsForSuccess);
-
- mIkeSessionStateMachine.setNetwork(newNetwork);
- mLooper.dispatchAll();
-
- verify(newNetwork, times(expectedDnsLookups)).getAllByName(REMOTE_HOSTNAME);
- if (expectSessionClosed) {
- assertNull(mIkeSessionStateMachine.getCurrentState());
- verify(mMockIkeSessionCallback)
- .onClosedWithException(
- argThat(
- e ->
- e instanceof IkeInternalException
- && e.getCause() instanceof IOException));
- } else {
- assertTrue(mIkeSessionStateMachine.mRemoteAddressesV4.isEmpty());
- assertEquals(
- Arrays.asList(REMOTE_ADDRESS_V6), mIkeSessionStateMachine.mRemoteAddressesV6);
- verifyNetworkAndLocalAddressUpdated(
- newNetwork, UPDATED_LOCAL_ADDRESS_V6, REMOTE_ADDRESS_V6, callback);
- }
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testDnsLookupOnSetNetwork() throws Exception {
- setupAndVerifyDnsLookupsOnSetNetwork(
- 1 /* dnsLookupsForSuccess */,
- 1 /* expectedDnsLookups */,
- false /* expectSessionClosed */);
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testDnsLookupOnSetNetworkWithDnsRetries() throws Exception {
- setupAndVerifyDnsLookupsOnSetNetwork(
- 2 /* dnsLookupsForSuccess */,
- 2 /* expectedDnsLookups */,
- false /* expectSessionClosed */);
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testDnsLookupOnSetNetworkWithDnsFailure() throws Exception {
- // Require more lookups for successful DNS than IKE allows to force failure
- setupAndVerifyDnsLookupsOnSetNetwork(
- 4 /* dnsLookupsForSuccess */,
- 3 /* expectedDnsLookups */,
- true /* expectSessionClosed */);
- }
-
- @Test
- public void testNattKeepaliveDelayForHardwareKeepaliveImpl() throws Exception {
- IkeSessionParams sessionParams =
- buildIkeSessionParamsCommon()
- .setAuthPsk(mPsk)
- .setNattKeepAliveDelaySeconds(NATT_KEEPALIVE_DELAY)
- .build();
-
- // Restart IkeSessionStateMachine with NATT Keepalive delay configured
- setupFirstIkeSa();
- mIkeSessionStateMachine.quitNow();
- mIkeSessionStateMachine = makeAndStartIkeSession(sessionParams);
-
- mIkeSessionStateMachine.openSession();
- mLooper.dispatchAll();
-
- mIkeSessionStateMachine.sendMessage(CMD_RECEIVE_IKE_PACKET, makeIkeInitResponse());
- mLooper.dispatchAll();
-
- verify(mMockSocketKeepalive).start(eq(NATT_KEEPALIVE_DELAY));
- }
}
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeSessionTestBase.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeSessionTestBase.java
index 8d19e76..833e125 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeSessionTestBase.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeSessionTestBase.java
@@ -14,10 +14,10 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike;
+package com.android.internal.net.ipsec.ike;
-import static com.android.internal.net.ipsec.test.ike.IkeLocalRequestScheduler.LOCAL_REQUEST_WAKE_LOCK_TAG;
-import static com.android.internal.net.ipsec.test.ike.IkeSessionStateMachine.BUSY_WAKE_LOCK_TAG;
+import static com.android.internal.net.ipsec.ike.IkeLocalRequestScheduler.LOCAL_REQUEST_WAKE_LOCK_TAG;
+import static com.android.internal.net.ipsec.ike.IkeSessionStateMachine.BUSY_WAKE_LOCK_TAG;
import static org.mockito.ArgumentMatchers.argThat;
import static org.mockito.Matchers.any;
@@ -27,7 +27,6 @@
import static org.mockito.Mockito.doReturn;
import static org.mockito.Mockito.eq;
import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.reset;
import static org.mockito.Mockito.spy;
import android.content.Context;
@@ -42,30 +41,20 @@
import android.os.Handler;
import android.os.PowerManager;
-import com.android.internal.net.ipsec.test.ike.testutils.MockIpSecTestUtils;
-import com.android.internal.net.ipsec.test.ike.utils.IkeAlarmReceiver;
-import com.android.internal.net.ipsec.test.ike.utils.RandomnessFactory;
+import com.android.internal.net.ipsec.ike.testutils.MockIpSecTestUtils;
+import com.android.internal.net.ipsec.ike.utils.IkeAlarmReceiver;
+import com.android.internal.net.ipsec.ike.utils.RandomnessFactory;
import org.junit.Before;
import java.net.Inet4Address;
-import java.net.Inet6Address;
-import java.net.InetAddress;
import java.util.concurrent.Executor;
public abstract class IkeSessionTestBase {
protected static final Inet4Address LOCAL_ADDRESS =
(Inet4Address) InetAddresses.parseNumericAddress("192.0.2.200");
- protected static final Inet4Address UPDATED_LOCAL_ADDRESS =
- (Inet4Address) InetAddresses.parseNumericAddress("192.0.2.201");
protected static final Inet4Address REMOTE_ADDRESS =
(Inet4Address) InetAddresses.parseNumericAddress("127.0.0.1");
- protected static final Inet6Address LOCAL_ADDRESS_V6 =
- (Inet6Address) InetAddresses.parseNumericAddress("2001:db8::200");
- protected static final Inet6Address UPDATED_LOCAL_ADDRESS_V6 =
- (Inet6Address) InetAddresses.parseNumericAddress("2001:db8::201");
- protected static final Inet6Address REMOTE_ADDRESS_V6 =
- (Inet6Address) InetAddresses.parseNumericAddress("::1");
protected static final String REMOTE_HOSTNAME = "ike.test.android.com";
protected PowerManager.WakeLock mMockBusyWakelock;
@@ -109,26 +98,15 @@
.when(mPowerManager)
.newWakeLock(anyInt(), argThat(tag -> tag.contains(LOCAL_REQUEST_WAKE_LOCK_TAG)));
+ mMockConnectManager = mock(ConnectivityManager.class);
mMockDefaultNetwork = mock(Network.class);
- resetDefaultNetwork();
+ doReturn(mMockDefaultNetwork).when(mMockConnectManager).getActiveNetwork();
+ doReturn(REMOTE_ADDRESS).when(mMockDefaultNetwork).getByName(REMOTE_HOSTNAME);
+ doReturn(REMOTE_ADDRESS)
+ .when(mMockDefaultNetwork)
+ .getByName(REMOTE_ADDRESS.getHostAddress());
mMockSocketKeepalive = mock(SocketKeepalive.class);
-
- mMockNetworkCapabilities = mock(NetworkCapabilities.class);
- doReturn(false)
- .when(mMockNetworkCapabilities)
- .hasTransport(RandomnessFactory.TRANSPORT_TEST);
-
- mMockConnectManager = mock(ConnectivityManager.class);
- doReturn(mMockConnectManager)
- .when(mSpyContext)
- .getSystemService(Context.CONNECTIVITY_SERVICE);
- resetMockConnectManager();
- }
-
- protected void resetMockConnectManager() {
- reset(mMockConnectManager);
- doReturn(mMockDefaultNetwork).when(mMockConnectManager).getActiveNetwork();
doReturn(mMockSocketKeepalive)
.when(mMockConnectManager)
.createSocketKeepalive(
@@ -138,18 +116,16 @@
any(Inet4Address.class),
any(Executor.class),
any(SocketKeepalive.Callback.class));
+ doReturn(mMockConnectManager)
+ .when(mSpyContext)
+ .getSystemService(Context.CONNECTIVITY_SERVICE);
+
+ mMockNetworkCapabilities = mock(NetworkCapabilities.class);
doReturn(mMockNetworkCapabilities)
.when(mMockConnectManager)
.getNetworkCapabilities(any(Network.class));
- }
-
- protected void resetDefaultNetwork() throws Exception {
- reset(mMockDefaultNetwork);
- doReturn(new InetAddress[] {REMOTE_ADDRESS})
- .when(mMockDefaultNetwork)
- .getAllByName(REMOTE_HOSTNAME);
- doReturn(new InetAddress[] {REMOTE_ADDRESS})
- .when(mMockDefaultNetwork)
- .getAllByName(REMOTE_ADDRESS.getHostAddress());
+ doReturn(false)
+ .when(mMockNetworkCapabilities)
+ .hasTransport(RandomnessFactory.TRANSPORT_TEST);
}
}
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeSocketConfigTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeSocketConfigTest.java
deleted file mode 100644
index 62e68d1..0000000
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeSocketConfigTest.java
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.ipsec.test.ike;
-
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotEquals;
-import static org.junit.Assert.assertNotSame;
-import static org.mockito.Mockito.mock;
-
-import android.net.Network;
-
-import org.junit.Before;
-import org.junit.Test;
-
-public final class IkeSocketConfigTest {
- private static final int DUMMY_DSCP = 8;
-
- private Network mMockNetwork;
-
- @Before
- public void setup() throws Exception {
- mMockNetwork = mock(Network.class);
- }
-
- private IkeSocketConfig buildTestConfig() {
- return new IkeSocketConfig(mMockNetwork, DUMMY_DSCP);
- }
-
- @Test
- public void testBuild() {
- final IkeSocketConfig config = buildTestConfig();
-
- assertEquals(mMockNetwork, config.getNetwork());
- assertEquals(DUMMY_DSCP, config.getDscp());
- }
-
- @Test
- public void testEquals() {
- final IkeSocketConfig config = buildTestConfig();
- final IkeSocketConfig otherConfig = buildTestConfig();
-
- assertEquals(config, otherConfig);
- assertNotSame(config, otherConfig);
- }
-
- @Test
- public void testNotEqualsIfNetworkIsDifferent() {
- assertNotEquals(buildTestConfig(), new IkeSocketConfig(mock(Network.class), DUMMY_DSCP));
- }
-
- @Test
- public void testNotEqualsIfDscpIsDifferent() {
- final int dscp = 48;
- assertNotEquals(buildTestConfig(), new IkeSocketConfig(mMockNetwork, dscp));
- }
-}
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeSocketTestBase.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeSocketTestBase.java
index d54f2f2..2363cff 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeSocketTestBase.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeSocketTestBase.java
@@ -14,19 +14,11 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike;
+package com.android.internal.net.ipsec.ike;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotEquals;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import static org.mockito.Mockito.any;
-import static org.mockito.Mockito.eq;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.reset;
-import static org.mockito.Mockito.spy;
-import static org.mockito.Mockito.verify;
import android.net.InetAddresses;
import android.net.Network;
@@ -36,13 +28,8 @@
import android.util.Log;
import android.util.LongSparseArray;
-import com.android.internal.net.TestUtils;
-import com.android.internal.net.ipsec.test.ike.message.IkeHeader;
-import com.android.internal.util.HexDump;
-
import org.junit.After;
import org.junit.Before;
-import org.mockito.ArgumentCaptor;
import java.io.FileDescriptor;
import java.io.IOException;
@@ -87,9 +74,7 @@
protected final LongSparseArray mSpiToIkeStateMachineMap =
new LongSparseArray<IkeSessionStateMachine>();
- protected static final int DUMMY_DSCP = 36;
- protected final IkeSocketConfig mSpyIkeSocketConfig =
- spy(new IkeSocketConfig(mock(Network.class), DUMMY_DSCP));
+ protected final Network mMockNetwork = mock(Network.class);
protected final IkeSessionStateMachine mMockIkeSessionStateMachine =
mock(IkeSessionStateMachine.class);
@@ -112,7 +97,7 @@
Os.close(mDummyRemoteServerFd);
}
- protected abstract void setPacketReceiver(IkeSocket.IPacketReceiver packetReceiver);
+ protected abstract IkeSocket.IPacketReceiver getPacketReceiver();
protected static FileDescriptor getBoundUdpSocket(InetAddress address) throws Exception {
FileDescriptor sock =
@@ -221,135 +206,4 @@
reset();
}
}
-
- protected interface IkeSocketFactory {
- IkeSocket getIkeSocket(IkeSocketConfig sockConfig, IkeSessionStateMachine ikeSession)
- throws ErrnoException, IOException;
- }
-
- private static void verifySocketConfigIsApplied(
- IkeSocketConfig spySockConfig, IkeSocket ikeSocket) throws Exception {
- verify(spySockConfig).getNetwork();
- verify(spySockConfig).getDscp();
- verify(spySockConfig.getNetwork()).bindSocket(eq(ikeSocket.getFd()));
- }
-
- protected void verifyGetAndCloseIkeSocketSameConfig(
- IkeSocketFactory ikeUdpSocketFactory, int expectedServerPort) throws Exception {
- IkeSessionStateMachine mockIkeSessionOne = mock(IkeSessionStateMachine.class);
- IkeSessionStateMachine mockIkeSessionTwo = mock(IkeSessionStateMachine.class);
-
- IkeSocket ikeSocketOne =
- ikeUdpSocketFactory.getIkeSocket(mSpyIkeSocketConfig, mockIkeSessionOne);
- assertEquals(expectedServerPort, ikeSocketOne.getIkeServerPort());
- assertEquals(1, ikeSocketOne.mAliveIkeSessions.size());
-
- IkeSocket ikeSocketTwo =
- ikeUdpSocketFactory.getIkeSocket(mSpyIkeSocketConfig, mockIkeSessionTwo);
- assertEquals(expectedServerPort, ikeSocketTwo.getIkeServerPort());
- assertEquals(2, ikeSocketTwo.mAliveIkeSessions.size());
- assertEquals(ikeSocketOne, ikeSocketTwo);
-
- verifySocketConfigIsApplied(mSpyIkeSocketConfig, ikeSocketOne);
-
- ikeSocketOne.releaseReference(mockIkeSessionOne);
- assertEquals(1, ikeSocketOne.mAliveIkeSessions.size());
- assertTrue(isFdOpen(ikeSocketOne.getFd()));
-
- ikeSocketTwo.releaseReference(mockIkeSessionTwo);
- assertEquals(0, ikeSocketTwo.mAliveIkeSessions.size());
- verifyCloseFd(ikeSocketTwo.getFd());
- }
-
- protected void verifyGetAndCloseIkeSocketDifferentConfig(
- IkeSocketFactory ikeUdpSocketFactory, int expectedServerPort) throws Exception {
- IkeSessionStateMachine mockIkeSessionOne = mock(IkeSessionStateMachine.class);
- IkeSessionStateMachine mockIkeSessionTwo = mock(IkeSessionStateMachine.class);
-
- IkeSocketConfig spySockConfigOne =
- spy(new IkeSocketConfig(mock(Network.class), DUMMY_DSCP));
- IkeSocketConfig spySockConfigTwo =
- spy(new IkeSocketConfig(mock(Network.class), DUMMY_DSCP));
-
- IkeSocket ikeSocketOne =
- ikeUdpSocketFactory.getIkeSocket(spySockConfigOne, mockIkeSessionOne);
- assertEquals(expectedServerPort, ikeSocketOne.getIkeServerPort());
- assertEquals(1, ikeSocketOne.mAliveIkeSessions.size());
-
- IkeSocket ikeSocketTwo =
- ikeUdpSocketFactory.getIkeSocket(spySockConfigTwo, mockIkeSessionTwo);
- assertEquals(expectedServerPort, ikeSocketTwo.getIkeServerPort());
- assertEquals(1, ikeSocketTwo.mAliveIkeSessions.size());
-
- assertNotEquals(ikeSocketOne, ikeSocketTwo);
-
- ArgumentCaptor<FileDescriptor> fdCaptorOne = ArgumentCaptor.forClass(FileDescriptor.class);
- ArgumentCaptor<FileDescriptor> fdCaptorTwo = ArgumentCaptor.forClass(FileDescriptor.class);
-
- verifySocketConfigIsApplied(spySockConfigOne, ikeSocketOne);
- verifySocketConfigIsApplied(spySockConfigTwo, ikeSocketTwo);
-
- FileDescriptor fdOne = ikeSocketOne.getFd();
- FileDescriptor fdTwo = ikeSocketTwo.getFd();
- assertNotNull(fdOne);
- assertNotNull(fdTwo);
- assertNotEquals(fdOne, fdTwo);
-
- ikeSocketOne.releaseReference(mockIkeSessionOne);
- assertEquals(0, ikeSocketOne.mAliveIkeSessions.size());
- verifyCloseFd(ikeSocketOne.getFd());
-
- ikeSocketTwo.releaseReference(mockIkeSessionTwo);
- assertEquals(0, ikeSocketTwo.mAliveIkeSessions.size());
- verifyCloseFd(ikeSocketTwo.getFd());
- }
-
- protected void verifyHandlePacket(
- byte[] receivedPacket, IkeSocket.IPacketReceiver packetReceiver) throws Exception {
- packetReceiver.handlePacket(receivedPacket, mSpiToIkeStateMachineMap);
-
- byte[] expectedIkePacketBytes = TestUtils.hexStringToByteArray(IKE_REQ_MESSAGE_HEX_STRING);
- ArgumentCaptor<IkeHeader> ikeHeaderCaptor = ArgumentCaptor.forClass(IkeHeader.class);
- verify(mMockIkeSessionStateMachine)
- .receiveIkePacket(ikeHeaderCaptor.capture(), eq(expectedIkePacketBytes));
-
- IkeHeader capturedIkeHeader = ikeHeaderCaptor.getValue();
- assertEquals(REMOTE_SPI, capturedIkeHeader.ikeInitiatorSpi);
- assertEquals(LOCAL_SPI, capturedIkeHeader.ikeResponderSpi);
- }
-
- protected void verifyIkeUdpSocketReceivePacket(
- IkeSocketFactory ikeUdpSocketFactory, IkeSocket.IPacketReceiver packetReceiver)
- throws Exception {
- verifyIkeUdpSocketReceivePacket(
- ikeUdpSocketFactory, packetReceiver, IKE_REQ_MESSAGE_HEX_STRING);
- }
-
- protected void verifyIkeUdpSocketReceivePacket(
- IkeSocketFactory ikeUdpSocketFactory,
- IkeSocket.IPacketReceiver packetReceiver,
- String messageToProcessHexString)
- throws Exception {
- IkeSessionStateMachine mockIkeSession = mock(IkeSessionStateMachine.class);
- IkeUdpSocket ikeSocket =
- (IkeUdpSocket)
- ikeUdpSocketFactory.getIkeSocket(mSpyIkeSocketConfig, mockIkeSession);
- assertNotNull(ikeSocket);
-
- // Set up state
- ikeSocket.registerIke(LOCAL_SPI, mockIkeSession);
- IkeSocket.IPacketReceiver mockPacketReceiver = mock(IkeSocket.IPacketReceiver.class);
- setPacketReceiver(mockPacketReceiver);
- try {
- // Send a packet
- byte[] pktBytes = HexDump.hexStringToByteArray(messageToProcessHexString);
- ikeSocket.handlePacket(pktBytes, pktBytes.length);
-
- verify(mockPacketReceiver).handlePacket(eq(pktBytes), any());
-
- } finally {
- ikeSocket.releaseReference(mockIkeSession);
- setPacketReceiver(packetReceiver);
- }
- }
}
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeUdp4SocketTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeUdp4SocketTest.java
index 7b419e2..ee05885 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeUdp4SocketTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeUdp4SocketTest.java
@@ -14,61 +14,139 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike;
+package com.android.internal.net.ipsec.ike;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.any;
+import static org.mockito.Mockito.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+
+import android.net.Network;
import android.os.Handler;
import android.os.test.TestLooper;
-import android.system.ErrnoException;
import com.android.internal.net.TestUtils;
+import com.android.internal.net.ipsec.ike.message.IkeHeader;
+import com.android.internal.util.HexDump;
import org.junit.Test;
+import org.mockito.ArgumentCaptor;
-import java.io.IOException;
+import java.io.FileDescriptor;
+// TODO: Combine this and IkeUdp6SocketTest, and take a Factory method as an input.
public final class IkeUdp4SocketTest extends IkeSocketTestBase {
private final TestLooper mLooper = new TestLooper();
private final Handler mHandler = new Handler(mLooper.getLooper());
- private final IkeSocketFactory mIkeSocketFactory =
- new IkeSocketFactory() {
- @Override
- public IkeSocket getIkeSocket(
- IkeSocketConfig ikeSockConfig, IkeSessionStateMachine ikeSession)
- throws ErrnoException, IOException {
- return IkeUdp4Socket.getInstance(ikeSockConfig, ikeSession, mHandler);
- }
- };
-
- private IkeSocket.IPacketReceiver getPacketReceiver() {
+ @Override
+ protected IkeSocket.IPacketReceiver getPacketReceiver() {
return new IkeUdpSocket.PacketReceiver();
}
- @Override
- protected void setPacketReceiver(IkeSocket.IPacketReceiver packetReceiver) {
- IkeUdpSocket.setPacketReceiver(packetReceiver);
+ @Test
+ public void testGetAndCloseIkeUdp4SocketSameNetwork() throws Exception {
+ IkeSessionStateMachine mockIkeSessionOne = mock(IkeSessionStateMachine.class);
+ IkeSessionStateMachine mockIkeSessionTwo = mock(IkeSessionStateMachine.class);
+
+ IkeUdp4Socket ikeSocketOne =
+ IkeUdp4Socket.getInstance(mMockNetwork, mockIkeSessionOne, mHandler);
+ assertEquals(1, ikeSocketOne.mAliveIkeSessions.size());
+
+ IkeUdp4Socket ikeSocketTwo =
+ IkeUdp4Socket.getInstance(mMockNetwork, mockIkeSessionTwo, mHandler);
+ assertEquals(2, ikeSocketTwo.mAliveIkeSessions.size());
+ assertEquals(ikeSocketOne, ikeSocketTwo);
+
+ verify(mMockNetwork).bindSocket(eq(ikeSocketOne.getFd()));
+
+ ikeSocketOne.releaseReference(mockIkeSessionOne);
+ assertEquals(1, ikeSocketOne.mAliveIkeSessions.size());
+ assertTrue(isFdOpen(ikeSocketOne.getFd()));
+
+ ikeSocketTwo.releaseReference(mockIkeSessionTwo);
+ assertEquals(0, ikeSocketTwo.mAliveIkeSessions.size());
+ verifyCloseFd(ikeSocketTwo.getFd());
}
@Test
- public void testGetAndCloseIkeUdp6SocketSameNetwork() throws Exception {
- verifyGetAndCloseIkeSocketSameConfig(
- mIkeSocketFactory, IkeSocket.SERVER_PORT_NON_UDP_ENCAPSULATED);
- }
+ public void testGetAndCloseIkeUdp4SocketDifferentNetwork() throws Exception {
+ IkeSessionStateMachine mockIkeSessionOne = mock(IkeSessionStateMachine.class);
+ IkeSessionStateMachine mockIkeSessionTwo = mock(IkeSessionStateMachine.class);
- @Test
- public void testGetAndCloseIkeUdp6SocketDifferentNetwork() throws Exception {
- verifyGetAndCloseIkeSocketDifferentConfig(
- mIkeSocketFactory, IkeSocket.SERVER_PORT_NON_UDP_ENCAPSULATED);
+ Network mockNetworkOne = mock(Network.class);
+ Network mockNetworkTwo = mock(Network.class);
+
+ IkeUdp4Socket ikeSocketOne =
+ IkeUdp4Socket.getInstance(mockNetworkOne, mockIkeSessionOne, mHandler);
+ assertEquals(1, ikeSocketOne.mAliveIkeSessions.size());
+
+ IkeUdp4Socket ikeSocketTwo =
+ IkeUdp4Socket.getInstance(mockNetworkTwo, mockIkeSessionTwo, mHandler);
+ assertEquals(1, ikeSocketTwo.mAliveIkeSessions.size());
+
+ assertNotEquals(ikeSocketOne, ikeSocketTwo);
+
+ ArgumentCaptor<FileDescriptor> fdCaptorOne = ArgumentCaptor.forClass(FileDescriptor.class);
+ ArgumentCaptor<FileDescriptor> fdCaptorTwo = ArgumentCaptor.forClass(FileDescriptor.class);
+ verify(mockNetworkOne).bindSocket(fdCaptorOne.capture());
+ verify(mockNetworkTwo).bindSocket(fdCaptorTwo.capture());
+
+ FileDescriptor fdOne = fdCaptorOne.getValue();
+ FileDescriptor fdTwo = fdCaptorTwo.getValue();
+ assertNotNull(fdOne);
+ assertNotNull(fdTwo);
+ assertNotEquals(fdOne, fdTwo);
+
+ ikeSocketOne.releaseReference(mockIkeSessionOne);
+ assertEquals(0, ikeSocketOne.mAliveIkeSessions.size());
+ verifyCloseFd(ikeSocketOne.getFd());
+
+ ikeSocketTwo.releaseReference(mockIkeSessionTwo);
+ assertEquals(0, ikeSocketTwo.mAliveIkeSessions.size());
+ verifyCloseFd(ikeSocketTwo.getFd());
}
@Test
public void testReceiveIkePacket() throws Exception {
- verifyIkeUdpSocketReceivePacket(mIkeSocketFactory, getPacketReceiver());
+ IkeSessionStateMachine mockIkeSession = mock(IkeSessionStateMachine.class);
+ IkeUdp4Socket ikeSocket = IkeUdp4Socket.getInstance(mMockNetwork, mockIkeSession, mHandler);
+ assertNotNull(ikeSocket);
+
+ // Set up state
+ ikeSocket.registerIke(LOCAL_SPI, mockIkeSession);
+ IkeSocket.IPacketReceiver packetReceiver = mock(IkeSocket.IPacketReceiver.class);
+ IkeUdpSocket.setPacketReceiver(packetReceiver);
+ try {
+ // Send a packet
+ byte[] pktBytes = HexDump.hexStringToByteArray(IKE_REQ_MESSAGE_HEX_STRING);
+ ikeSocket.handlePacket(pktBytes, pktBytes.length);
+
+ verify(packetReceiver).handlePacket(eq(pktBytes), any());
+
+ } finally {
+ ikeSocket.releaseReference(mockIkeSession);
+ IkeUdpSocket.setPacketReceiver(getPacketReceiver());
+ }
}
@Test
public void testHandlePacket() throws Exception {
- verifyHandlePacket(
- TestUtils.hexStringToByteArray(IKE_REQ_MESSAGE_HEX_STRING), getPacketReceiver());
+ byte[] recvBuf = TestUtils.hexStringToByteArray(IKE_REQ_MESSAGE_HEX_STRING);
+
+ getPacketReceiver().handlePacket(recvBuf, mSpiToIkeStateMachineMap);
+
+ byte[] expectedIkePacketBytes = TestUtils.hexStringToByteArray(IKE_REQ_MESSAGE_HEX_STRING);
+ ArgumentCaptor<IkeHeader> ikeHeaderCaptor = ArgumentCaptor.forClass(IkeHeader.class);
+ verify(mMockIkeSessionStateMachine)
+ .receiveIkePacket(ikeHeaderCaptor.capture(), eq(expectedIkePacketBytes));
+
+ IkeHeader capturedIkeHeader = ikeHeaderCaptor.getValue();
+ assertEquals(REMOTE_SPI, capturedIkeHeader.ikeInitiatorSpi);
+ assertEquals(LOCAL_SPI, capturedIkeHeader.ikeResponderSpi);
}
}
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeUdp6SocketTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeUdp6SocketTest.java
index 2726a69..7c6e30d 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeUdp6SocketTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeUdp6SocketTest.java
@@ -14,61 +14,139 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike;
+package com.android.internal.net.ipsec.ike;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.any;
+import static org.mockito.Mockito.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+
+import android.net.Network;
import android.os.Handler;
import android.os.test.TestLooper;
-import android.system.ErrnoException;
import com.android.internal.net.TestUtils;
+import com.android.internal.net.ipsec.ike.message.IkeHeader;
+import com.android.internal.util.HexDump;
import org.junit.Test;
+import org.mockito.ArgumentCaptor;
-import java.io.IOException;
+import java.io.FileDescriptor;
+// TODO: Combine this and IkeUdp4SocketTest, and take a Factory method as an input.
public final class IkeUdp6SocketTest extends IkeSocketTestBase {
private final TestLooper mLooper = new TestLooper();
private final Handler mHandler = new Handler(mLooper.getLooper());
- private final IkeSocketFactory mIkeSocketFactory =
- new IkeSocketFactory() {
- @Override
- public IkeSocket getIkeSocket(
- IkeSocketConfig ikeSockConfig, IkeSessionStateMachine ikeSession)
- throws ErrnoException, IOException {
- return IkeUdp6Socket.getInstance(ikeSockConfig, ikeSession, mHandler);
- }
- };
-
- private IkeSocket.IPacketReceiver getPacketReceiver() {
- return new IkeUdpSocket.PacketReceiver();
- }
-
@Override
- protected void setPacketReceiver(IkeSocket.IPacketReceiver packetReceiver) {
- IkeUdpSocket.setPacketReceiver(packetReceiver);
+ protected IkeSocket.IPacketReceiver getPacketReceiver() {
+ return new IkeUdpSocket.PacketReceiver();
}
@Test
public void testGetAndCloseIkeUdp6SocketSameNetwork() throws Exception {
- verifyGetAndCloseIkeSocketSameConfig(
- mIkeSocketFactory, IkeSocket.SERVER_PORT_NON_UDP_ENCAPSULATED);
+ IkeSessionStateMachine mockIkeSessionOne = mock(IkeSessionStateMachine.class);
+ IkeSessionStateMachine mockIkeSessionTwo = mock(IkeSessionStateMachine.class);
+
+ IkeUdp6Socket ikeSocketOne =
+ IkeUdp6Socket.getInstance(mMockNetwork, mockIkeSessionOne, mHandler);
+ assertEquals(1, ikeSocketOne.mAliveIkeSessions.size());
+
+ IkeUdp6Socket ikeSocketTwo =
+ IkeUdp6Socket.getInstance(mMockNetwork, mockIkeSessionTwo, mHandler);
+ assertEquals(2, ikeSocketTwo.mAliveIkeSessions.size());
+ assertEquals(ikeSocketOne, ikeSocketTwo);
+
+ verify(mMockNetwork).bindSocket(eq(ikeSocketOne.getFd()));
+
+ ikeSocketOne.releaseReference(mockIkeSessionOne);
+ assertEquals(1, ikeSocketOne.mAliveIkeSessions.size());
+ assertTrue(isFdOpen(ikeSocketOne.getFd()));
+
+ ikeSocketTwo.releaseReference(mockIkeSessionTwo);
+ assertEquals(0, ikeSocketTwo.mAliveIkeSessions.size());
+ verifyCloseFd(ikeSocketTwo.getFd());
}
@Test
public void testGetAndCloseIkeUdp6SocketDifferentNetwork() throws Exception {
- verifyGetAndCloseIkeSocketDifferentConfig(
- mIkeSocketFactory, IkeSocket.SERVER_PORT_NON_UDP_ENCAPSULATED);
+ IkeSessionStateMachine mockIkeSessionOne = mock(IkeSessionStateMachine.class);
+ IkeSessionStateMachine mockIkeSessionTwo = mock(IkeSessionStateMachine.class);
+
+ Network mockNetworkOne = mock(Network.class);
+ Network mockNetworkTwo = mock(Network.class);
+
+ IkeUdp6Socket ikeSocketOne =
+ IkeUdp6Socket.getInstance(mockNetworkOne, mockIkeSessionOne, mHandler);
+ assertEquals(1, ikeSocketOne.mAliveIkeSessions.size());
+
+ IkeUdp6Socket ikeSocketTwo =
+ IkeUdp6Socket.getInstance(mockNetworkTwo, mockIkeSessionTwo, mHandler);
+ assertEquals(1, ikeSocketTwo.mAliveIkeSessions.size());
+
+ assertNotEquals(ikeSocketOne, ikeSocketTwo);
+
+ ArgumentCaptor<FileDescriptor> fdCaptorOne = ArgumentCaptor.forClass(FileDescriptor.class);
+ ArgumentCaptor<FileDescriptor> fdCaptorTwo = ArgumentCaptor.forClass(FileDescriptor.class);
+ verify(mockNetworkOne).bindSocket(fdCaptorOne.capture());
+ verify(mockNetworkTwo).bindSocket(fdCaptorTwo.capture());
+
+ FileDescriptor fdOne = fdCaptorOne.getValue();
+ FileDescriptor fdTwo = fdCaptorTwo.getValue();
+ assertNotNull(fdOne);
+ assertNotNull(fdTwo);
+ assertNotEquals(fdOne, fdTwo);
+
+ ikeSocketOne.releaseReference(mockIkeSessionOne);
+ assertEquals(0, ikeSocketOne.mAliveIkeSessions.size());
+ verifyCloseFd(ikeSocketOne.getFd());
+
+ ikeSocketTwo.releaseReference(mockIkeSessionTwo);
+ assertEquals(0, ikeSocketTwo.mAliveIkeSessions.size());
+ verifyCloseFd(ikeSocketTwo.getFd());
}
@Test
public void testReceiveIkePacket() throws Exception {
- verifyIkeUdpSocketReceivePacket(mIkeSocketFactory, getPacketReceiver());
+ IkeSessionStateMachine mockIkeSession = mock(IkeSessionStateMachine.class);
+ IkeUdp6Socket ikeSocket = IkeUdp6Socket.getInstance(mMockNetwork, mockIkeSession, mHandler);
+ assertNotNull(ikeSocket);
+
+ // Set up state
+ ikeSocket.registerIke(LOCAL_SPI, mockIkeSession);
+ IkeSocket.IPacketReceiver packetReceiver = mock(IkeSocket.IPacketReceiver.class);
+ IkeUdpSocket.setPacketReceiver(packetReceiver);
+ try {
+ // Send a packet
+ byte[] pktBytes = HexDump.hexStringToByteArray(IKE_REQ_MESSAGE_HEX_STRING);
+ ikeSocket.handlePacket(pktBytes, pktBytes.length);
+
+ verify(packetReceiver).handlePacket(eq(pktBytes), any());
+
+ } finally {
+ ikeSocket.releaseReference(mockIkeSession);
+ IkeUdpSocket.setPacketReceiver(getPacketReceiver());
+ }
}
@Test
public void testHandlePacket() throws Exception {
- verifyHandlePacket(
- TestUtils.hexStringToByteArray(IKE_REQ_MESSAGE_HEX_STRING), getPacketReceiver());
+ byte[] recvBuf = TestUtils.hexStringToByteArray(IKE_REQ_MESSAGE_HEX_STRING);
+
+ getPacketReceiver().handlePacket(recvBuf, mSpiToIkeStateMachineMap);
+
+ byte[] expectedIkePacketBytes = TestUtils.hexStringToByteArray(IKE_REQ_MESSAGE_HEX_STRING);
+ ArgumentCaptor<IkeHeader> ikeHeaderCaptor = ArgumentCaptor.forClass(IkeHeader.class);
+ verify(mMockIkeSessionStateMachine)
+ .receiveIkePacket(ikeHeaderCaptor.capture(), eq(expectedIkePacketBytes));
+
+ IkeHeader capturedIkeHeader = ikeHeaderCaptor.getValue();
+ assertEquals(REMOTE_SPI, capturedIkeHeader.ikeInitiatorSpi);
+ assertEquals(LOCAL_SPI, capturedIkeHeader.ikeResponderSpi);
}
}
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeUdp6WithEncapPortSocketTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeUdp6WithEncapPortSocketTest.java
deleted file mode 100644
index 4f85917..0000000
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeUdp6WithEncapPortSocketTest.java
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.ipsec.test.ike;
-
-import android.os.Handler;
-import android.os.test.TestLooper;
-import android.system.ErrnoException;
-
-import com.android.internal.net.TestUtils;
-
-import org.junit.Test;
-
-import java.io.IOException;
-
-public final class IkeUdp6WithEncapPortSocketTest extends IkeSocketTestBase {
- private final TestLooper mLooper = new TestLooper();
- private final Handler mHandler = new Handler(mLooper.getLooper());
-
- private final IkeSocketFactory mIkeSocketFactory =
- new IkeSocketFactory() {
- @Override
- public IkeSocket getIkeSocket(
- IkeSocketConfig ikeSockConfig, IkeSessionStateMachine ikeSession)
- throws ErrnoException, IOException {
- return IkeUdp6WithEncapPortSocket.getIkeUdpEncapSocket(
- ikeSockConfig, ikeSession, mHandler);
- }
- };
-
- private IkeSocket.IPacketReceiver getPacketReceiver() {
- return new IkeUdpEncapPortPacketHandler.PacketReceiver();
- }
-
- @Override
- protected void setPacketReceiver(IkeSocket.IPacketReceiver packetReceiver) {
- IkeUdp6WithEncapPortSocket.setPacketReceiver(packetReceiver);
- }
-
- @Test
- public void testGetAndCloseIkeUdp6WithEncapPortSocketTestSameNetwork() throws Exception {
- verifyGetAndCloseIkeSocketSameConfig(
- mIkeSocketFactory, IkeSocket.SERVER_PORT_UDP_ENCAPSULATED);
- }
-
- @Test
- public void testGetAndCloseIkeUdp6WithEncapPortSocketTestDifferentNetwork() throws Exception {
- verifyGetAndCloseIkeSocketDifferentConfig(
- mIkeSocketFactory, IkeSocket.SERVER_PORT_UDP_ENCAPSULATED);
- }
-
- @Test
- public void testReceiveIkePacket() throws Exception {
- verifyIkeUdpSocketReceivePacket(
- mIkeSocketFactory,
- getPacketReceiver(),
- NON_ESP_MARKER_HEX_STRING + IKE_REQ_MESSAGE_HEX_STRING);
- }
-
- @Test
- public void testHandlePacket() throws Exception {
- verifyHandlePacket(
- TestUtils.hexStringToByteArray(
- NON_ESP_MARKER_HEX_STRING + IKE_REQ_MESSAGE_HEX_STRING),
- getPacketReceiver());
- }
-}
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeUdpEncapPortPacketHandlerTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeUdpEncapPortPacketHandlerTest.java
deleted file mode 100644
index 66f5362..0000000
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeUdpEncapPortPacketHandlerTest.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.ipsec.test.ike;
-
-import static com.android.internal.net.ipsec.test.ike.IkeUdpEncapPortPacketHandler.NON_ESP_MARKER_LEN;
-
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.verifyNoMoreInteractions;
-
-import android.util.LongSparseArray;
-
-import org.junit.Before;
-import org.junit.Test;
-
-public class IkeUdpEncapPortPacketHandlerTest {
- private static final byte[] SHORT_PACKET = new byte[NON_ESP_MARKER_LEN - 1];
- private static final byte[] INVALID_NON_ESP_MARKER = {(byte) 1, (byte) 2, (byte) 3, (byte) 4};
-
- private LongSparseArray<IkeSessionStateMachine> mMockSpiToIkeSession;
-
- private IkeUdpEncapPortPacketHandler.PacketReceiver mPacketReceiver;
-
- @Before
- public void setUp() {
- mMockSpiToIkeSession = mock(LongSparseArray.class);
-
- mPacketReceiver = new IkeUdpEncapPortPacketHandler.PacketReceiver();
- }
-
- @Test
- public void testPacketReceiverHandlePacketShortPacket() {
- mPacketReceiver.handlePacket(SHORT_PACKET, mMockSpiToIkeSession);
-
- verifyNoMoreInteractions(mMockSpiToIkeSession);
- }
-
- @Test
- public void testPacketReceiverHandlePacketInvalidNonEspMarkerPacket() {
- mPacketReceiver.handlePacket(INVALID_NON_ESP_MARKER, mMockSpiToIkeSession);
-
- verifyNoMoreInteractions(mMockSpiToIkeSession);
- }
-}
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeUdpEncapSocketTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeUdpEncapSocketTest.java
index 9589b08..c147269 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeUdpEncapSocketTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeUdpEncapSocketTest.java
@@ -14,14 +14,18 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike;
+package com.android.internal.net.ipsec.ike;
import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotEquals;
import static org.junit.Assert.assertNotNull;
import static org.mockito.Mockito.any;
import static org.mockito.Mockito.anyInt;
import static org.mockito.Mockito.anyObject;
import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.eq;
+import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.never;
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.times;
@@ -32,22 +36,24 @@
import android.net.IpSecManager;
import android.net.IpSecManager.ResourceUnavailableException;
import android.net.IpSecManager.UdpEncapsulationSocket;
+import android.net.Network;
import android.os.HandlerThread;
import android.os.Looper;
-import android.os.test.TestLooper;
import android.system.ErrnoException;
import android.util.Log;
import androidx.test.InstrumentationRegistry;
import com.android.internal.net.TestUtils;
-import com.android.internal.net.ipsec.test.ike.testutils.MockIpSecTestUtils;
+import com.android.internal.net.ipsec.ike.message.IkeHeader;
+import com.android.internal.net.ipsec.ike.testutils.MockIpSecTestUtils;
import com.android.server.IpSecService;
import org.junit.After;
import org.junit.Before;
import org.junit.Ignore;
import org.junit.Test;
+import org.mockito.ArgumentCaptor;
import java.io.FileDescriptor;
import java.io.IOException;
@@ -55,29 +61,12 @@
import java.nio.ByteBuffer;
public final class IkeUdpEncapSocketTest extends IkeSocketTestBase {
- private final TestLooper mLooper = new TestLooper();
-
private UdpEncapsulationSocket mSpyUdpEncapSocket;
private UdpEncapsulationSocket mSpyDummyUdpEncapSocketOne;
private UdpEncapsulationSocket mSpyDummyUdpEncapSocketTwo;
private IpSecManager mSpyIpSecManager;
- private final IkeSocketFactory mIkeSocketFactory =
- new IkeSocketFactory() {
- @Override
- public IkeSocket getIkeSocket(
- IkeSocketConfig ikeSockConfig, IkeSessionStateMachine ikeSession)
- throws ErrnoException, IOException {
- try {
- return IkeUdpEncapSocket.getIkeUdpEncapSocket(
- ikeSockConfig, mSpyIpSecManager, ikeSession, mLooper.getLooper());
- } catch (ResourceUnavailableException e) {
- throw new IllegalStateException(e);
- }
- }
- };
-
@Override
@Before
public void setUp() throws Exception {
@@ -114,43 +103,98 @@
super.tearDown();
}
- private IkeSocket.IPacketReceiver getPacketReceiver() {
- return new IkeUdpEncapPortPacketHandler.PacketReceiver();
- }
-
@Override
- protected void setPacketReceiver(IkeSocket.IPacketReceiver packetReceiver) {
- IkeUdpEncapSocket.setPacketReceiver(packetReceiver);
+ protected IkeSocket.IPacketReceiver getPacketReceiver() {
+ return new IkeUdpEncapSocket.PacketReceiver();
}
@Test
public void testGetAndCloseIkeUdpEncapSocketSameNetwork() throws Exception {
- verifyGetAndCloseIkeSocketSameConfig(
- mIkeSocketFactory, IkeSocket.SERVER_PORT_UDP_ENCAPSULATED);
+ // Must be prepared here; AndroidJUnitRunner runs tests on different threads from the
+ // setUp() call. Since the new Handler() call is run in getIkeUdpEncapSocket, the Looper
+ // must be prepared here.
+ if (Looper.myLooper() == null) Looper.prepare();
+
+ IkeSessionStateMachine mockIkeSessionOne = mock(IkeSessionStateMachine.class);
+ IkeSessionStateMachine mockIkeSessionTwo = mock(IkeSessionStateMachine.class);
+
+ IkeUdpEncapSocket ikeSocketOne =
+ IkeUdpEncapSocket.getIkeUdpEncapSocket(
+ mMockNetwork, mSpyIpSecManager, mockIkeSessionOne, Looper.myLooper());
+ assertEquals(1, ikeSocketOne.mAliveIkeSessions.size());
+
+ IkeUdpEncapSocket ikeSocketTwo =
+ IkeUdpEncapSocket.getIkeUdpEncapSocket(
+ mMockNetwork, mSpyIpSecManager, mockIkeSessionTwo, Looper.myLooper());
+ assertEquals(2, ikeSocketTwo.mAliveIkeSessions.size());
+ assertEquals(ikeSocketOne, ikeSocketTwo);
+
verify(mSpyIpSecManager).openUdpEncapsulationSocket();
+ verify(mMockNetwork).bindSocket(any(FileDescriptor.class));
+
+ ikeSocketOne.releaseReference(mockIkeSessionOne);
+ assertEquals(1, ikeSocketOne.mAliveIkeSessions.size());
+ verify(mSpyDummyUdpEncapSocketOne, never()).close();
+
+ ikeSocketTwo.releaseReference(mockIkeSessionTwo);
+ assertEquals(0, ikeSocketTwo.mAliveIkeSessions.size());
verify(mSpyDummyUdpEncapSocketOne).close();
}
@Test
public void testGetAndCloseIkeUdpEncapSocketDifferentNetwork() throws Exception {
- verifyGetAndCloseIkeSocketDifferentConfig(
- mIkeSocketFactory, IkeSocket.SERVER_PORT_UDP_ENCAPSULATED);
+ // Must be prepared here; AndroidJUnitRunner runs tests on different threads from the
+ // setUp() call. Since the new Handler() call is run in getIkeUdpEncapSocket, the Looper
+ // must be prepared here.
+ if (Looper.myLooper() == null) Looper.prepare();
+
+ IkeSessionStateMachine mockIkeSessionOne = mock(IkeSessionStateMachine.class);
+ IkeSessionStateMachine mockIkeSessionTwo = mock(IkeSessionStateMachine.class);
+
+ Network mockNetworkOne = mock(Network.class);
+ Network mockNetworkTwo = mock(Network.class);
+
+ IkeUdpEncapSocket ikeSocketOne =
+ IkeUdpEncapSocket.getIkeUdpEncapSocket(
+ mockNetworkOne, mSpyIpSecManager, mockIkeSessionOne, Looper.myLooper());
+ assertEquals(1, ikeSocketOne.mAliveIkeSessions.size());
+
+ IkeUdpEncapSocket ikeSocketTwo =
+ IkeUdpEncapSocket.getIkeUdpEncapSocket(
+ mockNetworkTwo, mSpyIpSecManager, mockIkeSessionTwo, Looper.myLooper());
+ assertEquals(1, ikeSocketTwo.mAliveIkeSessions.size());
+
+ assertNotEquals(ikeSocketOne, ikeSocketTwo);
verify(mSpyIpSecManager, times(2)).openUdpEncapsulationSocket();
+
+ ArgumentCaptor<FileDescriptor> fdCaptorOne = ArgumentCaptor.forClass(FileDescriptor.class);
+ ArgumentCaptor<FileDescriptor> fdCaptorTwo = ArgumentCaptor.forClass(FileDescriptor.class);
+ verify(mockNetworkOne).bindSocket(fdCaptorOne.capture());
+ verify(mockNetworkTwo).bindSocket(fdCaptorTwo.capture());
+
+ FileDescriptor fdOne = fdCaptorOne.getValue();
+ FileDescriptor fdTwo = fdCaptorTwo.getValue();
+ assertNotNull(fdOne);
+ assertNotNull(fdTwo);
+ assertNotEquals(fdOne, fdTwo);
+
+ ikeSocketOne.releaseReference(mockIkeSessionOne);
+ assertEquals(0, ikeSocketOne.mAliveIkeSessions.size());
verify(mSpyDummyUdpEncapSocketOne).close();
+
+ ikeSocketTwo.releaseReference(mockIkeSessionTwo);
+ assertEquals(0, ikeSocketTwo.mAliveIkeSessions.size());
verify(mSpyDummyUdpEncapSocketTwo).close();
}
@Ignore
public void disableTestSendIkePacket() throws Exception {
- // Must be prepared here; AndroidJUnitRunner runs tests on different threads
- // from the setUp() call. Since the new Handler() call is run in
- // getIkeUdpEncapSocket, the Looper must be prepared here.
if (Looper.myLooper() == null) Looper.prepare();
// Send IKE packet
IkeUdpEncapSocket ikeSocket =
IkeUdpEncapSocket.getIkeUdpEncapSocket(
- mSpyIkeSocketConfig,
+ mMockNetwork,
mSpyIpSecManager,
mMockIkeSessionStateMachine,
Looper.myLooper());
@@ -160,9 +204,8 @@
// Verify received data
ByteBuffer expectedBuffer =
- ByteBuffer.allocate(
- IkeUdpEncapPortPacketHandler.NON_ESP_MARKER_LEN + mDataOne.length);
- expectedBuffer.put(IkeUdpEncapPortPacketHandler.NON_ESP_MARKER).put(mDataOne);
+ ByteBuffer.allocate(IkeUdpEncapSocket.NON_ESP_MARKER_LEN + mDataOne.length);
+ expectedBuffer.put(IkeUdpEncapSocket.NON_ESP_MARKER).put(mDataOne);
assertArrayEquals(expectedBuffer.array(), receivedData);
@@ -190,7 +233,7 @@
try {
socketReceiver.setIkeUdpEncapSocket(
IkeUdpEncapSocket.getIkeUdpEncapSocket(
- mSpyIkeSocketConfig,
+ mMockNetwork,
mSpyIpSecManager,
mMockIkeSessionStateMachine,
mIkeThread.getLooper()));
@@ -281,7 +324,16 @@
TestUtils.hexStringToByteArray(
NON_ESP_MARKER_HEX_STRING + IKE_REQ_MESSAGE_HEX_STRING);
- verifyHandlePacket(recvBuf, getPacketReceiver());
+ getPacketReceiver().handlePacket(recvBuf, mSpiToIkeStateMachineMap);
+
+ byte[] expectedIkePacketBytes = TestUtils.hexStringToByteArray(IKE_REQ_MESSAGE_HEX_STRING);
+ ArgumentCaptor<IkeHeader> ikeHeaderCaptor = ArgumentCaptor.forClass(IkeHeader.class);
+ verify(mMockIkeSessionStateMachine)
+ .receiveIkePacket(ikeHeaderCaptor.capture(), eq(expectedIkePacketBytes));
+
+ IkeHeader capturedIkeHeader = ikeHeaderCaptor.getValue();
+ assertEquals(REMOTE_SPI, capturedIkeHeader.ikeInitiatorSpi);
+ assertEquals(LOCAL_SPI, capturedIkeHeader.ikeResponderSpi);
}
@Test
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/SaRecordTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/SaRecordTest.java
index 8551dce..d07c764 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/SaRecordTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/SaRecordTest.java
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike;
+package com.android.internal.net.ipsec.ike;
import static com.android.internal.net.TestUtils.createMockRandomFactory;
@@ -36,27 +36,26 @@
import android.net.IpSecManager.SecurityParameterIndex;
import android.net.IpSecManager.UdpEncapsulationSocket;
import android.net.IpSecTransform;
-import android.net.ipsec.test.ike.SaProposal;
+import android.net.ipsec.ike.SaProposal;
import com.android.internal.net.TestUtils;
-import com.android.internal.net.ipsec.test.ike.SaRecord.ChildSaRecord;
-import com.android.internal.net.ipsec.test.ike.SaRecord.ChildSaRecordConfig;
-import com.android.internal.net.ipsec.test.ike.SaRecord.IIpSecTransformHelper;
-import com.android.internal.net.ipsec.test.ike.SaRecord.IkeSaRecord;
-import com.android.internal.net.ipsec.test.ike.SaRecord.IkeSaRecordConfig;
-import com.android.internal.net.ipsec.test.ike.SaRecord.IpSecTransformHelper;
-import com.android.internal.net.ipsec.test.ike.SaRecord.SaLifetimeAlarmScheduler;
-import com.android.internal.net.ipsec.test.ike.SaRecord.SaRecordHelper;
-import com.android.internal.net.ipsec.test.ike.crypto.IkeCipher;
-import com.android.internal.net.ipsec.test.ike.crypto.IkeMacIntegrity;
-import com.android.internal.net.ipsec.test.ike.crypto.IkeMacPrf;
-import com.android.internal.net.ipsec.test.ike.message.IkeKePayload;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.EncryptionTransform;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.IntegrityTransform;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.PrfTransform;
-import com.android.internal.net.ipsec.test.ike.testutils.MockIpSecTestUtils;
-import com.android.internal.net.ipsec.test.ike.utils.IkeSecurityParameterIndex;
-import com.android.internal.net.ipsec.test.ike.utils.IkeSpiGenerator;
+import com.android.internal.net.ipsec.ike.SaRecord.ChildSaRecord;
+import com.android.internal.net.ipsec.ike.SaRecord.ChildSaRecordConfig;
+import com.android.internal.net.ipsec.ike.SaRecord.IIpSecTransformHelper;
+import com.android.internal.net.ipsec.ike.SaRecord.IkeSaRecord;
+import com.android.internal.net.ipsec.ike.SaRecord.IkeSaRecordConfig;
+import com.android.internal.net.ipsec.ike.SaRecord.IpSecTransformHelper;
+import com.android.internal.net.ipsec.ike.SaRecord.SaLifetimeAlarmScheduler;
+import com.android.internal.net.ipsec.ike.SaRecord.SaRecordHelper;
+import com.android.internal.net.ipsec.ike.crypto.IkeCipher;
+import com.android.internal.net.ipsec.ike.crypto.IkeMacIntegrity;
+import com.android.internal.net.ipsec.ike.crypto.IkeMacPrf;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.EncryptionTransform;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.IntegrityTransform;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.PrfTransform;
+import com.android.internal.net.ipsec.ike.testutils.MockIpSecTestUtils;
+import com.android.internal.net.ipsec.ike.utils.IkeSecurityParameterIndex;
+import com.android.internal.net.ipsec.ike.utils.IkeSpiGenerator;
import com.android.server.IpSecService;
import org.junit.Before;
@@ -65,7 +64,6 @@
import org.junit.runners.JUnit4;
import java.net.Inet4Address;
-import java.util.Arrays;
@RunWith(JUnit4.class)
public final class SaRecordTest {
@@ -333,50 +331,4 @@
SaRecord.setIpSecTransformHelper(new IpSecTransformHelper());
}
-
- private void verifyChildKeyExchange(boolean isLocalInit) throws Exception {
- IkeKePayload localKePayload =
- IkeKePayload.createOutboundKePayload(
- SaProposal.DH_GROUP_1024_BIT_MODP, createMockRandomFactory());
-
- String remoteKePayloadBody1024Modp =
- "00020000b4a2faf4bb54878ae21d638512ece55d9236fc50"
- + "46ab6cef82220f421f3ce6361faf36564ecb6d28798a94aa"
- + "d7b2b4b603ddeaaa5630adb9ece8ac37534036040610ebdd"
- + "92f46bef84f0be7db860351843858f8acf87056e272377f7"
- + "0c9f2d81e29c7b0ce4f291a3a72476bb0b278fd4b7b0a4c2"
- + "6bbeb08214c7071376079587";
- IkeKePayload remoteKePayload =
- new IkeKePayload(
- false /* critical */,
- TestUtils.hexStringToByteArray(remoteKePayloadBody1024Modp));
-
- byte[] sharedKey = new byte[0];
- if (isLocalInit) {
- sharedKey =
- SaRecordHelper.getChildSharedKey(
- Arrays.asList(localKePayload),
- Arrays.asList(remoteKePayload),
- true /* isLocalInit */);
- } else {
- sharedKey =
- SaRecordHelper.getChildSharedKey(
- Arrays.asList(remoteKePayload),
- Arrays.asList(localKePayload),
- false /* isLocalInit */);
- }
-
- int expectedSharedKeyLen = 128;
- assertEquals(expectedSharedKeyLen, sharedKey.length);
- }
-
- @Test
- public void testLocalInitChildKeyExchange() throws Exception {
- verifyChildKeyExchange(true /* isLocalInit */);
- }
-
- @Test
- public void testRemoteInitChildKeyExchange() throws Exception {
- verifyChildKeyExchange(false /* isLocalInit */);
- }
}
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeCombinedModeCipherTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeCombinedModeCipherTest.java
index 5311629..703314f 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeCombinedModeCipherTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeCombinedModeCipherTest.java
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike.crypto;
+package com.android.internal.net.ipsec.ike.crypto;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -23,10 +23,10 @@
import static org.junit.Assert.fail;
import android.net.IpSecAlgorithm;
-import android.net.ipsec.test.ike.SaProposal;
+import android.net.ipsec.ike.SaProposal;
import com.android.internal.net.TestUtils;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.EncryptionTransform;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.EncryptionTransform;
import org.junit.Before;
import org.junit.Test;
@@ -49,36 +49,17 @@
private static final String KEY =
"7C04513660DEC572D896105254EF92608054F8E6EE19E79CE52AB8697B2B5F2C2AA90C29";
- private static final String CHACHA_POLY_IV = "1011121314151617";
- private static final String CHACHA_POLY_ENCRYPTED_DATA_WITH_CHECKSUM =
- "24039428b97f417e3c13753a4f05087b67c352e6a7fab1b982d466ef407ae5c614ee8099"
- + "d52844eb61aa95dfab4c02f72aa71e7c4c4f64c9befe2facc638e8f3cbec163fac469b50"
- + "2773f6fb94e664da9165b82829f641e076aaa8266b7fb0f7b11b369907e1ad43";
- private static final String CHACHA_POLY_UNENCRYPTED_DATA =
- "45000054a6f200004001e778c6336405c000020508005b7a3a080000553bec1000073627"
- + "08090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b"
- + "2c2d2e2f303132333435363701020204";
- private static final String CHACHA_POLY_ADDITIONAL_AUTH_DATA = "0102030400000005";
- private static final String CHACHA_POLY_KEY =
- "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3";
-
private static final int AES_GCM_IV_LEN = 8;
private static final int AES_GCM_16_CHECKSUM_LEN = 128;
private IkeCombinedModeCipher mAesGcm16Cipher;
+
private byte[] mAesGcmKey;
private byte[] mIv;
private byte[] mEncryptedPaddedDataWithChecksum;
private byte[] mUnencryptedPaddedData;
private byte[] mAdditionalAuthData;
- private IkeCombinedModeCipher mChaChaPolyCipher;
- private byte[] mChaChaPolyKey;
- private byte[] mChaChaPolyIv;
- private byte[] mChaChaPolyEncryptedDataWithChecksum;
- private byte[] mChaChaPolyUnencryptedData;
- private byte[] mChaChaPolyAdditionalAuthData;
-
@Before
public void setUp() {
mAesGcm16Cipher =
@@ -94,20 +75,6 @@
TestUtils.hexStringToByteArray(ENCRYPTED_PADDED_DATA_WITH_CHECKSUM);
mUnencryptedPaddedData = TestUtils.hexStringToByteArray(UNENCRYPTED_PADDED_DATA);
mAdditionalAuthData = TestUtils.hexStringToByteArray(ADDITIONAL_AUTH_DATA);
-
- mChaChaPolyCipher =
- (IkeCombinedModeCipher)
- IkeCipher.create(
- new EncryptionTransform(
- SaProposal.ENCRYPTION_ALGORITHM_CHACHA20_POLY1305));
-
- mChaChaPolyKey = TestUtils.hexStringToByteArray(CHACHA_POLY_KEY);
- mChaChaPolyIv = TestUtils.hexStringToByteArray(CHACHA_POLY_IV);
- mChaChaPolyEncryptedDataWithChecksum =
- TestUtils.hexStringToByteArray(CHACHA_POLY_ENCRYPTED_DATA_WITH_CHECKSUM);
- mChaChaPolyUnencryptedData = TestUtils.hexStringToByteArray(CHACHA_POLY_UNENCRYPTED_DATA);
- mChaChaPolyAdditionalAuthData =
- TestUtils.hexStringToByteArray(CHACHA_POLY_ADDITIONAL_AUTH_DATA);
}
@Test
@@ -122,45 +89,21 @@
}
@Test
- public void testAesGcmEncrypt() throws Exception {
- byte[] encryptedCiphertext =
+ public void testEncrypt() throws Exception {
+ byte[] calculatedData =
mAesGcm16Cipher.encrypt(
mUnencryptedPaddedData, mAdditionalAuthData, mAesGcmKey, mIv);
- assertArrayEquals(mEncryptedPaddedDataWithChecksum, encryptedCiphertext);
+ assertArrayEquals(mEncryptedPaddedDataWithChecksum, calculatedData);
}
@Test
- public void testAesGcmDecrypt() throws Exception {
- byte[] decryptedPlaintext =
+ public void testDecrypt() throws Exception {
+ byte[] calculatedData =
mAesGcm16Cipher.decrypt(
mEncryptedPaddedDataWithChecksum, mAdditionalAuthData, mAesGcmKey, mIv);
- assertArrayEquals(mUnencryptedPaddedData, decryptedPlaintext);
- }
-
- @Test
- public void testChaChaPolyEncrypt() throws Exception {
- byte[] encryptedCiphertext =
- mChaChaPolyCipher.encrypt(
- mChaChaPolyUnencryptedData,
- mChaChaPolyAdditionalAuthData,
- mChaChaPolyKey,
- mChaChaPolyIv);
-
- assertArrayEquals(mChaChaPolyEncryptedDataWithChecksum, encryptedCiphertext);
- }
-
- @Test
- public void testChaChaPolyDecrypt() throws Exception {
- byte[] decryptedPlaintext =
- mChaChaPolyCipher.decrypt(
- mChaChaPolyEncryptedDataWithChecksum,
- mChaChaPolyAdditionalAuthData,
- mChaChaPolyKey,
- mChaChaPolyIv);
-
- assertArrayEquals(mChaChaPolyUnencryptedData, decryptedPlaintext);
+ assertArrayEquals(mUnencryptedPaddedData, calculatedData);
}
@Test
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeMacIntegrityTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeMacIntegrityTest.java
index 5e041ab..c941737 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeMacIntegrityTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeMacIntegrityTest.java
@@ -14,25 +14,18 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike.crypto;
-
-import static android.net.IpSecAlgorithm.AUTH_AES_XCBC;
+package com.android.internal.net.ipsec.ike.crypto;
import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import android.net.IpSecAlgorithm;
-import android.net.ipsec.test.ike.SaProposal;
-
-import androidx.test.filters.SdkSuppress;
+import android.net.ipsec.ike.SaProposal;
import com.android.internal.net.TestUtils;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.IntegrityTransform;
-import com.android.modules.utils.build.SdkLevel;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.IntegrityTransform;
import org.junit.Before;
import org.junit.Test;
@@ -77,15 +70,6 @@
private static final String AUTH_AES128XCBC_CALCULATED_MAC_HEX_STRING1 =
"d2a246fa349b68a79998a439";
- // Test vectors from RFC 4494 Section 5
- private IkeMacIntegrity mAesCmac96IntgerityMac;
- private static final String AUTH_AES_CMAC_96_KEY_HEX_STRING =
- "2b7e151628aed2a6abf7158809cf4f3c";
- private static final String AUTH_AES_CMAC_96_DATA_TO_SIGN_HEX_STRING =
- "6bc1bee22e409f96e93d7e117393172a";
- private static final String AUTH_AES_CMAC_96_CALCULATED_MAC_HEX_STRING =
- "070a16b46b4d4144f79bdd9d";
-
@Before
public void setUp() throws Exception {
mHmacSha1IntegrityMac =
@@ -97,12 +81,6 @@
mAes128XCbcIntgerityMac =
IkeMacIntegrity.create(
new IntegrityTransform(SaProposal.INTEGRITY_ALGORITHM_AES_XCBC_96));
-
- if (SdkLevel.isAtLeastS()) {
- mAesCmac96IntgerityMac =
- IkeMacIntegrity.create(
- new IntegrityTransform(SaProposal.INTEGRITY_ALGORITHM_AES_CMAC_96));
- }
}
@Test
@@ -115,21 +93,6 @@
}
@Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testGenerateChecksumAuthAesCmac96() throws Exception {
- byte[] integrityKey = TestUtils.hexStringToByteArray(AUTH_AES_CMAC_96_KEY_HEX_STRING);
-
- byte[] calculatedChecksum =
- mAesCmac96IntgerityMac.generateChecksum(
- integrityKey,
- TestUtils.hexStringToByteArray(AUTH_AES_CMAC_96_DATA_TO_SIGN_HEX_STRING));
-
- byte[] expectedChecksum =
- TestUtils.hexStringToByteArray(AUTH_AES_CMAC_96_CALCULATED_MAC_HEX_STRING);
- assertArrayEquals(expectedChecksum, calculatedChecksum);
- }
-
- @Test
public void testGenerateChecksumWithDifferentKey() throws Exception {
byte[] integrityKey = mHmacSha1IntegrityKey.clone();
integrityKey[0]++;
@@ -179,7 +142,6 @@
}
@Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
public void testSignBytesAuthAes128XCbc() throws Exception {
byte[] skpBytes = TestUtils.hexStringToByteArray(AUTH_AES128XCBC_KEY_HEX_STRING);
byte[] dataBytes = TestUtils.hexStringToByteArray(AUTH_AES128XCBC_DATA_TO_SIGN_HEX_STRING);
@@ -192,7 +154,6 @@
}
@Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
public void testSignBytesAuthAes128XCbcWith16ByteInput() throws Exception {
// 16-byte is a multiple of aes block size. Hence key2 will be used instead of key3
byte[] skpBytes = TestUtils.hexStringToByteArray(AUTH_AES128XCBC_KEY_HEX_STRING1);
@@ -204,48 +165,4 @@
TestUtils.hexStringToByteArray(AUTH_AES128XCBC_CALCULATED_MAC_HEX_STRING1);
assertArrayEquals(expectedBytes, calculatedBytes);
}
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testBuildIpSecAlgorithmFromAuthAes128XCbcMac() throws Exception {
- byte[] keyBytes = TestUtils.hexStringToByteArray(AUTH_AES128XCBC_KEY_HEX_STRING);
-
- if (IpSecAlgorithm.getSupportedAlgorithms().contains(AUTH_AES_XCBC)) {
- IpSecAlgorithm algo = mAes128XCbcIntgerityMac.buildIpSecAlgorithmWithKey(keyBytes);
- assertEquals(AUTH_AES_XCBC, algo.getName());
- assertArrayEquals(keyBytes, algo.getKey());
- } else {
- try {
- mAes128XCbcIntgerityMac.buildIpSecAlgorithmWithKey(keyBytes);
- fail("Expect to fail because this device does not support AES-XCBC for IPsec");
- } catch (IllegalArgumentException expected) {
- }
- }
- }
-
- @Test
- public void testGetIpSecAlgorithmName() throws Exception {
- assertEquals(
- IpSecAlgorithm.AUTH_HMAC_SHA1,
- IkeMacIntegrity.getIpSecAlgorithmName(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96));
- assertEquals(
- IpSecAlgorithm.AUTH_AES_XCBC,
- IkeMacIntegrity.getIpSecAlgorithmName(SaProposal.INTEGRITY_ALGORITHM_AES_XCBC_96));
- assertEquals(
- IpSecAlgorithm.AUTH_AES_CMAC,
- IkeMacIntegrity.getIpSecAlgorithmName(SaProposal.INTEGRITY_ALGORITHM_AES_CMAC_96));
- assertEquals(
- IpSecAlgorithm.AUTH_HMAC_SHA256,
- IkeMacIntegrity.getIpSecAlgorithmName(
- SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA2_256_128));
- assertEquals(
- IpSecAlgorithm.AUTH_HMAC_SHA384,
- IkeMacIntegrity.getIpSecAlgorithmName(
- SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA2_384_192));
- assertEquals(
- IpSecAlgorithm.AUTH_HMAC_SHA512,
- IkeMacIntegrity.getIpSecAlgorithmName(
- SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA2_512_256));
- assertNull(IkeMacIntegrity.getIpSecAlgorithmName(SaProposal.INTEGRITY_ALGORITHM_NONE));
- }
}
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeMacPrfTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeMacPrfTest.java
index a9c8f9b..9ef0db7 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeMacPrfTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeMacPrfTest.java
@@ -14,20 +14,17 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike.crypto;
+package com.android.internal.net.ipsec.ike.crypto;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertFalse;
-import android.net.ipsec.test.ike.SaProposal;
-
-import androidx.test.filters.SdkSuppress;
+import android.net.ipsec.ike.SaProposal;
import com.android.internal.net.TestUtils;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.PrfTransform;
-import com.android.modules.utils.build.SdkLevel;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.PrfTransform;
import org.junit.Before;
import org.junit.Test;
@@ -148,28 +145,9 @@
private static final String PRF_AES128XCBC_CALCULATED_MAC_HEX_STRING3 =
"8cd3c93ae598a9803006ffb67c40e9e4";
- // Test vectors from RFC 4615 Section 4
- private static final String PRF_AES128_CMAC_KEY_HEX_STRING = "000102030405060708090a0b0c0d0e0f";
- private static final String PRF_AES128_CMAC_DATA_TO_SIGN_HEX_STRING =
- "000102030405060708090a0b0c0d0e0f10111213";
- private static final String PRF_AES128_CMAC_CALCULATED_MAC_HEX_STRING =
- "980ae87b5f4c9c5214f5b6a8455e4c2d";
- private static final String PRF_AES128_CMAC_KEY_HEX_STRING1 = "00010203040506070809";
- private static final String PRF_AES128_CMAC_DATA_TO_SIGN_HEX_STRING1 =
- "000102030405060708090a0b0c0d0e0f10111213";
- private static final String PRF_AES128_CMAC_CALCULATED_MAC_HEX_STRING1 =
- "290d9e112edb09ee141fcf64c0b72f3d";
- private static final String PRF_AES128_CMAC_KEY_HEX_STRING2 =
- "000102030405060708090a0b0c0d0e0fedcb";
- private static final String PRF_AES128_CMAC_DATA_TO_SIGN_HEX_STRING2 =
- "000102030405060708090a0b0c0d0e0f10111213";
- private static final String PRF_AES128_CMAC_CALCULATED_MAC_HEX_STRING2 =
- "84a348a4a45d235babfffc0d2b4da09a";
-
private IkeMacPrf mIkeHmacSha1Prf;
private IkeMacPrf mIkeHmacSha256Prf;
private IkeMacPrf mIkeAes128XCbcPrf;
- private IkeMacPrf mIkeAes128CmacPrf;
@Before
public void setUp() throws Exception {
@@ -179,12 +157,6 @@
IkeMacPrf.create(new PrfTransform(SaProposal.PSEUDORANDOM_FUNCTION_SHA2_256));
mIkeAes128XCbcPrf =
IkeMacPrf.create(new PrfTransform(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC));
-
- if (SdkLevel.isAtLeastS()) {
- mIkeAes128CmacPrf =
- IkeMacPrf.create(
- new PrfTransform(SaProposal.PSEUDORANDOM_FUNCTION_AES128_CMAC));
- }
}
@Test
@@ -339,46 +311,6 @@
}
@Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testSignBytesPrfAes128Cmac() throws Exception {
- // 16-byte is a multiple of aes block size. Hence key2 will be used instead of key3
- byte[] skpBytes = TestUtils.hexStringToByteArray(PRF_AES128_CMAC_KEY_HEX_STRING);
- byte[] dataBytes = TestUtils.hexStringToByteArray(PRF_AES128_CMAC_DATA_TO_SIGN_HEX_STRING);
-
- byte[] calculatedBytes = mIkeAes128CmacPrf.signBytes(skpBytes, dataBytes);
-
- byte[] expectedBytes =
- TestUtils.hexStringToByteArray(PRF_AES128_CMAC_CALCULATED_MAC_HEX_STRING);
- assertArrayEquals(expectedBytes, calculatedBytes);
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testSignBytesPrfAes128CmacWithKeyShorterThan16Bytes() throws Exception {
- byte[] skpBytes = TestUtils.hexStringToByteArray(PRF_AES128_CMAC_KEY_HEX_STRING1);
- byte[] dataBytes = TestUtils.hexStringToByteArray(PRF_AES128_CMAC_DATA_TO_SIGN_HEX_STRING1);
-
- byte[] calculatedBytes = mIkeAes128CmacPrf.signBytes(skpBytes, dataBytes);
-
- byte[] expectedBytes =
- TestUtils.hexStringToByteArray(PRF_AES128_CMAC_CALCULATED_MAC_HEX_STRING1);
- assertArrayEquals(expectedBytes, calculatedBytes);
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testSignBytesPrfAes128CmacWithKeyLongerThan16Bytes() throws Exception {
- byte[] skpBytes = TestUtils.hexStringToByteArray(PRF_AES128_CMAC_KEY_HEX_STRING2);
- byte[] dataBytes = TestUtils.hexStringToByteArray(PRF_AES128_CMAC_DATA_TO_SIGN_HEX_STRING2);
-
- byte[] calculatedBytes = mIkeAes128CmacPrf.signBytes(skpBytes, dataBytes);
-
- byte[] expectedBytes =
- TestUtils.hexStringToByteArray(PRF_AES128_CMAC_CALCULATED_MAC_HEX_STRING2);
- assertArrayEquals(expectedBytes, calculatedBytes);
- }
-
- @Test
public void testGenerateSKeySeedAes128XCbc() throws Exception {
// TODO: Test key generation with real IKE exchange packets
byte[] nonceInit = TestUtils.hexStringToByteArray(PRF_AES128_IKE_NONCE_INIT_HEX_STRING);
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeNormalModeCipherTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeNormalModeCipherTest.java
index a6b2460..9e1dec6 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeNormalModeCipherTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeNormalModeCipherTest.java
@@ -14,20 +14,19 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike.crypto;
+package com.android.internal.net.ipsec.ike.crypto;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import android.net.IpSecAlgorithm;
-import android.net.ipsec.test.ike.SaProposal;
+import android.net.ipsec.ike.SaProposal;
import com.android.internal.net.TestUtils;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.EncryptionTransform;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.EncryptionTransform;
import org.junit.Before;
import org.junit.Test;
@@ -62,27 +61,15 @@
private static final String ENCR_KEY_FROM_INIT_TO_RESP = "5cbfd33f75796c0188c4a3a546aec4a1";
- private static final String AES_CTR_IV = "C0543B59DA48D90B";
- private static final String AES_CTR_ENCRYPT_DATA =
- "5104A106168A72D9790D41EE8EDAD388EB2E1EFC46DA57C8FCE630DF9141BE28";
- private static final String AES_CTR_UNENCRYPTED_DATA =
- "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F";
- private static final String AES_CTR_KEY = "7E24067817FAE0D743D6CE1F32539163006CB6DB";
-
private static final int AES_BLOCK_SIZE = 16;
private IkeNormalModeCipher mAesCbcCipher;
private byte[] mAesCbcKey;
+
private byte[] mIv;
private byte[] mEncryptedPaddedData;
private byte[] mUnencryptedPaddedData;
- private IkeNormalModeCipher mAesCtrCipher;
- private byte[] mAesCtrKey;
- private byte[] mAesCtrIv;
- private byte[] mAesCtrEncryptedData;
- private byte[] mAesCtrUnencryptedData;
-
@Before
public void setUp() throws Exception {
mAesCbcCipher =
@@ -92,22 +79,12 @@
SaProposal.ENCRYPTION_ALGORITHM_AES_CBC,
SaProposal.KEY_LEN_AES_128));
mAesCbcKey = TestUtils.hexStringToByteArray(ENCR_KEY_FROM_INIT_TO_RESP);
+
mIv = TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_IV);
mEncryptedPaddedData =
TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_ENCRYPT_PADDED_DATA);
mUnencryptedPaddedData =
TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_UNENCRYPTED_PADDED_DATA);
-
- mAesCtrCipher =
- (IkeNormalModeCipher)
- IkeCipher.create(
- new EncryptionTransform(
- SaProposal.ENCRYPTION_ALGORITHM_AES_CTR,
- SaProposal.KEY_LEN_AES_128));
- mAesCtrKey = TestUtils.hexStringToByteArray(AES_CTR_KEY);
- mAesCtrIv = TestUtils.hexStringToByteArray(AES_CTR_IV);
- mAesCtrEncryptedData = TestUtils.hexStringToByteArray(AES_CTR_ENCRYPT_DATA);
- mAesCtrUnencryptedData = TestUtils.hexStringToByteArray(AES_CTR_UNENCRYPTED_DATA);
}
@Test
@@ -123,33 +100,19 @@
}
@Test
- public void testEncryptWithAesCbc() throws Exception {
+ public void testEncryptWithNormalCipher() throws Exception {
byte[] calculatedData = mAesCbcCipher.encrypt(mUnencryptedPaddedData, mAesCbcKey, mIv);
assertArrayEquals(mEncryptedPaddedData, calculatedData);
}
@Test
- public void testDecryptWithAesCbc() throws Exception {
+ public void testDecryptWithNormalCipher() throws Exception {
byte[] calculatedData = mAesCbcCipher.decrypt(mEncryptedPaddedData, mAesCbcKey, mIv);
assertArrayEquals(mUnencryptedPaddedData, calculatedData);
}
@Test
- public void testEncryptWithAesCtr() throws Exception {
- byte[] calculatedData =
- mAesCtrCipher.encrypt(mAesCtrUnencryptedData, mAesCtrKey, mAesCtrIv);
-
- assertArrayEquals(mAesCtrEncryptedData, calculatedData);
- }
-
- @Test
- public void testDecryptWithAesCtr() throws Exception {
- byte[] calculatedData = mAesCtrCipher.decrypt(mAesCtrEncryptedData, mAesCtrKey, mAesCtrIv);
- assertArrayEquals(mAesCtrUnencryptedData, calculatedData);
- }
-
- @Test
public void testEncryptWithWrongKey() throws Exception {
byte[] encryptionKey = TestUtils.hexStringToByteArray(ENCR_KEY_FROM_INIT_TO_RESP + "00");
@@ -185,7 +148,7 @@
}
@Test
- public void testBuildIpSecAlgorithmWithInvalidKey() throws Exception {
+ public void buildIpSecAlgorithmWithInvalidKey() throws Exception {
byte[] encryptionKey = TestUtils.hexStringToByteArray(ENCR_KEY_FROM_INIT_TO_RESP + "00");
try {
@@ -196,27 +159,4 @@
}
}
-
- @Test
- public void testGetIpSecAlgorithmName() throws Exception {
- assertEquals(
- IpSecAlgorithm.CRYPT_AES_CBC,
- IkeCipher.getIpSecAlgorithmName(SaProposal.ENCRYPTION_ALGORITHM_AES_CBC));
- assertEquals(
- IpSecAlgorithm.CRYPT_AES_CTR,
- IkeCipher.getIpSecAlgorithmName(SaProposal.ENCRYPTION_ALGORITHM_AES_CTR));
- assertEquals(
- IpSecAlgorithm.AUTH_CRYPT_AES_GCM,
- IkeCipher.getIpSecAlgorithmName(SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8));
- assertEquals(
- IpSecAlgorithm.AUTH_CRYPT_AES_GCM,
- IkeCipher.getIpSecAlgorithmName(SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12));
- assertEquals(
- IpSecAlgorithm.AUTH_CRYPT_AES_GCM,
- IkeCipher.getIpSecAlgorithmName(SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_16));
- assertEquals(
- IpSecAlgorithm.AUTH_CRYPT_CHACHA20_POLY1305,
- IkeCipher.getIpSecAlgorithmName(SaProposal.ENCRYPTION_ALGORITHM_CHACHA20_POLY1305));
- assertNull(IkeCipher.getIpSecAlgorithmName(SaProposal.ENCRYPTION_ALGORITHM_3DES));
- }
}
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/ike3gpp/Ike3gppBackoffTimerUtilsTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/ike3gpp/Ike3gppBackoffTimerUtilsTest.java
deleted file mode 100644
index c676b91..0000000
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/ike3gpp/Ike3gppBackoffTimerUtilsTest.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.ipsec.test.ike.ike3gpp;
-
-import static org.junit.Assert.assertEquals;
-
-import android.net.ipsec.test.ike.exceptions.InvalidSyntaxException;
-
-import com.android.internal.util.HexDump;
-
-import org.junit.Test;
-
-public class Ike3gppBackoffTimerUtilsTest {
- private static final byte[] BACKOFF_TIMER_DATA = HexDump.hexStringToByteArray("01AF");
- private static final byte BACKOFF_TIMER = (byte) 0xAF;
- private static final byte[] BACKOFF_TIMER_LONG_DATA = HexDump.hexStringToByteArray("010203");
- private static final byte[] BACKOFF_TIMER_INVALID_LENGTH = HexDump.hexStringToByteArray("02AF");
-
- @Test
- public void testGetBackoffTimerfromNotifyData() throws Exception {
- byte backoffTimer =
- Ike3gppBackoffTimerUtils.getBackoffTimerfromNotifyData(BACKOFF_TIMER_DATA);
-
- assertEquals(BACKOFF_TIMER, backoffTimer);
- }
-
- @Test(expected = InvalidSyntaxException.class)
- public void testGetBackoffTimerfromNotifyDataLongPayload() throws Exception {
- Ike3gppBackoffTimerUtils.getBackoffTimerfromNotifyData(BACKOFF_TIMER_LONG_DATA);
- }
-
- @Test(expected = InvalidSyntaxException.class)
- public void testGetBackoffTimerfromNotifyDataInvalidLength() throws Exception {
- Ike3gppBackoffTimerUtils.getBackoffTimerfromNotifyData(BACKOFF_TIMER_INVALID_LENGTH);
- }
-}
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/ike3gpp/Ike3gppExtensionExchangeTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/ike3gpp/Ike3gppExtensionExchangeTest.java
deleted file mode 100644
index b7f0d57..0000000
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/ike3gpp/Ike3gppExtensionExchangeTest.java
+++ /dev/null
@@ -1,161 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.ipsec.test.ike.ike3gpp;
-
-import static com.android.internal.net.ipsec.test.ike.IkeSessionStateMachine.IKE_EXCHANGE_SUBTYPE_IKE_AUTH;
-import static com.android.internal.net.ipsec.test.ike.IkeSessionStateMachine.IKE_EXCHANGE_SUBTYPE_IKE_INIT;
-import static com.android.internal.net.ipsec.test.ike.ike3gpp.Ike3gppExtensionExchange.NOTIFY_TYPE_BACKOFF_TIMER;
-import static com.android.internal.net.ipsec.test.ike.ike3gpp.Ike3gppExtensionExchange.NOTIFY_TYPE_N1_MODE_CAPABILITY;
-import static com.android.internal.net.ipsec.test.ike.ike3gpp.Ike3gppExtensionExchange.NOTIFY_TYPE_N1_MODE_INFORMATION;
-
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-import static org.mockito.Mockito.mock;
-
-import android.net.ipsec.test.ike.ike3gpp.Ike3gppExtension;
-import android.net.ipsec.test.ike.ike3gpp.Ike3gppExtension.Ike3gppDataListener;
-import android.net.ipsec.test.ike.ike3gpp.Ike3gppParams;
-
-import com.android.internal.net.ipsec.test.ike.message.IkeNotifyPayload;
-import com.android.internal.net.ipsec.test.ike.message.IkePayload;
-import com.android.internal.util.HexDump;
-
-import org.junit.Before;
-import org.junit.Test;
-
-import java.util.Arrays;
-import java.util.List;
-import java.util.concurrent.Executor;
-
-public class Ike3gppExtensionExchangeTest {
- private static final byte PDU_SESSION_ID = (byte) 0x01;
- private static final byte[] N1_MODE_CAPABILITY_DATA = HexDump.hexStringToByteArray("0101");
-
- private static final byte[] N1_MODE_INFORMATION_DATA =
- HexDump.hexStringToByteArray("0411223344");
- private static final byte[] BACKOFF_TIMER_DATA = HexDump.hexStringToByteArray("01AF");
-
- private static final IkeNotifyPayload N1_MODE_INFORMATION =
- new IkeNotifyPayload(NOTIFY_TYPE_N1_MODE_INFORMATION, N1_MODE_INFORMATION_DATA);
- private static final IkeNotifyPayload FRAGMENTATION_SUPPORTED =
- new IkeNotifyPayload(IkeNotifyPayload.NOTIFY_TYPE_IKEV2_FRAGMENTATION_SUPPORTED);
- private static final IkeNotifyPayload BACKOFF_TIMER =
- new IkeNotifyPayload(NOTIFY_TYPE_BACKOFF_TIMER, BACKOFF_TIMER_DATA);
-
- private static final Executor INLINE_EXECUTOR = Runnable::run;
-
- private Ike3gppDataListener mMockIke3gppDataListener;
-
- private Ike3gppParams mIke3gppParams;
- private Ike3gppExtensionExchange mIke3gppExtensionExchange;
-
- @Before
- public void setUp() {
- mMockIke3gppDataListener = mock(Ike3gppDataListener.class);
-
- mIke3gppParams = new Ike3gppParams.Builder().setPduSessionId(PDU_SESSION_ID).build();
- mIke3gppExtensionExchange =
- new Ike3gppExtensionExchange(
- new Ike3gppExtension(mIke3gppParams, mMockIke3gppDataListener),
- INLINE_EXECUTOR);
- }
-
- @Test
- public void testGetRequestPayloadsIkeAuth() throws Exception {
- List<IkePayload> result =
- mIke3gppExtensionExchange.getRequestPayloads(IKE_EXCHANGE_SUBTYPE_IKE_AUTH);
-
- assertEquals(1, result.size());
-
- IkeNotifyPayload n1ModeCapability = (IkeNotifyPayload) result.get(0);
- assertEquals(NOTIFY_TYPE_N1_MODE_CAPABILITY, n1ModeCapability.notifyType);
- assertArrayEquals(N1_MODE_CAPABILITY_DATA, n1ModeCapability.notifyData);
- }
-
- @Test
- public void testGetRequestPayloadsIkeAuthNotConfigured() throws Exception {
- mIke3gppExtensionExchange = new Ike3gppExtensionExchange(null, INLINE_EXECUTOR);
-
- List<IkePayload> result =
- mIke3gppExtensionExchange.getRequestPayloads(IKE_EXCHANGE_SUBTYPE_IKE_AUTH);
-
- assertTrue(result.isEmpty());
- }
-
- @Test
- public void testGetRequestPayloadsIkeInit() throws Exception {
- List<IkePayload> result =
- mIke3gppExtensionExchange.getRequestPayloads(IKE_EXCHANGE_SUBTYPE_IKE_INIT);
-
- assertTrue(result.isEmpty());
- }
-
- @Test
- public void testExtract3gppResponsePayloadsIkeAuth() throws Exception {
- List<IkePayload> result =
- mIke3gppExtensionExchange.extract3gppResponsePayloads(
- IKE_EXCHANGE_SUBTYPE_IKE_AUTH,
- Arrays.asList(N1_MODE_INFORMATION, BACKOFF_TIMER, FRAGMENTATION_SUPPORTED));
-
- assertEquals(2, result.size());
-
- IkeNotifyPayload n1ModeInformation = null;
- IkeNotifyPayload backoffTimer = null;
- for (IkePayload payload : result) {
- if (payload instanceof IkeNotifyPayload) {
- IkeNotifyPayload notifyPayload = (IkeNotifyPayload) payload;
- if (notifyPayload.notifyType == NOTIFY_TYPE_N1_MODE_INFORMATION) {
- n1ModeInformation = notifyPayload;
- } else if (notifyPayload.notifyType == NOTIFY_TYPE_BACKOFF_TIMER) {
- backoffTimer = notifyPayload;
- }
- }
- }
-
- assertArrayEquals(N1_MODE_INFORMATION_DATA, n1ModeInformation.notifyData);
- assertArrayEquals(BACKOFF_TIMER_DATA, backoffTimer.notifyData);
- }
-
- @Test
- public void testExtract3gppResponsePayloadsIkeAuthNotConfigured() throws Exception {
- mIke3gppExtensionExchange = new Ike3gppExtensionExchange(null, INLINE_EXECUTOR);
-
- List<IkePayload> result =
- mIke3gppExtensionExchange.extract3gppResponsePayloads(
- IKE_EXCHANGE_SUBTYPE_IKE_INIT,
- Arrays.asList(N1_MODE_INFORMATION, BACKOFF_TIMER, FRAGMENTATION_SUPPORTED));
- assertTrue(result.isEmpty());
- }
-
- @Test
- public void testExtract3gppResponsePayloadsIkeInit() throws Exception {
- List<IkePayload> result =
- mIke3gppExtensionExchange.extract3gppResponsePayloads(
- IKE_EXCHANGE_SUBTYPE_IKE_INIT,
- Arrays.asList(N1_MODE_INFORMATION, BACKOFF_TIMER, FRAGMENTATION_SUPPORTED));
- assertTrue(result.isEmpty());
- }
-
- @Test
- public void testExtract3gppResponsePayloadsIkeAuthNo3gpp() throws Exception {
- List<IkePayload> result =
- mIke3gppExtensionExchange.extract3gppResponsePayloads(
- IKE_EXCHANGE_SUBTYPE_IKE_AUTH, Arrays.asList(FRAGMENTATION_SUPPORTED));
- assertTrue(result.isEmpty());
- }
-}
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/ike3gpp/Ike3gppN1ModeUtilsTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/ike3gpp/Ike3gppN1ModeUtilsTest.java
deleted file mode 100644
index c66e4f1..0000000
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/ike3gpp/Ike3gppN1ModeUtilsTest.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.ipsec.test.ike.ike3gpp;
-
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertEquals;
-
-import android.net.ipsec.test.ike.exceptions.InvalidSyntaxException;
-
-import com.android.internal.net.ipsec.test.ike.message.IkeNotifyPayload;
-import com.android.internal.util.HexDump;
-
-import org.junit.Test;
-
-public class Ike3gppN1ModeUtilsTest {
- private static final byte PDU_SESSION_ID = (byte) 0x01;
- private static final byte[] N1_MODE_CAPABILITY_PAYLOAD = HexDump.hexStringToByteArray("0101");
-
- private static final byte[] SNSSAI = HexDump.hexStringToByteArray("11223344");
- private static final byte[] N1_MODE_INFORMATION_PAYLOAD =
- HexDump.hexStringToByteArray("0411223344");
- private static final byte[] INVALID_N1_MODE_INFORMATION_PAYLOAD =
- HexDump.hexStringToByteArray("0511223344");
-
- @Test
- public void testGenerateN1ModeCapabilityPayload() throws Exception {
- IkeNotifyPayload n1ModeCapabilityPayload =
- Ike3gppN1ModeUtils.generateN1ModeCapabilityPayload(PDU_SESSION_ID);
-
- assertEquals(
- Ike3gppExtensionExchange.NOTIFY_TYPE_N1_MODE_CAPABILITY,
- n1ModeCapabilityPayload.notifyType);
- assertArrayEquals(N1_MODE_CAPABILITY_PAYLOAD, n1ModeCapabilityPayload.notifyData);
- }
-
- @Test
- public void testGetSnssaiFromNotifyData() throws Exception {
- byte[] snssai = Ike3gppN1ModeUtils.getSnssaiFromNotifyData(N1_MODE_INFORMATION_PAYLOAD);
-
- assertArrayEquals(SNSSAI, snssai);
- }
-
- @Test(expected = InvalidSyntaxException.class)
- public void testGetSnssaiFromNotifyDataIncorrectLength() throws Exception {
- Ike3gppN1ModeUtils.getSnssaiFromNotifyData(INVALID_N1_MODE_INFORMATION_PAYLOAD);
- }
-}
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/keepalive/IkeNattKeepaliveTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/keepalive/IkeNattKeepaliveTest.java
deleted file mode 100644
index 9529f28..0000000
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/keepalive/IkeNattKeepaliveTest.java
+++ /dev/null
@@ -1,123 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.ipsec.test.ike.keepalive;
-
-import static android.net.SocketKeepalive.ERROR_INVALID_IP_ADDRESS;
-
-import static com.android.internal.net.ipsec.test.ike.utils.IkeAlarm.IkeAlarmConfig;
-
-import static org.mockito.Matchers.anyObject;
-import static org.mockito.Mockito.doReturn;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.verify;
-
-import android.content.Context;
-import android.net.ConnectivityManager;
-import android.net.IpSecManager.UdpEncapsulationSocket;
-import android.net.Network;
-import android.net.SocketKeepalive;
-
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-import org.mockito.ArgumentCaptor;
-
-import java.net.Inet4Address;
-
-public class IkeNattKeepaliveTest {
- private static final int KEEPALIVE_DELAY = 10;
-
- private ConnectivityManager mMockConnectManager;
- private IkeNattKeepalive.Dependencies mMockDeps;
- private SocketKeepalive mMockSocketKeepalive;
- private SoftwareKeepaliveImpl mMockSoftwareKeepalive;
-
- private IkeNattKeepalive mIkeNattKeepalive;
-
- private ArgumentCaptor<SocketKeepalive.Callback> mSocketKeepaliveCbCaptor =
- ArgumentCaptor.forClass(SocketKeepalive.Callback.class);
- private SocketKeepalive.Callback mSocketKeepaliveCb;
-
- @Before
- public void setUp() throws Exception {
- mMockConnectManager = mock(ConnectivityManager.class);
- mMockSocketKeepalive = mock(SocketKeepalive.class);
- doReturn(mMockSocketKeepalive)
- .when(mMockConnectManager)
- .createSocketKeepalive(
- anyObject(),
- anyObject(),
- anyObject(),
- anyObject(),
- anyObject(),
- anyObject());
-
- mMockDeps = mock(IkeNattKeepalive.Dependencies.class);
- mMockSoftwareKeepalive = mock(SoftwareKeepaliveImpl.class);
- doReturn(mMockSoftwareKeepalive)
- .when(mMockDeps)
- .createSoftwareKeepaliveImpl(anyObject(), anyObject(), anyObject(), anyObject());
-
- mIkeNattKeepalive =
- new IkeNattKeepalive(
- mock(Context.class),
- mMockConnectManager,
- KEEPALIVE_DELAY,
- mock(Inet4Address.class),
- mock(Inet4Address.class),
- mock(UdpEncapsulationSocket.class),
- mock(Network.class),
- mock(IkeAlarmConfig.class),
- mMockDeps);
- }
-
- @After
- public void tearDown() throws Exception {
- mIkeNattKeepalive.stop();
- }
-
- @Test
- public void testStartStopHardwareKeepalive() throws Exception {
- mIkeNattKeepalive.start();
- verify(mMockSocketKeepalive).start(KEEPALIVE_DELAY);
-
- mIkeNattKeepalive.stop();
- verify(mMockSocketKeepalive).stop();
- }
-
- @Test
- public void testSwitchToSoftwareKeepalive() throws Exception {
- verify(mMockConnectManager)
- .createSocketKeepalive(
- anyObject(),
- anyObject(),
- anyObject(),
- anyObject(),
- anyObject(),
- mSocketKeepaliveCbCaptor.capture());
- SocketKeepalive.Callback socketKeepaliveCb = mSocketKeepaliveCbCaptor.getValue();
- socketKeepaliveCb.onError(ERROR_INVALID_IP_ADDRESS);
-
- verify(mMockSocketKeepalive).stop();
- verify(mMockDeps)
- .createSoftwareKeepaliveImpl(anyObject(), anyObject(), anyObject(), anyObject());
-
- mIkeNattKeepalive.stop();
- verify(mMockSocketKeepalive).stop();
- verify(mMockSoftwareKeepalive).stop();
- }
-}
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeAuthDigitalSignPayloadTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeAuthDigitalSignPayloadTest.java
index 3c3ade0..0fc21a9 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeAuthDigitalSignPayloadTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeAuthDigitalSignPayloadTest.java
@@ -14,9 +14,9 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike.message;
+package com.android.internal.net.ipsec.ike.message;
-import static com.android.internal.net.ipsec.test.ike.message.IkeAuthDigitalSignPayload.SIGNATURE_ALGO_RSA_SHA2_256;
+import static com.android.internal.net.ipsec.ike.message.IkeAuthDigitalSignPayload.SIGNATURE_ALGO_RSA_SHA2_256;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -25,15 +25,13 @@
import static org.mockito.Mockito.doReturn;
import static org.mockito.Mockito.mock;
-import android.net.ipsec.test.ike.SaProposal;
-import android.net.ipsec.test.ike.exceptions.AuthenticationFailedException;
-import android.net.ipsec.test.ike.exceptions.InvalidSyntaxException;
-import android.util.ArraySet;
+import android.net.ipsec.ike.SaProposal;
import com.android.internal.net.TestUtils;
-import com.android.internal.net.ipsec.test.ike.crypto.IkeMacPrf;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.PrfTransform;
-import com.android.internal.net.ipsec.test.ike.testutils.CertUtils;
+import com.android.internal.net.ipsec.ike.crypto.IkeMacPrf;
+import com.android.internal.net.ipsec.ike.exceptions.AuthenticationFailedException;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.PrfTransform;
+import com.android.internal.net.ipsec.ike.testutils.CertUtils;
import org.junit.Before;
import org.junit.Test;
@@ -45,8 +43,6 @@
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAKey;
import java.security.interfaces.RSAPrivateKey;
-import java.util.Arrays;
-import java.util.Set;
public final class IkeAuthDigitalSignPayloadTest {
// TODO: Build a RSA_SHA1 signature and add tests for it.
@@ -86,11 +82,6 @@
private static final String ID_RESP_PAYLOAD_BODY_HEX_STRING = "01000000c0a82b8a";
private static final String SKP_RESP_HEX_STRING = "8FE8EC3153EDE924C23D6630D3C992A494E2F256";
- private static final byte[] SIGNATURE_HASH_ALGORITHMS =
- TestUtils.hexStringToByteArray("0001000200030004");
- private static final byte[] MALFORMATTED_SIGNATURE_HASH_ALGORITHMS =
- TestUtils.hexStringToByteArray("0001000200");
-
private static final String ANDROID_KEY_STORE_NAME = "AndroidKeyStore";
private static final byte[] IKE_INIT_RESP_REQUEST =
@@ -239,41 +230,4 @@
assertEquals(SIGNATURE_ALGO_RSA_SHA2_256, authPayload.signatureAndHashAlgos);
assertArrayEquals(authPayload.signature, TestUtils.hexStringToByteArray(SIGNATURE));
}
-
- @Test
- public void testGetSignatureHashAlgorithmsFromIkeNotifyPayload() throws Exception {
- IkeNotifyPayload payload =
- new IkeNotifyPayload(
- IkeNotifyPayload.NOTIFY_TYPE_SIGNATURE_HASH_ALGORITHMS,
- SIGNATURE_HASH_ALGORITHMS);
-
- Set<Short> expectedSignatureHashAlgos =
- new ArraySet<>(
- Arrays.asList(
- IkeAuthDigitalSignPayload.HASH_ALGORITHM_RSA_SHA1,
- IkeAuthDigitalSignPayload.HASH_ALGORITHM_RSA_SHA2_256,
- IkeAuthDigitalSignPayload.HASH_ALGORITHM_RSA_SHA2_384,
- IkeAuthDigitalSignPayload.HASH_ALGORITHM_RSA_SHA2_512));
-
- assertEquals(
- expectedSignatureHashAlgos,
- IkeAuthDigitalSignPayload.getSignatureHashAlgorithmsFromIkeNotifyPayload(payload));
- }
-
- @Test(expected = IllegalArgumentException.class)
- public void testGetSignatureHashAlgorithmsFromIkeNotifyPayloadWrongType() throws Exception {
- IkeNotifyPayload payload = new IkeNotifyPayload(IkeNotifyPayload.NOTIFY_TYPE_REKEY_SA);
-
- IkeAuthDigitalSignPayload.getSignatureHashAlgorithmsFromIkeNotifyPayload(payload);
- }
-
- @Test(expected = InvalidSyntaxException.class)
- public void testGetSignatureHashAlgorithmsFromIkeNotifyPayloadMalformatted() throws Exception {
- IkeNotifyPayload payload =
- new IkeNotifyPayload(
- IkeNotifyPayload.NOTIFY_TYPE_SIGNATURE_HASH_ALGORITHMS,
- MALFORMATTED_SIGNATURE_HASH_ALGORITHMS);
-
- IkeAuthDigitalSignPayload.getSignatureHashAlgorithmsFromIkeNotifyPayload(payload);
- }
}
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeAuthPayloadTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeAuthPayloadTest.java
index a70c228..aa6b4fb 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeAuthPayloadTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeAuthPayloadTest.java
@@ -14,19 +14,19 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike.message;
+package com.android.internal.net.ipsec.ike.message;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import android.net.ipsec.test.ike.SaProposal;
-import android.net.ipsec.test.ike.exceptions.AuthenticationFailedException;
+import android.net.ipsec.ike.SaProposal;
import com.android.internal.net.TestUtils;
-import com.android.internal.net.ipsec.test.ike.crypto.IkeMacPrf;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.PrfTransform;
+import com.android.internal.net.ipsec.ike.crypto.IkeMacPrf;
+import com.android.internal.net.ipsec.ike.exceptions.AuthenticationFailedException;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.PrfTransform;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeAuthPskPayloadTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeAuthPskPayloadTest.java
index c87da1e..b0b83da 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeAuthPskPayloadTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeAuthPskPayloadTest.java
@@ -14,18 +14,18 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike.message;
+package com.android.internal.net.ipsec.ike.message;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.fail;
-import android.net.ipsec.test.ike.SaProposal;
-import android.net.ipsec.test.ike.exceptions.AuthenticationFailedException;
+import android.net.ipsec.ike.SaProposal;
import com.android.internal.net.TestUtils;
-import com.android.internal.net.ipsec.test.ike.crypto.IkeMacPrf;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.PrfTransform;
+import com.android.internal.net.ipsec.ike.crypto.IkeMacPrf;
+import com.android.internal.net.ipsec.ike.exceptions.AuthenticationFailedException;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.PrfTransform;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeCertPayloadTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeCertPayloadTest.java
index 5883595..385ab02 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeCertPayloadTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeCertPayloadTest.java
@@ -14,13 +14,12 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike.message;
+package com.android.internal.net.ipsec.ike.message;
import static org.junit.Assert.fail;
-import android.net.ipsec.test.ike.exceptions.AuthenticationFailedException;
-
-import com.android.internal.net.ipsec.test.ike.testutils.CertUtils;
+import com.android.internal.net.ipsec.ike.exceptions.AuthenticationFailedException;
+import com.android.internal.net.ipsec.ike.testutils.CertUtils;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeCertReqPayloadTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeCertReqPayloadTest.java
index 0489918..f859a82 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeCertReqPayloadTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeCertReqPayloadTest.java
@@ -14,9 +14,9 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike.message;
+package com.android.internal.net.ipsec.ike.message;
-import static com.android.internal.net.ipsec.test.ike.message.IkeCertPayload.CERTIFICATE_ENCODING_X509_CERT_SIGNATURE;
+import static com.android.internal.net.ipsec.ike.message.IkeCertPayload.CERTIFICATE_ENCODING_X509_CERT_SIGNATURE;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeCertX509CertPayloadTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeCertX509CertPayloadTest.java
index 5da8f08..865cf45 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeCertX509CertPayloadTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeCertX509CertPayloadTest.java
@@ -14,16 +14,15 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike.message;
+package com.android.internal.net.ipsec.ike.message;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import android.net.ipsec.test.ike.exceptions.AuthenticationFailedException;
-
import com.android.internal.net.TestUtils;
+import com.android.internal.net.ipsec.ike.exceptions.AuthenticationFailedException;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeConfigPayloadTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeConfigPayloadTest.java
index 21f0f12..825f3d0 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeConfigPayloadTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeConfigPayloadTest.java
@@ -14,23 +14,23 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike.message;
+package com.android.internal.net.ipsec.ike.message;
-import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_APPLICATION_VERSION;
-import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_ADDRESS;
-import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_DHCP;
-import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_DNS;
-import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_NETMASK;
-import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_SUBNET;
-import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP6_ADDRESS;
-import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP6_DNS;
-import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP6_SUBNET;
-import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_IP4_PCSCF;
-import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_IP6_PCSCF;
-import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_TYPE_REPLY;
-import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_TYPE_REQUEST;
-import static com.android.internal.net.ipsec.test.ike.message.IkePayload.PAYLOAD_TYPE_CP;
-import static com.android.internal.net.ipsec.test.ike.message.IkePayload.PAYLOAD_TYPE_NOTIFY;
+import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_ATTR_APPLICATION_VERSION;
+import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_ADDRESS;
+import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_DHCP;
+import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_DNS;
+import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_NETMASK;
+import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_SUBNET;
+import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP6_ADDRESS;
+import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP6_DNS;
+import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP6_SUBNET;
+import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_ATTR_IP4_PCSCF;
+import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_ATTR_IP6_PCSCF;
+import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_TYPE_REPLY;
+import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_TYPE_REQUEST;
+import static com.android.internal.net.ipsec.ike.message.IkePayload.PAYLOAD_TYPE_CP;
+import static com.android.internal.net.ipsec.ike.message.IkePayload.PAYLOAD_TYPE_NOTIFY;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -45,27 +45,26 @@
import android.net.InetAddresses;
import android.net.LinkAddress;
-import android.net.ipsec.test.ike.exceptions.InvalidSyntaxException;
-import android.os.PersistableBundle;
import com.android.internal.net.TestUtils;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttribute;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttributeAppVersion;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttributeIpv4Address;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttributeIpv4Dhcp;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttributeIpv4Dns;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttributeIpv4Netmask;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttributeIpv4Pcscf;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttributeIpv4Subnet;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttributeIpv6Address;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttributeIpv6Dns;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttributeIpv6Pcscf;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttributeIpv6Subnet;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.IkeConfigAttrIpv4AddressBase;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.IkeConfigAttrIpv6AddressBase;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.TunnelModeChildConfigAttrIpv4AddressBase;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.TunnelModeChildConfigAttrIpv6AddrRangeBase;
-import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.TunnelModeChildConfigAttrIpv6AddressBase;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidSyntaxException;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttribute;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeAppVersion;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv4Address;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv4Dhcp;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv4Dns;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv4Netmask;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv4Pcscf;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv4Subnet;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv6Address;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv6Dns;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv6Pcscf;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv6Subnet;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.IkeConfigAttrIpv4AddressBase;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.IkeConfigAttrIpv6AddressBase;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.TunnelModeChildConfigAttrIpv4AddressBase;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.TunnelModeChildConfigAttrIpv6AddrRangeBase;
+import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.TunnelModeChildConfigAttrIpv6AddressBase;
import org.junit.Before;
import org.junit.Test;
@@ -401,13 +400,6 @@
assertEquals(expectedLinkAddress, attribute.linkAddress);
}
- private static void verifyPersistableBundleEncodeDecodeIsLossless(ConfigAttribute attribute) {
- PersistableBundle bundle = attribute.toPersistableBundle();
- ConfigAttribute resultAttribute = ConfigAttribute.fromPersistableBundle(bundle);
-
- assertEquals(attribute, resultAttribute);
- }
-
@Test
public void testDecodeIpv4AddressWithValue() throws Exception {
ConfigAttributeIpv4Address attributeIp4Address =
@@ -451,16 +443,6 @@
}
@Test
- public void testPersistableBundleEncodeDecodeIpv4AddressConfig() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(new ConfigAttributeIpv4Address(IPV4_ADDRESS));
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeIpv4AddressConfigEmpty() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(new ConfigAttributeIpv4Address());
- }
-
- @Test
public void testEncodeIpv4AddressWithoutValue() throws Exception {
ConfigAttributeIpv4Address attributeIp4Address = new ConfigAttributeIpv4Address();
@@ -500,17 +482,6 @@
}
@Test
- public void testPersistableBundleEncodeDecodeIpv4NetmaskConfig() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(
- new ConfigAttributeIpv4Netmask(IPV4_NETMASK.getAddress()));
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeIpv4NetmaskConfigEmpty() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(new ConfigAttributeIpv4Netmask());
- }
-
- @Test
public void testDecodeIpv4DnsWithValue() throws Exception {
ConfigAttributeIpv4Dns attribute = new ConfigAttributeIpv4Dns(IPV4_DNS.getAddress());
@@ -538,17 +509,6 @@
}
@Test
- public void testPersistableBundleEncodeDecodeIpv4DnsConfig() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(
- new ConfigAttributeIpv4Dns(IPV4_DNS.getAddress()));
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeIpv4DnsConfigEmpty() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(new ConfigAttributeIpv4Dns());
- }
-
- @Test
public void testDecodeIpv4DhcpWithValue() throws Exception {
ConfigAttributeIpv4Dhcp attribute = new ConfigAttributeIpv4Dhcp(IPV4_DHCP.getAddress());
@@ -587,17 +547,6 @@
}
@Test
- public void testPersistableBundleEncodeDecodeIpv4DhcpConfig() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(
- new ConfigAttributeIpv4Dhcp(IPV4_DHCP.getAddress()));
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeIpv4DhcpConfigEmpty() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(new ConfigAttributeIpv4Dhcp());
- }
-
- @Test
public void testDecodeIpv4SubnetWithValue() throws Exception {
ConfigAttributeIpv4Subnet attributeIp4Subnet =
new ConfigAttributeIpv4Subnet(IPV4_SUBNET_ATTRIBUTE_VALUE);
@@ -639,17 +588,6 @@
}
@Test
- public void testPersistableBundleEncodeDecodeIpv4SubnetConfig() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(
- new ConfigAttributeIpv4Subnet(IPV4_SUBNET_ATTRIBUTE_VALUE));
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeIpv4SubnetConfigEmpty() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(new ConfigAttributeIpv4Subnet());
- }
-
- @Test
public void testNetmaskToPrefixLen() throws Exception {
for (int i = 0; i < mNetMasks.length; i++) {
assertEquals(mIpv4PrefixLens[i], ConfigAttribute.netmaskToPrefixLen(mNetMasks[i]));
@@ -718,17 +656,6 @@
}
@Test
- public void testPersistableBundleEncodeDecodeIpv4PcscfConfig() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(
- new ConfigAttributeIpv4Pcscf(IPV4_PCSCF_ADDR));
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeIpv4PcscfConfigEmpty() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(new ConfigAttributeIpv4Pcscf());
- }
-
- @Test
public void testDecodeIpv6AddressWithValue() throws Exception {
ConfigAttributeIpv6Address attributeIp6Address =
new ConfigAttributeIpv6Address(IPV6_ADDRESS_ATTRIBUTE_VALUE);
@@ -782,17 +709,6 @@
}
@Test
- public void testPersistableBundleEncodeDecodeIpv6AddressConfig() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(
- new ConfigAttributeIpv6Address(IPV6_LINK_ADDRESS));
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeIpv6AddressConfigEmpty() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(new ConfigAttributeIpv6Address());
- }
-
- @Test
public void testDecodeIpv6SubnetWithValue() throws Exception {
ConfigAttributeIpv6Subnet attributeIp6Subnet =
new ConfigAttributeIpv6Subnet(IPV6_SUBNET_ATTRIBUTE_VALUE);
@@ -821,17 +737,6 @@
}
@Test
- public void testPersistableBundleEncodeDecodeIpv6SubnetConfig() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(
- new ConfigAttributeIpv6Subnet(IPV6_SUBNET_ATTRIBUTE_VALUE));
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeIpv6SubnetConfigEmpty() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(new ConfigAttributeIpv6Subnet());
- }
-
- @Test
public void testDecodeIpv6DnsWithValue() throws Exception {
ConfigAttributeIpv6Dns attribute = new ConfigAttributeIpv6Dns(IPV6_DNS.getAddress());
@@ -857,17 +762,6 @@
}
@Test
- public void testPersistableBundleEncodeDecodeIpv6DnsConfig() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(
- new ConfigAttributeIpv6Dns(IPV6_DNS.getAddress()));
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeIpv6DnsConfigEmpty() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(new ConfigAttributeIpv6Dns());
- }
-
- @Test
public void testConstructIpv6PcscfWithValue() throws Exception {
ConfigAttributeIpv6Pcscf attribute = new ConfigAttributeIpv6Pcscf(IPV6_PCSCF_ADDR);
@@ -920,17 +814,6 @@
}
@Test
- public void testPersistableBundleEncodeDecodeIpv6PscsfConfig() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(
- new ConfigAttributeIpv6Pcscf(IPV6_PCSCF_ADDR));
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeIpv6PscsfConfigEmpty() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(new ConfigAttributeIpv6Pcscf());
- }
-
- @Test
public void testDecodeAppVersionWithValue() throws Exception {
ConfigAttributeAppVersion attribute = new ConfigAttributeAppVersion(APP_VERSION.getBytes());
@@ -963,14 +846,4 @@
attribute, CONFIG_ATTR_APPLICATION_VERSION, APP_VERSION_ATTRIBUTE_WITHOUT_VALUE);
assertEquals("", attribute.applicationVersion);
}
-
- @Test
- public void testPersistableBundleEncodeDecodeAppVersionConfig() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(new ConfigAttributeAppVersion(APP_VERSION));
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeAppVersionConfigEmpty() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(new ConfigAttributeAppVersion());
- }
}
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeDeletePayloadTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeDeletePayloadTest.java
index eab5d3a..6be5336 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeDeletePayloadTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeDeletePayloadTest.java
@@ -14,21 +14,20 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike.message;
+package com.android.internal.net.ipsec.ike.message;
-import static com.android.internal.net.ipsec.test.ike.message.IkePayload.PROTOCOL_ID_ESP;
-import static com.android.internal.net.ipsec.test.ike.message.IkePayload.PROTOCOL_ID_IKE;
-import static com.android.internal.net.ipsec.test.ike.message.IkePayload.SPI_LEN_IPSEC;
-import static com.android.internal.net.ipsec.test.ike.message.IkePayload.SPI_LEN_NOT_INCLUDED;
+import static com.android.internal.net.ipsec.ike.message.IkePayload.PROTOCOL_ID_ESP;
+import static com.android.internal.net.ipsec.ike.message.IkePayload.PROTOCOL_ID_IKE;
+import static com.android.internal.net.ipsec.ike.message.IkePayload.SPI_LEN_IPSEC;
+import static com.android.internal.net.ipsec.ike.message.IkePayload.SPI_LEN_NOT_INCLUDED;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import android.net.ipsec.test.ike.exceptions.InvalidSyntaxException;
-
import com.android.internal.net.TestUtils;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidSyntaxException;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeEapPayloadTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeEapPayloadTest.java
index 38bf635..fff82b6 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeEapPayloadTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeEapPayloadTest.java
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike.message;
+package com.android.internal.net.ipsec.ike.message;
import static com.android.internal.net.TestUtils.hexStringToByteArray;
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeEncryptedPayloadBodyTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeEncryptedPayloadBodyTest.java
index 9190fb4..aa51d17 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeEncryptedPayloadBodyTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeEncryptedPayloadBodyTest.java
@@ -13,21 +13,21 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike.message;
+package com.android.internal.net.ipsec.ike.message;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.fail;
-import android.net.ipsec.test.ike.SaProposal;
+import android.net.ipsec.ike.SaProposal;
import com.android.internal.net.TestUtils;
-import com.android.internal.net.ipsec.test.ike.crypto.IkeCipher;
-import com.android.internal.net.ipsec.test.ike.crypto.IkeCombinedModeCipher;
-import com.android.internal.net.ipsec.test.ike.crypto.IkeMacIntegrity;
-import com.android.internal.net.ipsec.test.ike.crypto.IkeNormalModeCipher;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.EncryptionTransform;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.IntegrityTransform;
+import com.android.internal.net.ipsec.ike.crypto.IkeCipher;
+import com.android.internal.net.ipsec.ike.crypto.IkeCombinedModeCipher;
+import com.android.internal.net.ipsec.ike.crypto.IkeMacIntegrity;
+import com.android.internal.net.ipsec.ike.crypto.IkeNormalModeCipher;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.EncryptionTransform;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.IntegrityTransform;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeHeaderTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeHeaderTest.java
index 94ae271..4592815 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeHeaderTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeHeaderTest.java
@@ -14,17 +14,16 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike.message;
+package com.android.internal.net.ipsec.ike.message;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
-import android.net.ipsec.test.ike.exceptions.InvalidMajorVersionException;
-import android.net.ipsec.test.ike.exceptions.InvalidSyntaxException;
-
import com.android.internal.net.TestUtils;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidMajorVersionException;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidSyntaxException;
import org.junit.Test;
@@ -106,7 +105,7 @@
IkeTestUtils.decodeAndVerifyUnprotectedErrorMsg(
inputPacket, InvalidMajorVersionException.class);
- assertEquals(3, exception.getMajorVersion());
+ assertEquals(3, exception.getMajorVerion());
}
@Test
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeIdPayloadTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeIdPayloadTest.java
index 385f9eb..7eec935 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeIdPayloadTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeIdPayloadTest.java
@@ -14,32 +14,30 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike.message;
+package com.android.internal.net.ipsec.ike.message;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.fail;
import android.net.InetAddresses;
-import android.net.ipsec.test.ike.IkeDerAsn1DnIdentification;
-import android.net.ipsec.test.ike.IkeFqdnIdentification;
-import android.net.ipsec.test.ike.IkeIdentification;
-import android.net.ipsec.test.ike.IkeIpv4AddrIdentification;
-import android.net.ipsec.test.ike.IkeIpv6AddrIdentification;
-import android.net.ipsec.test.ike.IkeKeyIdIdentification;
-import android.net.ipsec.test.ike.IkeRfc822AddrIdentification;
-import android.net.ipsec.test.ike.exceptions.AuthenticationFailedException;
-import android.os.PersistableBundle;
+import android.net.ipsec.ike.IkeDerAsn1DnIdentification;
+import android.net.ipsec.ike.IkeFqdnIdentification;
+import android.net.ipsec.ike.IkeIdentification;
+import android.net.ipsec.ike.IkeIpv4AddrIdentification;
+import android.net.ipsec.ike.IkeIpv6AddrIdentification;
+import android.net.ipsec.ike.IkeKeyIdIdentification;
+import android.net.ipsec.ike.IkeRfc822AddrIdentification;
import com.android.internal.net.TestUtils;
-import com.android.internal.net.ipsec.test.ike.testutils.CertUtils;
+import com.android.internal.net.ipsec.ike.exceptions.AuthenticationFailedException;
+import com.android.internal.net.ipsec.ike.testutils.CertUtils;
import org.junit.BeforeClass;
import org.junit.Test;
import java.net.Inet4Address;
import java.net.Inet6Address;
-import java.net.InetAddress;
import java.nio.ByteBuffer;
import java.security.cert.X509Certificate;
@@ -281,46 +279,6 @@
assertArrayEquals(expectedBytes, inputBuffer.array());
}
- private static void verifyPersistableBundleEncodeDecodeIsLossless(IkeIdentification id) {
- PersistableBundle bundle = id.toPersistableBundle();
- IkeIdentification result = IkeIdentification.fromPersistableBundle(bundle);
-
- assertEquals(result, id);
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeIpv4AddressId() throws Exception {
- Inet4Address ipv4Address = (Inet4Address) InetAddress.getByName(IPV4_ADDR_STRING);
- verifyPersistableBundleEncodeDecodeIsLossless(new IkeIpv4AddrIdentification(ipv4Address));
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeIpv6AddressId() throws Exception {
- Inet6Address ipv6Address = (Inet6Address) InetAddress.getByName(IPV6_ADDR_STRING);
- verifyPersistableBundleEncodeDecodeIsLossless(new IkeIpv6AddrIdentification(ipv6Address));
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeRfc822AddrId() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(new IkeFqdnIdentification(FQDN));
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeFqdnId() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(new IkeRfc822AddrIdentification(RFC822_NAME));
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeKeyId() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(new IkeKeyIdIdentification(KEY_ID));
- }
-
- @Test
- public void testPersistableBundleEncodeDecodeDerAsn1DnId() throws Exception {
- verifyPersistableBundleEncodeDecodeIsLossless(
- new IkeDerAsn1DnIdentification(new X500Principal(ASN1_DN_STRING)));
- }
-
@Test
public void validatCertSanDns() throws Exception {
IkeIdPayload payload =
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeKePayloadTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeKePayloadTest.java
index 3b39f95..73b4fd6 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeKePayloadTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeKePayloadTest.java
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike.message;
+package com.android.internal.net.ipsec.ike.message;
import static com.android.internal.net.TestUtils.createMockRandomFactory;
@@ -24,26 +24,21 @@
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import android.net.ipsec.test.ike.SaProposal;
-import android.net.ipsec.test.ike.exceptions.InvalidSyntaxException;
-
-import androidx.test.filters.SdkSuppress;
+import android.net.ipsec.ike.SaProposal;
import com.android.internal.net.TestUtils;
-import com.android.internal.net.ipsec.test.ike.IkeDhParams;
-import com.android.internal.net.utils.test.BigIntegerUtils;
+import com.android.internal.net.ipsec.ike.IkeDhParams;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidSyntaxException;
+import com.android.internal.net.utils.BigIntegerUtils;
+import org.junit.Before;
import org.junit.Test;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
-import java.security.KeyFactory;
-import java.security.PrivateKey;
-import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Arrays;
-import javax.crypto.interfaces.DHPrivateKey;
import javax.crypto.spec.DHPrivateKeySpec;
public final class IkeKePayloadTest {
@@ -73,31 +68,49 @@
+ "e29c7b0ce4f291a3a72476bb0b278fd4b7b0a4c26bbeb082"
+ "14c7071376079587";
- private static final String REMOTE_PUBLIC_KEY_1024 =
- "24FC7B6557350D9AC7135A548DE46C3338787D72FE14493C"
- + "A55CEB4D5AD25E780AD09927B7555AD2BF2582ED8BCE59A2"
- + "522643E3C57FCF68D16CB9B44DC76C4086B0161B42A71333"
- + "365AB167096DABA3C059F06D39CF508C6549672D07547295"
- + "BABE3241AE6CA26B2FE07745EB9D27EBA83E0890192C230F"
- + "4896FEC1B5BA6EA4";
- private static final String LOCAL_PRIVATE_KEY_1024_X_VALUE =
- "B714330D5817B14B349F44DC5F228F555E02B31A9BF69106"
- + "08EEB96100FF469164A29E14BE5DE529B3EB86218AE4DF8C"
- + "546D699872C955C56A8FC9F7DA59B24D84087D8A70ACE380"
- + "8D90FE1301788B008624541453264A5DBBDF4F5DB517AADD"
- + "D69319BF607C85A69481FD0EA8AE0BB3DA03D4C125AF3A25"
- + "62636B5C2F5A647B";
- private static final String EXPECTED_SHARED_KEY_1024 =
- "F663BA76BCB9B12D41504D8E5C8A70289162883B900EF76F"
- + "D2D478EB841C6407A6D6216D506EDF3D89873A66C69DAD37"
- + "339C3DFBC1D3427E874EC133E5EE0375AA2E72FA301D4DE5"
- + "35CABB05869755747EDE21615D7BD1F720943A0D689E83ED"
- + "2D2BFB286D1D6D5D11F7D24250EEB26B38435C25EA81FC2C"
- + "9C17B94F389B94B9";
+ private static final String PRIME_1024_BIT_MODP_160_SUBGROUP =
+ "B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6"
+ + "9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0"
+ + "13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70"
+ + "98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0"
+ + "A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708"
+ + "DF1FB2BC2E4A4371";
+ private static final String GENERATOR_1024_BIT_MODP_160_SUBGROUP =
+ "A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F"
+ + "D6406CFF14266D31266FEA1E5C41564B777E690F5504F213"
+ + "160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1"
+ + "909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A"
+ + "D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24"
+ + "855E6EEB22B3B2E5";
+ private static final String PRIVATE_KEY_LOCAL = "B9A3B3AE8FEFC1A2930496507086F8455D48943E";
+ private static final String PUBLIC_KEY_REMOTE =
+ "717A6CB053371FF4A3B932941C1E5663F861A1D6AD34AE66"
+ + "576DFB98F6C6CBF9DDD5A56C7833F6BCFDFF095582AD868E"
+ + "440E8D09FD769E3CECCDC3D3B1E4CFA057776CAAF9739B6A"
+ + "9FEE8E7411F8D6DAC09D6A4EDB46CC2B5D5203090EAE6126"
+ + "311E53FD2C14B574E6A3109A3DA1BE41BDCEAA186F5CE067"
+ + "16A2B6A07B3C33FE";
+ private static final String EXPECTED_SHARED_KEY =
+ "5C804F454D30D9C4DF85271F93528C91DF6B48AB5F80B3B5"
+ + "9CAAC1B28F8ACBA9CD3E39F3CB614525D9521D2E644C53B8"
+ + "07B810F340062F257D7D6FBFE8D5E8F072E9B6E9AFDA9413"
+ + "EAFB2E8B0699B1FB5A0CACEDDEAEAD7E9CFBB36AE2B42083"
+ + "5BD83A19FB0B5E96BF8FA4D09E345525167ECD9155416F46"
+ + "F408ED31B63C6E6D";
+ private static final String KEY_EXCHANGE_ALGORITHM = "DH";
- private static final String KEY_EXCHANGE_ALGORITHM_MODP = "DH";
- private static final String KEY_EXCHANGE_ALGORITHM_CURVE = "XDH";
- private static final String KEY_EXCHANGE_CURVE_PROVIDER = "AndroidOpenSSL";
+ private DHPrivateKeySpec mPrivateKeySpec;
+
+ @Before
+ public void setUp() throws Exception {
+ BigInteger primeValue =
+ BigIntegerUtils.unsignedHexStringToBigInteger(PRIME_1024_BIT_MODP_160_SUBGROUP);
+ BigInteger baseGenValue =
+ BigIntegerUtils.unsignedHexStringToBigInteger(GENERATOR_1024_BIT_MODP_160_SUBGROUP);
+ BigInteger privateKeyValue =
+ BigIntegerUtils.unsignedHexStringToBigInteger(PRIVATE_KEY_LOCAL);
+ mPrivateKeySpec = new DHPrivateKeySpec(privateKeyValue, primeValue, baseGenValue);
+ }
@Test
public void testDecodeIkeKePayload() throws Exception {
@@ -116,24 +129,6 @@
}
@Test
- public void testDecodeIkeKePayloadWithUnrecognizedDh() throws Exception {
- int expectedDhGroup = 0x0fff;
- String unrecognizedKePayload =
- "0fff0000b4a2faf4bb54878ae21d638512ece55d9236fc50"
- + "46ab6cef82220f421f3ce6361faf36564ecb6d28798a94aa"
- + "d7b2b4b603ddeaaa5630adb9ece8ac37534036040610ebdd"
- + "92f46bef84f0be7db860351843858f8acf87056e272377f7"
- + "0c9f2d81e29c7b0ce4f291a3a72476bb0b278fd4b7b0a4c2"
- + "6bbeb08214c7071376079587";
- byte[] inputPacket = TestUtils.hexStringToByteArray(unrecognizedKePayload);
-
- IkeKePayload payload = new IkeKePayload(CRITICAL_BIT, inputPacket);
-
- assertFalse(payload.isOutbound);
- assertEquals(expectedDhGroup, payload.dhGroup);
- }
-
- @Test
public void testDecodeIkeKePayloadWithInvalidKeData() throws Exception {
// Cut bytes of KE data from original KE payload
String badKeyPayloadPacket =
@@ -163,133 +158,46 @@
@Test
public void testGetIkeKePayload() throws Exception {
IkeKePayload payload =
- IkeKePayload.createOutboundKePayload(
- SaProposal.DH_GROUP_1024_BIT_MODP, createMockRandomFactory());
+ new IkeKePayload(SaProposal.DH_GROUP_1024_BIT_MODP, createMockRandomFactory());
+ // Test DHPrivateKeySpec
+ assertTrue(payload.isOutbound);
+ DHPrivateKeySpec privateKeySpec = payload.localPrivateKey;
+
+ BigInteger primeValue = privateKeySpec.getP();
+ BigInteger expectedPrimeValue = new BigInteger(IkeDhParams.PRIME_1024_BIT_MODP, 16);
+ assertEquals(0, expectedPrimeValue.compareTo(primeValue));
+
+ BigInteger genValue = privateKeySpec.getG();
+ BigInteger expectedGenValue = BigInteger.valueOf(IkeDhParams.BASE_GENERATOR_MODP);
+ assertEquals(0, expectedGenValue.compareTo(genValue));
+
+ // Test IkeKePayload
assertEquals(EXPECTED_DH_GROUP, payload.dhGroup);
assertEquals(EXPECTED_KE_DATA_LEN, payload.keyExchangeData.length);
- assertTrue(payload.localPrivateKey instanceof DHPrivateKey);
}
- private PrivateKey getModpPrivateKey(String primeHex, String privateKeyXValueHex)
- throws Exception {
- BigInteger primeValue = BigIntegerUtils.unsignedHexStringToBigInteger(primeHex);
- BigInteger baseGenValue = BigInteger.valueOf(IkeDhParams.BASE_GENERATOR_MODP);
- BigInteger privateKeyValue =
- BigIntegerUtils.unsignedHexStringToBigInteger(privateKeyXValueHex);
- DHPrivateKeySpec privateKeySpec =
- new DHPrivateKeySpec(privateKeyValue, primeValue, baseGenValue);
- KeyFactory dhKeyFactory = KeyFactory.getInstance(KEY_EXCHANGE_ALGORITHM_MODP);
- return dhKeyFactory.generatePrivate(privateKeySpec);
- }
-
+ // Since we didn't find test data for DH group types supported in current IKE library, we use
+ // test data for "1024-bit MODP Group with 160-bit Prime Order Subgroup" from RFC 5114. The main
+ // difference is that it uses weaker Prime and Generator values and requires more complicated
+ // recipient test in real Key Exchange process. But it is suitable for testing.
@Test
- public void testGetSharedKey1024Modp() throws Exception {
- PrivateKey privateKey =
- getModpPrivateKey(IkeDhParams.PRIME_1024_BIT_MODP, LOCAL_PRIVATE_KEY_1024_X_VALUE);
+ public void testGetSharedkey() throws Exception {
+ byte[] remotePublicKey = TestUtils.hexStringToByteArray(PUBLIC_KEY_REMOTE);
+ byte[] sharedKeyBytes = IkeKePayload.getSharedKey(mPrivateKeySpec, remotePublicKey);
- byte[] remotePublicKey = TestUtils.hexStringToByteArray(REMOTE_PUBLIC_KEY_1024);
- byte[] sharedKeyBytes =
- IkeKePayload.getSharedKey(
- privateKey, remotePublicKey, SaProposal.DH_GROUP_1024_BIT_MODP);
-
- byte[] expectedSharedKeyBytes = TestUtils.hexStringToByteArray(EXPECTED_SHARED_KEY_1024);
- assertTrue(Arrays.equals(expectedSharedKeyBytes, sharedKeyBytes));
- }
-
- @Test
- public void testGetSharedKey1536Modp() throws Exception {
- final String publicKeyRemoteHex =
- "1907B9796CD091E3FCBEDDFE8113E1D9463F65DCFD5371FB"
- + "A4E50DF78B059E3C84C8F6D53E597DF7190016B0D44A8F78"
- + "52DAE8602B74423848012FF254F552D521579088D8AB8BAF"
- + "2523CDC55BCC6BD2C59153A678498FB1F2EC2953F49C2109"
- + "1F38B729ADF50BB02B0FE82908FFC867004B63A5CC6AD183"
- + "49F57B346F870B928D018BDC97CE44DA187CE975919E97DA"
- + "3A9D1827D5C9C8881A6355478F7602099AF56C802DE9AD54"
- + "1295B3B238BAF28628ADDFAB9C9A6886EE24F6671B9151D5";
- final String privateKeyXValueHex =
- "a62c4aca7ec6787c075fe1690edbd768b406fe5b6bbd6d77"
- + "1913143c75289f0e10eded5428615fa0b61271bd739e15b8"
- + "99243de341511fbf0ab87d309746d690f1b98ada5d76b6fc"
- + "33e6b21f59d7d5f4d2cd4e7cb1b8da2cdbc3914ff6e1a1e2"
- + "65512ef09455dd271419fc7b7584ca5e61212c68b128307c"
- + "bf31a4d8ce51bd20112dbb846edb5fc8d7d4c2b94ac84ba3"
- + "e4c7805f3565ba9e1bb2724f8f5aebf9c14fca8ed6638566"
- + "03b02bc569b868100a5e4c3906f3a9344eb57d2daeba0562";
- final String expectedSharedKeyHex =
- "0BDBC66787BCBE1F899C070CCC05E9C728ED764E93DFE454"
- + "FD6B1AE691382FCB5B36656F5D10B85E914230071F098004"
- + "67B594A2C9902790EDAA792CE389376BB491283482AEBC75"
- + "225474DCD4269F92246467164A9CEFFA14371AC3477F17DB"
- + "60EE21D85B76BF6B46B851C685E385CDFD213B5450043F56"
- + "CE0C98CFF91D63C00FED85FE9DD318673E4E7F16BC052016"
- + "A5D347E045EFABD7ABA6D35E53E64972779E11AFD3561076"
- + "65F0AC3A5E64C6C065786F5B63A9B7BC993C85234D457ABB";
-
- PrivateKey privateKey =
- getModpPrivateKey(IkeDhParams.PRIME_1536_BIT_MODP, privateKeyXValueHex);
-
- byte[] remotePublicKey = TestUtils.hexStringToByteArray(publicKeyRemoteHex);
- byte[] sharedKeyBytes =
- IkeKePayload.getSharedKey(
- privateKey, remotePublicKey, SaProposal.DH_GROUP_1536_BIT_MODP);
-
- byte[] expectedSharedKeyBytes = TestUtils.hexStringToByteArray(expectedSharedKeyHex);
+ byte[] expectedSharedKeyBytes = TestUtils.hexStringToByteArray(EXPECTED_SHARED_KEY);
assertTrue(Arrays.equals(expectedSharedKeyBytes, sharedKeyBytes));
}
@Test
public void testGetSharedkeyWithInvalidRemoteKey() throws Exception {
- byte[] remotePublicKey = TestUtils.hexStringToByteArray(REMOTE_PUBLIC_KEY_1024);
- PrivateKey privateKey =
- getModpPrivateKey(IkeDhParams.PRIME_1024_BIT_MODP, LOCAL_PRIVATE_KEY_1024_X_VALUE);
+ byte[] remotePublicKey = TestUtils.hexStringToByteArray(PRIME_1024_BIT_MODP_160_SUBGROUP);
try {
- byte[] sharedKeyBytes =
- IkeKePayload.getSharedKey(
- privateKey, remotePublicKey, SaProposal.DH_GROUP_1536_BIT_MODP);
+ byte[] sharedKeyBytes = IkeKePayload.getSharedKey(mPrivateKeySpec, remotePublicKey);
fail("Expected to fail because of invalid remote public key.");
} catch (GeneralSecurityException expected) {
}
}
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testGetIkeCurveKePayload() throws Exception {
- IkeKePayload payload =
- IkeKePayload.createOutboundKePayload(
- SaProposal.DH_GROUP_CURVE_25519, createMockRandomFactory());
-
- final int expectedKeDataLen = 32;
-
- assertEquals(SaProposal.DH_GROUP_CURVE_25519, payload.dhGroup);
- assertEquals(expectedKeDataLen, payload.keyExchangeData.length);
- }
-
- @Test
- @SdkSuppress(minSdkVersion = 31, codeName = "S")
- public void testGetSharedKeyWithCurve25519() throws Exception {
- final String privateKeyHex =
- "302e020100300506032b656e0422042077076d0a7318a57d3c16c17251b26645"
- + "df4c2f87ebc0992ab177fba51db92c2a";
- final String publicKeyHex =
- "de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f";
- final String sharedKeyHex =
- "4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742";
-
- KeyFactory kf =
- KeyFactory.getInstance(KEY_EXCHANGE_ALGORITHM_CURVE, KEY_EXCHANGE_CURVE_PROVIDER);
- PrivateKey privateKey =
- kf.generatePrivate(
- new PKCS8EncodedKeySpec(TestUtils.hexStringToByteArray(privateKeyHex)));
-
- final byte[] sharedSecret =
- IkeKePayload.getSharedKey(
- privateKey,
- TestUtils.hexStringToByteArray(publicKeyHex),
- SaProposal.DH_GROUP_CURVE_25519);
-
- assertArrayEquals(TestUtils.hexStringToByteArray(sharedKeyHex), sharedSecret);
- }
}
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeMessageTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeMessageTest.java
index a6e5cf3..7f4785d 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeMessageTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeMessageTest.java
@@ -14,15 +14,15 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike.message;
+package com.android.internal.net.ipsec.ike.message;
-import static com.android.internal.net.ipsec.test.ike.message.IkeMessage.DECODE_STATUS_OK;
-import static com.android.internal.net.ipsec.test.ike.message.IkeMessage.DECODE_STATUS_PROTECTED_ERROR;
-import static com.android.internal.net.ipsec.test.ike.message.IkeMessage.DECODE_STATUS_UNPROTECTED_ERROR;
-import static com.android.internal.net.ipsec.test.ike.message.IkePayload.PAYLOAD_TYPE_AUTH;
-import static com.android.internal.net.ipsec.test.ike.message.IkePayload.PAYLOAD_TYPE_ID_INITIATOR;
-import static com.android.internal.net.ipsec.test.ike.message.IkePayload.PAYLOAD_TYPE_NO_NEXT;
-import static com.android.internal.net.ipsec.test.ike.message.IkeTestUtils.makeDummySkfPayload;
+import static com.android.internal.net.ipsec.ike.message.IkeMessage.DECODE_STATUS_OK;
+import static com.android.internal.net.ipsec.ike.message.IkeMessage.DECODE_STATUS_PROTECTED_ERROR;
+import static com.android.internal.net.ipsec.ike.message.IkeMessage.DECODE_STATUS_UNPROTECTED_ERROR;
+import static com.android.internal.net.ipsec.ike.message.IkePayload.PAYLOAD_TYPE_AUTH;
+import static com.android.internal.net.ipsec.ike.message.IkePayload.PAYLOAD_TYPE_ID_INITIATOR;
+import static com.android.internal.net.ipsec.ike.message.IkePayload.PAYLOAD_TYPE_NO_NEXT;
+import static com.android.internal.net.ipsec.ike.message.IkeTestUtils.makeDummySkfPayload;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -44,21 +44,21 @@
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
-import android.net.ipsec.test.ike.exceptions.IkeException;
-import android.net.ipsec.test.ike.exceptions.IkeInternalException;
-import android.net.ipsec.test.ike.exceptions.InvalidMessageIdException;
-import android.net.ipsec.test.ike.exceptions.InvalidSyntaxException;
-import android.net.ipsec.test.ike.exceptions.UnsupportedCriticalPayloadException;
+import android.net.ipsec.ike.exceptions.IkeException;
+import android.net.ipsec.ike.exceptions.IkeInternalException;
import com.android.internal.net.TestUtils;
-import com.android.internal.net.ipsec.test.ike.SaRecord.IkeSaRecord;
-import com.android.internal.net.ipsec.test.ike.crypto.IkeMacIntegrity;
-import com.android.internal.net.ipsec.test.ike.crypto.IkeNormalModeCipher;
-import com.android.internal.net.ipsec.test.ike.message.IkeMessage.DecodeResult;
-import com.android.internal.net.ipsec.test.ike.message.IkeMessage.DecodeResultError;
-import com.android.internal.net.ipsec.test.ike.message.IkeMessage.DecodeResultOk;
-import com.android.internal.net.ipsec.test.ike.message.IkeMessage.DecodeResultPartial;
-import com.android.internal.net.ipsec.test.ike.message.IkePayloadFactory.IIkePayloadDecoder;
+import com.android.internal.net.ipsec.ike.SaRecord.IkeSaRecord;
+import com.android.internal.net.ipsec.ike.crypto.IkeMacIntegrity;
+import com.android.internal.net.ipsec.ike.crypto.IkeNormalModeCipher;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidMessageIdException;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidSyntaxException;
+import com.android.internal.net.ipsec.ike.exceptions.UnsupportedCriticalPayloadException;
+import com.android.internal.net.ipsec.ike.message.IkeMessage.DecodeResult;
+import com.android.internal.net.ipsec.ike.message.IkeMessage.DecodeResultError;
+import com.android.internal.net.ipsec.ike.message.IkeMessage.DecodeResultOk;
+import com.android.internal.net.ipsec.ike.message.IkeMessage.DecodeResultPartial;
+import com.android.internal.net.ipsec.ike.message.IkePayloadFactory.IIkePayloadDecoder;
import org.junit.After;
import org.junit.Before;
@@ -348,7 +348,7 @@
IkeTestUtils.decodeAndVerifyUnprotectedErrorMsg(
inputPacket, UnsupportedCriticalPayloadException.class);
- assertEquals(1, exception.getUnsupportedCriticalPayloadList().size());
+ assertEquals(1, exception.payloadTypeList.size());
}
@Test
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeNoncePayloadTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeNoncePayloadTest.java
index a4d7ad0..dd92a45 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeNoncePayloadTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeNoncePayloadTest.java
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike.message;
+package com.android.internal.net.ipsec.ike.message;
import static org.junit.Assert.assertArrayEquals;
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeNotifyPayloadTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeNotifyPayloadTest.java
index d1ddf81..0b3c358 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeNotifyPayloadTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeNotifyPayloadTest.java
@@ -14,25 +14,11 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike.message;
+package com.android.internal.net.ipsec.ike.message;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_AUTHENTICATION_FAILED;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_CHILD_SA_NOT_FOUND;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_FAILED_CP_REQUIRED;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_INTERNAL_ADDRESS_FAILURE;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_INVALID_IKE_SPI;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_INVALID_KE_PAYLOAD;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_INVALID_SELECTORS;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_INVALID_SYNTAX;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_NO_ADDITIONAL_SAS;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_NO_PROPOSAL_CHOSEN;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_SINGLE_PAIR_REQUIRED;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_TEMPORARY_FAILURE;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_TS_UNACCEPTABLE;
-import static android.net.ipsec.test.ike.exceptions.IkeProtocolException.ERROR_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD;
-
-import static com.android.internal.net.ipsec.test.ike.message.IkeNotifyPayload.NOTIFY_TYPE_COOKIE;
-import static com.android.internal.net.ipsec.test.ike.message.IkeNotifyPayload.NOTIFY_TYPE_COOKIE2;
+import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_AUTHENTICATION_FAILED;
+import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_INVALID_KE_PAYLOAD;
+import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -40,30 +26,19 @@
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import android.net.ipsec.test.ike.SaProposal;
-import android.net.ipsec.test.ike.exceptions.AuthenticationFailedException;
-import android.net.ipsec.test.ike.exceptions.ChildSaNotFoundException;
-import android.net.ipsec.test.ike.exceptions.FailedCpRequiredException;
-import android.net.ipsec.test.ike.exceptions.IkeProtocolException;
-import android.net.ipsec.test.ike.exceptions.InternalAddressFailureException;
-import android.net.ipsec.test.ike.exceptions.InvalidIkeSpiException;
-import android.net.ipsec.test.ike.exceptions.InvalidKeException;
-import android.net.ipsec.test.ike.exceptions.InvalidSelectorsException;
-import android.net.ipsec.test.ike.exceptions.InvalidSyntaxException;
-import android.net.ipsec.test.ike.exceptions.NoAdditionalSasException;
-import android.net.ipsec.test.ike.exceptions.NoValidProposalChosenException;
-import android.net.ipsec.test.ike.exceptions.SinglePairRequiredException;
-import android.net.ipsec.test.ike.exceptions.TemporaryFailureException;
-import android.net.ipsec.test.ike.exceptions.TsUnacceptableException;
-import android.net.ipsec.test.ike.exceptions.UnrecognizedIkeProtocolException;
+import android.net.ipsec.ike.SaProposal;
+import android.net.ipsec.ike.exceptions.IkeProtocolException;
import com.android.internal.net.TestUtils;
+import com.android.internal.net.ipsec.ike.exceptions.AuthenticationFailedException;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidKeException;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidSyntaxException;
+import com.android.internal.net.ipsec.ike.exceptions.UnrecognizedIkeProtocolException;
import org.junit.Test;
import java.net.InetAddress;
import java.nio.ByteBuffer;
-import java.util.Random;
public final class IkeNotifyPayloadTest {
private static final String NOTIFY_NAT_DETECTION_PAYLOAD_HEX_STRING =
@@ -72,19 +47,9 @@
"00004004e54f73b7d83f6beb881eab2051d8663f421d10b0";
private static final String NAT_DETECTION_DATA_HEX_STRING =
"e54f73b7d83f6beb881eab2051d8663f421d10b0";
- private static final String PACKET_INFO_HEX_STRING =
- "4500009cafcd4000403208adc0a80064c0a800012ad4c0a200000001";
-
- private static final int COOKIE_INVALID_DATA_LEN_SMALL = 0;
- private static final int COOKIE_INVALID_DATA_LEN_LARGE = 65;
- private static final int COOKIE_DATA_LEN = 64;
-
- private static final int COOKIE2_INVALID_DATA_LEN_SMALL = 7;
- private static final int COOKIE2_INVALID_DATA_LEN_LARGE = 65;
- private static final int COOKIE2_DATA_LEN = 64;
private static final String NOTIFY_REKEY_PAYLOAD_BODY_HEX_STRING = "030440092ad4c0a2";
- private static final int CHILD_SPI = 0x2ad4c0a2;
+ private static final int REKEY_SPI = 0x2ad4c0a2;
private static final String IKE_INITIATOR_SPI_HEX_STRING = "5f54bf6d8b48e6e1";
private static final String IKE_RESPODNER_SPI_HEX_STRING = "0000000000000000";
@@ -115,7 +80,7 @@
assertEquals(IkePayload.PROTOCOL_ID_ESP, payload.protocolId);
assertEquals(IkePayload.SPI_LEN_IPSEC, payload.spiSize);
assertEquals(IkeNotifyPayload.NOTIFY_TYPE_REKEY_SA, payload.notifyType);
- assertEquals(CHILD_SPI, payload.spi);
+ assertEquals(REKEY_SPI, payload.spi);
assertArrayEquals(new byte[0], payload.notifyData);
}
@@ -133,52 +98,6 @@
assertArrayEquals(expectedBytes, netDetectionData);
}
- private void verifyHandleCookieAndGenerateCopy(boolean isCookie2, int dataLen)
- throws Exception {
- final byte[] cookieData = new byte[dataLen];
- new Random().nextBytes(cookieData);
- int cookieType = isCookie2 ? NOTIFY_TYPE_COOKIE2 : NOTIFY_TYPE_COOKIE;
- IkeNotifyPayload inboundCookieNotify = new IkeNotifyPayload(cookieType, cookieData);
-
- IkeNotifyPayload outboundCookieNotify =
- isCookie2
- ? IkeNotifyPayload.handleCookie2AndGenerateCopy(inboundCookieNotify)
- : IkeNotifyPayload.handleCookieAndGenerateCopy(inboundCookieNotify);
-
- assertArrayEquals(cookieData, outboundCookieNotify.notifyData);
- assertEquals(cookieType, outboundCookieNotify.notifyType);
- }
-
- @Test
- public void testHandleCookieAndGenerateCopy() throws Exception {
- verifyHandleCookieAndGenerateCopy(false /* isCookie2 */, COOKIE_DATA_LEN);
- }
-
- @Test(expected = InvalidSyntaxException.class)
- public void testHandleCookieWithTooSmallLengthOfData() throws Exception {
- verifyHandleCookieAndGenerateCopy(false /* isCookie2 */, COOKIE_INVALID_DATA_LEN_SMALL);
- }
-
- @Test(expected = InvalidSyntaxException.class)
- public void testHandleCookieWithTooLargeLengthOfData() throws Exception {
- verifyHandleCookieAndGenerateCopy(false /* isCookie2 */, COOKIE_INVALID_DATA_LEN_SMALL);
- }
-
- @Test
- public void testHandleCookie2AndGenerateCopy() throws Exception {
- verifyHandleCookieAndGenerateCopy(true /* isCookie2 */, COOKIE2_DATA_LEN);
- }
-
- @Test(expected = InvalidSyntaxException.class)
- public void testHandleCookie2WithTooSmallLengthOfData() throws Exception {
- verifyHandleCookieAndGenerateCopy(true /* isCookie2 */, COOKIE2_INVALID_DATA_LEN_SMALL);
- }
-
- @Test(expected = InvalidSyntaxException.class)
- public void testHandleCookie2WithTooLargeLengthOfData() throws Exception {
- verifyHandleCookieAndGenerateCopy(true /* isCookie2 */, COOKIE2_INVALID_DATA_LEN_SMALL);
- }
-
@Test
public void testBuildIkeErrorNotifyWithData() throws Exception {
int payloadType = 1;
@@ -252,117 +171,17 @@
}
@Test
- public void testValidateAndBuildInvalidSelectorsException() throws Exception {
- byte[] packetInfoBytes = TestUtils.hexStringToByteArray(PACKET_INFO_HEX_STRING);
+ public void testValidateAndBuildIkeExceptionWithoutData() throws Exception {
+ // Invalid Syntax
+ IkeNotifyPayload payload = new IkeNotifyPayload(ERROR_TYPE_AUTHENTICATION_FAILED);
+ IkeProtocolException exception = payload.validateAndBuildIkeException();
- IkeNotifyPayload errNotify =
- new IkeNotifyPayload(
- IkePayload.PROTOCOL_ID_ESP,
- CHILD_SPI,
- ERROR_TYPE_INVALID_SELECTORS,
- packetInfoBytes);
-
- InvalidSelectorsException exception =
- (InvalidSelectorsException) errNotify.validateAndBuildIkeException();
-
- assertEquals(ERROR_TYPE_INVALID_SELECTORS, exception.getErrorType());
- assertEquals(CHILD_SPI, exception.getIpSecSpi());
- assertArrayEquals(packetInfoBytes, exception.getIpSecPacketInfo());
- }
-
- private <T extends IkeProtocolException> void verifyValidateAndBuildIkeExceptionWithoutData(
- int errorType, Class<T> exceptionClass) throws Exception {
- IkeNotifyPayload payload = new IkeNotifyPayload(errorType);
- verifyIkeExceptionWithoutData(
- payload.validateAndBuildIkeException(), errorType, exceptionClass);
- }
-
- private <T extends IkeProtocolException> void verifyIkeExceptionWithoutData(
- IkeProtocolException exception, int errorType, Class<T> exceptionClass)
- throws Exception {
- assertTrue(exceptionClass.isInstance(exception));
- assertEquals(errorType, exception.getErrorType());
+ assertTrue(exception instanceof AuthenticationFailedException);
+ assertEquals(ERROR_TYPE_AUTHENTICATION_FAILED, exception.getErrorType());
assertArrayEquals(new byte[0], exception.getErrorData());
}
@Test
- public void testValidateAndBuildAuthFailException() throws Exception {
- verifyValidateAndBuildIkeExceptionWithoutData(
- ERROR_TYPE_AUTHENTICATION_FAILED, AuthenticationFailedException.class);
- }
-
- @Test
- public void testValidateAndBuildInvalidIkeSpiException() throws Exception {
- verifyValidateAndBuildIkeExceptionWithoutData(
- ERROR_TYPE_INVALID_IKE_SPI, InvalidIkeSpiException.class);
- }
-
- @Test
- public void testValidateAndBuildInvalidSyntaxException() throws Exception {
- verifyValidateAndBuildIkeExceptionWithoutData(
- ERROR_TYPE_INVALID_SYNTAX, InvalidSyntaxException.class);
- }
-
- @Test
- public void testValidateAndBuildNoProposalChosenException() throws Exception {
- verifyValidateAndBuildIkeExceptionWithoutData(
- ERROR_TYPE_NO_PROPOSAL_CHOSEN, NoValidProposalChosenException.class);
- }
-
- @Test
- public void testValidateAndBuildSinglePairRequiredException() throws Exception {
- verifyValidateAndBuildIkeExceptionWithoutData(
- ERROR_TYPE_SINGLE_PAIR_REQUIRED, SinglePairRequiredException.class);
- }
-
- @Test
- public void testValidateAndBuildNoAdditionalSasException() throws Exception {
- verifyValidateAndBuildIkeExceptionWithoutData(
- ERROR_TYPE_NO_ADDITIONAL_SAS, NoAdditionalSasException.class);
- }
-
- @Test
- public void testValidateAndBuildInternalAddressFailException() throws Exception {
- verifyValidateAndBuildIkeExceptionWithoutData(
- ERROR_TYPE_INTERNAL_ADDRESS_FAILURE, InternalAddressFailureException.class);
- }
-
- @Test
- public void testValidateAndBuildTsUnacceptableException() throws Exception {
- verifyValidateAndBuildIkeExceptionWithoutData(
- ERROR_TYPE_TS_UNACCEPTABLE, TsUnacceptableException.class);
- }
-
- @Test
- public void testValidateAndBuildTemporaryFailureException() throws Exception {
- verifyValidateAndBuildIkeExceptionWithoutData(
- ERROR_TYPE_TEMPORARY_FAILURE, TemporaryFailureException.class);
- }
-
- @Test
- public void testValidateAndBuildFailedCpRequiredException() throws Exception {
- verifyValidateAndBuildIkeExceptionWithoutData(
- ERROR_TYPE_FAILED_CP_REQUIRED, FailedCpRequiredException.class);
- }
-
- @Test
- public void testValidateAndBuildChildSaNotFoundException() throws Exception {
- IkeNotifyPayload errNotify =
- new IkeNotifyPayload(
- IkePayload.PROTOCOL_ID_ESP,
- CHILD_SPI,
- ERROR_TYPE_CHILD_SA_NOT_FOUND,
- new byte[0]);
- ChildSaNotFoundException exception =
- (ChildSaNotFoundException) errNotify.validateAndBuildIkeException();
-
- verifyIkeExceptionWithoutData(
- exception, ERROR_TYPE_CHILD_SA_NOT_FOUND, ChildSaNotFoundException.class);
-
- assertEquals(CHILD_SPI, exception.getIpSecSpi());
- }
-
- @Test
public void testValidateAndBuildUnrecognizedIkeException() throws Exception {
int unrecognizedType = 0;
IkeNotifyPayload payload = new IkeNotifyPayload(unrecognizedType);
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeSaPayloadTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeSaPayloadTest.java
index 4ddba3f..331b4d8 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeSaPayloadTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeSaPayloadTest.java
@@ -14,15 +14,7 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike.message;
-
-import static android.net.ipsec.test.ike.SaProposal.DH_GROUP_1024_BIT_MODP;
-import static android.net.ipsec.test.ike.SaProposal.DH_GROUP_2048_BIT_MODP;
-import static android.net.ipsec.test.ike.SaProposal.DH_GROUP_3072_BIT_MODP;
-import static android.net.ipsec.test.ike.SaProposal.ENCRYPTION_ALGORITHM_AES_CBC;
-import static android.net.ipsec.test.ike.SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA2_512_256;
-import static android.net.ipsec.test.ike.SaProposal.KEY_LEN_AES_128;
-import static android.net.ipsec.test.ike.SaProposal.KEY_LEN_AES_256;
+package com.android.internal.net.ipsec.ike.message;
import static com.android.internal.net.TestUtils.createMockRandomFactory;
@@ -45,34 +37,33 @@
import android.net.InetAddresses;
import android.net.IpSecManager;
import android.net.IpSecSpiResponse;
-import android.net.ipsec.test.ike.ChildSaProposal;
-import android.net.ipsec.test.ike.IkeSaProposal;
-import android.net.ipsec.test.ike.SaProposal;
-import android.net.ipsec.test.ike.exceptions.IkeProtocolException;
-import android.net.ipsec.test.ike.exceptions.InvalidKeException;
-import android.net.ipsec.test.ike.exceptions.InvalidSyntaxException;
-import android.net.ipsec.test.ike.exceptions.NoValidProposalChosenException;
+import android.net.ipsec.ike.ChildSaProposal;
+import android.net.ipsec.ike.IkeSaProposal;
+import android.net.ipsec.ike.SaProposal;
+import android.net.ipsec.ike.exceptions.IkeProtocolException;
import android.util.Pair;
import com.android.internal.net.TestUtils;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.Attribute;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.AttributeDecoder;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.ChildProposal;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.DhGroupTransform;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.EncryptionTransform;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.EsnTransform;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.IkeProposal;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.IntegrityTransform;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.KeyLengthAttribute;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.PrfTransform;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.Proposal;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.Transform;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.TransformDecoder;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.UnrecognizedAttribute;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.UnrecognizedTransform;
-import com.android.internal.net.ipsec.test.ike.testutils.MockIpSecTestUtils;
-import com.android.internal.net.ipsec.test.ike.utils.IkeSpiGenerator;
-import com.android.internal.net.ipsec.test.ike.utils.IpSecSpiGenerator;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidSyntaxException;
+import com.android.internal.net.ipsec.ike.exceptions.NoValidProposalChosenException;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.Attribute;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.AttributeDecoder;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.ChildProposal;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.DhGroupTransform;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.EncryptionTransform;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.EsnTransform;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.IkeProposal;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.IntegrityTransform;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.KeyLengthAttribute;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.PrfTransform;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.Proposal;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.Transform;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.TransformDecoder;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.UnrecognizedAttribute;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.UnrecognizedTransform;
+import com.android.internal.net.ipsec.ike.testutils.MockIpSecTestUtils;
+import com.android.internal.net.ipsec.ike.utils.IkeSpiGenerator;
+import com.android.internal.net.ipsec.ike.utils.IpSecSpiGenerator;
import com.android.server.IpSecService;
import org.junit.After;
@@ -956,7 +947,7 @@
final String saPayloadBodyHex =
"0000002c010100040300000c0100000c800e0080030000080300000c"
- + "0300000802000005000000080400005f";
+ + "0300000802000005000000080400001f";
IkeSaPayload saPayload =
new IkeSaPayload(
false /* isCritical*/,
@@ -966,100 +957,4 @@
DhGroupTransform unsupportedDh = proposal.saProposal.getDhGroupTransforms()[0];
assertFalse(unsupportedDh.isSupported);
}
-
- private List<ChildSaProposal> getDefaultCallerConfiguredProposals() {
- ChildSaProposal callerConfiguredProposal =
- new ChildSaProposal.Builder()
- .addEncryptionAlgorithm(ENCRYPTION_ALGORITHM_AES_CBC, KEY_LEN_AES_256)
- .addIntegrityAlgorithm(INTEGRITY_ALGORITHM_HMAC_SHA2_512_256)
- .build();
- return Arrays.asList(mChildSaProposalOne, mChildSaProposalTwo, callerConfiguredProposal);
- }
-
- private ChildSaProposal verifyAndGetNegotiatedChildProposalWithDh(
- List<ChildSaProposal> callerConfiguredProposals, int reqKePayloadDh, int ikeDh)
- throws Exception {
- Proposal.resetTransformDecoder();
- Transform.resetAttributeDecoder();
-
- ChildSaProposal currentProposal =
- new ChildSaProposal.Builder()
- .addEncryptionAlgorithm(ENCRYPTION_ALGORITHM_AES_CBC, KEY_LEN_AES_256)
- .addIntegrityAlgorithm(INTEGRITY_ALGORITHM_HMAC_SHA2_512_256)
- .build();
-
- // ESP:ENCR_AES_CBC(256)|AUTH_HMAC_SHA2_512_256|DH_2048_BIT_MODP|
- // DH_3072_BIT_MODP|DH_4096_BIT_MODP|DH(17)|DH(18)|ESN_No_Extended
- final String inboundRequestSaPayload =
- "00000050010304080f1180010300000c0100000c800e010003000008"
- + "0300000e030000080400000e030000080400000f0300000804000010"
- + "030000080400001103000008040000120000000805000000";
- IkeSaPayload reqSaPayload =
- new IkeSaPayload(
- false /* isCritical*/,
- false /* isResp */,
- TestUtils.hexStringToByteArray(inboundRequestSaPayload));
-
- return reqSaPayload.getNegotiatedChildProposalWithDh(
- currentProposal, callerConfiguredProposals, reqKePayloadDh, ikeDh);
- }
-
- @Test
- public void testGetNegotiatedChildProposalWithDhAcceptsIkeDh() throws Exception {
- ChildSaProposal resultProposal =
- verifyAndGetNegotiatedChildProposalWithDh(
- getDefaultCallerConfiguredProposals(),
- DH_GROUP_2048_BIT_MODP,
- DH_GROUP_2048_BIT_MODP);
-
- ChildSaProposal expected =
- new ChildSaProposal.Builder()
- .addEncryptionAlgorithm(ENCRYPTION_ALGORITHM_AES_CBC, KEY_LEN_AES_256)
- .addIntegrityAlgorithm(INTEGRITY_ALGORITHM_HMAC_SHA2_512_256)
- .addDhGroup(DH_GROUP_2048_BIT_MODP)
- .build();
-
- assertEquals(expected, resultProposal);
- }
-
- @Test
- public void testGetNegotiatedChildProposalWithDhAcceptsConfiguredDh() throws Exception {
- ChildSaProposal configuredProposal =
- new ChildSaProposal.Builder()
- .addEncryptionAlgorithm(ENCRYPTION_ALGORITHM_AES_CBC, KEY_LEN_AES_128)
- .addEncryptionAlgorithm(ENCRYPTION_ALGORITHM_AES_CBC, KEY_LEN_AES_256)
- .addIntegrityAlgorithm(INTEGRITY_ALGORITHM_HMAC_SHA2_512_256)
- .addDhGroup(DH_GROUP_3072_BIT_MODP)
- .build();
- List<ChildSaProposal> callerConfiguredProposals =
- Arrays.asList(mChildSaProposalOne, mChildSaProposalTwo, configuredProposal);
-
- ChildSaProposal resultProposal =
- verifyAndGetNegotiatedChildProposalWithDh(
- callerConfiguredProposals, DH_GROUP_3072_BIT_MODP, DH_GROUP_2048_BIT_MODP);
-
- ChildSaProposal expected =
- new ChildSaProposal.Builder()
- .addEncryptionAlgorithm(ENCRYPTION_ALGORITHM_AES_CBC, KEY_LEN_AES_256)
- .addIntegrityAlgorithm(INTEGRITY_ALGORITHM_HMAC_SHA2_512_256)
- .addDhGroup(DH_GROUP_3072_BIT_MODP)
- .build();
- assertEquals(expected, resultProposal);
- }
-
- @Test(expected = InvalidKeException.class)
- public void testGetNegotiatedChildProposalWithDhThrowsInvalidKeException() throws Exception {
- verifyAndGetNegotiatedChildProposalWithDh(
- getDefaultCallerConfiguredProposals(),
- DH_GROUP_3072_BIT_MODP,
- DH_GROUP_2048_BIT_MODP);
- }
-
- @Test(expected = NoValidProposalChosenException.class)
- public void testGetNegotiatedChildProposalWithDhThrowsNoProposalException() throws Exception {
- verifyAndGetNegotiatedChildProposalWithDh(
- getDefaultCallerConfiguredProposals(),
- DH_GROUP_2048_BIT_MODP,
- DH_GROUP_1024_BIT_MODP);
- }
}
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeSkPayloadTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeSkPayloadTest.java
index 9a9101e..39ae133 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeSkPayloadTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeSkPayloadTest.java
@@ -14,17 +14,17 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike.message;
+package com.android.internal.net.ipsec.ike.message;
import static org.junit.Assert.assertArrayEquals;
-import android.net.ipsec.test.ike.SaProposal;
+import android.net.ipsec.ike.SaProposal;
import com.android.internal.net.TestUtils;
-import com.android.internal.net.ipsec.test.ike.crypto.IkeCipher;
-import com.android.internal.net.ipsec.test.ike.crypto.IkeMacIntegrity;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.EncryptionTransform;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.IntegrityTransform;
+import com.android.internal.net.ipsec.ike.crypto.IkeCipher;
+import com.android.internal.net.ipsec.ike.crypto.IkeMacIntegrity;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.EncryptionTransform;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.IntegrityTransform;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeSkfPayloadTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeSkfPayloadTest.java
index 5abb6f5..57bf498 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeSkfPayloadTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeSkfPayloadTest.java
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike.message;
+package com.android.internal.net.ipsec.ike.message;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -23,15 +23,15 @@
import static org.mockito.Mockito.doReturn;
import static org.mockito.Mockito.spy;
-import android.net.ipsec.test.ike.SaProposal;
-import android.net.ipsec.test.ike.exceptions.InvalidSyntaxException;
+import android.net.ipsec.ike.SaProposal;
import com.android.internal.net.TestUtils;
-import com.android.internal.net.ipsec.test.ike.crypto.IkeCipher;
-import com.android.internal.net.ipsec.test.ike.crypto.IkeMacIntegrity;
-import com.android.internal.net.ipsec.test.ike.crypto.IkeNormalModeCipher;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.EncryptionTransform;
-import com.android.internal.net.ipsec.test.ike.message.IkeSaPayload.IntegrityTransform;
+import com.android.internal.net.ipsec.ike.crypto.IkeCipher;
+import com.android.internal.net.ipsec.ike.crypto.IkeMacIntegrity;
+import com.android.internal.net.ipsec.ike.crypto.IkeNormalModeCipher;
+import com.android.internal.net.ipsec.ike.exceptions.InvalidSyntaxException;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.EncryptionTransform;
+import com.android.internal.net.ipsec.ike.message.IkeSaPayload.IntegrityTransform;
import org.junit.Before;
import org.junit.Test;
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeTestUtils.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeTestUtils.java
index 0456765..087041c 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeTestUtils.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeTestUtils.java
@@ -14,9 +14,9 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike.message;
+package com.android.internal.net.ipsec.ike.message;
-import static com.android.internal.net.ipsec.test.ike.message.IkeMessage.DECODE_STATUS_UNPROTECTED_ERROR;
+import static com.android.internal.net.ipsec.ike.message.IkeMessage.DECODE_STATUS_UNPROTECTED_ERROR;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
@@ -24,12 +24,12 @@
import static org.mockito.Mockito.doReturn;
import static org.mockito.Mockito.mock;
-import android.net.ipsec.test.ike.exceptions.IkeProtocolException;
+import android.net.ipsec.ike.exceptions.IkeProtocolException;
import android.util.Pair;
import com.android.internal.net.TestUtils;
-import com.android.internal.net.ipsec.test.ike.message.IkeMessage.DecodeResult;
-import com.android.internal.net.ipsec.test.ike.message.IkeMessage.DecodeResultError;
+import com.android.internal.net.ipsec.ike.message.IkeMessage.DecodeResult;
+import com.android.internal.net.ipsec.ike.message.IkeMessage.DecodeResultError;
import java.nio.ByteBuffer;
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeTsPayloadTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeTsPayloadTest.java
index 63937c3..3eb5020 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeTsPayloadTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/message/IkeTsPayloadTest.java
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike.message;
+package com.android.internal.net.ipsec.ike.message;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -22,7 +22,7 @@
import static org.junit.Assert.assertTrue;
import android.net.InetAddresses;
-import android.net.ipsec.test.ike.IkeTrafficSelector;
+import android.net.ipsec.ike.IkeTrafficSelector;
import com.android.internal.net.TestUtils;
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/net/IkeDefaultNetworkCallbackTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/net/IkeDefaultNetworkCallbackTest.java
deleted file mode 100644
index 39be37f..0000000
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/net/IkeDefaultNetworkCallbackTest.java
+++ /dev/null
@@ -1,141 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.ipsec.test.ike.net;
-
-import static org.mockito.Matchers.any;
-import static org.mockito.Matchers.eq;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.never;
-import static org.mockito.Mockito.verify;
-
-import android.net.InetAddresses;
-import android.net.LinkAddress;
-import android.net.LinkProperties;
-import android.net.Network;
-
-import org.junit.Before;
-import org.junit.Test;
-
-import java.net.Inet4Address;
-import java.net.InetAddress;
-
-public class IkeDefaultNetworkCallbackTest {
- // Addresses in the IPv4 Documentation Address Blocks (RFC 5737 Section 3)
- private static final InetAddress CURR_ADDRESS = InetAddresses.parseNumericAddress("192.0.2.0");
- private static final InetAddress CURR_ADDRESS_V6 =
- InetAddresses.parseNumericAddress("2001:db8::2");
- private static final InetAddress UPDATED_ADDRESS =
- InetAddresses.parseNumericAddress("192.0.2.1");
-
- private static final int IPV4_PREFIX_LEN = 32;
- private static final int IPV6_PREFIX_LEN = 64;
-
- private Network mMockNetwork;
- private IkeNetworkUpdater mMockIkeNetworkUpdater;
-
- private InetAddress mCurrAddress;
- private IkeDefaultNetworkCallback mNetworkCallback;
-
- @Before
- public void setUp() throws Exception {
- mMockNetwork = mock(Network.class);
- mMockIkeNetworkUpdater = mock(IkeNetworkUpdater.class);
-
- mCurrAddress = CURR_ADDRESS;
- mNetworkCallback =
- new IkeDefaultNetworkCallback(mMockIkeNetworkUpdater, mMockNetwork, mCurrAddress);
- }
-
- @Test
- public void testOnAvailable() {
- Network updatedNetwork = mock(Network.class);
-
- mNetworkCallback.onAvailable(updatedNetwork);
-
- verify(mMockIkeNetworkUpdater).onUnderlyingNetworkUpdated(eq(updatedNetwork));
- }
-
- @Test
- public void testOnAvailableCurrentNetwork() {
- mNetworkCallback.onAvailable(mMockNetwork);
-
- verify(mMockIkeNetworkUpdater, never()).onUnderlyingNetworkUpdated(any());
- }
-
- @Test
- public void testOnLost() {
- mNetworkCallback.onLost(mMockNetwork);
-
- verify(mMockIkeNetworkUpdater).onUnderlyingNetworkDied();
- }
-
- @Test
- public void testOnLostWrongNetwork() {
- mNetworkCallback.onLost(mock(Network.class));
-
- verify(mMockIkeNetworkUpdater, never()).onUnderlyingNetworkDied();
- }
-
- @Test
- public void testOnLinkPropertiesChanged() throws Exception {
- mNetworkCallback.onLinkPropertiesChanged(
- mMockNetwork, getLinkPropertiesWithAddresses(UPDATED_ADDRESS));
-
- verify(mMockIkeNetworkUpdater).onUnderlyingNetworkUpdated(eq(mMockNetwork));
- }
-
- @Test
- public void testOnLinkPropertiesChangedWrongNetwork() throws Exception {
- mNetworkCallback.onLinkPropertiesChanged(
- mock(Network.class), getLinkPropertiesWithAddresses(UPDATED_ADDRESS));
-
- verify(mMockIkeNetworkUpdater, never()).onUnderlyingNetworkUpdated(any());
- }
-
- @Test
- public void testOnLinkPropertiesChangedNoAddressChange() throws Exception {
- mNetworkCallback.onLinkPropertiesChanged(
- mMockNetwork, getLinkPropertiesWithAddresses(CURR_ADDRESS));
-
- verify(mMockIkeNetworkUpdater, never()).onUnderlyingNetworkUpdated(any());
- }
-
- @Test
- public void testOnLinkPropertiesChangedNoAddressChangeIpv6() throws Exception {
- mCurrAddress = CURR_ADDRESS_V6;
- mNetworkCallback =
- new IkeDefaultNetworkCallback(mMockIkeNetworkUpdater, mMockNetwork, mCurrAddress);
-
- mNetworkCallback.onLinkPropertiesChanged(
- mMockNetwork, getLinkPropertiesWithAddresses(CURR_ADDRESS_V6));
-
- verify(mMockIkeNetworkUpdater, never()).onUnderlyingNetworkUpdated(any());
- }
-
- private LinkProperties getLinkPropertiesWithAddresses(InetAddress... addresses)
- throws Exception {
- LinkProperties linkProperties = new LinkProperties();
-
- for (InetAddress address : addresses) {
- int prefixLen = address instanceof Inet4Address ? IPV4_PREFIX_LEN : IPV6_PREFIX_LEN;
- linkProperties.addLinkAddress(new LinkAddress(address, prefixLen));
- }
- return linkProperties;
- }
-
- // TODO: b/194229855 Add tests for verifying stacked LinkProperties address change
-}
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/testmode/DeterministicSecureRandomTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/testmode/DeterministicSecureRandomTest.java
index fbde32f..b183a48 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/testmode/DeterministicSecureRandomTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/testmode/DeterministicSecureRandomTest.java
@@ -13,9 +13,9 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike.testmode;
+package com.android.internal.net.ipsec.ike.testmode;
-import static android.net.ipsec.test.ike.SaProposal.DH_GROUP_2048_BIT_MODP;
+import static android.net.ipsec.ike.SaProposal.DH_GROUP_2048_BIT_MODP;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -24,14 +24,14 @@
import static org.mockito.Mockito.doAnswer;
import static org.mockito.Mockito.mock;
-import com.android.internal.net.ipsec.test.ike.message.IkeKePayload;
-import com.android.internal.net.ipsec.test.ike.utils.RandomnessFactory;
+import com.android.internal.net.ipsec.ike.message.IkeKePayload;
+import com.android.internal.net.ipsec.ike.utils.RandomnessFactory;
import org.junit.Test;
import java.util.Arrays;
-import javax.crypto.interfaces.DHPrivateKey;
+import javax.crypto.spec.DHPrivateKeySpec;
public final class DeterministicSecureRandomTest {
private static final int BYTE_ARRAY_LEN = 20;
@@ -78,14 +78,14 @@
.when(rFactory)
.getRandom();
- IkeKePayload kePayloadOne =
- IkeKePayload.createOutboundKePayload(DH_GROUP_2048_BIT_MODP, rFactory);
- IkeKePayload kePayloadTwo =
- IkeKePayload.createOutboundKePayload(DH_GROUP_2048_BIT_MODP, rFactory);
+ IkeKePayload kePayloadOne = new IkeKePayload(DH_GROUP_2048_BIT_MODP, rFactory);
+ IkeKePayload kePayloadTwo = new IkeKePayload(DH_GROUP_2048_BIT_MODP, rFactory);
assertArrayEquals(kePayloadOne.keyExchangeData, kePayloadTwo.keyExchangeData);
- DHPrivateKey localPrivateKeyOne = (DHPrivateKey) kePayloadOne.localPrivateKey;
- DHPrivateKey localPrivateKeyTwo = (DHPrivateKey) kePayloadTwo.localPrivateKey;
+ DHPrivateKeySpec localPrivateKeyOne = kePayloadOne.localPrivateKey;
+ DHPrivateKeySpec localPrivateKeyTwo = kePayloadTwo.localPrivateKey;
+ assertEquals(localPrivateKeyOne.getG(), localPrivateKeyTwo.getG());
+ assertEquals(localPrivateKeyOne.getP(), localPrivateKeyTwo.getP());
assertEquals(localPrivateKeyOne.getX(), localPrivateKeyTwo.getX());
}
}
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/testutils/CertUtils.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/testutils/CertUtils.java
index 9a4e67f..63dd91a 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/testutils/CertUtils.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/testutils/CertUtils.java
@@ -14,30 +14,27 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike.testutils;
+package com.android.internal.net.ipsec.ike.testutils;
import android.content.Context;
import androidx.test.InstrumentationRegistry;
-import com.android.internal.net.ipsec.test.ike.utils.IkeCertUtils;
+import com.android.org.bouncycastle.util.io.pem.PemObject;
+import com.android.org.bouncycastle.util.io.pem.PemReader;
-import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
-import java.nio.charset.StandardCharsets;
+import java.security.KeyFactory;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
-import java.util.Base64;
-import java.util.stream.Collectors;
+import java.security.spec.PKCS8EncodedKeySpec;
/** CertUtils provides utility methods for creating X509 certificate and private key. */
public final class CertUtils {
private static final String PEM_FOLDER_NAME = "pem";
private static final String KEY_FOLDER_NAME = "key";
- private static final String NEW_LINE_CHAR = "\n";
- private static final String PEM_TYPE_PRIVATE_KEY = "-----(BEGIN|END) PRIVATE KEY-----";
/** Creates an X509Certificate with a pem file */
public static X509Certificate createCertFromPemFile(String fileName) throws Exception {
@@ -55,17 +52,10 @@
InputStream inputStream =
context.getResources().getAssets().open(KEY_FOLDER_NAME + "/" + fileName);
- String pemText =
- new BufferedReader(new InputStreamReader(inputStream, StandardCharsets.UTF_8))
- .lines()
- .collect(Collectors.joining(NEW_LINE_CHAR));
+ PemObject pemObject = new PemReader(new InputStreamReader(inputStream)).readPemObject();
- byte[] certificateBytes =
- Base64.getDecoder()
- .decode(
- pemText.replaceAll(PEM_TYPE_PRIVATE_KEY, "")
- .replaceAll(NEW_LINE_CHAR, "")
- .getBytes(StandardCharsets.UTF_8));
- return (RSAPrivateKey) IkeCertUtils.privateKeyFromByteArray(certificateBytes);
+ KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+ return (RSAPrivateKey)
+ keyFactory.generatePrivate(new PKCS8EncodedKeySpec(pemObject.getContent()));
}
}
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/testutils/MockIpSecTestUtils.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/testutils/MockIpSecTestUtils.java
index f6fee18..fb40d44 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/testutils/MockIpSecTestUtils.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/testutils/MockIpSecTestUtils.java
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike.testutils;
+package com.android.internal.net.ipsec.ike.testutils;
import static android.system.OsConstants.AF_INET;
import static android.system.OsConstants.IPPROTO_UDP;
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/utils/IkeAlarmTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/utils/IkeAlarmTest.java
deleted file mode 100644
index c9709af..0000000
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/utils/IkeAlarmTest.java
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.ipsec.test.ike.utils;
-
-import static com.android.internal.net.ipsec.test.ike.utils.IkeAlarm.Dependencies;
-import static com.android.internal.net.ipsec.test.ike.utils.IkeAlarm.IkeAlarmConfig;
-import static com.android.internal.net.ipsec.test.ike.utils.IkeAlarm.IkeAlarmWithListener;
-import static com.android.internal.net.ipsec.test.ike.utils.IkeAlarm.IkeAlarmWithPendingIntent;
-
-import static org.junit.Assert.assertTrue;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
-import android.app.AlarmManager;
-import android.app.PendingIntent;
-import android.content.Context;
-import android.os.Message;
-import android.os.Process;
-
-import org.junit.Before;
-import org.junit.Test;
-
-public class IkeAlarmTest {
- private static final String ALARM_TAG = "IkeAlarmTest.TEST_ALARM";
- private static final long ALARM_DELAY_MS = 1000;
-
- private Context mMockContext;
- private AlarmManager mMockAlarmMgr;
- private Message mMockMessage;
- private PendingIntent mMockPendingIntent;
- private Dependencies mMockDeps;
-
- private IkeAlarmConfig mAlarmConfig;
-
- @Before
- public void setUp() {
- mMockContext = mock(Context.class);
- mMockAlarmMgr = mock(AlarmManager.class);
- when(mMockContext.getSystemService(AlarmManager.class)).thenReturn(mMockAlarmMgr);
-
- mMockMessage = mock(Message.class);
- mMockPendingIntent = mock(PendingIntent.class);
- mMockDeps = mock(Dependencies.class);
-
- mAlarmConfig =
- new IkeAlarmConfig(
- mMockContext, ALARM_TAG, ALARM_DELAY_MS, mMockPendingIntent, mMockMessage);
- }
-
- @Test
- public void testNewExactAlarm() throws Exception {
- IkeAlarm alarm = IkeAlarm.newExactAlarm(mAlarmConfig, mMockDeps);
- assertTrue(alarm instanceof IkeAlarmWithListener);
- }
-
- @Test
- public void testNewExactAndAllowWhileIdleAlarmWithSystemUid() throws Exception {
- when(mMockDeps.getMyUid()).thenReturn(Process.SYSTEM_UID);
-
- IkeAlarm alarm = IkeAlarm.newExactAndAllowWhileIdleAlarm(mAlarmConfig, mMockDeps);
- assertTrue(alarm instanceof IkeAlarmWithListener);
- }
-
- @Test
- public void testNewExactAndAllowWhileIdleAlarmWithNonSystemUid() throws Exception {
- when(mMockDeps.getMyUid()).thenReturn(Process.SYSTEM_UID + 1);
-
- IkeAlarm alarm = IkeAlarm.newExactAndAllowWhileIdleAlarm(mAlarmConfig, mMockDeps);
- assertTrue(alarm instanceof IkeAlarmWithPendingIntent);
- }
-}
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/utils/IkeCertUtilsTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/utils/IkeCertUtilsTest.java
deleted file mode 100644
index 875ab22..0000000
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/utils/IkeCertUtilsTest.java
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.internal.net.ipsec.test.ike.utils;
-
-import static org.junit.Assert.assertArrayEquals;
-
-import com.android.internal.util.HexDump;
-
-import org.junit.Test;
-
-import java.security.PrivateKey;
-import java.security.cert.Certificate;
-
-public class IkeCertUtilsTest {
- private static final String PRIVATE_KEY_HEX =
- "30820154020100300D06092A864886F70D01010105000482013E3082013A0201"
- + "00024100A619747ECB62B7F5DC7A5917DA22A8A2C1AC676539AD4FA661647FF5"
- + "124863EA91DCE62B05EAAAB5DBE33CEBB67CD8C712DB0EFFF74246F771556771"
- + "DB40033D0203010001024029B1AC1783F064E3379412B7350F8C2B46D8831FDA"
- + "C9917BDF68BDE203D3DE1885368F67225B0A9B258E8784648988D00A3151D131"
- + "102DA1A05E5FCD033AA1F5022100D295A3EA422D1B6CD3C30D3DB2A73ACA64DC"
- + "D5A92715A1AE5D963E44ED0C4C5F022100C9EBCB8A43C2D5EA569B5279E62CF5"
- + "272187D53D8F174CDA6F9306B3793B95E302200F2EB4BBADFBBC8F73110C0257"
- + "C010D008C7972BF3E26E5EB8E69D24B10682F70221009CF41A6CC92B239859E5"
- + "B60066F8BF3EC183922F9D9060FED2079907DCCE823D022041021561129FE381"
- + "BD6A0874F6EB676A2C35D450B046BD0C10AB1D8959A4C3EA";
- private static final String CERTIFICATE_HEX =
- "308203473082022FA003020102020865272245468451A9300D06092A864886F7"
- + "0D01010B0500303D310B30090603550406130255533110300E060355040A1307"
- + "416E64726F6964311C301A0603550403131363612E746573742E616E64726F69"
- + "642E6E6574301E170D3139303731363137313833315A170D3234303731343137"
- + "313833315A3041310B30090603550406130255533110300E060355040A130741"
- + "6E64726F69643120301E060355040313177365727665722E746573742E616E64"
- + "726F69642E6E657430820122300D06092A864886F70D01010105000382010F00"
- + "3082010A0282010100E953933E73742049E8F935E09BA01E53E91D1768E0EAA3"
- + "F8696459234D7B7992EDA5BEC8A82D4D310B7F0AF42CA6EE43D4D2418C025D69"
- + "B5AB4C67653175EFEC0E22F2170620C7FFD39E20CD9F17435D863171935B7D5E"
- + "0445CB8F9937B1ABDB7CE8C9DE564C67849F5D10125CAF682815A14879B09496"
- + "3DC317CDBBFC94215A0579E0CF6DACF3863B2A11CB91EF1FE23138EB7C3D768B"
- + "BF2490671A386C2EA6FAA7904190A0640C2F19A80517D2A3545C8AB7D640569F"
- + "7BC108BBCA8F81CE6E48E780B81146D35E74D1213417A8528E51754660F0A1C2"
- + "0653133FF6B3A5A1D424742E33454DA0CC96C5099146C69F6EE265CF749DDE70"
- + "E9601761082C9979D30203010001A3473045301F0603551D2304183016801466"
- + "14CEEBD951A54997C99CC5E8EE16250D19C4DF30220603551D11041B30198217"
- + "7365727665722E746573742E616E64726F69642E6E6574300D06092A864886F7"
- + "0D01010B05000382010100726A303370BACC7368230D2CD377EE7F55380B8682"
- + "5F26E977160B14CD91DAF448915028553BDE1908B596A19C5E07489E8DA52AAC"
- + "BCFFC4226A782DF06CD3FB2DE8E25B6AA0500A0974EBCDB431A2571D8FEF089D"
- + "8974B8CB8F7E2183FE4F505558D36B23ECDC03270DDAE890944291E4A43770D5"
- + "D51D9A2254EAE885E1F38BC7B349E60C8F96E127619BA4EC3DFF83E4681A279D"
- + "036CF6C96393267691E62B8ABD71CDFE0F23D8227979E225C36E02360D680000"
- + "A1A1CA5DA87D36081B0151171198CBA0AB5042A585CFDC0D13C017B087680F88"
- + "0E781BB03504B29FE1660C9748FE6A407A76F3DEA6D356EAE5B531F24B27B4FA"
- + "78653FB5D389FC846A75CC";
-
- @Test
- public void testCreateCertificateFromByteArray() throws Exception {
- byte[] certBytes = HexDump.hexStringToByteArray(CERTIFICATE_HEX);
- Certificate cert = IkeCertUtils.certificateFromByteArray(certBytes);
-
- assertArrayEquals(certBytes, cert.getEncoded());
- }
-
- @Test
- public void testCreatePrivateKeyFromByteArray() throws Exception {
- byte[] keyBytes = HexDump.hexStringToByteArray(PRIVATE_KEY_HEX);
- PrivateKey key = IkeCertUtils.privateKeyFromByteArray(keyBytes);
-
- assertArrayEquals(keyBytes, key.getEncoded());
- }
-}
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/utils/RetransmitterTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/utils/RetransmitterTest.java
index 48c652e..bf0310c 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/utils/RetransmitterTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/utils/RetransmitterTest.java
@@ -14,9 +14,9 @@
* limitations under the License.
*/
-package com.android.internal.net.ipsec.test.ike.utils;
+package com.android.internal.net.ipsec.ike.utils;
-import static com.android.internal.net.ipsec.test.ike.IkeSessionStateMachine.CMD_RETRANSMIT;
+import static com.android.internal.net.ipsec.ike.IkeSessionStateMachine.CMD_RETRANSMIT;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
@@ -33,7 +33,7 @@
import android.os.Handler;
import android.os.Message;
-import com.android.internal.net.ipsec.test.ike.message.IkeMessage;
+import com.android.internal.net.ipsec.ike.message.IkeMessage;
import org.junit.Before;
import org.junit.Test;
@@ -54,7 +54,7 @@
}
@Override
- public void send() {
+ public void send(IkeMessage msg) {
mSendCallCount++;
}
diff --git a/tests/iketests/src/java/com/android/internal/net/utils/BigIntegerUtilsTest.java b/tests/iketests/src/java/com/android/internal/net/utils/BigIntegerUtilsTest.java
index 2cdf428..29bb313 100644
--- a/tests/iketests/src/java/com/android/internal/net/utils/BigIntegerUtilsTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/utils/BigIntegerUtilsTest.java
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-package com.android.internal.net.utils.test;
+package com.android.internal.net.utils;
import static org.junit.Assert.assertArrayEquals;
diff --git a/tests/iketests/src/java/com/android/internal/net/utils/LogTest.java b/tests/iketests/src/java/com/android/internal/net/utils/LogTest.java
index 96ec7e3..23305aa 100644
--- a/tests/iketests/src/java/com/android/internal/net/utils/LogTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/utils/LogTest.java
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-package com.android.internal.net.utils.test;
+package com.android.internal.net.utils;
import static org.junit.Assert.assertEquals;
diff --git a/tests/iketests/src/java/com/android/internal/net/utils/SimpleStateMachineTest.java b/tests/iketests/src/java/com/android/internal/net/utils/SimpleStateMachineTest.java
index 559687c..c480d78 100644
--- a/tests/iketests/src/java/com/android/internal/net/utils/SimpleStateMachineTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/utils/SimpleStateMachineTest.java
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-package com.android.internal.net.utils.test;
+package com.android.internal.net.utils;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.fail;
@@ -22,7 +22,7 @@
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
-import com.android.internal.net.utils.test.SimpleStateMachine.SimpleState;
+import com.android.internal.net.utils.SimpleStateMachine.SimpleState;
import org.junit.Before;
import org.junit.Test;