Add CTS for building IKE and Child SaProposal
Bug: 148689509
Test: atest CtsIkeTestCases
Change-Id: Ic50d70f35216a065ff398c38262f2de0b370c5ef
Merged-In: Ic50d70f35216a065ff398c38262f2de0b370c5ef
(cherry picked from commit 7f95e39c2534b370a28e4d6cf08ebb8b74950fcb)
diff --git a/tests/tests/net/ipsec/src/android/net/ipsec/ike/cts/SaProposalTest.java b/tests/tests/net/ipsec/src/android/net/ipsec/ike/cts/SaProposalTest.java
index 47e8f01..e0d3be0 100644
--- a/tests/tests/net/ipsec/src/android/net/ipsec/ike/cts/SaProposalTest.java
+++ b/tests/tests/net/ipsec/src/android/net/ipsec/ike/cts/SaProposalTest.java
@@ -16,15 +16,241 @@
package android.net.ipsec.ike.cts;
+import static android.net.ipsec.ike.SaProposal.DH_GROUP_1024_BIT_MODP;
+import static android.net.ipsec.ike.SaProposal.DH_GROUP_2048_BIT_MODP;
+import static android.net.ipsec.ike.SaProposal.DH_GROUP_NONE;
+import static android.net.ipsec.ike.SaProposal.ENCRYPTION_ALGORITHM_3DES;
+import static android.net.ipsec.ike.SaProposal.ENCRYPTION_ALGORITHM_AES_CBC;
+import static android.net.ipsec.ike.SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12;
+import static android.net.ipsec.ike.SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_16;
+import static android.net.ipsec.ike.SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8;
+import static android.net.ipsec.ike.SaProposal.INTEGRITY_ALGORITHM_AES_XCBC_96;
+import static android.net.ipsec.ike.SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96;
+import static android.net.ipsec.ike.SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA2_256_128;
+import static android.net.ipsec.ike.SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA2_384_192;
+import static android.net.ipsec.ike.SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA2_512_256;
+import static android.net.ipsec.ike.SaProposal.INTEGRITY_ALGORITHM_NONE;
+import static android.net.ipsec.ike.SaProposal.KEY_LEN_AES_128;
+import static android.net.ipsec.ike.SaProposal.KEY_LEN_AES_192;
+import static android.net.ipsec.ike.SaProposal.KEY_LEN_AES_256;
+import static android.net.ipsec.ike.SaProposal.KEY_LEN_UNUSED;
+import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC;
+import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1;
+import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_SHA2_256;
+import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_SHA2_384;
+import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_SHA2_512;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import android.net.ipsec.ike.ChildSaProposal;
+import android.net.ipsec.ike.IkeSaProposal;
+import android.util.Pair;
+
import androidx.test.ext.junit.runners.AndroidJUnit4;
import org.junit.Test;
import org.junit.runner.RunWith;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
@RunWith(AndroidJUnit4.class)
public class SaProposalTest {
- @Test
- public void testBuildIkeSaProposal() {
- // TODO(b/148689509): Add real tests here
+ private static final List<Pair<Integer, Integer>> NORMAL_MODE_CIPHERS = new ArrayList<>();
+ private static final List<Pair<Integer, Integer>> COMBINED_MODE_CIPHERS = new ArrayList<>();
+ private static final List<Integer> INTEGRITY_ALGOS = new ArrayList<>();
+ private static final List<Integer> DH_GROUPS = new ArrayList<>();
+ private static final List<Integer> DH_GROUPS_WITH_NONE = new ArrayList<>();
+ private static final List<Integer> PRFS = new ArrayList<>();
+
+ static {
+ NORMAL_MODE_CIPHERS.add(new Pair<>(ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED));
+ NORMAL_MODE_CIPHERS.add(new Pair<>(ENCRYPTION_ALGORITHM_AES_CBC, KEY_LEN_AES_128));
+ NORMAL_MODE_CIPHERS.add(new Pair<>(ENCRYPTION_ALGORITHM_AES_CBC, KEY_LEN_AES_192));
+ NORMAL_MODE_CIPHERS.add(new Pair<>(ENCRYPTION_ALGORITHM_AES_CBC, KEY_LEN_AES_256));
+
+ COMBINED_MODE_CIPHERS.add(new Pair<>(ENCRYPTION_ALGORITHM_AES_GCM_8, KEY_LEN_AES_128));
+ COMBINED_MODE_CIPHERS.add(new Pair<>(ENCRYPTION_ALGORITHM_AES_GCM_12, KEY_LEN_AES_192));
+ COMBINED_MODE_CIPHERS.add(new Pair<>(ENCRYPTION_ALGORITHM_AES_GCM_16, KEY_LEN_AES_256));
+
+ INTEGRITY_ALGOS.add(INTEGRITY_ALGORITHM_HMAC_SHA1_96);
+ INTEGRITY_ALGOS.add(INTEGRITY_ALGORITHM_AES_XCBC_96);
+ INTEGRITY_ALGOS.add(INTEGRITY_ALGORITHM_HMAC_SHA2_256_128);
+ INTEGRITY_ALGOS.add(INTEGRITY_ALGORITHM_HMAC_SHA2_384_192);
+ INTEGRITY_ALGOS.add(INTEGRITY_ALGORITHM_HMAC_SHA2_512_256);
+
+ DH_GROUPS.add(DH_GROUP_1024_BIT_MODP);
+ DH_GROUPS.add(DH_GROUP_2048_BIT_MODP);
+
+ DH_GROUPS_WITH_NONE.add(DH_GROUP_NONE);
+ DH_GROUPS_WITH_NONE.addAll(DH_GROUPS);
+
+ PRFS.add(PSEUDORANDOM_FUNCTION_HMAC_SHA1);
+ PRFS.add(PSEUDORANDOM_FUNCTION_AES128_XCBC);
+ PRFS.add(PSEUDORANDOM_FUNCTION_SHA2_256);
+ PRFS.add(PSEUDORANDOM_FUNCTION_SHA2_384);
+ PRFS.add(PSEUDORANDOM_FUNCTION_SHA2_512);
}
+
+ // Package private
+ static IkeSaProposal buildIkeSaProposalWithNormalModeCipher() {
+ return buildIkeSaProposal(NORMAL_MODE_CIPHERS, INTEGRITY_ALGOS, PRFS, DH_GROUPS);
+ }
+
+ // Package private
+ static IkeSaProposal buildIkeSaProposalWithCombinedModeCipher() {
+ return buildIkeSaProposalWithCombinedModeCipher(true /* hasIntegrityNone */);
+ }
+
+ private static IkeSaProposal buildIkeSaProposalWithCombinedModeCipher(
+ boolean hasIntegrityNone) {
+ List<Integer> integerAlgos = new ArrayList<>();
+ if (hasIntegrityNone) {
+ integerAlgos.add(INTEGRITY_ALGORITHM_NONE);
+ }
+ return buildIkeSaProposal(COMBINED_MODE_CIPHERS, integerAlgos, PRFS, DH_GROUPS);
+ }
+
+ private static IkeSaProposal buildIkeSaProposal(
+ List<Pair<Integer, Integer>> ciphers,
+ List<Integer> integrityAlgos,
+ List<Integer> prfs,
+ List<Integer> dhGroups) {
+ IkeSaProposal.Builder builder = new IkeSaProposal.Builder();
+
+ for (Pair<Integer, Integer> pair : ciphers) {
+ builder.addEncryptionAlgorithm(pair.first, pair.second);
+ }
+ for (int algo : integrityAlgos) {
+ builder.addIntegrityAlgorithm(algo);
+ }
+ for (int algo : prfs) {
+ builder.addPseudorandomFunction(algo);
+ }
+ for (int algo : dhGroups) {
+ builder.addDhGroup(algo);
+ }
+
+ return builder.build();
+ }
+
+ // Package private
+ static ChildSaProposal buildChildSaProposalWithNormalModeCipher() {
+ return buildChildSaProposal(NORMAL_MODE_CIPHERS, INTEGRITY_ALGOS, DH_GROUPS_WITH_NONE);
+ }
+
+ // Package private
+ static ChildSaProposal buildChildSaProposalWithCombinedModeCipher() {
+ return buildChildSaProposalWithCombinedModeCipher(true /* hasIntegrityNone */);
+ }
+
+ private static ChildSaProposal buildChildSaProposalWithCombinedModeCipher(
+ boolean hasIntegrityNone) {
+ List<Integer> integerAlgos = new ArrayList<>();
+ if (hasIntegrityNone) {
+ integerAlgos.add(INTEGRITY_ALGORITHM_NONE);
+ }
+
+ return buildChildSaProposal(COMBINED_MODE_CIPHERS, integerAlgos, DH_GROUPS_WITH_NONE);
+ }
+
+ private static ChildSaProposal buildChildSaProposal(
+ List<Pair<Integer, Integer>> ciphers,
+ List<Integer> integrityAlgos,
+ List<Integer> dhGroups) {
+ ChildSaProposal.Builder builder = new ChildSaProposal.Builder();
+
+ for (Pair<Integer, Integer> pair : ciphers) {
+ builder.addEncryptionAlgorithm(pair.first, pair.second);
+ }
+ for (int algo : integrityAlgos) {
+ builder.addIntegrityAlgorithm(algo);
+ }
+ for (int algo : dhGroups) {
+ builder.addDhGroup(algo);
+ }
+
+ return builder.build();
+ }
+
+ // Package private
+ static ChildSaProposal buildChildSaProposalWithOnlyCiphers() {
+ return buildChildSaProposal(
+ COMBINED_MODE_CIPHERS, Collections.EMPTY_LIST, Collections.EMPTY_LIST);
+ }
+
+ @Test
+ public void testBuildIkeSaProposalWithNormalModeCipher() {
+ IkeSaProposal saProposal = buildIkeSaProposalWithNormalModeCipher();
+
+ assertEquals(NORMAL_MODE_CIPHERS, saProposal.getEncryptionAlgorithms());
+ assertEquals(INTEGRITY_ALGOS, saProposal.getIntegrityAlgorithms());
+ assertEquals(PRFS, saProposal.getPseudorandomFunctions());
+ assertEquals(DH_GROUPS, saProposal.getDhGroups());
+ }
+
+ @Test
+ public void testBuildIkeSaProposalWithCombinedModeCipher() {
+ IkeSaProposal saProposal =
+ buildIkeSaProposalWithCombinedModeCipher(false /* hasIntegrityNone */);
+
+ assertEquals(COMBINED_MODE_CIPHERS, saProposal.getEncryptionAlgorithms());
+ assertEquals(PRFS, saProposal.getPseudorandomFunctions());
+ assertEquals(DH_GROUPS, saProposal.getDhGroups());
+ assertTrue(saProposal.getIntegrityAlgorithms().isEmpty());
+ }
+
+ @Test
+ public void testBuildIkeSaProposalWithCombinedModeCipherAndIntegrityNone() {
+ IkeSaProposal saProposal =
+ buildIkeSaProposalWithCombinedModeCipher(true /* hasIntegrityNone */);
+
+ assertEquals(COMBINED_MODE_CIPHERS, saProposal.getEncryptionAlgorithms());
+ assertEquals(PRFS, saProposal.getPseudorandomFunctions());
+ assertEquals(DH_GROUPS, saProposal.getDhGroups());
+ assertEquals(Arrays.asList(INTEGRITY_ALGORITHM_NONE), saProposal.getIntegrityAlgorithms());
+ }
+
+ @Test
+ public void testBuildChildSaProposalWithNormalModeCipher() {
+ ChildSaProposal saProposal = buildChildSaProposalWithNormalModeCipher();
+
+ assertEquals(NORMAL_MODE_CIPHERS, saProposal.getEncryptionAlgorithms());
+ assertEquals(INTEGRITY_ALGOS, saProposal.getIntegrityAlgorithms());
+ assertEquals(DH_GROUPS_WITH_NONE, saProposal.getDhGroups());
+ }
+
+ @Test
+ public void testBuildChildProposalWithCombinedModeCipher() {
+ ChildSaProposal saProposal =
+ buildChildSaProposalWithCombinedModeCipher(false /* hasIntegrityNone */);
+
+ assertEquals(COMBINED_MODE_CIPHERS, saProposal.getEncryptionAlgorithms());
+ assertTrue(saProposal.getIntegrityAlgorithms().isEmpty());
+ assertEquals(DH_GROUPS_WITH_NONE, saProposal.getDhGroups());
+ }
+
+ @Test
+ public void testBuildChildProposalWithCombinedModeCipherAndIntegrityNone() {
+ ChildSaProposal saProposal =
+ buildChildSaProposalWithCombinedModeCipher(true /* hasIntegrityNone */);
+
+ assertEquals(COMBINED_MODE_CIPHERS, saProposal.getEncryptionAlgorithms());
+ assertEquals(Arrays.asList(INTEGRITY_ALGORITHM_NONE), saProposal.getIntegrityAlgorithms());
+ assertEquals(DH_GROUPS_WITH_NONE, saProposal.getDhGroups());
+ }
+
+ @Test
+ public void testBuildChildSaProposalWithOnlyCiphers() {
+ ChildSaProposal saProposal = buildChildSaProposalWithOnlyCiphers();
+
+ assertEquals(COMBINED_MODE_CIPHERS, saProposal.getEncryptionAlgorithms());
+ assertTrue(saProposal.getIntegrityAlgorithms().isEmpty());
+ assertTrue(saProposal.getDhGroups().isEmpty());
+ }
+
+ // TODO(b/148689509): Test throwing exception when algorithm combination is invalid
}