Merge "Generate NAT_DETECTION data"
diff --git a/src/java/com/android/ike/ikev2/message/IkeNotifyPayload.java b/src/java/com/android/ike/ikev2/message/IkeNotifyPayload.java
index 198773c..cbdb2dc 100644
--- a/src/java/com/android/ike/ikev2/message/IkeNotifyPayload.java
+++ b/src/java/com/android/ike/ikev2/message/IkeNotifyPayload.java
@@ -24,7 +24,10 @@
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
+import java.net.InetAddress;
import java.nio.ByteBuffer;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
import java.util.Set;
/**
@@ -67,6 +70,8 @@
private static final int NOTIFY_HEADER_LEN = 4;
+ private static final String NAT_DETECTION_DIGEST_ALGORITHM = "SHA-1";
+
private static final Set<Integer> VALID_NOTIFY_TYPES_FOR_CHILD_SA;
static {
@@ -146,6 +151,40 @@
}
/**
+ * Generate NAT DETECTION notification data.
+ *
+ * <p>This method calculates NAT DETECTION notification data which is a SHA-1 digest of the IKE
+ * initiator's SPI, IKE responder's SPI, IP address and port. Source address and port should be
+ * used for generating NAT_DETECTION_SOURCE_IP data. Destination address and port should be used
+ * for generating NAT_DETECTION_DESTINATION_IP data.
+ *
+ * @param initiatorIkeSpi the SPI of IKE initiator
+ * @param responderIkeSpi the SPI of IKE responder
+ * @param ipAddress the IP address
+ * @param port the port
+ * @return the generated NAT DETECTION notification data as a byte array.
+ * @throws NoSuchAlgorithmException when "SHA-1" is not supported by the security provider.
+ */
+ public static byte[] generateNatDetectionData(
+ long initiatorIkeSpi, long responderIkeSpi, InetAddress ipAddress, int port)
+ throws NoSuchAlgorithmException {
+ byte[] rawIpAddr = ipAddress.getAddress();
+
+ ByteBuffer byteBuffer =
+ ByteBuffer.allocate(2 * SPI_LEN_IKE + rawIpAddr.length + IP_PORT_LEN);
+ byteBuffer
+ .putLong(initiatorIkeSpi)
+ .putLong(responderIkeSpi)
+ .put(rawIpAddr)
+ .putShort((short) port);
+
+ MessageDigest natDetectionDataDigest =
+ MessageDigest.getInstance(
+ NAT_DETECTION_DIGEST_ALGORITHM, IkeMessage.getSecurityProvider());
+ return natDetectionDataDigest.digest(byteBuffer.array());
+ }
+
+ /**
* Encode Notify payload to ByteBuffer.
*
* @param nextPayload type of payload that follows this payload.
diff --git a/src/java/com/android/ike/ikev2/message/IkePayload.java b/src/java/com/android/ike/ikev2/message/IkePayload.java
index a1a02bf..2d4d0dd 100644
--- a/src/java/com/android/ike/ikev2/message/IkePayload.java
+++ b/src/java/com/android/ike/ikev2/message/IkePayload.java
@@ -86,6 +86,9 @@
public static final int SPI_NOT_INCLUDED = 0;
+ /** Length of port number in bytes*/
+ public static final int IP_PORT_LEN = 2;
+
@Retention(RetentionPolicy.SOURCE)
@IntDef({DH_GROUP_1024_BIT_MODP, DH_GROUP_2048_BIT_MODP})
public @interface DhGroup {}
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeNotifyPayloadTest.java b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeNotifyPayloadTest.java
index 98c9f60..3e9ba80 100644
--- a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeNotifyPayloadTest.java
+++ b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeNotifyPayloadTest.java
@@ -24,12 +24,21 @@
import org.junit.Test;
+import java.net.InetAddress;
import java.nio.ByteBuffer;
public final class IkeNotifyPayloadTest {
private static final String NOTIFY_PAYLOAD_GENERIC_HEADER = "2900001c";
private static final String NOTIFY_PAYLOAD_BODY_RAW_PACKET =
"00004004e54f73b7d83f6beb881eab2051d8663f421d10b0";
+
+ private static final String NAT_DETECTION_SOURCE_IP_DATA_HEX_STRING =
+ "e54f73b7d83f6beb881eab2051d8663f421d10b0";
+ private static final String IKE_INITIATOR_SPI_HEX_STRING = "5f54bf6d8b48e6e1";
+ private static final String IKE_RESPODNER_SPI_HEX_STRING = "0000000000000000";
+ private static final String IP_ADDR = "10.80.80.13";
+ private static final int PORT = 500;
+
private static final int EXPECTED_PROTOCOL_ID = IkePayload.PROTOCOL_ID_UNSET;
private static final int EXPECTED_SPI_SIZE = IkePayload.SPI_LEN_NOT_INCLUDED;
@@ -68,6 +77,21 @@
}
@Test
+ public void testGenerateNatDetectionData() throws Exception {
+ long initiatorIkeSpi = Long.parseLong(IKE_INITIATOR_SPI_HEX_STRING, 16);
+ long responderIkespi = Long.parseLong(IKE_RESPODNER_SPI_HEX_STRING, 16);
+ InetAddress inetAddress = InetAddress.getByName(IP_ADDR);
+
+ byte[] netDetectionData =
+ IkeNotifyPayload.generateNatDetectionData(
+ initiatorIkeSpi, responderIkespi, inetAddress, PORT);
+
+ byte[] expectedBytes =
+ TestUtils.hexStringToByteArray(NAT_DETECTION_SOURCE_IP_DATA_HEX_STRING);
+ assertArrayEquals(expectedBytes, netDetectionData);
+ }
+
+ @Test
public void testEncodeNotifyPayload() throws Exception {
byte[] inputPacket = TestUtils.hexStringToByteArray(NOTIFY_PAYLOAD_BODY_RAW_PACKET);
IkeNotifyPayload payload = new IkeNotifyPayload(false, inputPacket);