1 /* 2 * Copyright (C) 2021 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.ipsec.ike.cts; 18 19 import static android.net.ipsec.ike.IkeSessionConfiguration.EXTENSION_TYPE_FRAGMENTATION; 20 import static android.net.ipsec.ike.IkeSessionConfiguration.EXTENSION_TYPE_MOBIKE; 21 import static android.net.ipsec.ike.SaProposal.DH_GROUP_2048_BIT_MODP; 22 import static android.net.ipsec.ike.SaProposal.ENCRYPTION_ALGORITHM_AES_CBC; 23 import static android.net.ipsec.ike.SaProposal.INTEGRITY_ALGORITHM_AES_CMAC_96; 24 import static android.net.ipsec.ike.SaProposal.KEY_LEN_AES_128; 25 import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_AES128_CMAC; 26 27 import static org.junit.Assert.assertEquals; 28 import static org.junit.Assert.assertFalse; 29 import static org.junit.Assert.assertNotNull; 30 import static org.junit.Assert.assertTrue; 31 import static org.junit.Assert.fail; 32 33 import android.net.Network; 34 import android.net.ipsec.ike.IkeSaProposal; 35 import android.net.ipsec.ike.IkeSession; 36 import android.net.ipsec.ike.IkeSessionConfiguration; 37 import android.net.ipsec.ike.IkeSessionConnectionInfo; 38 import android.net.ipsec.ike.IkeSessionParams; 39 import android.net.ipsec.ike.exceptions.IkeException; 40 import android.net.ipsec.ike.exceptions.IkeNetworkLostException; 41 import android.platform.test.annotations.AppModeFull; 42 43 import androidx.test.ext.junit.runners.AndroidJUnit4; 44 import androidx.test.filters.SdkSuppress; 45 46 import org.junit.After; 47 import org.junit.Before; 48 import org.junit.Test; 49 import org.junit.runner.RunWith; 50 51 import java.net.InetAddress; 52 import java.util.Arrays; 53 54 @RunWith(AndroidJUnit4.class) 55 @AppModeFull(reason = "MANAGE_IPSEC_TUNNELS permission can't be granted to instant apps") 56 @SdkSuppress(minSdkVersion = 31, codeName = "S") 57 public class IkeSessionMobikeTest extends IkeSessionPskTestBase { 58 private static final String IKE_INIT_RESP = 59 "46b8eca1e0d72a189b9f8e0158e1c0a52120222000000000000001d022000030" 60 + "0000002c010100040300000c0100000c800e0080030000080300000803000008" 61 + "02000008000000080400000e28000108000e0000164d3413d855a1642d4d6355" 62 + "a8ef6666bfaa28a4b5264600c9ffbaef7930bd33af49022926013aae0a48d764" 63 + "750ccb3987605957e31a2ef0e6838cfa67af989933c2879434081c4e9787f0d4" 64 + "4da0d7dacca5589702a4537ee4fb18e8db21a948b245260f55212a1c619f61c6" 65 + "fa1caaff4474082f9714b14ef4bcc7b2b8f43fcb939931119e53b05274faec65" 66 + "2816c563529e60c1a88183eba9c456ecb644faf57b726b83e3242e08489d95e9" 67 + "81e59c7ad82cf3cdfb00fe0213c4e65d61e88bbefbd536261027da722a2bbf89" 68 + "c6378e63ce6fbcef282421e5576bba1b2faa3c4c2d41028f91df7ba165a24a18" 69 + "fcba4f96db3e5e0eed76dc7c3c432362dd4a82d32900002461cbd03c08819730" 70 + "f1060ed0c0446f784eb8dd884d3f73f54eb2b0c3071cc4f32900001c00004004" 71 + "07150f3fd9584dbebb7e88ad256c7bfb9b0bb55a2900001c00004005e3aa3788" 72 + "7040e38dbb4de8fd435161cce904ec59290000080000402e290000100000402f" 73 + "00020003000400050000000800004014"; 74 private static final String IKE_AUTH_RESP = 75 "46b8eca1e0d72a189b9f8e0158e1c0a52e20232000000001000000fc240000e0" 76 + "1a666eb2a02b37682436a18fff5e9cef67b9096d6c7887ed235f8b5173c9469e" 77 + "361621b66849de2dbcabf956b3d055cafafd503530543540e81dac9bf8fb8826" 78 + "e08bc99e9ed2185d8f1322c8885abe4f98a9832c694da775eaa4ae69f17b8cbf" 79 + "b009bf82b4bf4012bca489595631c3168cd417f813e7d177d2ceb70766a0773c" 80 + "8819d8763627ddc9455ae3d5a5a03224020a66c8e58c8073c4a1fcf5d67cfa95" 81 + "15de86b392a63ff54ff5572302b9ce7725085b05839252794c3680f5d8f34019" 82 + "fa1930ea045d2a9987850e2049235c7328ef148370b6a3403408b987"; 83 private static final String IKE_UPDATE_SA_RESP = 84 "46b8eca1e0d72a189b9f8e0158e1c0a52e202520000000020000007c29000060" 85 + "a1fd35f112d92d1df19ce734f6edf56ccda1bfd44ef6de428a097e04d5b40b28" 86 + "3897e42f23dd53e444dc6c676cf9a7d9d73bb3975d663ec351fb5ae4e56a55d8" 87 + "cbcf376a3b99cc6fd858621cc78b3017d895e4309f09a444028dba85"; 88 private static final String IKE_CREATE_CHILD_RESP = 89 "46b8eca1e0d72a189b9f8e0158e1c0a52e20242000000003000000cc210000b0" 90 + "e6bb78203dbe2189806c5cecef5040b8c4c0253895c7c0acea6483a1f0f72425" 91 + "77ab46e18d553329d4ae1bd31cf57eec6ec31ceb1f2ed6b1195cac98b4b97a25" 92 + "115d14c414e44dba8ebbdaf502e43f98a09036bee0ea2a621176300874a3eae8" 93 + "c988357255b4e5923928d335b0ef62a565333fae6a64c85ac30e7da34ceeade4" 94 + "1a161bcad0b51f8209ee1fdaf53d50359ad6b986ecd4290c9f69a34c64ddc0eb" 95 + "73b8f3231f3f4e057404c18d"; 96 private static final String IKE_DELETE_CHILD_RESP = 97 "46b8eca1e0d72a189b9f8e0158e1c0a52e202520000000040000004c2a000030" 98 + "53d97806d48ce44e0d4e1adf1de36778f77c3823bfaf8186cc71d4dc73497099" 99 + "a9049e7be8a2013affd56ab7"; 100 private static final String DELETE_IKE_RESP = 101 "46b8eca1e0d72a189b9f8e0158e1c0a52e202520000000050000004c00000030" 102 + "818e6679fef4924a27452805c98125660d4396ab002f5ae45dcf75ef0d1e2190" 103 + "273b1c4527ba26ce37574852"; 104 105 private TunNetworkContext mSecondaryTunNetworkContext; 106 107 private InetAddress mSecondaryLocalAddr; 108 109 private IkeSession mIkeSession; 110 111 @Before setUp()112 public void setUp() throws Exception { 113 super.setUp(); 114 115 mSecondaryLocalAddr = getNextAvailableIpv4AddressLocal(); 116 117 mSecondaryTunNetworkContext = new TunNetworkContext(mSecondaryLocalAddr); 118 } 119 120 @After tearDown()121 public void tearDown() throws Exception { 122 mSecondaryTunNetworkContext.close(); 123 124 if (mIkeSession != null) { 125 mIkeSession.kill(); 126 } 127 128 super.tearDown(); 129 } 130 131 @Override getIkeSessionParams(InetAddress remoteAddress)132 protected IkeSessionParams getIkeSessionParams(InetAddress remoteAddress) { 133 return createIkeParamsBuilderBase(remoteAddress) 134 .addIkeOption(IkeSessionParams.IKE_OPTION_MOBIKE) 135 .build(); 136 } 137 138 @Test testMigrateNetworksWithoutXfrmMigrate()139 public void testMigrateNetworksWithoutXfrmMigrate() throws Exception { 140 if (!hasTunnelsFeature()) return; 141 142 final IkeSession ikeSession = 143 setupAndVerifyIkeSessionWithOptionMobike( 144 IKE_INIT_RESP, IKE_AUTH_RESP, true /* mobikeSupportedByServer */); 145 146 final IpSecTransformCallRecord firstTransformRecordA = 147 mFirstChildSessionCallback.awaitNextCreatedIpSecTransform(); 148 final IpSecTransformCallRecord firstTransformRecordB = 149 mFirstChildSessionCallback.awaitNextCreatedIpSecTransform(); 150 verifyCreateIpSecTransformPair(firstTransformRecordA, firstTransformRecordB); 151 152 // Local request message ID starts from 2 because there is one IKE_INIT message and a single 153 // IKE_AUTH message. 154 int expectedMsgId = 2; 155 156 setNetworkAndVerifyConnectionInfoChange( 157 ikeSession, mSecondaryTunNetworkContext, expectedMsgId++, IKE_UPDATE_SA_RESP); 158 final IpSecTransformCallRecord[] migrateRecords = 159 injectCreateChildRespAndVerifyTransformsMigrated( 160 mSecondaryTunNetworkContext, expectedMsgId++, IKE_CREATE_CHILD_RESP); 161 injectDeleteChildRespAndVerifyTransformsDeleted( 162 mSecondaryTunNetworkContext, 163 expectedMsgId++, 164 IKE_DELETE_CHILD_RESP, 165 firstTransformRecordA, 166 firstTransformRecordB); 167 168 // Close IKE Session 169 ikeSession.close(); 170 mSecondaryTunNetworkContext.tunUtils.awaitReqAndInjectResp( 171 IKE_DETERMINISTIC_INITIATOR_SPI, 172 expectedMsgId++, 173 true /* expectedUseEncap */, 174 DELETE_IKE_RESP); 175 verifyCloseIkeAndChildBlocking(migrateRecords[0], migrateRecords[1]); 176 } 177 setupAndVerifyIkeSessionWithOptionMobike( String ikeInitRespHex, String ikeAuthRespHex, boolean mobikeSupportedByServer)178 private IkeSession setupAndVerifyIkeSessionWithOptionMobike( 179 String ikeInitRespHex, String ikeAuthRespHex, boolean mobikeSupportedByServer) 180 throws Exception { 181 final IkeSaProposal saProposal = 182 new IkeSaProposal.Builder() 183 .addEncryptionAlgorithm(ENCRYPTION_ALGORITHM_AES_CBC, KEY_LEN_AES_128) 184 .addIntegrityAlgorithm(INTEGRITY_ALGORITHM_AES_CMAC_96) 185 .addPseudorandomFunction(PSEUDORANDOM_FUNCTION_AES128_CMAC) 186 .addDhGroup(DH_GROUP_2048_BIT_MODP) 187 .build(); 188 final IkeSessionParams ikeParams = 189 createIkeParamsBuilderBase(mRemoteAddress, saProposal) 190 .addIkeOption(IkeSessionParams.IKE_OPTION_MOBIKE) 191 .build(); 192 193 final IkeSession ikeSession = openIkeSessionWithTunnelModeChild(mRemoteAddress, ikeParams); 194 performSetupIkeAndFirstChildBlocking( 195 ikeInitRespHex, true /* expectedAuthUseEncap */, ikeAuthRespHex); 196 if (mobikeSupportedByServer) { 197 verifyIkeSessionSetupBlocking(EXTENSION_TYPE_FRAGMENTATION, EXTENSION_TYPE_MOBIKE); 198 } else { 199 verifyIkeSessionSetupBlocking(EXTENSION_TYPE_FRAGMENTATION); 200 } 201 202 verifyChildSessionSetupBlocking( 203 mFirstChildSessionCallback, 204 Arrays.asList(TUNNEL_MODE_INBOUND_TS), 205 Arrays.asList(TUNNEL_MODE_OUTBOUND_TS), 206 Arrays.asList(EXPECTED_INTERNAL_LINK_ADDR)); 207 return ikeSession; 208 } 209 setNetworkAndVerifyConnectionInfoChange( IkeSession ikeSession, TunNetworkContext tunNetworkContext, int expectedMsgId, String ikeUpdateSaResp)210 private void setNetworkAndVerifyConnectionInfoChange( 211 IkeSession ikeSession, 212 TunNetworkContext tunNetworkContext, 213 int expectedMsgId, 214 String ikeUpdateSaResp) 215 throws Exception { 216 ikeSession.setNetwork(tunNetworkContext.tunNetwork); 217 218 tunNetworkContext.tunUtils.awaitReqAndInjectResp( 219 IKE_DETERMINISTIC_INITIATOR_SPI, 220 expectedMsgId, 221 true /* expectedUseEncap */, 222 ikeUpdateSaResp); 223 224 verifyConnectionInfoChange(tunNetworkContext.tunNetwork, mSecondaryLocalAddr); 225 } 226 verifyConnectionInfoChange( Network expectedNetwork, InetAddress expectedLocalAddress)227 private void verifyConnectionInfoChange( 228 Network expectedNetwork, InetAddress expectedLocalAddress) throws Exception { 229 final IkeSessionConnectionInfo connectionInfo = 230 mIkeSessionCallback.awaitOnIkeSessionConnectionInfoChanged(); 231 assertNotNull(connectionInfo); 232 assertEquals(expectedNetwork, connectionInfo.getNetwork()); 233 assertEquals(expectedLocalAddress, connectionInfo.getLocalAddress()); 234 assertEquals(mRemoteAddress, connectionInfo.getRemoteAddress()); 235 } 236 injectCreateChildRespAndVerifyTransformsMigrated( TunNetworkContext tunNetworkContext, int expectedMsgId, String ikeCreateChildResp)237 private IpSecTransformCallRecord[] injectCreateChildRespAndVerifyTransformsMigrated( 238 TunNetworkContext tunNetworkContext, int expectedMsgId, String ikeCreateChildResp) 239 throws Exception { 240 tunNetworkContext.tunUtils.awaitReqAndInjectResp( 241 IKE_DETERMINISTIC_INITIATOR_SPI, 242 expectedMsgId, 243 true /* expectedUseEncap */, 244 ikeCreateChildResp); 245 246 final IpSecTransformCallRecord[] migrateRecords = 247 mFirstChildSessionCallback.awaitNextMigratedIpSecTransform(); 248 assertNotNull(migrateRecords); 249 verifyCreateIpSecTransformPair(migrateRecords[0], migrateRecords[1]); 250 return migrateRecords; 251 } 252 injectDeleteChildRespAndVerifyTransformsDeleted( TunNetworkContext tunNetworkContext, int expectedMsgId, String ikeDeleteChildResp, IpSecTransformCallRecord transformRecordA, IpSecTransformCallRecord transformRecordB)253 private void injectDeleteChildRespAndVerifyTransformsDeleted( 254 TunNetworkContext tunNetworkContext, 255 int expectedMsgId, 256 String ikeDeleteChildResp, 257 IpSecTransformCallRecord transformRecordA, 258 IpSecTransformCallRecord transformRecordB) 259 throws Exception { 260 tunNetworkContext.tunUtils.awaitReqAndInjectResp( 261 IKE_DETERMINISTIC_INITIATOR_SPI, 262 expectedMsgId, 263 true /* expectedUseEncap */, 264 ikeDeleteChildResp); 265 266 verifyDeleteIpSecTransformPair( 267 mFirstChildSessionCallback, transformRecordA, transformRecordB); 268 } 269 270 @Test testNetworkDied()271 public void testNetworkDied() throws Exception { 272 if (!hasTunnelsFeature()) return; 273 274 final IkeSession ikeSession = 275 setupAndVerifyIkeSessionWithOptionMobike( 276 IKE_INIT_RESP, IKE_AUTH_RESP, true /* mobikeSupportedByServer */); 277 278 // Teardown test network to kill the IKE Session 279 mTunNetworkContext.close(); 280 281 final IkeException exception = mIkeSessionCallback.awaitNextOnErrorException(); 282 assertTrue(exception instanceof IkeNetworkLostException); 283 final IkeNetworkLostException networkLostException = (IkeNetworkLostException) exception; 284 assertEquals(mTunNetworkContext.tunNetwork, networkLostException.getNetwork()); 285 286 ikeSession.kill(); 287 } 288 289 @Test testSetNetworkWithoutMobikeEnabled()290 public void testSetNetworkWithoutMobikeEnabled() throws Exception { 291 if (!hasTunnelsFeature()) return; 292 293 final String ikeInitResp = 294 "46B8ECA1E0D72A1821D31742E82FA9232120222000000000000001D022000030" 295 + "0000002C010100040300000C0100000C800E0080030000080300000803000008" 296 + "02000008000000080400000E28000108000E0000CE0DFFE121D30D2B5C4DBEC4" 297 + "AEBD2F8D83F0F8EC5E2998CE98BD90492D8AA6C9360F32AE98402F853DF12FA9" 298 + "A64ABFBB83D5FFAD1F18B6CB6FEBAB222AF5C98D4575BE2380B42F2A4E5B7B0B" 299 + "5528F372C4E70B5B7D01D706E3F1C2E4A9E8A687C427DDB1002B190A4D73BBBA" 300 + "E41801798408D73870657B846B84A5D9292A007A9EDA719CA3A820BB513EBE59" 301 + "C6BF5BEB7CC9A86F0722D98F6E73B5BBC2F5EEDB39992D036406B54BF0355534" 302 + "960D4771623ECFC561211F0580EEC051BD477076F4454E185DA7744E7B7D145B" 303 + "08C874529C2BFE387BB7C09FCD762CEBFF6C2DE0C4912DF5747B16F51D0A9570" 304 + "37EC652A1F025C4E80DEE9D91BF0DFEE17F3EF6F29000024196ADD342DBD954F" 305 + "A1160542E5F312A6A44A9D19AF6799698A781F4CF717CD722900001C00004004" 306 + "3EFFE36169090E6F6B6CB5B5BD321257E67C2B922900001C000040050AB409D2" 307 + "60D9EE157D15483E001603BB43D918C1290000080000402E290000100000402F" 308 + "00020003000400050000000800004014"; 309 final String IkeAuthRespWithoutMobikeSupport = 310 "46B8ECA1E0D72A1821D31742E82FA9232E20232000000001000000EC240000D0" 311 + "493A4E97A90AE4F3CB4561D82F9123C22436EE0BAB686965D1EF7C724B2B3979" 312 + "594D3CBCF70C3C78F46B2D9F198DCB07CEE0F774A51CF4224B4A3223500214F2" 313 + "0AFBB7472156EF8FF03391D03A2D78001EE0B23AD5818BDAC15F348F3D97E54D" 314 + "0C6A3DBC7F89A764A883631CFCB6C8C5A4E939E7AF7AC744D6530A88CD8EDDAC" 315 + "F003BD73CE73A79D7ADDF53F9B3CCCBBF92F21FB29317F4151B17F0BC5F98CEE" 316 + "89B739E4A46BC80B10D34B159CCFA847F12F85DEE5B8AED854DC460EA92BE17A" 317 + "E2C1F56C7497001BF5B22E88"; 318 final String createChildResp = 319 "46B8ECA1E0D72A1821D31742E82FA9232E20242000000002000000CC210000B0" 320 + "10869163B82783B650AD180040F191A516588586F051F77147F06FDDC70EA4A3" 321 + "C4FCCD61C1E3AF3672150207F0AAB3540D4E20AB4F89B70D5D8F57E6A6AD2A42" 322 + "F95516715BB3317B62878DA4D77170FD29994D8553300F05DC28973899F58FE2" 323 + "A60D0C1158B7A711F20FC2A2F95351A14650F63160746CCEF73F32033B766DD4" 324 + "730712D9EBB2D58CB1635CBF74559FA66CB56CFBE506CBC86C89F604D1A80E73" 325 + "9B269A1CE93F46451C3307E4"; 326 final String deleteChildResp = 327 "46B8ECA1E0D72A1821D31742E82FA9232E202520000000030000004C2A000030" 328 + "E2D0B074AF644A5AA58F999AA376450780BB66BBCB64C84BD8E5CBC9549A2A1A" 329 + "524091EFE5D1ADE9694813B1"; 330 final String deleteIkeResp = 331 "46B8ECA1E0D72A1821D31742E82FA9232E202520000000040000004C00000030" 332 + "59205A0B069A0D6C95B044B16DC655BA28A968463CCBCF60996EE56897C14F2C" 333 + "FF9F15D1120A78DD2DE2E1C9"; 334 335 final IkeSession ikeSession = 336 setupAndVerifyIkeSessionWithOptionMobike( 337 ikeInitResp, 338 IkeAuthRespWithoutMobikeSupport, 339 false /* mobikeSupportedByServer */); 340 341 final IpSecTransformCallRecord firstTransformRecordA = 342 mFirstChildSessionCallback.awaitNextCreatedIpSecTransform(); 343 final IpSecTransformCallRecord firstTransformRecordB = 344 mFirstChildSessionCallback.awaitNextCreatedIpSecTransform(); 345 verifyCreateIpSecTransformPair(firstTransformRecordA, firstTransformRecordB); 346 347 // Rekey-based mobility 348 ikeSession.setNetwork(mSecondaryTunNetworkContext.tunNetwork); 349 verifyConnectionInfoChange(mSecondaryTunNetworkContext.tunNetwork, mSecondaryLocalAddr); 350 351 // Local request message ID starts from 2 because there is one IKE_INIT message and a single 352 // IKE_AUTH message. 353 int expectedMsgId = 2; 354 final IpSecTransformCallRecord[] migrateRecords = 355 injectCreateChildRespAndVerifyTransformsMigrated( 356 mSecondaryTunNetworkContext, expectedMsgId++, createChildResp); 357 injectDeleteChildRespAndVerifyTransformsDeleted( 358 mSecondaryTunNetworkContext, 359 expectedMsgId++, 360 deleteChildResp, 361 firstTransformRecordA, 362 firstTransformRecordB); 363 364 // Close IKE Session 365 ikeSession.close(); 366 mSecondaryTunNetworkContext.tunUtils.awaitReqAndInjectResp( 367 IKE_DETERMINISTIC_INITIATOR_SPI, 368 expectedMsgId++, 369 true /* expectedUseEncap */, 370 deleteIkeResp); 371 verifyCloseIkeAndChildBlocking(migrateRecords[0], migrateRecords[1]); 372 } 373 374 @Test testSetNetworkWithoutOptionMobike()375 public void testSetNetworkWithoutOptionMobike() throws Exception { 376 if (!hasTunnelsFeature()) return; 377 378 final String ikeInitResp = 379 "46B8ECA1E0D72A18B45427679F9245D421202220000000000000015022000030" 380 + "0000002C010100040300000C0100000C800E0080030000080300000203000008" 381 + "0200000200000008040000022800008800020000A7AA3435D088EC1A2B7C2A47" 382 + "1FA1B85F1066C9B2006E7C353FB5B5FDBC2A88347ED2C6F5B7A265D03AE34039" 383 + "6AAC0145CFCC93F8BDB219DDFF22A603B8856A5DC59B6FAB7F17C5660CF38670" 384 + "8794FC72F273ADEB7A4F316519794AED6F8AB61F95DFB360FAF18C6C8CABE471" 385 + "6E18FE215348C2E582171A57FC41146B16C4AFE429000024A634B61C0E5C90C6" 386 + "8D8818B0955B125A9B1DF47BBD18775710792E651083105C2900001C00004004" 387 + "406FA3C5685A16B9B72C7F2EEE9993462C619ABE2900001C00004005AF905A87" 388 + "0A32222AA284A7070585601208A282F0290000080000402E290000100000402F" 389 + "00020003000400050000000800004014"; 390 final String IkeAuthRespWithoutMobikeSupport = 391 "46B8ECA1E0D72A18B45427679F9245D42E20232000000001000000EC240000D0" 392 + "0D06D37198F3F0962DE8170D66F1A9008267F98CDD956D984BDCED2FC7FAF84A" 393 + "A6664EF25049B46B93C9ED420488E0C172AA6635BF4011C49792EF2B88FE7190" 394 + "E8859FEEF51724FD20C46E7B9A9C3DC4708EF7005707A18AB747C903ABCEAC5C" 395 + "6ECF5A5FC13633DCE3844A920ED10EF202F115DBFBB5D6D2D7AB1F34EB08DE7C" 396 + "A54DCE0A3A582753345CA2D05A0EFDB9DC61E81B2483B7D13EEE0A815D37252C" 397 + "23D2F29E9C30658227D2BB0C9E1A481EAA80BC6BE9006BEDC13E925A755A0290" 398 + "AEC4164D29997F52ED7DCC2E"; 399 400 // Open IKE Session without IKE_OPTION_MOBIKE 401 mIkeSession = 402 openIkeSessionWithTunnelModeChild( 403 mRemoteAddress, createIkeParamsBuilderBase(mRemoteAddress).build()); 404 performSetupIkeAndFirstChildBlocking(ikeInitResp, IkeAuthRespWithoutMobikeSupport); 405 406 verifyIkeSessionSetupBlocking(); 407 408 final IkeSessionConfiguration ikeConfig = mIkeSessionCallback.awaitIkeConfig(); 409 assertFalse(ikeConfig.isIkeExtensionEnabled(IkeSessionConfiguration.EXTENSION_TYPE_MOBIKE)); 410 411 try { 412 // manually change network when IKE_OPTION_MOBIKE is not set 413 mIkeSession.setNetwork(mSecondaryTunNetworkContext.tunNetwork); 414 415 fail("Expected error for setNetwork() when IKE_OPTION_MOBIKE is not set"); 416 } catch (IllegalStateException expected) { 417 } 418 } 419 420 /** The MOBIKE spec explicitly disallows Transport mode. */ 421 @Test(expected = IllegalArgumentException.class) testStartSessionWithMobikeAndTransportMode()422 public void testStartSessionWithMobikeAndTransportMode() { 423 mIkeSession = openIkeSessionWithTransportModeChild(mRemoteAddress); 424 } 425 } 426