• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2022 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.net.cts.util;
18 
19 import static android.net.ipsec.ike.SaProposal.DH_GROUP_4096_BIT_MODP;
20 import static android.net.ipsec.ike.SaProposal.ENCRYPTION_ALGORITHM_AES_CBC;
21 import static android.net.ipsec.ike.SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12;
22 import static android.net.ipsec.ike.SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA2_256_128;
23 import static android.net.ipsec.ike.SaProposal.KEY_LEN_AES_128;
24 import static android.net.ipsec.ike.SaProposal.KEY_LEN_AES_256;
25 import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC;
26 
27 import android.net.InetAddresses;
28 import android.net.ipsec.ike.ChildSaProposal;
29 import android.net.ipsec.ike.IkeFqdnIdentification;
30 import android.net.ipsec.ike.IkeIdentification;
31 import android.net.ipsec.ike.IkeIpv4AddrIdentification;
32 import android.net.ipsec.ike.IkeIpv6AddrIdentification;
33 import android.net.ipsec.ike.IkeSaProposal;
34 import android.net.ipsec.ike.IkeSessionParams;
35 import android.net.ipsec.ike.TunnelModeChildSessionParams;
36 
37 import java.net.Inet4Address;
38 import java.net.Inet6Address;
39 import java.net.InetAddress;
40 
41 /** Shared testing parameters and util methods for testing IKE */
42 public class IkeSessionTestUtils {
43     private static final String TEST_SERVER_ADDR_V4 = "192.0.2.2";
44     private static final String TEST_SERVER_ADDR_V6 = "2001:db8::2";
45     public static final String TEST_IDENTITY = "client.cts.android.com";
46     private static final byte[] TEST_PSK = "ikeAndroidPsk".getBytes();
47     public static final int TEST_KEEPALIVE_TIMEOUT_UNSET = -1;
48     public static final IkeSessionParams IKE_PARAMS_V4 = getTestIkeSessionParams(false);
49     public static final IkeSessionParams IKE_PARAMS_V6 = getTestIkeSessionParams(true);
50 
51     public static final TunnelModeChildSessionParams CHILD_PARAMS = getChildSessionParams();
52 
getChildSessionParams()53     private static TunnelModeChildSessionParams getChildSessionParams() {
54         final TunnelModeChildSessionParams.Builder childOptionsBuilder =
55                 new TunnelModeChildSessionParams.Builder()
56                         .addSaProposal(getChildSaProposals());
57 
58         return childOptionsBuilder.build();
59     }
60 
getTestIkeSessionParams(boolean testIpv6)61     private static IkeSessionParams getTestIkeSessionParams(boolean testIpv6) {
62         return getTestIkeSessionParams(testIpv6, new IkeFqdnIdentification(TEST_IDENTITY));
63     }
64 
getTestIkeSessionParams(boolean testIpv6, IkeIdentification identification)65     public static IkeSessionParams getTestIkeSessionParams(boolean testIpv6,
66             IkeIdentification identification) {
67         return getTestIkeSessionParams(testIpv6, identification, TEST_KEEPALIVE_TIMEOUT_UNSET);
68     }
69 
getTestIkeSessionParams(boolean testIpv6, IkeIdentification identification, int keepaliveTimer)70     public static IkeSessionParams getTestIkeSessionParams(boolean testIpv6,
71             IkeIdentification identification, int keepaliveTimer) {
72         final String testServer = testIpv6 ? TEST_SERVER_ADDR_V6 : TEST_SERVER_ADDR_V4;
73         final InetAddress addr = InetAddresses.parseNumericAddress(testServer);
74         final IkeSessionParams.Builder ikeOptionsBuilder =
75                 new IkeSessionParams.Builder()
76                         .setServerHostname(testServer)
77                         .setLocalIdentification(identification)
78                         .setRemoteIdentification(testIpv6
79                                 ? new IkeIpv6AddrIdentification((Inet6Address) addr)
80                                 : new IkeIpv4AddrIdentification((Inet4Address) addr))
81                         .setAuthPsk(TEST_PSK)
82 
83                         .addSaProposal(getIkeSaProposals());
84         if (keepaliveTimer != TEST_KEEPALIVE_TIMEOUT_UNSET) {
85             ikeOptionsBuilder.setNattKeepAliveDelaySeconds(keepaliveTimer);
86         }
87 
88         return ikeOptionsBuilder.build();
89     }
90 
getIkeSaProposals()91     private static IkeSaProposal getIkeSaProposals() {
92         return new IkeSaProposal.Builder()
93                 .addEncryptionAlgorithm(ENCRYPTION_ALGORITHM_AES_CBC, KEY_LEN_AES_256)
94                 .addIntegrityAlgorithm(INTEGRITY_ALGORITHM_HMAC_SHA2_256_128)
95                 .addDhGroup(DH_GROUP_4096_BIT_MODP)
96                 .addPseudorandomFunction(PSEUDORANDOM_FUNCTION_AES128_XCBC).build();
97     }
98 
getChildSaProposals()99     private static ChildSaProposal getChildSaProposals() {
100         return new ChildSaProposal.Builder()
101                 .addEncryptionAlgorithm(ENCRYPTION_ALGORITHM_AES_GCM_12, KEY_LEN_AES_128)
102                 .build();
103     }
104 }
105