1 /* 2 * Copyright (C) 2021 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.net.vcn.cts; 18 19 import static android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_MOBIKE; 20 import static android.net.ipsec.ike.SaProposal.DH_GROUP_2048_BIT_MODP; 21 import static android.net.ipsec.ike.SaProposal.ENCRYPTION_ALGORITHM_AES_CBC; 22 import static android.net.ipsec.ike.SaProposal.INTEGRITY_ALGORITHM_AES_CMAC_96; 23 import static android.net.ipsec.ike.SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA2_256_128; 24 import static android.net.ipsec.ike.SaProposal.KEY_LEN_AES_128; 25 import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_AES128_CMAC; 26 27 import android.net.InetAddresses; 28 import android.net.ipsec.ike.ChildSaProposal; 29 import android.net.ipsec.ike.IkeFqdnIdentification; 30 import android.net.ipsec.ike.IkeSaProposal; 31 import android.net.ipsec.ike.IkeSessionParams; 32 import android.net.ipsec.ike.IkeTunnelConnectionParams; 33 import android.net.ipsec.ike.TunnelModeChildSessionParams; 34 35 import java.net.InetAddress; 36 37 public class VcnTestBase { 38 protected static final InetAddress REMOTE_ADDRESS = 39 InetAddresses.parseNumericAddress("192.0.2.1"); 40 buildTunnelConnectionParams()41 protected static IkeTunnelConnectionParams buildTunnelConnectionParams() { 42 final IkeSessionParams ikeParams = getIkeSessionParamsBase().build(); 43 return buildTunnelConnectionParams(ikeParams); 44 } 45 buildTunnelConnectionParams( IkeSessionParams ikeParams)46 protected static IkeTunnelConnectionParams buildTunnelConnectionParams( 47 IkeSessionParams ikeParams) { 48 final ChildSaProposal childProposal = 49 new ChildSaProposal.Builder() 50 .addEncryptionAlgorithm(ENCRYPTION_ALGORITHM_AES_CBC, KEY_LEN_AES_128) 51 .addIntegrityAlgorithm(INTEGRITY_ALGORITHM_HMAC_SHA2_256_128) 52 .build(); 53 54 final TunnelModeChildSessionParams childParams = 55 new TunnelModeChildSessionParams.Builder().addSaProposal(childProposal).build(); 56 57 return new IkeTunnelConnectionParams(ikeParams, childParams); 58 } 59 getIkeSessionParamsBase()60 protected static IkeSessionParams.Builder getIkeSessionParamsBase() { 61 final IkeSaProposal ikeProposal = 62 new IkeSaProposal.Builder() 63 .addEncryptionAlgorithm(ENCRYPTION_ALGORITHM_AES_CBC, KEY_LEN_AES_128) 64 .addIntegrityAlgorithm(INTEGRITY_ALGORITHM_AES_CMAC_96) 65 .addPseudorandomFunction(PSEUDORANDOM_FUNCTION_AES128_CMAC) 66 .addDhGroup(DH_GROUP_2048_BIT_MODP) 67 .build(); 68 69 // TODO: b/192610392 Improve VcnManagerTest CTS by adding IPv6 test case. 70 final String testLocalId = "client.test.ike.android.net"; 71 final String testRemoteId = "server.test.ike.android.net"; 72 final byte[] psk = "ikeAndroidPsk".getBytes(); 73 74 return new IkeSessionParams.Builder() 75 .setServerHostname(REMOTE_ADDRESS.getHostAddress()) 76 .addSaProposal(ikeProposal) 77 .setLocalIdentification(new IkeFqdnIdentification(testLocalId)) 78 .setRemoteIdentification(new IkeFqdnIdentification(testRemoteId)) 79 .setAuthPsk(psk) 80 .addIkeOption(IKE_OPTION_MOBIKE); 81 } 82 } 83