diff --git a/tests/net/java/android/net/IpSecConfigTest.java b/tests/net/java/android/net/IpSecConfigTest.java index efc01f2ace..f6c5532363 100644 --- a/tests/net/java/android/net/IpSecConfigTest.java +++ b/tests/net/java/android/net/IpSecConfigTest.java @@ -36,19 +36,16 @@ public class IpSecConfigTest { public void testDefaults() throws Exception { IpSecConfig c = new IpSecConfig(); assertEquals(IpSecTransform.MODE_TRANSPORT, c.getMode()); - assertEquals("", c.getLocalAddress()); - assertEquals("", c.getRemoteAddress()); + assertEquals("", c.getSourceAddress()); + assertEquals("", c.getDestinationAddress()); assertNull(c.getNetwork()); assertEquals(IpSecTransform.ENCAP_NONE, c.getEncapType()); assertEquals(IpSecManager.INVALID_RESOURCE_ID, c.getEncapSocketResourceId()); assertEquals(0, c.getEncapRemotePort()); assertEquals(0, c.getNattKeepaliveInterval()); - for (int direction : - new int[] {IpSecTransform.DIRECTION_OUT, IpSecTransform.DIRECTION_IN}) { - assertNull(c.getEncryption(direction)); - assertNull(c.getAuthentication(direction)); - assertEquals(IpSecManager.INVALID_RESOURCE_ID, c.getSpiResourceId(direction)); - } + assertNull(c.getEncryption()); + assertNull(c.getAuthentication()); + assertEquals(IpSecManager.INVALID_RESOURCE_ID, c.getSpiResourceId()); } @Test @@ -57,34 +54,21 @@ public class IpSecConfigTest { IpSecConfig c = new IpSecConfig(); c.setMode(IpSecTransform.MODE_TUNNEL); - c.setLocalAddress("0.0.0.0"); - c.setRemoteAddress("1.2.3.4"); + c.setSourceAddress("0.0.0.0"); + c.setDestinationAddress("1.2.3.4"); c.setEncapType(android.system.OsConstants.UDP_ENCAP_ESPINUDP); c.setEncapSocketResourceId(7); c.setEncapRemotePort(22); c.setNattKeepaliveInterval(42); c.setEncryption( - IpSecTransform.DIRECTION_OUT, new IpSecAlgorithm( IpSecAlgorithm.CRYPT_AES_CBC, new byte[] {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF})); c.setAuthentication( - IpSecTransform.DIRECTION_OUT, new IpSecAlgorithm( IpSecAlgorithm.AUTH_HMAC_MD5, new byte[] {1, 2, 3, 4, 5, 6, 7, 8, 9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF, 0})); - c.setSpiResourceId(IpSecTransform.DIRECTION_OUT, 1984); - c.setEncryption( - IpSecTransform.DIRECTION_IN, - new IpSecAlgorithm( - IpSecAlgorithm.CRYPT_AES_CBC, - new byte[] {2, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF})); - c.setAuthentication( - IpSecTransform.DIRECTION_IN, - new IpSecAlgorithm( - IpSecAlgorithm.AUTH_HMAC_MD5, - new byte[] {1, 2, 3, 4, 5, 6, 7, 8, 9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF, 1})); - c.setSpiResourceId(IpSecTransform.DIRECTION_IN, 99); + c.setSpiResourceId(1984); assertParcelingIsLossless(c); } diff --git a/tests/net/java/android/net/IpSecManagerTest.java b/tests/net/java/android/net/IpSecManagerTest.java index 0f40b4562b..cc3366fbc8 100644 --- a/tests/net/java/android/net/IpSecManagerTest.java +++ b/tests/net/java/android/net/IpSecManagerTest.java @@ -81,15 +81,13 @@ public class IpSecManagerTest { IpSecSpiResponse spiResp = new IpSecSpiResponse(IpSecManager.Status.OK, resourceId, DROID_SPI); when(mMockIpSecService.allocateSecurityParameterIndex( - eq(IpSecTransform.DIRECTION_IN), eq(GOOGLE_DNS_4.getHostAddress()), eq(DROID_SPI), anyObject())) .thenReturn(spiResp); IpSecManager.SecurityParameterIndex droidSpi = - mIpSecManager.allocateSecurityParameterIndex( - IpSecTransform.DIRECTION_IN, GOOGLE_DNS_4, DROID_SPI); + mIpSecManager.allocateSecurityParameterIndex(GOOGLE_DNS_4, DROID_SPI); assertEquals(DROID_SPI, droidSpi.getSpi()); droidSpi.close(); @@ -103,15 +101,13 @@ public class IpSecManagerTest { IpSecSpiResponse spiResp = new IpSecSpiResponse(IpSecManager.Status.OK, resourceId, DROID_SPI); when(mMockIpSecService.allocateSecurityParameterIndex( - eq(IpSecTransform.DIRECTION_OUT), eq(GOOGLE_DNS_4.getHostAddress()), eq(IpSecManager.INVALID_SECURITY_PARAMETER_INDEX), anyObject())) .thenReturn(spiResp); IpSecManager.SecurityParameterIndex randomSpi = - mIpSecManager.allocateSecurityParameterIndex( - IpSecTransform.DIRECTION_OUT, GOOGLE_DNS_4); + mIpSecManager.allocateSecurityParameterIndex(GOOGLE_DNS_4); assertEquals(DROID_SPI, randomSpi.getSpi()); @@ -124,16 +120,15 @@ public class IpSecManagerTest { * Throws resource unavailable exception */ @Test - public void testAllocSpiResUnavaiableExeption() throws Exception { + public void testAllocSpiResUnavailableException() throws Exception { IpSecSpiResponse spiResp = new IpSecSpiResponse(IpSecManager.Status.RESOURCE_UNAVAILABLE, 0, 0); when(mMockIpSecService.allocateSecurityParameterIndex( - anyInt(), anyString(), anyInt(), anyObject())) + anyString(), anyInt(), anyObject())) .thenReturn(spiResp); try { - mIpSecManager.allocateSecurityParameterIndex( - IpSecTransform.DIRECTION_OUT, GOOGLE_DNS_4); + mIpSecManager.allocateSecurityParameterIndex(GOOGLE_DNS_4); fail("ResourceUnavailableException was not thrown"); } catch (IpSecManager.ResourceUnavailableException e) { } @@ -143,15 +138,14 @@ public class IpSecManagerTest { * Throws spi unavailable exception */ @Test - public void testAllocSpiSpiUnavaiableExeption() throws Exception { + public void testAllocSpiSpiUnavailableException() throws Exception { IpSecSpiResponse spiResp = new IpSecSpiResponse(IpSecManager.Status.SPI_UNAVAILABLE, 0, 0); when(mMockIpSecService.allocateSecurityParameterIndex( - anyInt(), anyString(), anyInt(), anyObject())) + anyString(), anyInt(), anyObject())) .thenReturn(spiResp); try { - mIpSecManager.allocateSecurityParameterIndex( - IpSecTransform.DIRECTION_OUT, GOOGLE_DNS_4); + mIpSecManager.allocateSecurityParameterIndex(GOOGLE_DNS_4); fail("ResourceUnavailableException was not thrown"); } catch (IpSecManager.ResourceUnavailableException e) { } @@ -163,8 +157,7 @@ public class IpSecManagerTest { @Test public void testRequestAllocInvalidSpi() throws Exception { try { - mIpSecManager.allocateSecurityParameterIndex( - IpSecTransform.DIRECTION_OUT, GOOGLE_DNS_4, 0); + mIpSecManager.allocateSecurityParameterIndex(GOOGLE_DNS_4, 0); fail("Able to allocate invalid spi"); } catch (IllegalArgumentException e) { } diff --git a/tests/net/java/com/android/server/IpSecServiceParameterizedTest.java b/tests/net/java/com/android/server/IpSecServiceParameterizedTest.java index 2282c1319a..86bbe2d5b0 100644 --- a/tests/net/java/com/android/server/IpSecServiceParameterizedTest.java +++ b/tests/net/java/com/android/server/IpSecServiceParameterizedTest.java @@ -32,7 +32,6 @@ import android.net.IpSecAlgorithm; import android.net.IpSecConfig; import android.net.IpSecManager; import android.net.IpSecSpiResponse; -import android.net.IpSecTransform; import android.net.IpSecTransformResponse; import android.net.NetworkUtils; import android.os.Binder; @@ -54,10 +53,9 @@ import org.junit.runners.Parameterized; @RunWith(Parameterized.class) public class IpSecServiceParameterizedTest { - private static final int TEST_SPI_OUT = 0xD1201D; - private static final int TEST_SPI_IN = TEST_SPI_OUT + 1; + private static final int TEST_SPI = 0xD1201D; - private final String mRemoteAddr; + private final String mDestinationAddr; @Parameterized.Parameters public static Collection ipSecConfigs() { @@ -96,11 +94,8 @@ public class IpSecServiceParameterizedTest { private static final IpSecAlgorithm AEAD_ALGO = new IpSecAlgorithm(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, AEAD_KEY, 128); - private static final int[] DIRECTIONS = - new int[] {IpSecTransform.DIRECTION_IN, IpSecTransform.DIRECTION_OUT}; - public IpSecServiceParameterizedTest(String remoteAddr) { - mRemoteAddr = remoteAddr; + mDestinationAddr = remoteAddr; } @Before @@ -116,44 +111,30 @@ public class IpSecServiceParameterizedTest { @Test public void testIpSecServiceReserveSpi() throws Exception { - when(mMockNetd.ipSecAllocateSpi( - anyInt(), - eq(IpSecTransform.DIRECTION_OUT), - anyString(), - eq(mRemoteAddr), - eq(TEST_SPI_OUT))) - .thenReturn(TEST_SPI_OUT); + when(mMockNetd.ipSecAllocateSpi(anyInt(), anyString(), eq(mDestinationAddr), eq(TEST_SPI))) + .thenReturn(TEST_SPI); IpSecSpiResponse spiResp = mIpSecService.allocateSecurityParameterIndex( - IpSecTransform.DIRECTION_OUT, mRemoteAddr, TEST_SPI_OUT, new Binder()); + mDestinationAddr, TEST_SPI, new Binder()); assertEquals(IpSecManager.Status.OK, spiResp.status); - assertEquals(TEST_SPI_OUT, spiResp.spi); + assertEquals(TEST_SPI, spiResp.spi); } @Test public void testReleaseSecurityParameterIndex() throws Exception { - when(mMockNetd.ipSecAllocateSpi( - anyInt(), - eq(IpSecTransform.DIRECTION_OUT), - anyString(), - eq(mRemoteAddr), - eq(TEST_SPI_OUT))) - .thenReturn(TEST_SPI_OUT); + when(mMockNetd.ipSecAllocateSpi(anyInt(), anyString(), eq(mDestinationAddr), eq(TEST_SPI))) + .thenReturn(TEST_SPI); IpSecSpiResponse spiResp = mIpSecService.allocateSecurityParameterIndex( - IpSecTransform.DIRECTION_OUT, mRemoteAddr, TEST_SPI_OUT, new Binder()); + mDestinationAddr, TEST_SPI, new Binder()); mIpSecService.releaseSecurityParameterIndex(spiResp.resourceId); verify(mMockNetd) .ipSecDeleteSecurityAssociation( - eq(spiResp.resourceId), - anyInt(), - anyString(), - anyString(), - eq(TEST_SPI_OUT)); + eq(spiResp.resourceId), anyString(), anyString(), eq(TEST_SPI)); // Verify quota and RefcountedResource objects cleaned up IpSecService.UserRecord userRecord = @@ -169,17 +150,12 @@ public class IpSecServiceParameterizedTest { @Test public void testSecurityParameterIndexBinderDeath() throws Exception { - when(mMockNetd.ipSecAllocateSpi( - anyInt(), - eq(IpSecTransform.DIRECTION_OUT), - anyString(), - eq(mRemoteAddr), - eq(TEST_SPI_OUT))) - .thenReturn(TEST_SPI_OUT); + when(mMockNetd.ipSecAllocateSpi(anyInt(), anyString(), eq(mDestinationAddr), eq(TEST_SPI))) + .thenReturn(TEST_SPI); IpSecSpiResponse spiResp = mIpSecService.allocateSecurityParameterIndex( - IpSecTransform.DIRECTION_OUT, mRemoteAddr, TEST_SPI_OUT, new Binder()); + mDestinationAddr, TEST_SPI, new Binder()); IpSecService.UserRecord userRecord = mIpSecService.mUserResourceTracker.getUserRecord(Os.getuid()); @@ -190,11 +166,7 @@ public class IpSecServiceParameterizedTest { verify(mMockNetd) .ipSecDeleteSecurityAssociation( - eq(spiResp.resourceId), - anyInt(), - anyString(), - anyString(), - eq(TEST_SPI_OUT)); + eq(spiResp.resourceId), anyString(), anyString(), eq(TEST_SPI)); // Verify quota and RefcountedResource objects cleaned up assertEquals(0, userRecord.mSpiQuotaTracker.mCurrent); @@ -206,14 +178,12 @@ public class IpSecServiceParameterizedTest { } } - private int getNewSpiResourceId(int direction, String remoteAddress, int returnSpi) - throws Exception { - when(mMockNetd.ipSecAllocateSpi(anyInt(), anyInt(), anyString(), anyString(), anyInt())) + private int getNewSpiResourceId(String remoteAddress, int returnSpi) throws Exception { + when(mMockNetd.ipSecAllocateSpi(anyInt(), anyString(), anyString(), anyInt())) .thenReturn(returnSpi); IpSecSpiResponse spi = mIpSecService.allocateSecurityParameterIndex( - direction, NetworkUtils.numericToInetAddress(remoteAddress).getHostAddress(), IpSecManager.INVALID_SECURITY_PARAMETER_INDEX, new Binder()); @@ -221,20 +191,13 @@ public class IpSecServiceParameterizedTest { } private void addDefaultSpisAndRemoteAddrToIpSecConfig(IpSecConfig config) throws Exception { - config.setSpiResourceId( - IpSecTransform.DIRECTION_OUT, - getNewSpiResourceId(IpSecTransform.DIRECTION_OUT, mRemoteAddr, TEST_SPI_OUT)); - config.setSpiResourceId( - IpSecTransform.DIRECTION_IN, - getNewSpiResourceId(IpSecTransform.DIRECTION_IN, mRemoteAddr, TEST_SPI_IN)); - config.setRemoteAddress(mRemoteAddr); + config.setSpiResourceId(getNewSpiResourceId(mDestinationAddr, TEST_SPI)); + config.setDestinationAddress(mDestinationAddr); } private void addAuthAndCryptToIpSecConfig(IpSecConfig config) throws Exception { - for (int direction : DIRECTIONS) { - config.setEncryption(direction, CRYPT_ALGO); - config.setAuthentication(direction, AUTH_ALGO); - } + config.setEncryption(CRYPT_ALGO); + config.setAuthentication(AUTH_ALGO); } @Test @@ -251,32 +214,10 @@ public class IpSecServiceParameterizedTest { .ipSecAddSecurityAssociation( eq(createTransformResp.resourceId), anyInt(), - eq(IpSecTransform.DIRECTION_OUT), anyString(), anyString(), anyLong(), - eq(TEST_SPI_OUT), - eq(IpSecAlgorithm.AUTH_HMAC_SHA256), - eq(AUTH_KEY), - anyInt(), - eq(IpSecAlgorithm.CRYPT_AES_CBC), - eq(CRYPT_KEY), - anyInt(), - eq(""), - eq(new byte[] {}), - eq(0), - anyInt(), - anyInt(), - anyInt()); - verify(mMockNetd) - .ipSecAddSecurityAssociation( - eq(createTransformResp.resourceId), - anyInt(), - eq(IpSecTransform.DIRECTION_IN), - anyString(), - anyString(), - anyLong(), - eq(TEST_SPI_IN), + eq(TEST_SPI), eq(IpSecAlgorithm.AUTH_HMAC_SHA256), eq(AUTH_KEY), anyInt(), @@ -296,8 +237,7 @@ public class IpSecServiceParameterizedTest { IpSecConfig ipSecConfig = new IpSecConfig(); addDefaultSpisAndRemoteAddrToIpSecConfig(ipSecConfig); - ipSecConfig.setAuthenticatedEncryption(IpSecTransform.DIRECTION_OUT, AEAD_ALGO); - ipSecConfig.setAuthenticatedEncryption(IpSecTransform.DIRECTION_IN, AEAD_ALGO); + ipSecConfig.setAuthenticatedEncryption(AEAD_ALGO); IpSecTransformResponse createTransformResp = mIpSecService.createTransportModeTransform(ipSecConfig, new Binder()); @@ -307,32 +247,10 @@ public class IpSecServiceParameterizedTest { .ipSecAddSecurityAssociation( eq(createTransformResp.resourceId), anyInt(), - eq(IpSecTransform.DIRECTION_OUT), anyString(), anyString(), anyLong(), - eq(TEST_SPI_OUT), - eq(""), - eq(new byte[] {}), - eq(0), - eq(""), - eq(new byte[] {}), - eq(0), - eq(IpSecAlgorithm.AUTH_CRYPT_AES_GCM), - eq(AEAD_KEY), - anyInt(), - anyInt(), - anyInt(), - anyInt()); - verify(mMockNetd) - .ipSecAddSecurityAssociation( - eq(createTransformResp.resourceId), - anyInt(), - eq(IpSecTransform.DIRECTION_IN), - anyString(), - anyString(), - anyLong(), - eq(TEST_SPI_IN), + eq(TEST_SPI), eq(""), eq(new byte[] {}), eq(0), @@ -359,18 +277,7 @@ public class IpSecServiceParameterizedTest { verify(mMockNetd) .ipSecDeleteSecurityAssociation( - eq(createTransformResp.resourceId), - eq(IpSecTransform.DIRECTION_OUT), - anyString(), - anyString(), - eq(TEST_SPI_OUT)); - verify(mMockNetd) - .ipSecDeleteSecurityAssociation( - eq(createTransformResp.resourceId), - eq(IpSecTransform.DIRECTION_IN), - anyString(), - anyString(), - eq(TEST_SPI_IN)); + eq(createTransformResp.resourceId), anyString(), anyString(), eq(TEST_SPI)); // Verify quota and RefcountedResource objects cleaned up IpSecService.UserRecord userRecord = @@ -404,18 +311,7 @@ public class IpSecServiceParameterizedTest { verify(mMockNetd) .ipSecDeleteSecurityAssociation( - eq(createTransformResp.resourceId), - eq(IpSecTransform.DIRECTION_OUT), - anyString(), - anyString(), - eq(TEST_SPI_OUT)); - verify(mMockNetd) - .ipSecDeleteSecurityAssociation( - eq(createTransformResp.resourceId), - eq(IpSecTransform.DIRECTION_IN), - anyString(), - anyString(), - eq(TEST_SPI_IN)); + eq(createTransformResp.resourceId), anyString(), anyString(), eq(TEST_SPI)); // Verify quota and RefcountedResource objects cleaned up assertEquals(0, userRecord.mTransformQuotaTracker.mCurrent); @@ -439,30 +335,22 @@ public class IpSecServiceParameterizedTest { ParcelFileDescriptor pfd = ParcelFileDescriptor.fromSocket(new Socket()); int resourceId = createTransformResp.resourceId; - mIpSecService.applyTransportModeTransform(pfd, resourceId); + mIpSecService.applyTransportModeTransform(pfd, IpSecManager.DIRECTION_OUT, resourceId); verify(mMockNetd) .ipSecApplyTransportModeTransform( eq(pfd.getFileDescriptor()), eq(resourceId), - eq(IpSecTransform.DIRECTION_OUT), + eq(IpSecManager.DIRECTION_OUT), anyString(), anyString(), - eq(TEST_SPI_OUT)); - verify(mMockNetd) - .ipSecApplyTransportModeTransform( - eq(pfd.getFileDescriptor()), - eq(resourceId), - eq(IpSecTransform.DIRECTION_IN), - anyString(), - anyString(), - eq(TEST_SPI_IN)); + eq(TEST_SPI)); } @Test public void testRemoveTransportModeTransform() throws Exception { ParcelFileDescriptor pfd = ParcelFileDescriptor.fromSocket(new Socket()); - mIpSecService.removeTransportModeTransform(pfd, 1); + mIpSecService.removeTransportModeTransforms(pfd, 1); verify(mMockNetd).ipSecRemoveTransportModeTransform(pfd.getFileDescriptor()); } diff --git a/tests/net/java/com/android/server/IpSecServiceTest.java b/tests/net/java/com/android/server/IpSecServiceTest.java index 0467989d89..49eec3f68c 100644 --- a/tests/net/java/com/android/server/IpSecServiceTest.java +++ b/tests/net/java/com/android/server/IpSecServiceTest.java @@ -434,7 +434,7 @@ public class IpSecServiceTest { @Test public void testRemoveTransportModeTransform() throws Exception { ParcelFileDescriptor pfd = ParcelFileDescriptor.fromSocket(new Socket()); - mIpSecService.removeTransportModeTransform(pfd, 1); + mIpSecService.removeTransportModeTransforms(pfd, 1); verify(mMockNetd).ipSecRemoveTransportModeTransform(pfd.getFileDescriptor()); } @@ -447,7 +447,7 @@ public class IpSecServiceTest { try { IpSecSpiResponse spiResp = mIpSecService.allocateSecurityParameterIndex( - IpSecTransform.DIRECTION_OUT, address, DROID_SPI, new Binder()); + address, DROID_SPI, new Binder()); fail("Invalid address was passed through IpSecService validation: " + address); } catch (IllegalArgumentException e) { } catch (Exception e) { @@ -519,7 +519,6 @@ public class IpSecServiceTest { // tracks the resource ID. when(mMockNetd.ipSecAllocateSpi( anyInt(), - eq(IpSecTransform.DIRECTION_OUT), anyString(), eq(InetAddress.getLoopbackAddress().getHostAddress()), anyInt())) @@ -528,7 +527,6 @@ public class IpSecServiceTest { for (int i = 0; i < MAX_NUM_SPIS; i++) { IpSecSpiResponse newSpi = mIpSecService.allocateSecurityParameterIndex( - 0x1, InetAddress.getLoopbackAddress().getHostAddress(), DROID_SPI + i, new Binder()); @@ -544,7 +542,6 @@ public class IpSecServiceTest { // Try to reserve one more SPI, and should fail. IpSecSpiResponse extraSpi = mIpSecService.allocateSecurityParameterIndex( - 0x1, InetAddress.getLoopbackAddress().getHostAddress(), DROID_SPI + MAX_NUM_SPIS, new Binder()); @@ -558,7 +555,6 @@ public class IpSecServiceTest { // Should successfully reserve one more spi. extraSpi = mIpSecService.allocateSecurityParameterIndex( - 0x1, InetAddress.getLoopbackAddress().getHostAddress(), DROID_SPI + MAX_NUM_SPIS, new Binder());