LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge changes from topic "ipsec-oneway-transform"

Browse Source 
* changes:
  Update IpSecService UnitTests
  Make Transforms Unidirectional
This commit is contained in:
nharold
2018-01-17 08:40:37 +00:00
committed by Gerrit Code Review
parent 3fbfac269b f52a471f1a
commit 60a21328d5
4 changed files with 106 additions and 253 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
tests/net/java/android/net/IpSecConfigTest.java
View File

@@ -36,19 +36,16 @@ public class IpSecConfigTest {
public void testDefaults() throws Exception { public void testDefaults() throws Exception {
IpSecConfig c = new IpSecConfig(); IpSecConfig c = new IpSecConfig();
assertEquals(IpSecTransform.MODE_TRANSPORT, c.getMode()); assertEquals(IpSecTransform.MODE_TRANSPORT, c.getMode());
assertEquals("", c.getLocalAddress()); assertEquals("", c.getSourceAddress());
assertEquals("", c.getRemoteAddress()); assertEquals("", c.getDestinationAddress());
assertNull(c.getNetwork()); assertNull(c.getNetwork());
assertEquals(IpSecTransform.ENCAP_NONE, c.getEncapType()); assertEquals(IpSecTransform.ENCAP_NONE, c.getEncapType());
assertEquals(IpSecManager.INVALID_RESOURCE_ID, c.getEncapSocketResourceId()); assertEquals(IpSecManager.INVALID_RESOURCE_ID, c.getEncapSocketResourceId());
assertEquals(0, c.getEncapRemotePort()); assertEquals(0, c.getEncapRemotePort());
assertEquals(0, c.getNattKeepaliveInterval()); assertEquals(0, c.getNattKeepaliveInterval());
for (int direction : assertNull(c.getEncryption());
new int[] {IpSecTransform.DIRECTION_OUT, IpSecTransform.DIRECTION_IN}) { assertNull(c.getAuthentication());
assertNull(c.getEncryption(direction)); assertEquals(IpSecManager.INVALID_RESOURCE_ID, c.getSpiResourceId());
assertNull(c.getAuthentication(direction));
assertEquals(IpSecManager.INVALID_RESOURCE_ID, c.getSpiResourceId(direction));
}
} }
@Test @Test
@@ -57,34 +54,21 @@ public class IpSecConfigTest {
IpSecConfig c = new IpSecConfig(); IpSecConfig c = new IpSecConfig();
c.setMode(IpSecTransform.MODE_TUNNEL); c.setMode(IpSecTransform.MODE_TUNNEL);
c.setLocalAddress("0.0.0.0"); c.setSourceAddress("0.0.0.0");
c.setRemoteAddress("1.2.3.4"); c.setDestinationAddress("1.2.3.4");
c.setEncapType(android.system.OsConstants.UDP_ENCAP_ESPINUDP); c.setEncapType(android.system.OsConstants.UDP_ENCAP_ESPINUDP);
c.setEncapSocketResourceId(7); c.setEncapSocketResourceId(7);
c.setEncapRemotePort(22); c.setEncapRemotePort(22);
c.setNattKeepaliveInterval(42); c.setNattKeepaliveInterval(42);
c.setEncryption( c.setEncryption(
IpSecTransform.DIRECTION_OUT,
new IpSecAlgorithm( new IpSecAlgorithm(
IpSecAlgorithm.CRYPT_AES_CBC, IpSecAlgorithm.CRYPT_AES_CBC,
new byte[] {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF})); new byte[] {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF}));
c.setAuthentication( c.setAuthentication(
IpSecTransform.DIRECTION_OUT,
new IpSecAlgorithm( new IpSecAlgorithm(
IpSecAlgorithm.AUTH_HMAC_MD5, IpSecAlgorithm.AUTH_HMAC_MD5,
new byte[] {1, 2, 3, 4, 5, 6, 7, 8, 9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF, 0})); new byte[] {1, 2, 3, 4, 5, 6, 7, 8, 9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF, 0}));
c.setSpiResourceId(IpSecTransform.DIRECTION_OUT, 1984); c.setSpiResourceId(1984);
c.setEncryption(
IpSecTransform.DIRECTION_IN,
new IpSecAlgorithm(
IpSecAlgorithm.CRYPT_AES_CBC,
new byte[] {2, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF}));
c.setAuthentication(
IpSecTransform.DIRECTION_IN,
new IpSecAlgorithm(
IpSecAlgorithm.AUTH_HMAC_MD5,
new byte[] {1, 2, 3, 4, 5, 6, 7, 8, 9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF, 1}));
c.setSpiResourceId(IpSecTransform.DIRECTION_IN, 99);
assertParcelingIsLossless(c); assertParcelingIsLossless(c);
} }

25
tests/net/java/android/net/IpSecManagerTest.java
View File

@@ -81,15 +81,13 @@ public class IpSecManagerTest {
IpSecSpiResponse spiResp = IpSecSpiResponse spiResp =
new IpSecSpiResponse(IpSecManager.Status.OK, resourceId, DROID_SPI); new IpSecSpiResponse(IpSecManager.Status.OK, resourceId, DROID_SPI);
when(mMockIpSecService.allocateSecurityParameterIndex( when(mMockIpSecService.allocateSecurityParameterIndex(
eq(IpSecTransform.DIRECTION_IN),
eq(GOOGLE_DNS_4.getHostAddress()), eq(GOOGLE_DNS_4.getHostAddress()),
eq(DROID_SPI), eq(DROID_SPI),
anyObject())) anyObject()))
.thenReturn(spiResp); .thenReturn(spiResp);
IpSecManager.SecurityParameterIndex droidSpi = IpSecManager.SecurityParameterIndex droidSpi =
mIpSecManager.allocateSecurityParameterIndex( mIpSecManager.allocateSecurityParameterIndex(GOOGLE_DNS_4, DROID_SPI);
IpSecTransform.DIRECTION_IN, GOOGLE_DNS_4, DROID_SPI);
assertEquals(DROID_SPI, droidSpi.getSpi()); assertEquals(DROID_SPI, droidSpi.getSpi());
droidSpi.close(); droidSpi.close();
@@ -103,15 +101,13 @@ public class IpSecManagerTest {
IpSecSpiResponse spiResp = IpSecSpiResponse spiResp =
new IpSecSpiResponse(IpSecManager.Status.OK, resourceId, DROID_SPI); new IpSecSpiResponse(IpSecManager.Status.OK, resourceId, DROID_SPI);
when(mMockIpSecService.allocateSecurityParameterIndex( when(mMockIpSecService.allocateSecurityParameterIndex(
eq(IpSecTransform.DIRECTION_OUT),
eq(GOOGLE_DNS_4.getHostAddress()), eq(GOOGLE_DNS_4.getHostAddress()),
eq(IpSecManager.INVALID_SECURITY_PARAMETER_INDEX), eq(IpSecManager.INVALID_SECURITY_PARAMETER_INDEX),
anyObject())) anyObject()))
.thenReturn(spiResp); .thenReturn(spiResp);
IpSecManager.SecurityParameterIndex randomSpi = IpSecManager.SecurityParameterIndex randomSpi =
mIpSecManager.allocateSecurityParameterIndex( mIpSecManager.allocateSecurityParameterIndex(GOOGLE_DNS_4);
IpSecTransform.DIRECTION_OUT, GOOGLE_DNS_4);
assertEquals(DROID_SPI, randomSpi.getSpi()); assertEquals(DROID_SPI, randomSpi.getSpi());
@@ -124,16 +120,15 @@ public class IpSecManagerTest {
* Throws resource unavailable exception * Throws resource unavailable exception
*/ */
@Test @Test
public void testAllocSpiResUnavaiableExeption() throws Exception { public void testAllocSpiResUnavailableException() throws Exception {
IpSecSpiResponse spiResp = IpSecSpiResponse spiResp =
new IpSecSpiResponse(IpSecManager.Status.RESOURCE_UNAVAILABLE, 0, 0); new IpSecSpiResponse(IpSecManager.Status.RESOURCE_UNAVAILABLE, 0, 0);
when(mMockIpSecService.allocateSecurityParameterIndex( when(mMockIpSecService.allocateSecurityParameterIndex(
anyInt(), anyString(), anyInt(), anyObject())) anyString(), anyInt(), anyObject()))
.thenReturn(spiResp); .thenReturn(spiResp);
try { try {
mIpSecManager.allocateSecurityParameterIndex( mIpSecManager.allocateSecurityParameterIndex(GOOGLE_DNS_4);
IpSecTransform.DIRECTION_OUT, GOOGLE_DNS_4);
fail("ResourceUnavailableException was not thrown"); fail("ResourceUnavailableException was not thrown");
} catch (IpSecManager.ResourceUnavailableException e) { } catch (IpSecManager.ResourceUnavailableException e) {
} }
@@ -143,15 +138,14 @@ public class IpSecManagerTest {
* Throws spi unavailable exception * Throws spi unavailable exception
*/ */
@Test @Test
public void testAllocSpiSpiUnavaiableExeption() throws Exception { public void testAllocSpiSpiUnavailableException() throws Exception {
IpSecSpiResponse spiResp = new IpSecSpiResponse(IpSecManager.Status.SPI_UNAVAILABLE, 0, 0); IpSecSpiResponse spiResp = new IpSecSpiResponse(IpSecManager.Status.SPI_UNAVAILABLE, 0, 0);
when(mMockIpSecService.allocateSecurityParameterIndex( when(mMockIpSecService.allocateSecurityParameterIndex(
anyInt(), anyString(), anyInt(), anyObject())) anyString(), anyInt(), anyObject()))
.thenReturn(spiResp); .thenReturn(spiResp);
try { try {
mIpSecManager.allocateSecurityParameterIndex( mIpSecManager.allocateSecurityParameterIndex(GOOGLE_DNS_4);
IpSecTransform.DIRECTION_OUT, GOOGLE_DNS_4);
fail("ResourceUnavailableException was not thrown"); fail("ResourceUnavailableException was not thrown");
} catch (IpSecManager.ResourceUnavailableException e) { } catch (IpSecManager.ResourceUnavailableException e) {
} }
@@ -163,8 +157,7 @@ public class IpSecManagerTest {
@Test @Test
public void testRequestAllocInvalidSpi() throws Exception { public void testRequestAllocInvalidSpi() throws Exception {
try { try {
mIpSecManager.allocateSecurityParameterIndex( mIpSecManager.allocateSecurityParameterIndex(GOOGLE_DNS_4, 0);
IpSecTransform.DIRECTION_OUT, GOOGLE_DNS_4, 0);
fail("Able to allocate invalid spi"); fail("Able to allocate invalid spi");
} catch (IllegalArgumentException e) { } catch (IllegalArgumentException e) {
} }

179
tests/net/java/com/android/server/IpSecServiceParameterizedTest.java
View File

@@ -32,7 +32,6 @@ import android.net.IpSecAlgorithm;
import android.net.IpSecConfig; import android.net.IpSecConfig;
import android.net.IpSecManager; import android.net.IpSecManager;
import android.net.IpSecSpiResponse; import android.net.IpSecSpiResponse;
import android.net.IpSecTransform;
import android.net.IpSecTransformResponse; import android.net.IpSecTransformResponse;
import android.net.NetworkUtils; import android.net.NetworkUtils;
import android.os.Binder; import android.os.Binder;
@@ -54,14 +53,14 @@ import org.junit.runners.Parameterized;
@RunWith(Parameterized.class) @RunWith(Parameterized.class)
public class IpSecServiceParameterizedTest { public class IpSecServiceParameterizedTest {
private static final int TEST_SPI_OUT = 0xD1201D; private static final int TEST_SPI = 0xD1201D;
private static final int TEST_SPI_IN = TEST_SPI_OUT + 1;
private final String mRemoteAddr; private final String mDestinationAddr;
private final String mSourceAddr;
@Parameterized.Parameters @Parameterized.Parameters
public static Collection ipSecConfigs() { public static Collection ipSecConfigs() {
return Arrays.asList(new Object[][] {{"8.8.4.4"}, {"2601::10"}}); return Arrays.asList(new Object[][] {{"1.2.3.4", "8.8.4.4"}, {"2601::2", "2601::10"}});
} }
private static final byte[] AEAD_KEY = { private static final byte[] AEAD_KEY = {
@@ -96,11 +95,9 @@ public class IpSecServiceParameterizedTest {
private static final IpSecAlgorithm AEAD_ALGO = private static final IpSecAlgorithm AEAD_ALGO =
new IpSecAlgorithm(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, AEAD_KEY, 128); new IpSecAlgorithm(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, AEAD_KEY, 128);
private static final int[] DIRECTIONS = public IpSecServiceParameterizedTest(String sourceAddr, String destAddr) {
new int[] {IpSecTransform.DIRECTION_IN, IpSecTransform.DIRECTION_OUT}; mSourceAddr = sourceAddr;
mDestinationAddr = destAddr;
public IpSecServiceParameterizedTest(String remoteAddr) {
mRemoteAddr = remoteAddr;
} }
@Before @Before
@@ -116,44 +113,30 @@ public class IpSecServiceParameterizedTest {
@Test @Test
public void testIpSecServiceReserveSpi() throws Exception { public void testIpSecServiceReserveSpi() throws Exception {
when(mMockNetd.ipSecAllocateSpi( when(mMockNetd.ipSecAllocateSpi(anyInt(), anyString(), eq(mDestinationAddr), eq(TEST_SPI)))
anyInt(), .thenReturn(TEST_SPI);
eq(IpSecTransform.DIRECTION_OUT),
anyString(),
eq(mRemoteAddr),
eq(TEST_SPI_OUT)))
.thenReturn(TEST_SPI_OUT);
IpSecSpiResponse spiResp = IpSecSpiResponse spiResp =
mIpSecService.allocateSecurityParameterIndex( mIpSecService.allocateSecurityParameterIndex(
IpSecTransform.DIRECTION_OUT, mRemoteAddr, TEST_SPI_OUT, new Binder()); mDestinationAddr, TEST_SPI, new Binder());
assertEquals(IpSecManager.Status.OK, spiResp.status); assertEquals(IpSecManager.Status.OK, spiResp.status);
assertEquals(TEST_SPI_OUT, spiResp.spi); assertEquals(TEST_SPI, spiResp.spi);
} }
@Test @Test
public void testReleaseSecurityParameterIndex() throws Exception { public void testReleaseSecurityParameterIndex() throws Exception {
when(mMockNetd.ipSecAllocateSpi( when(mMockNetd.ipSecAllocateSpi(anyInt(), anyString(), eq(mDestinationAddr), eq(TEST_SPI)))
anyInt(), .thenReturn(TEST_SPI);
eq(IpSecTransform.DIRECTION_OUT),
anyString(),
eq(mRemoteAddr),
eq(TEST_SPI_OUT)))
.thenReturn(TEST_SPI_OUT);
IpSecSpiResponse spiResp = IpSecSpiResponse spiResp =
mIpSecService.allocateSecurityParameterIndex( mIpSecService.allocateSecurityParameterIndex(
IpSecTransform.DIRECTION_OUT, mRemoteAddr, TEST_SPI_OUT, new Binder()); mDestinationAddr, TEST_SPI, new Binder());
mIpSecService.releaseSecurityParameterIndex(spiResp.resourceId); mIpSecService.releaseSecurityParameterIndex(spiResp.resourceId);
verify(mMockNetd) verify(mMockNetd)
.ipSecDeleteSecurityAssociation( .ipSecDeleteSecurityAssociation(
eq(spiResp.resourceId), eq(spiResp.resourceId), anyString(), anyString(), eq(TEST_SPI));
anyInt(),
anyString(),
anyString(),
eq(TEST_SPI_OUT));
// Verify quota and RefcountedResource objects cleaned up // Verify quota and RefcountedResource objects cleaned up
IpSecService.UserRecord userRecord = IpSecService.UserRecord userRecord =
@@ -169,17 +152,12 @@ public class IpSecServiceParameterizedTest {
@Test @Test
public void testSecurityParameterIndexBinderDeath() throws Exception { public void testSecurityParameterIndexBinderDeath() throws Exception {
when(mMockNetd.ipSecAllocateSpi( when(mMockNetd.ipSecAllocateSpi(anyInt(), anyString(), eq(mDestinationAddr), eq(TEST_SPI)))
anyInt(), .thenReturn(TEST_SPI);
eq(IpSecTransform.DIRECTION_OUT),
anyString(),
eq(mRemoteAddr),
eq(TEST_SPI_OUT)))
.thenReturn(TEST_SPI_OUT);
IpSecSpiResponse spiResp = IpSecSpiResponse spiResp =
mIpSecService.allocateSecurityParameterIndex( mIpSecService.allocateSecurityParameterIndex(
IpSecTransform.DIRECTION_OUT, mRemoteAddr, TEST_SPI_OUT, new Binder()); mDestinationAddr, TEST_SPI, new Binder());
IpSecService.UserRecord userRecord = IpSecService.UserRecord userRecord =
mIpSecService.mUserResourceTracker.getUserRecord(Os.getuid()); mIpSecService.mUserResourceTracker.getUserRecord(Os.getuid());
@@ -190,11 +168,7 @@ public class IpSecServiceParameterizedTest {
verify(mMockNetd) verify(mMockNetd)
.ipSecDeleteSecurityAssociation( .ipSecDeleteSecurityAssociation(
eq(spiResp.resourceId), eq(spiResp.resourceId), anyString(), anyString(), eq(TEST_SPI));
anyInt(),
anyString(),
anyString(),
eq(TEST_SPI_OUT));
// Verify quota and RefcountedResource objects cleaned up // Verify quota and RefcountedResource objects cleaned up
assertEquals(0, userRecord.mSpiQuotaTracker.mCurrent); assertEquals(0, userRecord.mSpiQuotaTracker.mCurrent);
@@ -206,14 +180,12 @@ public class IpSecServiceParameterizedTest {
} }
} }
private int getNewSpiResourceId(int direction, String remoteAddress, int returnSpi) private int getNewSpiResourceId(String remoteAddress, int returnSpi) throws Exception {
throws Exception { when(mMockNetd.ipSecAllocateSpi(anyInt(), anyString(), anyString(), anyInt()))
when(mMockNetd.ipSecAllocateSpi(anyInt(), anyInt(), anyString(), anyString(), anyInt()))
.thenReturn(returnSpi); .thenReturn(returnSpi);
IpSecSpiResponse spi = IpSecSpiResponse spi =
mIpSecService.allocateSecurityParameterIndex( mIpSecService.allocateSecurityParameterIndex(
direction,
NetworkUtils.numericToInetAddress(remoteAddress).getHostAddress(), NetworkUtils.numericToInetAddress(remoteAddress).getHostAddress(),
IpSecManager.INVALID_SECURITY_PARAMETER_INDEX, IpSecManager.INVALID_SECURITY_PARAMETER_INDEX,
new Binder()); new Binder());
@@ -221,20 +193,14 @@ public class IpSecServiceParameterizedTest {
} }
private void addDefaultSpisAndRemoteAddrToIpSecConfig(IpSecConfig config) throws Exception { private void addDefaultSpisAndRemoteAddrToIpSecConfig(IpSecConfig config) throws Exception {
config.setSpiResourceId( config.setSpiResourceId(getNewSpiResourceId(mDestinationAddr, TEST_SPI));
IpSecTransform.DIRECTION_OUT, config.setSourceAddress(mSourceAddr);
getNewSpiResourceId(IpSecTransform.DIRECTION_OUT, mRemoteAddr, TEST_SPI_OUT)); config.setDestinationAddress(mDestinationAddr);
config.setSpiResourceId(
IpSecTransform.DIRECTION_IN,
getNewSpiResourceId(IpSecTransform.DIRECTION_IN, mRemoteAddr, TEST_SPI_IN));
config.setRemoteAddress(mRemoteAddr);
} }
private void addAuthAndCryptToIpSecConfig(IpSecConfig config) throws Exception { private void addAuthAndCryptToIpSecConfig(IpSecConfig config) throws Exception {
for (int direction : DIRECTIONS) { config.setEncryption(CRYPT_ALGO);
config.setEncryption(direction, CRYPT_ALGO); config.setAuthentication(AUTH_ALGO);
config.setAuthentication(direction, AUTH_ALGO);
}
} }
@Test @Test
@@ -251,32 +217,10 @@ public class IpSecServiceParameterizedTest {
.ipSecAddSecurityAssociation( .ipSecAddSecurityAssociation(
eq(createTransformResp.resourceId), eq(createTransformResp.resourceId),
anyInt(), anyInt(),
eq(IpSecTransform.DIRECTION_OUT),
anyString(), anyString(),
anyString(), anyString(),
anyLong(), anyLong(),
eq(TEST_SPI_OUT), eq(TEST_SPI),
eq(IpSecAlgorithm.AUTH_HMAC_SHA256),
eq(AUTH_KEY),
anyInt(),
eq(IpSecAlgorithm.CRYPT_AES_CBC),
eq(CRYPT_KEY),
anyInt(),
eq(""),
eq(new byte[] {}),
eq(0),
anyInt(),
anyInt(),
anyInt());
verify(mMockNetd)
.ipSecAddSecurityAssociation(
eq(createTransformResp.resourceId),
anyInt(),
eq(IpSecTransform.DIRECTION_IN),
anyString(),
anyString(),
anyLong(),
eq(TEST_SPI_IN),
eq(IpSecAlgorithm.AUTH_HMAC_SHA256), eq(IpSecAlgorithm.AUTH_HMAC_SHA256),
eq(AUTH_KEY), eq(AUTH_KEY),
anyInt(), anyInt(),
@@ -296,8 +240,7 @@ public class IpSecServiceParameterizedTest {
IpSecConfig ipSecConfig = new IpSecConfig(); IpSecConfig ipSecConfig = new IpSecConfig();
addDefaultSpisAndRemoteAddrToIpSecConfig(ipSecConfig); addDefaultSpisAndRemoteAddrToIpSecConfig(ipSecConfig);
ipSecConfig.setAuthenticatedEncryption(IpSecTransform.DIRECTION_OUT, AEAD_ALGO); ipSecConfig.setAuthenticatedEncryption(AEAD_ALGO);
ipSecConfig.setAuthenticatedEncryption(IpSecTransform.DIRECTION_IN, AEAD_ALGO);
IpSecTransformResponse createTransformResp = IpSecTransformResponse createTransformResp =
mIpSecService.createTransportModeTransform(ipSecConfig, new Binder()); mIpSecService.createTransportModeTransform(ipSecConfig, new Binder());
@@ -307,32 +250,10 @@ public class IpSecServiceParameterizedTest {
.ipSecAddSecurityAssociation( .ipSecAddSecurityAssociation(
eq(createTransformResp.resourceId), eq(createTransformResp.resourceId),
anyInt(), anyInt(),
eq(IpSecTransform.DIRECTION_OUT),
anyString(), anyString(),
anyString(), anyString(),
anyLong(), anyLong(),
eq(TEST_SPI_OUT), eq(TEST_SPI),
eq(""),
eq(new byte[] {}),
eq(0),
eq(""),
eq(new byte[] {}),
eq(0),
eq(IpSecAlgorithm.AUTH_CRYPT_AES_GCM),
eq(AEAD_KEY),
anyInt(),
anyInt(),
anyInt(),
anyInt());
verify(mMockNetd)
.ipSecAddSecurityAssociation(
eq(createTransformResp.resourceId),
anyInt(),
eq(IpSecTransform.DIRECTION_IN),
anyString(),
anyString(),
anyLong(),
eq(TEST_SPI_IN),
eq(""), eq(""),
eq(new byte[] {}), eq(new byte[] {}),
eq(0), eq(0),
@@ -359,18 +280,7 @@ public class IpSecServiceParameterizedTest {
verify(mMockNetd) verify(mMockNetd)
.ipSecDeleteSecurityAssociation( .ipSecDeleteSecurityAssociation(
eq(createTransformResp.resourceId), eq(createTransformResp.resourceId), anyString(), anyString(), eq(TEST_SPI));
eq(IpSecTransform.DIRECTION_OUT),
anyString(),
anyString(),
eq(TEST_SPI_OUT));
verify(mMockNetd)
.ipSecDeleteSecurityAssociation(
eq(createTransformResp.resourceId),
eq(IpSecTransform.DIRECTION_IN),
anyString(),
anyString(),
eq(TEST_SPI_IN));
// Verify quota and RefcountedResource objects cleaned up // Verify quota and RefcountedResource objects cleaned up
IpSecService.UserRecord userRecord = IpSecService.UserRecord userRecord =
@@ -404,18 +314,7 @@ public class IpSecServiceParameterizedTest {
verify(mMockNetd) verify(mMockNetd)
.ipSecDeleteSecurityAssociation( .ipSecDeleteSecurityAssociation(
eq(createTransformResp.resourceId), eq(createTransformResp.resourceId), anyString(), anyString(), eq(TEST_SPI));
eq(IpSecTransform.DIRECTION_OUT),
anyString(),
anyString(),
eq(TEST_SPI_OUT));
verify(mMockNetd)
.ipSecDeleteSecurityAssociation(
eq(createTransformResp.resourceId),
eq(IpSecTransform.DIRECTION_IN),
anyString(),
anyString(),
eq(TEST_SPI_IN));
// Verify quota and RefcountedResource objects cleaned up // Verify quota and RefcountedResource objects cleaned up
assertEquals(0, userRecord.mTransformQuotaTracker.mCurrent); assertEquals(0, userRecord.mTransformQuotaTracker.mCurrent);
@@ -439,30 +338,22 @@ public class IpSecServiceParameterizedTest {
ParcelFileDescriptor pfd = ParcelFileDescriptor.fromSocket(new Socket()); ParcelFileDescriptor pfd = ParcelFileDescriptor.fromSocket(new Socket());
int resourceId = createTransformResp.resourceId; int resourceId = createTransformResp.resourceId;
mIpSecService.applyTransportModeTransform(pfd, resourceId); mIpSecService.applyTransportModeTransform(pfd, IpSecManager.DIRECTION_OUT, resourceId);
verify(mMockNetd) verify(mMockNetd)
.ipSecApplyTransportModeTransform( .ipSecApplyTransportModeTransform(
eq(pfd.getFileDescriptor()), eq(pfd.getFileDescriptor()),
eq(resourceId), eq(resourceId),
eq(IpSecTransform.DIRECTION_OUT), eq(IpSecManager.DIRECTION_OUT),
anyString(), anyString(),
anyString(), anyString(),
eq(TEST_SPI_OUT)); eq(TEST_SPI));
verify(mMockNetd)
.ipSecApplyTransportModeTransform(
eq(pfd.getFileDescriptor()),
eq(resourceId),
eq(IpSecTransform.DIRECTION_IN),
anyString(),
anyString(),
eq(TEST_SPI_IN));
} }
@Test @Test
public void testRemoveTransportModeTransform() throws Exception { public void testRemoveTransportModeTransform() throws Exception {
ParcelFileDescriptor pfd = ParcelFileDescriptor.fromSocket(new Socket()); ParcelFileDescriptor pfd = ParcelFileDescriptor.fromSocket(new Socket());
mIpSecService.removeTransportModeTransform(pfd, 1); mIpSecService.removeTransportModeTransforms(pfd, 1);
verify(mMockNetd).ipSecRemoveTransportModeTransform(pfd.getFileDescriptor()); verify(mMockNetd).ipSecRemoveTransportModeTransform(pfd.getFileDescriptor());
} }

123
tests/net/java/com/android/server/IpSecServiceTest.java
View File

@@ -105,9 +105,6 @@ public class IpSecServiceTest {
private static final IpSecAlgorithm AEAD_ALGO = private static final IpSecAlgorithm AEAD_ALGO =
new IpSecAlgorithm(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, AEAD_KEY, 128); new IpSecAlgorithm(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, AEAD_KEY, 128);
private static final int[] DIRECTIONS =
new int[] {IpSecTransform.DIRECTION_IN, IpSecTransform.DIRECTION_OUT};
static { static {
try { try {
INADDR_ANY = InetAddress.getByAddress(new byte[] {0, 0, 0, 0}); INADDR_ANY = InetAddress.getByAddress(new byte[] {0, 0, 0, 0});
@@ -303,83 +300,75 @@ public class IpSecServiceTest {
@Test @Test
public void testValidateAlgorithmsAuth() { public void testValidateAlgorithmsAuth() {
for (int direction : DIRECTIONS) { // Validate that correct algorithm type succeeds
// Validate that correct algorithm type succeeds IpSecConfig config = new IpSecConfig();
IpSecConfig config = new IpSecConfig(); config.setAuthentication(AUTH_ALGO);
config.setAuthentication(direction, AUTH_ALGO); mIpSecService.validateAlgorithms(config);
mIpSecService.validateAlgorithms(config, direction);
// Validate that incorrect algorithm types fails // Validate that incorrect algorithm types fails
for (IpSecAlgorithm algo : new IpSecAlgorithm[] {CRYPT_ALGO, AEAD_ALGO}) { for (IpSecAlgorithm algo : new IpSecAlgorithm[] {CRYPT_ALGO, AEAD_ALGO}) {
try { try {
config = new IpSecConfig(); config = new IpSecConfig();
config.setAuthentication(direction, algo); config.setAuthentication(algo);
mIpSecService.validateAlgorithms(config, direction); mIpSecService.validateAlgorithms(config);
fail("Did not throw exception on invalid algorithm type"); fail("Did not throw exception on invalid algorithm type");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
}
} }
} }
} }
@Test @Test
public void testValidateAlgorithmsCrypt() { public void testValidateAlgorithmsCrypt() {
for (int direction : DIRECTIONS) { // Validate that correct algorithm type succeeds
// Validate that correct algorithm type succeeds IpSecConfig config = new IpSecConfig();
IpSecConfig config = new IpSecConfig(); config.setEncryption(CRYPT_ALGO);
config.setEncryption(direction, CRYPT_ALGO); mIpSecService.validateAlgorithms(config);
mIpSecService.validateAlgorithms(config, direction);
// Validate that incorrect algorithm types fails // Validate that incorrect algorithm types fails
for (IpSecAlgorithm algo : new IpSecAlgorithm[] {AUTH_ALGO, AEAD_ALGO}) { for (IpSecAlgorithm algo : new IpSecAlgorithm[] {AUTH_ALGO, AEAD_ALGO}) {
try { try {
config = new IpSecConfig(); config = new IpSecConfig();
config.setEncryption(direction, algo); config.setEncryption(algo);
mIpSecService.validateAlgorithms(config, direction); mIpSecService.validateAlgorithms(config);
fail("Did not throw exception on invalid algorithm type"); fail("Did not throw exception on invalid algorithm type");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
}
} }
} }
} }
@Test @Test
public void testValidateAlgorithmsAead() { public void testValidateAlgorithmsAead() {
for (int direction : DIRECTIONS) { // Validate that correct algorithm type succeeds
// Validate that correct algorithm type succeeds IpSecConfig config = new IpSecConfig();
IpSecConfig config = new IpSecConfig(); config.setAuthenticatedEncryption(AEAD_ALGO);
config.setAuthenticatedEncryption(direction, AEAD_ALGO); mIpSecService.validateAlgorithms(config);
mIpSecService.validateAlgorithms(config, direction);
// Validate that incorrect algorithm types fails // Validate that incorrect algorithm types fails
for (IpSecAlgorithm algo : new IpSecAlgorithm[] {AUTH_ALGO, CRYPT_ALGO}) { for (IpSecAlgorithm algo : new IpSecAlgorithm[] {AUTH_ALGO, CRYPT_ALGO}) {
try { try {
config = new IpSecConfig(); config = new IpSecConfig();
config.setAuthenticatedEncryption(direction, algo); config.setAuthenticatedEncryption(algo);
mIpSecService.validateAlgorithms(config, direction); mIpSecService.validateAlgorithms(config);
fail("Did not throw exception on invalid algorithm type"); fail("Did not throw exception on invalid algorithm type");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
}
} }
} }
} }
@Test @Test
public void testValidateAlgorithmsAuthCrypt() { public void testValidateAlgorithmsAuthCrypt() {
for (int direction : DIRECTIONS) { // Validate that correct algorithm type succeeds
// Validate that correct algorithm type succeeds IpSecConfig config = new IpSecConfig();
IpSecConfig config = new IpSecConfig(); config.setAuthentication(AUTH_ALGO);
config.setAuthentication(direction, AUTH_ALGO); config.setEncryption(CRYPT_ALGO);
config.setEncryption(direction, CRYPT_ALGO); mIpSecService.validateAlgorithms(config);
mIpSecService.validateAlgorithms(config, direction);
}
} }
@Test @Test
public void testValidateAlgorithmsNoAlgorithms() { public void testValidateAlgorithmsNoAlgorithms() {
IpSecConfig config = new IpSecConfig(); IpSecConfig config = new IpSecConfig();
try { try {
mIpSecService.validateAlgorithms(config, IpSecTransform.DIRECTION_IN); mIpSecService.validateAlgorithms(config);
fail("Expected exception; no algorithms specified"); fail("Expected exception; no algorithms specified");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
} }
@@ -388,10 +377,10 @@ public class IpSecServiceTest {
@Test @Test
public void testValidateAlgorithmsAeadWithAuth() { public void testValidateAlgorithmsAeadWithAuth() {
IpSecConfig config = new IpSecConfig(); IpSecConfig config = new IpSecConfig();
config.setAuthenticatedEncryption(IpSecTransform.DIRECTION_IN, AEAD_ALGO); config.setAuthenticatedEncryption(AEAD_ALGO);
config.setAuthentication(IpSecTransform.DIRECTION_IN, AUTH_ALGO); config.setAuthentication(AUTH_ALGO);
try { try {
mIpSecService.validateAlgorithms(config, IpSecTransform.DIRECTION_IN); mIpSecService.validateAlgorithms(config);
fail("Expected exception; both AEAD and auth algorithm specified"); fail("Expected exception; both AEAD and auth algorithm specified");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
} }
@@ -400,10 +389,10 @@ public class IpSecServiceTest {
@Test @Test
public void testValidateAlgorithmsAeadWithCrypt() { public void testValidateAlgorithmsAeadWithCrypt() {
IpSecConfig config = new IpSecConfig(); IpSecConfig config = new IpSecConfig();
config.setAuthenticatedEncryption(IpSecTransform.DIRECTION_IN, AEAD_ALGO); config.setAuthenticatedEncryption(AEAD_ALGO);
config.setEncryption(IpSecTransform.DIRECTION_IN, CRYPT_ALGO); config.setEncryption(CRYPT_ALGO);
try { try {
mIpSecService.validateAlgorithms(config, IpSecTransform.DIRECTION_IN); mIpSecService.validateAlgorithms(config);
fail("Expected exception; both AEAD and crypt algorithm specified"); fail("Expected exception; both AEAD and crypt algorithm specified");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
} }
@@ -412,11 +401,11 @@ public class IpSecServiceTest {
@Test @Test
public void testValidateAlgorithmsAeadWithAuthAndCrypt() { public void testValidateAlgorithmsAeadWithAuthAndCrypt() {
IpSecConfig config = new IpSecConfig(); IpSecConfig config = new IpSecConfig();
config.setAuthenticatedEncryption(IpSecTransform.DIRECTION_IN, AEAD_ALGO); config.setAuthenticatedEncryption(AEAD_ALGO);
config.setAuthentication(IpSecTransform.DIRECTION_IN, AUTH_ALGO); config.setAuthentication(AUTH_ALGO);
config.setEncryption(IpSecTransform.DIRECTION_IN, CRYPT_ALGO); config.setEncryption(CRYPT_ALGO);
try { try {
mIpSecService.validateAlgorithms(config, IpSecTransform.DIRECTION_IN); mIpSecService.validateAlgorithms(config);
fail("Expected exception; AEAD, auth and crypt algorithm specified"); fail("Expected exception; AEAD, auth and crypt algorithm specified");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
} }
@@ -434,7 +423,7 @@ public class IpSecServiceTest {
@Test @Test
public void testRemoveTransportModeTransform() throws Exception { public void testRemoveTransportModeTransform() throws Exception {
ParcelFileDescriptor pfd = ParcelFileDescriptor.fromSocket(new Socket()); ParcelFileDescriptor pfd = ParcelFileDescriptor.fromSocket(new Socket());
mIpSecService.removeTransportModeTransform(pfd, 1); mIpSecService.removeTransportModeTransforms(pfd, 1);
verify(mMockNetd).ipSecRemoveTransportModeTransform(pfd.getFileDescriptor()); verify(mMockNetd).ipSecRemoveTransportModeTransform(pfd.getFileDescriptor());
} }
@@ -447,7 +436,7 @@ public class IpSecServiceTest {
try { try {
IpSecSpiResponse spiResp = IpSecSpiResponse spiResp =
mIpSecService.allocateSecurityParameterIndex( mIpSecService.allocateSecurityParameterIndex(
IpSecTransform.DIRECTION_OUT, address, DROID_SPI, new Binder()); address, DROID_SPI, new Binder());
fail("Invalid address was passed through IpSecService validation: " + address); fail("Invalid address was passed through IpSecService validation: " + address);
} catch (IllegalArgumentException e) { } catch (IllegalArgumentException e) {
} catch (Exception e) { } catch (Exception e) {
@@ -519,7 +508,6 @@ public class IpSecServiceTest {
// tracks the resource ID. // tracks the resource ID.
when(mMockNetd.ipSecAllocateSpi( when(mMockNetd.ipSecAllocateSpi(
anyInt(), anyInt(),
eq(IpSecTransform.DIRECTION_OUT),
anyString(), anyString(),
eq(InetAddress.getLoopbackAddress().getHostAddress()), eq(InetAddress.getLoopbackAddress().getHostAddress()),
anyInt())) anyInt()))
@@ -528,7 +516,6 @@ public class IpSecServiceTest {
for (int i = 0; i < MAX_NUM_SPIS; i++) { for (int i = 0; i < MAX_NUM_SPIS; i++) {
IpSecSpiResponse newSpi = IpSecSpiResponse newSpi =
mIpSecService.allocateSecurityParameterIndex( mIpSecService.allocateSecurityParameterIndex(
0x1,
InetAddress.getLoopbackAddress().getHostAddress(), InetAddress.getLoopbackAddress().getHostAddress(),
DROID_SPI + i, DROID_SPI + i,
new Binder()); new Binder());
@@ -544,7 +531,6 @@ public class IpSecServiceTest {
// Try to reserve one more SPI, and should fail. // Try to reserve one more SPI, and should fail.
IpSecSpiResponse extraSpi = IpSecSpiResponse extraSpi =
mIpSecService.allocateSecurityParameterIndex( mIpSecService.allocateSecurityParameterIndex(
0x1,
InetAddress.getLoopbackAddress().getHostAddress(), InetAddress.getLoopbackAddress().getHostAddress(),
DROID_SPI + MAX_NUM_SPIS, DROID_SPI + MAX_NUM_SPIS,
new Binder()); new Binder());
@@ -558,7 +544,6 @@ public class IpSecServiceTest {
// Should successfully reserve one more spi. // Should successfully reserve one more spi.
extraSpi = extraSpi =
mIpSecService.allocateSecurityParameterIndex( mIpSecService.allocateSecurityParameterIndex(
0x1,
InetAddress.getLoopbackAddress().getHostAddress(), InetAddress.getLoopbackAddress().getHostAddress(),
DROID_SPI + MAX_NUM_SPIS, DROID_SPI + MAX_NUM_SPIS,
new Binder()); new Binder());