From 7fc961f929fca60ff8ded2140ae662c2273da983 Mon Sep 17 00:00:00 2001 From: Benedict Wong Date: Thu, 15 Mar 2018 18:17:22 -0700 Subject: [PATCH] Add tests where only auth or crypt are enabled This patch adds tests for cases where only auth or crypt are enabled. These cases are supported, and this patch adds test coverage. Bug: 75049573 Test: this, run on walleye Merged-In: I656d9c4a86c13ce4928d6bd68a9e0d48cf805191 Change-Id: I656d9c4a86c13ce4928d6bd68a9e0d48cf805191 (cherry picked from commit 69517633288bac80d31f53720b2837b261926485) --- .../src/android/net/cts/IpSecManagerTest.java | 138 ++++++++++++++++-- 1 file changed, 125 insertions(+), 13 deletions(-) diff --git a/tests/cts/net/src/android/net/cts/IpSecManagerTest.java b/tests/cts/net/src/android/net/cts/IpSecManagerTest.java index 0ef379292c..7c09e41878 100644 --- a/tests/cts/net/src/android/net/cts/IpSecManagerTest.java +++ b/tests/cts/net/src/android/net/cts/IpSecManagerTest.java @@ -464,6 +464,38 @@ public class IpSecManagerTest extends AndroidTestCase { } } + private int getTruncLenBits(IpSecAlgorithm auth) { + return auth == null ? 0 : auth.getTruncationLengthBits(); + } + + private int getIvLen(IpSecAlgorithm crypt) { + if (crypt == null) { + return 0; + } + + switch (crypt.getName()) { + case IpSecAlgorithm.CRYPT_AES_CBC: + return AES_CBC_IV_LEN; + default: + throw new IllegalArgumentException( + "IV length unknown for algorithm" + crypt.getName()); + } + } + + private int getBlkSize(IpSecAlgorithm crypt) { + if (crypt == null) { + return 4; + } + + switch (crypt.getName()) { + case IpSecAlgorithm.CRYPT_AES_CBC: + return AES_CBC_BLK_SIZE; + default: + throw new IllegalArgumentException( + "Blk size unknown for algorithm" + crypt.getName()); + } + } + /** Helper function to calculate expected ESP packet size. */ private int calculateEspPacketSize( int payloadLen, int cryptIvLength, int cryptBlockSize, int authTruncLen) { @@ -477,11 +509,6 @@ public class IpSecManagerTest extends AndroidTestCase { return payloadLen + ESP_HDRLEN + ICV_LEN; } - /** Helper function to calculate expected ESP packet size using AES-CBC encryption. */ - private int calculateAesCbcEspPacketSizeWithAuth(int payloadLen, int authTruncLen) { - return calculateEspPacketSize(payloadLen, AES_CBC_IV_LEN, AES_CBC_BLK_SIZE, authTruncLen); - } - public void checkTransform( int protocol, String localAddress, @@ -498,10 +525,13 @@ public class IpSecManagerTest extends AndroidTestCase { IpSecManager.SecurityParameterIndex spi = mISM.allocateSecurityParameterIndex(local)) { - IpSecTransform.Builder transformBuilder = - new IpSecTransform.Builder(mContext) - .setEncryption(crypt) - .setAuthentication(auth); + IpSecTransform.Builder transformBuilder = new IpSecTransform.Builder(mContext); + if (crypt != null) { + transformBuilder.setEncryption(crypt); + } + if (auth != null) { + transformBuilder.setAuthentication(auth); + } if (doUdpEncap) { transformBuilder = @@ -533,7 +563,9 @@ public class IpSecManagerTest extends AndroidTestCase { transportHdrLen, udpEncapLen, sendCount, - auth.getTruncationLengthBits()); + getIvLen(crypt), + getBlkSize(crypt), + getTruncLenBits(auth)); } } @@ -543,13 +575,15 @@ public class IpSecManagerTest extends AndroidTestCase { int transportHdrLen, int udpEncapLen, int sendCount, + int ivLen, + int blkSize, int truncLenBits) throws Exception { int innerPacketSize = TEST_DATA.length + transportHdrLen + ipHdrLen; int outerPacketSize = - calculateAesCbcEspPacketSizeWithAuth( - TEST_DATA.length + transportHdrLen, truncLenBits) + calculateEspPacketSize( + TEST_DATA.length + transportHdrLen, ivLen, blkSize, truncLenBits) + udpEncapLen + ipHdrLen; @@ -560,7 +594,7 @@ public class IpSecManagerTest extends AndroidTestCase { // Add TCP ACKs for data packets if (protocol == IPPROTO_TCP) { int encryptedTcpPktSize = - calculateAesCbcEspPacketSizeWithAuth(TCP_HDRLEN_WITH_OPTIONS, truncLenBits); + calculateEspPacketSize(TCP_HDRLEN_WITH_OPTIONS, ivLen, blkSize, truncLenBits); // Each run sends two packets, one in each direction. sendCount *= 2; @@ -898,6 +932,84 @@ public class IpSecManagerTest extends AndroidTestCase { checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, true, 1, false); } + public void testCryptUdp4() throws Exception { + IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, null, false, 1, false); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, null, false, 1, true); + } + + public void testAuthUdp4() throws Exception { + IpSecAlgorithm auth = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, auth, false, 1, false); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, auth, false, 1, true); + } + + public void testCryptUdp6() throws Exception { + IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); + checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, null, false, 1, false); + checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, null, false, 1, true); + } + + public void testAuthUdp6() throws Exception { + IpSecAlgorithm auth = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128); + checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, null, auth, false, 1, false); + checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, null, auth, false, 1, true); + } + + public void testCryptTcp4() throws Exception { + IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, null, false, 1, false); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, null, false, 1, true); + } + + public void testAuthTcp4() throws Exception { + IpSecAlgorithm auth = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, auth, false, 1, false); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, auth, false, 1, true); + } + + public void testCryptTcp6() throws Exception { + IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); + checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, null, false, 1, false); + checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, null, false, 1, true); + } + + public void testAuthTcp6() throws Exception { + IpSecAlgorithm auth = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128); + checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, null, auth, false, 1, false); + checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, null, auth, false, 1, true); + } + + public void testCryptUdp4UdpEncap() throws Exception { + IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, null, true, 1, false); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, null, true, 1, true); + } + + public void testAuthUdp4UdpEncap() throws Exception { + IpSecAlgorithm auth = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, auth, true, 1, false); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, auth, true, 1, true); + } + + public void testCryptTcp4UdpEncap() throws Exception { + IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, null, true, 1, false); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, null, true, 1, true); + } + + public void testAuthTcp4UdpEncap() throws Exception { + IpSecAlgorithm auth = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, auth, true, 1, false); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, auth, true, 1, true); + } + public void testOpenUdpEncapSocketSpecificPort() throws Exception { IpSecManager.UdpEncapsulationSocket encapSocket = null; int port = -1;