Merge changes I00d1aa47,Icffbe67f into sc-dev
* changes: Add CTS for AES-CMAC Add tests for new IPsec algorithms in IpSecManagerTest
This commit is contained in:
TreeHugger Robot
committed by
Android (Google) Code Review
Android (Google) Code Review
commit
c056232f0e
@@ -16,6 +16,14 @@
|
||||
|
||||
package android.net.cts;
|
||||
|
||||
import static android.net.IpSecAlgorithm.AUTH_CRYPT_AES_GCM;
|
||||
import static android.net.IpSecAlgorithm.AUTH_HMAC_MD5;
|
||||
import static android.net.IpSecAlgorithm.AUTH_HMAC_SHA1;
|
||||
import static android.net.IpSecAlgorithm.AUTH_HMAC_SHA256;
|
||||
import static android.net.IpSecAlgorithm.AUTH_HMAC_SHA384;
|
||||
import static android.net.IpSecAlgorithm.AUTH_HMAC_SHA512;
|
||||
import static android.net.IpSecAlgorithm.CRYPT_AES_CBC;
|
||||
|
||||
import static org.junit.Assert.assertArrayEquals;
|
||||
|
||||
import android.content.Context;
|
||||
@@ -31,6 +39,12 @@ import android.util.Log;
|
||||
import androidx.test.InstrumentationRegistry;
|
||||
import androidx.test.runner.AndroidJUnit4;
|
||||
|
||||
import com.android.modules.utils.build.SdkLevel;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
|
||||
import java.io.FileDescriptor;
|
||||
import java.io.IOException;
|
||||
import java.net.DatagramPacket;
|
||||
@@ -42,12 +56,10 @@ import java.net.ServerSocket;
|
||||
import java.net.Socket;
|
||||
import java.net.SocketException;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
import java.util.concurrent.atomic.AtomicInteger;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
|
||||
@RunWith(AndroidJUnit4.class)
|
||||
public class IpSecBaseTest {
|
||||
|
||||
@@ -71,6 +83,18 @@ public class IpSecBaseTest {
|
||||
0x20, 0x21, 0x22, 0x23
|
||||
};
|
||||
|
||||
private static final Set<String> MANDATORY_IPSEC_ALGOS_SINCE_P = new HashSet<>();
|
||||
|
||||
static {
|
||||
MANDATORY_IPSEC_ALGOS_SINCE_P.add(CRYPT_AES_CBC);
|
||||
MANDATORY_IPSEC_ALGOS_SINCE_P.add(AUTH_HMAC_MD5);
|
||||
MANDATORY_IPSEC_ALGOS_SINCE_P.add(AUTH_HMAC_SHA1);
|
||||
MANDATORY_IPSEC_ALGOS_SINCE_P.add(AUTH_HMAC_SHA256);
|
||||
MANDATORY_IPSEC_ALGOS_SINCE_P.add(AUTH_HMAC_SHA384);
|
||||
MANDATORY_IPSEC_ALGOS_SINCE_P.add(AUTH_HMAC_SHA512);
|
||||
MANDATORY_IPSEC_ALGOS_SINCE_P.add(AUTH_CRYPT_AES_GCM);
|
||||
}
|
||||
|
||||
protected static final byte[] AUTH_KEY = getKey(256);
|
||||
protected static final byte[] CRYPT_KEY = getKey(256);
|
||||
|
||||
@@ -89,8 +113,24 @@ public class IpSecBaseTest {
|
||||
.getSystemService(Context.CONNECTIVITY_SERVICE);
|
||||
}
|
||||
|
||||
/** Checks if an IPsec algorithm is enabled on the device */
|
||||
protected static boolean hasIpSecAlgorithm(String algorithm) {
|
||||
if (SdkLevel.isAtLeastS()) {
|
||||
return IpSecAlgorithm.getSupportedAlgorithms().contains(algorithm);
|
||||
} else {
|
||||
return MANDATORY_IPSEC_ALGOS_SINCE_P.contains(algorithm);
|
||||
}
|
||||
}
|
||||
|
||||
protected static byte[] getKeyBytes(int byteLength) {
|
||||
return Arrays.copyOf(KEY_DATA, byteLength);
|
||||
}
|
||||
|
||||
protected static byte[] getKey(int bitLength) {
|
||||
return Arrays.copyOf(KEY_DATA, bitLength / 8);
|
||||
if (bitLength % 8 != 0) {
|
||||
throw new IllegalArgumentException("Invalid key length in bits" + bitLength);
|
||||
}
|
||||
return getKeyBytes(bitLength / 8);
|
||||
}
|
||||
|
||||
protected static int getDomain(InetAddress address) {
|
||||
|
||||
@@ -16,10 +16,33 @@
|
||||
|
||||
package android.net.cts;
|
||||
|
||||
import static android.net.IpSecAlgorithm.AUTH_AES_CMAC;
|
||||
import static android.net.IpSecAlgorithm.AUTH_AES_XCBC;
|
||||
import static android.net.IpSecAlgorithm.AUTH_CRYPT_AES_GCM;
|
||||
import static android.net.IpSecAlgorithm.AUTH_CRYPT_CHACHA20_POLY1305;
|
||||
import static android.net.IpSecAlgorithm.AUTH_HMAC_MD5;
|
||||
import static android.net.IpSecAlgorithm.AUTH_HMAC_SHA1;
|
||||
import static android.net.IpSecAlgorithm.AUTH_HMAC_SHA256;
|
||||
import static android.net.IpSecAlgorithm.AUTH_HMAC_SHA384;
|
||||
import static android.net.IpSecAlgorithm.AUTH_HMAC_SHA512;
|
||||
import static android.net.IpSecAlgorithm.CRYPT_AES_CBC;
|
||||
import static android.net.IpSecAlgorithm.CRYPT_AES_CTR;
|
||||
import static android.net.cts.PacketUtils.AES_CBC_BLK_SIZE;
|
||||
import static android.net.cts.PacketUtils.AES_CBC_IV_LEN;
|
||||
import static android.net.cts.PacketUtils.AES_CMAC_ICV_LEN;
|
||||
import static android.net.cts.PacketUtils.AES_CMAC_KEY_LEN;
|
||||
import static android.net.cts.PacketUtils.AES_CTR_BLK_SIZE;
|
||||
import static android.net.cts.PacketUtils.AES_CTR_IV_LEN;
|
||||
import static android.net.cts.PacketUtils.AES_CTR_KEY_LEN;
|
||||
import static android.net.cts.PacketUtils.AES_GCM_BLK_SIZE;
|
||||
import static android.net.cts.PacketUtils.AES_GCM_IV_LEN;
|
||||
import static android.net.cts.PacketUtils.AES_XCBC_ICV_LEN;
|
||||
import static android.net.cts.PacketUtils.AES_XCBC_KEY_LEN;
|
||||
import static android.net.cts.PacketUtils.CHACHA20_POLY1305_BLK_SIZE;
|
||||
import static android.net.cts.PacketUtils.CHACHA20_POLY1305_ICV_LEN;
|
||||
import static android.net.cts.PacketUtils.CHACHA20_POLY1305_IV_LEN;
|
||||
import static android.net.cts.PacketUtils.HMAC_SHA512_ICV_LEN;
|
||||
import static android.net.cts.PacketUtils.HMAC_SHA512_KEY_LEN;
|
||||
import static android.net.cts.PacketUtils.IP4_HDRLEN;
|
||||
import static android.net.cts.PacketUtils.IP6_HDRLEN;
|
||||
import static android.net.cts.PacketUtils.TCP_HDRLEN_WITH_TIMESTAMP_OPT;
|
||||
@@ -27,15 +50,20 @@ import static android.net.cts.PacketUtils.UDP_HDRLEN;
|
||||
import static android.system.OsConstants.IPPROTO_TCP;
|
||||
import static android.system.OsConstants.IPPROTO_UDP;
|
||||
|
||||
import static com.android.compatibility.common.util.PropertyUtil.getFirstApiLevel;
|
||||
import static com.android.compatibility.common.util.PropertyUtil.getVendorApiLevel;
|
||||
|
||||
import static org.junit.Assert.assertArrayEquals;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.junit.Assert.fail;
|
||||
import static org.junit.Assume.assumeTrue;
|
||||
|
||||
import android.net.IpSecAlgorithm;
|
||||
import android.net.IpSecManager;
|
||||
import android.net.IpSecTransform;
|
||||
import android.net.TrafficStats;
|
||||
import android.os.Build;
|
||||
import android.platform.test.annotations.AppModeFull;
|
||||
import android.system.ErrnoException;
|
||||
import android.system.Os;
|
||||
@@ -44,8 +72,11 @@ import android.system.OsConstants;
|
||||
import androidx.test.InstrumentationRegistry;
|
||||
import androidx.test.runner.AndroidJUnit4;
|
||||
|
||||
import com.android.testutils.DevSdkIgnoreRule;
|
||||
import com.android.testutils.DevSdkIgnoreRule.IgnoreUpTo;
|
||||
import com.android.testutils.SkipPresubmit;
|
||||
|
||||
import org.junit.Rule;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
|
||||
@@ -56,10 +87,15 @@ import java.net.DatagramSocket;
|
||||
import java.net.Inet6Address;
|
||||
import java.net.InetAddress;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import java.util.Map.Entry;
|
||||
import java.util.Set;
|
||||
|
||||
@RunWith(AndroidJUnit4.class)
|
||||
@AppModeFull(reason = "Socket cannot bind in instant app mode")
|
||||
public class IpSecManagerTest extends IpSecBaseTest {
|
||||
@Rule public final DevSdkIgnoreRule ignoreRule = new DevSdkIgnoreRule();
|
||||
|
||||
private static final String TAG = IpSecManagerTest.class.getSimpleName();
|
||||
|
||||
@@ -417,8 +453,12 @@ public class IpSecManagerTest extends IpSecBaseTest {
|
||||
switch (cryptOrAead.getName()) {
|
||||
case IpSecAlgorithm.CRYPT_AES_CBC:
|
||||
return AES_CBC_IV_LEN;
|
||||
case IpSecAlgorithm.CRYPT_AES_CTR:
|
||||
return AES_CTR_IV_LEN;
|
||||
case IpSecAlgorithm.AUTH_CRYPT_AES_GCM:
|
||||
return AES_GCM_IV_LEN;
|
||||
case IpSecAlgorithm.AUTH_CRYPT_CHACHA20_POLY1305:
|
||||
return CHACHA20_POLY1305_IV_LEN;
|
||||
default:
|
||||
throw new IllegalArgumentException(
|
||||
"IV length unknown for algorithm" + cryptOrAead.getName());
|
||||
@@ -433,8 +473,12 @@ public class IpSecManagerTest extends IpSecBaseTest {
|
||||
switch (cryptOrAead.getName()) {
|
||||
case IpSecAlgorithm.CRYPT_AES_CBC:
|
||||
return AES_CBC_BLK_SIZE;
|
||||
case IpSecAlgorithm.CRYPT_AES_CTR:
|
||||
return AES_CTR_BLK_SIZE;
|
||||
case IpSecAlgorithm.AUTH_CRYPT_AES_GCM:
|
||||
return AES_GCM_BLK_SIZE;
|
||||
case IpSecAlgorithm.AUTH_CRYPT_CHACHA20_POLY1305:
|
||||
return CHACHA20_POLY1305_BLK_SIZE;
|
||||
default:
|
||||
throw new IllegalArgumentException(
|
||||
"Blk size unknown for algorithm" + cryptOrAead.getName());
|
||||
@@ -516,7 +560,6 @@ public class IpSecManagerTest extends IpSecBaseTest {
|
||||
int blkSize,
|
||||
int truncLenBits)
|
||||
throws Exception {
|
||||
|
||||
int innerPacketSize = TEST_DATA.length + transportHdrLen + ipHdrLen;
|
||||
int outerPacketSize =
|
||||
PacketUtils.calculateEspPacketSize(
|
||||
@@ -663,6 +706,41 @@ public class IpSecManagerTest extends IpSecBaseTest {
|
||||
// checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, true, 1000);
|
||||
// }
|
||||
|
||||
@IgnoreUpTo(Build.VERSION_CODES.R)
|
||||
@Test
|
||||
public void testGetSupportedAlgorithms() throws Exception {
|
||||
final Map<String, Integer> algoToRequiredMinSdk = new HashMap<>();
|
||||
algoToRequiredMinSdk.put(CRYPT_AES_CBC, Build.VERSION_CODES.P);
|
||||
algoToRequiredMinSdk.put(AUTH_HMAC_MD5, Build.VERSION_CODES.P);
|
||||
algoToRequiredMinSdk.put(AUTH_HMAC_SHA1, Build.VERSION_CODES.P);
|
||||
algoToRequiredMinSdk.put(AUTH_HMAC_SHA256, Build.VERSION_CODES.P);
|
||||
algoToRequiredMinSdk.put(AUTH_HMAC_SHA384, Build.VERSION_CODES.P);
|
||||
algoToRequiredMinSdk.put(AUTH_HMAC_SHA512, Build.VERSION_CODES.P);
|
||||
algoToRequiredMinSdk.put(AUTH_CRYPT_AES_GCM, Build.VERSION_CODES.P);
|
||||
|
||||
// TODO: b/170424293 Use Build.VERSION_CODES.S when is finalized
|
||||
algoToRequiredMinSdk.put(CRYPT_AES_CTR, Build.VERSION_CODES.R + 1);
|
||||
algoToRequiredMinSdk.put(AUTH_AES_CMAC, Build.VERSION_CODES.R + 1);
|
||||
algoToRequiredMinSdk.put(AUTH_AES_XCBC, Build.VERSION_CODES.R + 1);
|
||||
algoToRequiredMinSdk.put(AUTH_CRYPT_CHACHA20_POLY1305, Build.VERSION_CODES.R + 1);
|
||||
|
||||
final Set<String> supportedAlgos = IpSecAlgorithm.getSupportedAlgorithms();
|
||||
|
||||
// Verify all supported algorithms are valid
|
||||
for (String algo : supportedAlgos) {
|
||||
assertTrue("Found invalid algo " + algo, algoToRequiredMinSdk.keySet().contains(algo));
|
||||
}
|
||||
|
||||
// Verify all mandatory algorithms are supported
|
||||
for (Entry<String, Integer> entry : algoToRequiredMinSdk.entrySet()) {
|
||||
if (Math.min(getFirstApiLevel(), getVendorApiLevel()) >= entry.getValue()) {
|
||||
assertTrue(
|
||||
"Fail to support " + entry.getKey(),
|
||||
supportedAlgos.contains(entry.getKey()));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testInterfaceCountersUdp4() throws Exception {
|
||||
IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY);
|
||||
@@ -849,6 +927,152 @@ public class IpSecManagerTest extends IpSecBaseTest {
|
||||
checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, auth, null, false, 1, true);
|
||||
}
|
||||
|
||||
private static IpSecAlgorithm buildCryptAesCtr() throws Exception {
|
||||
return new IpSecAlgorithm(CRYPT_AES_CTR, getKeyBytes(AES_CTR_KEY_LEN));
|
||||
}
|
||||
|
||||
private static IpSecAlgorithm buildAuthHmacSha512() throws Exception {
|
||||
return new IpSecAlgorithm(
|
||||
AUTH_HMAC_SHA512, getKeyBytes(HMAC_SHA512_KEY_LEN), HMAC_SHA512_ICV_LEN * 8);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAesCtrHmacSha512Tcp4() throws Exception {
|
||||
assumeTrue(hasIpSecAlgorithm(CRYPT_AES_CTR));
|
||||
|
||||
final IpSecAlgorithm crypt = buildCryptAesCtr();
|
||||
final IpSecAlgorithm auth = buildAuthHmacSha512();
|
||||
checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, false, 1, false);
|
||||
checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, false, 1, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
@SkipPresubmit(reason = "b/186608065 - kernel 5.10 regression in TrafficStats with ipsec")
|
||||
public void testAesCtrHmacSha512Tcp6() throws Exception {
|
||||
assumeTrue(hasIpSecAlgorithm(CRYPT_AES_CTR));
|
||||
|
||||
final IpSecAlgorithm crypt = buildCryptAesCtr();
|
||||
final IpSecAlgorithm auth = buildAuthHmacSha512();
|
||||
checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, auth, null, false, 1, false);
|
||||
checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, auth, null, false, 1, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAesCtrHmacSha512Udp4() throws Exception {
|
||||
assumeTrue(hasIpSecAlgorithm(CRYPT_AES_CTR));
|
||||
|
||||
final IpSecAlgorithm crypt = buildCryptAesCtr();
|
||||
final IpSecAlgorithm auth = buildAuthHmacSha512();
|
||||
checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, false, 1, false);
|
||||
checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, false, 1, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAesCtrHmacSha512Udp6() throws Exception {
|
||||
assumeTrue(hasIpSecAlgorithm(CRYPT_AES_CTR));
|
||||
|
||||
final IpSecAlgorithm crypt = buildCryptAesCtr();
|
||||
final IpSecAlgorithm auth = buildAuthHmacSha512();
|
||||
checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, auth, null, false, 1, false);
|
||||
checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, auth, null, false, 1, true);
|
||||
}
|
||||
|
||||
private static IpSecAlgorithm buildCryptAesCbc() throws Exception {
|
||||
return new IpSecAlgorithm(CRYPT_AES_CBC, CRYPT_KEY);
|
||||
}
|
||||
|
||||
private static IpSecAlgorithm buildAuthAesXcbc() throws Exception {
|
||||
return new IpSecAlgorithm(
|
||||
AUTH_AES_XCBC, getKeyBytes(AES_XCBC_KEY_LEN), AES_XCBC_ICV_LEN * 8);
|
||||
}
|
||||
|
||||
private static IpSecAlgorithm buildAuthAesCmac() throws Exception {
|
||||
return new IpSecAlgorithm(
|
||||
AUTH_AES_CMAC, getKeyBytes(AES_CMAC_KEY_LEN), AES_CMAC_ICV_LEN * 8);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAesCbcAesXCbcTcp4() throws Exception {
|
||||
assumeTrue(hasIpSecAlgorithm(AUTH_AES_XCBC));
|
||||
|
||||
final IpSecAlgorithm crypt = buildCryptAesCbc();
|
||||
final IpSecAlgorithm auth = buildAuthAesXcbc();
|
||||
checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, false, 1, false);
|
||||
checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, false, 1, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
@SkipPresubmit(reason = "b/186608065 - kernel 5.10 regression in TrafficStats with ipsec")
|
||||
public void testAesCbcAesXCbcTcp6() throws Exception {
|
||||
assumeTrue(hasIpSecAlgorithm(AUTH_AES_XCBC));
|
||||
|
||||
final IpSecAlgorithm crypt = buildCryptAesCbc();
|
||||
final IpSecAlgorithm auth = buildAuthAesXcbc();
|
||||
checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, auth, null, false, 1, false);
|
||||
checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, auth, null, false, 1, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAesCbcAesXCbcUdp4() throws Exception {
|
||||
assumeTrue(hasIpSecAlgorithm(AUTH_AES_XCBC));
|
||||
|
||||
final IpSecAlgorithm crypt = buildCryptAesCbc();
|
||||
final IpSecAlgorithm auth = buildAuthAesXcbc();
|
||||
checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, false, 1, false);
|
||||
checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, false, 1, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAesCbcAesXCbcUdp6() throws Exception {
|
||||
assumeTrue(hasIpSecAlgorithm(AUTH_AES_XCBC));
|
||||
|
||||
final IpSecAlgorithm crypt = buildCryptAesCbc();
|
||||
final IpSecAlgorithm auth = buildAuthAesXcbc();
|
||||
checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, auth, null, false, 1, false);
|
||||
checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, auth, null, false, 1, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAesCbcAesCmacTcp4() throws Exception {
|
||||
assumeTrue(hasIpSecAlgorithm(AUTH_AES_CMAC));
|
||||
|
||||
final IpSecAlgorithm crypt = buildCryptAesCbc();
|
||||
final IpSecAlgorithm auth = buildAuthAesCmac();
|
||||
checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, false, 1, false);
|
||||
checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, false, 1, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
@SkipPresubmit(reason = "b/186608065 - kernel 5.10 regression in TrafficStats with ipsec")
|
||||
public void testAesCbcAesCmacTcp6() throws Exception {
|
||||
assumeTrue(hasIpSecAlgorithm(AUTH_AES_CMAC));
|
||||
|
||||
final IpSecAlgorithm crypt = buildCryptAesCbc();
|
||||
final IpSecAlgorithm auth = buildAuthAesCmac();
|
||||
checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, auth, null, false, 1, false);
|
||||
checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, auth, null, false, 1, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAesCbcAesCmacUdp4() throws Exception {
|
||||
assumeTrue(hasIpSecAlgorithm(AUTH_AES_CMAC));
|
||||
|
||||
final IpSecAlgorithm crypt = buildCryptAesCbc();
|
||||
final IpSecAlgorithm auth = buildAuthAesCmac();
|
||||
checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, false, 1, false);
|
||||
checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, false, 1, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAesCbcAesCmacUdp6() throws Exception {
|
||||
assumeTrue(hasIpSecAlgorithm(AUTH_AES_CMAC));
|
||||
|
||||
final IpSecAlgorithm crypt = buildCryptAesCbc();
|
||||
final IpSecAlgorithm auth = buildAuthAesCmac();
|
||||
checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, auth, null, false, 1, false);
|
||||
checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, auth, null, false, 1, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAesGcm64Tcp4() throws Exception {
|
||||
IpSecAlgorithm authCrypt =
|
||||
@@ -948,6 +1172,48 @@ public class IpSecManagerTest extends IpSecBaseTest {
|
||||
checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, null, null, authCrypt, false, 1, true);
|
||||
}
|
||||
|
||||
private static IpSecAlgorithm buildAuthCryptChaCha20Poly1305() throws Exception {
|
||||
return new IpSecAlgorithm(
|
||||
AUTH_CRYPT_CHACHA20_POLY1305, AEAD_KEY, CHACHA20_POLY1305_ICV_LEN * 8);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testChaCha20Poly1305Tcp4() throws Exception {
|
||||
assumeTrue(hasIpSecAlgorithm(AUTH_CRYPT_CHACHA20_POLY1305));
|
||||
|
||||
final IpSecAlgorithm authCrypt = buildAuthCryptChaCha20Poly1305();
|
||||
checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, null, authCrypt, false, 1, false);
|
||||
checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, null, authCrypt, false, 1, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
@SkipPresubmit(reason = "b/186608065 - kernel 5.10 regression in TrafficStats with ipsec")
|
||||
public void testChaCha20Poly1305Tcp6() throws Exception {
|
||||
assumeTrue(hasIpSecAlgorithm(AUTH_CRYPT_CHACHA20_POLY1305));
|
||||
|
||||
final IpSecAlgorithm authCrypt = buildAuthCryptChaCha20Poly1305();
|
||||
checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, null, null, authCrypt, false, 1, false);
|
||||
checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, null, null, authCrypt, false, 1, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testChaCha20Poly1305Udp4() throws Exception {
|
||||
assumeTrue(hasIpSecAlgorithm(AUTH_CRYPT_CHACHA20_POLY1305));
|
||||
|
||||
final IpSecAlgorithm authCrypt = buildAuthCryptChaCha20Poly1305();
|
||||
checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, null, authCrypt, false, 1, false);
|
||||
checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, null, authCrypt, false, 1, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testChaCha20Poly1305Udp6() throws Exception {
|
||||
assumeTrue(hasIpSecAlgorithm(AUTH_CRYPT_CHACHA20_POLY1305));
|
||||
|
||||
final IpSecAlgorithm authCrypt = buildAuthCryptChaCha20Poly1305();
|
||||
checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, null, null, authCrypt, false, 1, false);
|
||||
checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, null, null, authCrypt, false, 1, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAesCbcHmacMd5Tcp4UdpEncap() throws Exception {
|
||||
IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY);
|
||||
@@ -1028,6 +1294,66 @@ public class IpSecManagerTest extends IpSecBaseTest {
|
||||
checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, true, 1, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAesCtrHmacSha512Tcp4UdpEncap() throws Exception {
|
||||
assumeTrue(hasIpSecAlgorithm(CRYPT_AES_CTR));
|
||||
|
||||
final IpSecAlgorithm crypt = buildCryptAesCtr();
|
||||
final IpSecAlgorithm auth = buildAuthHmacSha512();
|
||||
checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, true, 1, false);
|
||||
checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, true, 1, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAesCtrHmacSha512Udp4UdpEncap() throws Exception {
|
||||
assumeTrue(hasIpSecAlgorithm(CRYPT_AES_CTR));
|
||||
|
||||
final IpSecAlgorithm crypt = buildCryptAesCtr();
|
||||
final IpSecAlgorithm auth = buildAuthHmacSha512();
|
||||
checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, true, 1, false);
|
||||
checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, true, 1, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAesCbcAesXCbcTcp4UdpEncap() throws Exception {
|
||||
assumeTrue(hasIpSecAlgorithm(AUTH_AES_XCBC));
|
||||
|
||||
final IpSecAlgorithm crypt = new IpSecAlgorithm(CRYPT_AES_CBC, CRYPT_KEY);
|
||||
final IpSecAlgorithm auth = new IpSecAlgorithm(AUTH_AES_XCBC, getKey(128), 96);
|
||||
checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, true, 1, false);
|
||||
checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, true, 1, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAesCbcAesXCbcUdp4UdpEncap() throws Exception {
|
||||
assumeTrue(hasIpSecAlgorithm(AUTH_AES_XCBC));
|
||||
|
||||
final IpSecAlgorithm crypt = new IpSecAlgorithm(CRYPT_AES_CBC, CRYPT_KEY);
|
||||
final IpSecAlgorithm auth = new IpSecAlgorithm(AUTH_AES_XCBC, getKey(128), 96);
|
||||
checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, true, 1, false);
|
||||
checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, true, 1, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAesCbcAesCmacTcp4UdpEncap() throws Exception {
|
||||
assumeTrue(hasIpSecAlgorithm(AUTH_AES_CMAC));
|
||||
|
||||
final IpSecAlgorithm crypt = new IpSecAlgorithm(CRYPT_AES_CBC, CRYPT_KEY);
|
||||
final IpSecAlgorithm auth = new IpSecAlgorithm(AUTH_AES_CMAC, getKey(128), 96);
|
||||
checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, true, 1, false);
|
||||
checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, true, 1, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAesCbcAesCmacUdp4UdpEncap() throws Exception {
|
||||
assumeTrue(hasIpSecAlgorithm(AUTH_AES_CMAC));
|
||||
|
||||
final IpSecAlgorithm crypt = new IpSecAlgorithm(CRYPT_AES_CBC, CRYPT_KEY);
|
||||
final IpSecAlgorithm auth = new IpSecAlgorithm(AUTH_AES_CMAC, getKey(128), 96);
|
||||
checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, true, 1, false);
|
||||
checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, true, 1, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAesGcm64Tcp4UdpEncap() throws Exception {
|
||||
IpSecAlgorithm authCrypt =
|
||||
@@ -1076,6 +1402,24 @@ public class IpSecManagerTest extends IpSecBaseTest {
|
||||
checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, null, authCrypt, true, 1, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testChaCha20Poly1305Tcp4UdpEncap() throws Exception {
|
||||
assumeTrue(hasIpSecAlgorithm(AUTH_CRYPT_CHACHA20_POLY1305));
|
||||
|
||||
final IpSecAlgorithm authCrypt = buildAuthCryptChaCha20Poly1305();
|
||||
checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, null, authCrypt, true, 1, false);
|
||||
checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, null, authCrypt, true, 1, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testChaCha20Poly1305Udp4UdpEncap() throws Exception {
|
||||
assumeTrue(hasIpSecAlgorithm(AUTH_CRYPT_CHACHA20_POLY1305));
|
||||
|
||||
final IpSecAlgorithm authCrypt = buildAuthCryptChaCha20Poly1305();
|
||||
checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, null, authCrypt, true, 1, false);
|
||||
checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, null, authCrypt, true, 1, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testCryptUdp4() throws Exception {
|
||||
IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY);
|
||||
|
||||
@@ -43,17 +43,35 @@ public class PacketUtils {
|
||||
static final int UDP_HDRLEN = 8;
|
||||
static final int TCP_HDRLEN = 20;
|
||||
static final int TCP_HDRLEN_WITH_TIMESTAMP_OPT = TCP_HDRLEN + 12;
|
||||
static final int ESP_BLK_SIZE = 4; // ESP has to be 4-byte aligned
|
||||
|
||||
// Not defined in OsConstants
|
||||
static final int IPPROTO_IPV4 = 4;
|
||||
static final int IPPROTO_ESP = 50;
|
||||
|
||||
// Encryption parameters
|
||||
static final int AES_GCM_IV_LEN = 8;
|
||||
static final int AES_CBC_IV_LEN = 16;
|
||||
static final int AES_GCM_BLK_SIZE = 4;
|
||||
static final int AES_CBC_BLK_SIZE = 16;
|
||||
|
||||
static final int AES_CTR_KEY_LEN = 20;
|
||||
static final int AES_CTR_BLK_SIZE = ESP_BLK_SIZE;
|
||||
static final int AES_CTR_IV_LEN = 8;
|
||||
|
||||
// AEAD parameters
|
||||
static final int AES_GCM_IV_LEN = 8;
|
||||
static final int AES_GCM_BLK_SIZE = 4;
|
||||
static final int CHACHA20_POLY1305_BLK_SIZE = ESP_BLK_SIZE;
|
||||
static final int CHACHA20_POLY1305_IV_LEN = 8;
|
||||
static final int CHACHA20_POLY1305_ICV_LEN = 16;
|
||||
|
||||
// Authentication parameters
|
||||
static final int HMAC_SHA512_KEY_LEN = 64;
|
||||
static final int HMAC_SHA512_ICV_LEN = 32;
|
||||
static final int AES_XCBC_KEY_LEN = 16;
|
||||
static final int AES_XCBC_ICV_LEN = 12;
|
||||
static final int AES_CMAC_KEY_LEN = 16;
|
||||
static final int AES_CMAC_ICV_LEN = 12;
|
||||
|
||||
// Encryption algorithms
|
||||
static final String AES = "AES";
|
||||
static final String AES_CBC = "AES/CBC/NoPadding";
|
||||
|
||||
@@ -26,5 +26,6 @@ java_library {
|
||||
"compatibility-device-util-axt",
|
||||
"junit",
|
||||
"net-tests-utils",
|
||||
"modules-utils-build",
|
||||
],
|
||||
}
|
||||
|
||||
@@ -23,6 +23,7 @@ import static android.net.NetworkCapabilities.TRANSPORT_CELLULAR;
|
||||
import static android.net.NetworkCapabilities.TRANSPORT_TEST;
|
||||
import static android.net.wifi.WifiManager.SCAN_RESULTS_AVAILABLE_ACTION;
|
||||
|
||||
import static com.android.compatibility.common.util.PropertyUtil.getFirstApiLevel;
|
||||
import static com.android.testutils.TestPermissionUtil.runAsShell;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
@@ -55,7 +56,6 @@ import android.net.wifi.WifiManager;
|
||||
import android.os.Binder;
|
||||
import android.os.Build;
|
||||
import android.os.IBinder;
|
||||
import android.os.SystemProperties;
|
||||
import android.provider.Settings;
|
||||
import android.system.Os;
|
||||
import android.system.OsConstants;
|
||||
@@ -117,8 +117,7 @@ public final class CtsNetUtils {
|
||||
/** Checks if FEATURE_IPSEC_TUNNELS is enabled on the device */
|
||||
public boolean hasIpsecTunnelsFeature() {
|
||||
return mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_IPSEC_TUNNELS)
|
||||
|| SystemProperties.getInt("ro.product.first_api_level", 0)
|
||||
>= Build.VERSION_CODES.Q;
|
||||
|| getFirstApiLevel() >= Build.VERSION_CODES.Q;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user