LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge changes I10c01f2b,Ie05bc535

Browse Source 
am: 90a0bdb98a

Change-Id: I2e55a266f65268ca734c028d4da7add14a281d75
This commit is contained in:
Yan Yan
2018-10-05 11:47:12 -07:00
committed by android-build-merger
parent b8480d5bda 90a0bdb98a
commit e09f9d1a93
1 changed files with 108 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

156
tests/net/java/com/android/server/IpSecServiceParameterizedTest.java
View File

@@ -16,6 +16,8 @@
package com.android.server; package com.android.server;
import static android.system.OsConstants.AF_INET;
import static android.system.OsConstants.AF_INET6;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.fail; import static org.junit.Assert.fail;
@@ -34,8 +36,10 @@ import android.net.IpSecAlgorithm;
import android.net.IpSecConfig; import android.net.IpSecConfig;
import android.net.IpSecManager; import android.net.IpSecManager;
import android.net.IpSecSpiResponse; import android.net.IpSecSpiResponse;
import android.net.IpSecTransform;
import android.net.IpSecTransformResponse; import android.net.IpSecTransformResponse;
import android.net.IpSecTunnelInterfaceResponse; import android.net.IpSecTunnelInterfaceResponse;
import android.net.IpSecUdpEncapResponse;
import android.net.LinkAddress; import android.net.LinkAddress;
import android.net.Network; import android.net.Network;
import android.net.NetworkUtils; import android.net.NetworkUtils;
@@ -62,16 +66,17 @@ public class IpSecServiceParameterizedTest {
private static final int TEST_SPI = 0xD1201D; private static final int TEST_SPI = 0xD1201D;
private final String mDestinationAddr;
private final String mSourceAddr; private final String mSourceAddr;
private final String mDestinationAddr;
private final LinkAddress mLocalInnerAddress; private final LinkAddress mLocalInnerAddress;
private final int mFamily;
@Parameterized.Parameters @Parameterized.Parameters
public static Collection ipSecConfigs() { public static Collection ipSecConfigs() {
return Arrays.asList( return Arrays.asList(
new Object[][] { new Object[][] {
{"1.2.3.4", "8.8.4.4", "10.0.1.1/24"}, {"1.2.3.4", "8.8.4.4", "10.0.1.1/24", AF_INET},
{"2601::2", "2601::10", "2001:db8::1/64"} {"2601::2", "2601::10", "2001:db8::1/64", AF_INET6}
}); });
} }
@@ -129,12 +134,14 @@ public class IpSecServiceParameterizedTest {
new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY);
private static final IpSecAlgorithm AEAD_ALGO = private static final IpSecAlgorithm AEAD_ALGO =
new IpSecAlgorithm(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, AEAD_KEY, 128); new IpSecAlgorithm(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, AEAD_KEY, 128);
private static final int REMOTE_ENCAP_PORT = 4500;
public IpSecServiceParameterizedTest( public IpSecServiceParameterizedTest(
String sourceAddr, String destAddr, String localInnerAddr) { String sourceAddr, String destAddr, String localInnerAddr, int family) {
mSourceAddr = sourceAddr; mSourceAddr = sourceAddr;
mDestinationAddr = destAddr; mDestinationAddr = destAddr;
mLocalInnerAddress = new LinkAddress(localInnerAddr); mLocalInnerAddress = new LinkAddress(localInnerAddr);
mFamily = family;
} }
@Before @Before
@@ -157,6 +164,8 @@ public class IpSecServiceParameterizedTest {
.thenReturn(AppOpsManager.MODE_IGNORED); .thenReturn(AppOpsManager.MODE_IGNORED);
} }
//TODO: Add a test to verify SPI.
@Test @Test
public void testIpSecServiceReserveSpi() throws Exception { public void testIpSecServiceReserveSpi() throws Exception {
when(mMockNetd.ipSecAllocateSpi(anyInt(), anyString(), eq(mDestinationAddr), eq(TEST_SPI))) when(mMockNetd.ipSecAllocateSpi(anyInt(), anyString(), eq(mDestinationAddr), eq(TEST_SPI)))
@@ -257,6 +266,47 @@ public class IpSecServiceParameterizedTest {
config.setAuthentication(AUTH_ALGO); config.setAuthentication(AUTH_ALGO);
} }
private void addEncapSocketToIpSecConfig(int resourceId, IpSecConfig config) throws Exception {
config.setEncapType(IpSecTransform.ENCAP_ESPINUDP);
config.setEncapSocketResourceId(resourceId);
config.setEncapRemotePort(REMOTE_ENCAP_PORT);
}
private void verifyTransformNetdCalledForCreatingSA(
IpSecConfig config, IpSecTransformResponse resp) throws Exception {
verifyTransformNetdCalledForCreatingSA(config, resp, 0);
}
private void verifyTransformNetdCalledForCreatingSA(
IpSecConfig config, IpSecTransformResponse resp, int encapSocketPort) throws Exception {
IpSecAlgorithm auth = config.getAuthentication();
IpSecAlgorithm crypt = config.getEncryption();
IpSecAlgorithm authCrypt = config.getAuthenticatedEncryption();
verify(mMockNetd, times(1))
.ipSecAddSecurityAssociation(
eq(mUid),
eq(config.getMode()),
eq(config.getSourceAddress()),
eq(config.getDestinationAddress()),
eq((config.getNetwork() != null) ? config.getNetwork().netId : 0),
eq(TEST_SPI),
eq(0),
eq(0),
eq((auth != null) ? auth.getName() : ""),
eq((auth != null) ? auth.getKey() : new byte[] {}),
eq((auth != null) ? auth.getTruncationLengthBits() : 0),
eq((crypt != null) ? crypt.getName() : ""),
eq((crypt != null) ? crypt.getKey() : new byte[] {}),
eq((crypt != null) ? crypt.getTruncationLengthBits() : 0),
eq((authCrypt != null) ? authCrypt.getName() : ""),
eq((authCrypt != null) ? authCrypt.getKey() : new byte[] {}),
eq((authCrypt != null) ? authCrypt.getTruncationLengthBits() : 0),
eq(config.getEncapType()),
eq(encapSocketPort),
eq(config.getEncapRemotePort()));
}
@Test @Test
public void testCreateTransform() throws Exception { public void testCreateTransform() throws Exception {
IpSecConfig ipSecConfig = new IpSecConfig(); IpSecConfig ipSecConfig = new IpSecConfig();
@@ -267,28 +317,7 @@ public class IpSecServiceParameterizedTest {
mIpSecService.createTransform(ipSecConfig, new Binder(), "blessedPackage"); mIpSecService.createTransform(ipSecConfig, new Binder(), "blessedPackage");
assertEquals(IpSecManager.Status.OK, createTransformResp.status); assertEquals(IpSecManager.Status.OK, createTransformResp.status);
verify(mMockNetd) verifyTransformNetdCalledForCreatingSA(ipSecConfig, createTransformResp);
.ipSecAddSecurityAssociation(
eq(mUid),
anyInt(),
anyString(),
anyString(),
anyInt(),
eq(TEST_SPI),
anyInt(),
anyInt(),
eq(IpSecAlgorithm.AUTH_HMAC_SHA256),
eq(AUTH_KEY),
anyInt(),
eq(IpSecAlgorithm.CRYPT_AES_CBC),
eq(CRYPT_KEY),
anyInt(),
eq(""),
eq(new byte[] {}),
eq(0),
anyInt(),
anyInt(),
anyInt());
} }
@Test @Test
@@ -302,28 +331,59 @@ public class IpSecServiceParameterizedTest {
mIpSecService.createTransform(ipSecConfig, new Binder(), "blessedPackage"); mIpSecService.createTransform(ipSecConfig, new Binder(), "blessedPackage");
assertEquals(IpSecManager.Status.OK, createTransformResp.status); assertEquals(IpSecManager.Status.OK, createTransformResp.status);
verify(mMockNetd) verifyTransformNetdCalledForCreatingSA(ipSecConfig, createTransformResp);
.ipSecAddSecurityAssociation( }
eq(mUid),
anyInt(), @Test
anyString(), public void testCreateTransportModeTransformWithEncap() throws Exception {
anyString(), IpSecUdpEncapResponse udpSock = mIpSecService.openUdpEncapsulationSocket(0, new Binder());
anyInt(),
eq(TEST_SPI), IpSecConfig ipSecConfig = new IpSecConfig();
anyInt(), ipSecConfig.setMode(IpSecTransform.MODE_TRANSPORT);
anyInt(), addDefaultSpisAndRemoteAddrToIpSecConfig(ipSecConfig);
eq(""), addAuthAndCryptToIpSecConfig(ipSecConfig);
eq(new byte[] {}), addEncapSocketToIpSecConfig(udpSock.resourceId, ipSecConfig);
eq(0),
eq(""), if (mFamily == AF_INET) {
eq(new byte[] {}), IpSecTransformResponse createTransformResp =
eq(0), mIpSecService.createTransform(ipSecConfig, new Binder(), "blessedPackage");
eq(IpSecAlgorithm.AUTH_CRYPT_AES_GCM), assertEquals(IpSecManager.Status.OK, createTransformResp.status);
eq(AEAD_KEY),
anyInt(), verifyTransformNetdCalledForCreatingSA(ipSecConfig, createTransformResp, udpSock.port);
anyInt(), } else {
anyInt(), try {
anyInt()); IpSecTransformResponse createTransformResp =
mIpSecService.createTransform(ipSecConfig, new Binder(), "blessedPackage");
fail("Expected IllegalArgumentException on attempt to use UDP Encap in IPv6");
} catch (IllegalArgumentException expected) {
}
}
}
@Test
public void testCreateTunnelModeTransformWithEncap() throws Exception {
IpSecUdpEncapResponse udpSock = mIpSecService.openUdpEncapsulationSocket(0, new Binder());
IpSecConfig ipSecConfig = new IpSecConfig();
ipSecConfig.setMode(IpSecTransform.MODE_TUNNEL);
addDefaultSpisAndRemoteAddrToIpSecConfig(ipSecConfig);
addAuthAndCryptToIpSecConfig(ipSecConfig);
addEncapSocketToIpSecConfig(udpSock.resourceId, ipSecConfig);
if (mFamily == AF_INET) {
IpSecTransformResponse createTransformResp =
mIpSecService.createTransform(ipSecConfig, new Binder(), "blessedPackage");
assertEquals(IpSecManager.Status.OK, createTransformResp.status);
verifyTransformNetdCalledForCreatingSA(ipSecConfig, createTransformResp, udpSock.port);
} else {
try {
IpSecTransformResponse createTransformResp =
mIpSecService.createTransform(ipSecConfig, new Binder(), "blessedPackage");
fail("Expected IllegalArgumentException on attempt to use UDP Encap in IPv6");
} catch (IllegalArgumentException expected) {
}
}
} }
@Test @Test