diff --git a/tests/cts/net/src/android/net/cts/IpSecManagerTest.java b/tests/cts/net/src/android/net/cts/IpSecManagerTest.java index 7c09e41878..661afa09c1 100644 --- a/tests/cts/net/src/android/net/cts/IpSecManagerTest.java +++ b/tests/cts/net/src/android/net/cts/IpSecManagerTest.java @@ -70,19 +70,18 @@ public class IpSecManagerTest extends AndroidTestCase { private static final int DROID_SPI = 0xD1201D; private static final int MAX_PORT_BIND_ATTEMPTS = 10; - private static final byte[] CRYPT_KEY = { + private static final byte[] KEY_DATA = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F - }; - private static final byte[] AUTH_KEY = { - 0x7A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7F, - 0x7A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7F + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, + 0x20, 0x21, 0x22, 0x23 }; + private static final byte[] AUTH_KEY = getKey(256); + private static final byte[] CRYPT_KEY = getKey(256); + private static final byte[] AEAD_KEY = getKey(288); + private static final String IPV4_LOOPBACK = "127.0.0.1"; private static final String IPV6_LOOPBACK = "::1"; private static final int TCP_HDRLEN_WITH_OPTIONS = 32; @@ -93,7 +92,9 @@ public class IpSecManagerTest extends AndroidTestCase { private static final byte[] TEST_DATA = "Best test data ever!".getBytes(); // Encryption parameters + private static final int AES_GCM_IV_LEN = 8; private static final int AES_CBC_IV_LEN = 16; + private static final int AES_GCM_BLK_SIZE = 4; private static final int AES_CBC_BLK_SIZE = 16; protected void setUp() throws Exception { @@ -132,8 +133,8 @@ public class IpSecManagerTest extends AndroidTestCase { } } - private byte[] getAuthKey(int bitLength) { - return Arrays.copyOf(AUTH_KEY, bitLength / 8); + private static byte[] getKey(int bitLength) { + return Arrays.copyOf(KEY_DATA, bitLength / 8); } private static int getDomain(InetAddress address) { @@ -273,9 +274,17 @@ public class IpSecManagerTest extends AndroidTestCase { StatsChecker.waitForNumPackets(4 * (i + 1)); } - mISM.removeTransportModeTransforms(server); - mISM.removeTransportModeTransforms(client); - mISM.removeTransportModeTransforms(accepted); + // Transforms should not be removed from the sockets, otherwise FIN packets will be sent + // unencrypted. + // This test also unfortunately happens to rely on a nuance of the cleanup order. By + // keeping the policy on the socket, but removing the SA before lingering FIN packets + // are sent (at an undetermined later time), the FIN packets are dropped. Without this, + // we run into all kinds of headaches trying to test data accounting (unsolicited + // packets mysteriously appearing and messing up our counters) + // The right way to close sockets is to set SO_LINGER to ensure synchronous closure, + // closing the sockets, and then closing the transforms. See documentation for the + // Socket or FileDescriptor flavors of applyTransportModeTransform() in IpSecManager + // for more details. Os.close(server); Os.close(client); @@ -299,8 +308,7 @@ public class IpSecManagerTest extends AndroidTestCase { IpSecTransform transform = new IpSecTransform.Builder(mContext) - .setEncryption( - new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY)) + .setEncryption(new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY)) .setAuthentication( new IpSecAlgorithm( IpSecAlgorithm.AUTH_HMAC_SHA256, @@ -363,7 +371,6 @@ public class IpSecManagerTest extends AndroidTestCase { /** Snapshot of TrafficStats as of initStatsChecker call for later comparisons */ private static class StatsChecker { - private static final String LOOPBACK_INTERFACE = "lo"; private static final double ERROR_MARGIN_BYTES = 1.05; private static final double ERROR_MARGIN_PKTS = 1.05; private static final int MAX_WAIT_TIME_MILLIS = 1000; @@ -451,7 +458,7 @@ public class IpSecManagerTest extends AndroidTestCase { assertTrue((expectedDelta * errorMargin) > newStats - oldStats); } - private static void initStatsChecker() throws IOException { + private static void initStatsChecker() throws Exception { uidTxBytes = TrafficStats.getUidTxBytes(Os.getuid()); uidRxBytes = TrafficStats.getUidRxBytes(Os.getuid()); uidTxPackets = TrafficStats.getUidTxPackets(Os.getuid()); @@ -464,35 +471,37 @@ public class IpSecManagerTest extends AndroidTestCase { } } - private int getTruncLenBits(IpSecAlgorithm auth) { - return auth == null ? 0 : auth.getTruncationLengthBits(); + private int getTruncLenBits(IpSecAlgorithm authOrAead) { + return authOrAead == null ? 0 : authOrAead.getTruncationLengthBits(); } - private int getIvLen(IpSecAlgorithm crypt) { - if (crypt == null) { - return 0; - } + private int getIvLen(IpSecAlgorithm cryptOrAead) { + if (cryptOrAead == null) { return 0; } - switch (crypt.getName()) { + switch (cryptOrAead.getName()) { case IpSecAlgorithm.CRYPT_AES_CBC: return AES_CBC_IV_LEN; + case IpSecAlgorithm.AUTH_CRYPT_AES_GCM: + return AES_GCM_IV_LEN; default: throw new IllegalArgumentException( - "IV length unknown for algorithm" + crypt.getName()); + "IV length unknown for algorithm" + cryptOrAead.getName()); } } - private int getBlkSize(IpSecAlgorithm crypt) { - if (crypt == null) { - return 4; - } + private int getBlkSize(IpSecAlgorithm cryptOrAead) { + // RFC 4303, section 2.4 states that ciphertext plus pad_len, next_header fields must + // terminate on a 4-byte boundary. Thus, the minimum ciphertext block size is 4 bytes. + if (cryptOrAead == null) { return 4; } - switch (crypt.getName()) { + switch (cryptOrAead.getName()) { case IpSecAlgorithm.CRYPT_AES_CBC: return AES_CBC_BLK_SIZE; + case IpSecAlgorithm.AUTH_CRYPT_AES_GCM: + return AES_GCM_BLK_SIZE; default: throw new IllegalArgumentException( - "Blk size unknown for algorithm" + crypt.getName()); + "Blk size unknown for algorithm" + cryptOrAead.getName()); } } @@ -514,6 +523,7 @@ public class IpSecManagerTest extends AndroidTestCase { String localAddress, IpSecAlgorithm crypt, IpSecAlgorithm auth, + IpSecAlgorithm aead, boolean doUdpEncap, int sendCount, boolean useJavaSockets) @@ -532,6 +542,9 @@ public class IpSecManagerTest extends AndroidTestCase { if (auth != null) { transformBuilder.setAuthentication(auth); } + if (aead != null) { + transformBuilder.setAuthenticatedEncryption(aead); + } if (doUdpEncap) { transformBuilder = @@ -563,9 +576,9 @@ public class IpSecManagerTest extends AndroidTestCase { transportHdrLen, udpEncapLen, sendCount, - getIvLen(crypt), - getBlkSize(crypt), - getTruncLenBits(auth)); + getIvLen(crypt != null ? crypt : aead), + getBlkSize(crypt != null ? crypt : aead), + getTruncLenBits(auth != null ? auth : aead)); } } @@ -668,346 +681,448 @@ public class IpSecManagerTest extends AndroidTestCase { // public void testInterfaceCountersTcp4() throws Exception { // IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); // IpSecAlgorithm auth = new IpSecAlgorithm( - // IpSecAlgorithm.AUTH_HMAC_MD5, getAuthKey(128), 96); + // IpSecAlgorithm.AUTH_HMAC_MD5, getKey(128), 96); // checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, false, 1000); // } // public void testInterfaceCountersTcp6() throws Exception { // IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); // IpSecAlgorithm auth = new IpSecAlgorithm( - // IpSecAlgorithm.AUTH_HMAC_MD5, getAuthKey(128), 96); + // IpSecAlgorithm.AUTH_HMAC_MD5, getKey(128), 96); // checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, auth, false, 1000); // } // public void testInterfaceCountersTcp4UdpEncap() throws Exception { // IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); // IpSecAlgorithm auth = - // new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_MD5, getAuthKey(128), 96); + // new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_MD5, getKey(128), 96); // checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, true, 1000); // } public void testInterfaceCountersUdp4() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_MD5, getAuthKey(128), 96); - checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, false, 1000, false); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_MD5, getKey(128), 96); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, false, 1000, false); } public void testInterfaceCountersUdp6() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_MD5, getAuthKey(128), 96); - checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, auth, false, 1000, false); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_MD5, getKey(128), 96); + checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, auth, null, false, 1000, false); } public void testInterfaceCountersUdp4UdpEncap() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_MD5, getAuthKey(128), 96); - checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, true, 1000, false); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_MD5, getKey(128), 96); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, true, 1000, false); } public void testAesCbcHmacMd5Tcp4() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = new IpSecAlgorithm( - IpSecAlgorithm.AUTH_HMAC_MD5, getAuthKey(128), 96); - checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, false, 1, false); - checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, false, 1, true); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_MD5, getKey(128), 96); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, false, 1, false); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, false, 1, true); } public void testAesCbcHmacMd5Tcp6() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = new IpSecAlgorithm( - IpSecAlgorithm.AUTH_HMAC_MD5, getAuthKey(128), 96); - checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, auth, false, 1, false); - checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, auth, false, 1, true); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_MD5, getKey(128), 96); + checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, auth, null, false, 1, false); + checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, auth, null, false, 1, true); } public void testAesCbcHmacMd5Udp4() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = new IpSecAlgorithm( - IpSecAlgorithm.AUTH_HMAC_MD5, getAuthKey(128), 96); - checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, false, 1, false); - checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, false, 1, true); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_MD5, getKey(128), 96); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, false, 1, false); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, false, 1, true); } public void testAesCbcHmacMd5Udp6() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = new IpSecAlgorithm( - IpSecAlgorithm.AUTH_HMAC_MD5, getAuthKey(128), 96); - checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, auth, false, 1, false); - checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, auth, false, 1, true); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_MD5, getKey(128), 96); + checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, auth, null, false, 1, false); + checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, auth, null, false, 1, true); } public void testAesCbcHmacSha1Tcp4() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = new IpSecAlgorithm( - IpSecAlgorithm.AUTH_HMAC_SHA1, getAuthKey(160), 96); - checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, false, 1, false); - checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, false, 1, true); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA1, getKey(160), 96); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, false, 1, false); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, false, 1, true); } public void testAesCbcHmacSha1Tcp6() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = new IpSecAlgorithm( - IpSecAlgorithm.AUTH_HMAC_SHA1, getAuthKey(160), 96); - checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, auth, false, 1, false); - checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, auth, false, 1, true); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA1, getKey(160), 96); + checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, auth, null, false, 1, false); + checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, auth, null, false, 1, true); } public void testAesCbcHmacSha1Udp4() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = new IpSecAlgorithm( - IpSecAlgorithm.AUTH_HMAC_SHA1, getAuthKey(160), 96); - checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, false, 1, false); - checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, false, 1, true); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA1, getKey(160), 96); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, false, 1, false); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, false, 1, true); } public void testAesCbcHmacSha1Udp6() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = new IpSecAlgorithm( - IpSecAlgorithm.AUTH_HMAC_SHA1, getAuthKey(160), 96); - checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, auth, false, 1, false); - checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, auth, false, 1, true); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA1, getKey(160), 96); + checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, auth, null, false, 1, false); + checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, auth, null, false, 1, true); } public void testAesCbcHmacSha256Tcp4() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = new IpSecAlgorithm( - IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128); - checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, false, 1, false); - checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, false, 1, true); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getKey(256), 128); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, false, 1, false); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, false, 1, true); } public void testAesCbcHmacSha256Tcp6() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = new IpSecAlgorithm( - IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128); - checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, auth, false, 1, false); - checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, auth, false, 1, true); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getKey(256), 128); + checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, auth, null, false, 1, false); + checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, auth, null, false, 1, true); } public void testAesCbcHmacSha256Udp4() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = new IpSecAlgorithm( - IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128); - checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, false, 1, false); - checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, false, 1, true); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getKey(256), 128); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, false, 1, false); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, false, 1, true); } public void testAesCbcHmacSha256Udp6() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = new IpSecAlgorithm( - IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128); - checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, auth, false, 1, false); - checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, auth, false, 1, true); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getKey(256), 128); + checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, auth, null, false, 1, false); + checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, auth, null, false, 1, true); } public void testAesCbcHmacSha384Tcp4() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = new IpSecAlgorithm( - IpSecAlgorithm.AUTH_HMAC_SHA384, getAuthKey(384), 192); - checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, false, 1, false); - checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, false, 1, true); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA384, getKey(384), 192); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, false, 1, false); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, false, 1, true); } public void testAesCbcHmacSha384Tcp6() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = new IpSecAlgorithm( - IpSecAlgorithm.AUTH_HMAC_SHA384, getAuthKey(384), 192); - checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, auth, false, 1, false); - checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, auth, false, 1, true); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA384, getKey(384), 192); + checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, auth, null, false, 1, false); + checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, auth, null, false, 1, true); } public void testAesCbcHmacSha384Udp4() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = new IpSecAlgorithm( - IpSecAlgorithm.AUTH_HMAC_SHA384, getAuthKey(384), 192); - checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, false, 1, false); - checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, false, 1, true); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA384, getKey(384), 192); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, false, 1, false); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, false, 1, true); } public void testAesCbcHmacSha384Udp6() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = new IpSecAlgorithm( - IpSecAlgorithm.AUTH_HMAC_SHA384, getAuthKey(384), 192); - checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, auth, false, 1, false); - checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, auth, false, 1, true); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA384, getKey(384), 192); + checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, auth, null, false, 1, false); + checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, auth, null, false, 1, true); } public void testAesCbcHmacSha512Tcp4() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = new IpSecAlgorithm( - IpSecAlgorithm.AUTH_HMAC_SHA512, getAuthKey(512), 256); - checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, false, 1, false); - checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, false, 1, true); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA512, getKey(512), 256); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, false, 1, false); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, false, 1, true); } public void testAesCbcHmacSha512Tcp6() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = new IpSecAlgorithm( - IpSecAlgorithm.AUTH_HMAC_SHA512, getAuthKey(512), 256); - checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, auth, false, 1, false); - checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, auth, false, 1, true); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA512, getKey(512), 256); + checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, auth, null, false, 1, false); + checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, auth, null, false, 1, true); } public void testAesCbcHmacSha512Udp4() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = new IpSecAlgorithm( - IpSecAlgorithm.AUTH_HMAC_SHA512, getAuthKey(512), 256); - checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, false, 1, false); - checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, false, 1, true); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA512, getKey(512), 256); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, false, 1, false); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, false, 1, true); } public void testAesCbcHmacSha512Udp6() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = new IpSecAlgorithm( - IpSecAlgorithm.AUTH_HMAC_SHA512, getAuthKey(512), 256); - checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, auth, false, 1, false); - checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, auth, false, 1, true); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA512, getKey(512), 256); + checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, auth, null, false, 1, false); + checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, auth, null, false, 1, true); + } + + public void testAesGcm64Tcp4() throws Exception { + IpSecAlgorithm authCrypt = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, AEAD_KEY, 64); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, null, authCrypt, false, 1, false); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, null, authCrypt, false, 1, true); + } + + public void testAesGcm64Tcp6() throws Exception { + IpSecAlgorithm authCrypt = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, AEAD_KEY, 64); + checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, null, null, authCrypt, false, 1, false); + checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, null, null, authCrypt, false, 1, true); + } + + public void testAesGcm64Udp4() throws Exception { + IpSecAlgorithm authCrypt = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, AEAD_KEY, 64); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, null, authCrypt, false, 1, false); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, null, authCrypt, false, 1, true); + } + + public void testAesGcm64Udp6() throws Exception { + IpSecAlgorithm authCrypt = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, AEAD_KEY, 64); + checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, null, null, authCrypt, false, 1, false); + checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, null, null, authCrypt, false, 1, true); + } + + public void testAesGcm96Tcp4() throws Exception { + IpSecAlgorithm authCrypt = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, AEAD_KEY, 96); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, null, authCrypt, false, 1, false); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, null, authCrypt, false, 1, true); + } + + public void testAesGcm96Tcp6() throws Exception { + IpSecAlgorithm authCrypt = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, AEAD_KEY, 96); + checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, null, null, authCrypt, false, 1, false); + checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, null, null, authCrypt, false, 1, true); + } + + public void testAesGcm96Udp4() throws Exception { + IpSecAlgorithm authCrypt = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, AEAD_KEY, 96); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, null, authCrypt, false, 1, false); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, null, authCrypt, false, 1, true); + } + + public void testAesGcm96Udp6() throws Exception { + IpSecAlgorithm authCrypt = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, AEAD_KEY, 96); + checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, null, null, authCrypt, false, 1, false); + checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, null, null, authCrypt, false, 1, true); + } + + public void testAesGcm128Tcp4() throws Exception { + IpSecAlgorithm authCrypt = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, AEAD_KEY, 128); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, null, authCrypt, false, 1, false); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, null, authCrypt, false, 1, true); + } + + public void testAesGcm128Tcp6() throws Exception { + IpSecAlgorithm authCrypt = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, AEAD_KEY, 128); + checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, null, null, authCrypt, false, 1, false); + checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, null, null, authCrypt, false, 1, true); + } + + public void testAesGcm128Udp4() throws Exception { + IpSecAlgorithm authCrypt = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, AEAD_KEY, 128); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, null, authCrypt, false, 1, false); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, null, authCrypt, false, 1, true); + } + + public void testAesGcm128Udp6() throws Exception { + IpSecAlgorithm authCrypt = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, AEAD_KEY, 128); + checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, null, null, authCrypt, false, 1, false); + checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, null, null, authCrypt, false, 1, true); } public void testAesCbcHmacMd5Tcp4UdpEncap() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_MD5, getAuthKey(128), 96); - checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, true, 1, false); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_MD5, getKey(128), 96); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, true, 1, false); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, true, 1, true); } public void testAesCbcHmacMd5Udp4UdpEncap() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_MD5, getAuthKey(128), 96); - checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, true, 1, false); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_MD5, getKey(128), 96); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, true, 1, false); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, true, 1, true); } public void testAesCbcHmacSha1Tcp4UdpEncap() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = - new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA1, getAuthKey(160), 96); - checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, true, 1, false); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA1, getKey(160), 96); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, true, 1, false); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, true, 1, true); } public void testAesCbcHmacSha1Udp4UdpEncap() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = - new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA1, getAuthKey(160), 96); - checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, true, 1, false); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA1, getKey(160), 96); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, true, 1, false); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, true, 1, true); } public void testAesCbcHmacSha256Tcp4UdpEncap() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = - new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128); - checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, true, 1, false); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getKey(256), 128); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, true, 1, false); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, true, 1, true); } public void testAesCbcHmacSha256Udp4UdpEncap() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = - new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128); - checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, true, 1, false); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getKey(256), 128); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, true, 1, false); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, true, 1, true); } public void testAesCbcHmacSha384Tcp4UdpEncap() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = - new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA384, getAuthKey(384), 192); - checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, true, 1, false); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA384, getKey(384), 192); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, true, 1, false); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, true, 1, true); } public void testAesCbcHmacSha384Udp4UdpEncap() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = - new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA384, getAuthKey(384), 192); - checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, true, 1, false); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA384, getKey(384), 192); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, true, 1, false); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, true, 1, true); } public void testAesCbcHmacSha512Tcp4UdpEncap() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = - new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA512, getAuthKey(512), 256); - checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, true, 1, false); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA512, getKey(512), 256); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, true, 1, false); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, auth, null, true, 1, true); } public void testAesCbcHmacSha512Udp4UdpEncap() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - IpSecAlgorithm auth = - new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA512, getAuthKey(512), 256); - checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, true, 1, false); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA512, getKey(512), 256); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, true, 1, false); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, null, true, 1, true); + } + + public void testAesGcm64Tcp4UdpEncap() throws Exception { + IpSecAlgorithm authCrypt = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, AEAD_KEY, 64); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, null, authCrypt, true, 1, false); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, null, authCrypt, true, 1, true); + } + + public void testAesGcm64Udp4UdpEncap() throws Exception { + IpSecAlgorithm authCrypt = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, AEAD_KEY, 64); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, null, authCrypt, true, 1, false); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, null, authCrypt, true, 1, true); + } + + public void testAesGcm96Tcp4UdpEncap() throws Exception { + IpSecAlgorithm authCrypt = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, AEAD_KEY, 96); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, null, authCrypt, true, 1, false); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, null, authCrypt, true, 1, true); + } + + public void testAesGcm96Udp4UdpEncap() throws Exception { + IpSecAlgorithm authCrypt = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, AEAD_KEY, 96); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, null, authCrypt, true, 1, false); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, null, authCrypt, true, 1, true); + } + + public void testAesGcm128Tcp4UdpEncap() throws Exception { + IpSecAlgorithm authCrypt = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, AEAD_KEY, 128); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, null, authCrypt, true, 1, false); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, null, authCrypt, true, 1, true); + } + + public void testAesGcm128Udp4UdpEncap() throws Exception { + IpSecAlgorithm authCrypt = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, AEAD_KEY, 128); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, null, authCrypt, true, 1, false); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, null, authCrypt, true, 1, true); } public void testCryptUdp4() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, null, false, 1, false); - checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, null, false, 1, true); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, null, null, false, 1, false); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, null, null, false, 1, true); } public void testAuthUdp4() throws Exception { - IpSecAlgorithm auth = - new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128); - checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, auth, false, 1, false); - checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, auth, false, 1, true); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getKey(256), 128); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, auth, null, false, 1, false); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, auth, null, false, 1, true); } public void testCryptUdp6() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, null, false, 1, false); - checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, null, false, 1, true); + checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, null, null, false, 1, false); + checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, null, null, false, 1, true); } public void testAuthUdp6() throws Exception { - IpSecAlgorithm auth = - new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128); - checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, null, auth, false, 1, false); - checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, null, auth, false, 1, true); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getKey(256), 128); + checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, null, auth, null, false, 1, false); + checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, null, auth, null, false, 1, true); } public void testCryptTcp4() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, null, false, 1, false); - checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, null, false, 1, true); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, null, null, false, 1, false); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, null, null, false, 1, true); } public void testAuthTcp4() throws Exception { - IpSecAlgorithm auth = - new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128); - checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, auth, false, 1, false); - checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, auth, false, 1, true); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getKey(256), 128); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, auth, null, false, 1, false); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, auth, null, false, 1, true); } public void testCryptTcp6() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, null, false, 1, false); - checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, null, false, 1, true); + checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, null, null, false, 1, false); + checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, null, null, false, 1, true); } public void testAuthTcp6() throws Exception { - IpSecAlgorithm auth = - new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128); - checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, null, auth, false, 1, false); - checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, null, auth, false, 1, true); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getKey(256), 128); + checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, null, auth, null, false, 1, false); + checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, null, auth, null, false, 1, true); } public void testCryptUdp4UdpEncap() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, null, true, 1, false); - checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, null, true, 1, true); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, null, null, true, 1, false); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, null, null, true, 1, true); } public void testAuthUdp4UdpEncap() throws Exception { - IpSecAlgorithm auth = - new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128); - checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, auth, true, 1, false); - checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, auth, true, 1, true); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getKey(256), 128); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, auth, null, true, 1, false); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, auth, null, true, 1, true); } public void testCryptTcp4UdpEncap() throws Exception { IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); - checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, null, true, 1, false); - checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, null, true, 1, true); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, null, null, true, 1, false); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, null, null, true, 1, true); } public void testAuthTcp4UdpEncap() throws Exception { - IpSecAlgorithm auth = - new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128); - checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, auth, true, 1, false); - checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, auth, true, 1, true); + IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getKey(256), 128); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, auth, null, true, 1, false); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, auth, null, true, 1, true); } public void testOpenUdpEncapSocketSpecificPort() throws Exception { @@ -1180,11 +1295,12 @@ public class IpSecManagerTest extends AndroidTestCase { String localAddr = (remoteAddr instanceof Inet4Address) ? IPV4_LOOPBACK : IPV6_LOOPBACK; return new IpSecTransform.Builder(mContext) - .setEncryption( - new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY)) + .setEncryption(new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY)) .setAuthentication( new IpSecAlgorithm( - IpSecAlgorithm.AUTH_HMAC_SHA256, AUTH_KEY, AUTH_KEY.length * 4)) + IpSecAlgorithm.AUTH_HMAC_SHA256, + AUTH_KEY, + AUTH_KEY.length * 4)) .setIpv4Encapsulation(encapSocket, encapSocket.getPort()) .buildTransportModeTransform(InetAddress.getByName(localAddr), spi); }