From f8ccb00aa6a293bc5d4a811f28b7ed77e8662fda Mon Sep 17 00:00:00 2001 From: Benedict Wong Date: Thu, 15 Mar 2018 18:17:22 -0700 Subject: [PATCH] Add tests where only auth or crypt are enabled This patch adds tests for cases where only auth or crypt are enabled. These cases are supported, and this patch adds test coverage. Bug: 75049573 Test: this, run on walleye Change-Id: I656d9c4a86c13ce4928d6bd68a9e0d48cf805191 --- .../src/android/net/cts/IpSecManagerTest.java | 138 ++++++++++++++++-- 1 file changed, 125 insertions(+), 13 deletions(-) diff --git a/tests/cts/net/src/android/net/cts/IpSecManagerTest.java b/tests/cts/net/src/android/net/cts/IpSecManagerTest.java index 0ef379292c..7c09e41878 100644 --- a/tests/cts/net/src/android/net/cts/IpSecManagerTest.java +++ b/tests/cts/net/src/android/net/cts/IpSecManagerTest.java @@ -464,6 +464,38 @@ public class IpSecManagerTest extends AndroidTestCase { } } + private int getTruncLenBits(IpSecAlgorithm auth) { + return auth == null ? 0 : auth.getTruncationLengthBits(); + } + + private int getIvLen(IpSecAlgorithm crypt) { + if (crypt == null) { + return 0; + } + + switch (crypt.getName()) { + case IpSecAlgorithm.CRYPT_AES_CBC: + return AES_CBC_IV_LEN; + default: + throw new IllegalArgumentException( + "IV length unknown for algorithm" + crypt.getName()); + } + } + + private int getBlkSize(IpSecAlgorithm crypt) { + if (crypt == null) { + return 4; + } + + switch (crypt.getName()) { + case IpSecAlgorithm.CRYPT_AES_CBC: + return AES_CBC_BLK_SIZE; + default: + throw new IllegalArgumentException( + "Blk size unknown for algorithm" + crypt.getName()); + } + } + /** Helper function to calculate expected ESP packet size. */ private int calculateEspPacketSize( int payloadLen, int cryptIvLength, int cryptBlockSize, int authTruncLen) { @@ -477,11 +509,6 @@ public class IpSecManagerTest extends AndroidTestCase { return payloadLen + ESP_HDRLEN + ICV_LEN; } - /** Helper function to calculate expected ESP packet size using AES-CBC encryption. */ - private int calculateAesCbcEspPacketSizeWithAuth(int payloadLen, int authTruncLen) { - return calculateEspPacketSize(payloadLen, AES_CBC_IV_LEN, AES_CBC_BLK_SIZE, authTruncLen); - } - public void checkTransform( int protocol, String localAddress, @@ -498,10 +525,13 @@ public class IpSecManagerTest extends AndroidTestCase { IpSecManager.SecurityParameterIndex spi = mISM.allocateSecurityParameterIndex(local)) { - IpSecTransform.Builder transformBuilder = - new IpSecTransform.Builder(mContext) - .setEncryption(crypt) - .setAuthentication(auth); + IpSecTransform.Builder transformBuilder = new IpSecTransform.Builder(mContext); + if (crypt != null) { + transformBuilder.setEncryption(crypt); + } + if (auth != null) { + transformBuilder.setAuthentication(auth); + } if (doUdpEncap) { transformBuilder = @@ -533,7 +563,9 @@ public class IpSecManagerTest extends AndroidTestCase { transportHdrLen, udpEncapLen, sendCount, - auth.getTruncationLengthBits()); + getIvLen(crypt), + getBlkSize(crypt), + getTruncLenBits(auth)); } } @@ -543,13 +575,15 @@ public class IpSecManagerTest extends AndroidTestCase { int transportHdrLen, int udpEncapLen, int sendCount, + int ivLen, + int blkSize, int truncLenBits) throws Exception { int innerPacketSize = TEST_DATA.length + transportHdrLen + ipHdrLen; int outerPacketSize = - calculateAesCbcEspPacketSizeWithAuth( - TEST_DATA.length + transportHdrLen, truncLenBits) + calculateEspPacketSize( + TEST_DATA.length + transportHdrLen, ivLen, blkSize, truncLenBits) + udpEncapLen + ipHdrLen; @@ -560,7 +594,7 @@ public class IpSecManagerTest extends AndroidTestCase { // Add TCP ACKs for data packets if (protocol == IPPROTO_TCP) { int encryptedTcpPktSize = - calculateAesCbcEspPacketSizeWithAuth(TCP_HDRLEN_WITH_OPTIONS, truncLenBits); + calculateEspPacketSize(TCP_HDRLEN_WITH_OPTIONS, ivLen, blkSize, truncLenBits); // Each run sends two packets, one in each direction. sendCount *= 2; @@ -898,6 +932,84 @@ public class IpSecManagerTest extends AndroidTestCase { checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, true, 1, false); } + public void testCryptUdp4() throws Exception { + IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, null, false, 1, false); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, null, false, 1, true); + } + + public void testAuthUdp4() throws Exception { + IpSecAlgorithm auth = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, auth, false, 1, false); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, auth, false, 1, true); + } + + public void testCryptUdp6() throws Exception { + IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); + checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, null, false, 1, false); + checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, null, false, 1, true); + } + + public void testAuthUdp6() throws Exception { + IpSecAlgorithm auth = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128); + checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, null, auth, false, 1, false); + checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, null, auth, false, 1, true); + } + + public void testCryptTcp4() throws Exception { + IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, null, false, 1, false); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, null, false, 1, true); + } + + public void testAuthTcp4() throws Exception { + IpSecAlgorithm auth = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, auth, false, 1, false); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, auth, false, 1, true); + } + + public void testCryptTcp6() throws Exception { + IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); + checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, null, false, 1, false); + checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, null, false, 1, true); + } + + public void testAuthTcp6() throws Exception { + IpSecAlgorithm auth = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128); + checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, null, auth, false, 1, false); + checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, null, auth, false, 1, true); + } + + public void testCryptUdp4UdpEncap() throws Exception { + IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, null, true, 1, false); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, null, true, 1, true); + } + + public void testAuthUdp4UdpEncap() throws Exception { + IpSecAlgorithm auth = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, auth, true, 1, false); + checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, auth, true, 1, true); + } + + public void testCryptTcp4UdpEncap() throws Exception { + IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, null, true, 1, false); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, null, true, 1, true); + } + + public void testAuthTcp4UdpEncap() throws Exception { + IpSecAlgorithm auth = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, auth, true, 1, false); + checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, auth, true, 1, true); + } + public void testOpenUdpEncapSocketSpecificPort() throws Exception { IpSecManager.UdpEncapsulationSocket encapSocket = null; int port = -1;