Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / def7b1930013e31e85bed904ff38cc3af71e75b2 / . / tests / net / java / com / android / server / IpSecServiceParameterizedTest.java
blob: 9057a108dec4b8a06ee25b011ac20c3a02d1ee23 [file] [log] [blame]
Nathan Harold2e9a5202017-09-26 11:44:23 -0700[diff] [blame]1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server;
18
19import static org.junit.Assert.assertEquals;
20import static org.mockito.Matchers.anyInt;
21import static org.mockito.Matchers.anyLong;
22import static org.mockito.Matchers.anyString;
23import static org.mockito.Matchers.eq;
24import static org.mockito.Mockito.mock;
25import static org.mockito.Mockito.verify;
26import static org.mockito.Mockito.when;
27
28import android.content.Context;
29import android.net.INetd;
30import android.net.IpSecAlgorithm;
31import android.net.IpSecConfig;
32import android.net.IpSecManager;
33import android.net.IpSecSpiResponse;
34import android.net.IpSecTransform;
35import android.net.IpSecTransformResponse;
36import android.net.NetworkUtils;
37import android.os.Binder;
38import android.os.ParcelFileDescriptor;
39import android.support.test.filters.SmallTest;
40import android.system.OsConstants;
41
42import java.net.Socket;
43import java.util.Arrays;
44import java.util.Collection;
45
46import org.junit.Before;
47import org.junit.Test;
48import org.junit.runner.RunWith;
49import org.junit.runners.Parameterized;
50
51/** Unit tests for {@link IpSecService}. */
52@SmallTest
53@RunWith(Parameterized.class)
54public class IpSecServiceParameterizedTest {
55
56 private static final int DROID_SPI = 0xD1201D;
57 private static final int DROID_SPI2 = DROID_SPI + 1;
58
59 private final String mRemoteAddr;
60
61 @Parameterized.Parameters
62 public static Collection ipSecConfigs() {
63 return Arrays.asList(new Object[][] {{"8.8.4.4"}, {"2601::10"}});
64 }
65
66 private static final byte[] CRYPT_KEY = {
67 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
68 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
69 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
70 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
71 };
72 private static final byte[] AUTH_KEY = {
73 0x7A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
74 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7F,
75 0x7A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
76 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7F
77 };
78
79 Context mMockContext;
80 INetd mMockNetd;
81 IpSecService.IpSecServiceConfiguration mMockIpSecSrvConfig;
82 IpSecService mIpSecService;
83
84 public IpSecServiceParameterizedTest(String remoteAddr) {
85 mRemoteAddr = remoteAddr;
86 }
87
88 @Before
89 public void setUp() throws Exception {
90 mMockContext = mock(Context.class);
91 mMockNetd = mock(INetd.class);
92 mMockIpSecSrvConfig = mock(IpSecService.IpSecServiceConfiguration.class);
93 mIpSecService = new IpSecService(mMockContext, mMockIpSecSrvConfig);
94
95 // Injecting mock netd
96 when(mMockIpSecSrvConfig.getNetdInstance()).thenReturn(mMockNetd);
97 }
98
99 @Test
100 public void testIpSecServiceReserveSpi() throws Exception {
101 when(mMockNetd.ipSecAllocateSpi(
102 anyInt(),
103 eq(IpSecTransform.DIRECTION_OUT),
104 anyString(),
105 eq(mRemoteAddr),
106 eq(DROID_SPI)))
107 .thenReturn(DROID_SPI);
108
109 IpSecSpiResponse spiResp =
110 mIpSecService.reserveSecurityParameterIndex(
111 IpSecTransform.DIRECTION_OUT, mRemoteAddr, DROID_SPI, new Binder());
112 assertEquals(IpSecManager.Status.OK, spiResp.status);
113 assertEquals(DROID_SPI, spiResp.spi);
114 }
115
116 @Test
117 public void testReleaseSecurityParameterIndex() throws Exception {
118 when(mMockNetd.ipSecAllocateSpi(
119 anyInt(),
120 eq(IpSecTransform.DIRECTION_OUT),
121 anyString(),
122 eq(mRemoteAddr),
123 eq(DROID_SPI)))
124 .thenReturn(DROID_SPI);
125
126 IpSecSpiResponse spiResp =
127 mIpSecService.reserveSecurityParameterIndex(
128 IpSecTransform.DIRECTION_OUT, mRemoteAddr, DROID_SPI, new Binder());
129
130 mIpSecService.releaseSecurityParameterIndex(spiResp.resourceId);
131
132 verify(mMockNetd)
133 .ipSecDeleteSecurityAssociation(
134 eq(spiResp.resourceId), anyInt(), anyString(), anyString(), eq(DROID_SPI));
135 }
136
137 IpSecConfig buildIpSecConfig() throws Exception {
138 IpSecManager ipSecManager = new IpSecManager(mIpSecService);
139
140 // Mocking the netd to allocate SPI
141 when(mMockNetd.ipSecAllocateSpi(anyInt(), anyInt(), anyString(), anyString(), anyInt()))
142 .thenReturn(DROID_SPI)
143 .thenReturn(DROID_SPI2);
144
145 IpSecAlgorithm encryptAlgo = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY);
146 IpSecAlgorithm authAlgo =
147 new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, AUTH_KEY, AUTH_KEY.length * 8);
148
149 /** Allocate and add SPI records in the IpSecService through IpSecManager interface. */
150 IpSecManager.SecurityParameterIndex outSpi =
151 ipSecManager.reserveSecurityParameterIndex(
152 IpSecTransform.DIRECTION_OUT,
153 NetworkUtils.numericToInetAddress(mRemoteAddr));
154 IpSecManager.SecurityParameterIndex inSpi =
155 ipSecManager.reserveSecurityParameterIndex(
156 IpSecTransform.DIRECTION_IN,
157 NetworkUtils.numericToInetAddress(mRemoteAddr));
158
159 IpSecConfig config = new IpSecConfig();
160 config.setSpiResourceId(IpSecTransform.DIRECTION_IN, inSpi.getResourceId());
161 config.setSpiResourceId(IpSecTransform.DIRECTION_OUT, outSpi.getResourceId());
162 config.setEncryption(IpSecTransform.DIRECTION_OUT, encryptAlgo);
163 config.setAuthentication(IpSecTransform.DIRECTION_OUT, authAlgo);
164 config.setEncryption(IpSecTransform.DIRECTION_IN, encryptAlgo);
165 config.setAuthentication(IpSecTransform.DIRECTION_IN, authAlgo);
166 config.setRemoteAddress(mRemoteAddr);
167 return config;
168 }
169
170 @Test
171 public void testCreateTransportModeTransform() throws Exception {
172 IpSecConfig ipSecConfig = buildIpSecConfig();
173
174 IpSecTransformResponse createTransformResp =
175 mIpSecService.createTransportModeTransform(ipSecConfig, new Binder());
176 assertEquals(IpSecManager.Status.OK, createTransformResp.status);
177
178 verify(mMockNetd)
179 .ipSecAddSecurityAssociation(
180 eq(createTransformResp.resourceId),
181 anyInt(),
182 eq(IpSecTransform.DIRECTION_OUT),
183 anyString(),
184 anyString(),
185 anyLong(),
186 eq(DROID_SPI),
187 eq(IpSecAlgorithm.AUTH_HMAC_SHA256),
188 eq(AUTH_KEY),
189 anyInt(),
190 eq(IpSecAlgorithm.CRYPT_AES_CBC),
191 eq(CRYPT_KEY),
192 anyInt(),
193 anyInt(),
194 anyInt(),
195 anyInt());
196 verify(mMockNetd)
197 .ipSecAddSecurityAssociation(
198 eq(createTransformResp.resourceId),
199 anyInt(),
200 eq(IpSecTransform.DIRECTION_IN),
201 anyString(),
202 anyString(),
203 anyLong(),
204 eq(DROID_SPI2),
205 eq(IpSecAlgorithm.AUTH_HMAC_SHA256),
206 eq(AUTH_KEY),
207 anyInt(),
208 eq(IpSecAlgorithm.CRYPT_AES_CBC),
209 eq(CRYPT_KEY),
210 anyInt(),
211 anyInt(),
212 anyInt(),
213 anyInt());
214 }
215
216 @Test
217 public void testDeleteTransportModeTransform() throws Exception {
218 IpSecConfig ipSecConfig = buildIpSecConfig();
219
220 IpSecTransformResponse createTransformResp =
221 mIpSecService.createTransportModeTransform(ipSecConfig, new Binder());
222 mIpSecService.deleteTransportModeTransform(createTransformResp.resourceId);
223
224 verify(mMockNetd)
225 .ipSecDeleteSecurityAssociation(
226 eq(createTransformResp.resourceId),
227 eq(IpSecTransform.DIRECTION_OUT),
228 anyString(),
229 anyString(),
230 eq(DROID_SPI));
231 verify(mMockNetd)
232 .ipSecDeleteSecurityAssociation(
233 eq(createTransformResp.resourceId),
234 eq(IpSecTransform.DIRECTION_IN),
235 anyString(),
236 anyString(),
237 eq(DROID_SPI2));
238 }
239
240 @Test
241 public void testApplyTransportModeTransform() throws Exception {
242 IpSecConfig ipSecConfig = buildIpSecConfig();
243
244 IpSecTransformResponse createTransformResp =
245 mIpSecService.createTransportModeTransform(ipSecConfig, new Binder());
246 ParcelFileDescriptor pfd = ParcelFileDescriptor.fromSocket(new Socket());
247
248 int resourceId = createTransformResp.resourceId;
249 mIpSecService.applyTransportModeTransform(pfd, resourceId);
250
251 verify(mMockNetd)
252 .ipSecApplyTransportModeTransform(
253 eq(pfd.getFileDescriptor()),
254 eq(resourceId),
255 eq(IpSecTransform.DIRECTION_OUT),
256 anyString(),
257 anyString(),
258 eq(DROID_SPI));
259 verify(mMockNetd)
260 .ipSecApplyTransportModeTransform(
261 eq(pfd.getFileDescriptor()),
262 eq(resourceId),
263 eq(IpSecTransform.DIRECTION_IN),
264 anyString(),
265 anyString(),
266 eq(DROID_SPI2));
267 }
268
269 @Test
270 public void testRemoveTransportModeTransform() throws Exception {
271 ParcelFileDescriptor pfd = ParcelFileDescriptor.fromSocket(new Socket());
272 mIpSecService.removeTransportModeTransform(pfd, 1);
273
274 verify(mMockNetd).ipSecRemoveTransportModeTransform(pfd.getFileDescriptor());
275 }
276}