Add tests where only auth or crypt are enabled
This patch adds tests for cases where only auth or crypt are enabled.
These cases are supported, and this patch adds test coverage.
Bug: 75049573
Test: this, run on walleye
Merged-In: I656d9c4a86c13ce4928d6bd68a9e0d48cf805191
Change-Id: I656d9c4a86c13ce4928d6bd68a9e0d48cf805191
(cherry picked from commit 69517633288bac80d31f53720b2837b261926485)
diff --git a/tests/cts/net/src/android/net/cts/IpSecManagerTest.java b/tests/cts/net/src/android/net/cts/IpSecManagerTest.java
index 0ef3792..7c09e41 100644
--- a/tests/cts/net/src/android/net/cts/IpSecManagerTest.java
+++ b/tests/cts/net/src/android/net/cts/IpSecManagerTest.java
@@ -464,6 +464,38 @@
}
}
+ private int getTruncLenBits(IpSecAlgorithm auth) {
+ return auth == null ? 0 : auth.getTruncationLengthBits();
+ }
+
+ private int getIvLen(IpSecAlgorithm crypt) {
+ if (crypt == null) {
+ return 0;
+ }
+
+ switch (crypt.getName()) {
+ case IpSecAlgorithm.CRYPT_AES_CBC:
+ return AES_CBC_IV_LEN;
+ default:
+ throw new IllegalArgumentException(
+ "IV length unknown for algorithm" + crypt.getName());
+ }
+ }
+
+ private int getBlkSize(IpSecAlgorithm crypt) {
+ if (crypt == null) {
+ return 4;
+ }
+
+ switch (crypt.getName()) {
+ case IpSecAlgorithm.CRYPT_AES_CBC:
+ return AES_CBC_BLK_SIZE;
+ default:
+ throw new IllegalArgumentException(
+ "Blk size unknown for algorithm" + crypt.getName());
+ }
+ }
+
/** Helper function to calculate expected ESP packet size. */
private int calculateEspPacketSize(
int payloadLen, int cryptIvLength, int cryptBlockSize, int authTruncLen) {
@@ -477,11 +509,6 @@
return payloadLen + ESP_HDRLEN + ICV_LEN;
}
- /** Helper function to calculate expected ESP packet size using AES-CBC encryption. */
- private int calculateAesCbcEspPacketSizeWithAuth(int payloadLen, int authTruncLen) {
- return calculateEspPacketSize(payloadLen, AES_CBC_IV_LEN, AES_CBC_BLK_SIZE, authTruncLen);
- }
-
public void checkTransform(
int protocol,
String localAddress,
@@ -498,10 +525,13 @@
IpSecManager.SecurityParameterIndex spi =
mISM.allocateSecurityParameterIndex(local)) {
- IpSecTransform.Builder transformBuilder =
- new IpSecTransform.Builder(mContext)
- .setEncryption(crypt)
- .setAuthentication(auth);
+ IpSecTransform.Builder transformBuilder = new IpSecTransform.Builder(mContext);
+ if (crypt != null) {
+ transformBuilder.setEncryption(crypt);
+ }
+ if (auth != null) {
+ transformBuilder.setAuthentication(auth);
+ }
if (doUdpEncap) {
transformBuilder =
@@ -533,7 +563,9 @@
transportHdrLen,
udpEncapLen,
sendCount,
- auth.getTruncationLengthBits());
+ getIvLen(crypt),
+ getBlkSize(crypt),
+ getTruncLenBits(auth));
}
}
@@ -543,13 +575,15 @@
int transportHdrLen,
int udpEncapLen,
int sendCount,
+ int ivLen,
+ int blkSize,
int truncLenBits)
throws Exception {
int innerPacketSize = TEST_DATA.length + transportHdrLen + ipHdrLen;
int outerPacketSize =
- calculateAesCbcEspPacketSizeWithAuth(
- TEST_DATA.length + transportHdrLen, truncLenBits)
+ calculateEspPacketSize(
+ TEST_DATA.length + transportHdrLen, ivLen, blkSize, truncLenBits)
+ udpEncapLen
+ ipHdrLen;
@@ -560,7 +594,7 @@
// Add TCP ACKs for data packets
if (protocol == IPPROTO_TCP) {
int encryptedTcpPktSize =
- calculateAesCbcEspPacketSizeWithAuth(TCP_HDRLEN_WITH_OPTIONS, truncLenBits);
+ calculateEspPacketSize(TCP_HDRLEN_WITH_OPTIONS, ivLen, blkSize, truncLenBits);
// Each run sends two packets, one in each direction.
sendCount *= 2;
@@ -898,6 +932,84 @@
checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, auth, true, 1, false);
}
+ public void testCryptUdp4() throws Exception {
+ IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY);
+ checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, null, false, 1, false);
+ checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, null, false, 1, true);
+ }
+
+ public void testAuthUdp4() throws Exception {
+ IpSecAlgorithm auth =
+ new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128);
+ checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, auth, false, 1, false);
+ checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, auth, false, 1, true);
+ }
+
+ public void testCryptUdp6() throws Exception {
+ IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY);
+ checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, null, false, 1, false);
+ checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, crypt, null, false, 1, true);
+ }
+
+ public void testAuthUdp6() throws Exception {
+ IpSecAlgorithm auth =
+ new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128);
+ checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, null, auth, false, 1, false);
+ checkTransform(IPPROTO_UDP, IPV6_LOOPBACK, null, auth, false, 1, true);
+ }
+
+ public void testCryptTcp4() throws Exception {
+ IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY);
+ checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, null, false, 1, false);
+ checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, null, false, 1, true);
+ }
+
+ public void testAuthTcp4() throws Exception {
+ IpSecAlgorithm auth =
+ new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128);
+ checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, auth, false, 1, false);
+ checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, auth, false, 1, true);
+ }
+
+ public void testCryptTcp6() throws Exception {
+ IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY);
+ checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, null, false, 1, false);
+ checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, crypt, null, false, 1, true);
+ }
+
+ public void testAuthTcp6() throws Exception {
+ IpSecAlgorithm auth =
+ new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128);
+ checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, null, auth, false, 1, false);
+ checkTransform(IPPROTO_TCP, IPV6_LOOPBACK, null, auth, false, 1, true);
+ }
+
+ public void testCryptUdp4UdpEncap() throws Exception {
+ IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY);
+ checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, null, true, 1, false);
+ checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, crypt, null, true, 1, true);
+ }
+
+ public void testAuthUdp4UdpEncap() throws Exception {
+ IpSecAlgorithm auth =
+ new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128);
+ checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, auth, true, 1, false);
+ checkTransform(IPPROTO_UDP, IPV4_LOOPBACK, null, auth, true, 1, true);
+ }
+
+ public void testCryptTcp4UdpEncap() throws Exception {
+ IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY);
+ checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, null, true, 1, false);
+ checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, crypt, null, true, 1, true);
+ }
+
+ public void testAuthTcp4UdpEncap() throws Exception {
+ IpSecAlgorithm auth =
+ new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, getAuthKey(256), 128);
+ checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, auth, true, 1, false);
+ checkTransform(IPPROTO_TCP, IPV4_LOOPBACK, null, auth, true, 1, true);
+ }
+
public void testOpenUdpEncapSocketSpecificPort() throws Exception {
IpSecManager.UdpEncapsulationSocket encapSocket = null;
int port = -1;