Update testCreateTransform() for one-way transforms
This patch augments testCreateTransform() to
selectively apply the ipSecTransform in one/both
directions and then verifies that the link succeeds or
fails correctly. In addition, this converts the test
to use the Java sockets API for DatagramSocket instead
of using the FD-based API. One of the combos does not
fail as expected, so b/72048263 is tracking further
work needed.
Bug: 72047396
Bug: 71717213
Test: cts - IpSecManagerTest
Change-Id: Ied961f442b29f1e66ded37c7ffe7afdd4a5c49da
diff --git a/tests/cts/net/src/android/net/cts/IpSecManagerTest.java b/tests/cts/net/src/android/net/cts/IpSecManagerTest.java
index 025d3cf..96641e3 100644
--- a/tests/cts/net/src/android/net/cts/IpSecManagerTest.java
+++ b/tests/cts/net/src/android/net/cts/IpSecManagerTest.java
@@ -35,6 +35,7 @@
import java.io.FileDescriptor;
import java.io.IOException;
+import java.net.DatagramPacket;
import java.net.DatagramSocket;
import java.net.Inet4Address;
import java.net.Inet6Address;
@@ -307,24 +308,56 @@
AUTH_KEY.length * 8))
.buildTransportModeTransform(localAddr, spi);
- // Bind localSocket to a random available port.
- DatagramSocket localSocket = new DatagramSocket(0);
- int localPort = localSocket.getLocalPort();
- localSocket.setSoTimeout(500);
- ParcelFileDescriptor pin = ParcelFileDescriptor.fromDatagramSocket(localSocket);
- FileDescriptor udpSocket = pin.getFileDescriptor();
-
- // TODO: test combinations of one-way transforms.
- mISM.applyTransportModeTransform(udpSocket, IpSecManager.DIRECTION_IN, transform);
- mISM.applyTransportModeTransform(udpSocket, IpSecManager.DIRECTION_OUT, transform);
- byte[] data = new String("Best test data ever!").getBytes("UTF-8");
+ final boolean [][] applyInApplyOut = {
+ {false, false}, {false, true}, {true, false}, {true,true}};
+ final byte[] data = new String("Best test data ever!").getBytes("UTF-8");
+ final DatagramPacket outPacket = new DatagramPacket(data, 0, data.length, localAddr, 0);
byte[] in = new byte[data.length];
- Os.sendto(udpSocket, data, 0, data.length, 0, localAddr, localPort);
- Os.read(udpSocket, in, 0, in.length);
- assertTrue("Encapsulated data did not match.", Arrays.equals(data, in));
- mISM.removeTransportModeTransforms(udpSocket, transform);
- Os.close(udpSocket);
+ DatagramPacket inPacket = new DatagramPacket(in, in.length);
+ DatagramSocket localSocket;
+ int localPort;
+
+ for(boolean[] io : applyInApplyOut) {
+ boolean applyIn = io[0];
+ boolean applyOut = io[1];
+ // Bind localSocket to a random available port.
+ localSocket = new DatagramSocket(0);
+ localPort = localSocket.getLocalPort();
+ localSocket.setSoTimeout(200);
+ outPacket.setPort(localPort);
+ if (applyIn) {
+ mISM.applyTransportModeTransform(
+ localSocket, IpSecManager.DIRECTION_IN, transform);
+ }
+ if (applyOut) {
+ mISM.applyTransportModeTransform(
+ localSocket, IpSecManager.DIRECTION_OUT, transform);
+ }
+ if (applyIn == applyOut) {
+ localSocket.send(outPacket);
+ localSocket.receive(inPacket);
+ assertTrue("Encapsulated data did not match.",
+ Arrays.equals(outPacket.getData(), inPacket.getData()));
+ mISM.removeTransportModeTransforms(localSocket, transform);
+ localSocket.close();
+ } else {
+ try {
+ localSocket.send(outPacket);
+ localSocket.receive(inPacket);
+ } catch (IOException e) {
+ continue;
+ } finally {
+ mISM.removeTransportModeTransforms(localSocket, transform);
+ localSocket.close();
+ }
+ // FIXME: This check is disabled because sockets currently receive data
+ // if there is a valid SA for decryption, even when the input policy is
+ // not applied to a socket.
+ // fail("Data IO should fail on asymmetrical transforms! + Input="
+ // + applyIn + " Output=" + applyOut);
+ }
+ }
transform.close();
}