1# 2# Copyright 2018 - The Android Open Source Project 3# 4# Licensed under the Apache License, Version 2.0 (the "License"); 5# you may not use this file except in compliance with the License. 6# You may obtain a copy of the License at 7# 8# http://www.apache.org/licenses/LICENSE-2.0 9# 10# Unless required by applicable law or agreed to in writing, software 11# distributed under the License is distributed on an "AS IS" BASIS, 12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13# See the License for the specific language governing permissions and 14# limitations under the License. 15 16from acts import asserts 17from acts import base_test 18from acts.controllers import adb 19from acts.test_decorators import test_tracker_info 20from acts.test_utils.net import connectivity_const as cconst 21from acts.test_utils.net import ipsec_test_utils as iutils 22from acts.test_utils.net import socket_test_utils as sutils 23from acts.test_utils.net.net_test_utils import start_tcpdump 24from acts.test_utils.net.net_test_utils import stop_tcpdump 25from acts.test_utils.wifi import wifi_test_utils as wutils 26 27import random 28 29WLAN = "wlan0" 30 31 32class IpSecTest(base_test.BaseTestClass): 33 """ Tests for UID networking """ 34 35 def setup_class(self): 36 """ Setup devices for tests and unpack params """ 37 self.dut_a = self.android_devices[0] 38 self.dut_b = self.android_devices[1] 39 40 req_params = ("wifi_network",) 41 self.unpack_userparams(req_params) 42 wutils.wifi_connect(self.dut_a, self.wifi_network) 43 wutils.wifi_connect(self.dut_b, self.wifi_network) 44 45 self.ipv4_dut_a = self.dut_a.droid.connectivityGetIPv4Addresses(WLAN)[0] 46 self.ipv4_dut_b = self.dut_b.droid.connectivityGetIPv4Addresses(WLAN)[0] 47 self.ipv6_dut_a = self.dut_a.droid.connectivityGetIPv6Addresses(WLAN)[0] 48 self.ipv6_dut_b = self.dut_b.droid.connectivityGetIPv6Addresses(WLAN)[0] 49 50 self.crypt_auth_combos = iutils.generate_random_crypt_auth_combo() 51 52 self.tcpdump_pid_a = None 53 self.tcpdump_pid_b = None 54 55 def teardown_class(self): 56 for ad in self.android_devices: 57 wutils.reset_wifi(ad) 58 59 def setup_test(self): 60 self.tcpdump_pid_a = start_tcpdump(self.dut_a, self.test_name) 61 self.tcpdump_pid_b = start_tcpdump(self.dut_b, self.test_name) 62 63 def teardown_test(self): 64 stop_tcpdump(self.dut_a, self.tcpdump_pid_a, self.test_name) 65 stop_tcpdump(self.dut_b, self.tcpdump_pid_b, self.test_name) 66 67 def on_fail(self, test_name, begin_time): 68 self.dut_a.take_bug_report(test_name, begin_time) 69 self.dut_b.take_bug_report(test_name, begin_time) 70 71 """ Helper functions begin """ 72 73 def _test_spi_allocate_release_req_spi(self, dut, ip): 74 req_spi = random.randint(1, 999999999) 75 self.log.info("IP addr: %s" % ip) 76 self.log.info("Request SPI: %s" % req_spi) 77 key = dut.droid.ipSecAllocateSecurityParameterIndex(ip, req_spi) 78 spi = dut.droid.ipSecGetSecurityParameterIndex(key) 79 self.log.info("Got: %s" % spi) 80 dut.droid.ipSecReleaseSecurityParameterIndex(key) 81 asserts.assert_true(req_spi == spi, "Incorrect SPI") 82 spi = dut.droid.ipSecGetSecurityParameterIndex(key) 83 self.log.info("SPI after release: %s" % spi) 84 asserts.assert_true(spi == 0, "Release SPI failed") 85 86 def _test_spi_allocate_release_random_spi(self, dut, ip): 87 self.log.info("IP addr: %s" % ip) 88 key = dut.droid.ipSecAllocateSecurityParameterIndex(ip) 89 spi = dut.droid.ipSecGetSecurityParameterIndex(key) 90 self.log.info("Got: %s" % spi) 91 dut.droid.ipSecReleaseSecurityParameterIndex(key) 92 spi = dut.droid.ipSecGetSecurityParameterIndex(key) 93 self.log.info("SPI after release: %s" % spi) 94 asserts.assert_true(spi == 0, "Release SPI failed") 95 96 def _test_transport_mode_transform_file_descriptors(self, 97 domain, 98 sock_type, 99 udp_encap = False): 100 """Test transport mode tranform with android.system.Os sockets""" 101 102 # dut objects & ip addrs 103 dut_a = self.dut_a 104 dut_b = self.dut_b 105 port = random.randint(5000, 6000) 106 udp_encap_port = 4500 107 ip_a = self.ipv4_dut_a 108 ip_b = self.ipv4_dut_b 109 if domain == cconst.AF_INET6: 110 ip_a = self.ipv6_dut_a 111 ip_b = self.ipv6_dut_b 112 self.log.info("DUT_A IP addr: %s" % ip_a) 113 self.log.info("DUT_B IP addr: %s" % ip_b) 114 self.log.info("Port: %s" % port) 115 116 # create crypt and auth keys 117 cl, auth_algo, al, trunc_bits = random.choice(self.crypt_auth_combos) 118 crypt_key = iutils.make_key(cl) 119 auth_key = iutils.make_key(al) 120 crypt_algo = cconst.CRYPT_AES_CBC 121 122 # open sockets 123 fd_a = sutils.open_android_socket(dut_a, domain, sock_type, ip_a, port) 124 fd_b = sutils.open_android_socket(dut_b, domain, sock_type, ip_b, port) 125 126 # allocate SPIs 127 spi_keys_a = iutils.allocate_spis(dut_a, ip_a, ip_b) 128 in_spi = dut_a.droid.ipSecGetSecurityParameterIndex(spi_keys_a[0]) 129 out_spi = dut_a.droid.ipSecGetSecurityParameterIndex(spi_keys_a[1]) 130 spi_keys_b = iutils.allocate_spis(dut_b, ip_b, ip_a, out_spi, in_spi) 131 132 # open udp encap sockets 133 udp_encap_a = None 134 udp_encap_b = None 135 if udp_encap: 136 udp_encap_a = dut_a.droid.ipSecOpenUdpEncapsulationSocket( 137 udp_encap_port) 138 udp_encap_b = dut_b.droid.ipSecOpenUdpEncapsulationSocket( 139 udp_encap_port) 140 self.log.info("UDP Encap: %s" % udp_encap_a) 141 self.log.info("UDP Encap: %s" % udp_encap_b) 142 143 # create transforms 144 transforms_a = iutils.create_transport_mode_transforms( 145 dut_a, spi_keys_a, ip_a, ip_b, crypt_algo, crypt_key, auth_algo, 146 auth_key, trunc_bits, udp_encap_a) 147 transforms_b = iutils.create_transport_mode_transforms( 148 dut_b, spi_keys_b, ip_b, ip_a, crypt_algo, crypt_key, auth_algo, 149 auth_key, trunc_bits, udp_encap_b) 150 151 # apply transforms to socket 152 iutils.apply_transport_mode_transforms_file_descriptors( 153 dut_a, fd_a, transforms_a) 154 iutils.apply_transport_mode_transforms_file_descriptors( 155 dut_b, fd_b, transforms_b) 156 157 # listen, connect, accept if TCP socket 158 if sock_type == cconst.SOCK_STREAM: 159 server_fd = fd_b 160 self.log.info("Setup TCP connection") 161 dut_b.droid.listenSocket(fd_b) 162 dut_a.droid.connectSocket(fd_a, ip_b, port) 163 fd_b = dut_b.droid.acceptSocket(fd_b) 164 asserts.assert_true(fd_b, "accept() failed") 165 166 # Send message from one dut to another 167 sutils.send_recv_data_android_sockets( 168 dut_a, dut_b, fd_a, fd_b, ip_b, port) 169 170 # verify ESP packets 171 iutils.verify_esp_packets([dut_a, dut_b]) 172 173 # remove transforms from socket 174 iutils.remove_transport_mode_transforms_file_descriptors(dut_a, fd_a) 175 iutils.remove_transport_mode_transforms_file_descriptors(dut_b, fd_b) 176 177 # destroy transforms 178 iutils.destroy_transport_mode_transforms(dut_a, transforms_a) 179 iutils.destroy_transport_mode_transforms(dut_b, transforms_b) 180 181 # close udp encap sockets 182 if udp_encap: 183 dut_a.droid.ipSecCloseUdpEncapsulationSocket(udp_encap_a) 184 dut_b.droid.ipSecCloseUdpEncapsulationSocket(udp_encap_b) 185 186 # release SPIs 187 iutils.release_spis(dut_a, spi_keys_a) 188 iutils.release_spis(dut_b, spi_keys_b) 189 190 # Send message from one dut to another 191 sutils.send_recv_data_android_sockets( 192 dut_a, dut_b, fd_a, fd_b, ip_b, port) 193 194 # close sockets 195 sutils.close_android_socket(dut_a, fd_a) 196 sutils.close_android_socket(dut_b, fd_b) 197 if sock_type == cconst.SOCK_STREAM: 198 sutils.close_android_socket(dut_b, server_fd) 199 200 def _test_transport_mode_transform_datagram_sockets(self, 201 domain, 202 udp_encap = False): 203 """ Test transport mode transform datagram sockets """ 204 205 # dut objects and ip addrs 206 dut_a = self.dut_a 207 dut_b = self.dut_b 208 port = random.randint(5000, 6000) 209 udp_encap_port = 4500 210 ip_a = self.ipv4_dut_a 211 ip_b = self.ipv4_dut_b 212 if domain == cconst.AF_INET6: 213 ip_a = self.ipv6_dut_a 214 ip_b = self.ipv6_dut_b 215 self.log.info("DUT_A IP addr: %s" % ip_a) 216 self.log.info("DUT_B IP addr: %s" % ip_b) 217 self.log.info("Port: %s" % port) 218 219 # create crypt and auth keys 220 cl, auth_algo, al, trunc_bits = random.choice(self.crypt_auth_combos) 221 crypt_key = iutils.make_key(cl) 222 auth_key = iutils.make_key(al) 223 crypt_algo = cconst.CRYPT_AES_CBC 224 225 # open sockets 226 socket_a = sutils.open_datagram_socket(dut_a, ip_a, port) 227 socket_b = sutils.open_datagram_socket(dut_b, ip_b, port) 228 229 # allocate SPIs 230 spi_keys_a = iutils.allocate_spis(dut_a, ip_a, ip_b) 231 in_spi = dut_a.droid.ipSecGetSecurityParameterIndex(spi_keys_a[0]) 232 out_spi = dut_a.droid.ipSecGetSecurityParameterIndex(spi_keys_a[1]) 233 spi_keys_b = iutils.allocate_spis(dut_b, ip_b, ip_a, out_spi, in_spi) 234 235 # open udp encap sockets 236 udp_encap_a = None 237 udp_encap_b = None 238 if udp_encap: 239 udp_encap_a = dut_a.droid.ipSecOpenUdpEncapsulationSocket( 240 udp_encap_port) 241 udp_encap_b = dut_b.droid.ipSecOpenUdpEncapsulationSocket( 242 udp_encap_port) 243 self.log.info("UDP Encap: %s" % udp_encap_a) 244 self.log.info("UDP Encap: %s" % udp_encap_b) 245 246 # create transforms 247 transforms_a = iutils.create_transport_mode_transforms( 248 dut_a, spi_keys_a, ip_a, ip_b, crypt_algo, crypt_key, auth_algo, 249 auth_key, trunc_bits, udp_encap_a) 250 transforms_b = iutils.create_transport_mode_transforms( 251 dut_b, spi_keys_b, ip_b, ip_a, crypt_algo, crypt_key, auth_algo, 252 auth_key, trunc_bits, udp_encap_b) 253 254 # apply transforms 255 iutils.apply_transport_mode_transforms_datagram_socket( 256 dut_a, socket_a, transforms_a) 257 iutils.apply_transport_mode_transforms_datagram_socket( 258 dut_b, socket_b, transforms_b) 259 260 # send and verify message from one dut to another 261 sutils.send_recv_data_datagram_sockets( 262 dut_a, dut_b, socket_a, socket_b, ip_b, port) 263 264 # verify ESP packets 265 iutils.verify_esp_packets([dut_a, dut_b]) 266 267 # remove transforms 268 iutils.remove_transport_mode_transforms_datagram_socket(dut_a, socket_a) 269 iutils.remove_transport_mode_transforms_datagram_socket(dut_b, socket_b) 270 271 # destroy transforms 272 iutils.destroy_transport_mode_transforms(dut_a, transforms_a) 273 iutils.destroy_transport_mode_transforms(dut_b, transforms_b) 274 275 # close udp encap sockets 276 if udp_encap: 277 dut_a.droid.ipSecCloseUdpEncapsulationSocket(udp_encap_a) 278 dut_b.droid.ipSecCloseUdpEncapsulationSocket(udp_encap_b) 279 280 # release SPIs 281 iutils.release_spis(dut_a, spi_keys_a) 282 iutils.release_spis(dut_b, spi_keys_b) 283 284 # Send and verify message from one dut to another 285 sutils.send_recv_data_datagram_sockets( 286 dut_a, dut_b, socket_a, socket_b, ip_b, port) 287 288 # close sockets 289 sutils.close_datagram_socket(dut_a, socket_a) 290 sutils.close_datagram_socket(dut_b, socket_b) 291 292 def _test_transport_mode_transform_sockets(self, domain, udp_encap = False): 293 294 # dut objects and ip addrs 295 dut_a = self.dut_a 296 dut_b = self.dut_b 297 port = random.randint(5000, 6000) 298 ip_a = self.ipv4_dut_a 299 ip_b = self.ipv4_dut_b 300 if domain == cconst.AF_INET6: 301 ip_a = self.ipv6_dut_a 302 ip_b = self.ipv6_dut_b 303 self.log.info("DUT_A IP addr: %s" % ip_a) 304 self.log.info("DUT_B IP addr: %s" % ip_b) 305 self.log.info("Port: %s" % port) 306 udp_encap_port = 4500 307 308 # open sockets 309 server_sock = sutils.open_server_socket(dut_b, ip_b, port) 310 sock_a, sock_b = sutils.open_connect_socket( 311 dut_a, dut_b, ip_a, ip_b, port, port, server_sock) 312 313 # create crypt and auth keys 314 cl, auth_algo, al, trunc_bits = random.choice(self.crypt_auth_combos) 315 crypt_key = iutils.make_key(cl) 316 auth_key = iutils.make_key(al) 317 crypt_algo = cconst.CRYPT_AES_CBC 318 319 # allocate SPIs 320 spi_keys_a = iutils.allocate_spis(dut_a, ip_a, ip_b) 321 in_spi = dut_a.droid.ipSecGetSecurityParameterIndex(spi_keys_a[0]) 322 out_spi = dut_a.droid.ipSecGetSecurityParameterIndex(spi_keys_a[1]) 323 spi_keys_b = iutils.allocate_spis(dut_b, ip_b, ip_a, out_spi, in_spi) 324 325 # open udp encap sockets 326 udp_encap_a = None 327 udp_encap_b = None 328 if udp_encap: 329 udp_encap_a = dut_a.droid.ipSecOpenUdpEncapsulationSocket( 330 udp_encap_port) 331 udp_encap_b = dut_b.droid.ipSecOpenUdpEncapsulationSocket( 332 udp_encap_port) 333 self.log.info("UDP Encap: %s" % udp_encap_a) 334 self.log.info("UDP Encap: %s" % udp_encap_b) 335 336 # create transforms 337 transforms_a = iutils.create_transport_mode_transforms( 338 dut_a, spi_keys_a, ip_a, ip_b, crypt_algo, crypt_key, auth_algo, 339 auth_key, trunc_bits, udp_encap_a) 340 transforms_b = iutils.create_transport_mode_transforms( 341 dut_b, spi_keys_b, ip_b, ip_a, crypt_algo, crypt_key, auth_algo, 342 auth_key, trunc_bits, udp_encap_b) 343 344 # apply transform to sockets 345 iutils.apply_transport_mode_transforms_socket(dut_a, sock_a, transforms_a) 346 iutils.apply_transport_mode_transforms_socket(dut_b, sock_b, transforms_b) 347 348 # send message from one dut to another 349 sutils.send_recv_data_sockets(dut_a, dut_b, sock_a, sock_b) 350 351 # verify esp packets 352 iutils.verify_esp_packets([dut_a, dut_b]) 353 354 # remove transforms from socket 355 iutils.remove_transport_mode_transforms_socket(dut_a, sock_a) 356 iutils.remove_transport_mode_transforms_socket(dut_b, sock_b) 357 358 # destroy transforms 359 iutils.destroy_transport_mode_transforms(dut_a, transforms_a) 360 iutils.destroy_transport_mode_transforms(dut_b, transforms_b) 361 362 # close udp encap sockets 363 if udp_encap: 364 dut_a.droid.ipSecCloseUdpEncapsulationSocket(udp_encap_a) 365 dut_b.droid.ipSecCloseUdpEncapsulationSocket(udp_encap_b) 366 367 # release SPIs 368 iutils.release_spis(dut_a, spi_keys_a) 369 iutils.release_spis(dut_b, spi_keys_b) 370 371 # send message from one dut to another 372 sutils.send_recv_data_sockets(dut_a, dut_b, sock_a, sock_b) 373 374 # close sockets 375 sutils.close_socket(dut_a, sock_a) 376 sutils.close_socket(dut_b, sock_b) 377 sutils.close_server_socket(dut_b, server_sock) 378 379 """ Helper functions end """ 380 381 """ Tests begin """ 382 383 @test_tracker_info(uuid="877577e2-94e8-46d3-8fee-330327adba1e") 384 def test_spi_allocate_release_requested_spi_ipv4(self): 385 """ 386 Steps: 387 1. Request SPI for IPv4 dest addr 388 2. SPI should be generated with the requested value 389 3. Close SPI 390 """ 391 self._test_spi_allocate_release_req_spi(self.dut_a, self.ipv4_dut_b) 392 self._test_spi_allocate_release_req_spi(self.dut_b, self.ipv4_dut_a) 393 394 @test_tracker_info(uuid="0be4c204-0e63-43fd-a7ff-8647eef21066") 395 def test_spi_allocate_release_requested_spi_ipv6(self): 396 """ 397 Steps: 398 1. Request SPI for IPv6 dest addr 399 2. SPI should be generated with the requested value 400 3. Close SPI 401 """ 402 self._test_spi_allocate_release_req_spi(self.dut_a, self.ipv6_dut_b) 403 self._test_spi_allocate_release_req_spi(self.dut_b, self.ipv6_dut_a) 404 405 @test_tracker_info(uuid="75eea49c-5621-4410-839f-f6e7bdd792a0") 406 def test_spi_allocate_release_random_spi_ipv4(self): 407 """ 408 Steps: 409 1. Request SPI for IPv4 dest addr 410 2. A random SPI should be generated 411 3. Close SPI 412 """ 413 self._test_spi_allocate_release_random_spi(self.dut_a, self.ipv4_dut_b) 414 self._test_spi_allocate_release_random_spi(self.dut_b, self.ipv4_dut_a) 415 416 @test_tracker_info(uuid="afad9e48-5573-4b3f-8dfd-c7a77eda4e1e") 417 def test_spi_allocate_release_random_spi_ipv6(self): 418 """ 419 Steps: 420 1. Request SPI for IPv6 dest addr 421 2. A random SPI should be generated 422 3. Close SPI 423 """ 424 self._test_spi_allocate_release_random_spi(self.dut_a, self.ipv6_dut_b) 425 self._test_spi_allocate_release_random_spi(self.dut_b, self.ipv6_dut_a) 426 427 @test_tracker_info(uuid="97817f4d-159a-4692-93f7-a38b162a565e") 428 def test_allocate_release_multiple_random_spis_ipv4(self): 429 """ 430 Steps: 431 1. Request 10 SPIs at a time 432 2. After 8, the remaining should return 0 433 """ 434 res = True 435 spi_key_list = [] 436 spi_list = [] 437 for i in range(10): 438 spi_key = self.dut_a.droid.ipSecAllocateSecurityParameterIndex( 439 self.ipv4_dut_a) 440 spi_key_list.append(spi_key) 441 spi = self.dut_a.droid.ipSecGetSecurityParameterIndex(spi_key) 442 spi_list.append(spi) 443 if spi_list.count(0) > 2: 444 self.log.error("Valid SPIs is less than 8: %s" % spi_list) 445 res = False 446 447 spi_list = [] 448 for key in spi_key_list: 449 self.dut_a.droid.ipSecReleaseSecurityParameterIndex(key) 450 spi = self.dut_a.droid.ipSecGetSecurityParameterIndex(key) 451 spi_list.append(spi) 452 if spi_list.count(0) != 10: 453 self.log.error("Could not release all SPIs") 454 res = False 455 456 return res 457 458 @test_tracker_info(uuid="efb22e2a-1c2f-43fc-85fa-5d9a5b8e2705") 459 def test_spi_allocate_release_requested_spi_ipv4_stress(self): 460 """ 461 Steps: 462 1. Request and release requested SPIs for IPv4 463 """ 464 for i in range(15): 465 self._test_spi_allocate_release_req_spi(self.dut_a, self.ipv4_dut_b) 466 self._test_spi_allocate_release_req_spi(self.dut_b, self.ipv4_dut_a) 467 468 @test_tracker_info(uuid="589749b7-3e6c-4a19-8404-d4a725d63dfd") 469 def test_spi_allocate_release_requested_spi_ipv6_stress(self): 470 """ 471 Steps: 472 1. Request and release requested SPIs for IPv6 473 """ 474 for i in range(15): 475 self._test_spi_allocate_release_req_spi(self.dut_a, self.ipv6_dut_b) 476 self._test_spi_allocate_release_req_spi(self.dut_b, self.ipv6_dut_a) 477 478 @test_tracker_info(uuid="4a48130a-3f69-4390-a587-20848dee4777") 479 def test_spi_allocate_release_random_spi_ipv4_stress(self): 480 """ 481 Steps: 482 1. Request and release random SPIs for IPv4 483 """ 484 for i in range(15): 485 self._test_spi_allocate_release_random_spi( 486 self.dut_a, self.ipv4_dut_b) 487 self._test_spi_allocate_release_random_spi( 488 self.dut_b, self.ipv4_dut_a) 489 490 @test_tracker_info(uuid="b56f6b65-cd71-4462-a739-e29d60e90ae8") 491 def test_spi_allocate_release_random_spi_ipv6_stress(self): 492 """ 493 Steps: 494 1. Request and release random SPIs for IPv6 495 """ 496 for i in range(15): 497 self._test_spi_allocate_release_random_spi( 498 self.dut_a, self.ipv6_dut_b) 499 self._test_spi_allocate_release_random_spi( 500 self.dut_b, self.ipv6_dut_a) 501 502 """ android.system.Os sockets """ 503 504 @test_tracker_info(uuid="65c9ab9a-1128-4ba0-a1a1-a9feb99ce712") 505 def test_transport_mode_udp_ipv4_file_descriptors_no_nat_no_encap(self): 506 """ 507 Steps: 508 1. Encrypt a android.system.Os IPv4 UDP socket with transport mode 509 transform with UDP encap on a non-NAT network 510 2. Verify encyption and decryption of packets 511 3. Remove transform and verify that packets are unencrypted 512 """ 513 self._test_transport_mode_transform_file_descriptors(cconst.AF_INET, 514 cconst.SOCK_DGRAM) 515 516 @test_tracker_info(uuid="66956266-f18b-490c-b859-08530c6745c9") 517 def test_transport_mode_udp_ipv4_file_descriptors_no_nat_with_encap(self): 518 """ 519 Steps: 520 1. Encrypt a android.system.Os IPv4 UDP socket with transport mode 521 transform with UDP encap on a non-NAT network 522 2. Verify encyption and decryption of packets 523 3. Remove transform and verify that packets are unencrypted 524 """ 525 self._test_transport_mode_transform_file_descriptors(cconst.AF_INET, 526 cconst.SOCK_DGRAM, 527 True) 528 529 @test_tracker_info(uuid="467a1e7b-e508-439f-be24-a213bec4a9f0") 530 def test_transport_mode_tcp_ipv4_file_descriptors_no_nat_no_encap(self): 531 """ 532 Steps: 533 1. Encrypt a android.system.Os IPv4 TCP socket with transport mode 534 transform without UDP encap on a non-NAT network 535 2. Verify encyption and decryption of packets 536 3. Remove transform and verify that packets are unencrypted 537 """ 538 self._test_transport_mode_transform_file_descriptors(cconst.AF_INET, 539 cconst.SOCK_STREAM) 540 541 @test_tracker_info(uuid="877a9516-2b1c-4b52-8931-3a9a55d57875") 542 def test_transport_mode_tcp_ipv4_file_descriptors_no_nat_with_encap(self): 543 """ 544 Steps: 545 1. Encrypt a android.system.Os IPv4 TCP socket with transport mode 546 transform with UDP encap on a non-NAT network 547 2. Verify encyption and decryption of packets 548 3. Remove transform and verify that packets are unencrypted 549 """ 550 self._test_transport_mode_transform_file_descriptors(cconst.AF_INET, 551 cconst.SOCK_STREAM, 552 True) 553 554 @test_tracker_info(uuid="a2dd8dc7-99c8-4420-b586-b4cd68f4197e") 555 def test_transport_mode_udp_ipv6_file_descriptors(self): 556 """ Verify transport mode transform on android.Os datagram sockets ipv4 557 558 Steps: 559 1. Encrypt a android.system.Os IPv6 UDP socket with transport mode 560 transform 561 2. Verify that packets are encrypted and decrypted at the other end 562 3. Remove tranform and verify that unencrypted packets are sent 563 """ 564 self._test_transport_mode_transform_file_descriptors(cconst.AF_INET6, 565 cconst.SOCK_DGRAM) 566 567 @test_tracker_info(uuid="7bc49d79-ffa8-4946-a25f-11daed4061cc") 568 def test_transport_mode_tcp_ipv6_file_descriptors(self): 569 """ Verify transport mode on android.system.Os stream sockets ipv6 570 571 Steps: 572 1. Encrypt a android.system.Os IPv6 TCP socket with transport mode 573 transform 574 2. Verify that packets are encrypted and decrypted at the other end 575 3. Remove tranform and verify that unencrypted packets are sent 576 """ 577 self._test_transport_mode_transform_file_descriptors(cconst.AF_INET6, 578 cconst.SOCK_STREAM) 579 580 """ Datagram socket tests """ 581 582 @test_tracker_info(uuid="7ff29fc9-41fd-44f4-81e9-ce8c3afd9304") 583 def test_transport_mode_udp_ipv4_datagram_sockets_no_nat_no_encap(self): 584 """ Verify transport mode transform on datagram sockets ipv6 - UDP 585 586 Steps: 587 1. Encypt a DatagramSocket IPv6 socket with transport mode transform 588 without UDP encap on a non-NAT network 589 2. Verify that packets are encrypted and decrypted at the other end 590 3. Remove tranform and verify that unencrypted packets are sent 591 """ 592 self._test_transport_mode_transform_datagram_sockets(cconst.AF_INET) 593 594 @test_tracker_info(uuid="552af945-a23a-49f2-9ceb-b0d1e7c1d50b") 595 def test_transport_mode_udp_ipv4_datagram_sockets_no_nat_with_encap(self): 596 """ Verify transport mode transform on datagram sockets ipv6 - UDP 597 598 Steps: 599 1. Encypt a DatagramSocket IPv6 socket with transport mode transform 600 with UDP encap on a non-NAT network 601 2. Verify that packets are encrypted and decrypted at the other end 602 3. Remove tranform and verify that unencrypted packets are sent 603 """ 604 self._test_transport_mode_transform_datagram_sockets(cconst.AF_INET, True) 605 606 @test_tracker_info(uuid="dd3a08c4-d393-46c4-b550-bc551ceb15f7") 607 def test_transport_mode_udp_ipv6_datagram_sockets(self): 608 """ Verify transport mode transform on datagram sockets ipv6 - UDP 609 610 Steps: 611 1. Encypt a DatagramSocket IPv6 socket with transport mode transform 612 2. Verify that packets are encrypted and decrypted at the other end 613 3. Remove tranform and verify that unencrypted packets are sent 614 """ 615 self._test_transport_mode_transform_datagram_sockets(cconst.AF_INET6) 616 617 """ Socket & server socket tests """ 618 619 @test_tracker_info(uuid="f851b5da-790a-45c6-8968-1a347ef30cf2") 620 def test_transport_mode_tcp_ipv4_sockets_no_nat_no_encap(self): 621 """ Verify transport mode transform on sockets ipv4 - TCP 622 623 Steps: 624 1. Encypt a Socket IPv4 socket with transport mode transform without 625 UDP encap on a non-NAT network 626 2. Verify that packets are encrypted and decrypted at the other end 627 3. Remove tranform and verify that unencrypted packets are sent 628 """ 629 self._test_transport_mode_transform_sockets(cconst.AF_INET) 630 631 @test_tracker_info(uuid="11982874-8625-40c1-aae5-8327217bb3c4") 632 def test_transport_mode_tcp_ipv4_sockets_no_nat_with_encap(self): 633 """ Verify transport mode transform on sockets ipv4 - TCP 634 635 Steps: 636 1. Encypt a Socket IPv4 socket with transport mode transform with 637 UDP encap on a non-NAT network 638 2. Verify that packets are encrypted and decrypted at the other end 639 3. Remove tranform and verify that unencrypted packets are sent 640 """ 641 self._test_transport_mode_transform_sockets(cconst.AF_INET, True) 642 643 @test_tracker_info(uuid="ba8f98c7-2123-4082-935f-a5fd5e6fb461") 644 def test_transport_mode_tcp_ipv6_sockets(self): 645 """ Verify transport mode transform on sockets ipv6 - TCP 646 647 Steps: 648 1. Encypt a Socket IPv6 socket with transport mode transform 649 2. Verify that packets are encrypted and decrypted at the other end 650 3. Remove tranform and verify that unencrypted packets are sent 651 """ 652 self._test_transport_mode_transform_sockets(cconst.AF_INET6) 653 654 """ Tests end """ 655