• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/usr/bin/python
2#
3# Copyright 2017 The Android Open Source Project
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
17# pylint: disable=g-bad-todo,g-bad-file-header,wildcard-import
18from socket import *
19import unittest
20
21import csocket
22import pf_key
23import xfrm
24
25ENCRYPTION_KEY = ("308146eb3bd84b044573d60f5a5fd159"
26                  "57c7d4fe567a2120f35bae0f9869ec22".decode("hex"))
27AUTH_KEY = "af442892cdcd0ef650e9c299f9a8436a".decode("hex")
28
29
30class PfKeyTest(unittest.TestCase):
31
32  def setUp(self):
33    self.pf_key = pf_key.PfKey()
34    self.xfrm = xfrm.Xfrm()
35
36  def testAddDelSa(self):
37    src4 = csocket.Sockaddr(("192.0.2.1", 0))
38    dst4 = csocket.Sockaddr(("192.0.2.2", 1))
39    self.pf_key.AddSa(src4, dst4, 0xdeadbeef, pf_key.SADB_TYPE_ESP,
40                      pf_key.IPSEC_MODE_TRANSPORT, 54321,
41                      pf_key.SADB_X_EALG_AESCBC, ENCRYPTION_KEY,
42                      pf_key.SADB_X_AALG_SHA2_256HMAC, ENCRYPTION_KEY)
43
44    src6 = csocket.Sockaddr(("2001:db8::1", 0))
45    dst6 = csocket.Sockaddr(("2001:db8::2", 0))
46    self.pf_key.AddSa(src6, dst6, 0xbeefdead, pf_key.SADB_TYPE_ESP,
47                      pf_key.IPSEC_MODE_TRANSPORT, 12345,
48                      pf_key.SADB_X_EALG_AESCBC, ENCRYPTION_KEY,
49                      pf_key.SADB_X_AALG_SHA2_256HMAC, ENCRYPTION_KEY)
50
51    sainfos = self.xfrm.DumpSaInfo()
52    self.assertEquals(2, len(sainfos))
53    state4, attrs4 = [(s, a) for s, a in sainfos if s.family == AF_INET][0]
54    state6, attrs6 = [(s, a) for s, a in sainfos if s.family == AF_INET6][0]
55
56    pfkey_sainfos = self.pf_key.DumpSaInfo()
57    self.assertEquals(2, len(pfkey_sainfos))
58    self.assertTrue(all(msg.satype == pf_key.SDB_TYPE_ESP)
59                    for msg, _ in pfkey_sainfos)
60
61    self.assertEquals(xfrm.IPPROTO_ESP, state4.id.proto)
62    self.assertEquals(xfrm.IPPROTO_ESP, state6.id.proto)
63    self.assertEquals(54321, state4.reqid)
64    self.assertEquals(12345, state6.reqid)
65    self.assertEquals(0xdeadbeef, state4.id.spi)
66    self.assertEquals(0xbeefdead, state6.id.spi)
67
68    self.assertEquals(xfrm.PaddedAddress("192.0.2.1"), state4.saddr)
69    self.assertEquals(xfrm.PaddedAddress("192.0.2.2"), state4.id.daddr)
70    self.assertEquals(xfrm.PaddedAddress("2001:db8::1"), state6.saddr)
71    self.assertEquals(xfrm.PaddedAddress("2001:db8::2"), state6.id.daddr)
72
73    # The algorithm names are null-terminated, but after that contain garbage.
74    # Kernel bug?
75    aes_name = "cbc(aes)\x00"
76    sha256_name = "hmac(sha256)\x00"
77    self.assertTrue(attrs4["XFRMA_ALG_CRYPT"].name.startswith(aes_name))
78    self.assertTrue(attrs6["XFRMA_ALG_CRYPT"].name.startswith(aes_name))
79    self.assertTrue(attrs4["XFRMA_ALG_AUTH"].name.startswith(sha256_name))
80    self.assertTrue(attrs6["XFRMA_ALG_AUTH"].name.startswith(sha256_name))
81
82    self.assertEquals(256, attrs4["XFRMA_ALG_CRYPT"].key_len)
83    self.assertEquals(256, attrs4["XFRMA_ALG_CRYPT"].key_len)
84    self.assertEquals(256, attrs6["XFRMA_ALG_AUTH"].key_len)
85    self.assertEquals(256, attrs6["XFRMA_ALG_AUTH"].key_len)
86    self.assertEquals(256, attrs6["XFRMA_ALG_AUTH_TRUNC"].key_len)
87    self.assertEquals(256, attrs6["XFRMA_ALG_AUTH_TRUNC"].key_len)
88
89    self.assertEquals(128, attrs4["XFRMA_ALG_AUTH_TRUNC"].trunc_len)
90    self.assertEquals(128, attrs4["XFRMA_ALG_AUTH_TRUNC"].trunc_len)
91
92    self.pf_key.DelSa(src4, dst4, 0xdeadbeef, pf_key.SADB_TYPE_ESP)
93    self.assertEquals(1, len(self.xfrm.DumpSaInfo()))
94    self.pf_key.DelSa(src6, dst6, 0xbeefdead, pf_key.SADB_TYPE_ESP)
95    self.assertEquals(0, len(self.xfrm.DumpSaInfo()))
96
97
98if __name__ == "__main__":
99  unittest.main()
100