1#!/usr/bin/python 2# 3# Copyright 2017 The Android Open Source Project 4# 5# Licensed under the Apache License, Version 2.0 (the "License"); 6# you may not use this file except in compliance with the License. 7# You may obtain a copy of the License at 8# 9# http://www.apache.org/licenses/LICENSE-2.0 10# 11# Unless required by applicable law or agreed to in writing, software 12# distributed under the License is distributed on an "AS IS" BASIS, 13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14# See the License for the specific language governing permissions and 15# limitations under the License. 16 17# pylint: disable=g-bad-todo,g-bad-file-header,wildcard-import 18from socket import * 19import unittest 20 21import csocket 22import pf_key 23import xfrm 24 25ENCRYPTION_KEY = ("308146eb3bd84b044573d60f5a5fd159" 26 "57c7d4fe567a2120f35bae0f9869ec22".decode("hex")) 27AUTH_KEY = "af442892cdcd0ef650e9c299f9a8436a".decode("hex") 28 29 30class PfKeyTest(unittest.TestCase): 31 32 def setUp(self): 33 self.pf_key = pf_key.PfKey() 34 self.xfrm = xfrm.Xfrm() 35 36 def testAddDelSa(self): 37 src4 = csocket.Sockaddr(("192.0.2.1", 0)) 38 dst4 = csocket.Sockaddr(("192.0.2.2", 1)) 39 self.pf_key.AddSa(src4, dst4, 0xdeadbeef, pf_key.SADB_TYPE_ESP, 40 pf_key.IPSEC_MODE_TRANSPORT, 54321, 41 pf_key.SADB_X_EALG_AESCBC, ENCRYPTION_KEY, 42 pf_key.SADB_X_AALG_SHA2_256HMAC, ENCRYPTION_KEY) 43 44 src6 = csocket.Sockaddr(("2001:db8::1", 0)) 45 dst6 = csocket.Sockaddr(("2001:db8::2", 0)) 46 self.pf_key.AddSa(src6, dst6, 0xbeefdead, pf_key.SADB_TYPE_ESP, 47 pf_key.IPSEC_MODE_TRANSPORT, 12345, 48 pf_key.SADB_X_EALG_AESCBC, ENCRYPTION_KEY, 49 pf_key.SADB_X_AALG_SHA2_256HMAC, ENCRYPTION_KEY) 50 51 sainfos = self.xfrm.DumpSaInfo() 52 self.assertEquals(2, len(sainfos)) 53 state4, attrs4 = [(s, a) for s, a in sainfos if s.family == AF_INET][0] 54 state6, attrs6 = [(s, a) for s, a in sainfos if s.family == AF_INET6][0] 55 56 pfkey_sainfos = self.pf_key.DumpSaInfo() 57 self.assertEquals(2, len(pfkey_sainfos)) 58 self.assertTrue(all(msg.satype == pf_key.SDB_TYPE_ESP) 59 for msg, _ in pfkey_sainfos) 60 61 self.assertEquals(xfrm.IPPROTO_ESP, state4.id.proto) 62 self.assertEquals(xfrm.IPPROTO_ESP, state6.id.proto) 63 self.assertEquals(54321, state4.reqid) 64 self.assertEquals(12345, state6.reqid) 65 self.assertEquals(0xdeadbeef, state4.id.spi) 66 self.assertEquals(0xbeefdead, state6.id.spi) 67 68 self.assertEquals(xfrm.PaddedAddress("192.0.2.1"), state4.saddr) 69 self.assertEquals(xfrm.PaddedAddress("192.0.2.2"), state4.id.daddr) 70 self.assertEquals(xfrm.PaddedAddress("2001:db8::1"), state6.saddr) 71 self.assertEquals(xfrm.PaddedAddress("2001:db8::2"), state6.id.daddr) 72 73 # The algorithm names are null-terminated, but after that contain garbage. 74 # Kernel bug? 75 aes_name = "cbc(aes)\x00" 76 sha256_name = "hmac(sha256)\x00" 77 self.assertTrue(attrs4["XFRMA_ALG_CRYPT"].name.startswith(aes_name)) 78 self.assertTrue(attrs6["XFRMA_ALG_CRYPT"].name.startswith(aes_name)) 79 self.assertTrue(attrs4["XFRMA_ALG_AUTH"].name.startswith(sha256_name)) 80 self.assertTrue(attrs6["XFRMA_ALG_AUTH"].name.startswith(sha256_name)) 81 82 self.assertEquals(256, attrs4["XFRMA_ALG_CRYPT"].key_len) 83 self.assertEquals(256, attrs4["XFRMA_ALG_CRYPT"].key_len) 84 self.assertEquals(256, attrs6["XFRMA_ALG_AUTH"].key_len) 85 self.assertEquals(256, attrs6["XFRMA_ALG_AUTH"].key_len) 86 self.assertEquals(256, attrs6["XFRMA_ALG_AUTH_TRUNC"].key_len) 87 self.assertEquals(256, attrs6["XFRMA_ALG_AUTH_TRUNC"].key_len) 88 89 self.assertEquals(128, attrs4["XFRMA_ALG_AUTH_TRUNC"].trunc_len) 90 self.assertEquals(128, attrs4["XFRMA_ALG_AUTH_TRUNC"].trunc_len) 91 92 self.pf_key.DelSa(src4, dst4, 0xdeadbeef, pf_key.SADB_TYPE_ESP) 93 self.assertEquals(1, len(self.xfrm.DumpSaInfo())) 94 self.pf_key.DelSa(src6, dst6, 0xbeefdead, pf_key.SADB_TYPE_ESP) 95 self.assertEquals(0, len(self.xfrm.DumpSaInfo())) 96 97 98if __name__ == "__main__": 99 unittest.main() 100