• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#
2#   Copyright 2018 - The Android Open Source Project
3#
4#   Licensed under the Apache License, Version 2.0 (the "License");
5#   you may not use this file except in compliance with the License.
6#   You may obtain a copy of the License at
7#
8#       http://www.apache.org/licenses/LICENSE-2.0
9#
10#   Unless required by applicable law or agreed to in writing, software
11#   distributed under the License is distributed on an "AS IS" BASIS,
12#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13#   See the License for the specific language governing permissions and
14#   limitations under the License.
15
16import binascii
17import os
18import random
19import re
20import threading
21import time
22
23from acts_contrib.test_utils.net import connectivity_const as cconst
24from acts import asserts
25
26PKTS = 5
27
28def make_key(len_bits):
29    asserts.assert_true(
30        len_bits % 8 == 0, "Unexpected key length. Should be a multiple "
31        "of 8, got %s" % len_bits)
32    return binascii.hexlify(os.urandom(int(len_bits/8))).decode()
33
34def allocate_spis(ad, ip_a, ip_b, in_spi = None, out_spi = None):
35    """ Allocate in and out SPIs for android device
36
37    Args:
38      1. ad : android device object
39      2. ip_a : local IP address for In SPI
40      3. ip_b : remote IP address for Out SPI
41      4. in_spi : Generate In SPI with this value
42      5. out_spi : Generate Out SPI with this value
43
44    Returns:
45      List of In and Out SPI
46    """
47    in_spi_key = ad.droid.ipSecAllocateSecurityParameterIndex(ip_a, in_spi)
48    in_spi = ad.droid.ipSecGetSecurityParameterIndex(in_spi_key)
49    ad.log.info("In SPI: %s" % hex(in_spi))
50
51    out_spi_key = ad.droid.ipSecAllocateSecurityParameterIndex(ip_b, out_spi)
52    out_spi = ad.droid.ipSecGetSecurityParameterIndex(out_spi_key)
53    ad.log.info("Out SPI: %s" % hex(out_spi))
54
55    asserts.assert_true(in_spi and out_spi, "Failed to allocate SPIs")
56    return [in_spi_key, out_spi_key]
57
58def release_spis(ad, spis):
59    """ Destroy SPIs
60
61    Args:
62      1. ad : android device object
63      2. spis : list of SPI keys to destroy
64    """
65    for spi_key in spis:
66        ad.droid.ipSecReleaseSecurityParameterIndex(spi_key)
67        spi = ad.droid.ipSecGetSecurityParameterIndex(spi_key)
68        asserts.assert_true(not spi, "Failed to release SPI")
69
70def create_transport_mode_transforms(ad,
71                                     spis,
72                                     ip_a,
73                                     ip_b,
74                                     crypt_algo,
75                                     crypt_key,
76                                     auth_algo,
77                                     auth_key,
78                                     trunc_bit,
79                                     udp_encap_sock=None):
80    """ Create transport mode transforms on the device
81
82    Args:
83      1. ad : android device object
84      2. spis : spi keys of the SPIs created
85      3. ip_a : local IP addr
86      4. ip_b : remote IP addr
87      5. crypt_key : encryption key
88      6. auth_key : authentication key
89      7. udp_encap_sock : set udp encapsulation for ESP packets
90
91    Returns:
92      List of In and Out Transforms
93    """
94    in_transform = ad.droid.ipSecCreateTransportModeTransform(
95        crypt_algo, crypt_key, auth_algo, auth_key, trunc_bit, spis[0],
96        ip_b, udp_encap_sock)
97    ad.log.info("In Transform: %s" % in_transform)
98    out_transform = ad.droid.ipSecCreateTransportModeTransform(
99        crypt_algo, crypt_key, auth_algo, auth_key, trunc_bit, spis[1],
100        ip_a, udp_encap_sock)
101    ad.log.info("Out Transform: %s" % out_transform)
102    asserts.assert_true(in_transform and out_transform,
103                        "Failed to create transforms")
104    return [in_transform, out_transform]
105
106def destroy_transport_mode_transforms(ad, transforms):
107    """ Destroy transforms on the device
108
109    Args:
110      1. ad : android device object
111      2. transforms : list to transform keys to destroy
112    """
113    for transform in transforms:
114        ad.droid.ipSecDestroyTransportModeTransform(transform)
115        status = ad.droid.ipSecGetTransformStatus(transform)
116        ad.log.info("Transform status: %s" % status)
117        asserts.assert_true(not status, "Failed to destroy transform")
118
119def apply_transport_mode_transforms_file_descriptors(ad, fd, transforms):
120    """ Apply transpot mode transform to FileDescriptor object
121
122    Args:
123      1. ad - android device object
124      2. fd - FileDescriptor key
125      3. transforms - list of in and out transforms
126    """
127    in_transform = ad.droid.ipSecApplyTransportModeTransformFileDescriptor(
128        fd, cconst.DIRECTION_IN, transforms[0])
129    out_transform = ad.droid.ipSecApplyTransportModeTransformFileDescriptor(
130        fd, cconst.DIRECTION_OUT, transforms[1])
131    asserts.assert_true(in_transform and out_transform,
132                        "Failed to apply transform")
133    ip_xfrm_state = ad.adb.shell("ip -s xfrm state")
134    ad.log.info("XFRM STATE:\n%s\n" % ip_xfrm_state)
135    ip_xfrm_policy = ad.adb.shell("ip -s xfrm policy")
136    ad.log.info("XFRM POLICY:\n%s\n" % ip_xfrm_policy)
137
138def remove_transport_mode_transforms_file_descriptors(ad, fd):
139    """ Remove transport mode transform from FileDescriptor object
140
141    Args:
142      1. ad - android device object
143      2. socket - FileDescriptor key
144    """
145    status = ad.droid.ipSecRemoveTransportModeTransformsFileDescriptor(fd)
146    asserts.assert_true(status, "Failed to remove transform")
147
148def apply_transport_mode_transforms_datagram_socket(ad, socket, transforms):
149    """ Apply transport mode transform to DatagramSocket object
150
151    Args:
152      1. ad - android device object
153      2. socket - DatagramSocket object key
154      3. transforms - list of in and out transforms
155    """
156    in_tfrm_status = ad.droid.ipSecApplyTransportModeTransformDatagramSocket(
157        socket, cconst.DIRECTION_IN, transforms[0])
158    out_tfrm_status = ad.droid.ipSecApplyTransportModeTransformDatagramSocket(
159        socket, cconst.DIRECTION_OUT, transforms[1])
160    asserts.assert_true(in_tfrm_status and out_tfrm_status,
161                        "Failed to apply transform")
162
163    ip_xfrm_state = ad.adb.shell("ip -s xfrm state")
164    ad.log.info("XFRM STATE:\n%s\n" % ip_xfrm_state)
165
166def remove_transport_mode_transforms_datagram_socket(ad, socket):
167    """ Remove transport mode transform from DatagramSocket object
168
169    Args:
170      1. ad - android device object
171      2. socket - DatagramSocket object key
172    """
173    status = ad.droid.ipSecRemoveTransportModeTransformsDatagramSocket(socket)
174    asserts.assert_true(status, "Failed to remove transform")
175
176def apply_transport_mode_transforms_socket(ad, socket, transforms):
177    """ Apply transport mode transform to Socket object
178
179    Args:
180      1. ad - android device object
181      2. socket - Socket object key
182      3. transforms - list of in and out transforms
183    """
184    in_tfrm_status = ad.droid.ipSecApplyTransportModeTransformSocket(
185        socket, cconst.DIRECTION_IN, transforms[0])
186    out_tfrm_status = ad.droid.ipSecApplyTransportModeTransformSocket(
187        socket, cconst.DIRECTION_OUT, transforms[1])
188    asserts.assert_true(in_tfrm_status and out_tfrm_status,
189                        "Failed to apply transform")
190
191    ip_xfrm_state = ad.adb.shell("ip -s xfrm state")
192    ad.log.info("XFRM STATE:\n%s\n" % ip_xfrm_state)
193
194def remove_transport_mode_transforms_socket(ad, socket):
195    """ Remove transport mode transform from Socket object
196
197    Args:
198      1. ad - android device object
199      2. socket - Socket object key
200    """
201    status = ad.droid.ipSecRemoveTransportModeTransformsSocket(socket)
202    asserts.assert_true(status, "Failed to remove transform")
203
204def verify_esp_packets(ads):
205    """ Verify that encrypted ESP packets are sent
206
207    Args:
208      1. ads - Verify ESP packets on all devices
209    """
210    for ad in ads:
211        ip_xfrm_state = ad.adb.shell("ip -s xfrm state")
212        ad.log.info("XFRM STATE on %s:\n%s\n" % (ad.serial, ip_xfrm_state))
213        pattern = re.findall(r'\d+\(packets\)', ip_xfrm_state)
214        esp_pkts = False
215        for _ in pattern:
216            if int(_.split('(')[0]) >= PKTS:
217                esp_pkts = True
218                break
219        asserts.assert_true(esp_pkts, "Could not find ESP pkts")
220
221def generate_random_crypt_auth_combo():
222    """ Generate every possible combination of crypt and auth keys,
223        auth algo, trunc bits supported by IpSecManager
224    """
225    crypt_key_length = [128, 192, 256]
226    auth_method_key = { cconst.AUTH_HMAC_MD5 : 128,
227                        cconst.AUTH_HMAC_SHA1 : 160,
228                        cconst.AUTH_HMAC_SHA256 : 256,
229                        cconst.AUTH_HMAC_SHA384 : 384,
230                        cconst.AUTH_HMAC_SHA512 : 512 }
231    auth_method_trunc = { cconst.AUTH_HMAC_MD5 : list(range(96, 136, 8)),
232                          cconst.AUTH_HMAC_SHA1 : list(range(96, 168, 8)),
233                          cconst.AUTH_HMAC_SHA256 : list(range(96, 264, 8)),
234                          cconst.AUTH_HMAC_SHA384 : list(range(192, 392, 8)),
235                          cconst.AUTH_HMAC_SHA512 : list(range(256, 520, 8)) }
236    return_list = []
237    for c in crypt_key_length:
238        for k in auth_method_key.keys():
239            auth_key = auth_method_key[k]
240            lst = auth_method_trunc[k]
241            for t in lst:
242                combo = []
243                combo.append(c)
244                combo.append(k)
245                combo.append(auth_key)
246                combo.append(t)
247                return_list.append(combo)
248
249    return return_list
250