1# 2# Copyright 2018 - The Android Open Source Project 3# 4# Licensed under the Apache License, Version 2.0 (the "License"); 5# you may not use this file except in compliance with the License. 6# You may obtain a copy of the License at 7# 8# http://www.apache.org/licenses/LICENSE-2.0 9# 10# Unless required by applicable law or agreed to in writing, software 11# distributed under the License is distributed on an "AS IS" BASIS, 12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13# See the License for the specific language governing permissions and 14# limitations under the License. 15 16from acts import asserts 17from acts import base_test 18from acts.controllers import adb 19from acts.test_decorators import test_tracker_info 20from acts_contrib.test_utils.net import connectivity_const as cconst 21from acts_contrib.test_utils.net import ipsec_test_utils as iutils 22from acts_contrib.test_utils.net import socket_test_utils as sutils 23from acts_contrib.test_utils.net.net_test_utils import start_tcpdump 24from acts_contrib.test_utils.net.net_test_utils import stop_tcpdump 25from acts_contrib.test_utils.wifi import wifi_test_utils as wutils 26 27import random 28import time 29 30WLAN = "wlan0" 31WAIT_FOR_IP = 15 32 33 34class IpSecTest(base_test.BaseTestClass): 35 """ Tests for UID networking """ 36 37 def setup_class(self): 38 """ Setup devices for tests and unpack params """ 39 self.dut_a = self.android_devices[0] 40 self.dut_b = self.android_devices[1] 41 42 req_params = ("wifi_network",) 43 self.unpack_userparams(req_params) 44 wutils.connect_to_wifi_network(self.dut_a, self.wifi_network) 45 wutils.connect_to_wifi_network(self.dut_b, self.wifi_network) 46 time.sleep(WAIT_FOR_IP) 47 48 try: 49 self.ipv4_dut_a = self.dut_a.droid.connectivityGetIPv4Addresses( 50 WLAN)[0] 51 self.ipv4_dut_b = self.dut_b.droid.connectivityGetIPv4Addresses( 52 WLAN)[0] 53 self.ipv6_dut_a = self.dut_a.droid.connectivityGetIPv6Addresses( 54 WLAN)[0] 55 self.ipv6_dut_b = self.dut_b.droid.connectivityGetIPv6Addresses( 56 WLAN)[0] 57 except Exception as e: 58 asserts.abort_class("Failed to get IPv4/IPv6 address: %s" % e) 59 60 self.crypt_auth_combos = iutils.generate_random_crypt_auth_combo() 61 62 self.tcpdump_pid_a = None 63 self.tcpdump_pid_b = None 64 65 def teardown_class(self): 66 for ad in self.android_devices: 67 wutils.reset_wifi(ad) 68 69 def setup_test(self): 70 self.tcpdump_pid_a = start_tcpdump(self.dut_a, self.test_name) 71 self.tcpdump_pid_b = start_tcpdump(self.dut_b, self.test_name) 72 73 def teardown_test(self): 74 stop_tcpdump(self.dut_a, self.tcpdump_pid_a, self.test_name) 75 stop_tcpdump(self.dut_b, self.tcpdump_pid_b, self.test_name) 76 77 def on_fail(self, test_name, begin_time): 78 self.dut_a.take_bug_report(test_name, begin_time) 79 self.dut_b.take_bug_report(test_name, begin_time) 80 81 """ Helper functions begin """ 82 83 def _test_spi_allocate_release_req_spi(self, dut, ip): 84 req_spi = random.randint(1, 999999999) 85 self.log.info("IP addr: %s" % ip) 86 self.log.info("Request SPI: %s" % req_spi) 87 key = dut.droid.ipSecAllocateSecurityParameterIndex(ip, req_spi) 88 spi = dut.droid.ipSecGetSecurityParameterIndex(key) 89 self.log.info("Got: %s" % spi) 90 dut.droid.ipSecReleaseSecurityParameterIndex(key) 91 asserts.assert_true(req_spi == spi, "Incorrect SPI") 92 spi = dut.droid.ipSecGetSecurityParameterIndex(key) 93 self.log.info("SPI after release: %s" % spi) 94 asserts.assert_true(spi == 0, "Release SPI failed") 95 96 def _test_spi_allocate_release_random_spi(self, dut, ip): 97 self.log.info("IP addr: %s" % ip) 98 key = dut.droid.ipSecAllocateSecurityParameterIndex(ip) 99 spi = dut.droid.ipSecGetSecurityParameterIndex(key) 100 self.log.info("Got: %s" % spi) 101 dut.droid.ipSecReleaseSecurityParameterIndex(key) 102 spi = dut.droid.ipSecGetSecurityParameterIndex(key) 103 self.log.info("SPI after release: %s" % spi) 104 asserts.assert_true(spi == 0, "Release SPI failed") 105 106 def _test_transport_mode_transform_file_descriptors(self, 107 domain, 108 sock_type, 109 udp_encap = False): 110 """Test transport mode tranform with android.system.Os sockets""" 111 112 # dut objects & ip addrs 113 dut_a = self.dut_a 114 dut_b = self.dut_b 115 port = random.randint(5000, 6000) 116 udp_encap_port = 4500 117 ip_a = self.ipv4_dut_a 118 ip_b = self.ipv4_dut_b 119 if domain == cconst.AF_INET6: 120 ip_a = self.ipv6_dut_a 121 ip_b = self.ipv6_dut_b 122 self.log.info("DUT_A IP addr: %s" % ip_a) 123 self.log.info("DUT_B IP addr: %s" % ip_b) 124 self.log.info("Port: %s" % port) 125 126 # create crypt and auth keys 127 cl, auth_algo, al, trunc_bits = random.choice(self.crypt_auth_combos) 128 crypt_key = iutils.make_key(cl) 129 auth_key = iutils.make_key(al) 130 crypt_algo = cconst.CRYPT_AES_CBC 131 132 # open sockets 133 fd_a = sutils.open_android_socket(dut_a, domain, sock_type, ip_a, port) 134 fd_b = sutils.open_android_socket(dut_b, domain, sock_type, ip_b, port) 135 136 # allocate SPIs 137 spi_keys_a = iutils.allocate_spis(dut_a, ip_a, ip_b) 138 in_spi = dut_a.droid.ipSecGetSecurityParameterIndex(spi_keys_a[0]) 139 out_spi = dut_a.droid.ipSecGetSecurityParameterIndex(spi_keys_a[1]) 140 spi_keys_b = iutils.allocate_spis(dut_b, ip_b, ip_a, out_spi, in_spi) 141 142 # open udp encap sockets 143 udp_encap_a = None 144 udp_encap_b = None 145 if udp_encap: 146 udp_encap_a = dut_a.droid.ipSecOpenUdpEncapsulationSocket( 147 udp_encap_port) 148 udp_encap_b = dut_b.droid.ipSecOpenUdpEncapsulationSocket( 149 udp_encap_port) 150 self.log.info("UDP Encap: %s" % udp_encap_a) 151 self.log.info("UDP Encap: %s" % udp_encap_b) 152 153 # create transforms 154 transforms_a = iutils.create_transport_mode_transforms( 155 dut_a, spi_keys_a, ip_a, ip_b, crypt_algo, crypt_key, auth_algo, 156 auth_key, trunc_bits, udp_encap_a) 157 transforms_b = iutils.create_transport_mode_transforms( 158 dut_b, spi_keys_b, ip_b, ip_a, crypt_algo, crypt_key, auth_algo, 159 auth_key, trunc_bits, udp_encap_b) 160 161 # apply transforms to socket 162 iutils.apply_transport_mode_transforms_file_descriptors( 163 dut_a, fd_a, transforms_a) 164 iutils.apply_transport_mode_transforms_file_descriptors( 165 dut_b, fd_b, transforms_b) 166 167 # listen, connect, accept if TCP socket 168 if sock_type == cconst.SOCK_STREAM: 169 server_fd = fd_b 170 self.log.info("Setup TCP connection") 171 dut_b.droid.listenSocket(fd_b) 172 dut_a.droid.connectSocket(fd_a, ip_b, port) 173 fd_b = dut_b.droid.acceptSocket(fd_b) 174 asserts.assert_true(fd_b, "accept() failed") 175 176 # Send message from one dut to another 177 sutils.send_recv_data_android_sockets( 178 dut_a, dut_b, fd_a, fd_b, ip_b, port) 179 180 # verify ESP packets 181 iutils.verify_esp_packets([dut_a, dut_b]) 182 183 # remove transforms from socket 184 iutils.remove_transport_mode_transforms_file_descriptors(dut_a, fd_a) 185 iutils.remove_transport_mode_transforms_file_descriptors(dut_b, fd_b) 186 187 # destroy transforms 188 iutils.destroy_transport_mode_transforms(dut_a, transforms_a) 189 iutils.destroy_transport_mode_transforms(dut_b, transforms_b) 190 191 # close udp encap sockets 192 if udp_encap: 193 dut_a.droid.ipSecCloseUdpEncapsulationSocket(udp_encap_a) 194 dut_b.droid.ipSecCloseUdpEncapsulationSocket(udp_encap_b) 195 196 # release SPIs 197 iutils.release_spis(dut_a, spi_keys_a) 198 iutils.release_spis(dut_b, spi_keys_b) 199 200 # Send message from one dut to another 201 sutils.send_recv_data_android_sockets( 202 dut_a, dut_b, fd_a, fd_b, ip_b, port) 203 204 # close sockets 205 sutils.close_android_socket(dut_a, fd_a) 206 sutils.close_android_socket(dut_b, fd_b) 207 if sock_type == cconst.SOCK_STREAM: 208 sutils.close_android_socket(dut_b, server_fd) 209 210 def _test_transport_mode_transform_datagram_sockets(self, 211 domain, 212 udp_encap = False): 213 """ Test transport mode transform datagram sockets """ 214 215 # dut objects and ip addrs 216 dut_a = self.dut_a 217 dut_b = self.dut_b 218 udp_encap_port = 4500 219 ip_a = self.ipv4_dut_a 220 ip_b = self.ipv4_dut_b 221 if domain == cconst.AF_INET6: 222 ip_a = self.ipv6_dut_a 223 ip_b = self.ipv6_dut_b 224 self.log.info("DUT_A IP addr: %s" % ip_a) 225 self.log.info("DUT_B IP addr: %s" % ip_b) 226 227 # create crypt and auth keys 228 cl, auth_algo, al, trunc_bits = random.choice(self.crypt_auth_combos) 229 crypt_key = iutils.make_key(cl) 230 auth_key = iutils.make_key(al) 231 crypt_algo = cconst.CRYPT_AES_CBC 232 233 # open sockets 234 socket_a = sutils.open_datagram_socket(dut_a, ip_a, 0) 235 socket_b = sutils.open_datagram_socket(dut_b, ip_b, 0) 236 port = dut_b.droid.getPortOfDatagramSocket(socket_b) 237 238 # allocate SPIs 239 spi_keys_a = iutils.allocate_spis(dut_a, ip_a, ip_b) 240 in_spi = dut_a.droid.ipSecGetSecurityParameterIndex(spi_keys_a[0]) 241 out_spi = dut_a.droid.ipSecGetSecurityParameterIndex(spi_keys_a[1]) 242 spi_keys_b = iutils.allocate_spis(dut_b, ip_b, ip_a, out_spi, in_spi) 243 244 # open udp encap sockets 245 udp_encap_a = None 246 udp_encap_b = None 247 if udp_encap: 248 udp_encap_a = dut_a.droid.ipSecOpenUdpEncapsulationSocket( 249 udp_encap_port) 250 udp_encap_b = dut_b.droid.ipSecOpenUdpEncapsulationSocket( 251 udp_encap_port) 252 self.log.info("UDP Encap: %s" % udp_encap_a) 253 self.log.info("UDP Encap: %s" % udp_encap_b) 254 255 # create transforms 256 transforms_a = iutils.create_transport_mode_transforms( 257 dut_a, spi_keys_a, ip_a, ip_b, crypt_algo, crypt_key, auth_algo, 258 auth_key, trunc_bits, udp_encap_a) 259 transforms_b = iutils.create_transport_mode_transforms( 260 dut_b, spi_keys_b, ip_b, ip_a, crypt_algo, crypt_key, auth_algo, 261 auth_key, trunc_bits, udp_encap_b) 262 263 # apply transforms 264 iutils.apply_transport_mode_transforms_datagram_socket( 265 dut_a, socket_a, transforms_a) 266 iutils.apply_transport_mode_transforms_datagram_socket( 267 dut_b, socket_b, transforms_b) 268 269 # send and verify message from one dut to another 270 sutils.send_recv_data_datagram_sockets( 271 dut_a, dut_b, socket_a, socket_b, ip_b, port) 272 273 # verify ESP packets 274 iutils.verify_esp_packets([dut_a, dut_b]) 275 276 # remove transforms 277 iutils.remove_transport_mode_transforms_datagram_socket(dut_a, socket_a) 278 iutils.remove_transport_mode_transforms_datagram_socket(dut_b, socket_b) 279 280 # destroy transforms 281 iutils.destroy_transport_mode_transforms(dut_a, transforms_a) 282 iutils.destroy_transport_mode_transforms(dut_b, transforms_b) 283 284 # close udp encap sockets 285 if udp_encap: 286 dut_a.droid.ipSecCloseUdpEncapsulationSocket(udp_encap_a) 287 dut_b.droid.ipSecCloseUdpEncapsulationSocket(udp_encap_b) 288 289 # release SPIs 290 iutils.release_spis(dut_a, spi_keys_a) 291 iutils.release_spis(dut_b, spi_keys_b) 292 293 # Send and verify message from one dut to another 294 sutils.send_recv_data_datagram_sockets( 295 dut_a, dut_b, socket_a, socket_b, ip_b, port) 296 297 # close sockets 298 sutils.close_datagram_socket(dut_a, socket_a) 299 sutils.close_datagram_socket(dut_b, socket_b) 300 301 def _test_transport_mode_transform_sockets(self, domain, udp_encap = False): 302 303 # dut objects and ip addrs 304 dut_a = self.dut_a 305 dut_b = self.dut_b 306 ip_a = self.ipv4_dut_a 307 ip_b = self.ipv4_dut_b 308 if domain == cconst.AF_INET6: 309 ip_a = self.ipv6_dut_a 310 ip_b = self.ipv6_dut_b 311 self.log.info("DUT_A IP addr: %s" % ip_a) 312 self.log.info("DUT_B IP addr: %s" % ip_b) 313 udp_encap_port = 4500 314 315 # open sockets 316 server_sock = sutils.open_server_socket(dut_b, ip_b, 0) 317 port = dut_b.droid.getPortOfServerSocket(server_sock) 318 sock_a, sock_b = sutils.open_connect_socket( 319 dut_a, dut_b, ip_a, ip_b, 0, port, server_sock) 320 321 # create crypt and auth keys 322 cl, auth_algo, al, trunc_bits = random.choice(self.crypt_auth_combos) 323 crypt_key = iutils.make_key(cl) 324 auth_key = iutils.make_key(al) 325 crypt_algo = cconst.CRYPT_AES_CBC 326 327 # allocate SPIs 328 spi_keys_a = iutils.allocate_spis(dut_a, ip_a, ip_b) 329 in_spi = dut_a.droid.ipSecGetSecurityParameterIndex(spi_keys_a[0]) 330 out_spi = dut_a.droid.ipSecGetSecurityParameterIndex(spi_keys_a[1]) 331 spi_keys_b = iutils.allocate_spis(dut_b, ip_b, ip_a, out_spi, in_spi) 332 333 # open udp encap sockets 334 udp_encap_a = None 335 udp_encap_b = None 336 if udp_encap: 337 udp_encap_a = dut_a.droid.ipSecOpenUdpEncapsulationSocket( 338 udp_encap_port) 339 udp_encap_b = dut_b.droid.ipSecOpenUdpEncapsulationSocket( 340 udp_encap_port) 341 self.log.info("UDP Encap: %s" % udp_encap_a) 342 self.log.info("UDP Encap: %s" % udp_encap_b) 343 344 # create transforms 345 transforms_a = iutils.create_transport_mode_transforms( 346 dut_a, spi_keys_a, ip_a, ip_b, crypt_algo, crypt_key, auth_algo, 347 auth_key, trunc_bits, udp_encap_a) 348 transforms_b = iutils.create_transport_mode_transforms( 349 dut_b, spi_keys_b, ip_b, ip_a, crypt_algo, crypt_key, auth_algo, 350 auth_key, trunc_bits, udp_encap_b) 351 352 # apply transform to sockets 353 iutils.apply_transport_mode_transforms_socket(dut_a, sock_a, transforms_a) 354 iutils.apply_transport_mode_transforms_socket(dut_b, sock_b, transforms_b) 355 356 # send message from one dut to another 357 sutils.send_recv_data_sockets(dut_a, dut_b, sock_a, sock_b) 358 359 # verify esp packets 360 iutils.verify_esp_packets([dut_a, dut_b]) 361 362 # remove transforms from socket 363 iutils.remove_transport_mode_transforms_socket(dut_a, sock_a) 364 iutils.remove_transport_mode_transforms_socket(dut_b, sock_b) 365 366 # destroy transforms 367 iutils.destroy_transport_mode_transforms(dut_a, transforms_a) 368 iutils.destroy_transport_mode_transforms(dut_b, transforms_b) 369 370 # close udp encap sockets 371 if udp_encap: 372 dut_a.droid.ipSecCloseUdpEncapsulationSocket(udp_encap_a) 373 dut_b.droid.ipSecCloseUdpEncapsulationSocket(udp_encap_b) 374 375 # release SPIs 376 iutils.release_spis(dut_a, spi_keys_a) 377 iutils.release_spis(dut_b, spi_keys_b) 378 379 # send message from one dut to another 380 sutils.send_recv_data_sockets(dut_a, dut_b, sock_a, sock_b) 381 382 # close sockets 383 sutils.close_socket(dut_a, sock_a) 384 sutils.close_socket(dut_b, sock_b) 385 sutils.close_server_socket(dut_b, server_sock) 386 387 """ Helper functions end """ 388 389 """ Tests begin """ 390 391 @test_tracker_info(uuid="877577e2-94e8-46d3-8fee-330327adba1e") 392 def test_spi_allocate_release_requested_spi_ipv4(self): 393 """ 394 Steps: 395 1. Request SPI for IPv4 dest addr 396 2. SPI should be generated with the requested value 397 3. Close SPI 398 """ 399 self._test_spi_allocate_release_req_spi(self.dut_a, self.ipv4_dut_b) 400 self._test_spi_allocate_release_req_spi(self.dut_b, self.ipv4_dut_a) 401 402 @test_tracker_info(uuid="0be4c204-0e63-43fd-a7ff-8647eef21066") 403 def test_spi_allocate_release_requested_spi_ipv6(self): 404 """ 405 Steps: 406 1. Request SPI for IPv6 dest addr 407 2. SPI should be generated with the requested value 408 3. Close SPI 409 """ 410 self._test_spi_allocate_release_req_spi(self.dut_a, self.ipv6_dut_b) 411 self._test_spi_allocate_release_req_spi(self.dut_b, self.ipv6_dut_a) 412 413 @test_tracker_info(uuid="75eea49c-5621-4410-839f-f6e7bdd792a0") 414 def test_spi_allocate_release_random_spi_ipv4(self): 415 """ 416 Steps: 417 1. Request SPI for IPv4 dest addr 418 2. A random SPI should be generated 419 3. Close SPI 420 """ 421 self._test_spi_allocate_release_random_spi(self.dut_a, self.ipv4_dut_b) 422 self._test_spi_allocate_release_random_spi(self.dut_b, self.ipv4_dut_a) 423 424 @test_tracker_info(uuid="afad9e48-5573-4b3f-8dfd-c7a77eda4e1e") 425 def test_spi_allocate_release_random_spi_ipv6(self): 426 """ 427 Steps: 428 1. Request SPI for IPv6 dest addr 429 2. A random SPI should be generated 430 3. Close SPI 431 """ 432 self._test_spi_allocate_release_random_spi(self.dut_a, self.ipv6_dut_b) 433 self._test_spi_allocate_release_random_spi(self.dut_b, self.ipv6_dut_a) 434 435 @test_tracker_info(uuid="97817f4d-159a-4692-93f7-a38b162a565e") 436 def test_allocate_release_multiple_random_spis_ipv4(self): 437 """ 438 Steps: 439 1. Request 10 SPIs at a time 440 2. After 8, the remaining should return 0 441 """ 442 res = True 443 spi_key_list = [] 444 spi_list = [] 445 for i in range(10): 446 spi_key = self.dut_a.droid.ipSecAllocateSecurityParameterIndex( 447 self.ipv4_dut_a) 448 spi_key_list.append(spi_key) 449 spi = self.dut_a.droid.ipSecGetSecurityParameterIndex(spi_key) 450 spi_list.append(spi) 451 if spi_list.count(0) > 2: 452 self.log.error("Valid SPIs is less than 8: %s" % spi_list) 453 res = False 454 455 spi_list = [] 456 for key in spi_key_list: 457 self.dut_a.droid.ipSecReleaseSecurityParameterIndex(key) 458 spi = self.dut_a.droid.ipSecGetSecurityParameterIndex(key) 459 spi_list.append(spi) 460 if spi_list.count(0) != 10: 461 self.log.error("Could not release all SPIs") 462 res = False 463 464 return res 465 466 @test_tracker_info(uuid="efb22e2a-1c2f-43fc-85fa-5d9a5b8e2705") 467 def test_spi_allocate_release_requested_spi_ipv4_stress(self): 468 """ 469 Steps: 470 1. Request and release requested SPIs for IPv4 471 """ 472 for i in range(15): 473 self._test_spi_allocate_release_req_spi(self.dut_a, self.ipv4_dut_b) 474 self._test_spi_allocate_release_req_spi(self.dut_b, self.ipv4_dut_a) 475 476 @test_tracker_info(uuid="589749b7-3e6c-4a19-8404-d4a725d63dfd") 477 def test_spi_allocate_release_requested_spi_ipv6_stress(self): 478 """ 479 Steps: 480 1. Request and release requested SPIs for IPv6 481 """ 482 for i in range(15): 483 self._test_spi_allocate_release_req_spi(self.dut_a, self.ipv6_dut_b) 484 self._test_spi_allocate_release_req_spi(self.dut_b, self.ipv6_dut_a) 485 486 @test_tracker_info(uuid="4a48130a-3f69-4390-a587-20848dee4777") 487 def test_spi_allocate_release_random_spi_ipv4_stress(self): 488 """ 489 Steps: 490 1. Request and release random SPIs for IPv4 491 """ 492 for i in range(15): 493 self._test_spi_allocate_release_random_spi( 494 self.dut_a, self.ipv4_dut_b) 495 self._test_spi_allocate_release_random_spi( 496 self.dut_b, self.ipv4_dut_a) 497 498 @test_tracker_info(uuid="b56f6b65-cd71-4462-a739-e29d60e90ae8") 499 def test_spi_allocate_release_random_spi_ipv6_stress(self): 500 """ 501 Steps: 502 1. Request and release random SPIs for IPv6 503 """ 504 for i in range(15): 505 self._test_spi_allocate_release_random_spi( 506 self.dut_a, self.ipv6_dut_b) 507 self._test_spi_allocate_release_random_spi( 508 self.dut_b, self.ipv6_dut_a) 509 510 """ android.system.Os sockets """ 511 512 @test_tracker_info(uuid="65c9ab9a-1128-4ba0-a1a1-a9feb99ce712") 513 def test_transport_mode_udp_ipv4_file_descriptors_no_nat_no_encap(self): 514 """ 515 Steps: 516 1. Encrypt a android.system.Os IPv4 UDP socket with transport mode 517 transform with UDP encap on a non-NAT network 518 2. Verify encyption and decryption of packets 519 3. Remove transform and verify that packets are unencrypted 520 """ 521 self._test_transport_mode_transform_file_descriptors(cconst.AF_INET, 522 cconst.SOCK_DGRAM) 523 524 @test_tracker_info(uuid="66956266-f18b-490c-b859-08530c6745c9") 525 def test_transport_mode_udp_ipv4_file_descriptors_no_nat_with_encap(self): 526 """ 527 Steps: 528 1. Encrypt a android.system.Os IPv4 UDP socket with transport mode 529 transform with UDP encap on a non-NAT network 530 2. Verify encyption and decryption of packets 531 3. Remove transform and verify that packets are unencrypted 532 """ 533 self._test_transport_mode_transform_file_descriptors(cconst.AF_INET, 534 cconst.SOCK_DGRAM, 535 True) 536 537 @test_tracker_info(uuid="467a1e7b-e508-439f-be24-a213bec4a9f0") 538 def test_transport_mode_tcp_ipv4_file_descriptors_no_nat_no_encap(self): 539 """ 540 Steps: 541 1. Encrypt a android.system.Os IPv4 TCP socket with transport mode 542 transform without UDP encap on a non-NAT network 543 2. Verify encyption and decryption of packets 544 3. Remove transform and verify that packets are unencrypted 545 """ 546 self._test_transport_mode_transform_file_descriptors(cconst.AF_INET, 547 cconst.SOCK_STREAM) 548 549 @test_tracker_info(uuid="877a9516-2b1c-4b52-8931-3a9a55d57875") 550 def test_transport_mode_tcp_ipv4_file_descriptors_no_nat_with_encap(self): 551 """ 552 Steps: 553 1. Encrypt a android.system.Os IPv4 TCP socket with transport mode 554 transform with UDP encap on a non-NAT network 555 2. Verify encyption and decryption of packets 556 3. Remove transform and verify that packets are unencrypted 557 """ 558 self._test_transport_mode_transform_file_descriptors(cconst.AF_INET, 559 cconst.SOCK_STREAM, 560 True) 561 562 @test_tracker_info(uuid="a2dd8dc7-99c8-4420-b586-b4cd68f4197e") 563 def test_transport_mode_udp_ipv6_file_descriptors(self): 564 """ Verify transport mode transform on android.Os datagram sockets ipv4 565 566 Steps: 567 1. Encrypt a android.system.Os IPv6 UDP socket with transport mode 568 transform 569 2. Verify that packets are encrypted and decrypted at the other end 570 3. Remove tranform and verify that unencrypted packets are sent 571 """ 572 self._test_transport_mode_transform_file_descriptors(cconst.AF_INET6, 573 cconst.SOCK_DGRAM) 574 575 @test_tracker_info(uuid="7bc49d79-ffa8-4946-a25f-11daed4061cc") 576 def test_transport_mode_tcp_ipv6_file_descriptors(self): 577 """ Verify transport mode on android.system.Os stream sockets ipv6 578 579 Steps: 580 1. Encrypt a android.system.Os IPv6 TCP socket with transport mode 581 transform 582 2. Verify that packets are encrypted and decrypted at the other end 583 3. Remove tranform and verify that unencrypted packets are sent 584 """ 585 self._test_transport_mode_transform_file_descriptors(cconst.AF_INET6, 586 cconst.SOCK_STREAM) 587 588 """ Datagram socket tests """ 589 590 @test_tracker_info(uuid="7ff29fc9-41fd-44f4-81e9-ce8c3afd9304") 591 def test_transport_mode_udp_ipv4_datagram_sockets_no_nat_no_encap(self): 592 """ Verify transport mode transform on datagram sockets ipv6 - UDP 593 594 Steps: 595 1. Encypt a DatagramSocket IPv6 socket with transport mode transform 596 without UDP encap on a non-NAT network 597 2. Verify that packets are encrypted and decrypted at the other end 598 3. Remove tranform and verify that unencrypted packets are sent 599 """ 600 self._test_transport_mode_transform_datagram_sockets(cconst.AF_INET) 601 602 @test_tracker_info(uuid="552af945-a23a-49f2-9ceb-b0d1e7c1d50b") 603 def test_transport_mode_udp_ipv4_datagram_sockets_no_nat_with_encap(self): 604 """ Verify transport mode transform on datagram sockets ipv6 - UDP 605 606 Steps: 607 1. Encypt a DatagramSocket IPv6 socket with transport mode transform 608 with UDP encap on a non-NAT network 609 2. Verify that packets are encrypted and decrypted at the other end 610 3. Remove tranform and verify that unencrypted packets are sent 611 """ 612 self._test_transport_mode_transform_datagram_sockets(cconst.AF_INET, True) 613 614 @test_tracker_info(uuid="dd3a08c4-d393-46c4-b550-bc551ceb15f7") 615 def test_transport_mode_udp_ipv6_datagram_sockets(self): 616 """ Verify transport mode transform on datagram sockets ipv6 - UDP 617 618 Steps: 619 1. Encypt a DatagramSocket IPv6 socket with transport mode transform 620 2. Verify that packets are encrypted and decrypted at the other end 621 3. Remove tranform and verify that unencrypted packets are sent 622 """ 623 self._test_transport_mode_transform_datagram_sockets(cconst.AF_INET6) 624 625 """ Socket & server socket tests """ 626 627 @test_tracker_info(uuid="f851b5da-790a-45c6-8968-1a347ef30cf2") 628 def test_transport_mode_tcp_ipv4_sockets_no_nat_no_encap(self): 629 """ Verify transport mode transform on sockets ipv4 - TCP 630 631 Steps: 632 1. Encypt a Socket IPv4 socket with transport mode transform without 633 UDP encap on a non-NAT network 634 2. Verify that packets are encrypted and decrypted at the other end 635 3. Remove tranform and verify that unencrypted packets are sent 636 """ 637 self._test_transport_mode_transform_sockets(cconst.AF_INET) 638 639 @test_tracker_info(uuid="11982874-8625-40c1-aae5-8327217bb3c4") 640 def test_transport_mode_tcp_ipv4_sockets_no_nat_with_encap(self): 641 """ Verify transport mode transform on sockets ipv4 - TCP 642 643 Steps: 644 1. Encypt a Socket IPv4 socket with transport mode transform with 645 UDP encap on a non-NAT network 646 2. Verify that packets are encrypted and decrypted at the other end 647 3. Remove tranform and verify that unencrypted packets are sent 648 """ 649 self._test_transport_mode_transform_sockets(cconst.AF_INET, True) 650 651 @test_tracker_info(uuid="ba8f98c7-2123-4082-935f-a5fd5e6fb461") 652 def test_transport_mode_tcp_ipv6_sockets(self): 653 """ Verify transport mode transform on sockets ipv6 - TCP 654 655 Steps: 656 1. Encypt a Socket IPv6 socket with transport mode transform 657 2. Verify that packets are encrypted and decrypted at the other end 658 3. Remove tranform and verify that unencrypted packets are sent 659 """ 660 self._test_transport_mode_transform_sockets(cconst.AF_INET6) 661 662 """ Tests end """ 663