• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/usr/bin/python3
2#
3# Copyright 2017 The Android Open Source Project
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
17# pylint: disable=g-bad-todo,g-bad-file-header,wildcard-import
18from socket import *
19import unittest
20
21import binascii
22import csocket
23import pf_key
24import xfrm
25
26ENCRYPTION_KEY = binascii.unhexlify("308146eb3bd84b044573d60f5a5fd159"
27                                    "57c7d4fe567a2120f35bae0f9869ec22")
28AUTH_KEY = binascii.unhexlify("af442892cdcd0ef650e9c299f9a8436a")
29
30
31class PfKeyTest(unittest.TestCase):
32
33  def setUp(self):
34    self.pf_key = pf_key.PfKey()
35    self.xfrm = xfrm.Xfrm()
36
37  def tearDown(self):
38    self.pf_key.close()
39    self.pf_key = None
40
41  def testAddDelSa(self):
42    src4 = csocket.Sockaddr(("192.0.2.1", 0))
43    dst4 = csocket.Sockaddr(("192.0.2.2", 1))
44    self.pf_key.AddSa(src4, dst4, 0xdeadbeef, pf_key.SADB_TYPE_ESP,
45                      pf_key.IPSEC_MODE_TRANSPORT, 54321,
46                      pf_key.SADB_X_EALG_AESCBC, ENCRYPTION_KEY,
47                      pf_key.SADB_X_AALG_SHA2_256HMAC, ENCRYPTION_KEY)
48
49    src6 = csocket.Sockaddr(("2001:db8::1", 0))
50    dst6 = csocket.Sockaddr(("2001:db8::2", 0))
51    self.pf_key.AddSa(src6, dst6, 0xbeefdead, pf_key.SADB_TYPE_ESP,
52                      pf_key.IPSEC_MODE_TRANSPORT, 12345,
53                      pf_key.SADB_X_EALG_AESCBC, ENCRYPTION_KEY,
54                      pf_key.SADB_X_AALG_SHA2_256HMAC, ENCRYPTION_KEY)
55
56    sainfos = self.xfrm.DumpSaInfo()
57    self.assertEqual(2, len(sainfos))
58    state4, attrs4 = [(s, a) for s, a in sainfos if s.family == AF_INET][0]
59    state6, attrs6 = [(s, a) for s, a in sainfos if s.family == AF_INET6][0]
60
61    pfkey_sainfos = self.pf_key.DumpSaInfo()
62    self.assertEqual(2, len(pfkey_sainfos))
63    self.assertTrue(all(msg.satype == pf_key.SDB_TYPE_ESP)
64                    for msg, _ in pfkey_sainfos)
65
66    self.assertEqual(xfrm.IPPROTO_ESP, state4.id.proto)
67    self.assertEqual(xfrm.IPPROTO_ESP, state6.id.proto)
68    self.assertEqual(54321, state4.reqid)
69    self.assertEqual(12345, state6.reqid)
70    self.assertEqual(0xdeadbeef, state4.id.spi)
71    self.assertEqual(0xbeefdead, state6.id.spi)
72
73    self.assertEqual(xfrm.PaddedAddress("192.0.2.1"), state4.saddr)
74    self.assertEqual(xfrm.PaddedAddress("192.0.2.2"), state4.id.daddr)
75    self.assertEqual(xfrm.PaddedAddress("2001:db8::1"), state6.saddr)
76    self.assertEqual(xfrm.PaddedAddress("2001:db8::2"), state6.id.daddr)
77
78    # The algorithm names are null-terminated, but after that contain garbage.
79    # Kernel bug?
80    aes_name = b"cbc(aes)\x00"
81    sha256_name = b"hmac(sha256)\x00"
82    self.assertTrue(attrs4["XFRMA_ALG_CRYPT"].name.startswith(aes_name))
83    self.assertTrue(attrs6["XFRMA_ALG_CRYPT"].name.startswith(aes_name))
84    self.assertTrue(attrs4["XFRMA_ALG_AUTH"].name.startswith(sha256_name))
85    self.assertTrue(attrs6["XFRMA_ALG_AUTH"].name.startswith(sha256_name))
86
87    self.assertEqual(256, attrs4["XFRMA_ALG_CRYPT"].key_len)
88    self.assertEqual(256, attrs6["XFRMA_ALG_CRYPT"].key_len)
89    self.assertEqual(256, attrs4["XFRMA_ALG_AUTH"].key_len)
90    self.assertEqual(256, attrs6["XFRMA_ALG_AUTH"].key_len)
91    self.assertEqual(256, attrs4["XFRMA_ALG_AUTH_TRUNC"].key_len)
92    self.assertEqual(256, attrs6["XFRMA_ALG_AUTH_TRUNC"].key_len)
93
94    if attrs4["XFRMA_ALG_AUTH_TRUNC"].trunc_len == 96:
95        missing4 = True
96    else:
97        self.assertEqual(128, attrs4["XFRMA_ALG_AUTH_TRUNC"].trunc_len)
98        missing4 = False
99
100    if attrs6["XFRMA_ALG_AUTH_TRUNC"].trunc_len == 96:
101        missing6 = True
102    else:
103        self.assertEqual(128, attrs6["XFRMA_ALG_AUTH_TRUNC"].trunc_len)
104        missing6 = False
105
106    self.pf_key.DelSa(src4, dst4, 0xdeadbeef, pf_key.SADB_TYPE_ESP)
107    self.assertEqual(1, len(self.xfrm.DumpSaInfo()))
108    self.pf_key.DelSa(src6, dst6, 0xbeefdead, pf_key.SADB_TYPE_ESP)
109    self.assertEqual(0, len(self.xfrm.DumpSaInfo()))
110
111    if missing4 or missing6:
112        self.assertFalse("missing b8a72fd7c4e9 ANDROID: net: xfrm: make PF_KEY SHA256 use RFC-compliant truncation.")
113
114
115if __name__ == "__main__":
116  unittest.main()
117