Google Git
Sign in
android / platform / packages / modules / IPsec / afa573858da1f9e403278bdc7fd5f751f65de0c6 / . / tests / iketests / src / java / android / net / ipsec / ike / TunnelModeChildSessionParamsTest.java
blob: 76cd0b30c586fb6a8d47f0b607efe311f5d5d62c [file] [log] [blame]
/*
* Copyright (C) 2019 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.net.ipsec.test.ike;
import static android.net.ipsec.test.ike.ChildSessionParams.CHILD_HARD_LIFETIME_SEC_DEFAULT;
import static android.net.ipsec.test.ike.ChildSessionParams.CHILD_HARD_LIFETIME_SEC_MAXIMUM;
import static android.net.ipsec.test.ike.ChildSessionParams.CHILD_HARD_LIFETIME_SEC_MINIMUM;
import static android.net.ipsec.test.ike.ChildSessionParams.CHILD_SOFT_LIFETIME_SEC_DEFAULT;
import static android.system.OsConstants.AF_INET;
import static android.system.OsConstants.AF_INET6;
import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_ADDRESS;
import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_DHCP;
import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_DNS;
import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_NETMASK;
import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP6_ADDRESS;
import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP6_DNS;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.fail;
import android.net.InetAddresses;
import android.util.SparseArray;
import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttribute;
import org.junit.Before;
import org.junit.Test;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.util.concurrent.TimeUnit;
public final class TunnelModeChildSessionParamsTest {
private static final int NUM_TS = 2;
private static final int IP6_PREFIX_LEN = 64;
private static final int INVALID_ADDR_FAMILY = 5;
private static final Inet4Address IPV4_ADDRESS =
(Inet4Address) InetAddresses.parseNumericAddress("192.0.2.100");
private static final Inet6Address IPV6_ADDRESS =
(Inet6Address) InetAddresses.parseNumericAddress("2001:db8::1");
private static final Inet4Address IPV4_DNS_SERVER =
(Inet4Address) InetAddresses.parseNumericAddress("8.8.8.8");
private static final Inet6Address IPV6_DNS_SERVER =
(Inet6Address) InetAddresses.parseNumericAddress("2001:4860:4860::8888");
private static final Inet4Address IPV4_DHCP_SERVER =
(Inet4Address) InetAddresses.parseNumericAddress("192.0.2.200");
private ChildSaProposal mSaProposal;
@Before
public void setup() {
mSaProposal =
new ChildSaProposal.Builder()
.addEncryptionAlgorithm(
SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12,
SaProposal.KEY_LEN_AES_128)
.build();
}
private void verifyCommon(TunnelModeChildSessionParams childParams) {
assertArrayEquals(new SaProposal[] {mSaProposal}, childParams.getSaProposalsInternal());
assertEquals(NUM_TS, childParams.getInboundTrafficSelectorsInternal().length);
assertEquals(NUM_TS, childParams.getOutboundTrafficSelectorsInternal().length);
assertFalse(childParams.isTransportMode());
}
private void verifyAttrTypes(
SparseArray expectedAttrCntMap, TunnelModeChildSessionParams childParams) {
ConfigAttribute[] configAttributes = childParams.getConfigurationAttributesInternal();
SparseArray<Integer> atrrCntMap = expectedAttrCntMap.clone();
for (int i = 0; i < configAttributes.length; i++) {
int attType = configAttributes[i].attributeType;
assertNotNull(atrrCntMap.get(attType));
atrrCntMap.put(attType, atrrCntMap.get(attType) - 1);
if (atrrCntMap.get(attType) == 0) atrrCntMap.remove(attType);
}
assertEquals(0, atrrCntMap.size());
}
@Test
public void testBuildChildSessionParamsWithoutConfigReq() {
TunnelModeChildSessionParams childParams =
new TunnelModeChildSessionParams.Builder().addSaProposal(mSaProposal).build();
verifyCommon(childParams);
assertEquals(0, childParams.getConfigurationAttributesInternal().length);
assertEquals(CHILD_HARD_LIFETIME_SEC_DEFAULT, childParams.getHardLifetimeSeconds());
assertEquals(CHILD_SOFT_LIFETIME_SEC_DEFAULT, childParams.getSoftLifetimeSeconds());
}
@Test
public void testBuildChildSessionParamsWithLifetime() {
int hardLifetimeSec = (int) TimeUnit.HOURS.toSeconds(3L);
int softLifetimeSec = (int) TimeUnit.HOURS.toSeconds(1L);
TunnelModeChildSessionParams childParams =
new TunnelModeChildSessionParams.Builder()
.addSaProposal(mSaProposal)
.setLifetimeSeconds(hardLifetimeSec, softLifetimeSec)
.build();
verifyCommon(childParams);
assertEquals(0, childParams.getConfigurationAttributesInternal().length);
assertEquals(hardLifetimeSec, childParams.getHardLifetimeSeconds());
assertEquals(softLifetimeSec, childParams.getSoftLifetimeSeconds());
}
@Test
public void testBuildChildSessionParamsWithAddressReq() {
TunnelModeChildSessionParams childParams =
new TunnelModeChildSessionParams.Builder()
.addSaProposal(mSaProposal)
.addInternalAddressRequest(AF_INET)
.addInternalAddressRequest(AF_INET6)
.addInternalAddressRequest(AF_INET6)
.addInternalAddressRequest(IPV4_ADDRESS)
.addInternalAddressRequest(IPV6_ADDRESS, IP6_PREFIX_LEN)
.build();
verifyCommon(childParams);
SparseArray<Integer> expectedAttrCntMap = new SparseArray<>();
expectedAttrCntMap.put(CONFIG_ATTR_INTERNAL_IP4_ADDRESS, 2);
expectedAttrCntMap.put(CONFIG_ATTR_INTERNAL_IP6_ADDRESS, 3);
expectedAttrCntMap.put(CONFIG_ATTR_INTERNAL_IP4_NETMASK, 1);
verifyAttrTypes(expectedAttrCntMap, childParams);
}
@Test
public void testBuildChildSessionParamsWithDnsServerReq() {
TunnelModeChildSessionParams childParams =
new TunnelModeChildSessionParams.Builder()
.addSaProposal(mSaProposal)
.addInternalDnsServerRequest(AF_INET)
.addInternalDnsServerRequest(AF_INET6)
.addInternalDnsServerRequest(IPV4_DNS_SERVER)
.addInternalDnsServerRequest(IPV6_DNS_SERVER)
.build();
verifyCommon(childParams);
SparseArray<Integer> expectedAttrCntMap = new SparseArray<>();
expectedAttrCntMap.put(CONFIG_ATTR_INTERNAL_IP4_DNS, 2);
expectedAttrCntMap.put(CONFIG_ATTR_INTERNAL_IP6_DNS, 2);
verifyAttrTypes(expectedAttrCntMap, childParams);
}
@Test
public void testBuildChildSessionParamsWithDhcpServerReq() {
TunnelModeChildSessionParams childParams =
new TunnelModeChildSessionParams.Builder()
.addSaProposal(mSaProposal)
.addInternalDhcpServerRequest(AF_INET)
.addInternalDhcpServerRequest(AF_INET)
.addInternalDhcpServerRequest(AF_INET)
.addInternalDhcpServerRequest(IPV4_DHCP_SERVER)
.build();
verifyCommon(childParams);
SparseArray<Integer> expectedAttrCntMap = new SparseArray<>();
expectedAttrCntMap.put(CONFIG_ATTR_INTERNAL_IP4_DHCP, 4);
verifyAttrTypes(expectedAttrCntMap, childParams);
}
@Test
public void testBuildChildSessionParamsWithDhcp6SeverReq() {
try {
new TunnelModeChildSessionParams.Builder()
.addSaProposal(mSaProposal)
.addInternalDhcpServerRequest(AF_INET6)
.addInternalDhcpServerRequest(AF_INET6)
.addInternalDhcpServerRequest(AF_INET6)
.build();
fail("Expected to fail because DHCP6 is not supported.");
} catch (IllegalArgumentException expected) {
}
}
@Test
public void testBuildChildSessionParamsWithInvalidDhcpReq() {
try {
new TunnelModeChildSessionParams.Builder()
.addSaProposal(mSaProposal)
.addInternalDhcpServerRequest(INVALID_ADDR_FAMILY)
.build();
fail("Expected to fail due to invalid address family value");
} catch (IllegalArgumentException expected) {
}
}
@Test
public void testSetHardLifetimeTooLong() throws Exception {
try {
new TunnelModeChildSessionParams.Builder()
.setLifetimeSeconds(
CHILD_HARD_LIFETIME_SEC_MAXIMUM + 1, CHILD_SOFT_LIFETIME_SEC_DEFAULT);
fail("Expected failure because hard lifetime is too long");
} catch (IllegalArgumentException expected) {
}
}
@Test
public void testSetHardLifetimeTooShort() throws Exception {
try {
new TunnelModeChildSessionParams.Builder()
.setLifetimeSeconds(
CHILD_HARD_LIFETIME_SEC_MINIMUM - 1, CHILD_SOFT_LIFETIME_SEC_DEFAULT);
fail("Expected failure because hard lifetime is too short");
} catch (IllegalArgumentException expected) {
}
}
@Test
public void testSetSoftLifetimeTooLong() throws Exception {
try {
new TunnelModeChildSessionParams.Builder()
.setLifetimeSeconds(
CHILD_HARD_LIFETIME_SEC_DEFAULT, CHILD_HARD_LIFETIME_SEC_DEFAULT);
fail("Expected failure because soft lifetime is too long");
} catch (IllegalArgumentException expected) {
}
}
@Test
public void testSetSoftLifetimeTooShort() throws Exception {
try {
new TunnelModeChildSessionParams.Builder()
.setLifetimeSeconds(CHILD_HARD_LIFETIME_SEC_DEFAULT, 0);
fail("Expected failure because soft lifetime is too short");
} catch (IllegalArgumentException expected) {
}
}
@Test
public void testConstructTunnelModeChildParamsCopy() throws Exception {
TunnelModeChildSessionParams childParams =
new TunnelModeChildSessionParams.Builder()
.addSaProposal(mSaProposal)
.setLifetimeSeconds(
(int) TimeUnit.HOURS.toSeconds(3L),
(int) TimeUnit.HOURS.toSeconds(1L))
.addInternalAddressRequest(AF_INET)
.addInternalAddressRequest(AF_INET6)
.addInternalAddressRequest(IPV4_ADDRESS)
.addInternalAddressRequest(IPV6_ADDRESS, IP6_PREFIX_LEN)
.addInternalDnsServerRequest(AF_INET)
.addInternalDnsServerRequest(AF_INET6)
.addInternalDhcpServerRequest(AF_INET)
.build();
TunnelModeChildSessionParams result =
new TunnelModeChildSessionParams.Builder(childParams).build();
assertEquals(childParams, result);
}
}