v811_spc009/kernel/tests/net/test/pf_key_test.py

#!/usr/bin/python
#
# Copyright 2017 The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# pylint: disable=g-bad-todo,g-bad-file-header,wildcard-import
from socket import *
import unittest

import csocket
import pf_key
import xfrm

ENCRYPTION_KEY = ("308146eb3bd84b044573d60f5a5fd159"
                  "57c7d4fe567a2120f35bae0f9869ec22".decode("hex"))
AUTH_KEY = "af442892cdcd0ef650e9c299f9a8436a".decode("hex")


class PfKeyTest(unittest.TestCase):

  def setUp(self):
    self.pf_key = pf_key.PfKey()
    self.xfrm = xfrm.Xfrm()

  def testAddDelSa(self):
    src4 = csocket.Sockaddr(("192.0.2.1", 0))
    dst4 = csocket.Sockaddr(("192.0.2.2", 1))
    self.pf_key.AddSa(src4, dst4, 0xdeadbeef, pf_key.SADB_TYPE_ESP,
                      pf_key.IPSEC_MODE_TRANSPORT, 54321,
                      pf_key.SADB_X_EALG_AESCBC, ENCRYPTION_KEY,
                      pf_key.SADB_X_AALG_SHA2_256HMAC, ENCRYPTION_KEY)

    src6 = csocket.Sockaddr(("2001:db8::1", 0))
    dst6 = csocket.Sockaddr(("2001:db8::2", 0))
    self.pf_key.AddSa(src6, dst6, 0xbeefdead, pf_key.SADB_TYPE_ESP,
                      pf_key.IPSEC_MODE_TRANSPORT, 12345,
                      pf_key.SADB_X_EALG_AESCBC, ENCRYPTION_KEY,
                      pf_key.SADB_X_AALG_SHA2_256HMAC, ENCRYPTION_KEY)

    sainfos = self.xfrm.DumpSaInfo()
    self.assertEqual(2, len(sainfos))
    state4, attrs4 = [(s, a) for s, a in sainfos if s.family == AF_INET][0]
    state6, attrs6 = [(s, a) for s, a in sainfos if s.family == AF_INET6][0]

    pfkey_sainfos = self.pf_key.DumpSaInfo()
    self.assertEqual(2, len(pfkey_sainfos))
    self.assertTrue(all(msg.satype == pf_key.SDB_TYPE_ESP)
                    for msg, _ in pfkey_sainfos)

    self.assertEqual(xfrm.IPPROTO_ESP, state4.id.proto)
    self.assertEqual(xfrm.IPPROTO_ESP, state6.id.proto)
    self.assertEqual(54321, state4.reqid)
    self.assertEqual(12345, state6.reqid)
    self.assertEqual(0xdeadbeef, state4.id.spi)
    self.assertEqual(0xbeefdead, state6.id.spi)

    self.assertEqual(xfrm.PaddedAddress("192.0.2.1"), state4.saddr)
    self.assertEqual(xfrm.PaddedAddress("192.0.2.2"), state4.id.daddr)
    self.assertEqual(xfrm.PaddedAddress("2001:db8::1"), state6.saddr)
    self.assertEqual(xfrm.PaddedAddress("2001:db8::2"), state6.id.daddr)

    # The algorithm names are null-terminated, but after that contain garbage.
    # Kernel bug?
    aes_name = "cbc(aes)\x00"
    sha256_name = "hmac(sha256)\x00"
    self.assertTrue(attrs4["XFRMA_ALG_CRYPT"].name.startswith(aes_name))
    self.assertTrue(attrs6["XFRMA_ALG_CRYPT"].name.startswith(aes_name))
    self.assertTrue(attrs4["XFRMA_ALG_AUTH"].name.startswith(sha256_name))
    self.assertTrue(attrs6["XFRMA_ALG_AUTH"].name.startswith(sha256_name))

    self.assertEqual(256, attrs4["XFRMA_ALG_CRYPT"].key_len)
    self.assertEqual(256, attrs4["XFRMA_ALG_CRYPT"].key_len)
    self.assertEqual(256, attrs6["XFRMA_ALG_AUTH"].key_len)
    self.assertEqual(256, attrs6["XFRMA_ALG_AUTH"].key_len)
    self.assertEqual(256, attrs6["XFRMA_ALG_AUTH_TRUNC"].key_len)
    self.assertEqual(256, attrs6["XFRMA_ALG_AUTH_TRUNC"].key_len)

    self.assertEqual(128, attrs4["XFRMA_ALG_AUTH_TRUNC"].trunc_len)
    self.assertEqual(128, attrs4["XFRMA_ALG_AUTH_TRUNC"].trunc_len)

    self.pf_key.DelSa(src4, dst4, 0xdeadbeef, pf_key.SADB_TYPE_ESP)
    self.assertEqual(1, len(self.xfrm.DumpSaInfo()))
    self.pf_key.DelSa(src6, dst6, 0xbeefdead, pf_key.SADB_TYPE_ESP)
    self.assertEqual(0, len(self.xfrm.DumpSaInfo()))


if __name__ == "__main__":
  unittest.main()