1#
2#   Copyright 2018 - The Android Open Source Project
3#
4#   Licensed under the Apache License, Version 2.0 (the "License");
5#   you may not use this file except in compliance with the License.
6#   You may obtain a copy of the License at
7#
8#       http://www.apache.org/licenses/LICENSE-2.0
9#
10#   Unless required by applicable law or agreed to in writing, software
11#   distributed under the License is distributed on an "AS IS" BASIS,
12#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13#   See the License for the specific language governing permissions and
14#   limitations under the License.
15
16from acts import asserts
17from acts import base_test
18from acts.controllers import adb
19from acts.test_decorators import test_tracker_info
20from acts_contrib.test_utils.net import connectivity_const as cconst
21from acts_contrib.test_utils.net import ipsec_test_utils as iutils
22from acts_contrib.test_utils.net import socket_test_utils as sutils
23from acts_contrib.test_utils.net.net_test_utils import start_tcpdump
24from acts_contrib.test_utils.net.net_test_utils import stop_tcpdump
25from acts_contrib.test_utils.wifi import wifi_test_utils as wutils
26
27import random
28import time
29
30WLAN = "wlan0"
31WAIT_FOR_IP = 15
32
33
34class IpSecTest(base_test.BaseTestClass):
35    """ Tests for UID networking """
36
37    def setup_class(self):
38        """ Setup devices for tests and unpack params """
39        self.dut_a = self.android_devices[0]
40        self.dut_b = self.android_devices[1]
41
42        req_params = ("wifi_network",)
43        self.unpack_userparams(req_params)
44        wutils.connect_to_wifi_network(self.dut_a, self.wifi_network)
45        wutils.connect_to_wifi_network(self.dut_b, self.wifi_network)
46        time.sleep(WAIT_FOR_IP)
47
48        try:
49            self.ipv4_dut_a = self.dut_a.droid.connectivityGetIPv4Addresses(
50                WLAN)[0]
51            self.ipv4_dut_b = self.dut_b.droid.connectivityGetIPv4Addresses(
52                WLAN)[0]
53            self.ipv6_dut_a = self.dut_a.droid.connectivityGetIPv6Addresses(
54                WLAN)[0]
55            self.ipv6_dut_b = self.dut_b.droid.connectivityGetIPv6Addresses(
56                WLAN)[0]
57        except Exception as e:
58            asserts.abort_class("Failed to get IPv4/IPv6 address: %s" % e)
59
60        self.crypt_auth_combos = iutils.generate_random_crypt_auth_combo()
61
62        self.tcpdump_pid_a = None
63        self.tcpdump_pid_b = None
64
65    def teardown_class(self):
66        for ad in self.android_devices:
67            wutils.reset_wifi(ad)
68
69    def setup_test(self):
70        self.tcpdump_pid_a = start_tcpdump(self.dut_a, self.test_name)
71        self.tcpdump_pid_b = start_tcpdump(self.dut_b, self.test_name)
72
73    def teardown_test(self):
74        stop_tcpdump(self.dut_a, self.tcpdump_pid_a, self.test_name)
75        stop_tcpdump(self.dut_b, self.tcpdump_pid_b, self.test_name)
76
77    def on_fail(self, test_name, begin_time):
78        self.dut_a.take_bug_report(test_name, begin_time)
79        self.dut_b.take_bug_report(test_name, begin_time)
80
81    """ Helper functions begin """
82
83    def _test_spi_allocate_release_req_spi(self, dut, ip):
84        req_spi = random.randint(1, 999999999)
85        self.log.info("IP addr: %s" % ip)
86        self.log.info("Request SPI: %s" % req_spi)
87        key = dut.droid.ipSecAllocateSecurityParameterIndex(ip, req_spi)
88        spi = dut.droid.ipSecGetSecurityParameterIndex(key)
89        self.log.info("Got: %s" % spi)
90        dut.droid.ipSecReleaseSecurityParameterIndex(key)
91        asserts.assert_true(req_spi == spi, "Incorrect SPI")
92        spi = dut.droid.ipSecGetSecurityParameterIndex(key)
93        self.log.info("SPI after release: %s" % spi)
94        asserts.assert_true(spi == 0, "Release SPI failed")
95
96    def _test_spi_allocate_release_random_spi(self, dut, ip):
97        self.log.info("IP addr: %s" % ip)
98        key = dut.droid.ipSecAllocateSecurityParameterIndex(ip)
99        spi = dut.droid.ipSecGetSecurityParameterIndex(key)
100        self.log.info("Got: %s" % spi)
101        dut.droid.ipSecReleaseSecurityParameterIndex(key)
102        spi = dut.droid.ipSecGetSecurityParameterIndex(key)
103        self.log.info("SPI after release: %s" % spi)
104        asserts.assert_true(spi == 0, "Release SPI failed")
105
106    def _test_transport_mode_transform_file_descriptors(self,
107                                                        domain,
108                                                        sock_type,
109                                                        udp_encap = False):
110        """Test transport mode tranform with android.system.Os sockets"""
111
112        # dut objects & ip addrs
113        dut_a = self.dut_a
114        dut_b = self.dut_b
115        port = random.randint(5000, 6000)
116        udp_encap_port = 4500
117        ip_a = self.ipv4_dut_a
118        ip_b = self.ipv4_dut_b
119        if domain == cconst.AF_INET6:
120            ip_a = self.ipv6_dut_a
121            ip_b = self.ipv6_dut_b
122        self.log.info("DUT_A IP addr: %s" % ip_a)
123        self.log.info("DUT_B IP addr: %s" % ip_b)
124        self.log.info("Port: %s" % port)
125
126        # create crypt and auth keys
127        cl, auth_algo, al, trunc_bits = random.choice(self.crypt_auth_combos)
128        crypt_key = iutils.make_key(cl)
129        auth_key = iutils.make_key(al)
130        crypt_algo = cconst.CRYPT_AES_CBC
131
132        # open sockets
133        fd_a = sutils.open_android_socket(dut_a, domain, sock_type, ip_a, port)
134        fd_b = sutils.open_android_socket(dut_b, domain, sock_type, ip_b, port)
135
136        # allocate SPIs
137        spi_keys_a = iutils.allocate_spis(dut_a, ip_a, ip_b)
138        in_spi = dut_a.droid.ipSecGetSecurityParameterIndex(spi_keys_a[0])
139        out_spi = dut_a.droid.ipSecGetSecurityParameterIndex(spi_keys_a[1])
140        spi_keys_b = iutils.allocate_spis(dut_b, ip_b, ip_a, out_spi, in_spi)
141
142        # open udp encap sockets
143        udp_encap_a = None
144        udp_encap_b = None
145        if udp_encap:
146            udp_encap_a = dut_a.droid.ipSecOpenUdpEncapsulationSocket(
147                udp_encap_port)
148            udp_encap_b = dut_b.droid.ipSecOpenUdpEncapsulationSocket(
149                udp_encap_port)
150        self.log.info("UDP Encap: %s" % udp_encap_a)
151        self.log.info("UDP Encap: %s" % udp_encap_b)
152
153        # create transforms
154        transforms_a = iutils.create_transport_mode_transforms(
155            dut_a, spi_keys_a, ip_a, ip_b, crypt_algo, crypt_key, auth_algo,
156            auth_key, trunc_bits, udp_encap_a)
157        transforms_b = iutils.create_transport_mode_transforms(
158            dut_b, spi_keys_b, ip_b, ip_a, crypt_algo, crypt_key, auth_algo,
159            auth_key, trunc_bits, udp_encap_b)
160
161        # apply transforms to socket
162        iutils.apply_transport_mode_transforms_file_descriptors(
163            dut_a, fd_a, transforms_a)
164        iutils.apply_transport_mode_transforms_file_descriptors(
165            dut_b, fd_b, transforms_b)
166
167        # listen, connect, accept if TCP socket
168        if sock_type == cconst.SOCK_STREAM:
169            server_fd = fd_b
170            self.log.info("Setup TCP connection")
171            dut_b.droid.listenSocket(fd_b)
172            dut_a.droid.connectSocket(fd_a, ip_b, port)
173            fd_b = dut_b.droid.acceptSocket(fd_b)
174            asserts.assert_true(fd_b, "accept() failed")
175
176        # Send message from one dut to another
177        sutils.send_recv_data_android_sockets(
178            dut_a, dut_b, fd_a, fd_b, ip_b, port)
179
180        # verify ESP packets
181        iutils.verify_esp_packets([dut_a, dut_b])
182
183        # remove transforms from socket
184        iutils.remove_transport_mode_transforms_file_descriptors(dut_a, fd_a)
185        iutils.remove_transport_mode_transforms_file_descriptors(dut_b, fd_b)
186
187        # destroy transforms
188        iutils.destroy_transport_mode_transforms(dut_a, transforms_a)
189        iutils.destroy_transport_mode_transforms(dut_b, transforms_b)
190
191        # close udp encap sockets
192        if udp_encap:
193            dut_a.droid.ipSecCloseUdpEncapsulationSocket(udp_encap_a)
194            dut_b.droid.ipSecCloseUdpEncapsulationSocket(udp_encap_b)
195
196        # release SPIs
197        iutils.release_spis(dut_a, spi_keys_a)
198        iutils.release_spis(dut_b, spi_keys_b)
199
200        # Send message from one dut to another
201        sutils.send_recv_data_android_sockets(
202            dut_a, dut_b, fd_a, fd_b, ip_b, port)
203
204        # close sockets
205        sutils.close_android_socket(dut_a, fd_a)
206        sutils.close_android_socket(dut_b, fd_b)
207        if sock_type == cconst.SOCK_STREAM:
208            sutils.close_android_socket(dut_b, server_fd)
209
210    def _test_transport_mode_transform_datagram_sockets(self,
211                                                        domain,
212                                                        udp_encap = False):
213        """ Test transport mode transform datagram sockets """
214
215        # dut objects and ip addrs
216        dut_a = self.dut_a
217        dut_b = self.dut_b
218        udp_encap_port = 4500
219        ip_a = self.ipv4_dut_a
220        ip_b = self.ipv4_dut_b
221        if domain == cconst.AF_INET6:
222            ip_a = self.ipv6_dut_a
223            ip_b = self.ipv6_dut_b
224        self.log.info("DUT_A IP addr: %s" % ip_a)
225        self.log.info("DUT_B IP addr: %s" % ip_b)
226
227        # create crypt and auth keys
228        cl, auth_algo, al, trunc_bits = random.choice(self.crypt_auth_combos)
229        crypt_key = iutils.make_key(cl)
230        auth_key = iutils.make_key(al)
231        crypt_algo = cconst.CRYPT_AES_CBC
232
233        # open sockets
234        socket_a = sutils.open_datagram_socket(dut_a, ip_a, 0)
235        socket_b = sutils.open_datagram_socket(dut_b, ip_b, 0)
236        port = dut_b.droid.getPortOfDatagramSocket(socket_b)
237
238        # allocate SPIs
239        spi_keys_a = iutils.allocate_spis(dut_a, ip_a, ip_b)
240        in_spi = dut_a.droid.ipSecGetSecurityParameterIndex(spi_keys_a[0])
241        out_spi = dut_a.droid.ipSecGetSecurityParameterIndex(spi_keys_a[1])
242        spi_keys_b = iutils.allocate_spis(dut_b, ip_b, ip_a, out_spi, in_spi)
243
244        # open udp encap sockets
245        udp_encap_a = None
246        udp_encap_b = None
247        if udp_encap:
248            udp_encap_a = dut_a.droid.ipSecOpenUdpEncapsulationSocket(
249                udp_encap_port)
250            udp_encap_b = dut_b.droid.ipSecOpenUdpEncapsulationSocket(
251                udp_encap_port)
252        self.log.info("UDP Encap: %s" % udp_encap_a)
253        self.log.info("UDP Encap: %s" % udp_encap_b)
254
255        # create transforms
256        transforms_a = iutils.create_transport_mode_transforms(
257            dut_a, spi_keys_a, ip_a, ip_b, crypt_algo, crypt_key, auth_algo,
258            auth_key, trunc_bits, udp_encap_a)
259        transforms_b = iutils.create_transport_mode_transforms(
260            dut_b, spi_keys_b, ip_b, ip_a, crypt_algo, crypt_key, auth_algo,
261            auth_key, trunc_bits, udp_encap_b)
262
263        # apply transforms
264        iutils.apply_transport_mode_transforms_datagram_socket(
265            dut_a, socket_a, transforms_a)
266        iutils.apply_transport_mode_transforms_datagram_socket(
267            dut_b, socket_b, transforms_b)
268
269        # send and verify message from one dut to another
270        sutils.send_recv_data_datagram_sockets(
271            dut_a, dut_b, socket_a, socket_b, ip_b, port)
272
273        # verify ESP packets
274        iutils.verify_esp_packets([dut_a, dut_b])
275
276        # remove transforms
277        iutils.remove_transport_mode_transforms_datagram_socket(dut_a, socket_a)
278        iutils.remove_transport_mode_transforms_datagram_socket(dut_b, socket_b)
279
280        # destroy transforms
281        iutils.destroy_transport_mode_transforms(dut_a, transforms_a)
282        iutils.destroy_transport_mode_transforms(dut_b, transforms_b)
283
284        # close udp encap sockets
285        if udp_encap:
286            dut_a.droid.ipSecCloseUdpEncapsulationSocket(udp_encap_a)
287            dut_b.droid.ipSecCloseUdpEncapsulationSocket(udp_encap_b)
288
289        # release SPIs
290        iutils.release_spis(dut_a, spi_keys_a)
291        iutils.release_spis(dut_b, spi_keys_b)
292
293        # Send and verify message from one dut to another
294        sutils.send_recv_data_datagram_sockets(
295            dut_a, dut_b, socket_a, socket_b, ip_b, port)
296
297        # close sockets
298        sutils.close_datagram_socket(dut_a, socket_a)
299        sutils.close_datagram_socket(dut_b, socket_b)
300
301    def _test_transport_mode_transform_sockets(self, domain, udp_encap = False):
302
303        # dut objects and ip addrs
304        dut_a = self.dut_a
305        dut_b = self.dut_b
306        ip_a = self.ipv4_dut_a
307        ip_b = self.ipv4_dut_b
308        if domain == cconst.AF_INET6:
309            ip_a = self.ipv6_dut_a
310            ip_b = self.ipv6_dut_b
311        self.log.info("DUT_A IP addr: %s" % ip_a)
312        self.log.info("DUT_B IP addr: %s" % ip_b)
313        udp_encap_port = 4500
314
315        # open sockets
316        server_sock = sutils.open_server_socket(dut_b, ip_b, 0)
317        port = dut_b.droid.getPortOfServerSocket(server_sock)
318        sock_a, sock_b = sutils.open_connect_socket(
319            dut_a, dut_b, ip_a, ip_b, 0, port, server_sock)
320
321        # create crypt and auth keys
322        cl, auth_algo, al, trunc_bits = random.choice(self.crypt_auth_combos)
323        crypt_key = iutils.make_key(cl)
324        auth_key = iutils.make_key(al)
325        crypt_algo = cconst.CRYPT_AES_CBC
326
327        # allocate SPIs
328        spi_keys_a = iutils.allocate_spis(dut_a, ip_a, ip_b)
329        in_spi = dut_a.droid.ipSecGetSecurityParameterIndex(spi_keys_a[0])
330        out_spi = dut_a.droid.ipSecGetSecurityParameterIndex(spi_keys_a[1])
331        spi_keys_b = iutils.allocate_spis(dut_b, ip_b, ip_a, out_spi, in_spi)
332
333        # open udp encap sockets
334        udp_encap_a = None
335        udp_encap_b = None
336        if udp_encap:
337            udp_encap_a = dut_a.droid.ipSecOpenUdpEncapsulationSocket(
338                udp_encap_port)
339            udp_encap_b = dut_b.droid.ipSecOpenUdpEncapsulationSocket(
340                udp_encap_port)
341        self.log.info("UDP Encap: %s" % udp_encap_a)
342        self.log.info("UDP Encap: %s" % udp_encap_b)
343
344        # create transforms
345        transforms_a = iutils.create_transport_mode_transforms(
346            dut_a, spi_keys_a, ip_a, ip_b, crypt_algo, crypt_key, auth_algo,
347            auth_key, trunc_bits, udp_encap_a)
348        transforms_b = iutils.create_transport_mode_transforms(
349            dut_b, spi_keys_b, ip_b, ip_a, crypt_algo, crypt_key, auth_algo,
350            auth_key, trunc_bits, udp_encap_b)
351
352        # apply transform to sockets
353        iutils.apply_transport_mode_transforms_socket(dut_a, sock_a, transforms_a)
354        iutils.apply_transport_mode_transforms_socket(dut_b, sock_b, transforms_b)
355
356        # send message from one dut to another
357        sutils.send_recv_data_sockets(dut_a, dut_b, sock_a, sock_b)
358
359        # verify esp packets
360        iutils.verify_esp_packets([dut_a, dut_b])
361
362        # remove transforms from socket
363        iutils.remove_transport_mode_transforms_socket(dut_a, sock_a)
364        iutils.remove_transport_mode_transforms_socket(dut_b, sock_b)
365
366        # destroy transforms
367        iutils.destroy_transport_mode_transforms(dut_a, transforms_a)
368        iutils.destroy_transport_mode_transforms(dut_b, transforms_b)
369
370        # close udp encap sockets
371        if udp_encap:
372            dut_a.droid.ipSecCloseUdpEncapsulationSocket(udp_encap_a)
373            dut_b.droid.ipSecCloseUdpEncapsulationSocket(udp_encap_b)
374
375        # release SPIs
376        iutils.release_spis(dut_a, spi_keys_a)
377        iutils.release_spis(dut_b, spi_keys_b)
378
379        # send message from one dut to another
380        sutils.send_recv_data_sockets(dut_a, dut_b, sock_a, sock_b)
381
382        # close sockets
383        sutils.close_socket(dut_a, sock_a)
384        sutils.close_socket(dut_b, sock_b)
385        sutils.close_server_socket(dut_b, server_sock)
386
387    """ Helper functions end """
388
389    """ Tests begin """
390
391    @test_tracker_info(uuid="877577e2-94e8-46d3-8fee-330327adba1e")
392    def test_spi_allocate_release_requested_spi_ipv4(self):
393        """
394        Steps:
395          1. Request SPI for IPv4 dest addr
396          2. SPI should be generated with the requested value
397          3. Close SPI
398        """
399        self._test_spi_allocate_release_req_spi(self.dut_a, self.ipv4_dut_b)
400        self._test_spi_allocate_release_req_spi(self.dut_b, self.ipv4_dut_a)
401
402    @test_tracker_info(uuid="0be4c204-0e63-43fd-a7ff-8647eef21066")
403    def test_spi_allocate_release_requested_spi_ipv6(self):
404        """
405        Steps:
406          1. Request SPI for IPv6 dest addr
407          2. SPI should be generated with the requested value
408          3. Close SPI
409        """
410        self._test_spi_allocate_release_req_spi(self.dut_a, self.ipv6_dut_b)
411        self._test_spi_allocate_release_req_spi(self.dut_b, self.ipv6_dut_a)
412
413    @test_tracker_info(uuid="75eea49c-5621-4410-839f-f6e7bdd792a0")
414    def test_spi_allocate_release_random_spi_ipv4(self):
415        """
416        Steps:
417          1. Request SPI for IPv4 dest addr
418          2. A random SPI should be generated
419          3. Close SPI
420        """
421        self._test_spi_allocate_release_random_spi(self.dut_a, self.ipv4_dut_b)
422        self._test_spi_allocate_release_random_spi(self.dut_b, self.ipv4_dut_a)
423
424    @test_tracker_info(uuid="afad9e48-5573-4b3f-8dfd-c7a77eda4e1e")
425    def test_spi_allocate_release_random_spi_ipv6(self):
426        """
427        Steps:
428          1. Request SPI for IPv6 dest addr
429          2. A random SPI should be generated
430          3. Close SPI
431        """
432        self._test_spi_allocate_release_random_spi(self.dut_a, self.ipv6_dut_b)
433        self._test_spi_allocate_release_random_spi(self.dut_b, self.ipv6_dut_a)
434
435    @test_tracker_info(uuid="97817f4d-159a-4692-93f7-a38b162a565e")
436    def test_allocate_release_multiple_random_spis_ipv4(self):
437        """
438        Steps:
439          1. Request 10 SPIs at a time
440          2. After 8, the remaining should return 0
441        """
442        res = True
443        spi_key_list = []
444        spi_list = []
445        for i in range(10):
446            spi_key = self.dut_a.droid.ipSecAllocateSecurityParameterIndex(
447                self.ipv4_dut_a)
448            spi_key_list.append(spi_key)
449            spi = self.dut_a.droid.ipSecGetSecurityParameterIndex(spi_key)
450            spi_list.append(spi)
451        if spi_list.count(0) > 2:
452            self.log.error("Valid SPIs is less than 8: %s" % spi_list)
453            res = False
454
455        spi_list = []
456        for key in spi_key_list:
457            self.dut_a.droid.ipSecReleaseSecurityParameterIndex(key)
458            spi = self.dut_a.droid.ipSecGetSecurityParameterIndex(key)
459            spi_list.append(spi)
460        if spi_list.count(0) != 10:
461            self.log.error("Could not release all SPIs")
462            res = False
463
464        return res
465
466    @test_tracker_info(uuid="efb22e2a-1c2f-43fc-85fa-5d9a5b8e2705")
467    def test_spi_allocate_release_requested_spi_ipv4_stress(self):
468        """
469        Steps:
470          1. Request and release requested SPIs for IPv4
471        """
472        for i in range(15):
473            self._test_spi_allocate_release_req_spi(self.dut_a, self.ipv4_dut_b)
474            self._test_spi_allocate_release_req_spi(self.dut_b, self.ipv4_dut_a)
475
476    @test_tracker_info(uuid="589749b7-3e6c-4a19-8404-d4a725d63dfd")
477    def test_spi_allocate_release_requested_spi_ipv6_stress(self):
478        """
479        Steps:
480          1. Request and release requested SPIs for IPv6
481        """
482        for i in range(15):
483            self._test_spi_allocate_release_req_spi(self.dut_a, self.ipv6_dut_b)
484            self._test_spi_allocate_release_req_spi(self.dut_b, self.ipv6_dut_a)
485
486    @test_tracker_info(uuid="4a48130a-3f69-4390-a587-20848dee4777")
487    def test_spi_allocate_release_random_spi_ipv4_stress(self):
488        """
489        Steps:
490          1. Request and release random SPIs for IPv4
491        """
492        for i in range(15):
493            self._test_spi_allocate_release_random_spi(
494                self.dut_a, self.ipv4_dut_b)
495            self._test_spi_allocate_release_random_spi(
496                self.dut_b, self.ipv4_dut_a)
497
498    @test_tracker_info(uuid="b56f6b65-cd71-4462-a739-e29d60e90ae8")
499    def test_spi_allocate_release_random_spi_ipv6_stress(self):
500        """
501        Steps:
502          1. Request and release random SPIs for IPv6
503        """
504        for i in range(15):
505            self._test_spi_allocate_release_random_spi(
506                self.dut_a, self.ipv6_dut_b)
507            self._test_spi_allocate_release_random_spi(
508                self.dut_b, self.ipv6_dut_a)
509
510    """ android.system.Os sockets """
511
512    @test_tracker_info(uuid="65c9ab9a-1128-4ba0-a1a1-a9feb99ce712")
513    def test_transport_mode_udp_ipv4_file_descriptors_no_nat_no_encap(self):
514        """
515        Steps:
516          1. Encrypt a android.system.Os IPv4 UDP socket with transport mode
517             transform with UDP encap on a non-NAT network
518          2. Verify encyption and decryption of packets
519          3. Remove transform and verify that packets are unencrypted
520        """
521        self._test_transport_mode_transform_file_descriptors(cconst.AF_INET,
522                                                             cconst.SOCK_DGRAM)
523
524    @test_tracker_info(uuid="66956266-f18b-490c-b859-08530c6745c9")
525    def test_transport_mode_udp_ipv4_file_descriptors_no_nat_with_encap(self):
526        """
527        Steps:
528          1. Encrypt a android.system.Os IPv4 UDP socket with transport mode
529             transform with UDP encap on a non-NAT network
530          2. Verify encyption and decryption of packets
531          3. Remove transform and verify that packets are unencrypted
532        """
533        self._test_transport_mode_transform_file_descriptors(cconst.AF_INET,
534                                                             cconst.SOCK_DGRAM,
535                                                             True)
536
537    @test_tracker_info(uuid="467a1e7b-e508-439f-be24-a213bec4a9f0")
538    def test_transport_mode_tcp_ipv4_file_descriptors_no_nat_no_encap(self):
539        """
540        Steps:
541          1. Encrypt a android.system.Os IPv4 TCP socket with transport mode
542             transform without UDP encap on a non-NAT network
543          2. Verify encyption and decryption of packets
544          3. Remove transform and verify that packets are unencrypted
545        """
546        self._test_transport_mode_transform_file_descriptors(cconst.AF_INET,
547                                                             cconst.SOCK_STREAM)
548
549    @test_tracker_info(uuid="877a9516-2b1c-4b52-8931-3a9a55d57875")
550    def test_transport_mode_tcp_ipv4_file_descriptors_no_nat_with_encap(self):
551        """
552        Steps:
553          1. Encrypt a android.system.Os IPv4 TCP socket with transport mode
554             transform with UDP encap on a non-NAT network
555          2. Verify encyption and decryption of packets
556          3. Remove transform and verify that packets are unencrypted
557        """
558        self._test_transport_mode_transform_file_descriptors(cconst.AF_INET,
559                                                             cconst.SOCK_STREAM,
560                                                             True)
561
562    @test_tracker_info(uuid="a2dd8dc7-99c8-4420-b586-b4cd68f4197e")
563    def test_transport_mode_udp_ipv6_file_descriptors(self):
564        """ Verify transport mode transform on android.Os datagram sockets ipv4
565
566        Steps:
567          1. Encrypt a android.system.Os IPv6 UDP socket with transport mode
568             transform
569          2. Verify that packets are encrypted and decrypted at the other end
570          3. Remove tranform and verify that unencrypted packets are sent
571        """
572        self._test_transport_mode_transform_file_descriptors(cconst.AF_INET6,
573                                                             cconst.SOCK_DGRAM)
574
575    @test_tracker_info(uuid="7bc49d79-ffa8-4946-a25f-11daed4061cc")
576    def test_transport_mode_tcp_ipv6_file_descriptors(self):
577        """ Verify transport mode on android.system.Os stream sockets ipv6
578
579        Steps:
580          1. Encrypt a android.system.Os IPv6 TCP socket with transport mode
581             transform
582          2. Verify that packets are encrypted and decrypted at the other end
583          3. Remove tranform and verify that unencrypted packets are sent
584        """
585        self._test_transport_mode_transform_file_descriptors(cconst.AF_INET6,
586                                                             cconst.SOCK_STREAM)
587
588    """ Datagram socket tests """
589
590    @test_tracker_info(uuid="7ff29fc9-41fd-44f4-81e9-ce8c3afd9304")
591    def test_transport_mode_udp_ipv4_datagram_sockets_no_nat_no_encap(self):
592        """ Verify transport mode transform on datagram sockets ipv6 - UDP
593
594        Steps:
595          1. Encypt a DatagramSocket IPv6 socket with transport mode transform
596             without UDP encap on a non-NAT network
597          2. Verify that packets are encrypted and decrypted at the other end
598          3. Remove tranform and verify that unencrypted packets are sent
599        """
600        self._test_transport_mode_transform_datagram_sockets(cconst.AF_INET)
601
602    @test_tracker_info(uuid="552af945-a23a-49f2-9ceb-b0d1e7c1d50b")
603    def test_transport_mode_udp_ipv4_datagram_sockets_no_nat_with_encap(self):
604        """ Verify transport mode transform on datagram sockets ipv6 - UDP
605
606        Steps:
607          1. Encypt a DatagramSocket IPv6 socket with transport mode transform
608             with UDP encap on a non-NAT network
609          2. Verify that packets are encrypted and decrypted at the other end
610          3. Remove tranform and verify that unencrypted packets are sent
611        """
612        self._test_transport_mode_transform_datagram_sockets(cconst.AF_INET, True)
613
614    @test_tracker_info(uuid="dd3a08c4-d393-46c4-b550-bc551ceb15f7")
615    def test_transport_mode_udp_ipv6_datagram_sockets(self):
616        """ Verify transport mode transform on datagram sockets ipv6 - UDP
617
618        Steps:
619          1. Encypt a DatagramSocket IPv6 socket with transport mode transform
620          2. Verify that packets are encrypted and decrypted at the other end
621          3. Remove tranform and verify that unencrypted packets are sent
622        """
623        self._test_transport_mode_transform_datagram_sockets(cconst.AF_INET6)
624
625    """ Socket & server socket tests """
626
627    @test_tracker_info(uuid="f851b5da-790a-45c6-8968-1a347ef30cf2")
628    def test_transport_mode_tcp_ipv4_sockets_no_nat_no_encap(self):
629        """ Verify transport mode transform on sockets ipv4 - TCP
630
631        Steps:
632          1. Encypt a Socket IPv4 socket with transport mode transform without
633             UDP encap on a non-NAT network
634          2. Verify that packets are encrypted and decrypted at the other end
635          3. Remove tranform and verify that unencrypted packets are sent
636        """
637        self._test_transport_mode_transform_sockets(cconst.AF_INET)
638
639    @test_tracker_info(uuid="11982874-8625-40c1-aae5-8327217bb3c4")
640    def test_transport_mode_tcp_ipv4_sockets_no_nat_with_encap(self):
641        """ Verify transport mode transform on sockets ipv4 - TCP
642
643        Steps:
644          1. Encypt a Socket IPv4 socket with transport mode transform with
645             UDP encap on a non-NAT network
646          2. Verify that packets are encrypted and decrypted at the other end
647          3. Remove tranform and verify that unencrypted packets are sent
648        """
649        self._test_transport_mode_transform_sockets(cconst.AF_INET, True)
650
651    @test_tracker_info(uuid="ba8f98c7-2123-4082-935f-a5fd5e6fb461")
652    def test_transport_mode_tcp_ipv6_sockets(self):
653        """ Verify transport mode transform on sockets ipv6 - TCP
654
655        Steps:
656          1. Encypt a Socket IPv6 socket with transport mode transform
657          2. Verify that packets are encrypted and decrypted at the other end
658          3. Remove tranform and verify that unencrypted packets are sent
659        """
660        self._test_transport_mode_transform_sockets(cconst.AF_INET6)
661
662    """ Tests end """
663