1 # 2 # Copyright 2016 - The Android Open Source Project 3 # 4 # Licensed under the Apache License, Version 2.0 (the "License"); 5 # you may not use this file except in compliance with the License. 6 # You may obtain a copy of the License at 7 # 8 # http://www.apache.org/licenses/LICENSE-2.0 9 # 10 # Unless required by applicable law or agreed to in writing, software 11 # distributed under the License is distributed on an "AS IS" BASIS, 12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 # See the License for the specific language governing permissions and 14 # limitations under the License. 15 16 import logging 17 import os 18 import pprint 19 import re 20 import time 21 import urllib.request 22 23 from acts import asserts 24 from acts import base_test 25 from acts import test_runner 26 from acts.controllers import adb 27 from acts.test_decorators import test_tracker_info 28 from acts.test_utils.wifi import wifi_test_utils 29 from acts.test_utils.net import connectivity_const 30 31 VPN_CONST = connectivity_const.VpnProfile 32 VPN_TYPE = connectivity_const.VpnProfileType 33 VPN_PARAMS = connectivity_const.VpnReqParams 34 35 36 class LegacyVpnTest(base_test.BaseTestClass): 37 """ Tests for Legacy VPN in Android 38 39 Testbed requirement: 40 1. One Android device 41 2. A Wi-Fi network that can reach the VPN servers 42 """ 43 44 def setup_class(self): 45 """ Setup wi-fi connection and unpack params 46 """ 47 self.dut = self.android_devices[0] 48 required_params = dir(VPN_PARAMS) 49 required_params = [x for x in required_params if not x.startswith('__')] 50 self.unpack_userparams(required_params) 51 wifi_test_utils.wifi_test_device_init(self.dut) 52 wifi_test_utils.wifi_connect(self.dut, self.wifi_network) 53 time.sleep(3) 54 55 def teardown_class(self): 56 """ Reset wifi to make sure VPN tears down cleanly 57 """ 58 wifi_test_utils.reset_wifi(self.dut) 59 60 def on_fail(self, test_name, begin_time): 61 self.dut.take_bug_report(test_name, begin_time) 62 63 def download_load_certs(self, vpn_type, vpn_server_addr, ipsec_server_type): 64 """ Download the certificates from VPN server and push to sdcard of DUT 65 66 Args: 67 VPN type name 68 69 Returns: 70 Client cert file name on DUT's sdcard 71 """ 72 url = "http://%s%s%s" % (vpn_server_addr, 73 self.cert_path_vpnserver, 74 self.client_pkcs_file_name) 75 local_cert_name = "%s_%s_%s" % (vpn_type.name, 76 ipsec_server_type, 77 self.client_pkcs_file_name) 78 local_file_path = os.path.join(self.log_path, local_cert_name) 79 try: 80 ret = urllib.request.urlopen(url) 81 with open(local_file_path, "wb") as f: 82 f.write(ret.read()) 83 except: 84 asserts.fail("Unable to download certificate from the server") 85 f.close() 86 self.dut.adb.push("%s sdcard/" % local_file_path) 87 return local_cert_name 88 89 def generate_legacy_vpn_profile(self, vpn_type, vpn_server_addr, ipsec_server_type): 90 """ Generate legacy VPN profile for a VPN 91 92 Args: 93 VpnProfileType 94 """ 95 vpn_profile = {VPN_CONST.USER: self.vpn_username, 96 VPN_CONST.PWD: self.vpn_password, 97 VPN_CONST.TYPE: vpn_type.value, 98 VPN_CONST.SERVER: vpn_server_addr,} 99 vpn_profile[VPN_CONST.NAME] = "test_%s_%s" % (vpn_type.name,ipsec_server_type) 100 if vpn_type.name == "PPTP": 101 vpn_profile[VPN_CONST.NAME] = "test_%s" % vpn_type.name 102 psk_set = set(["L2TP_IPSEC_PSK", "IPSEC_XAUTH_PSK"]) 103 rsa_set = set(["L2TP_IPSEC_RSA", "IPSEC_XAUTH_RSA", "IPSEC_HYBRID_RSA"]) 104 if vpn_type.name in psk_set: 105 vpn_profile[VPN_CONST.IPSEC_SECRET] = self.psk_secret 106 elif vpn_type.name in rsa_set: 107 cert_name = self.download_load_certs(vpn_type, 108 vpn_server_addr, 109 ipsec_server_type) 110 vpn_profile[VPN_CONST.IPSEC_USER_CERT] = cert_name.split('.')[0] 111 vpn_profile[VPN_CONST.IPSEC_CA_CERT] = cert_name.split('.')[0] 112 self.dut.droid.installCertificate(vpn_profile,cert_name,self.cert_password) 113 else: 114 vpn_profile[VPN_CONST.MPPE] = self.pptp_mppe 115 return vpn_profile 116 117 def verify_ping_to_vpn_ip(self, connected_vpn_info): 118 """ Verify if IP behind VPN server is pingable 119 Ping should pass, if VPN is connected 120 Ping should fail, if VPN is disconnected 121 122 Args: 123 connected_vpn_info which specifies the VPN connection status 124 """ 125 ping_result = None 126 pkt_loss = "100% packet loss" 127 try: 128 ping_result = self.dut.adb.shell("ping -c 3 -W 2 %s" 129 % self.vpn_verify_address) 130 except adb.AdbError: 131 pass 132 return ping_result and pkt_loss not in ping_result 133 134 def legacy_vpn_connection_test_logic(self, vpn_profile): 135 """ Test logic for each legacy VPN connection 136 137 Steps: 138 1. Generate profile for the VPN type 139 2. Establish connection to the server 140 3. Verify that connection is established using LegacyVpnInfo 141 4. Verify the connection by pinging the IP behind VPN 142 5. Stop the VPN connection 143 6. Check the connection status 144 7. Verify that ping to IP behind VPN fails 145 146 Args: 147 VpnProfileType (1 of the 6 types supported by Android) 148 """ 149 # Wait for sometime so that VPN server flushes all interfaces and 150 # connections after graceful termination 151 time.sleep(10) 152 self.dut.adb.shell("ip xfrm state flush") 153 logging.info("Connecting to: %s", vpn_profile) 154 self.dut.droid.vpnStartLegacyVpn(vpn_profile) 155 time.sleep(connectivity_const.VPN_TIMEOUT) 156 connected_vpn_info = self.dut.droid.vpnGetLegacyVpnInfo() 157 asserts.assert_equal(connected_vpn_info["state"], 158 connectivity_const.VPN_STATE_CONNECTED, 159 "Unable to establish VPN connection for %s" 160 % vpn_profile) 161 ping_result = self.verify_ping_to_vpn_ip(connected_vpn_info) 162 ip_xfrm_state = self.dut.adb.shell("ip xfrm state") 163 match_obj = re.search(r'hmac(.*)', "%s" % ip_xfrm_state) 164 if match_obj: 165 ip_xfrm_state = format(match_obj.group(0)).split() 166 self.log.info("HMAC for ESP is %s " % ip_xfrm_state[0]) 167 self.dut.droid.vpnStopLegacyVpn() 168 asserts.assert_true(ping_result, 169 "Ping to the internal IP failed. " 170 "Expected to pass as VPN is connected") 171 connected_vpn_info = self.dut.droid.vpnGetLegacyVpnInfo() 172 asserts.assert_true(not connected_vpn_info, 173 "Unable to terminate VPN connection for %s" 174 % vpn_profile) 175 176 """ Test Cases """ 177 @test_tracker_info(uuid="d2ac5a65-41fb-48de-a0a9-37e589b5456b") 178 def test_legacy_vpn_pptp(self): 179 """ Verify PPTP VPN connection """ 180 vpn = VPN_TYPE.PPTP 181 vpn_profile = self.generate_legacy_vpn_profile( 182 vpn, self.vpn_server_addresses[vpn.name][0], 183 self.ipsec_server_type[2]) 184 self.legacy_vpn_connection_test_logic(vpn_profile) 185 186 @test_tracker_info(uuid="99af78dd-40b8-483a-8344-cd8f67594971") 187 def legacy_vpn_l2tp_ipsec_psk_libreswan(self): 188 """ Verify L2TP IPSec PSK VPN connection to 189 libreSwan server 190 """ 191 vpn = VPN_TYPE.L2TP_IPSEC_PSK 192 vpn_profile = self.generate_legacy_vpn_profile( 193 vpn, self.vpn_server_addresses[vpn.name][2], 194 self.ipsec_server_type[2]) 195 self.legacy_vpn_connection_test_logic(vpn_profile) 196 197 @test_tracker_info(uuid="e67d8c38-92c3-4167-8b6c-a49ef939adce") 198 def legacy_vpn_l2tp_ipsec_rsa_libreswan(self): 199 """ Verify L2TP IPSec RSA VPN connection to 200 libreSwan server 201 """ 202 vpn = VPN_TYPE.L2TP_IPSEC_RSA 203 vpn_profile = self.generate_legacy_vpn_profile( 204 vpn, self.vpn_server_addresses[vpn.name][2], 205 self.ipsec_server_type[2]) 206 self.legacy_vpn_connection_test_logic(vpn_profile) 207 208 @test_tracker_info(uuid="8b3517dc-6a3b-44c2-a85d-bd7b969df3cf") 209 def legacy_vpn_ipsec_xauth_psk_libreswan(self): 210 """ Verify IPSec XAUTH PSK VPN connection to 211 libreSwan server 212 """ 213 vpn = VPN_TYPE.IPSEC_XAUTH_PSK 214 vpn_profile = self.generate_legacy_vpn_profile( 215 vpn, self.vpn_server_addresses[vpn.name][2], 216 self.ipsec_server_type[2]) 217 self.legacy_vpn_connection_test_logic(vpn_profile) 218 219 @test_tracker_info(uuid="abac663d-1d91-4b87-8e94-11c6e44fb07b") 220 def legacy_vpn_ipsec_xauth_rsa_libreswan(self): 221 """ Verify IPSec XAUTH RSA VPN connection to 222 libreSwan server 223 """ 224 vpn = VPN_TYPE.IPSEC_XAUTH_RSA 225 vpn_profile = self.generate_legacy_vpn_profile( 226 vpn, self.vpn_server_addresses[vpn.name][2], 227 self.ipsec_server_type[2]) 228 self.legacy_vpn_connection_test_logic(vpn_profile) 229 230 @test_tracker_info(uuid="84140d24-53c0-4f6c-866f-9d66e04442cc") 231 def test_legacy_vpn_l2tp_ipsec_psk_openswan(self): 232 """ Verify L2TP IPSec PSK VPN connection to 233 openSwan server 234 """ 235 vpn = VPN_TYPE.L2TP_IPSEC_PSK 236 vpn_profile = self.generate_legacy_vpn_profile( 237 vpn, self.vpn_server_addresses[vpn.name][1], 238 self.ipsec_server_type[1]) 239 self.legacy_vpn_connection_test_logic(vpn_profile) 240 241 @test_tracker_info(uuid="f7087592-7eed-465d-bfe3-ed7b6d9d5f9a") 242 def test_legacy_vpn_l2tp_ipsec_rsa_openswan(self): 243 """ Verify L2TP IPSec RSA VPN connection to 244 openSwan server 245 """ 246 vpn = VPN_TYPE.L2TP_IPSEC_RSA 247 vpn_profile = self.generate_legacy_vpn_profile( 248 vpn, self.vpn_server_addresses[vpn.name][1], 249 self.ipsec_server_type[1]) 250 self.legacy_vpn_connection_test_logic(vpn_profile) 251 252 @test_tracker_info(uuid="ed78973b-13ee-4dd4-b998-693ab741c6f8") 253 def test_legacy_vpn_ipsec_xauth_psk_openswan(self): 254 """ Verify IPSec XAUTH PSK VPN connection to 255 openSwan server 256 """ 257 vpn = VPN_TYPE.IPSEC_XAUTH_PSK 258 vpn_profile = self.generate_legacy_vpn_profile( 259 vpn, self.vpn_server_addresses[vpn.name][1], 260 self.ipsec_server_type[1]) 261 self.legacy_vpn_connection_test_logic(vpn_profile) 262 263 @test_tracker_info(uuid="cfd125c4-b64c-4c49-b8e4-fbf05a9be8ec") 264 def test_legacy_vpn_ipsec_xauth_rsa_openswan(self): 265 """ Verify IPSec XAUTH RSA VPN connection to 266 openSwan server 267 """ 268 vpn = VPN_TYPE.IPSEC_XAUTH_RSA 269 vpn_profile = self.generate_legacy_vpn_profile( 270 vpn, self.vpn_server_addresses[vpn.name][1], 271 self.ipsec_server_type[1]) 272 self.legacy_vpn_connection_test_logic(vpn_profile) 273 274 @test_tracker_info(uuid="419370de-0aa1-4a56-8c22-21567fa1cbb7") 275 def test_legacy_vpn_l2tp_ipsec_psk_strongswan(self): 276 """ Verify L2TP IPSec PSk VPN connection to 277 strongSwan server 278 """ 279 vpn = VPN_TYPE.L2TP_IPSEC_PSK 280 vpn_profile = self.generate_legacy_vpn_profile( 281 vpn, self.vpn_server_addresses[vpn.name][0], 282 self.ipsec_server_type[0]) 283 self.legacy_vpn_connection_test_logic(vpn_profile) 284 285 @test_tracker_info(uuid="f7694081-8bd6-4e31-86ec-d538c4ff1f2e") 286 def test_legacy_vpn_l2tp_ipsec_rsa_strongswan(self): 287 """ Verify L2TP IPSec RSA VPN connection to 288 strongSwan server 289 """ 290 vpn = VPN_TYPE.L2TP_IPSEC_RSA 291 vpn_profile = self.generate_legacy_vpn_profile( 292 vpn, self.vpn_server_addresses[vpn.name][0], 293 self.ipsec_server_type[0]) 294 self.legacy_vpn_connection_test_logic(vpn_profile) 295 296 @test_tracker_info(uuid="2f86eb98-1e05-42cb-b6a6-fd90789b6cde") 297 def test_legacy_vpn_ipsec_xauth_psk_strongswan(self): 298 """ Verify IPSec XAUTH PSK connection to 299 strongSwan server 300 """ 301 vpn = VPN_TYPE.IPSEC_XAUTH_PSK 302 vpn_profile = self.generate_legacy_vpn_profile( 303 vpn, self.vpn_server_addresses[vpn.name][0], 304 self.ipsec_server_type[0]) 305 self.legacy_vpn_connection_test_logic(vpn_profile) 306 307 @test_tracker_info(uuid="af0cd7b1-e86c-4327-91b4-e9062758f2cf") 308 def test_legacy_vpn_ipsec_xauth_rsa_strongswan(self): 309 """ Verify IPSec XAUTH RSA connection to 310 strongswan server 311 """ 312 vpn = VPN_TYPE.IPSEC_XAUTH_RSA 313 vpn_profile = self.generate_legacy_vpn_profile( 314 vpn, self.vpn_server_addresses[vpn.name][0], 315 self.ipsec_server_type[0]) 316 self.legacy_vpn_connection_test_logic(vpn_profile) 317 318 @test_tracker_info(uuid="7b970d0a-1c7d-4a5a-b406-4815e190ef26") 319 def test_legacy_vpn_ipsec_hybrid_rsa_strongswan(self): 320 """ Verify IPSec Hybrid RSA connection to 321 strongswan server 322 """ 323 vpn = VPN_TYPE.IPSEC_HYBRID_RSA 324 vpn_profile = self.generate_legacy_vpn_profile( 325 vpn, self.vpn_server_addresses[vpn.name][0], 326 self.ipsec_server_type[0]) 327 self.legacy_vpn_connection_test_logic(vpn_profile) 328