Add support for auth-only transforms
Kernel limitations prevent auth-only SAs from being created. Explicitly request a null encryption algorithm instead of omitting the algorithm to comply with the kernel requirement for ESP. Bug: 75049573 Test: CTS tests for auth-only, crypt-only transforms added for all combinations of (UDP, TCP, IPv4, IPv6, UDP-encap) Also added unit tests to ensure correct triggering of NULL_CRYPT usage. Change-Id: Ia9a5cfee9c7786412846bc039f326420f6211c08
This commit is contained in:
Benedict Wong
committed by
Nathan Harold
Nathan Harold
parent
41737af07d
commit
2ba4a65fe0
@@ -37,6 +37,13 @@ import java.util.Arrays;
|
||||
public final class IpSecAlgorithm implements Parcelable {
|
||||
private static final String TAG = "IpSecAlgorithm";
|
||||
|
||||
/**
|
||||
* Null cipher.
|
||||
*
|
||||
* @hide
|
||||
*/
|
||||
public static final String CRYPT_NULL = "ecb(cipher_null)";
|
||||
|
||||
/**
|
||||
* AES-CBC Encryption/Ciphering Algorithm.
|
||||
*
|
||||
|
||||
@@ -1467,6 +1467,13 @@ public class IpSecService extends IIpSecService.Stub {
|
||||
IpSecAlgorithm crypt = c.getEncryption();
|
||||
IpSecAlgorithm authCrypt = c.getAuthenticatedEncryption();
|
||||
|
||||
String cryptName;
|
||||
if (crypt == null) {
|
||||
cryptName = (authCrypt == null) ? IpSecAlgorithm.CRYPT_NULL : "";
|
||||
} else {
|
||||
cryptName = crypt.getName();
|
||||
}
|
||||
|
||||
mSrvConfig
|
||||
.getNetdInstance()
|
||||
.ipSecAddSecurityAssociation(
|
||||
@@ -1481,7 +1488,7 @@ public class IpSecService extends IIpSecService.Stub {
|
||||
(auth != null) ? auth.getName() : "",
|
||||
(auth != null) ? auth.getKey() : new byte[] {},
|
||||
(auth != null) ? auth.getTruncationLengthBits() : 0,
|
||||
(crypt != null) ? crypt.getName() : "",
|
||||
cryptName,
|
||||
(crypt != null) ? crypt.getKey() : new byte[] {},
|
||||
(crypt != null) ? crypt.getTruncationLengthBits() : 0,
|
||||
(authCrypt != null) ? authCrypt.getName() : "",
|
||||
|
||||
Reference in New Issue
Block a user