LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add support for auth-only transforms

Browse Source 
Kernel limitations prevent auth-only SAs from being created. Explicitly
request a null encryption algorithm instead of omitting the algorithm
to comply with the kernel requirement for ESP.

Bug: 75049573
Test: CTS tests for auth-only, crypt-only transforms added for all
combinations of (UDP, TCP, IPv4, IPv6, UDP-encap) Also added unit
tests to ensure correct triggering of NULL_CRYPT usage.
Change-Id: Ia9a5cfee9c7786412846bc039f326420f6211c08
This commit is contained in:
Benedict Wong
2018-03-15 19:41:41 -07:00
committed by Nathan Harold
parent 41737af07d
commit 2ba4a65fe0
2 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
core/java/android/net/IpSecAlgorithm.java
View File

@@ -37,6 +37,13 @@ import java.util.Arrays;
public final class IpSecAlgorithm implements Parcelable { public final class IpSecAlgorithm implements Parcelable {
private static final String TAG = "IpSecAlgorithm"; private static final String TAG = "IpSecAlgorithm";
/**
* Null cipher.
*
* @hide
*/
public static final String CRYPT_NULL = "ecb(cipher_null)";
/** /**
* AES-CBC Encryption/Ciphering Algorithm. * AES-CBC Encryption/Ciphering Algorithm.
* *

9
services/core/java/com/android/server/IpSecService.java
View File

@@ -1467,6 +1467,13 @@ public class IpSecService extends IIpSecService.Stub {
IpSecAlgorithm crypt = c.getEncryption(); IpSecAlgorithm crypt = c.getEncryption();
IpSecAlgorithm authCrypt = c.getAuthenticatedEncryption(); IpSecAlgorithm authCrypt = c.getAuthenticatedEncryption();
String cryptName;
if (crypt == null) {
cryptName = (authCrypt == null) ? IpSecAlgorithm.CRYPT_NULL : "";
} else {
cryptName = crypt.getName();
}
mSrvConfig mSrvConfig
.getNetdInstance() .getNetdInstance()
.ipSecAddSecurityAssociation( .ipSecAddSecurityAssociation(
@@ -1481,7 +1488,7 @@ public class IpSecService extends IIpSecService.Stub {
(auth != null) ? auth.getName() : "", (auth != null) ? auth.getName() : "",
(auth != null) ? auth.getKey() : new byte[] {}, (auth != null) ? auth.getKey() : new byte[] {},
(auth != null) ? auth.getTruncationLengthBits() : 0, (auth != null) ? auth.getTruncationLengthBits() : 0,
(crypt != null) ? crypt.getName() : "", cryptName,
(crypt != null) ? crypt.getKey() : new byte[] {}, (crypt != null) ? crypt.getKey() : new byte[] {},
(crypt != null) ? crypt.getTruncationLengthBits() : 0, (crypt != null) ? crypt.getTruncationLengthBits() : 0,
(authCrypt != null) ? authCrypt.getName() : "", (authCrypt != null) ? authCrypt.getName() : "",