LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge changes from topic "encap-api" into pi-dev

Browse Source 
* changes:
  Require explicitly supplied truncation length
  Clarify UDP encapsulation socket API
This commit is contained in:
Benedict Wong
2018-03-30 20:28:19 +00:00
committed by Android (Google) Code Review
parent 66fcefd311 ad2615cae5
commit cafd11d598
3 changed files with 20 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
core/java/android/net/IpSecAlgorithm.java
View File

@@ -56,7 +56,8 @@ public final class IpSecAlgorithm implements Parcelable {
* new applications and is provided for legacy compatibility with 3gpp infrastructure.</b> * new applications and is provided for legacy compatibility with 3gpp infrastructure.</b>
* *
* <p>Keys for this algorithm must be 128 bits in length. * <p>Keys for this algorithm must be 128 bits in length.
* <p>Valid truncation lengths are multiples of 8 bits from 96 to (default) 128. *
* <p>Valid truncation lengths are multiples of 8 bits from 96 to 128.
*/ */
public static final String AUTH_HMAC_MD5 = "hmac(md5)"; public static final String AUTH_HMAC_MD5 = "hmac(md5)";
@@ -65,7 +66,8 @@ public final class IpSecAlgorithm implements Parcelable {
* new applications and is provided for legacy compatibility with 3gpp infrastructure.</b> * new applications and is provided for legacy compatibility with 3gpp infrastructure.</b>
* *
* <p>Keys for this algorithm must be 160 bits in length. * <p>Keys for this algorithm must be 160 bits in length.
* <p>Valid truncation lengths are multiples of 8 bits from 96 to (default) 160. *
* <p>Valid truncation lengths are multiples of 8 bits from 96 to 160.
*/ */
public static final String AUTH_HMAC_SHA1 = "hmac(sha1)"; public static final String AUTH_HMAC_SHA1 = "hmac(sha1)";
@@ -73,7 +75,8 @@ public final class IpSecAlgorithm implements Parcelable {
* SHA256 HMAC Authentication/Integrity Algorithm. * SHA256 HMAC Authentication/Integrity Algorithm.
* *
* <p>Keys for this algorithm must be 256 bits in length. * <p>Keys for this algorithm must be 256 bits in length.
* <p>Valid truncation lengths are multiples of 8 bits from 96 to (default) 256. *
* <p>Valid truncation lengths are multiples of 8 bits from 96 to 256.
*/ */
public static final String AUTH_HMAC_SHA256 = "hmac(sha256)"; public static final String AUTH_HMAC_SHA256 = "hmac(sha256)";
@@ -81,7 +84,8 @@ public final class IpSecAlgorithm implements Parcelable {
* SHA384 HMAC Authentication/Integrity Algorithm. * SHA384 HMAC Authentication/Integrity Algorithm.
* *
* <p>Keys for this algorithm must be 384 bits in length. * <p>Keys for this algorithm must be 384 bits in length.
* <p>Valid truncation lengths are multiples of 8 bits from 192 to (default) 384. *
* <p>Valid truncation lengths are multiples of 8 bits from 192 to 384.
*/ */
public static final String AUTH_HMAC_SHA384 = "hmac(sha384)"; public static final String AUTH_HMAC_SHA384 = "hmac(sha384)";
@@ -89,7 +93,8 @@ public final class IpSecAlgorithm implements Parcelable {
* SHA512 HMAC Authentication/Integrity Algorithm. * SHA512 HMAC Authentication/Integrity Algorithm.
* *
* <p>Keys for this algorithm must be 512 bits in length. * <p>Keys for this algorithm must be 512 bits in length.
* <p>Valid truncation lengths are multiples of 8 bits from 256 to (default) 512. *
* <p>Valid truncation lengths are multiples of 8 bits from 256 to 512.
*/ */
public static final String AUTH_HMAC_SHA512 = "hmac(sha512)"; public static final String AUTH_HMAC_SHA512 = "hmac(sha512)";
@@ -112,6 +117,7 @@ public final class IpSecAlgorithm implements Parcelable {
AUTH_HMAC_MD5, AUTH_HMAC_MD5,
AUTH_HMAC_SHA1, AUTH_HMAC_SHA1,
AUTH_HMAC_SHA256, AUTH_HMAC_SHA256,
AUTH_HMAC_SHA384,
AUTH_HMAC_SHA512, AUTH_HMAC_SHA512,
AUTH_CRYPT_AES_GCM AUTH_CRYPT_AES_GCM
}) })
@@ -126,11 +132,14 @@ public final class IpSecAlgorithm implements Parcelable {
* Creates an IpSecAlgorithm of one of the supported types. Supported algorithm names are * Creates an IpSecAlgorithm of one of the supported types. Supported algorithm names are
* defined as constants in this class. * defined as constants in this class.
* *
* <p>For algorithms that produce an integrity check value, the truncation length is a required
* parameter. See {@link #IpSecAlgorithm(String algorithm, byte[] key, int truncLenBits)}
*
* @param algorithm name of the algorithm. * @param algorithm name of the algorithm.
* @param key key padded to a multiple of 8 bits. * @param key key padded to a multiple of 8 bits.
*/ */
public IpSecAlgorithm(@NonNull @AlgorithmName String algorithm, @NonNull byte[] key) { public IpSecAlgorithm(@NonNull @AlgorithmName String algorithm, @NonNull byte[] key) {
this(algorithm, key, key.length * 8); this(algorithm, key, 0);
} }
/** /**
@@ -228,6 +237,7 @@ public final class IpSecAlgorithm implements Parcelable {
case AUTH_CRYPT_AES_GCM: case AUTH_CRYPT_AES_GCM:
// The keying material for GCM is a key plus a 32-bit salt // The keying material for GCM is a key plus a 32-bit salt
isValidLen = keyLen == 128 + 32 || keyLen == 192 + 32 || keyLen == 256 + 32; isValidLen = keyLen == 128 + 32 || keyLen == 192 + 32 || keyLen == 256 + 32;
isValidTruncLen = truncLen == 64 || truncLen == 96 || truncLen == 128;
break; break;
default: default:
throw new IllegalArgumentException("Couldn't find an algorithm: " + name); throw new IllegalArgumentException("Couldn't find an algorithm: " + name);

6
core/java/android/net/IpSecManager.java
View File

@@ -502,7 +502,7 @@ public final class IpSecManager {
* signalling and UDP encapsulated IPsec traffic. Instances can be obtained by calling {@link * signalling and UDP encapsulated IPsec traffic. Instances can be obtained by calling {@link
* IpSecManager#openUdpEncapsulationSocket}. The provided socket cannot be re-bound by the * IpSecManager#openUdpEncapsulationSocket}. The provided socket cannot be re-bound by the
* caller. The caller should not close the {@code FileDescriptor} returned by {@link * caller. The caller should not close the {@code FileDescriptor} returned by {@link
* #getSocket}, but should use {@link #close} instead. * #getFileDescriptor}, but should use {@link #close} instead.
* *
* <p>Allowing the user to close or unbind a UDP encapsulation socket could impact the traffic * <p>Allowing the user to close or unbind a UDP encapsulation socket could impact the traffic
* of the next user who binds to that port. To prevent this scenario, these sockets are held * of the next user who binds to that port. To prevent this scenario, these sockets are held
@@ -541,8 +541,8 @@ public final class IpSecManager {
mCloseGuard.open("constructor"); mCloseGuard.open("constructor");
} }
/** Get the wrapped socket. */ /** Get the encapsulation socket's file descriptor. */
public FileDescriptor getSocket() { public FileDescriptor getFileDescriptor() {
if (mPfd == null) { if (mPfd == null) {
return null; return null;
} }

2
services/core/java/com/android/server/IpSecService.java
View File

@@ -931,7 +931,7 @@ public class IpSecService extends IIpSecService.Stub {
return mPort; return mPort;
} }
public FileDescriptor getSocket() { public FileDescriptor getFileDescriptor() {
return mSocket; return mSocket;
} }