Gitiles
Code Review Sign In
review.blissroms.org / packages_modules_Connectivity / 778327e54816f742b2726bda2e6eff29bb0c92f9^! / .
commit778327e54816f742b2726bda2e6eff29bb0c92f9[log] [tgz]
authorBenedict Wong <benedictwong@google.com>Thu Mar 15 19:41:41 2018 -0700
committerBenedict Wong <benedictwong@google.com>Tue Mar 20 12:34:52 2018 -0700
treefa5cd570949f1e29c2d372ca5a1980132c5efb28
parente3536f066d52d2b1d0875a44257d6f2f92d65c5e [diff]
Add support for auth-only transforms

Kernel limitations prevent auth-only SAs from being created. Explicitly
request a null encryption algorithm instead of omitting the algorithm
to comply with the kernel requirement for ESP.

Bug: 75049573
Test: CTS tests for auth-only, crypt-only transforms added for all
combinations of (UDP, TCP, IPv4, IPv6, UDP-encap) Also added unit
tests to ensure correct triggering of NULL_CRYPT usage.
Merged-In: Ia9a5cfee9c7786412846bc039f326420f6211c08
Change-Id: Ia9a5cfee9c7786412846bc039f326420f6211c08
(cherry picked from commit bf013a3820c69348e034c6340b28e95f3441ebe8)

diff --git a/core/java/android/net/IpSecAlgorithm.java b/core/java/android/net/IpSecAlgorithm.java
index c69a4d4..f4b328e 100644
--- a/core/java/android/net/IpSecAlgorithm.java
+++ b/core/java/android/net/IpSecAlgorithm.java

@@ -38,6 +38,13 @@
     private static final String TAG = "IpSecAlgorithm";
 
     /**
+     * Null cipher.
+     *
+     * @hide
+     */
+    public static final String CRYPT_NULL = "ecb(cipher_null)";
+
+    /**
      * AES-CBC Encryption/Ciphering Algorithm.
      *
      * <p>Valid lengths for this key are {128, 192, 256}.

diff --git a/services/core/java/com/android/server/IpSecService.java b/services/core/java/com/android/server/IpSecService.java
index 45a4dfb..d3f1a7b 100644
--- a/services/core/java/com/android/server/IpSecService.java
+++ b/services/core/java/com/android/server/IpSecService.java

@@ -1467,6 +1467,13 @@
         IpSecAlgorithm crypt = c.getEncryption();
         IpSecAlgorithm authCrypt = c.getAuthenticatedEncryption();
 
+        String cryptName;
+        if (crypt == null) {
+            cryptName = (authCrypt == null) ? IpSecAlgorithm.CRYPT_NULL : "";
+        } else {
+            cryptName = crypt.getName();
+        }
+
         mSrvConfig
                 .getNetdInstance()
                 .ipSecAddSecurityAssociation(
@@ -1481,7 +1488,7 @@
                         (auth != null) ? auth.getName() : "",
                         (auth != null) ? auth.getKey() : new byte[] {},
                         (auth != null) ? auth.getTruncationLengthBits() : 0,
-                        (crypt != null) ? crypt.getName() : "",
+                        cryptName,
                         (crypt != null) ? crypt.getKey() : new byte[] {},
                         (crypt != null) ? crypt.getTruncationLengthBits() : 0,
                         (authCrypt != null) ? authCrypt.getName() : "",