Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bf013a38 authored by Benedict Wong's avatar Benedict Wong Committed by Nathan Harold
Browse files

Add support for auth-only transforms 

Kernel limitations prevent auth-only SAs from being created. Explicitly
request a null encryption algorithm instead of omitting the algorithm
to comply with the kernel requirement for ESP.

Bug: 75049573
Test: CTS tests for auth-only, crypt-only transforms added for all
combinations of (UDP, TCP, IPv4, IPv6, UDP-encap) Also added unit
tests to ensure correct triggering of NULL_CRYPT usage.
Change-Id: Ia9a5cfee9c7786412846bc039f326420f6211c08
parent 539f85a1

core/java/android/net/IpSecAlgorithm.java

+7 −0
Original line number Diff line number Diff line
@@ -37,6 +37,13 @@ import java.util.Arrays; 
public final class IpSecAlgorithm implements Parcelable {

    private static final String TAG = "IpSecAlgorithm";



    /**

     * Null cipher.

     *

     * @hide

     */

    public static final String CRYPT_NULL = "ecb(cipher_null)";



    /**

     * AES-CBC Encryption/Ciphering Algorithm.

     *

services/core/java/com/android/server/IpSecService.java

+8 −1
Original line number Diff line number Diff line
@@ -1467,6 +1467,13 @@ public class IpSecService extends IIpSecService.Stub { 
        IpSecAlgorithm crypt = c.getEncryption();

        IpSecAlgorithm authCrypt = c.getAuthenticatedEncryption();



        String cryptName;

        if (crypt == null) {

            cryptName = (authCrypt == null) ? IpSecAlgorithm.CRYPT_NULL : "";

        } else {

            cryptName = crypt.getName();

        }



        mSrvConfig

                .getNetdInstance()

                .ipSecAddSecurityAssociation(
@@ -1481,7 +1488,7 @@ public class IpSecService extends IIpSecService.Stub { 
                        (auth != null) ? auth.getName() : "",

                        (auth != null) ? auth.getKey() : new byte[] {},

                        (auth != null) ? auth.getTruncationLengthBits() : 0,

                        (crypt != null) ? crypt.getName() : "",

                        cryptName,

                        (crypt != null) ? crypt.getKey() : new byte[] {},

                        (crypt != null) ? crypt.getTruncationLengthBits() : 0,

                        (authCrypt != null) ? authCrypt.getName() : "",