1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package android.net; 17 18 import android.os.Parcel; 19 import android.os.Parcelable; 20 21 import com.android.internal.annotations.VisibleForTesting; 22 23 /** 24 * This class encapsulates all the configuration parameters needed to create IPsec transforms and 25 * policies. 26 * 27 * @hide 28 */ 29 public final class IpSecConfig implements Parcelable { 30 private static final String TAG = "IpSecConfig"; 31 32 // MODE_TRANSPORT or MODE_TUNNEL 33 private int mMode = IpSecTransform.MODE_TRANSPORT; 34 35 // Preventing this from being null simplifies Java->Native binder 36 private String mSourceAddress = ""; 37 38 // Preventing this from being null simplifies Java->Native binder 39 private String mDestinationAddress = ""; 40 41 // The underlying Network that represents the "gateway" Network 42 // for outbound packets. It may also be used to select packets. 43 private Network mNetwork; 44 45 // Minimum requirements for identifying a transform 46 // SPI identifying the IPsec SA in packet processing 47 // and a destination IP address 48 private int mSpiResourceId = IpSecManager.INVALID_RESOURCE_ID; 49 50 // Encryption Algorithm 51 private IpSecAlgorithm mEncryption; 52 53 // Authentication Algorithm 54 private IpSecAlgorithm mAuthentication; 55 56 // Authenticated Encryption Algorithm 57 private IpSecAlgorithm mAuthenticatedEncryption; 58 59 // For tunnel mode IPv4 UDP Encapsulation 60 // IpSecTransform#ENCAP_ESP_*, such as ENCAP_ESP_OVER_UDP_IKE 61 private int mEncapType = IpSecTransform.ENCAP_NONE; 62 private int mEncapSocketResourceId = IpSecManager.INVALID_RESOURCE_ID; 63 private int mEncapRemotePort; 64 65 // An interval, in seconds between the NattKeepalive packets 66 private int mNattKeepaliveInterval; 67 68 // XFRM mark and mask; defaults to 0 (no mark/mask) 69 private int mMarkValue; 70 private int mMarkMask; 71 72 // XFRM interface id 73 private int mXfrmInterfaceId; 74 75 /** Set the mode for this IPsec transform */ setMode(int mode)76 public void setMode(int mode) { 77 mMode = mode; 78 } 79 80 /** Set the source IP addres for this IPsec transform */ setSourceAddress(String sourceAddress)81 public void setSourceAddress(String sourceAddress) { 82 mSourceAddress = sourceAddress; 83 } 84 85 /** Set the destination IP address for this IPsec transform */ setDestinationAddress(String destinationAddress)86 public void setDestinationAddress(String destinationAddress) { 87 mDestinationAddress = destinationAddress; 88 } 89 90 /** Set the SPI by resource ID */ setSpiResourceId(int resourceId)91 public void setSpiResourceId(int resourceId) { 92 mSpiResourceId = resourceId; 93 } 94 95 /** Set the encryption algorithm */ setEncryption(IpSecAlgorithm encryption)96 public void setEncryption(IpSecAlgorithm encryption) { 97 mEncryption = encryption; 98 } 99 100 /** Set the authentication algorithm */ setAuthentication(IpSecAlgorithm authentication)101 public void setAuthentication(IpSecAlgorithm authentication) { 102 mAuthentication = authentication; 103 } 104 105 /** Set the authenticated encryption algorithm */ setAuthenticatedEncryption(IpSecAlgorithm authenticatedEncryption)106 public void setAuthenticatedEncryption(IpSecAlgorithm authenticatedEncryption) { 107 mAuthenticatedEncryption = authenticatedEncryption; 108 } 109 110 /** Set the underlying network that will carry traffic for this transform */ setNetwork(Network network)111 public void setNetwork(Network network) { 112 mNetwork = network; 113 } 114 setEncapType(int encapType)115 public void setEncapType(int encapType) { 116 mEncapType = encapType; 117 } 118 setEncapSocketResourceId(int resourceId)119 public void setEncapSocketResourceId(int resourceId) { 120 mEncapSocketResourceId = resourceId; 121 } 122 setEncapRemotePort(int port)123 public void setEncapRemotePort(int port) { 124 mEncapRemotePort = port; 125 } 126 setNattKeepaliveInterval(int interval)127 public void setNattKeepaliveInterval(int interval) { 128 mNattKeepaliveInterval = interval; 129 } 130 131 /** 132 * Sets the mark value 133 * 134 * <p>Internal (System server) use only. Marks passed in by users will be overwritten or 135 * ignored. 136 */ setMarkValue(int mark)137 public void setMarkValue(int mark) { 138 mMarkValue = mark; 139 } 140 141 /** 142 * Sets the mark mask 143 * 144 * <p>Internal (System server) use only. Marks passed in by users will be overwritten or 145 * ignored. 146 */ setMarkMask(int mask)147 public void setMarkMask(int mask) { 148 mMarkMask = mask; 149 } 150 setXfrmInterfaceId(int xfrmInterfaceId)151 public void setXfrmInterfaceId(int xfrmInterfaceId) { 152 mXfrmInterfaceId = xfrmInterfaceId; 153 } 154 155 // Transport or Tunnel getMode()156 public int getMode() { 157 return mMode; 158 } 159 getSourceAddress()160 public String getSourceAddress() { 161 return mSourceAddress; 162 } 163 getSpiResourceId()164 public int getSpiResourceId() { 165 return mSpiResourceId; 166 } 167 getDestinationAddress()168 public String getDestinationAddress() { 169 return mDestinationAddress; 170 } 171 getEncryption()172 public IpSecAlgorithm getEncryption() { 173 return mEncryption; 174 } 175 getAuthentication()176 public IpSecAlgorithm getAuthentication() { 177 return mAuthentication; 178 } 179 getAuthenticatedEncryption()180 public IpSecAlgorithm getAuthenticatedEncryption() { 181 return mAuthenticatedEncryption; 182 } 183 getNetwork()184 public Network getNetwork() { 185 return mNetwork; 186 } 187 getEncapType()188 public int getEncapType() { 189 return mEncapType; 190 } 191 getEncapSocketResourceId()192 public int getEncapSocketResourceId() { 193 return mEncapSocketResourceId; 194 } 195 getEncapRemotePort()196 public int getEncapRemotePort() { 197 return mEncapRemotePort; 198 } 199 getNattKeepaliveInterval()200 public int getNattKeepaliveInterval() { 201 return mNattKeepaliveInterval; 202 } 203 getMarkValue()204 public int getMarkValue() { 205 return mMarkValue; 206 } 207 getMarkMask()208 public int getMarkMask() { 209 return mMarkMask; 210 } 211 getXfrmInterfaceId()212 public int getXfrmInterfaceId() { 213 return mXfrmInterfaceId; 214 } 215 216 // Parcelable Methods 217 218 @Override describeContents()219 public int describeContents() { 220 return 0; 221 } 222 223 @Override writeToParcel(Parcel out, int flags)224 public void writeToParcel(Parcel out, int flags) { 225 out.writeInt(mMode); 226 out.writeString(mSourceAddress); 227 out.writeString(mDestinationAddress); 228 out.writeParcelable(mNetwork, flags); 229 out.writeInt(mSpiResourceId); 230 out.writeParcelable(mEncryption, flags); 231 out.writeParcelable(mAuthentication, flags); 232 out.writeParcelable(mAuthenticatedEncryption, flags); 233 out.writeInt(mEncapType); 234 out.writeInt(mEncapSocketResourceId); 235 out.writeInt(mEncapRemotePort); 236 out.writeInt(mNattKeepaliveInterval); 237 out.writeInt(mMarkValue); 238 out.writeInt(mMarkMask); 239 out.writeInt(mXfrmInterfaceId); 240 } 241 242 @VisibleForTesting IpSecConfig()243 public IpSecConfig() {} 244 245 /** Copy constructor */ 246 @VisibleForTesting IpSecConfig(IpSecConfig c)247 public IpSecConfig(IpSecConfig c) { 248 mMode = c.mMode; 249 mSourceAddress = c.mSourceAddress; 250 mDestinationAddress = c.mDestinationAddress; 251 mNetwork = c.mNetwork; 252 mSpiResourceId = c.mSpiResourceId; 253 mEncryption = c.mEncryption; 254 mAuthentication = c.mAuthentication; 255 mAuthenticatedEncryption = c.mAuthenticatedEncryption; 256 mEncapType = c.mEncapType; 257 mEncapSocketResourceId = c.mEncapSocketResourceId; 258 mEncapRemotePort = c.mEncapRemotePort; 259 mNattKeepaliveInterval = c.mNattKeepaliveInterval; 260 mMarkValue = c.mMarkValue; 261 mMarkMask = c.mMarkMask; 262 mXfrmInterfaceId = c.mXfrmInterfaceId; 263 } 264 IpSecConfig(Parcel in)265 private IpSecConfig(Parcel in) { 266 mMode = in.readInt(); 267 mSourceAddress = in.readString(); 268 mDestinationAddress = in.readString(); 269 mNetwork = (Network) in.readParcelable(Network.class.getClassLoader()); 270 mSpiResourceId = in.readInt(); 271 mEncryption = 272 (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader()); 273 mAuthentication = 274 (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader()); 275 mAuthenticatedEncryption = 276 (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader()); 277 mEncapType = in.readInt(); 278 mEncapSocketResourceId = in.readInt(); 279 mEncapRemotePort = in.readInt(); 280 mNattKeepaliveInterval = in.readInt(); 281 mMarkValue = in.readInt(); 282 mMarkMask = in.readInt(); 283 mXfrmInterfaceId = in.readInt(); 284 } 285 286 @Override toString()287 public String toString() { 288 StringBuilder strBuilder = new StringBuilder(); 289 strBuilder 290 .append("{mMode=") 291 .append(mMode == IpSecTransform.MODE_TUNNEL ? "TUNNEL" : "TRANSPORT") 292 .append(", mSourceAddress=") 293 .append(mSourceAddress) 294 .append(", mDestinationAddress=") 295 .append(mDestinationAddress) 296 .append(", mNetwork=") 297 .append(mNetwork) 298 .append(", mEncapType=") 299 .append(mEncapType) 300 .append(", mEncapSocketResourceId=") 301 .append(mEncapSocketResourceId) 302 .append(", mEncapRemotePort=") 303 .append(mEncapRemotePort) 304 .append(", mNattKeepaliveInterval=") 305 .append(mNattKeepaliveInterval) 306 .append("{mSpiResourceId=") 307 .append(mSpiResourceId) 308 .append(", mEncryption=") 309 .append(mEncryption) 310 .append(", mAuthentication=") 311 .append(mAuthentication) 312 .append(", mAuthenticatedEncryption=") 313 .append(mAuthenticatedEncryption) 314 .append(", mMarkValue=") 315 .append(mMarkValue) 316 .append(", mMarkMask=") 317 .append(mMarkMask) 318 .append(", mXfrmInterfaceId=") 319 .append(mXfrmInterfaceId) 320 .append("}"); 321 322 return strBuilder.toString(); 323 } 324 325 public static final @android.annotation.NonNull Parcelable.Creator<IpSecConfig> CREATOR = 326 new Parcelable.Creator<IpSecConfig>() { 327 public IpSecConfig createFromParcel(Parcel in) { 328 return new IpSecConfig(in); 329 } 330 331 public IpSecConfig[] newArray(int size) { 332 return new IpSecConfig[size]; 333 } 334 }; 335 336 @VisibleForTesting 337 /** Equals method used for testing */ equals(IpSecConfig lhs, IpSecConfig rhs)338 public static boolean equals(IpSecConfig lhs, IpSecConfig rhs) { 339 if (lhs == null || rhs == null) return (lhs == rhs); 340 return (lhs.mMode == rhs.mMode 341 && lhs.mSourceAddress.equals(rhs.mSourceAddress) 342 && lhs.mDestinationAddress.equals(rhs.mDestinationAddress) 343 && ((lhs.mNetwork != null && lhs.mNetwork.equals(rhs.mNetwork)) 344 || (lhs.mNetwork == rhs.mNetwork)) 345 && lhs.mEncapType == rhs.mEncapType 346 && lhs.mEncapSocketResourceId == rhs.mEncapSocketResourceId 347 && lhs.mEncapRemotePort == rhs.mEncapRemotePort 348 && lhs.mNattKeepaliveInterval == rhs.mNattKeepaliveInterval 349 && lhs.mSpiResourceId == rhs.mSpiResourceId 350 && IpSecAlgorithm.equals(lhs.mEncryption, rhs.mEncryption) 351 && IpSecAlgorithm.equals(lhs.mAuthenticatedEncryption, rhs.mAuthenticatedEncryption) 352 && IpSecAlgorithm.equals(lhs.mAuthentication, rhs.mAuthentication) 353 && lhs.mMarkValue == rhs.mMarkValue 354 && lhs.mMarkMask == rhs.mMarkMask 355 && lhs.mXfrmInterfaceId == rhs.mXfrmInterfaceId); 356 } 357 } 358