1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package android.net; 17 18 import android.annotation.Nullable; 19 import android.os.Parcel; 20 import android.os.Parcelable; 21 22 import com.android.internal.annotations.VisibleForTesting; 23 24 /** 25 * This class encapsulates all the configuration parameters needed to create IPsec transforms and 26 * policies. 27 * 28 * @hide 29 */ 30 public final class IpSecConfig implements Parcelable { 31 private static final String TAG = "IpSecConfig"; 32 33 // MODE_TRANSPORT or MODE_TUNNEL 34 private int mMode = IpSecTransform.MODE_TRANSPORT; 35 36 // Preventing this from being null simplifies Java->Native binder 37 private String mSourceAddress = ""; 38 39 // Preventing this from being null simplifies Java->Native binder 40 private String mDestinationAddress = ""; 41 42 // The underlying Network that represents the "gateway" Network 43 // for outbound packets. It may also be used to select packets. 44 private Network mNetwork; 45 46 // Minimum requirements for identifying a transform 47 // SPI identifying the IPsec SA in packet processing 48 // and a destination IP address 49 private int mSpiResourceId = IpSecManager.INVALID_RESOURCE_ID; 50 51 // Encryption Algorithm 52 private IpSecAlgorithm mEncryption; 53 54 // Authentication Algorithm 55 private IpSecAlgorithm mAuthentication; 56 57 // Authenticated Encryption Algorithm 58 private IpSecAlgorithm mAuthenticatedEncryption; 59 60 // For tunnel mode IPv4 UDP Encapsulation 61 // IpSecTransform#ENCAP_ESP_*, such as ENCAP_ESP_OVER_UDP_IKE 62 private int mEncapType = IpSecTransform.ENCAP_NONE; 63 private int mEncapSocketResourceId = IpSecManager.INVALID_RESOURCE_ID; 64 private int mEncapRemotePort; 65 66 // An interval, in seconds between the NattKeepalive packets 67 private int mNattKeepaliveInterval; 68 69 // XFRM mark and mask; defaults to 0 (no mark/mask) 70 private int mMarkValue; 71 private int mMarkMask; 72 73 // XFRM interface id 74 private int mXfrmInterfaceId; 75 76 /** Set the mode for this IPsec transform */ setMode(int mode)77 public void setMode(int mode) { 78 mMode = mode; 79 } 80 81 /** Set the source IP addres for this IPsec transform */ setSourceAddress(String sourceAddress)82 public void setSourceAddress(String sourceAddress) { 83 mSourceAddress = sourceAddress; 84 } 85 86 /** Set the destination IP address for this IPsec transform */ setDestinationAddress(String destinationAddress)87 public void setDestinationAddress(String destinationAddress) { 88 mDestinationAddress = destinationAddress; 89 } 90 91 /** Set the SPI by resource ID */ setSpiResourceId(int resourceId)92 public void setSpiResourceId(int resourceId) { 93 mSpiResourceId = resourceId; 94 } 95 96 /** Set the encryption algorithm */ setEncryption(IpSecAlgorithm encryption)97 public void setEncryption(IpSecAlgorithm encryption) { 98 mEncryption = encryption; 99 } 100 101 /** Set the authentication algorithm */ setAuthentication(IpSecAlgorithm authentication)102 public void setAuthentication(IpSecAlgorithm authentication) { 103 mAuthentication = authentication; 104 } 105 106 /** Set the authenticated encryption algorithm */ setAuthenticatedEncryption(IpSecAlgorithm authenticatedEncryption)107 public void setAuthenticatedEncryption(IpSecAlgorithm authenticatedEncryption) { 108 mAuthenticatedEncryption = authenticatedEncryption; 109 } 110 111 /** Set the underlying network that will carry traffic for this transform */ setNetwork(Network network)112 public void setNetwork(Network network) { 113 mNetwork = network; 114 } 115 setEncapType(int encapType)116 public void setEncapType(int encapType) { 117 mEncapType = encapType; 118 } 119 setEncapSocketResourceId(int resourceId)120 public void setEncapSocketResourceId(int resourceId) { 121 mEncapSocketResourceId = resourceId; 122 } 123 setEncapRemotePort(int port)124 public void setEncapRemotePort(int port) { 125 mEncapRemotePort = port; 126 } 127 setNattKeepaliveInterval(int interval)128 public void setNattKeepaliveInterval(int interval) { 129 mNattKeepaliveInterval = interval; 130 } 131 132 /** 133 * Sets the mark value 134 * 135 * <p>Internal (System server) use only. Marks passed in by users will be overwritten or 136 * ignored. 137 */ setMarkValue(int mark)138 public void setMarkValue(int mark) { 139 mMarkValue = mark; 140 } 141 142 /** 143 * Sets the mark mask 144 * 145 * <p>Internal (System server) use only. Marks passed in by users will be overwritten or 146 * ignored. 147 */ setMarkMask(int mask)148 public void setMarkMask(int mask) { 149 mMarkMask = mask; 150 } 151 setXfrmInterfaceId(int xfrmInterfaceId)152 public void setXfrmInterfaceId(int xfrmInterfaceId) { 153 mXfrmInterfaceId = xfrmInterfaceId; 154 } 155 156 // Transport or Tunnel getMode()157 public int getMode() { 158 return mMode; 159 } 160 getSourceAddress()161 public String getSourceAddress() { 162 return mSourceAddress; 163 } 164 getSpiResourceId()165 public int getSpiResourceId() { 166 return mSpiResourceId; 167 } 168 getDestinationAddress()169 public String getDestinationAddress() { 170 return mDestinationAddress; 171 } 172 getEncryption()173 public IpSecAlgorithm getEncryption() { 174 return mEncryption; 175 } 176 getAuthentication()177 public IpSecAlgorithm getAuthentication() { 178 return mAuthentication; 179 } 180 getAuthenticatedEncryption()181 public IpSecAlgorithm getAuthenticatedEncryption() { 182 return mAuthenticatedEncryption; 183 } 184 getNetwork()185 public Network getNetwork() { 186 return mNetwork; 187 } 188 getEncapType()189 public int getEncapType() { 190 return mEncapType; 191 } 192 getEncapSocketResourceId()193 public int getEncapSocketResourceId() { 194 return mEncapSocketResourceId; 195 } 196 getEncapRemotePort()197 public int getEncapRemotePort() { 198 return mEncapRemotePort; 199 } 200 getNattKeepaliveInterval()201 public int getNattKeepaliveInterval() { 202 return mNattKeepaliveInterval; 203 } 204 getMarkValue()205 public int getMarkValue() { 206 return mMarkValue; 207 } 208 getMarkMask()209 public int getMarkMask() { 210 return mMarkMask; 211 } 212 getXfrmInterfaceId()213 public int getXfrmInterfaceId() { 214 return mXfrmInterfaceId; 215 } 216 217 // Parcelable Methods 218 219 @Override describeContents()220 public int describeContents() { 221 return 0; 222 } 223 224 @Override writeToParcel(Parcel out, int flags)225 public void writeToParcel(Parcel out, int flags) { 226 out.writeInt(mMode); 227 out.writeString(mSourceAddress); 228 out.writeString(mDestinationAddress); 229 out.writeParcelable(mNetwork, flags); 230 out.writeInt(mSpiResourceId); 231 out.writeParcelable(mEncryption, flags); 232 out.writeParcelable(mAuthentication, flags); 233 out.writeParcelable(mAuthenticatedEncryption, flags); 234 out.writeInt(mEncapType); 235 out.writeInt(mEncapSocketResourceId); 236 out.writeInt(mEncapRemotePort); 237 out.writeInt(mNattKeepaliveInterval); 238 out.writeInt(mMarkValue); 239 out.writeInt(mMarkMask); 240 out.writeInt(mXfrmInterfaceId); 241 } 242 243 @VisibleForTesting IpSecConfig()244 public IpSecConfig() {} 245 246 /** Copy constructor */ 247 @VisibleForTesting IpSecConfig(IpSecConfig c)248 public IpSecConfig(IpSecConfig c) { 249 mMode = c.mMode; 250 mSourceAddress = c.mSourceAddress; 251 mDestinationAddress = c.mDestinationAddress; 252 mNetwork = c.mNetwork; 253 mSpiResourceId = c.mSpiResourceId; 254 mEncryption = c.mEncryption; 255 mAuthentication = c.mAuthentication; 256 mAuthenticatedEncryption = c.mAuthenticatedEncryption; 257 mEncapType = c.mEncapType; 258 mEncapSocketResourceId = c.mEncapSocketResourceId; 259 mEncapRemotePort = c.mEncapRemotePort; 260 mNattKeepaliveInterval = c.mNattKeepaliveInterval; 261 mMarkValue = c.mMarkValue; 262 mMarkMask = c.mMarkMask; 263 mXfrmInterfaceId = c.mXfrmInterfaceId; 264 } 265 IpSecConfig(Parcel in)266 private IpSecConfig(Parcel in) { 267 mMode = in.readInt(); 268 mSourceAddress = in.readString(); 269 mDestinationAddress = in.readString(); 270 mNetwork = (Network) in.readParcelable(Network.class.getClassLoader(), android.net.Network.class); 271 mSpiResourceId = in.readInt(); 272 mEncryption = 273 (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader(), android.net.IpSecAlgorithm.class); 274 mAuthentication = 275 (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader(), android.net.IpSecAlgorithm.class); 276 mAuthenticatedEncryption = 277 (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader(), android.net.IpSecAlgorithm.class); 278 mEncapType = in.readInt(); 279 mEncapSocketResourceId = in.readInt(); 280 mEncapRemotePort = in.readInt(); 281 mNattKeepaliveInterval = in.readInt(); 282 mMarkValue = in.readInt(); 283 mMarkMask = in.readInt(); 284 mXfrmInterfaceId = in.readInt(); 285 } 286 287 @Override toString()288 public String toString() { 289 StringBuilder strBuilder = new StringBuilder(); 290 strBuilder 291 .append("{mMode=") 292 .append(mMode == IpSecTransform.MODE_TUNNEL ? "TUNNEL" : "TRANSPORT") 293 .append(", mSourceAddress=") 294 .append(mSourceAddress) 295 .append(", mDestinationAddress=") 296 .append(mDestinationAddress) 297 .append(", mNetwork=") 298 .append(mNetwork) 299 .append(", mEncapType=") 300 .append(mEncapType) 301 .append(", mEncapSocketResourceId=") 302 .append(mEncapSocketResourceId) 303 .append(", mEncapRemotePort=") 304 .append(mEncapRemotePort) 305 .append(", mNattKeepaliveInterval=") 306 .append(mNattKeepaliveInterval) 307 .append("{mSpiResourceId=") 308 .append(mSpiResourceId) 309 .append(", mEncryption=") 310 .append(mEncryption) 311 .append(", mAuthentication=") 312 .append(mAuthentication) 313 .append(", mAuthenticatedEncryption=") 314 .append(mAuthenticatedEncryption) 315 .append(", mMarkValue=") 316 .append(mMarkValue) 317 .append(", mMarkMask=") 318 .append(mMarkMask) 319 .append(", mXfrmInterfaceId=") 320 .append(mXfrmInterfaceId) 321 .append("}"); 322 323 return strBuilder.toString(); 324 } 325 326 public static final @android.annotation.NonNull Parcelable.Creator<IpSecConfig> CREATOR = 327 new Parcelable.Creator<IpSecConfig>() { 328 public IpSecConfig createFromParcel(Parcel in) { 329 return new IpSecConfig(in); 330 } 331 332 public IpSecConfig[] newArray(int size) { 333 return new IpSecConfig[size]; 334 } 335 }; 336 337 @Override equals(@ullable Object other)338 public boolean equals(@Nullable Object other) { 339 if (!(other instanceof IpSecConfig)) return false; 340 final IpSecConfig rhs = (IpSecConfig) other; 341 return (mMode == rhs.mMode 342 && mSourceAddress.equals(rhs.mSourceAddress) 343 && mDestinationAddress.equals(rhs.mDestinationAddress) 344 && ((mNetwork != null && mNetwork.equals(rhs.mNetwork)) 345 || (mNetwork == rhs.mNetwork)) 346 && mEncapType == rhs.mEncapType 347 && mEncapSocketResourceId == rhs.mEncapSocketResourceId 348 && mEncapRemotePort == rhs.mEncapRemotePort 349 && mNattKeepaliveInterval == rhs.mNattKeepaliveInterval 350 && mSpiResourceId == rhs.mSpiResourceId 351 && IpSecAlgorithm.equals(mEncryption, rhs.mEncryption) 352 && IpSecAlgorithm.equals(mAuthenticatedEncryption, rhs.mAuthenticatedEncryption) 353 && IpSecAlgorithm.equals(mAuthentication, rhs.mAuthentication) 354 && mMarkValue == rhs.mMarkValue 355 && mMarkMask == rhs.mMarkMask 356 && mXfrmInterfaceId == rhs.mXfrmInterfaceId); 357 } 358 } 359