1 /*
2  * Copyright (C) 2017 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 package android.net;
17 
18 import android.os.Parcel;
19 import android.os.Parcelable;
20 
21 import com.android.internal.annotations.VisibleForTesting;
22 
23 /**
24  * This class encapsulates all the configuration parameters needed to create IPsec transforms and
25  * policies.
26  *
27  * @hide
28  */
29 public final class IpSecConfig implements Parcelable {
30     private static final String TAG = "IpSecConfig";
31 
32     // MODE_TRANSPORT or MODE_TUNNEL
33     private int mMode = IpSecTransform.MODE_TRANSPORT;
34 
35     // Preventing this from being null simplifies Java->Native binder
36     private String mSourceAddress = "";
37 
38     // Preventing this from being null simplifies Java->Native binder
39     private String mDestinationAddress = "";
40 
41     // The underlying Network that represents the "gateway" Network
42     // for outbound packets. It may also be used to select packets.
43     private Network mNetwork;
44 
45     // Minimum requirements for identifying a transform
46     // SPI identifying the IPsec SA in packet processing
47     // and a destination IP address
48     private int mSpiResourceId = IpSecManager.INVALID_RESOURCE_ID;
49 
50     // Encryption Algorithm
51     private IpSecAlgorithm mEncryption;
52 
53     // Authentication Algorithm
54     private IpSecAlgorithm mAuthentication;
55 
56     // Authenticated Encryption Algorithm
57     private IpSecAlgorithm mAuthenticatedEncryption;
58 
59     // For tunnel mode IPv4 UDP Encapsulation
60     // IpSecTransform#ENCAP_ESP_*, such as ENCAP_ESP_OVER_UDP_IKE
61     private int mEncapType = IpSecTransform.ENCAP_NONE;
62     private int mEncapSocketResourceId = IpSecManager.INVALID_RESOURCE_ID;
63     private int mEncapRemotePort;
64 
65     // An interval, in seconds between the NattKeepalive packets
66     private int mNattKeepaliveInterval;
67 
68     // XFRM mark and mask; defaults to 0 (no mark/mask)
69     private int mMarkValue;
70     private int mMarkMask;
71 
72     // XFRM interface id
73     private int mXfrmInterfaceId;
74 
75     /** Set the mode for this IPsec transform */
setMode(int mode)76     public void setMode(int mode) {
77         mMode = mode;
78     }
79 
80     /** Set the source IP addres for this IPsec transform */
setSourceAddress(String sourceAddress)81     public void setSourceAddress(String sourceAddress) {
82         mSourceAddress = sourceAddress;
83     }
84 
85     /** Set the destination IP address for this IPsec transform */
setDestinationAddress(String destinationAddress)86     public void setDestinationAddress(String destinationAddress) {
87         mDestinationAddress = destinationAddress;
88     }
89 
90     /** Set the SPI by resource ID */
setSpiResourceId(int resourceId)91     public void setSpiResourceId(int resourceId) {
92         mSpiResourceId = resourceId;
93     }
94 
95     /** Set the encryption algorithm */
setEncryption(IpSecAlgorithm encryption)96     public void setEncryption(IpSecAlgorithm encryption) {
97         mEncryption = encryption;
98     }
99 
100     /** Set the authentication algorithm */
setAuthentication(IpSecAlgorithm authentication)101     public void setAuthentication(IpSecAlgorithm authentication) {
102         mAuthentication = authentication;
103     }
104 
105     /** Set the authenticated encryption algorithm */
setAuthenticatedEncryption(IpSecAlgorithm authenticatedEncryption)106     public void setAuthenticatedEncryption(IpSecAlgorithm authenticatedEncryption) {
107         mAuthenticatedEncryption = authenticatedEncryption;
108     }
109 
110     /** Set the underlying network that will carry traffic for this transform */
setNetwork(Network network)111     public void setNetwork(Network network) {
112         mNetwork = network;
113     }
114 
setEncapType(int encapType)115     public void setEncapType(int encapType) {
116         mEncapType = encapType;
117     }
118 
setEncapSocketResourceId(int resourceId)119     public void setEncapSocketResourceId(int resourceId) {
120         mEncapSocketResourceId = resourceId;
121     }
122 
setEncapRemotePort(int port)123     public void setEncapRemotePort(int port) {
124         mEncapRemotePort = port;
125     }
126 
setNattKeepaliveInterval(int interval)127     public void setNattKeepaliveInterval(int interval) {
128         mNattKeepaliveInterval = interval;
129     }
130 
131     /**
132      * Sets the mark value
133      *
134      * <p>Internal (System server) use only. Marks passed in by users will be overwritten or
135      * ignored.
136      */
setMarkValue(int mark)137     public void setMarkValue(int mark) {
138         mMarkValue = mark;
139     }
140 
141     /**
142      * Sets the mark mask
143      *
144      * <p>Internal (System server) use only. Marks passed in by users will be overwritten or
145      * ignored.
146      */
setMarkMask(int mask)147     public void setMarkMask(int mask) {
148         mMarkMask = mask;
149     }
150 
setXfrmInterfaceId(int xfrmInterfaceId)151     public void setXfrmInterfaceId(int xfrmInterfaceId) {
152         mXfrmInterfaceId = xfrmInterfaceId;
153     }
154 
155     // Transport or Tunnel
getMode()156     public int getMode() {
157         return mMode;
158     }
159 
getSourceAddress()160     public String getSourceAddress() {
161         return mSourceAddress;
162     }
163 
getSpiResourceId()164     public int getSpiResourceId() {
165         return mSpiResourceId;
166     }
167 
getDestinationAddress()168     public String getDestinationAddress() {
169         return mDestinationAddress;
170     }
171 
getEncryption()172     public IpSecAlgorithm getEncryption() {
173         return mEncryption;
174     }
175 
getAuthentication()176     public IpSecAlgorithm getAuthentication() {
177         return mAuthentication;
178     }
179 
getAuthenticatedEncryption()180     public IpSecAlgorithm getAuthenticatedEncryption() {
181         return mAuthenticatedEncryption;
182     }
183 
getNetwork()184     public Network getNetwork() {
185         return mNetwork;
186     }
187 
getEncapType()188     public int getEncapType() {
189         return mEncapType;
190     }
191 
getEncapSocketResourceId()192     public int getEncapSocketResourceId() {
193         return mEncapSocketResourceId;
194     }
195 
getEncapRemotePort()196     public int getEncapRemotePort() {
197         return mEncapRemotePort;
198     }
199 
getNattKeepaliveInterval()200     public int getNattKeepaliveInterval() {
201         return mNattKeepaliveInterval;
202     }
203 
getMarkValue()204     public int getMarkValue() {
205         return mMarkValue;
206     }
207 
getMarkMask()208     public int getMarkMask() {
209         return mMarkMask;
210     }
211 
getXfrmInterfaceId()212     public int getXfrmInterfaceId() {
213         return mXfrmInterfaceId;
214     }
215 
216     // Parcelable Methods
217 
218     @Override
describeContents()219     public int describeContents() {
220         return 0;
221     }
222 
223     @Override
writeToParcel(Parcel out, int flags)224     public void writeToParcel(Parcel out, int flags) {
225         out.writeInt(mMode);
226         out.writeString(mSourceAddress);
227         out.writeString(mDestinationAddress);
228         out.writeParcelable(mNetwork, flags);
229         out.writeInt(mSpiResourceId);
230         out.writeParcelable(mEncryption, flags);
231         out.writeParcelable(mAuthentication, flags);
232         out.writeParcelable(mAuthenticatedEncryption, flags);
233         out.writeInt(mEncapType);
234         out.writeInt(mEncapSocketResourceId);
235         out.writeInt(mEncapRemotePort);
236         out.writeInt(mNattKeepaliveInterval);
237         out.writeInt(mMarkValue);
238         out.writeInt(mMarkMask);
239         out.writeInt(mXfrmInterfaceId);
240     }
241 
242     @VisibleForTesting
IpSecConfig()243     public IpSecConfig() {}
244 
245     /** Copy constructor */
246     @VisibleForTesting
IpSecConfig(IpSecConfig c)247     public IpSecConfig(IpSecConfig c) {
248         mMode = c.mMode;
249         mSourceAddress = c.mSourceAddress;
250         mDestinationAddress = c.mDestinationAddress;
251         mNetwork = c.mNetwork;
252         mSpiResourceId = c.mSpiResourceId;
253         mEncryption = c.mEncryption;
254         mAuthentication = c.mAuthentication;
255         mAuthenticatedEncryption = c.mAuthenticatedEncryption;
256         mEncapType = c.mEncapType;
257         mEncapSocketResourceId = c.mEncapSocketResourceId;
258         mEncapRemotePort = c.mEncapRemotePort;
259         mNattKeepaliveInterval = c.mNattKeepaliveInterval;
260         mMarkValue = c.mMarkValue;
261         mMarkMask = c.mMarkMask;
262         mXfrmInterfaceId = c.mXfrmInterfaceId;
263     }
264 
IpSecConfig(Parcel in)265     private IpSecConfig(Parcel in) {
266         mMode = in.readInt();
267         mSourceAddress = in.readString();
268         mDestinationAddress = in.readString();
269         mNetwork = (Network) in.readParcelable(Network.class.getClassLoader());
270         mSpiResourceId = in.readInt();
271         mEncryption =
272                 (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader());
273         mAuthentication =
274                 (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader());
275         mAuthenticatedEncryption =
276                 (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader());
277         mEncapType = in.readInt();
278         mEncapSocketResourceId = in.readInt();
279         mEncapRemotePort = in.readInt();
280         mNattKeepaliveInterval = in.readInt();
281         mMarkValue = in.readInt();
282         mMarkMask = in.readInt();
283         mXfrmInterfaceId = in.readInt();
284     }
285 
286     @Override
toString()287     public String toString() {
288         StringBuilder strBuilder = new StringBuilder();
289         strBuilder
290                 .append("{mMode=")
291                 .append(mMode == IpSecTransform.MODE_TUNNEL ? "TUNNEL" : "TRANSPORT")
292                 .append(", mSourceAddress=")
293                 .append(mSourceAddress)
294                 .append(", mDestinationAddress=")
295                 .append(mDestinationAddress)
296                 .append(", mNetwork=")
297                 .append(mNetwork)
298                 .append(", mEncapType=")
299                 .append(mEncapType)
300                 .append(", mEncapSocketResourceId=")
301                 .append(mEncapSocketResourceId)
302                 .append(", mEncapRemotePort=")
303                 .append(mEncapRemotePort)
304                 .append(", mNattKeepaliveInterval=")
305                 .append(mNattKeepaliveInterval)
306                 .append("{mSpiResourceId=")
307                 .append(mSpiResourceId)
308                 .append(", mEncryption=")
309                 .append(mEncryption)
310                 .append(", mAuthentication=")
311                 .append(mAuthentication)
312                 .append(", mAuthenticatedEncryption=")
313                 .append(mAuthenticatedEncryption)
314                 .append(", mMarkValue=")
315                 .append(mMarkValue)
316                 .append(", mMarkMask=")
317                 .append(mMarkMask)
318                 .append(", mXfrmInterfaceId=")
319                 .append(mXfrmInterfaceId)
320                 .append("}");
321 
322         return strBuilder.toString();
323     }
324 
325     public static final @android.annotation.NonNull Parcelable.Creator<IpSecConfig> CREATOR =
326             new Parcelable.Creator<IpSecConfig>() {
327                 public IpSecConfig createFromParcel(Parcel in) {
328                     return new IpSecConfig(in);
329                 }
330 
331                 public IpSecConfig[] newArray(int size) {
332                     return new IpSecConfig[size];
333                 }
334             };
335 
336     @VisibleForTesting
337     /** Equals method used for testing */
equals(IpSecConfig lhs, IpSecConfig rhs)338     public static boolean equals(IpSecConfig lhs, IpSecConfig rhs) {
339         if (lhs == null || rhs == null) return (lhs == rhs);
340         return (lhs.mMode == rhs.mMode
341                 && lhs.mSourceAddress.equals(rhs.mSourceAddress)
342                 && lhs.mDestinationAddress.equals(rhs.mDestinationAddress)
343                 && ((lhs.mNetwork != null && lhs.mNetwork.equals(rhs.mNetwork))
344                         || (lhs.mNetwork == rhs.mNetwork))
345                 && lhs.mEncapType == rhs.mEncapType
346                 && lhs.mEncapSocketResourceId == rhs.mEncapSocketResourceId
347                 && lhs.mEncapRemotePort == rhs.mEncapRemotePort
348                 && lhs.mNattKeepaliveInterval == rhs.mNattKeepaliveInterval
349                 && lhs.mSpiResourceId == rhs.mSpiResourceId
350                 && IpSecAlgorithm.equals(lhs.mEncryption, rhs.mEncryption)
351                 && IpSecAlgorithm.equals(lhs.mAuthenticatedEncryption, rhs.mAuthenticatedEncryption)
352                 && IpSecAlgorithm.equals(lhs.mAuthentication, rhs.mAuthentication)
353                 && lhs.mMarkValue == rhs.mMarkValue
354                 && lhs.mMarkMask == rhs.mMarkMask
355                 && lhs.mXfrmInterfaceId == rhs.mXfrmInterfaceId);
356     }
357 }
358