1 /*
2  * Copyright 2020 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package com.google.android.iwlan.epdg;
18 
19 import android.net.ipsec.ike.ChildSaProposal;
20 import android.util.Pair;
21 
22 public class EpdgChildSaProposal extends EpdgSaProposal {
23     private boolean mAddChildSessionRekeyKePayload = false;
24 
25     /**
26      * Add DH Groups to child session during rekey with KE payload. IKE library doesn't add KE
27      * payload if dh groups are not set in child session params. Use the same groups as that of IKE
28      * session.
29      */
enableAddChildSessionRekeyKePayload()30     public void enableAddChildSessionRekeyKePayload() {
31         mAddChildSessionRekeyKePayload = true;
32     }
33 
34     /**
35      * Builds {@link ChildSaProposal} of carrier proposed encryption algorithms (non-AEAD) cipher
36      * suit.
37      */
buildProposedChildSaProposal()38     public ChildSaProposal buildProposedChildSaProposal() {
39         return buildProposal(false, true);
40     }
41 
42     /** Builds {@link ChildSaProposal} of carrier proposed AEAD algorithms cipher suit. */
buildProposedChildSaAeadProposal()43     public ChildSaProposal buildProposedChildSaAeadProposal() {
44         return buildProposal(true, true);
45     }
46 
47     /**
48      * Builds {@link ChildSaProposal} of Iwlan supported encryption algorithms (non-AEAD) cipher
49      * suit.
50      */
buildSupportedChildSaProposal()51     public ChildSaProposal buildSupportedChildSaProposal() {
52         return buildProposal(false, false);
53     }
54 
55     /** Builds {@link ChildSaProposal} of Iwlan supported AEAD algorithms cipher suit. */
buildSupportedChildSaAeadProposal()56     public ChildSaProposal buildSupportedChildSaAeadProposal() {
57         return buildProposal(true, false);
58     }
59 
buildProposal(boolean isAead, boolean isProposed)60     private ChildSaProposal buildProposal(boolean isAead, boolean isProposed) {
61         ChildSaProposal.Builder saProposalBuilder = new ChildSaProposal.Builder();
62 
63         if (mAddChildSessionRekeyKePayload) {
64             int[] dhGroups = getDhGroups();
65             for (int dhGroup : dhGroups) {
66                 saProposalBuilder.addDhGroup(dhGroup);
67             }
68         }
69 
70         Pair<Integer, Integer>[] encrAlgos;
71 
72         if (isAead) {
73             encrAlgos = (isProposed) ? getAeadAlgos() : getSupportedAeadAlgos();
74         } else {
75             encrAlgos = (isProposed) ? getEncryptionAlgos() : getSupportedEncryptionAlgos();
76         }
77 
78         for (Pair<Integer, Integer> encrAlgo : encrAlgos) {
79             saProposalBuilder.addEncryptionAlgorithm(encrAlgo.first, encrAlgo.second);
80         }
81 
82         if (!isAead) {
83             int[] integrityAlgos =
84                     (isProposed) ? getIntegrityAlgos() : getSupportedIntegrityAlgos();
85             for (int integrityAlgo : integrityAlgos) {
86                 saProposalBuilder.addIntegrityAlgorithm(integrityAlgo);
87             }
88         }
89 
90         return saProposalBuilder.build();
91     }
92 }
93