1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package android.net; 17 18 import android.os.Parcel; 19 import android.os.Parcelable; 20 21 import com.android.internal.annotations.VisibleForTesting; 22 23 /** 24 * This class encapsulates all the configuration parameters needed to create IPsec transforms and 25 * policies. 26 * 27 * @hide 28 */ 29 public final class IpSecConfig implements Parcelable { 30 private static final String TAG = "IpSecConfig"; 31 32 // MODE_TRANSPORT or MODE_TUNNEL 33 private int mMode = IpSecTransform.MODE_TRANSPORT; 34 35 // Preventing this from being null simplifies Java->Native binder 36 private String mSourceAddress = ""; 37 38 // Preventing this from being null simplifies Java->Native binder 39 private String mDestinationAddress = ""; 40 41 // The underlying Network that represents the "gateway" Network 42 // for outbound packets. It may also be used to select packets. 43 private Network mNetwork; 44 45 // Minimum requirements for identifying a transform 46 // SPI identifying the IPsec SA in packet processing 47 // and a destination IP address 48 private int mSpiResourceId = IpSecManager.INVALID_RESOURCE_ID; 49 50 // Encryption Algorithm 51 private IpSecAlgorithm mEncryption; 52 53 // Authentication Algorithm 54 private IpSecAlgorithm mAuthentication; 55 56 // Authenticated Encryption Algorithm 57 private IpSecAlgorithm mAuthenticatedEncryption; 58 59 // For tunnel mode IPv4 UDP Encapsulation 60 // IpSecTransform#ENCAP_ESP_*, such as ENCAP_ESP_OVER_UDP_IKE 61 private int mEncapType = IpSecTransform.ENCAP_NONE; 62 private int mEncapSocketResourceId = IpSecManager.INVALID_RESOURCE_ID; 63 private int mEncapRemotePort; 64 65 // An interval, in seconds between the NattKeepalive packets 66 private int mNattKeepaliveInterval; 67 68 // XFRM mark and mask 69 private int mMarkValue; 70 private int mMarkMask; 71 72 /** Set the mode for this IPsec transform */ setMode(int mode)73 public void setMode(int mode) { 74 mMode = mode; 75 } 76 77 /** Set the source IP addres for this IPsec transform */ setSourceAddress(String sourceAddress)78 public void setSourceAddress(String sourceAddress) { 79 mSourceAddress = sourceAddress; 80 } 81 82 /** Set the destination IP address for this IPsec transform */ setDestinationAddress(String destinationAddress)83 public void setDestinationAddress(String destinationAddress) { 84 mDestinationAddress = destinationAddress; 85 } 86 87 /** Set the SPI by resource ID */ setSpiResourceId(int resourceId)88 public void setSpiResourceId(int resourceId) { 89 mSpiResourceId = resourceId; 90 } 91 92 /** Set the encryption algorithm */ setEncryption(IpSecAlgorithm encryption)93 public void setEncryption(IpSecAlgorithm encryption) { 94 mEncryption = encryption; 95 } 96 97 /** Set the authentication algorithm */ setAuthentication(IpSecAlgorithm authentication)98 public void setAuthentication(IpSecAlgorithm authentication) { 99 mAuthentication = authentication; 100 } 101 102 /** Set the authenticated encryption algorithm */ setAuthenticatedEncryption(IpSecAlgorithm authenticatedEncryption)103 public void setAuthenticatedEncryption(IpSecAlgorithm authenticatedEncryption) { 104 mAuthenticatedEncryption = authenticatedEncryption; 105 } 106 107 /** Set the underlying network that will carry traffic for this transform */ setNetwork(Network network)108 public void setNetwork(Network network) { 109 mNetwork = network; 110 } 111 setEncapType(int encapType)112 public void setEncapType(int encapType) { 113 mEncapType = encapType; 114 } 115 setEncapSocketResourceId(int resourceId)116 public void setEncapSocketResourceId(int resourceId) { 117 mEncapSocketResourceId = resourceId; 118 } 119 setEncapRemotePort(int port)120 public void setEncapRemotePort(int port) { 121 mEncapRemotePort = port; 122 } 123 setNattKeepaliveInterval(int interval)124 public void setNattKeepaliveInterval(int interval) { 125 mNattKeepaliveInterval = interval; 126 } 127 setMarkValue(int mark)128 public void setMarkValue(int mark) { 129 mMarkValue = mark; 130 } 131 setMarkMask(int mask)132 public void setMarkMask(int mask) { 133 mMarkMask = mask; 134 } 135 136 // Transport or Tunnel getMode()137 public int getMode() { 138 return mMode; 139 } 140 getSourceAddress()141 public String getSourceAddress() { 142 return mSourceAddress; 143 } 144 getSpiResourceId()145 public int getSpiResourceId() { 146 return mSpiResourceId; 147 } 148 getDestinationAddress()149 public String getDestinationAddress() { 150 return mDestinationAddress; 151 } 152 getEncryption()153 public IpSecAlgorithm getEncryption() { 154 return mEncryption; 155 } 156 getAuthentication()157 public IpSecAlgorithm getAuthentication() { 158 return mAuthentication; 159 } 160 getAuthenticatedEncryption()161 public IpSecAlgorithm getAuthenticatedEncryption() { 162 return mAuthenticatedEncryption; 163 } 164 getNetwork()165 public Network getNetwork() { 166 return mNetwork; 167 } 168 getEncapType()169 public int getEncapType() { 170 return mEncapType; 171 } 172 getEncapSocketResourceId()173 public int getEncapSocketResourceId() { 174 return mEncapSocketResourceId; 175 } 176 getEncapRemotePort()177 public int getEncapRemotePort() { 178 return mEncapRemotePort; 179 } 180 getNattKeepaliveInterval()181 public int getNattKeepaliveInterval() { 182 return mNattKeepaliveInterval; 183 } 184 getMarkValue()185 public int getMarkValue() { 186 return mMarkValue; 187 } 188 getMarkMask()189 public int getMarkMask() { 190 return mMarkMask; 191 } 192 193 // Parcelable Methods 194 195 @Override describeContents()196 public int describeContents() { 197 return 0; 198 } 199 200 @Override writeToParcel(Parcel out, int flags)201 public void writeToParcel(Parcel out, int flags) { 202 out.writeInt(mMode); 203 out.writeString(mSourceAddress); 204 out.writeString(mDestinationAddress); 205 out.writeParcelable(mNetwork, flags); 206 out.writeInt(mSpiResourceId); 207 out.writeParcelable(mEncryption, flags); 208 out.writeParcelable(mAuthentication, flags); 209 out.writeParcelable(mAuthenticatedEncryption, flags); 210 out.writeInt(mEncapType); 211 out.writeInt(mEncapSocketResourceId); 212 out.writeInt(mEncapRemotePort); 213 out.writeInt(mNattKeepaliveInterval); 214 out.writeInt(mMarkValue); 215 out.writeInt(mMarkMask); 216 } 217 218 @VisibleForTesting IpSecConfig()219 public IpSecConfig() {} 220 221 /** Copy constructor */ 222 @VisibleForTesting IpSecConfig(IpSecConfig c)223 public IpSecConfig(IpSecConfig c) { 224 mMode = c.mMode; 225 mSourceAddress = c.mSourceAddress; 226 mDestinationAddress = c.mDestinationAddress; 227 mNetwork = c.mNetwork; 228 mSpiResourceId = c.mSpiResourceId; 229 mEncryption = c.mEncryption; 230 mAuthentication = c.mAuthentication; 231 mAuthenticatedEncryption = c.mAuthenticatedEncryption; 232 mEncapType = c.mEncapType; 233 mEncapSocketResourceId = c.mEncapSocketResourceId; 234 mEncapRemotePort = c.mEncapRemotePort; 235 mNattKeepaliveInterval = c.mNattKeepaliveInterval; 236 mMarkValue = c.mMarkValue; 237 mMarkMask = c.mMarkMask; 238 } 239 IpSecConfig(Parcel in)240 private IpSecConfig(Parcel in) { 241 mMode = in.readInt(); 242 mSourceAddress = in.readString(); 243 mDestinationAddress = in.readString(); 244 mNetwork = (Network) in.readParcelable(Network.class.getClassLoader()); 245 mSpiResourceId = in.readInt(); 246 mEncryption = 247 (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader()); 248 mAuthentication = 249 (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader()); 250 mAuthenticatedEncryption = 251 (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader()); 252 mEncapType = in.readInt(); 253 mEncapSocketResourceId = in.readInt(); 254 mEncapRemotePort = in.readInt(); 255 mNattKeepaliveInterval = in.readInt(); 256 mMarkValue = in.readInt(); 257 mMarkMask = in.readInt(); 258 } 259 260 @Override toString()261 public String toString() { 262 StringBuilder strBuilder = new StringBuilder(); 263 strBuilder 264 .append("{mMode=") 265 .append(mMode == IpSecTransform.MODE_TUNNEL ? "TUNNEL" : "TRANSPORT") 266 .append(", mSourceAddress=") 267 .append(mSourceAddress) 268 .append(", mDestinationAddress=") 269 .append(mDestinationAddress) 270 .append(", mNetwork=") 271 .append(mNetwork) 272 .append(", mEncapType=") 273 .append(mEncapType) 274 .append(", mEncapSocketResourceId=") 275 .append(mEncapSocketResourceId) 276 .append(", mEncapRemotePort=") 277 .append(mEncapRemotePort) 278 .append(", mNattKeepaliveInterval=") 279 .append(mNattKeepaliveInterval) 280 .append("{mSpiResourceId=") 281 .append(mSpiResourceId) 282 .append(", mEncryption=") 283 .append(mEncryption) 284 .append(", mAuthentication=") 285 .append(mAuthentication) 286 .append(", mAuthenticatedEncryption=") 287 .append(mAuthenticatedEncryption) 288 .append(", mMarkValue=") 289 .append(mMarkValue) 290 .append(", mMarkMask=") 291 .append(mMarkMask) 292 .append("}"); 293 294 return strBuilder.toString(); 295 } 296 297 public static final Parcelable.Creator<IpSecConfig> CREATOR = 298 new Parcelable.Creator<IpSecConfig>() { 299 public IpSecConfig createFromParcel(Parcel in) { 300 return new IpSecConfig(in); 301 } 302 303 public IpSecConfig[] newArray(int size) { 304 return new IpSecConfig[size]; 305 } 306 }; 307 308 @VisibleForTesting 309 /** Equals method used for testing */ equals(IpSecConfig lhs, IpSecConfig rhs)310 public static boolean equals(IpSecConfig lhs, IpSecConfig rhs) { 311 if (lhs == null || rhs == null) return (lhs == rhs); 312 return (lhs.mMode == rhs.mMode 313 && lhs.mSourceAddress.equals(rhs.mSourceAddress) 314 && lhs.mDestinationAddress.equals(rhs.mDestinationAddress) 315 && ((lhs.mNetwork != null && lhs.mNetwork.equals(rhs.mNetwork)) 316 || (lhs.mNetwork == rhs.mNetwork)) 317 && lhs.mEncapType == rhs.mEncapType 318 && lhs.mEncapSocketResourceId == rhs.mEncapSocketResourceId 319 && lhs.mEncapRemotePort == rhs.mEncapRemotePort 320 && lhs.mNattKeepaliveInterval == rhs.mNattKeepaliveInterval 321 && lhs.mSpiResourceId == rhs.mSpiResourceId 322 && IpSecAlgorithm.equals(lhs.mEncryption, rhs.mEncryption) 323 && IpSecAlgorithm.equals( 324 lhs.mAuthenticatedEncryption, rhs.mAuthenticatedEncryption) 325 && IpSecAlgorithm.equals(lhs.mAuthentication, rhs.mAuthentication) 326 && lhs.mMarkValue == rhs.mMarkValue 327 && lhs.mMarkMask == rhs.mMarkMask); 328 } 329 } 330