Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / be65b43c37ebe876201269fd7a2c9213878f7534^! / . / server / XfrmController.h
commitbe65b43c37ebe876201269fd7a2c9213878f7534[log] [tgz]
authorBenedict Wong <benedictwong@google.com>Tue Aug 22 21:43:14 2017 -0700
committerBenedict Wong <benedictwong@google.com>Thu Oct 12 17:36:18 2017 -0700
treee0baca9d60adee3a43eaca59bc149e38fac59942
parentab8f5b8418aad51b8b01e3d9404554fdfb93fdc0 [diff] [blame]
Add support for AES-GCM-ESP as an IPSec algorithm

Allows native AES-GCM-ESP to be used as an IPSec transport/tunnel mode
algorithm with kernel support

Bug: 63589918
Test: IPsecService tests added, existing ones pass
Change-Id: I9f742027730f6affabb0667300f6d0d65983410c

diff --git a/server/XfrmController.h b/server/XfrmController.h
index de9ebe3..eb43671 100644
--- a/server/XfrmController.h
+++ b/server/XfrmController.h

@@ -39,6 +39,8 @@
 // Exposed for testing
 extern const uint32_t ALGO_MASK_CRYPT_ALL;
 // Exposed for testing
+extern const uint32_t ALGO_MASK_AEAD_ALL;
+// Exposed for testing
 extern const uint8_t REPLAY_WINDOW_SIZE;
 
 // Suggest we avoid the smallest and largest ints
@@ -110,6 +112,7 @@
 struct XfrmSaInfo : XfrmSaId {
     XfrmAlgo auth;
     XfrmAlgo crypt;
+    XfrmAlgo aead;
     int netId;
     XfrmMode mode;
     XfrmEncap encap;
@@ -129,6 +132,7 @@
         const std::string& remoteAddress, int64_t underlyingNetworkHandle, int32_t spi,
         const std::string& authAlgo, const std::vector<uint8_t>& authKey, int32_t authTruncBits,
         const std::string& cryptAlgo, const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits,
+        const std::string& aeadAlgo, const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits,
         int32_t encapType, int32_t encapLocalPort, int32_t encapRemotePort);
 
     netdutils::Status ipSecDeleteSecurityAssociation(int32_t transformId, int32_t direction,
@@ -170,6 +174,13 @@
 
     // Container for the content of an XFRMA_TMPL netlink attribute.
     // Exposed for testing
+    struct nlattr_algo_aead {
+        nlattr hdr;
+        xfrm_algo_aead aead;
+        uint8_t key[MAX_ALGO_LENGTH];
+    };
+
+    // Exposed for testing
     struct nlattr_user_tmpl {
         nlattr hdr;
         xfrm_user_tmpl tmpl;
@@ -242,6 +253,7 @@
     // Shared between Transport and Tunnel Mode
     static int fillNlAttrXfrmAlgoEnc(const XfrmAlgo& in_algo, nlattr_algo_crypt* algo);
     static int fillNlAttrXfrmAlgoAuth(const XfrmAlgo& in_algo, nlattr_algo_auth* algo);
+    static int fillNlAttrXfrmAlgoAead(const XfrmAlgo& in_algo, nlattr_algo_aead* algo);
     static int fillNlAttrXfrmEncapTmpl(const XfrmSaInfo& record, nlattr_encap_tmpl* tmpl);
 
     // Functions for Creating a Transport Mode SA