/* * Copyright (C) 2018 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.android.internal.net.ipsec.ike.message; import android.annotation.Nullable; import android.net.ipsec.ike.exceptions.IkeProtocolException; import com.android.internal.annotations.VisibleForTesting; import com.android.internal.net.ipsec.ike.crypto.IkeCipher; import com.android.internal.net.ipsec.ike.crypto.IkeMacIntegrity; import java.nio.ByteBuffer; import java.security.GeneralSecurityException; /** * IkeSkPayload represents the common information of an Encrypted and Authenticated Payload and an * Encrypted and Authenticated Fragment Payload. * *

It contains other payloads in encrypted form. It is must be the last payload in the message. * It should be the only payload in this implementation. * *

Critical bit must be ignored when doing decoding. * * @see RFC 7296, Internet Key Exchange * Protocol Version 2 (IKEv2) */ public class IkeSkPayload extends IkePayload { protected final IkeEncryptedPayloadBody mIkeEncryptedPayloadBody; /** * Construct an instance of IkeSkPayload from decrypting an incoming packet. * * @param critical indicates if it is a critical payload. * @param message the byte array contains the whole IKE message. * @param integrityMac the negotiated integrity algorithm. * @param decryptCipher the negotiated encryption algorithm. * @param integrityKey the negotiated integrity algorithm key. * @param decryptionKey the negotiated decryption key. */ @VisibleForTesting IkeSkPayload( boolean critical, byte[] message, @Nullable IkeMacIntegrity integrityMac, IkeCipher decryptCipher, byte[] integrityKey, byte[] decryptionKey) throws IkeProtocolException, GeneralSecurityException { this( false /*isSkf*/, critical, IkeHeader.IKE_HEADER_LENGTH + GENERIC_HEADER_LENGTH, message, integrityMac, decryptCipher, integrityKey, decryptionKey); } /** Construct an instance of IkeSkPayload for testing.*/ @VisibleForTesting IkeSkPayload(boolean isSkf, IkeEncryptedPayloadBody encryptedPayloadBody) { super(isSkf ? PAYLOAD_TYPE_SKF : PAYLOAD_TYPE_SK, false/*critical*/); mIkeEncryptedPayloadBody = encryptedPayloadBody; } /** Construct an instance of IkeSkPayload from decrypting an incoming packet. */ protected IkeSkPayload( boolean isSkf, boolean critical, int encryptedBodyOffset, byte[] message, @Nullable IkeMacIntegrity integrityMac, IkeCipher decryptCipher, byte[] integrityKey, byte[] decryptionKey) throws IkeProtocolException, GeneralSecurityException { super(isSkf ? PAYLOAD_TYPE_SKF : PAYLOAD_TYPE_SK, critical); // TODO: Support constructing IkeEncryptedPayloadBody using AEAD. mIkeEncryptedPayloadBody = new IkeEncryptedPayloadBody( message, encryptedBodyOffset, integrityMac, decryptCipher, integrityKey, decryptionKey); } /** * Construct an instance of IkeSkPayload for building outbound packet. * * @param ikeHeader the IKE header. * @param firstPayloadType the type of first payload nested in SkPayload. * @param unencryptedPayloads the encoded payload list to protect. * @param integrityMac the negotiated integrity algorithm. * @param encryptCipher the negotiated encryption algorithm. * @param integrityKey the negotiated integrity algorithm key. * @param encryptionKey the negotiated encryption key. */ @VisibleForTesting IkeSkPayload( IkeHeader ikeHeader, @PayloadType int firstPayloadType, byte[] unencryptedPayloads, @Nullable IkeMacIntegrity integrityMac, IkeCipher encryptCipher, byte[] integrityKey, byte[] encryptionKey) { this( ikeHeader, firstPayloadType, new byte[0] /*skfHeaderBytes*/, unencryptedPayloads, integrityMac, encryptCipher, integrityKey, encryptionKey); } /** Construct an instance of IkeSkPayload for building outbound packet. */ @VisibleForTesting protected IkeSkPayload( IkeHeader ikeHeader, @PayloadType int firstPayloadType, byte[] skfHeaderBytes, byte[] unencryptedPayloads, @Nullable IkeMacIntegrity integrityMac, IkeCipher encryptCipher, byte[] integrityKey, byte[] encryptionKey) { super(skfHeaderBytes.length == 0 ? PAYLOAD_TYPE_SK : PAYLOAD_TYPE_SKF, false); // TODO: Support constructing IkeEncryptedPayloadBody using AEAD. mIkeEncryptedPayloadBody = new IkeEncryptedPayloadBody( ikeHeader, firstPayloadType, skfHeaderBytes, unencryptedPayloads, integrityMac, encryptCipher, integrityKey, encryptionKey); } /** * Return unencrypted data. * * @return unencrypted data in a byte array. */ public byte[] getUnencryptedData() { return mIkeEncryptedPayloadBody.getUnencryptedData(); } /** * Encode this payload to a ByteBuffer. * * @param nextPayload type of payload that follows this payload. * @param byteBuffer destination ByteBuffer that stores encoded payload. */ @Override protected void encodeToByteBuffer(@PayloadType int nextPayload, ByteBuffer byteBuffer) { encodePayloadHeaderToByteBuffer(nextPayload, getPayloadLength(), byteBuffer); byteBuffer.put(mIkeEncryptedPayloadBody.encode()); } /** * Get entire payload length. * * @return entire payload length. */ @Override protected int getPayloadLength() { return GENERIC_HEADER_LENGTH + mIkeEncryptedPayloadBody.getLength(); } /** * Return the payload type as a String. * * @return the payload type as a String. */ @Override public String getTypeString() { return "SK"; } }