The IpSecService Unit tests relied on the
directionality of the IpSecConfig and previously
did not specify a source address. Unit tests
updated without functional change other than to
address these two requirements.
Bug: 71717213
Test: runtest frameworks-net
Change-Id: Iedbed735bc50fd4fdfe985f9e173956062a7b0d1
Convert the IpSecTransform from being a bi-directional
pair of SAs to a unidirectional single SA. This CL
also removes the concept of "direction from SAs meaning
that a IpSecTransform may now be applied to a socket
in either direction.
-Make transforms unidirectional
-Add Convert allocateSpi() to use destination rather
than direction and remote address
-Remove directionality from builders for IpSecTransform
-Change applyTransportModeTransform() to take a
direction in which to apply the transform object.
-Additional minor naming updates
-Restrict IpSecConfig to only print keys on eng builds
-Move DIRECTION constants to IpSecManager
-Add sourceAddress parameter to IpSecTransform to provide
additional guarantees about the source address of data;
(explicit failure rather than implicit failure).
-Move SPI to the build() method of IpSecTransform
Bug: 71717213
Test: runtest frameworks-net, CTS - IpSecManagerTest
Change-Id: I0824b37f443f4b8c62536d9801238c63ed8f2a1c
Adds checks to ensure that users can only set the correct types of
algorithms for the Authentication, Encryption and Authenticated
Encryption algorithms.
Bug: 65223935
Test: Added tests in IpSecConfigTest, and passed on aosp_marlin-eng
Change-Id: I462c77d9eb5710b8d03a48866453649d3b6fc6bf
A race condition during an Api rename has caused
the name change from reserveSecurityParameterIndex
to allocateSecurityParameterIndex to be wrong in
a test. Fixing.
Bug: 69128142
Test: runtest frameworks-net
Change-Id: I12fb9832cb938dc19f463b1f1124127435d7b173
This is part 2 of 2 of the refcounting refactor for IpSecService
resources.
Switched ManagedResources to use RefcountedResource structure for
managing reference counts and eventual cleanup. Further, resource arrays
and quota management have been aggregated into a UserRecord for better
isolation. UID access checking has been similarly moved into the
UserRecordTracker, and resourceId checking has been rolled into
RefcountedResourceArray's accessor methods.
Bug: 63409385
Test: CTS, all unit tests run on aosp_marlin-eng, new tests added
Change-Id: Iee52dd1c9d2583bb6bfaf65be87569e9d50a5b63
Throughout the IPsec code (API, system server, netd) we use "reserve"
SPI and "allocate" SPI interchangeably. This renames to use "allocate"
everywhere for self-consistency and consistency with the kernel
(ALLOCSPI).
In javadoc, I am leaving the word "reserve" in several places because it
is still an accurate description of how the method behaves.
Bug: 69128142
Test: TreeHugger should be enough
Change-Id: I8ea603b4612303b0393beef04032671fa53d2106
Added notes that keymat length must include 32 bits of salt.
Bug: 68672051
Test: Frameworks-net unit tests & IpSecManager CTS tests run
Change-Id: I0ae0c5be8a45b2374783b3bd1fa8bf930f15e687
Replaced null with empty byte array in createTransportModeTransform
for null auth.getKey, crypt.getKey() and authCrypt.getKey()
Test: Ran CTS test
Bug: 68052730
Change-Id: I5110b1297b4bfbb5766e8ecfd3d64f8110b52945
Allows native AES-GCM-ESP to be used as an IPSec transport/tunnel mode
algorithm with kernel support
Bug: 63589918
Test: IPsecService tests added, existing ones pass
Change-Id: Ie1a9a902be205f269aa37bf956198f2e5b177c21
-Split IpSecServiceTest into parameterized
and single tests.
-Add IPv6 parameters
Bug: 66954381
Test: this
Change-Id: Ib98c112560014f73bccc3d2842c31d297c7a07ef
