diff options
author | evitayan <evitayan@google.com> | 2019-02-26 18:12:19 -0800 |
---|---|---|
committer | evitayan <evitayan@google.com> | 2019-03-21 17:11:07 -0700 |
commit | bb26e19d0cb1e9eb7cbb9a68a08e59fb9cb37f71 (patch) | |
tree | c5349d26d586d006706049e20e08f68a672dc433 /src/java/com/android/ike/ikev2/message/IkeSkPayload.java | |
parent | 90d2ba05c974bc636014523d23a28c9acf4164c5 (diff) | |
download | ike-bb26e19d0cb1e9eb7cbb9a68a08e59fb9cb37f71.tar.gz |
Support encrypting outbound message with SK Payload
This commit:
- Add a construtor in IkeSkPayload for building outbound
IkeSkPayload
- Add an interface in IkeMessage for encrypt outbound message
- Move decryption-related tests from IkeSkPayloadTest to
IkeEncryptedPayloadBodyTest
Bug: 122555731
Test: FrameworksIkeTests IkeEncryptedPayloadBodyTest
Change-Id: I9f105f5ccb0bce68a4b8e0b5d7cdd58a5b39521d
Diffstat (limited to 'src/java/com/android/ike/ikev2/message/IkeSkPayload.java')
-rw-r--r-- | src/java/com/android/ike/ikev2/message/IkeSkPayload.java | 39 |
1 files changed, 35 insertions, 4 deletions
diff --git a/src/java/com/android/ike/ikev2/message/IkeSkPayload.java b/src/java/com/android/ike/ikev2/message/IkeSkPayload.java index 6a89a6aa..d753ee83 100644 --- a/src/java/com/android/ike/ikev2/message/IkeSkPayload.java +++ b/src/java/com/android/ike/ikev2/message/IkeSkPayload.java @@ -17,7 +17,6 @@ package com.android.ike.ikev2.message; import com.android.ike.ikev2.exceptions.IkeException; -import com.android.ike.ikev2.message.IkePayload.PayloadType; import java.nio.ByteBuffer; import java.security.GeneralSecurityException; @@ -47,7 +46,7 @@ public final class IkeSkPayload extends IkePayload { * @param critical indicates if it is a critical payload. * @param message the byte array contains the whole IKE message. * @param integrityMac the initialized Mac for integrity check. - * @param expectedChecksumLen the expected length of integrity checksum. + * @param checksumLen the checksum length of negotiated integrity algorithm. * @param decryptCipher the uninitialized Cipher for doing decryption. * @param dKey the decryption key. */ @@ -55,7 +54,7 @@ public final class IkeSkPayload extends IkePayload { boolean critical, byte[] message, Mac integrityMac, - int expectedChecksumLen, + int checksumLen, Cipher decryptCipher, SecretKey dKey) throws IkeException, GeneralSecurityException { @@ -63,7 +62,39 @@ public final class IkeSkPayload extends IkePayload { mIkeEncryptedPayloadBody = new IkeEncryptedPayloadBody( - message, integrityMac, expectedChecksumLen, decryptCipher, dKey); + message, integrityMac, checksumLen, decryptCipher, dKey); + } + + /** + * Construct an instance of IkeSkPayload for building outbound packet. + * + * @param ikeHeader the IKE header. + * @param firstPayloadType the type of first payload nested in SkPayload. + * @param unencryptedPayloads the encoded payload list to protect. + * @param integrityMac the initialized Mac for calculating integrity checksum + * @param checksumLen the checksum length of negotiated integrity algorithm. + * @param encryptCipher the uninitialized Cipher for doing encryption. + * @param eKey the encryption key. + */ + IkeSkPayload( + IkeHeader ikeHeader, + @PayloadType int firstPayloadType, + byte[] unencryptedPayloads, + Mac integrityMac, + int checksumLen, + Cipher encryptCipher, + SecretKey eKey) { + super(PAYLOAD_TYPE_SK, false); + + mIkeEncryptedPayloadBody = + new IkeEncryptedPayloadBody( + ikeHeader, + firstPayloadType, + unencryptedPayloads, + integrityMac, + checksumLen, + encryptCipher, + eKey); } /** |