1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
/*
* Copyright (C) 2018 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.ike.ikev2.message;
import com.android.ike.ikev2.exceptions.IkeException;
import com.android.ike.ikev2.message.IkePayload.PayloadType;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
/**
* IkeSkPayload represents a Encrypted Payload.
*
* <p>It contains other payloads in encrypted form. It is must be the last payload in the message.
* It should be the only payload in this implementation.
*
* <p>Critical bit must be ignored when doing decoding.
*
* @see <a href="https://tools.ietf.org/html/rfc7296#page-105">RFC 7296, Internet Key Exchange
* Protocol Version 2 (IKEv2).
*/
public final class IkeSkPayload extends IkePayload {
private final IkeEncryptedPayloadBody mIkeEncryptedPayloadBody;
/**
* Construct an instance of IkeSkPayload from decrypting an incoming packet.
*
* @param critical indicates if it is a critical payload.
* @param message the byte array contains the whole IKE message.
* @param integrityMac the initialized Mac for integrity check.
* @param expectedChecksumLen the expected length of integrity checksum.
* @param decryptCipher the uninitialized Cipher for doing decryption.
* @param dKey the decryption key.
*/
IkeSkPayload(
boolean critical,
byte[] message,
Mac integrityMac,
int expectedChecksumLen,
Cipher decryptCipher,
SecretKey dKey)
throws IkeException, GeneralSecurityException {
super(PAYLOAD_TYPE_SK, critical);
mIkeEncryptedPayloadBody =
new IkeEncryptedPayloadBody(
message, integrityMac, expectedChecksumLen, decryptCipher, dKey);
}
/**
* Return unencrypted payload list
*
* @return unencrypted payload list in a byte array.
*/
public byte[] getUnencryptedPayloads() {
return mIkeEncryptedPayloadBody.getUnencryptedData();
}
// TODO: Add another constructor for AEAD protected payload.
/**
* Encode this payload to a ByteBuffer.
*
* @param nextPayload type of payload that follows this payload.
* @param byteBuffer destination ByteBuffer that stores encoded payload.
*/
@Override
protected void encodeToByteBuffer(@PayloadType int nextPayload, ByteBuffer byteBuffer) {
encodePayloadHeaderToByteBuffer(nextPayload, getPayloadLength(), byteBuffer);
byteBuffer.put(mIkeEncryptedPayloadBody.encode());
}
/**
* Get entire payload length.
*
* @return entire payload length.
*/
@Override
protected int getPayloadLength() {
return GENERIC_HEADER_LENGTH + mIkeEncryptedPayloadBody.getLength();
}
/**
* Return the payload type as a String.
*
* @return the payload type as a String.
*/
@Override
public String getTypeString() {
return "Encrypted and Authenticated Payload";
}
}
|
