Merge changes from topic "encap-api" into pi-dev

  public static final class IpSecManager.UdpEncapsulationSocket implements java.lang.AutoCloseable {

    method public void close() throws java.io.IOException;

    method public java.io.FileDescriptor getFileDescriptor();

    method public int getPort();

    method public java.io.FileDescriptor getSocket();

  }

  public final class IpSecTransform implements java.lang.AutoCloseable {

     * new applications and is provided for legacy compatibility with 3gpp infrastructure.</b>

     *

     * <p>Keys for this algorithm must be 128 bits in length.

     * <p>Valid truncation lengths are multiples of 8 bits from 96 to (default) 128.

     *

     * <p>Valid truncation lengths are multiples of 8 bits from 96 to 128.

     */

    public static final String AUTH_HMAC_MD5 = "hmac(md5)";

     * new applications and is provided for legacy compatibility with 3gpp infrastructure.</b>

     *

     * <p>Keys for this algorithm must be 160 bits in length.

     * <p>Valid truncation lengths are multiples of 8 bits from 96 to (default) 160.

     *

     * <p>Valid truncation lengths are multiples of 8 bits from 96 to 160.

     */

    public static final String AUTH_HMAC_SHA1 = "hmac(sha1)";

     * SHA256 HMAC Authentication/Integrity Algorithm.

     *

     * <p>Keys for this algorithm must be 256 bits in length.

     * <p>Valid truncation lengths are multiples of 8 bits from 96 to (default) 256.

     *

     * <p>Valid truncation lengths are multiples of 8 bits from 96 to 256.

     */

    public static final String AUTH_HMAC_SHA256 = "hmac(sha256)";

     * SHA384 HMAC Authentication/Integrity Algorithm.

     *

     * <p>Keys for this algorithm must be 384 bits in length.

     * <p>Valid truncation lengths are multiples of 8 bits from 192 to (default) 384.

     *

     * <p>Valid truncation lengths are multiples of 8 bits from 192 to 384.

     */

    public static final String AUTH_HMAC_SHA384 = "hmac(sha384)";

     * SHA512 HMAC Authentication/Integrity Algorithm.

     *

     * <p>Keys for this algorithm must be 512 bits in length.

     * <p>Valid truncation lengths are multiples of 8 bits from 256 to (default) 512.

     *

     * <p>Valid truncation lengths are multiples of 8 bits from 256 to 512.

     */

    public static final String AUTH_HMAC_SHA512 = "hmac(sha512)";

        AUTH_HMAC_MD5,

        AUTH_HMAC_SHA1,

        AUTH_HMAC_SHA256,

        AUTH_HMAC_SHA384,

        AUTH_HMAC_SHA512,

        AUTH_CRYPT_AES_GCM

    })

     * Creates an IpSecAlgorithm of one of the supported types. Supported algorithm names are

     * defined as constants in this class.

     *

     * <p>For algorithms that produce an integrity check value, the truncation length is a required

     * parameter. See {@link #IpSecAlgorithm(String algorithm, byte[] key, int truncLenBits)}

     *

     * @param algorithm name of the algorithm.

     * @param key key padded to a multiple of 8 bits.

     */

    public IpSecAlgorithm(@NonNull @AlgorithmName String algorithm, @NonNull byte[] key) {

        this(algorithm, key, key.length * 8);

        this(algorithm, key, 0);

    }

    /**

            case AUTH_CRYPT_AES_GCM:

                // The keying material for GCM is a key plus a 32-bit salt

                isValidLen = keyLen == 128 + 32 || keyLen == 192 + 32 || keyLen == 256 + 32;

                isValidTruncLen = truncLen == 64 || truncLen == 96 || truncLen == 128;

                break;

            default:

                throw new IllegalArgumentException("Couldn't find an algorithm: " + name);

     * signalling and UDP encapsulated IPsec traffic. Instances can be obtained by calling {@link

     * IpSecManager#openUdpEncapsulationSocket}. The provided socket cannot be re-bound by the

     * caller. The caller should not close the {@code FileDescriptor} returned by {@link

     * #getSocket}, but should use {@link #close} instead.

     * #getFileDescriptor}, but should use {@link #close} instead.

     *

     * <p>Allowing the user to close or unbind a UDP encapsulation socket could impact the traffic

     * of the next user who binds to that port. To prevent this scenario, these sockets are held

            mCloseGuard.open("constructor");

        }

        /** Get the wrapped socket. */

        public FileDescriptor getSocket() {

        /** Get the encapsulation socket's file descriptor. */

        public FileDescriptor getFileDescriptor() {

            if (mPfd == null) {

                return null;

            }

            return mPort;

        }

        public FileDescriptor getSocket() {

        public FileDescriptor getFileDescriptor() {

            return mSocket;

        }

import android.os.Parcel;

import android.support.test.filters.SmallTest;

import android.support.test.runner.AndroidJUnit4;

import java.util.AbstractMap.SimpleEntry;

import java.util.Arrays;

import java.util.Map.Entry;

import java.util.Random;

import org.junit.Test;

import org.junit.runner.RunWith;

    };

    @Test

    public void testDefaultTruncLen() throws Exception {

        IpSecAlgorithm explicit =

                new IpSecAlgorithm(

                        IpSecAlgorithm.AUTH_HMAC_SHA256, Arrays.copyOf(KEY_MATERIAL, 256 / 8), 256);

        IpSecAlgorithm implicit =

    public void testNoTruncLen() throws Exception {

        Entry<String, Integer>[] authAndAeadList =

                new Entry[] {

                    new SimpleEntry<>(IpSecAlgorithm.AUTH_HMAC_MD5, 128),

                    new SimpleEntry<>(IpSecAlgorithm.AUTH_HMAC_SHA1, 160),

                    new SimpleEntry<>(IpSecAlgorithm.AUTH_HMAC_SHA256, 256),

                    new SimpleEntry<>(IpSecAlgorithm.AUTH_HMAC_SHA384, 384),

                    new SimpleEntry<>(IpSecAlgorithm.AUTH_HMAC_SHA512, 512),

                    new SimpleEntry<>(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, 224)

                };

        // Expect auth and aead algorithms to throw errors if trunclen is omitted.

        for (Entry<String, Integer> algData : authAndAeadList) {

            try {

                new IpSecAlgorithm(

                        IpSecAlgorithm.AUTH_HMAC_SHA256, Arrays.copyOf(KEY_MATERIAL, 256 / 8));

        assertTrue(

                "Default Truncation Length Incorrect, Explicit: "

                        + explicit

                        + "implicit: "

                        + implicit,

                IpSecAlgorithm.equals(explicit, implicit));

                        algData.getKey(), Arrays.copyOf(KEY_MATERIAL, algData.getValue() / 8));

                fail("Expected exception on unprovided auth trunclen");

            } catch (IllegalArgumentException expected) {

            }

        }

        // Ensure crypt works with no truncation length supplied.

        new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, Arrays.copyOf(KEY_MATERIAL, 256 / 8));

    }

    @Test