Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 93612830 authored by Nathan Harold's avatar Nathan Harold Committed by Android (Google) Code Review
Browse files

Merge changes from topic 'ipsec-api-tweaks-merge' into oc-dev 

* changes:
  Add FileDescriptor Versions of applyTransportModeTransform()
  IpSecManager and IpSecAlgorithm API Tweaks
parents d210ce63 09098dc4

api/current.txt

+9 −6
Original line number Diff line number Diff line
@@ -25521,22 +25521,25 @@ package android.net { 
    method public java.lang.String getName();

    method public int getTruncationLengthBits();

    method public void writeToParcel(android.os.Parcel, int);

    field public static final java.lang.String ALGO_AUTH_HMAC_MD5 = "hmac(md5)";

    field public static final java.lang.String ALGO_AUTH_HMAC_SHA1 = "hmac(sha1)";

    field public static final java.lang.String ALGO_AUTH_HMAC_SHA256 = "hmac(sha256)";

    field public static final java.lang.String ALGO_AUTH_HMAC_SHA384 = "hmac(sha384)";

    field public static final java.lang.String ALGO_AUTH_HMAC_SHA512 = "hmac(sha512)";

    field public static final java.lang.String ALGO_CRYPT_AES_CBC = "cbc(aes)";

    field public static final java.lang.String AUTH_HMAC_MD5 = "hmac(md5)";

    field public static final java.lang.String AUTH_HMAC_SHA1 = "hmac(sha1)";

    field public static final java.lang.String AUTH_HMAC_SHA256 = "hmac(sha256)";

    field public static final java.lang.String AUTH_HMAC_SHA384 = "hmac(sha384)";

    field public static final java.lang.String AUTH_HMAC_SHA512 = "hmac(sha512)";

    field public static final android.os.Parcelable.Creator<android.net.IpSecAlgorithm> CREATOR;

    field public static final java.lang.String CRYPT_AES_CBC = "cbc(aes)";

  }















  public final class IpSecManager {















    method public void applyTransportModeTransform(java.net.Socket, android.net.IpSecTransform) throws java.io.IOException;















    method public void applyTransportModeTransform(java.net.DatagramSocket, android.net.IpSecTransform) throws java.io.IOException;













    method public void applyTransportModeTransform(java.io.FileDescriptor, android.net.IpSecTransform) throws java.io.IOException;















    method public android.net.IpSecManager.UdpEncapsulationSocket openUdpEncapsulationSocket(int) throws java.io.IOException, android.net.IpSecManager.ResourceUnavailableException;















    method public android.net.IpSecManager.UdpEncapsulationSocket openUdpEncapsulationSocket() throws java.io.IOException, android.net.IpSecManager.ResourceUnavailableException;















    method public void removeTransportModeTransform(java.net.Socket, android.net.IpSecTransform);















    method public void removeTransportModeTransform(java.net.DatagramSocket, android.net.IpSecTransform);













    method public void removeTransportModeTransform(java.io.FileDescriptor, android.net.IpSecTransform);













    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress) throws android.net.IpSecManager.ResourceUnavailableException;















    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress, int) throws android.net.IpSecManager.ResourceUnavailableException, android.net.IpSecManager.SpiUnavailableException;















    field public static final int INVALID_SECURITY_PARAMETER_INDEX = 0; // 0x0















  }

























api/system-current.txt



+9
−6




























Original line number
Diff line number
Diff line








@@ -27706,22 +27706,25 @@ package android.net {













    method public java.lang.String getName();















    method public int getTruncationLengthBits();















    method public void writeToParcel(android.os.Parcel, int);













    field public static final java.lang.String ALGO_AUTH_HMAC_MD5 = "hmac(md5)";













    field public static final java.lang.String ALGO_AUTH_HMAC_SHA1 = "hmac(sha1)";













    field public static final java.lang.String ALGO_AUTH_HMAC_SHA256 = "hmac(sha256)";













    field public static final java.lang.String ALGO_AUTH_HMAC_SHA384 = "hmac(sha384)";













    field public static final java.lang.String ALGO_AUTH_HMAC_SHA512 = "hmac(sha512)";













    field public static final java.lang.String ALGO_CRYPT_AES_CBC = "cbc(aes)";













    field public static final java.lang.String AUTH_HMAC_MD5 = "hmac(md5)";













    field public static final java.lang.String AUTH_HMAC_SHA1 = "hmac(sha1)";













    field public static final java.lang.String AUTH_HMAC_SHA256 = "hmac(sha256)";













    field public static final java.lang.String AUTH_HMAC_SHA384 = "hmac(sha384)";













    field public static final java.lang.String AUTH_HMAC_SHA512 = "hmac(sha512)";















    field public static final android.os.Parcelable.Creator<android.net.IpSecAlgorithm> CREATOR;













    field public static final java.lang.String CRYPT_AES_CBC = "cbc(aes)";















  }





























  public final class IpSecManager {















    method public void applyTransportModeTransform(java.net.Socket, android.net.IpSecTransform) throws java.io.IOException;















    method public void applyTransportModeTransform(java.net.DatagramSocket, android.net.IpSecTransform) throws java.io.IOException;













    method public void applyTransportModeTransform(java.io.FileDescriptor, android.net.IpSecTransform) throws java.io.IOException;















    method public android.net.IpSecManager.UdpEncapsulationSocket openUdpEncapsulationSocket(int) throws java.io.IOException, android.net.IpSecManager.ResourceUnavailableException;















    method public android.net.IpSecManager.UdpEncapsulationSocket openUdpEncapsulationSocket() throws java.io.IOException, android.net.IpSecManager.ResourceUnavailableException;















    method public void removeTransportModeTransform(java.net.Socket, android.net.IpSecTransform);















    method public void removeTransportModeTransform(java.net.DatagramSocket, android.net.IpSecTransform);













    method public void removeTransportModeTransform(java.io.FileDescriptor, android.net.IpSecTransform);













    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress) throws android.net.IpSecManager.ResourceUnavailableException;















    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress, int) throws android.net.IpSecManager.ResourceUnavailableException, android.net.IpSecManager.SpiUnavailableException;















    field public static final int INVALID_SECURITY_PARAMETER_INDEX = 0; // 0x0















  }

























api/test-current.txt



+9
−6




























Original line number
Diff line number
Diff line








@@ -25628,22 +25628,25 @@ package android.net {













    method public java.lang.String getName();















    method public int getTruncationLengthBits();















    method public void writeToParcel(android.os.Parcel, int);













    field public static final java.lang.String ALGO_AUTH_HMAC_MD5 = "hmac(md5)";













    field public static final java.lang.String ALGO_AUTH_HMAC_SHA1 = "hmac(sha1)";













    field public static final java.lang.String ALGO_AUTH_HMAC_SHA256 = "hmac(sha256)";













    field public static final java.lang.String ALGO_AUTH_HMAC_SHA384 = "hmac(sha384)";













    field public static final java.lang.String ALGO_AUTH_HMAC_SHA512 = "hmac(sha512)";













    field public static final java.lang.String ALGO_CRYPT_AES_CBC = "cbc(aes)";













    field public static final java.lang.String AUTH_HMAC_MD5 = "hmac(md5)";













    field public static final java.lang.String AUTH_HMAC_SHA1 = "hmac(sha1)";













    field public static final java.lang.String AUTH_HMAC_SHA256 = "hmac(sha256)";













    field public static final java.lang.String AUTH_HMAC_SHA384 = "hmac(sha384)";













    field public static final java.lang.String AUTH_HMAC_SHA512 = "hmac(sha512)";















    field public static final android.os.Parcelable.Creator<android.net.IpSecAlgorithm> CREATOR;













    field public static final java.lang.String CRYPT_AES_CBC = "cbc(aes)";















  }





























  public final class IpSecManager {















    method public void applyTransportModeTransform(java.net.Socket, android.net.IpSecTransform) throws java.io.IOException;















    method public void applyTransportModeTransform(java.net.DatagramSocket, android.net.IpSecTransform) throws java.io.IOException;













    method public void applyTransportModeTransform(java.io.FileDescriptor, android.net.IpSecTransform) throws java.io.IOException;















    method public android.net.IpSecManager.UdpEncapsulationSocket openUdpEncapsulationSocket(int) throws java.io.IOException, android.net.IpSecManager.ResourceUnavailableException;















    method public android.net.IpSecManager.UdpEncapsulationSocket openUdpEncapsulationSocket() throws java.io.IOException, android.net.IpSecManager.ResourceUnavailableException;















    method public void removeTransportModeTransform(java.net.Socket, android.net.IpSecTransform);















    method public void removeTransportModeTransform(java.net.DatagramSocket, android.net.IpSecTransform);













    method public void removeTransportModeTransform(java.io.FileDescriptor, android.net.IpSecTransform);













    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress) throws android.net.IpSecManager.ResourceUnavailableException;















    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress, int) throws android.net.IpSecManager.ResourceUnavailableException, android.net.IpSecManager.SpiUnavailableException;















    field public static final int INVALID_SECURITY_PARAMETER_INDEX = 0; // 0x0















  }

























core/java/android/net/IpSecAlgorithm.java



+17
−17




























Original line number
Diff line number
Diff line








@@ -32,7 +32,7 @@ public final class IpSecAlgorithm implements Parcelable {













     *















     * <p>Valid lengths for this key are {128, 192, 256}.















     */













    public static final String ALGO_CRYPT_AES_CBC = "cbc(aes)";













    public static final String CRYPT_AES_CBC = "cbc(aes)";































    /**















     * MD5 HMAC Authentication/Integrity Algorithm. This algorithm is not recommended for use in new









@@ -40,7 +40,7 @@ public final class IpSecAlgorithm implements Parcelable {













     *















     * <p>Valid truncation lengths are multiples of 8 bits from 96 to (default) 128.















     */













    public static final String ALGO_AUTH_HMAC_MD5 = "hmac(md5)";













    public static final String AUTH_HMAC_MD5 = "hmac(md5)";































    /**















     * SHA1 HMAC Authentication/Integrity Algorithm. This algorithm is not recommended for use in









@@ -48,35 +48,35 @@ public final class IpSecAlgorithm implements Parcelable {













     *















     * <p>Valid truncation lengths are multiples of 8 bits from 96 to (default) 160.















     */













    public static final String ALGO_AUTH_HMAC_SHA1 = "hmac(sha1)";













    public static final String AUTH_HMAC_SHA1 = "hmac(sha1)";































    /**















     * SHA256 HMAC Authentication/Integrity Algorithm.















     *















     * <p>Valid truncation lengths are multiples of 8 bits from 96 to (default) 256.















     */













    public static final String ALGO_AUTH_HMAC_SHA256 = "hmac(sha256)";













    public static final String AUTH_HMAC_SHA256 = "hmac(sha256)";































    /**















     * SHA384 HMAC Authentication/Integrity Algorithm.















     *















     * <p>Valid truncation lengths are multiples of 8 bits from 192 to (default) 384.















     */













    public static final String ALGO_AUTH_HMAC_SHA384 = "hmac(sha384)";













    public static final String AUTH_HMAC_SHA384 = "hmac(sha384)";















    /**















     * SHA512 HMAC Authentication/Integrity Algorithm















     *















     * <p>Valid truncation lengths are multiples of 8 bits from 256 to (default) 512.















     */













    public static final String ALGO_AUTH_HMAC_SHA512 = "hmac(sha512)";













    public static final String AUTH_HMAC_SHA512 = "hmac(sha512)";































    /** @hide */















    @StringDef({













        ALGO_CRYPT_AES_CBC,













        ALGO_AUTH_HMAC_MD5,













        ALGO_AUTH_HMAC_SHA1,













        ALGO_AUTH_HMAC_SHA256,













        ALGO_AUTH_HMAC_SHA512













        CRYPT_AES_CBC,













        AUTH_HMAC_MD5,













        AUTH_HMAC_SHA1,













        AUTH_HMAC_SHA256,













        AUTH_HMAC_SHA512















    })















    @Retention(RetentionPolicy.SOURCE)















    public @interface AlgorithmName {}










@@ -164,17 +164,17 @@ public final class IpSecAlgorithm implements Parcelable {





























    private static boolean isTruncationLengthValid(String algo, int truncLenBits) {















        switch (algo) {













            case ALGO_CRYPT_AES_CBC:













            case CRYPT_AES_CBC:















                return (truncLenBits == 128 || truncLenBits == 192 || truncLenBits == 256);













            case ALGO_AUTH_HMAC_MD5:













            case AUTH_HMAC_MD5:















                return (truncLenBits >= 96 && truncLenBits <= 128);













            case ALGO_AUTH_HMAC_SHA1:













            case AUTH_HMAC_SHA1:















                return (truncLenBits >= 96 && truncLenBits <= 160);













            case ALGO_AUTH_HMAC_SHA256:













            case AUTH_HMAC_SHA256:















                return (truncLenBits >= 96 && truncLenBits <= 256);













            case ALGO_AUTH_HMAC_SHA384:













            case AUTH_HMAC_SHA384:















                return (truncLenBits >= 192 && truncLenBits <= 384);













            case ALGO_AUTH_HMAC_SHA512:













            case AUTH_HMAC_SHA512:















                return (truncLenBits >= 256 && truncLenBits <= 512);















            default:















                return false;

































core/java/android/net/IpSecManager.java



+61
−1




























Original line number
Diff line number
Diff line








@@ -193,15 +193,44 @@ public final class IpSecManager {













     *















     * @param direction {@link IpSecTransform#DIRECTION_IN} or {@link IpSecTransform#DIRECTION_OUT}















     * @param remoteAddress address of the remote. SPIs must be unique for each remoteAddress.













     * @param requestedSpi the requested SPI, or '0' to allocate a random SPI.















     * @return the reserved SecurityParameterIndex















     * @throws ResourceUnavailableException indicating that too many SPIs are currently allocated















     *     for this user















     * @throws SpiUnavailableException indicating that a particular SPI cannot be reserved















     */













    public SecurityParameterIndex reserveSecurityParameterIndex(













            int direction, InetAddress remoteAddress)













            throws ResourceUnavailableException {













        try {













            return new SecurityParameterIndex(













                    mService,













                    direction,













                    remoteAddress,













                    IpSecManager.INVALID_SECURITY_PARAMETER_INDEX);













        } catch (SpiUnavailableException unlikely) {













            throw new ResourceUnavailableException("No SPIs available");













        }













    }



























    /**













     * Reserve an SPI for traffic bound towards the specified remote address.













     *













     * <p>If successful, this SPI is guaranteed available until released by a call to {@link













     * SecurityParameterIndex#close()}.













     *













     * @param direction {@link IpSecTransform#DIRECTION_IN} or {@link IpSecTransform#DIRECTION_OUT}













     * @param remoteAddress address of the remote. SPIs must be unique for each remoteAddress.













     * @param requestedSpi the requested SPI, or '0' to allocate a random SPI.













     * @return the reserved SecurityParameterIndex













     * @throws ResourceUnavailableException indicating that too many SPIs are currently allocated













     *     for this user













     */















    public SecurityParameterIndex reserveSecurityParameterIndex(















            int direction, InetAddress remoteAddress, int requestedSpi)















            throws SpiUnavailableException, ResourceUnavailableException {













        if (requestedSpi == IpSecManager.INVALID_SECURITY_PARAMETER_INDEX) {













            throw new IllegalArgumentException("Requested SPI must be a valid (non-zero) SPI");













        }















        return new SecurityParameterIndex(mService, direction, remoteAddress, requestedSpi);















    }


























@@ -248,6 +277,23 @@ public final class IpSecManager {













        }















    }





























    /**













     * Apply an active Transport Mode IPsec Transform to a stream socket to perform IPsec













     * encapsulation of the traffic flowing between the socket and the remote InetAddress of that













     * transform. For security reasons, attempts to send traffic to any IP address other than the













     * address associated with that transform will throw an IOException. In addition, if the













     * IpSecTransform is later deactivated, the socket will throw an IOException on any calls to













     * send() or receive() until the transform is removed from the socket by calling {@link













     * #removeTransportModeTransform(Socket, IpSecTransform)};













     *













     * @param socket a socket file descriptor













     * @param transform an {@link IpSecTransform}, which must be an active Transport Mode transform.













     */













    public void applyTransportModeTransform(FileDescriptor socket, IpSecTransform transform)













            throws IOException {













        applyTransportModeTransform(new ParcelFileDescriptor(socket), transform);













    }





























    /**















     * Apply an active Tunnel Mode IPsec Transform to a network, which will tunnel all traffic to















     * and from that network's interface with IPsec (applies an outer IP header and IPsec Header to










@@ -289,6 +335,20 @@ public final class IpSecManager {













        removeTransportModeTransform(ParcelFileDescriptor.fromDatagramSocket(socket), transform);















    }





























    /**













     * Remove a transform from a given stream socket. Once removed, traffic on the socket will not













     * be encypted. This allows sockets that have been used for IPsec to be reclaimed for













     * communication in the clear in the event socket reuse is desired. This operation will succeed













     * regardless of the underlying state of a transform. If a transform is removed, communication













     * on all sockets to which that transform was applied will fail until this method is called.













     *













     * @param socket a socket file descriptor that previously had a transform applied to it.













     * @param transform the IPsec Transform that was previously applied to the given socket













     */













    public void removeTransportModeTransform(FileDescriptor socket, IpSecTransform transform) {













        removeTransportModeTransform(new ParcelFileDescriptor(socket), transform);













    }





























    /* Call down to activate a transform */















    private void removeTransportModeTransform(ParcelFileDescriptor pfd, IpSecTransform transform) {















        try {