IpSecManager and IpSecAlgorithm API Tweaks am: 6045429b

    method public java.lang.String getName();

    method public int getTruncationLengthBits();

    method public void writeToParcel(android.os.Parcel, int);

    field public static final java.lang.String ALGO_AUTH_HMAC_MD5 = "hmac(md5)";

    field public static final java.lang.String ALGO_AUTH_HMAC_SHA1 = "hmac(sha1)";

    field public static final java.lang.String ALGO_AUTH_HMAC_SHA256 = "hmac(sha256)";

    field public static final java.lang.String ALGO_AUTH_HMAC_SHA384 = "hmac(sha384)";

    field public static final java.lang.String ALGO_AUTH_HMAC_SHA512 = "hmac(sha512)";

    field public static final java.lang.String ALGO_CRYPT_AES_CBC = "cbc(aes)";

    field public static final java.lang.String AUTH_HMAC_MD5 = "hmac(md5)";

    field public static final java.lang.String AUTH_HMAC_SHA1 = "hmac(sha1)";

    field public static final java.lang.String AUTH_HMAC_SHA256 = "hmac(sha256)";

    field public static final java.lang.String AUTH_HMAC_SHA384 = "hmac(sha384)";

    field public static final java.lang.String AUTH_HMAC_SHA512 = "hmac(sha512)";

    field public static final android.os.Parcelable.Creator<android.net.IpSecAlgorithm> CREATOR;

    field public static final java.lang.String CRYPT_AES_CBC = "cbc(aes)";

  }

  public final class IpSecManager {

    method public android.net.IpSecManager.UdpEncapsulationSocket openUdpEncapsulationSocket() throws java.io.IOException, android.net.IpSecManager.ResourceUnavailableException;

    method public void removeTransportModeTransform(java.net.Socket, android.net.IpSecTransform);

    method public void removeTransportModeTransform(java.net.DatagramSocket, android.net.IpSecTransform);

    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress) throws android.net.IpSecManager.ResourceUnavailableException;

    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress, int) throws android.net.IpSecManager.ResourceUnavailableException, android.net.IpSecManager.SpiUnavailableException;

    field public static final int INVALID_SECURITY_PARAMETER_INDEX = 0; // 0x0

  }

    method public java.lang.String getName();

    method public int getTruncationLengthBits();

    method public void writeToParcel(android.os.Parcel, int);

    field public static final java.lang.String ALGO_AUTH_HMAC_MD5 = "hmac(md5)";

    field public static final java.lang.String ALGO_AUTH_HMAC_SHA1 = "hmac(sha1)";

    field public static final java.lang.String ALGO_AUTH_HMAC_SHA256 = "hmac(sha256)";

    field public static final java.lang.String ALGO_AUTH_HMAC_SHA384 = "hmac(sha384)";

    field public static final java.lang.String ALGO_AUTH_HMAC_SHA512 = "hmac(sha512)";

    field public static final java.lang.String ALGO_CRYPT_AES_CBC = "cbc(aes)";

    field public static final java.lang.String AUTH_HMAC_MD5 = "hmac(md5)";

    field public static final java.lang.String AUTH_HMAC_SHA1 = "hmac(sha1)";

    field public static final java.lang.String AUTH_HMAC_SHA256 = "hmac(sha256)";

    field public static final java.lang.String AUTH_HMAC_SHA384 = "hmac(sha384)";

    field public static final java.lang.String AUTH_HMAC_SHA512 = "hmac(sha512)";

    field public static final android.os.Parcelable.Creator<android.net.IpSecAlgorithm> CREATOR;

    field public static final java.lang.String CRYPT_AES_CBC = "cbc(aes)";

  }

  public final class IpSecManager {

    method public android.net.IpSecManager.UdpEncapsulationSocket openUdpEncapsulationSocket() throws java.io.IOException, android.net.IpSecManager.ResourceUnavailableException;

    method public void removeTransportModeTransform(java.net.Socket, android.net.IpSecTransform);

    method public void removeTransportModeTransform(java.net.DatagramSocket, android.net.IpSecTransform);

    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress) throws android.net.IpSecManager.ResourceUnavailableException;

    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress, int) throws android.net.IpSecManager.ResourceUnavailableException, android.net.IpSecManager.SpiUnavailableException;

    field public static final int INVALID_SECURITY_PARAMETER_INDEX = 0; // 0x0

  }

    method public java.lang.String getName();

    method public int getTruncationLengthBits();

    method public void writeToParcel(android.os.Parcel, int);

    field public static final java.lang.String ALGO_AUTH_HMAC_MD5 = "hmac(md5)";

    field public static final java.lang.String ALGO_AUTH_HMAC_SHA1 = "hmac(sha1)";

    field public static final java.lang.String ALGO_AUTH_HMAC_SHA256 = "hmac(sha256)";

    field public static final java.lang.String ALGO_AUTH_HMAC_SHA384 = "hmac(sha384)";

    field public static final java.lang.String ALGO_AUTH_HMAC_SHA512 = "hmac(sha512)";

    field public static final java.lang.String ALGO_CRYPT_AES_CBC = "cbc(aes)";

    field public static final java.lang.String AUTH_HMAC_MD5 = "hmac(md5)";

    field public static final java.lang.String AUTH_HMAC_SHA1 = "hmac(sha1)";

    field public static final java.lang.String AUTH_HMAC_SHA256 = "hmac(sha256)";

    field public static final java.lang.String AUTH_HMAC_SHA384 = "hmac(sha384)";

    field public static final java.lang.String AUTH_HMAC_SHA512 = "hmac(sha512)";

    field public static final android.os.Parcelable.Creator<android.net.IpSecAlgorithm> CREATOR;

    field public static final java.lang.String CRYPT_AES_CBC = "cbc(aes)";

  }

  public final class IpSecManager {

    method public android.net.IpSecManager.UdpEncapsulationSocket openUdpEncapsulationSocket() throws java.io.IOException, android.net.IpSecManager.ResourceUnavailableException;

    method public void removeTransportModeTransform(java.net.Socket, android.net.IpSecTransform);

    method public void removeTransportModeTransform(java.net.DatagramSocket, android.net.IpSecTransform);

    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress) throws android.net.IpSecManager.ResourceUnavailableException;

    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress, int) throws android.net.IpSecManager.ResourceUnavailableException, android.net.IpSecManager.SpiUnavailableException;

    field public static final int INVALID_SECURITY_PARAMETER_INDEX = 0; // 0x0

  }

     *

     * <p>Valid lengths for this key are {128, 192, 256}.

     */

    public static final String ALGO_CRYPT_AES_CBC = "cbc(aes)";

    public static final String CRYPT_AES_CBC = "cbc(aes)";

    /**

     * MD5 HMAC Authentication/Integrity Algorithm. This algorithm is not recommended for use in new

     *

     * <p>Valid truncation lengths are multiples of 8 bits from 96 to (default) 128.

     */

    public static final String ALGO_AUTH_HMAC_MD5 = "hmac(md5)";

    public static final String AUTH_HMAC_MD5 = "hmac(md5)";

    /**

     * SHA1 HMAC Authentication/Integrity Algorithm. This algorithm is not recommended for use in

     *

     * <p>Valid truncation lengths are multiples of 8 bits from 96 to (default) 160.

     */

    public static final String ALGO_AUTH_HMAC_SHA1 = "hmac(sha1)";

    public static final String AUTH_HMAC_SHA1 = "hmac(sha1)";

    /**

     * SHA256 HMAC Authentication/Integrity Algorithm.

     *

     * <p>Valid truncation lengths are multiples of 8 bits from 96 to (default) 256.

     */

    public static final String ALGO_AUTH_HMAC_SHA256 = "hmac(sha256)";

    public static final String AUTH_HMAC_SHA256 = "hmac(sha256)";

    /**

     * SHA384 HMAC Authentication/Integrity Algorithm.

     *

     * <p>Valid truncation lengths are multiples of 8 bits from 192 to (default) 384.

     */

    public static final String ALGO_AUTH_HMAC_SHA384 = "hmac(sha384)";

    public static final String AUTH_HMAC_SHA384 = "hmac(sha384)";

    /**

     * SHA512 HMAC Authentication/Integrity Algorithm

     *

     * <p>Valid truncation lengths are multiples of 8 bits from 256 to (default) 512.

     */

    public static final String ALGO_AUTH_HMAC_SHA512 = "hmac(sha512)";

    public static final String AUTH_HMAC_SHA512 = "hmac(sha512)";

    /** @hide */

    @StringDef({

        ALGO_CRYPT_AES_CBC,

        ALGO_AUTH_HMAC_MD5,

        ALGO_AUTH_HMAC_SHA1,

        ALGO_AUTH_HMAC_SHA256,

        ALGO_AUTH_HMAC_SHA512

        CRYPT_AES_CBC,

        AUTH_HMAC_MD5,

        AUTH_HMAC_SHA1,

        AUTH_HMAC_SHA256,

        AUTH_HMAC_SHA512

    })

    @Retention(RetentionPolicy.SOURCE)

    public @interface AlgorithmName {}

    private static boolean isTruncationLengthValid(String algo, int truncLenBits) {

        switch (algo) {

            case ALGO_CRYPT_AES_CBC:

            case CRYPT_AES_CBC:

                return (truncLenBits == 128 || truncLenBits == 192 || truncLenBits == 256);

            case ALGO_AUTH_HMAC_MD5:

            case AUTH_HMAC_MD5:

                return (truncLenBits >= 96 && truncLenBits <= 128);

            case ALGO_AUTH_HMAC_SHA1:

            case AUTH_HMAC_SHA1:

                return (truncLenBits >= 96 && truncLenBits <= 160);

            case ALGO_AUTH_HMAC_SHA256:

            case AUTH_HMAC_SHA256:

                return (truncLenBits >= 96 && truncLenBits <= 256);

            case ALGO_AUTH_HMAC_SHA384:

            case AUTH_HMAC_SHA384:

                return (truncLenBits >= 192 && truncLenBits <= 384);

            case ALGO_AUTH_HMAC_SHA512:

            case AUTH_HMAC_SHA512:

                return (truncLenBits >= 256 && truncLenBits <= 512);

            default:

                return false;

     *

     * @param direction {@link IpSecTransform#DIRECTION_IN} or {@link IpSecTransform#DIRECTION_OUT}

     * @param remoteAddress address of the remote. SPIs must be unique for each remoteAddress.

     * @param requestedSpi the requested SPI, or '0' to allocate a random SPI.

     * @return the reserved SecurityParameterIndex

     * @throws ResourceUnavailableException indicating that too many SPIs are currently allocated

     *     for this user

     * @throws SpiUnavailableException indicating that a particular SPI cannot be reserved

     */

    public SecurityParameterIndex reserveSecurityParameterIndex(

            int direction, InetAddress remoteAddress)

            throws ResourceUnavailableException {

        try {

            return new SecurityParameterIndex(

                    mService,

                    direction,

                    remoteAddress,

                    IpSecManager.INVALID_SECURITY_PARAMETER_INDEX);

        } catch (SpiUnavailableException unlikely) {

            throw new ResourceUnavailableException("No SPIs available");

        }

    }

    /**

     * Reserve an SPI for traffic bound towards the specified remote address.

     *

     * <p>If successful, this SPI is guaranteed available until released by a call to {@link

     * SecurityParameterIndex#close()}.

     *

     * @param direction {@link IpSecTransform#DIRECTION_IN} or {@link IpSecTransform#DIRECTION_OUT}

     * @param remoteAddress address of the remote. SPIs must be unique for each remoteAddress.

     * @param requestedSpi the requested SPI, or '0' to allocate a random SPI.

     * @return the reserved SecurityParameterIndex

     * @throws ResourceUnavailableException indicating that too many SPIs are currently allocated

     *     for this user

     */

    public SecurityParameterIndex reserveSecurityParameterIndex(

            int direction, InetAddress remoteAddress, int requestedSpi)

            throws SpiUnavailableException, ResourceUnavailableException {

        if (requestedSpi == IpSecManager.INVALID_SECURITY_PARAMETER_INDEX) {

            throw new IllegalArgumentException("Requested SPI must be a valid (non-zero) SPI");

        }

        return new SecurityParameterIndex(mService, direction, remoteAddress, requestedSpi);

    }