Merge changes from topic 'am-e2002a7381854865a514803d2de26232' into oc-dev-plus-aosp

    method public java.lang.String getName();

    method public int getTruncationLengthBits();

    method public void writeToParcel(android.os.Parcel, int);

    field public static final java.lang.String ALGO_AUTH_HMAC_MD5 = "hmac(md5)";

    field public static final java.lang.String ALGO_AUTH_HMAC_SHA1 = "hmac(sha1)";

    field public static final java.lang.String ALGO_AUTH_HMAC_SHA256 = "hmac(sha256)";

    field public static final java.lang.String ALGO_AUTH_HMAC_SHA384 = "hmac(sha384)";

    field public static final java.lang.String ALGO_AUTH_HMAC_SHA512 = "hmac(sha512)";

    field public static final java.lang.String ALGO_CRYPT_AES_CBC = "cbc(aes)";

    field public static final java.lang.String AUTH_HMAC_MD5 = "hmac(md5)";

    field public static final java.lang.String AUTH_HMAC_SHA1 = "hmac(sha1)";

    field public static final java.lang.String AUTH_HMAC_SHA256 = "hmac(sha256)";

    field public static final java.lang.String AUTH_HMAC_SHA384 = "hmac(sha384)";

    field public static final java.lang.String AUTH_HMAC_SHA512 = "hmac(sha512)";

    field public static final android.os.Parcelable.Creator<android.net.IpSecAlgorithm> CREATOR;

    field public static final java.lang.String CRYPT_AES_CBC = "cbc(aes)";

  }

  public final class IpSecManager {

    method public void applyTransportModeTransform(java.net.Socket, android.net.IpSecTransform) throws java.io.IOException;

    method public void applyTransportModeTransform(java.net.DatagramSocket, android.net.IpSecTransform) throws java.io.IOException;

    method public void applyTransportModeTransform(java.io.FileDescriptor, android.net.IpSecTransform) throws java.io.IOException;

    method public android.net.IpSecManager.UdpEncapsulationSocket openUdpEncapsulationSocket(int) throws java.io.IOException, android.net.IpSecManager.ResourceUnavailableException;

    method public android.net.IpSecManager.UdpEncapsulationSocket openUdpEncapsulationSocket() throws java.io.IOException, android.net.IpSecManager.ResourceUnavailableException;

    method public void removeTransportModeTransform(java.net.Socket, android.net.IpSecTransform);

    method public void removeTransportModeTransform(java.net.DatagramSocket, android.net.IpSecTransform);

    method public void removeTransportModeTransform(java.io.FileDescriptor, android.net.IpSecTransform);

    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress) throws android.net.IpSecManager.ResourceUnavailableException;

    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress, int) throws android.net.IpSecManager.ResourceUnavailableException, android.net.IpSecManager.SpiUnavailableException;

    field public static final int INVALID_SECURITY_PARAMETER_INDEX = 0; // 0x0

  }

    method public java.lang.String getName();

    method public int getTruncationLengthBits();

    method public void writeToParcel(android.os.Parcel, int);

    field public static final java.lang.String ALGO_AUTH_HMAC_MD5 = "hmac(md5)";

    field public static final java.lang.String ALGO_AUTH_HMAC_SHA1 = "hmac(sha1)";

    field public static final java.lang.String ALGO_AUTH_HMAC_SHA256 = "hmac(sha256)";

    field public static final java.lang.String ALGO_AUTH_HMAC_SHA384 = "hmac(sha384)";

    field public static final java.lang.String ALGO_AUTH_HMAC_SHA512 = "hmac(sha512)";

    field public static final java.lang.String ALGO_CRYPT_AES_CBC = "cbc(aes)";

    field public static final java.lang.String AUTH_HMAC_MD5 = "hmac(md5)";

    field public static final java.lang.String AUTH_HMAC_SHA1 = "hmac(sha1)";

    field public static final java.lang.String AUTH_HMAC_SHA256 = "hmac(sha256)";

    field public static final java.lang.String AUTH_HMAC_SHA384 = "hmac(sha384)";

    field public static final java.lang.String AUTH_HMAC_SHA512 = "hmac(sha512)";

    field public static final android.os.Parcelable.Creator<android.net.IpSecAlgorithm> CREATOR;

    field public static final java.lang.String CRYPT_AES_CBC = "cbc(aes)";

  }

  public final class IpSecManager {

    method public void applyTransportModeTransform(java.net.Socket, android.net.IpSecTransform) throws java.io.IOException;

    method public void applyTransportModeTransform(java.net.DatagramSocket, android.net.IpSecTransform) throws java.io.IOException;

    method public void applyTransportModeTransform(java.io.FileDescriptor, android.net.IpSecTransform) throws java.io.IOException;

    method public android.net.IpSecManager.UdpEncapsulationSocket openUdpEncapsulationSocket(int) throws java.io.IOException, android.net.IpSecManager.ResourceUnavailableException;

    method public android.net.IpSecManager.UdpEncapsulationSocket openUdpEncapsulationSocket() throws java.io.IOException, android.net.IpSecManager.ResourceUnavailableException;

    method public void removeTransportModeTransform(java.net.Socket, android.net.IpSecTransform);

    method public void removeTransportModeTransform(java.net.DatagramSocket, android.net.IpSecTransform);

    method public void removeTransportModeTransform(java.io.FileDescriptor, android.net.IpSecTransform);

    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress) throws android.net.IpSecManager.ResourceUnavailableException;

    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress, int) throws android.net.IpSecManager.ResourceUnavailableException, android.net.IpSecManager.SpiUnavailableException;

    field public static final int INVALID_SECURITY_PARAMETER_INDEX = 0; // 0x0

  }

    method public java.lang.String getName();

    method public int getTruncationLengthBits();

    method public void writeToParcel(android.os.Parcel, int);

    field public static final java.lang.String ALGO_AUTH_HMAC_MD5 = "hmac(md5)";

    field public static final java.lang.String ALGO_AUTH_HMAC_SHA1 = "hmac(sha1)";

    field public static final java.lang.String ALGO_AUTH_HMAC_SHA256 = "hmac(sha256)";

    field public static final java.lang.String ALGO_AUTH_HMAC_SHA384 = "hmac(sha384)";

    field public static final java.lang.String ALGO_AUTH_HMAC_SHA512 = "hmac(sha512)";

    field public static final java.lang.String ALGO_CRYPT_AES_CBC = "cbc(aes)";

    field public static final java.lang.String AUTH_HMAC_MD5 = "hmac(md5)";

    field public static final java.lang.String AUTH_HMAC_SHA1 = "hmac(sha1)";

    field public static final java.lang.String AUTH_HMAC_SHA256 = "hmac(sha256)";

    field public static final java.lang.String AUTH_HMAC_SHA384 = "hmac(sha384)";

    field public static final java.lang.String AUTH_HMAC_SHA512 = "hmac(sha512)";

    field public static final android.os.Parcelable.Creator<android.net.IpSecAlgorithm> CREATOR;

    field public static final java.lang.String CRYPT_AES_CBC = "cbc(aes)";

  }

  public final class IpSecManager {

    method public void applyTransportModeTransform(java.net.Socket, android.net.IpSecTransform) throws java.io.IOException;

    method public void applyTransportModeTransform(java.net.DatagramSocket, android.net.IpSecTransform) throws java.io.IOException;

    method public void applyTransportModeTransform(java.io.FileDescriptor, android.net.IpSecTransform) throws java.io.IOException;

    method public android.net.IpSecManager.UdpEncapsulationSocket openUdpEncapsulationSocket(int) throws java.io.IOException, android.net.IpSecManager.ResourceUnavailableException;

    method public android.net.IpSecManager.UdpEncapsulationSocket openUdpEncapsulationSocket() throws java.io.IOException, android.net.IpSecManager.ResourceUnavailableException;

    method public void removeTransportModeTransform(java.net.Socket, android.net.IpSecTransform);

    method public void removeTransportModeTransform(java.net.DatagramSocket, android.net.IpSecTransform);

    method public void removeTransportModeTransform(java.io.FileDescriptor, android.net.IpSecTransform);

    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress) throws android.net.IpSecManager.ResourceUnavailableException;

    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress, int) throws android.net.IpSecManager.ResourceUnavailableException, android.net.IpSecManager.SpiUnavailableException;

    field public static final int INVALID_SECURITY_PARAMETER_INDEX = 0; // 0x0

  }

     *

     * <p>Valid lengths for this key are {128, 192, 256}.

     */

    public static final String ALGO_CRYPT_AES_CBC = "cbc(aes)";

    public static final String CRYPT_AES_CBC = "cbc(aes)";

    /**

     * MD5 HMAC Authentication/Integrity Algorithm. This algorithm is not recommended for use in new

     *

     * <p>Valid truncation lengths are multiples of 8 bits from 96 to (default) 128.

     */

    public static final String ALGO_AUTH_HMAC_MD5 = "hmac(md5)";

    public static final String AUTH_HMAC_MD5 = "hmac(md5)";

    /**

     * SHA1 HMAC Authentication/Integrity Algorithm. This algorithm is not recommended for use in

     *

     * <p>Valid truncation lengths are multiples of 8 bits from 96 to (default) 160.

     */

    public static final String ALGO_AUTH_HMAC_SHA1 = "hmac(sha1)";

    public static final String AUTH_HMAC_SHA1 = "hmac(sha1)";

    /**

     * SHA256 HMAC Authentication/Integrity Algorithm.

     *

     * <p>Valid truncation lengths are multiples of 8 bits from 96 to (default) 256.

     */

    public static final String ALGO_AUTH_HMAC_SHA256 = "hmac(sha256)";

    public static final String AUTH_HMAC_SHA256 = "hmac(sha256)";

    /**

     * SHA384 HMAC Authentication/Integrity Algorithm.

     *

     * <p>Valid truncation lengths are multiples of 8 bits from 192 to (default) 384.

     */

    public static final String ALGO_AUTH_HMAC_SHA384 = "hmac(sha384)";

    public static final String AUTH_HMAC_SHA384 = "hmac(sha384)";

    /**

     * SHA512 HMAC Authentication/Integrity Algorithm

     *

     * <p>Valid truncation lengths are multiples of 8 bits from 256 to (default) 512.

     */

    public static final String ALGO_AUTH_HMAC_SHA512 = "hmac(sha512)";

    public static final String AUTH_HMAC_SHA512 = "hmac(sha512)";

    /** @hide */

    @StringDef({

        ALGO_CRYPT_AES_CBC,

        ALGO_AUTH_HMAC_MD5,

        ALGO_AUTH_HMAC_SHA1,

        ALGO_AUTH_HMAC_SHA256,

        ALGO_AUTH_HMAC_SHA512

        CRYPT_AES_CBC,

        AUTH_HMAC_MD5,

        AUTH_HMAC_SHA1,

        AUTH_HMAC_SHA256,

        AUTH_HMAC_SHA512

    })

    @Retention(RetentionPolicy.SOURCE)

    public @interface AlgorithmName {}

    private static boolean isTruncationLengthValid(String algo, int truncLenBits) {

        switch (algo) {

            case ALGO_CRYPT_AES_CBC:

            case CRYPT_AES_CBC:

                return (truncLenBits == 128 || truncLenBits == 192 || truncLenBits == 256);

            case ALGO_AUTH_HMAC_MD5:

            case AUTH_HMAC_MD5:

                return (truncLenBits >= 96 && truncLenBits <= 128);

            case ALGO_AUTH_HMAC_SHA1:

            case AUTH_HMAC_SHA1:

                return (truncLenBits >= 96 && truncLenBits <= 160);

            case ALGO_AUTH_HMAC_SHA256:

            case AUTH_HMAC_SHA256:

                return (truncLenBits >= 96 && truncLenBits <= 256);

            case ALGO_AUTH_HMAC_SHA384:

            case AUTH_HMAC_SHA384:

                return (truncLenBits >= 192 && truncLenBits <= 384);

            case ALGO_AUTH_HMAC_SHA512:

            case AUTH_HMAC_SHA512:

                return (truncLenBits >= 256 && truncLenBits <= 512);

            default:

                return false;

     *

     * @param direction {@link IpSecTransform#DIRECTION_IN} or {@link IpSecTransform#DIRECTION_OUT}

     * @param remoteAddress address of the remote. SPIs must be unique for each remoteAddress.

     * @param requestedSpi the requested SPI, or '0' to allocate a random SPI.

     * @return the reserved SecurityParameterIndex

     * @throws ResourceUnavailableException indicating that too many SPIs are currently allocated

     *     for this user

     * @throws SpiUnavailableException indicating that a particular SPI cannot be reserved

     */

    public SecurityParameterIndex reserveSecurityParameterIndex(

            int direction, InetAddress remoteAddress)

            throws ResourceUnavailableException {

        try {

            return new SecurityParameterIndex(

                    mService,

                    direction,

                    remoteAddress,

                    IpSecManager.INVALID_SECURITY_PARAMETER_INDEX);

        } catch (SpiUnavailableException unlikely) {

            throw new ResourceUnavailableException("No SPIs available");

        }

    }

    /**

     * Reserve an SPI for traffic bound towards the specified remote address.

     *

     * <p>If successful, this SPI is guaranteed available until released by a call to {@link

     * SecurityParameterIndex#close()}.

     *

     * @param direction {@link IpSecTransform#DIRECTION_IN} or {@link IpSecTransform#DIRECTION_OUT}

     * @param remoteAddress address of the remote. SPIs must be unique for each remoteAddress.

     * @param requestedSpi the requested SPI, or '0' to allocate a random SPI.

     * @return the reserved SecurityParameterIndex

     * @throws ResourceUnavailableException indicating that too many SPIs are currently allocated

     *     for this user

     */

    public SecurityParameterIndex reserveSecurityParameterIndex(

            int direction, InetAddress remoteAddress, int requestedSpi)

            throws SpiUnavailableException, ResourceUnavailableException {

        if (requestedSpi == IpSecManager.INVALID_SECURITY_PARAMETER_INDEX) {

            throw new IllegalArgumentException("Requested SPI must be a valid (non-zero) SPI");

        }

        return new SecurityParameterIndex(mService, direction, remoteAddress, requestedSpi);

    }

        }

    }

    /**

     * Apply an active Transport Mode IPsec Transform to a stream socket to perform IPsec

     * encapsulation of the traffic flowing between the socket and the remote InetAddress of that

     * transform. For security reasons, attempts to send traffic to any IP address other than the

     * address associated with that transform will throw an IOException. In addition, if the

     * IpSecTransform is later deactivated, the socket will throw an IOException on any calls to

     * send() or receive() until the transform is removed from the socket by calling {@link

     * #removeTransportModeTransform(Socket, IpSecTransform)};

     *

     * @param socket a socket file descriptor

     * @param transform an {@link IpSecTransform}, which must be an active Transport Mode transform.

     */

    public void applyTransportModeTransform(FileDescriptor socket, IpSecTransform transform)

            throws IOException {

        applyTransportModeTransform(new ParcelFileDescriptor(socket), transform);

    }

    /**

     * Apply an active Tunnel Mode IPsec Transform to a network, which will tunnel all traffic to

     * and from that network's interface with IPsec (applies an outer IP header and IPsec Header to

        removeTransportModeTransform(ParcelFileDescriptor.fromDatagramSocket(socket), transform);

    }

    /**

     * Remove a transform from a given stream socket. Once removed, traffic on the socket will not

     * be encypted. This allows sockets that have been used for IPsec to be reclaimed for

     * communication in the clear in the event socket reuse is desired. This operation will succeed

     * regardless of the underlying state of a transform. If a transform is removed, communication

     * on all sockets to which that transform was applied will fail until this method is called.

     *

     * @param socket a socket file descriptor that previously had a transform applied to it.

     * @param transform the IPsec Transform that was previously applied to the given socket

     */

    public void removeTransportModeTransform(FileDescriptor socket, IpSecTransform transform) {

        removeTransportModeTransform(new ParcelFileDescriptor(socket), transform);

    }

    /* Call down to activate a transform */

    private void removeTransportModeTransform(ParcelFileDescriptor pfd, IpSecTransform transform) {

        try {