Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

IpSecManager and IpSecAlgorithm API Tweaks

Browse Source 
am: 6045429b35

Change-Id: I93d58f64834e5a4c7bc1bf03a5baf2eb5364a36d
This commit is contained in:
Nathan Harold
2017-04-12 18:27:09 +00:00
committed by android-build-merger
parent 03f9a489cb 6045429b35
commit 9c2428ad4d
5 changed files with 68 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
api/current.txt
View File

@@ -23884,13 +23884,13 @@ package android.net {
method public java.lang.String getName();
method public int getTruncationLengthBits();
method public void writeToParcel(android.os.Parcel, int);
field public static final java.lang.String ALGO_AUTH_HMAC_MD5 = "hmac(md5)";
field public static final java.lang.String ALGO_AUTH_HMAC_SHA1 = "hmac(sha1)";
field public static final java.lang.String ALGO_AUTH_HMAC_SHA256 = "hmac(sha256)";
field public static final java.lang.String ALGO_AUTH_HMAC_SHA384 = "hmac(sha384)";
field public static final java.lang.String ALGO_AUTH_HMAC_SHA512 = "hmac(sha512)";
field public static final java.lang.String ALGO_CRYPT_AES_CBC = "cbc(aes)";
field public static final java.lang.String AUTH_HMAC_MD5 = "hmac(md5)";
field public static final java.lang.String AUTH_HMAC_SHA1 = "hmac(sha1)";
field public static final java.lang.String AUTH_HMAC_SHA256 = "hmac(sha256)";
field public static final java.lang.String AUTH_HMAC_SHA384 = "hmac(sha384)";
field public static final java.lang.String AUTH_HMAC_SHA512 = "hmac(sha512)";
field public static final android.os.Parcelable.Creator<android.net.IpSecAlgorithm> CREATOR;
field public static final java.lang.String CRYPT_AES_CBC = "cbc(aes)";
}
public final class IpSecManager {
@@ -23900,6 +23900,7 @@ package android.net {
method public android.net.IpSecManager.UdpEncapsulationSocket openUdpEncapsulationSocket() throws java.io.IOException, android.net.IpSecManager.ResourceUnavailableException;
method public void removeTransportModeTransform(java.net.Socket, android.net.IpSecTransform);
method public void removeTransportModeTransform(java.net.DatagramSocket, android.net.IpSecTransform);
method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress) throws android.net.IpSecManager.ResourceUnavailableException;
method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress, int) throws android.net.IpSecManager.ResourceUnavailableException, android.net.IpSecManager.SpiUnavailableException;
field public static final int INVALID_SECURITY_PARAMETER_INDEX = 0; // 0x0
}

13
api/system-current.txt
View File

@@ -25722,13 +25722,13 @@ package android.net {
method public java.lang.String getName();
method public int getTruncationLengthBits();
method public void writeToParcel(android.os.Parcel, int);
field public static final java.lang.String ALGO_AUTH_HMAC_MD5 = "hmac(md5)";
field public static final java.lang.String ALGO_AUTH_HMAC_SHA1 = "hmac(sha1)";
field public static final java.lang.String ALGO_AUTH_HMAC_SHA256 = "hmac(sha256)";
field public static final java.lang.String ALGO_AUTH_HMAC_SHA384 = "hmac(sha384)";
field public static final java.lang.String ALGO_AUTH_HMAC_SHA512 = "hmac(sha512)";
field public static final java.lang.String ALGO_CRYPT_AES_CBC = "cbc(aes)";
field public static final java.lang.String AUTH_HMAC_MD5 = "hmac(md5)";
field public static final java.lang.String AUTH_HMAC_SHA1 = "hmac(sha1)";
field public static final java.lang.String AUTH_HMAC_SHA256 = "hmac(sha256)";
field public static final java.lang.String AUTH_HMAC_SHA384 = "hmac(sha384)";
field public static final java.lang.String AUTH_HMAC_SHA512 = "hmac(sha512)";
field public static final android.os.Parcelable.Creator<android.net.IpSecAlgorithm> CREATOR;
field public static final java.lang.String CRYPT_AES_CBC = "cbc(aes)";
}
public final class IpSecManager {
@@ -25738,6 +25738,7 @@ package android.net {
method public android.net.IpSecManager.UdpEncapsulationSocket openUdpEncapsulationSocket() throws java.io.IOException, android.net.IpSecManager.ResourceUnavailableException;
method public void removeTransportModeTransform(java.net.Socket, android.net.IpSecTransform);
method public void removeTransportModeTransform(java.net.DatagramSocket, android.net.IpSecTransform);
method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress) throws android.net.IpSecManager.ResourceUnavailableException;
method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress, int) throws android.net.IpSecManager.ResourceUnavailableException, android.net.IpSecManager.SpiUnavailableException;
field public static final int INVALID_SECURITY_PARAMETER_INDEX = 0; // 0x0
}

13
api/test-current.txt
View File

@@ -23958,13 +23958,13 @@ package android.net {
method public java.lang.String getName();
method public int getTruncationLengthBits();
method public void writeToParcel(android.os.Parcel, int);
field public static final java.lang.String ALGO_AUTH_HMAC_MD5 = "hmac(md5)";
field public static final java.lang.String ALGO_AUTH_HMAC_SHA1 = "hmac(sha1)";
field public static final java.lang.String ALGO_AUTH_HMAC_SHA256 = "hmac(sha256)";
field public static final java.lang.String ALGO_AUTH_HMAC_SHA384 = "hmac(sha384)";
field public static final java.lang.String ALGO_AUTH_HMAC_SHA512 = "hmac(sha512)";
field public static final java.lang.String ALGO_CRYPT_AES_CBC = "cbc(aes)";
field public static final java.lang.String AUTH_HMAC_MD5 = "hmac(md5)";
field public static final java.lang.String AUTH_HMAC_SHA1 = "hmac(sha1)";
field public static final java.lang.String AUTH_HMAC_SHA256 = "hmac(sha256)";
field public static final java.lang.String AUTH_HMAC_SHA384 = "hmac(sha384)";
field public static final java.lang.String AUTH_HMAC_SHA512 = "hmac(sha512)";
field public static final android.os.Parcelable.Creator<android.net.IpSecAlgorithm> CREATOR;
field public static final java.lang.String CRYPT_AES_CBC = "cbc(aes)";
}
public final class IpSecManager {
@@ -23974,6 +23974,7 @@ package android.net {
method public android.net.IpSecManager.UdpEncapsulationSocket openUdpEncapsulationSocket() throws java.io.IOException, android.net.IpSecManager.ResourceUnavailableException;
method public void removeTransportModeTransform(java.net.Socket, android.net.IpSecTransform);
method public void removeTransportModeTransform(java.net.DatagramSocket, android.net.IpSecTransform);
method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress) throws android.net.IpSecManager.ResourceUnavailableException;
method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress, int) throws android.net.IpSecManager.ResourceUnavailableException, android.net.IpSecManager.SpiUnavailableException;
field public static final int INVALID_SECURITY_PARAMETER_INDEX = 0; // 0x0
}

34
core/java/android/net/IpSecAlgorithm.java
View File

@@ -32,7 +32,7 @@ public final class IpSecAlgorithm implements Parcelable {
*
* <p>Valid lengths for this key are {128, 192, 256}.
*/
public static final String ALGO_CRYPT_AES_CBC = "cbc(aes)";
public static final String CRYPT_AES_CBC = "cbc(aes)";
/**
* MD5 HMAC Authentication/Integrity Algorithm. This algorithm is not recommended for use in new
@@ -40,7 +40,7 @@ public final class IpSecAlgorithm implements Parcelable {
*
* <p>Valid truncation lengths are multiples of 8 bits from 96 to (default) 128.
*/
public static final String ALGO_AUTH_HMAC_MD5 = "hmac(md5)";
public static final String AUTH_HMAC_MD5 = "hmac(md5)";
/**
* SHA1 HMAC Authentication/Integrity Algorithm. This algorithm is not recommended for use in
@@ -48,35 +48,35 @@ public final class IpSecAlgorithm implements Parcelable {
*
* <p>Valid truncation lengths are multiples of 8 bits from 96 to (default) 160.
*/
public static final String ALGO_AUTH_HMAC_SHA1 = "hmac(sha1)";
public static final String AUTH_HMAC_SHA1 = "hmac(sha1)";
/**
* SHA256 HMAC Authentication/Integrity Algorithm.
*
* <p>Valid truncation lengths are multiples of 8 bits from 96 to (default) 256.
*/
public static final String ALGO_AUTH_HMAC_SHA256 = "hmac(sha256)";
public static final String AUTH_HMAC_SHA256 = "hmac(sha256)";
/**
* SHA384 HMAC Authentication/Integrity Algorithm.
*
* <p>Valid truncation lengths are multiples of 8 bits from 192 to (default) 384.
*/
public static final String ALGO_AUTH_HMAC_SHA384 = "hmac(sha384)";
public static final String AUTH_HMAC_SHA384 = "hmac(sha384)";
/**
* SHA512 HMAC Authentication/Integrity Algorithm
*
* <p>Valid truncation lengths are multiples of 8 bits from 256 to (default) 512.
*/
public static final String ALGO_AUTH_HMAC_SHA512 = "hmac(sha512)";
public static final String AUTH_HMAC_SHA512 = "hmac(sha512)";
/** @hide */
@StringDef({
ALGO_CRYPT_AES_CBC,
ALGO_AUTH_HMAC_MD5,
ALGO_AUTH_HMAC_SHA1,
ALGO_AUTH_HMAC_SHA256,
ALGO_AUTH_HMAC_SHA512
CRYPT_AES_CBC,
AUTH_HMAC_MD5,
AUTH_HMAC_SHA1,
AUTH_HMAC_SHA256,
AUTH_HMAC_SHA512
})
@Retention(RetentionPolicy.SOURCE)
public @interface AlgorithmName {}
@@ -164,17 +164,17 @@ public final class IpSecAlgorithm implements Parcelable {
private static boolean isTruncationLengthValid(String algo, int truncLenBits) {
switch (algo) {
case ALGO_CRYPT_AES_CBC:
case CRYPT_AES_CBC:
return (truncLenBits == 128 || truncLenBits == 192 || truncLenBits == 256);
case ALGO_AUTH_HMAC_MD5:
case AUTH_HMAC_MD5:
return (truncLenBits >= 96 && truncLenBits <= 128);
case ALGO_AUTH_HMAC_SHA1:
case AUTH_HMAC_SHA1:
return (truncLenBits >= 96 && truncLenBits <= 160);
case ALGO_AUTH_HMAC_SHA256:
case AUTH_HMAC_SHA256:
return (truncLenBits >= 96 && truncLenBits <= 256);
case ALGO_AUTH_HMAC_SHA384:
case AUTH_HMAC_SHA384:
return (truncLenBits >= 192 && truncLenBits <= 384);
case ALGO_AUTH_HMAC_SHA512:
case AUTH_HMAC_SHA512:
return (truncLenBits >= 256 && truncLenBits <= 512);
default:
return false;

31
core/java/android/net/IpSecManager.java
View File

@@ -193,15 +193,44 @@ public final class IpSecManager {
*
* @param direction {@link IpSecTransform#DIRECTION_IN} or {@link IpSecTransform#DIRECTION_OUT}
* @param remoteAddress address of the remote. SPIs must be unique for each remoteAddress.
* @param requestedSpi the requested SPI, or '0' to allocate a random SPI.
* @return the reserved SecurityParameterIndex
* @throws ResourceUnavailableException indicating that too many SPIs are currently allocated
* for this user
* @throws SpiUnavailableException indicating that a particular SPI cannot be reserved
*/
public SecurityParameterIndex reserveSecurityParameterIndex(
int direction, InetAddress remoteAddress)
throws ResourceUnavailableException {
try {
return new SecurityParameterIndex(
mService,
direction,
remoteAddress,
IpSecManager.INVALID_SECURITY_PARAMETER_INDEX);
} catch (SpiUnavailableException unlikely) {
throw new ResourceUnavailableException("No SPIs available");
}
}
/**
* Reserve an SPI for traffic bound towards the specified remote address.
*
* <p>If successful, this SPI is guaranteed available until released by a call to {@link
* SecurityParameterIndex#close()}.
*
* @param direction {@link IpSecTransform#DIRECTION_IN} or {@link IpSecTransform#DIRECTION_OUT}
* @param remoteAddress address of the remote. SPIs must be unique for each remoteAddress.
* @param requestedSpi the requested SPI, or '0' to allocate a random SPI.
* @return the reserved SecurityParameterIndex
* @throws ResourceUnavailableException indicating that too many SPIs are currently allocated
* for this user
*/
public SecurityParameterIndex reserveSecurityParameterIndex(
int direction, InetAddress remoteAddress, int requestedSpi)
throws SpiUnavailableException, ResourceUnavailableException {
if (requestedSpi == IpSecManager.INVALID_SECURITY_PARAMETER_INDEX) {
throw new IllegalArgumentException("Requested SPI must be a valid (non-zero) SPI");
}
return new SecurityParameterIndex(mService, direction, remoteAddress, requestedSpi);
}