1330e1089da80cddcd68758512370d217b19f8890Nathan Harold/* 2330e1089da80cddcd68758512370d217b19f8890Nathan Harold * Copyright (C) 2017 The Android Open Source Project 3330e1089da80cddcd68758512370d217b19f8890Nathan Harold * 4330e1089da80cddcd68758512370d217b19f8890Nathan Harold * Licensed under the Apache License, Version 2.0 (the "License"); 5330e1089da80cddcd68758512370d217b19f8890Nathan Harold * you may not use this file except in compliance with the License. 6330e1089da80cddcd68758512370d217b19f8890Nathan Harold * You may obtain a copy of the License at 7330e1089da80cddcd68758512370d217b19f8890Nathan Harold * 8330e1089da80cddcd68758512370d217b19f8890Nathan Harold * http://www.apache.org/licenses/LICENSE-2.0 9330e1089da80cddcd68758512370d217b19f8890Nathan Harold * 10330e1089da80cddcd68758512370d217b19f8890Nathan Harold * Unless required by applicable law or agreed to in writing, software 11330e1089da80cddcd68758512370d217b19f8890Nathan Harold * distributed under the License is distributed on an "AS IS" BASIS, 12330e1089da80cddcd68758512370d217b19f8890Nathan Harold * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13330e1089da80cddcd68758512370d217b19f8890Nathan Harold * See the License for the specific language governing permissions and 14330e1089da80cddcd68758512370d217b19f8890Nathan Harold * limitations under the License. 15330e1089da80cddcd68758512370d217b19f8890Nathan Harold */ 16330e1089da80cddcd68758512370d217b19f8890Nathan Haroldpackage android.net; 17330e1089da80cddcd68758512370d217b19f8890Nathan Harold 18330e1089da80cddcd68758512370d217b19f8890Nathan Haroldimport android.os.Parcel; 19330e1089da80cddcd68758512370d217b19f8890Nathan Haroldimport android.os.Parcelable; 20330e1089da80cddcd68758512370d217b19f8890Nathan Haroldimport android.util.Log; 21330e1089da80cddcd68758512370d217b19f8890Nathan Haroldimport java.net.InetAddress; 22330e1089da80cddcd68758512370d217b19f8890Nathan Haroldimport java.net.UnknownHostException; 23330e1089da80cddcd68758512370d217b19f8890Nathan Harold 24330e1089da80cddcd68758512370d217b19f8890Nathan Harold/** @hide */ 25330e1089da80cddcd68758512370d217b19f8890Nathan Haroldpublic final class IpSecConfig implements Parcelable { 26f1dad26972dceac86edfc42bc87753b7ad8ad54fNathan Harold private static final String TAG = "IpSecConfig"; 27330e1089da80cddcd68758512370d217b19f8890Nathan Harold 28330e1089da80cddcd68758512370d217b19f8890Nathan Harold //MODE_TRANSPORT or MODE_TUNNEL 29330e1089da80cddcd68758512370d217b19f8890Nathan Harold int mode; 30330e1089da80cddcd68758512370d217b19f8890Nathan Harold 31330e1089da80cddcd68758512370d217b19f8890Nathan Harold // For tunnel mode 32330e1089da80cddcd68758512370d217b19f8890Nathan Harold InetAddress localAddress; 33330e1089da80cddcd68758512370d217b19f8890Nathan Harold 34330e1089da80cddcd68758512370d217b19f8890Nathan Harold InetAddress remoteAddress; 35330e1089da80cddcd68758512370d217b19f8890Nathan Harold 36330e1089da80cddcd68758512370d217b19f8890Nathan Harold // Limit selection by network interface 37330e1089da80cddcd68758512370d217b19f8890Nathan Harold Network network; 38330e1089da80cddcd68758512370d217b19f8890Nathan Harold 39330e1089da80cddcd68758512370d217b19f8890Nathan Harold public static class Flow { 40330e1089da80cddcd68758512370d217b19f8890Nathan Harold // Minimum requirements for identifying a transform 41330e1089da80cddcd68758512370d217b19f8890Nathan Harold // SPI identifying the IPsec flow in packet processing 42330e1089da80cddcd68758512370d217b19f8890Nathan Harold // and a remote IP address 43330e1089da80cddcd68758512370d217b19f8890Nathan Harold int spi; 44330e1089da80cddcd68758512370d217b19f8890Nathan Harold 45330e1089da80cddcd68758512370d217b19f8890Nathan Harold // Encryption Algorithm 46f1dad26972dceac86edfc42bc87753b7ad8ad54fNathan Harold IpSecAlgorithm encryption; 47330e1089da80cddcd68758512370d217b19f8890Nathan Harold 48330e1089da80cddcd68758512370d217b19f8890Nathan Harold // Authentication Algorithm 49f1dad26972dceac86edfc42bc87753b7ad8ad54fNathan Harold IpSecAlgorithm authentication; 50330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 51330e1089da80cddcd68758512370d217b19f8890Nathan Harold 52f1dad26972dceac86edfc42bc87753b7ad8ad54fNathan Harold Flow[] flow = new Flow[] {new Flow(), new Flow()}; 53330e1089da80cddcd68758512370d217b19f8890Nathan Harold 54330e1089da80cddcd68758512370d217b19f8890Nathan Harold // For tunnel mode IPv4 UDP Encapsulation 55330e1089da80cddcd68758512370d217b19f8890Nathan Harold // IpSecTransform#ENCAP_ESP_*, such as ENCAP_ESP_OVER_UDP_IKE 56330e1089da80cddcd68758512370d217b19f8890Nathan Harold int encapType; 57330e1089da80cddcd68758512370d217b19f8890Nathan Harold int encapLocalPort; 58330e1089da80cddcd68758512370d217b19f8890Nathan Harold int encapRemotePort; 59330e1089da80cddcd68758512370d217b19f8890Nathan Harold 60330e1089da80cddcd68758512370d217b19f8890Nathan Harold // An interval, in seconds between the NattKeepalive packets 61330e1089da80cddcd68758512370d217b19f8890Nathan Harold int nattKeepaliveInterval; 62330e1089da80cddcd68758512370d217b19f8890Nathan Harold 63f1dad26972dceac86edfc42bc87753b7ad8ad54fNathan Harold // Transport or Tunnel 64f1dad26972dceac86edfc42bc87753b7ad8ad54fNathan Harold public int getMode() { 65f1dad26972dceac86edfc42bc87753b7ad8ad54fNathan Harold return mode; 66f1dad26972dceac86edfc42bc87753b7ad8ad54fNathan Harold } 67f1dad26972dceac86edfc42bc87753b7ad8ad54fNathan Harold 68f1dad26972dceac86edfc42bc87753b7ad8ad54fNathan Harold public InetAddress getLocalAddress() { 69330e1089da80cddcd68758512370d217b19f8890Nathan Harold return localAddress; 70330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 71330e1089da80cddcd68758512370d217b19f8890Nathan Harold 72330e1089da80cddcd68758512370d217b19f8890Nathan Harold public int getSpi(int direction) { 73330e1089da80cddcd68758512370d217b19f8890Nathan Harold return flow[direction].spi; 74330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 75330e1089da80cddcd68758512370d217b19f8890Nathan Harold 76f1dad26972dceac86edfc42bc87753b7ad8ad54fNathan Harold public InetAddress getRemoteAddress() { 77330e1089da80cddcd68758512370d217b19f8890Nathan Harold return remoteAddress; 78330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 79330e1089da80cddcd68758512370d217b19f8890Nathan Harold 80f1dad26972dceac86edfc42bc87753b7ad8ad54fNathan Harold public IpSecAlgorithm getEncryption(int direction) { 81f1dad26972dceac86edfc42bc87753b7ad8ad54fNathan Harold return flow[direction].encryption; 82330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 83330e1089da80cddcd68758512370d217b19f8890Nathan Harold 84f1dad26972dceac86edfc42bc87753b7ad8ad54fNathan Harold public IpSecAlgorithm getAuthentication(int direction) { 85f1dad26972dceac86edfc42bc87753b7ad8ad54fNathan Harold return flow[direction].authentication; 86330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 87330e1089da80cddcd68758512370d217b19f8890Nathan Harold 88f1dad26972dceac86edfc42bc87753b7ad8ad54fNathan Harold public Network getNetwork() { 89330e1089da80cddcd68758512370d217b19f8890Nathan Harold return network; 90330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 91330e1089da80cddcd68758512370d217b19f8890Nathan Harold 92330e1089da80cddcd68758512370d217b19f8890Nathan Harold public int getEncapType() { 93330e1089da80cddcd68758512370d217b19f8890Nathan Harold return encapType; 94330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 95330e1089da80cddcd68758512370d217b19f8890Nathan Harold 96330e1089da80cddcd68758512370d217b19f8890Nathan Harold public int getEncapLocalPort() { 97330e1089da80cddcd68758512370d217b19f8890Nathan Harold return encapLocalPort; 98330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 99330e1089da80cddcd68758512370d217b19f8890Nathan Harold 100330e1089da80cddcd68758512370d217b19f8890Nathan Harold public int getEncapRemotePort() { 101330e1089da80cddcd68758512370d217b19f8890Nathan Harold return encapRemotePort; 102330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 103330e1089da80cddcd68758512370d217b19f8890Nathan Harold 104f1dad26972dceac86edfc42bc87753b7ad8ad54fNathan Harold public int getNattKeepaliveInterval() { 105330e1089da80cddcd68758512370d217b19f8890Nathan Harold return nattKeepaliveInterval; 106330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 107330e1089da80cddcd68758512370d217b19f8890Nathan Harold 108330e1089da80cddcd68758512370d217b19f8890Nathan Harold // Parcelable Methods 109330e1089da80cddcd68758512370d217b19f8890Nathan Harold 110330e1089da80cddcd68758512370d217b19f8890Nathan Harold @Override 111330e1089da80cddcd68758512370d217b19f8890Nathan Harold public int describeContents() { 112330e1089da80cddcd68758512370d217b19f8890Nathan Harold return 0; 113330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 114330e1089da80cddcd68758512370d217b19f8890Nathan Harold 115330e1089da80cddcd68758512370d217b19f8890Nathan Harold @Override 116330e1089da80cddcd68758512370d217b19f8890Nathan Harold public void writeToParcel(Parcel out, int flags) { 117330e1089da80cddcd68758512370d217b19f8890Nathan Harold // TODO: Use a byte array or other better method for storing IPs that can also include scope 118330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeString((localAddress != null) ? localAddress.getHostAddress() : null); 119330e1089da80cddcd68758512370d217b19f8890Nathan Harold // TODO: Use a byte array or other better method for storing IPs that can also include scope 120330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeString((remoteAddress != null) ? remoteAddress.getHostAddress() : null); 121330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeParcelable(network, flags); 122330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeInt(flow[IpSecTransform.DIRECTION_IN].spi); 123f1dad26972dceac86edfc42bc87753b7ad8ad54fNathan Harold out.writeParcelable(flow[IpSecTransform.DIRECTION_IN].encryption, flags); 124f1dad26972dceac86edfc42bc87753b7ad8ad54fNathan Harold out.writeParcelable(flow[IpSecTransform.DIRECTION_IN].authentication, flags); 125330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeInt(flow[IpSecTransform.DIRECTION_OUT].spi); 126f1dad26972dceac86edfc42bc87753b7ad8ad54fNathan Harold out.writeParcelable(flow[IpSecTransform.DIRECTION_OUT].encryption, flags); 127f1dad26972dceac86edfc42bc87753b7ad8ad54fNathan Harold out.writeParcelable(flow[IpSecTransform.DIRECTION_OUT].authentication, flags); 128330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeInt(encapType); 129330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeInt(encapLocalPort); 130330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeInt(encapRemotePort); 131330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 132330e1089da80cddcd68758512370d217b19f8890Nathan Harold 133330e1089da80cddcd68758512370d217b19f8890Nathan Harold // Package Private: Used by the IpSecTransform.Builder; 134330e1089da80cddcd68758512370d217b19f8890Nathan Harold // there should be no public constructor for this object 135f1dad26972dceac86edfc42bc87753b7ad8ad54fNathan Harold IpSecConfig() {} 136330e1089da80cddcd68758512370d217b19f8890Nathan Harold 137330e1089da80cddcd68758512370d217b19f8890Nathan Harold private static InetAddress readInetAddressFromParcel(Parcel in) { 138330e1089da80cddcd68758512370d217b19f8890Nathan Harold String addrString = in.readString(); 139330e1089da80cddcd68758512370d217b19f8890Nathan Harold if (addrString == null) { 140330e1089da80cddcd68758512370d217b19f8890Nathan Harold return null; 141330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 142330e1089da80cddcd68758512370d217b19f8890Nathan Harold try { 143330e1089da80cddcd68758512370d217b19f8890Nathan Harold return InetAddress.getByName(addrString); 144330e1089da80cddcd68758512370d217b19f8890Nathan Harold } catch (UnknownHostException e) { 145330e1089da80cddcd68758512370d217b19f8890Nathan Harold Log.wtf(TAG, "Invalid IpAddress " + addrString); 146330e1089da80cddcd68758512370d217b19f8890Nathan Harold return null; 147330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 148330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 149330e1089da80cddcd68758512370d217b19f8890Nathan Harold 150330e1089da80cddcd68758512370d217b19f8890Nathan Harold private IpSecConfig(Parcel in) { 151330e1089da80cddcd68758512370d217b19f8890Nathan Harold localAddress = readInetAddressFromParcel(in); 152330e1089da80cddcd68758512370d217b19f8890Nathan Harold remoteAddress = readInetAddressFromParcel(in); 153330e1089da80cddcd68758512370d217b19f8890Nathan Harold network = (Network) in.readParcelable(Network.class.getClassLoader()); 154330e1089da80cddcd68758512370d217b19f8890Nathan Harold flow[IpSecTransform.DIRECTION_IN].spi = in.readInt(); 155f1dad26972dceac86edfc42bc87753b7ad8ad54fNathan Harold flow[IpSecTransform.DIRECTION_IN].encryption = 156330e1089da80cddcd68758512370d217b19f8890Nathan Harold (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader()); 157f1dad26972dceac86edfc42bc87753b7ad8ad54fNathan Harold flow[IpSecTransform.DIRECTION_IN].authentication = 158330e1089da80cddcd68758512370d217b19f8890Nathan Harold (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader()); 159330e1089da80cddcd68758512370d217b19f8890Nathan Harold flow[IpSecTransform.DIRECTION_OUT].spi = in.readInt(); 160f1dad26972dceac86edfc42bc87753b7ad8ad54fNathan Harold flow[IpSecTransform.DIRECTION_OUT].encryption = 161330e1089da80cddcd68758512370d217b19f8890Nathan Harold (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader()); 162f1dad26972dceac86edfc42bc87753b7ad8ad54fNathan Harold flow[IpSecTransform.DIRECTION_OUT].authentication = 163330e1089da80cddcd68758512370d217b19f8890Nathan Harold (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader()); 164330e1089da80cddcd68758512370d217b19f8890Nathan Harold encapType = in.readInt(); 165330e1089da80cddcd68758512370d217b19f8890Nathan Harold encapLocalPort = in.readInt(); 166330e1089da80cddcd68758512370d217b19f8890Nathan Harold encapRemotePort = in.readInt(); 167330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 168330e1089da80cddcd68758512370d217b19f8890Nathan Harold 169330e1089da80cddcd68758512370d217b19f8890Nathan Harold public static final Parcelable.Creator<IpSecConfig> CREATOR = 170330e1089da80cddcd68758512370d217b19f8890Nathan Harold new Parcelable.Creator<IpSecConfig>() { 171330e1089da80cddcd68758512370d217b19f8890Nathan Harold public IpSecConfig createFromParcel(Parcel in) { 172330e1089da80cddcd68758512370d217b19f8890Nathan Harold return new IpSecConfig(in); 173330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 174330e1089da80cddcd68758512370d217b19f8890Nathan Harold 175330e1089da80cddcd68758512370d217b19f8890Nathan Harold public IpSecConfig[] newArray(int size) { 176330e1089da80cddcd68758512370d217b19f8890Nathan Harold return new IpSecConfig[size]; 177330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 178330e1089da80cddcd68758512370d217b19f8890Nathan Harold }; 179330e1089da80cddcd68758512370d217b19f8890Nathan Harold} 180