IpSecConfig.java revision 330e1089da80cddcd68758512370d217b19f8890
1330e1089da80cddcd68758512370d217b19f8890Nathan Harold/* 2330e1089da80cddcd68758512370d217b19f8890Nathan Harold * Copyright (C) 2017 The Android Open Source Project 3330e1089da80cddcd68758512370d217b19f8890Nathan Harold * 4330e1089da80cddcd68758512370d217b19f8890Nathan Harold * Licensed under the Apache License, Version 2.0 (the "License"); 5330e1089da80cddcd68758512370d217b19f8890Nathan Harold * you may not use this file except in compliance with the License. 6330e1089da80cddcd68758512370d217b19f8890Nathan Harold * You may obtain a copy of the License at 7330e1089da80cddcd68758512370d217b19f8890Nathan Harold * 8330e1089da80cddcd68758512370d217b19f8890Nathan Harold * http://www.apache.org/licenses/LICENSE-2.0 9330e1089da80cddcd68758512370d217b19f8890Nathan Harold * 10330e1089da80cddcd68758512370d217b19f8890Nathan Harold * Unless required by applicable law or agreed to in writing, software 11330e1089da80cddcd68758512370d217b19f8890Nathan Harold * distributed under the License is distributed on an "AS IS" BASIS, 12330e1089da80cddcd68758512370d217b19f8890Nathan Harold * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13330e1089da80cddcd68758512370d217b19f8890Nathan Harold * See the License for the specific language governing permissions and 14330e1089da80cddcd68758512370d217b19f8890Nathan Harold * limitations under the License. 15330e1089da80cddcd68758512370d217b19f8890Nathan Harold */ 16330e1089da80cddcd68758512370d217b19f8890Nathan Haroldpackage android.net; 17330e1089da80cddcd68758512370d217b19f8890Nathan Harold 18330e1089da80cddcd68758512370d217b19f8890Nathan Haroldimport android.os.Parcel; 19330e1089da80cddcd68758512370d217b19f8890Nathan Haroldimport android.os.Parcelable; 20330e1089da80cddcd68758512370d217b19f8890Nathan Haroldimport android.util.Log; 21330e1089da80cddcd68758512370d217b19f8890Nathan Haroldimport java.net.InetAddress; 22330e1089da80cddcd68758512370d217b19f8890Nathan Haroldimport java.net.UnknownHostException; 23330e1089da80cddcd68758512370d217b19f8890Nathan Harold 24330e1089da80cddcd68758512370d217b19f8890Nathan Harold/** @hide */ 25330e1089da80cddcd68758512370d217b19f8890Nathan Haroldpublic final class IpSecConfig implements Parcelable { 26330e1089da80cddcd68758512370d217b19f8890Nathan Harold private static final String TAG = IpSecConfig.class.getSimpleName(); 27330e1089da80cddcd68758512370d217b19f8890Nathan Harold 28330e1089da80cddcd68758512370d217b19f8890Nathan Harold //MODE_TRANSPORT or MODE_TUNNEL 29330e1089da80cddcd68758512370d217b19f8890Nathan Harold int mode; 30330e1089da80cddcd68758512370d217b19f8890Nathan Harold 31330e1089da80cddcd68758512370d217b19f8890Nathan Harold // For tunnel mode 32330e1089da80cddcd68758512370d217b19f8890Nathan Harold InetAddress localAddress; 33330e1089da80cddcd68758512370d217b19f8890Nathan Harold 34330e1089da80cddcd68758512370d217b19f8890Nathan Harold InetAddress remoteAddress; 35330e1089da80cddcd68758512370d217b19f8890Nathan Harold 36330e1089da80cddcd68758512370d217b19f8890Nathan Harold // Limit selection by network interface 37330e1089da80cddcd68758512370d217b19f8890Nathan Harold Network network; 38330e1089da80cddcd68758512370d217b19f8890Nathan Harold 39330e1089da80cddcd68758512370d217b19f8890Nathan Harold public static class Flow { 40330e1089da80cddcd68758512370d217b19f8890Nathan Harold // Minimum requirements for identifying a transform 41330e1089da80cddcd68758512370d217b19f8890Nathan Harold // SPI identifying the IPsec flow in packet processing 42330e1089da80cddcd68758512370d217b19f8890Nathan Harold // and a remote IP address 43330e1089da80cddcd68758512370d217b19f8890Nathan Harold int spi; 44330e1089da80cddcd68758512370d217b19f8890Nathan Harold 45330e1089da80cddcd68758512370d217b19f8890Nathan Harold // Encryption Algorithm 46330e1089da80cddcd68758512370d217b19f8890Nathan Harold IpSecAlgorithm encryptionAlgo; 47330e1089da80cddcd68758512370d217b19f8890Nathan Harold 48330e1089da80cddcd68758512370d217b19f8890Nathan Harold // Authentication Algorithm 49330e1089da80cddcd68758512370d217b19f8890Nathan Harold IpSecAlgorithm authenticationAlgo; 50330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 51330e1089da80cddcd68758512370d217b19f8890Nathan Harold 52330e1089da80cddcd68758512370d217b19f8890Nathan Harold Flow[] flow = new Flow[2]; 53330e1089da80cddcd68758512370d217b19f8890Nathan Harold 54330e1089da80cddcd68758512370d217b19f8890Nathan Harold // For tunnel mode IPv4 UDP Encapsulation 55330e1089da80cddcd68758512370d217b19f8890Nathan Harold // IpSecTransform#ENCAP_ESP_*, such as ENCAP_ESP_OVER_UDP_IKE 56330e1089da80cddcd68758512370d217b19f8890Nathan Harold int encapType; 57330e1089da80cddcd68758512370d217b19f8890Nathan Harold int encapLocalPort; 58330e1089da80cddcd68758512370d217b19f8890Nathan Harold int encapRemotePort; 59330e1089da80cddcd68758512370d217b19f8890Nathan Harold 60330e1089da80cddcd68758512370d217b19f8890Nathan Harold // An optional protocol to match with the selector 61330e1089da80cddcd68758512370d217b19f8890Nathan Harold int selectorProto; 62330e1089da80cddcd68758512370d217b19f8890Nathan Harold 63330e1089da80cddcd68758512370d217b19f8890Nathan Harold // A bitmask of FEATURE_* indicating which of the fields 64330e1089da80cddcd68758512370d217b19f8890Nathan Harold // of this class are valid. 65330e1089da80cddcd68758512370d217b19f8890Nathan Harold long features; 66330e1089da80cddcd68758512370d217b19f8890Nathan Harold 67330e1089da80cddcd68758512370d217b19f8890Nathan Harold // An interval, in seconds between the NattKeepalive packets 68330e1089da80cddcd68758512370d217b19f8890Nathan Harold int nattKeepaliveInterval; 69330e1089da80cddcd68758512370d217b19f8890Nathan Harold 70330e1089da80cddcd68758512370d217b19f8890Nathan Harold public InetAddress getLocalIp() { 71330e1089da80cddcd68758512370d217b19f8890Nathan Harold return localAddress; 72330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 73330e1089da80cddcd68758512370d217b19f8890Nathan Harold 74330e1089da80cddcd68758512370d217b19f8890Nathan Harold public int getSpi(int direction) { 75330e1089da80cddcd68758512370d217b19f8890Nathan Harold return flow[direction].spi; 76330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 77330e1089da80cddcd68758512370d217b19f8890Nathan Harold 78330e1089da80cddcd68758512370d217b19f8890Nathan Harold public InetAddress getRemoteIp() { 79330e1089da80cddcd68758512370d217b19f8890Nathan Harold return remoteAddress; 80330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 81330e1089da80cddcd68758512370d217b19f8890Nathan Harold 82330e1089da80cddcd68758512370d217b19f8890Nathan Harold public IpSecAlgorithm getEncryptionAlgo(int direction) { 83330e1089da80cddcd68758512370d217b19f8890Nathan Harold return flow[direction].encryptionAlgo; 84330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 85330e1089da80cddcd68758512370d217b19f8890Nathan Harold 86330e1089da80cddcd68758512370d217b19f8890Nathan Harold public IpSecAlgorithm getAuthenticationAlgo(int direction) { 87330e1089da80cddcd68758512370d217b19f8890Nathan Harold return flow[direction].authenticationAlgo; 88330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 89330e1089da80cddcd68758512370d217b19f8890Nathan Harold 90330e1089da80cddcd68758512370d217b19f8890Nathan Harold Network getNetwork() { 91330e1089da80cddcd68758512370d217b19f8890Nathan Harold return network; 92330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 93330e1089da80cddcd68758512370d217b19f8890Nathan Harold 94330e1089da80cddcd68758512370d217b19f8890Nathan Harold public int getEncapType() { 95330e1089da80cddcd68758512370d217b19f8890Nathan Harold return encapType; 96330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 97330e1089da80cddcd68758512370d217b19f8890Nathan Harold 98330e1089da80cddcd68758512370d217b19f8890Nathan Harold public int getEncapLocalPort() { 99330e1089da80cddcd68758512370d217b19f8890Nathan Harold return encapLocalPort; 100330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 101330e1089da80cddcd68758512370d217b19f8890Nathan Harold 102330e1089da80cddcd68758512370d217b19f8890Nathan Harold public int getEncapRemotePort() { 103330e1089da80cddcd68758512370d217b19f8890Nathan Harold return encapRemotePort; 104330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 105330e1089da80cddcd68758512370d217b19f8890Nathan Harold 106330e1089da80cddcd68758512370d217b19f8890Nathan Harold public int getSelectorProto() { 107330e1089da80cddcd68758512370d217b19f8890Nathan Harold return selectorProto; 108330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 109330e1089da80cddcd68758512370d217b19f8890Nathan Harold 110330e1089da80cddcd68758512370d217b19f8890Nathan Harold int getNattKeepaliveInterval() { 111330e1089da80cddcd68758512370d217b19f8890Nathan Harold return nattKeepaliveInterval; 112330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 113330e1089da80cddcd68758512370d217b19f8890Nathan Harold 114330e1089da80cddcd68758512370d217b19f8890Nathan Harold public boolean hasProperty(int featureBits) { 115330e1089da80cddcd68758512370d217b19f8890Nathan Harold return (features & featureBits) == featureBits; 116330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 117330e1089da80cddcd68758512370d217b19f8890Nathan Harold 118330e1089da80cddcd68758512370d217b19f8890Nathan Harold // Parcelable Methods 119330e1089da80cddcd68758512370d217b19f8890Nathan Harold 120330e1089da80cddcd68758512370d217b19f8890Nathan Harold @Override 121330e1089da80cddcd68758512370d217b19f8890Nathan Harold public int describeContents() { 122330e1089da80cddcd68758512370d217b19f8890Nathan Harold return 0; 123330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 124330e1089da80cddcd68758512370d217b19f8890Nathan Harold 125330e1089da80cddcd68758512370d217b19f8890Nathan Harold @Override 126330e1089da80cddcd68758512370d217b19f8890Nathan Harold public void writeToParcel(Parcel out, int flags) { 127330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeLong(features); 128330e1089da80cddcd68758512370d217b19f8890Nathan Harold // TODO: Use a byte array or other better method for storing IPs that can also include scope 129330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeString((localAddress != null) ? localAddress.getHostAddress() : null); 130330e1089da80cddcd68758512370d217b19f8890Nathan Harold // TODO: Use a byte array or other better method for storing IPs that can also include scope 131330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeString((remoteAddress != null) ? remoteAddress.getHostAddress() : null); 132330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeParcelable(network, flags); 133330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeInt(flow[IpSecTransform.DIRECTION_IN].spi); 134330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeParcelable(flow[IpSecTransform.DIRECTION_IN].encryptionAlgo, flags); 135330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeParcelable(flow[IpSecTransform.DIRECTION_IN].authenticationAlgo, flags); 136330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeInt(flow[IpSecTransform.DIRECTION_OUT].spi); 137330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeParcelable(flow[IpSecTransform.DIRECTION_OUT].encryptionAlgo, flags); 138330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeParcelable(flow[IpSecTransform.DIRECTION_OUT].authenticationAlgo, flags); 139330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeInt(encapType); 140330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeInt(encapLocalPort); 141330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeInt(encapRemotePort); 142330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeInt(selectorProto); 143330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 144330e1089da80cddcd68758512370d217b19f8890Nathan Harold 145330e1089da80cddcd68758512370d217b19f8890Nathan Harold // Package Private: Used by the IpSecTransform.Builder; 146330e1089da80cddcd68758512370d217b19f8890Nathan Harold // there should be no public constructor for this object 147330e1089da80cddcd68758512370d217b19f8890Nathan Harold IpSecConfig() { 148330e1089da80cddcd68758512370d217b19f8890Nathan Harold flow[IpSecTransform.DIRECTION_IN].spi = 0; 149330e1089da80cddcd68758512370d217b19f8890Nathan Harold flow[IpSecTransform.DIRECTION_OUT].spi = 0; 150330e1089da80cddcd68758512370d217b19f8890Nathan Harold nattKeepaliveInterval = 0; //FIXME constant 151330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 152330e1089da80cddcd68758512370d217b19f8890Nathan Harold 153330e1089da80cddcd68758512370d217b19f8890Nathan Harold private static InetAddress readInetAddressFromParcel(Parcel in) { 154330e1089da80cddcd68758512370d217b19f8890Nathan Harold String addrString = in.readString(); 155330e1089da80cddcd68758512370d217b19f8890Nathan Harold if (addrString == null) { 156330e1089da80cddcd68758512370d217b19f8890Nathan Harold return null; 157330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 158330e1089da80cddcd68758512370d217b19f8890Nathan Harold try { 159330e1089da80cddcd68758512370d217b19f8890Nathan Harold return InetAddress.getByName(addrString); 160330e1089da80cddcd68758512370d217b19f8890Nathan Harold } catch (UnknownHostException e) { 161330e1089da80cddcd68758512370d217b19f8890Nathan Harold Log.wtf(TAG, "Invalid IpAddress " + addrString); 162330e1089da80cddcd68758512370d217b19f8890Nathan Harold return null; 163330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 164330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 165330e1089da80cddcd68758512370d217b19f8890Nathan Harold 166330e1089da80cddcd68758512370d217b19f8890Nathan Harold private IpSecConfig(Parcel in) { 167330e1089da80cddcd68758512370d217b19f8890Nathan Harold features = in.readLong(); 168330e1089da80cddcd68758512370d217b19f8890Nathan Harold localAddress = readInetAddressFromParcel(in); 169330e1089da80cddcd68758512370d217b19f8890Nathan Harold remoteAddress = readInetAddressFromParcel(in); 170330e1089da80cddcd68758512370d217b19f8890Nathan Harold network = (Network) in.readParcelable(Network.class.getClassLoader()); 171330e1089da80cddcd68758512370d217b19f8890Nathan Harold flow[IpSecTransform.DIRECTION_IN].spi = in.readInt(); 172330e1089da80cddcd68758512370d217b19f8890Nathan Harold flow[IpSecTransform.DIRECTION_IN].encryptionAlgo = 173330e1089da80cddcd68758512370d217b19f8890Nathan Harold (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader()); 174330e1089da80cddcd68758512370d217b19f8890Nathan Harold flow[IpSecTransform.DIRECTION_IN].authenticationAlgo = 175330e1089da80cddcd68758512370d217b19f8890Nathan Harold (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader()); 176330e1089da80cddcd68758512370d217b19f8890Nathan Harold flow[IpSecTransform.DIRECTION_OUT].spi = in.readInt(); 177330e1089da80cddcd68758512370d217b19f8890Nathan Harold flow[IpSecTransform.DIRECTION_OUT].encryptionAlgo = 178330e1089da80cddcd68758512370d217b19f8890Nathan Harold (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader()); 179330e1089da80cddcd68758512370d217b19f8890Nathan Harold flow[IpSecTransform.DIRECTION_OUT].authenticationAlgo = 180330e1089da80cddcd68758512370d217b19f8890Nathan Harold (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader()); 181330e1089da80cddcd68758512370d217b19f8890Nathan Harold encapType = in.readInt(); 182330e1089da80cddcd68758512370d217b19f8890Nathan Harold encapLocalPort = in.readInt(); 183330e1089da80cddcd68758512370d217b19f8890Nathan Harold encapRemotePort = in.readInt(); 184330e1089da80cddcd68758512370d217b19f8890Nathan Harold selectorProto = in.readInt(); 185330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 186330e1089da80cddcd68758512370d217b19f8890Nathan Harold 187330e1089da80cddcd68758512370d217b19f8890Nathan Harold public static final Parcelable.Creator<IpSecConfig> CREATOR = 188330e1089da80cddcd68758512370d217b19f8890Nathan Harold new Parcelable.Creator<IpSecConfig>() { 189330e1089da80cddcd68758512370d217b19f8890Nathan Harold public IpSecConfig createFromParcel(Parcel in) { 190330e1089da80cddcd68758512370d217b19f8890Nathan Harold return new IpSecConfig(in); 191330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 192330e1089da80cddcd68758512370d217b19f8890Nathan Harold 193330e1089da80cddcd68758512370d217b19f8890Nathan Harold public IpSecConfig[] newArray(int size) { 194330e1089da80cddcd68758512370d217b19f8890Nathan Harold return new IpSecConfig[size]; 195330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 196330e1089da80cddcd68758512370d217b19f8890Nathan Harold }; 197330e1089da80cddcd68758512370d217b19f8890Nathan Harold} 198