IpSecConfig.java revision 8dc1fd0237992e1d693376b4f6eea45e7447e9db
1330e1089da80cddcd68758512370d217b19f8890Nathan Harold/* 2330e1089da80cddcd68758512370d217b19f8890Nathan Harold * Copyright (C) 2017 The Android Open Source Project 3330e1089da80cddcd68758512370d217b19f8890Nathan Harold * 4330e1089da80cddcd68758512370d217b19f8890Nathan Harold * Licensed under the Apache License, Version 2.0 (the "License"); 5330e1089da80cddcd68758512370d217b19f8890Nathan Harold * you may not use this file except in compliance with the License. 6330e1089da80cddcd68758512370d217b19f8890Nathan Harold * You may obtain a copy of the License at 7330e1089da80cddcd68758512370d217b19f8890Nathan Harold * 8330e1089da80cddcd68758512370d217b19f8890Nathan Harold * http://www.apache.org/licenses/LICENSE-2.0 9330e1089da80cddcd68758512370d217b19f8890Nathan Harold * 10330e1089da80cddcd68758512370d217b19f8890Nathan Harold * Unless required by applicable law or agreed to in writing, software 11330e1089da80cddcd68758512370d217b19f8890Nathan Harold * distributed under the License is distributed on an "AS IS" BASIS, 12330e1089da80cddcd68758512370d217b19f8890Nathan Harold * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13330e1089da80cddcd68758512370d217b19f8890Nathan Harold * See the License for the specific language governing permissions and 14330e1089da80cddcd68758512370d217b19f8890Nathan Harold * limitations under the License. 15330e1089da80cddcd68758512370d217b19f8890Nathan Harold */ 16330e1089da80cddcd68758512370d217b19f8890Nathan Haroldpackage android.net; 17330e1089da80cddcd68758512370d217b19f8890Nathan Harold 18330e1089da80cddcd68758512370d217b19f8890Nathan Haroldimport android.os.Parcel; 19330e1089da80cddcd68758512370d217b19f8890Nathan Haroldimport android.os.Parcelable; 20330e1089da80cddcd68758512370d217b19f8890Nathan Haroldimport android.util.Log; 21330e1089da80cddcd68758512370d217b19f8890Nathan Haroldimport java.net.InetAddress; 22330e1089da80cddcd68758512370d217b19f8890Nathan Haroldimport java.net.UnknownHostException; 23330e1089da80cddcd68758512370d217b19f8890Nathan Harold 24330e1089da80cddcd68758512370d217b19f8890Nathan Harold/** @hide */ 25330e1089da80cddcd68758512370d217b19f8890Nathan Haroldpublic final class IpSecConfig implements Parcelable { 2693962f34ce21f5aac825afbcebf2f3e8c7a30910Nathan Harold private static final String TAG = "IpSecConfig"; 27330e1089da80cddcd68758512370d217b19f8890Nathan Harold 28330e1089da80cddcd68758512370d217b19f8890Nathan Harold //MODE_TRANSPORT or MODE_TUNNEL 29330e1089da80cddcd68758512370d217b19f8890Nathan Harold int mode; 30330e1089da80cddcd68758512370d217b19f8890Nathan Harold 31330e1089da80cddcd68758512370d217b19f8890Nathan Harold // For tunnel mode 32330e1089da80cddcd68758512370d217b19f8890Nathan Harold InetAddress localAddress; 33330e1089da80cddcd68758512370d217b19f8890Nathan Harold 34330e1089da80cddcd68758512370d217b19f8890Nathan Harold InetAddress remoteAddress; 35330e1089da80cddcd68758512370d217b19f8890Nathan Harold 36330e1089da80cddcd68758512370d217b19f8890Nathan Harold // Limit selection by network interface 37330e1089da80cddcd68758512370d217b19f8890Nathan Harold Network network; 38330e1089da80cddcd68758512370d217b19f8890Nathan Harold 39330e1089da80cddcd68758512370d217b19f8890Nathan Harold public static class Flow { 40330e1089da80cddcd68758512370d217b19f8890Nathan Harold // Minimum requirements for identifying a transform 41330e1089da80cddcd68758512370d217b19f8890Nathan Harold // SPI identifying the IPsec flow in packet processing 42330e1089da80cddcd68758512370d217b19f8890Nathan Harold // and a remote IP address 438dc1fd0237992e1d693376b4f6eea45e7447e9dbNathan Harold int spiResourceId; 44330e1089da80cddcd68758512370d217b19f8890Nathan Harold 45330e1089da80cddcd68758512370d217b19f8890Nathan Harold // Encryption Algorithm 4693962f34ce21f5aac825afbcebf2f3e8c7a30910Nathan Harold IpSecAlgorithm encryption; 47330e1089da80cddcd68758512370d217b19f8890Nathan Harold 48330e1089da80cddcd68758512370d217b19f8890Nathan Harold // Authentication Algorithm 4993962f34ce21f5aac825afbcebf2f3e8c7a30910Nathan Harold IpSecAlgorithm authentication; 50330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 51330e1089da80cddcd68758512370d217b19f8890Nathan Harold 5293962f34ce21f5aac825afbcebf2f3e8c7a30910Nathan Harold Flow[] flow = new Flow[] {new Flow(), new Flow()}; 53330e1089da80cddcd68758512370d217b19f8890Nathan Harold 54330e1089da80cddcd68758512370d217b19f8890Nathan Harold // For tunnel mode IPv4 UDP Encapsulation 55330e1089da80cddcd68758512370d217b19f8890Nathan Harold // IpSecTransform#ENCAP_ESP_*, such as ENCAP_ESP_OVER_UDP_IKE 56330e1089da80cddcd68758512370d217b19f8890Nathan Harold int encapType; 578dc1fd0237992e1d693376b4f6eea45e7447e9dbNathan Harold int encapLocalPortResourceId; 58330e1089da80cddcd68758512370d217b19f8890Nathan Harold int encapRemotePort; 59330e1089da80cddcd68758512370d217b19f8890Nathan Harold 60330e1089da80cddcd68758512370d217b19f8890Nathan Harold // An interval, in seconds between the NattKeepalive packets 61330e1089da80cddcd68758512370d217b19f8890Nathan Harold int nattKeepaliveInterval; 62330e1089da80cddcd68758512370d217b19f8890Nathan Harold 6393962f34ce21f5aac825afbcebf2f3e8c7a30910Nathan Harold // Transport or Tunnel 6493962f34ce21f5aac825afbcebf2f3e8c7a30910Nathan Harold public int getMode() { 6593962f34ce21f5aac825afbcebf2f3e8c7a30910Nathan Harold return mode; 6693962f34ce21f5aac825afbcebf2f3e8c7a30910Nathan Harold } 6793962f34ce21f5aac825afbcebf2f3e8c7a30910Nathan Harold 6893962f34ce21f5aac825afbcebf2f3e8c7a30910Nathan Harold public InetAddress getLocalAddress() { 69330e1089da80cddcd68758512370d217b19f8890Nathan Harold return localAddress; 70330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 71330e1089da80cddcd68758512370d217b19f8890Nathan Harold 728dc1fd0237992e1d693376b4f6eea45e7447e9dbNathan Harold public int getSpiResourceId(int direction) { 738dc1fd0237992e1d693376b4f6eea45e7447e9dbNathan Harold return flow[direction].spiResourceId; 74330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 75330e1089da80cddcd68758512370d217b19f8890Nathan Harold 7693962f34ce21f5aac825afbcebf2f3e8c7a30910Nathan Harold public InetAddress getRemoteAddress() { 77330e1089da80cddcd68758512370d217b19f8890Nathan Harold return remoteAddress; 78330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 79330e1089da80cddcd68758512370d217b19f8890Nathan Harold 8093962f34ce21f5aac825afbcebf2f3e8c7a30910Nathan Harold public IpSecAlgorithm getEncryption(int direction) { 8193962f34ce21f5aac825afbcebf2f3e8c7a30910Nathan Harold return flow[direction].encryption; 82330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 83330e1089da80cddcd68758512370d217b19f8890Nathan Harold 8493962f34ce21f5aac825afbcebf2f3e8c7a30910Nathan Harold public IpSecAlgorithm getAuthentication(int direction) { 8593962f34ce21f5aac825afbcebf2f3e8c7a30910Nathan Harold return flow[direction].authentication; 86330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 87330e1089da80cddcd68758512370d217b19f8890Nathan Harold 8893962f34ce21f5aac825afbcebf2f3e8c7a30910Nathan Harold public Network getNetwork() { 89330e1089da80cddcd68758512370d217b19f8890Nathan Harold return network; 90330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 91330e1089da80cddcd68758512370d217b19f8890Nathan Harold 92330e1089da80cddcd68758512370d217b19f8890Nathan Harold public int getEncapType() { 93330e1089da80cddcd68758512370d217b19f8890Nathan Harold return encapType; 94330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 95330e1089da80cddcd68758512370d217b19f8890Nathan Harold 968dc1fd0237992e1d693376b4f6eea45e7447e9dbNathan Harold public int getEncapLocalResourceId() { 978dc1fd0237992e1d693376b4f6eea45e7447e9dbNathan Harold return encapLocalPortResourceId; 98330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 99330e1089da80cddcd68758512370d217b19f8890Nathan Harold 100330e1089da80cddcd68758512370d217b19f8890Nathan Harold public int getEncapRemotePort() { 101330e1089da80cddcd68758512370d217b19f8890Nathan Harold return encapRemotePort; 102330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 103330e1089da80cddcd68758512370d217b19f8890Nathan Harold 10493962f34ce21f5aac825afbcebf2f3e8c7a30910Nathan Harold public int getNattKeepaliveInterval() { 105330e1089da80cddcd68758512370d217b19f8890Nathan Harold return nattKeepaliveInterval; 106330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 107330e1089da80cddcd68758512370d217b19f8890Nathan Harold 108330e1089da80cddcd68758512370d217b19f8890Nathan Harold // Parcelable Methods 109330e1089da80cddcd68758512370d217b19f8890Nathan Harold 110330e1089da80cddcd68758512370d217b19f8890Nathan Harold @Override 111330e1089da80cddcd68758512370d217b19f8890Nathan Harold public int describeContents() { 112330e1089da80cddcd68758512370d217b19f8890Nathan Harold return 0; 113330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 114330e1089da80cddcd68758512370d217b19f8890Nathan Harold 115330e1089da80cddcd68758512370d217b19f8890Nathan Harold @Override 116330e1089da80cddcd68758512370d217b19f8890Nathan Harold public void writeToParcel(Parcel out, int flags) { 117330e1089da80cddcd68758512370d217b19f8890Nathan Harold // TODO: Use a byte array or other better method for storing IPs that can also include scope 118330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeString((localAddress != null) ? localAddress.getHostAddress() : null); 119330e1089da80cddcd68758512370d217b19f8890Nathan Harold // TODO: Use a byte array or other better method for storing IPs that can also include scope 120330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeString((remoteAddress != null) ? remoteAddress.getHostAddress() : null); 121330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeParcelable(network, flags); 1228dc1fd0237992e1d693376b4f6eea45e7447e9dbNathan Harold out.writeInt(flow[IpSecTransform.DIRECTION_IN].spiResourceId); 12393962f34ce21f5aac825afbcebf2f3e8c7a30910Nathan Harold out.writeParcelable(flow[IpSecTransform.DIRECTION_IN].encryption, flags); 12493962f34ce21f5aac825afbcebf2f3e8c7a30910Nathan Harold out.writeParcelable(flow[IpSecTransform.DIRECTION_IN].authentication, flags); 1258dc1fd0237992e1d693376b4f6eea45e7447e9dbNathan Harold out.writeInt(flow[IpSecTransform.DIRECTION_OUT].spiResourceId); 12693962f34ce21f5aac825afbcebf2f3e8c7a30910Nathan Harold out.writeParcelable(flow[IpSecTransform.DIRECTION_OUT].encryption, flags); 12793962f34ce21f5aac825afbcebf2f3e8c7a30910Nathan Harold out.writeParcelable(flow[IpSecTransform.DIRECTION_OUT].authentication, flags); 128330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeInt(encapType); 1298dc1fd0237992e1d693376b4f6eea45e7447e9dbNathan Harold out.writeInt(encapLocalPortResourceId); 130330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeInt(encapRemotePort); 131330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 132330e1089da80cddcd68758512370d217b19f8890Nathan Harold 133330e1089da80cddcd68758512370d217b19f8890Nathan Harold // Package Private: Used by the IpSecTransform.Builder; 134330e1089da80cddcd68758512370d217b19f8890Nathan Harold // there should be no public constructor for this object 13593962f34ce21f5aac825afbcebf2f3e8c7a30910Nathan Harold IpSecConfig() {} 136330e1089da80cddcd68758512370d217b19f8890Nathan Harold 137330e1089da80cddcd68758512370d217b19f8890Nathan Harold private static InetAddress readInetAddressFromParcel(Parcel in) { 138330e1089da80cddcd68758512370d217b19f8890Nathan Harold String addrString = in.readString(); 139330e1089da80cddcd68758512370d217b19f8890Nathan Harold if (addrString == null) { 140330e1089da80cddcd68758512370d217b19f8890Nathan Harold return null; 141330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 142330e1089da80cddcd68758512370d217b19f8890Nathan Harold try { 143330e1089da80cddcd68758512370d217b19f8890Nathan Harold return InetAddress.getByName(addrString); 144330e1089da80cddcd68758512370d217b19f8890Nathan Harold } catch (UnknownHostException e) { 145330e1089da80cddcd68758512370d217b19f8890Nathan Harold Log.wtf(TAG, "Invalid IpAddress " + addrString); 146330e1089da80cddcd68758512370d217b19f8890Nathan Harold return null; 147330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 148330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 149330e1089da80cddcd68758512370d217b19f8890Nathan Harold 150330e1089da80cddcd68758512370d217b19f8890Nathan Harold private IpSecConfig(Parcel in) { 151330e1089da80cddcd68758512370d217b19f8890Nathan Harold localAddress = readInetAddressFromParcel(in); 152330e1089da80cddcd68758512370d217b19f8890Nathan Harold remoteAddress = readInetAddressFromParcel(in); 153330e1089da80cddcd68758512370d217b19f8890Nathan Harold network = (Network) in.readParcelable(Network.class.getClassLoader()); 1548dc1fd0237992e1d693376b4f6eea45e7447e9dbNathan Harold flow[IpSecTransform.DIRECTION_IN].spiResourceId = in.readInt(); 15593962f34ce21f5aac825afbcebf2f3e8c7a30910Nathan Harold flow[IpSecTransform.DIRECTION_IN].encryption = 156330e1089da80cddcd68758512370d217b19f8890Nathan Harold (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader()); 15793962f34ce21f5aac825afbcebf2f3e8c7a30910Nathan Harold flow[IpSecTransform.DIRECTION_IN].authentication = 158330e1089da80cddcd68758512370d217b19f8890Nathan Harold (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader()); 1598dc1fd0237992e1d693376b4f6eea45e7447e9dbNathan Harold flow[IpSecTransform.DIRECTION_OUT].spiResourceId = in.readInt(); 16093962f34ce21f5aac825afbcebf2f3e8c7a30910Nathan Harold flow[IpSecTransform.DIRECTION_OUT].encryption = 161330e1089da80cddcd68758512370d217b19f8890Nathan Harold (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader()); 16293962f34ce21f5aac825afbcebf2f3e8c7a30910Nathan Harold flow[IpSecTransform.DIRECTION_OUT].authentication = 163330e1089da80cddcd68758512370d217b19f8890Nathan Harold (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader()); 164330e1089da80cddcd68758512370d217b19f8890Nathan Harold encapType = in.readInt(); 1658dc1fd0237992e1d693376b4f6eea45e7447e9dbNathan Harold encapLocalPortResourceId = in.readInt(); 166330e1089da80cddcd68758512370d217b19f8890Nathan Harold encapRemotePort = in.readInt(); 167330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 168330e1089da80cddcd68758512370d217b19f8890Nathan Harold 169330e1089da80cddcd68758512370d217b19f8890Nathan Harold public static final Parcelable.Creator<IpSecConfig> CREATOR = 170330e1089da80cddcd68758512370d217b19f8890Nathan Harold new Parcelable.Creator<IpSecConfig>() { 171330e1089da80cddcd68758512370d217b19f8890Nathan Harold public IpSecConfig createFromParcel(Parcel in) { 172330e1089da80cddcd68758512370d217b19f8890Nathan Harold return new IpSecConfig(in); 173330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 174330e1089da80cddcd68758512370d217b19f8890Nathan Harold 175330e1089da80cddcd68758512370d217b19f8890Nathan Harold public IpSecConfig[] newArray(int size) { 176330e1089da80cddcd68758512370d217b19f8890Nathan Harold return new IpSecConfig[size]; 177330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 178330e1089da80cddcd68758512370d217b19f8890Nathan Harold }; 179330e1089da80cddcd68758512370d217b19f8890Nathan Harold} 180