1 /* 2 * Copyright (C) 2019 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package android.net.ipsec.ike.exceptions; 17 18 import android.annotation.IntDef; 19 import android.annotation.Nullable; 20 import android.annotation.SystemApi; 21 22 import com.android.internal.net.ipsec.ike.message.IkeNotifyPayload; 23 24 import java.lang.annotation.Retention; 25 import java.lang.annotation.RetentionPolicy; 26 import java.nio.ByteBuffer; 27 28 /** 29 * IkeProtocolException is an abstract class that represents the common information for all IKE 30 * protocol errors. 31 * 32 * <p>Error types are as defined by RFC 7296. 33 * 34 * @see <a href="https://tools.ietf.org/html/rfc7296#section-3.10.1">RFC 7296, Internet Key Exchange 35 * Protocol Version 2 (IKEv2)</a> 36 * @hide 37 */ 38 @SystemApi 39 public abstract class IkeProtocolException extends IkeException { 40 /** @hide */ 41 @Retention(RetentionPolicy.SOURCE) 42 @IntDef({ 43 ERROR_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD, 44 ERROR_TYPE_INVALID_IKE_SPI, 45 ERROR_TYPE_INVALID_MAJOR_VERSION, 46 ERROR_TYPE_INVALID_SYNTAX, 47 ERROR_TYPE_INVALID_MESSAGE_ID, 48 ERROR_TYPE_NO_PROPOSAL_CHOSEN, 49 ERROR_TYPE_INVALID_KE_PAYLOAD, 50 ERROR_TYPE_AUTHENTICATION_FAILED, 51 ERROR_TYPE_SINGLE_PAIR_REQUIRED, 52 ERROR_TYPE_NO_ADDITIONAL_SAS, 53 ERROR_TYPE_INTERNAL_ADDRESS_FAILURE, 54 ERROR_TYPE_FAILED_CP_REQUIRED, 55 ERROR_TYPE_TS_UNACCEPTABLE, 56 ERROR_TYPE_INVALID_SELECTORS, 57 ERROR_TYPE_TEMPORARY_FAILURE, 58 ERROR_TYPE_CHILD_SA_NOT_FOUND, 59 }) 60 public @interface ErrorType {} 61 62 /** Unsupported critical payload */ 63 public static final int ERROR_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD = 1; 64 /** Unrecognized destination IKE SPI */ 65 public static final int ERROR_TYPE_INVALID_IKE_SPI = 4; 66 /** Invalid major version */ 67 public static final int ERROR_TYPE_INVALID_MAJOR_VERSION = 5; 68 /** Invalid syntax */ 69 public static final int ERROR_TYPE_INVALID_SYNTAX = 7; 70 /** Invalid message ID */ 71 public static final int ERROR_TYPE_INVALID_MESSAGE_ID = 9; 72 /** No SA Proposal Chosen is acceptable */ 73 public static final int ERROR_TYPE_NO_PROPOSAL_CHOSEN = 14; 74 /** Invalid Key Exchaneg Payload */ 75 public static final int ERROR_TYPE_INVALID_KE_PAYLOAD = 17; 76 /** IKE authentication failed */ 77 public static final int ERROR_TYPE_AUTHENTICATION_FAILED = 24; 78 /** Only Traffic Selectors specifying a single pair of addresses are acceptable */ 79 public static final int ERROR_TYPE_SINGLE_PAIR_REQUIRED = 34; 80 /** No additional SAa are acceptable */ 81 public static final int ERROR_TYPE_NO_ADDITIONAL_SAS = 35; 82 /** No internal addresses can be assigned */ 83 public static final int ERROR_TYPE_INTERNAL_ADDRESS_FAILURE = 36; 84 /** Configuration Payload required but not found in IKE setup */ 85 public static final int ERROR_TYPE_FAILED_CP_REQUIRED = 37; 86 /** No Traffic Selectors are acceptable */ 87 public static final int ERROR_TYPE_TS_UNACCEPTABLE = 38; 88 /** 89 * An IPsec Packet was found to have mismatched Traffic Selectors of the IPsec SA on which it 90 * was delivered 91 */ 92 public static final int ERROR_TYPE_INVALID_SELECTORS = 39; 93 /** Temporary failure */ 94 public static final int ERROR_TYPE_TEMPORARY_FAILURE = 43; 95 /** Child SA in the received packet does not exist */ 96 public static final int ERROR_TYPE_CHILD_SA_NOT_FOUND = 44; 97 98 /** @hide */ 99 public static final byte[] ERROR_DATA_NOT_INCLUDED = new byte[0]; 100 101 private static final int INTEGER_BYTE_SIZE = 4; 102 103 @ErrorType private final int mErrorType; 104 private final byte[] mErrorData; 105 106 /** @hide */ IkeProtocolException(@rrorType int code)107 protected IkeProtocolException(@ErrorType int code) { 108 super(); 109 mErrorType = code; 110 mErrorData = ERROR_DATA_NOT_INCLUDED; 111 } 112 113 /** @hide */ IkeProtocolException(@rrorType int code, String message)114 protected IkeProtocolException(@ErrorType int code, String message) { 115 super(message); 116 mErrorType = code; 117 mErrorData = ERROR_DATA_NOT_INCLUDED; 118 } 119 120 /** @hide */ IkeProtocolException(@rrorType int code, Throwable cause)121 protected IkeProtocolException(@ErrorType int code, Throwable cause) { 122 super(cause); 123 mErrorType = code; 124 mErrorData = ERROR_DATA_NOT_INCLUDED; 125 } 126 127 /** @hide */ IkeProtocolException(@rrorType int code, String message, Throwable cause)128 protected IkeProtocolException(@ErrorType int code, String message, Throwable cause) { 129 super(message, cause); 130 mErrorType = code; 131 mErrorData = ERROR_DATA_NOT_INCLUDED; 132 } 133 134 /** 135 * Construct an instance from a notify Payload. 136 * 137 * @hide 138 */ IkeProtocolException(@rrorType int code, byte[] notifyData)139 protected IkeProtocolException(@ErrorType int code, byte[] notifyData) { 140 super(); 141 142 if (!isValidDataLength(notifyData.length)) { 143 throw new IllegalArgumentException( 144 "Invalid error data for error type: " 145 + code 146 + " Received error data size: " 147 + notifyData.length); 148 } 149 150 mErrorType = code; 151 mErrorData = notifyData; 152 } 153 154 /** @hide */ isValidDataLength(int dataLen)155 protected abstract boolean isValidDataLength(int dataLen); 156 157 /** @hide */ integerToByteArray(int integer, int arraySize)158 protected static byte[] integerToByteArray(int integer, int arraySize) { 159 if (arraySize > INTEGER_BYTE_SIZE) { 160 throw new IllegalArgumentException( 161 "Cannot convert integer to a byte array of length: " + arraySize); 162 } 163 164 ByteBuffer dataBuffer = ByteBuffer.allocate(INTEGER_BYTE_SIZE); 165 dataBuffer.putInt(integer); 166 dataBuffer.rewind(); 167 168 byte[] zeroPad = new byte[INTEGER_BYTE_SIZE - arraySize]; 169 byte[] byteData = new byte[arraySize]; 170 dataBuffer.get(zeroPad).get(byteData); 171 172 return byteData; 173 } 174 175 /** @hide */ byteArrayToInteger(byte[] byteArray)176 protected static int byteArrayToInteger(byte[] byteArray) { 177 if (byteArray == null || byteArray.length > INTEGER_BYTE_SIZE) { 178 throw new IllegalArgumentException("Cannot convert the byte array to integer"); 179 } 180 181 ByteBuffer dataBuffer = ByteBuffer.allocate(INTEGER_BYTE_SIZE); 182 byte[] zeroPad = new byte[INTEGER_BYTE_SIZE - byteArray.length]; 183 dataBuffer.put(zeroPad).put(byteArray); 184 dataBuffer.rewind(); 185 186 return dataBuffer.getInt(); 187 } 188 189 /** 190 * Returns the IKE standard protocol error type of this {@link IkeProtocolException} instance. 191 * 192 * @return the IKE standard protocol error type. 193 */ 194 @ErrorType getErrorType()195 public int getErrorType() { 196 return mErrorType; 197 } 198 199 /** 200 * Returns the included error data of this {@link IkeProtocolException} instance. 201 * 202 * <p>Note that only few error types will go with an error data. This data has different meaning 203 * with different error types. Callers should first check if an error data is included before 204 * they call this method. 205 * 206 * @return the included error data in byte array, or {@code null} if no error data is available. 207 */ 208 @Nullable getErrorData()209 public byte[] getErrorData() { 210 return mErrorData; 211 } 212 213 /** 214 * Build an IKE Notification Payload for this {@link IkeProtocolException} instance. 215 * 216 * @return the notification payload. 217 * @hide 218 */ buildNotifyPayload()219 public IkeNotifyPayload buildNotifyPayload() { 220 return new IkeNotifyPayload(mErrorType, mErrorData); 221 } 222 } 223