1 /*
2  * Copyright (C) 2019 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 package android.net.ipsec.ike.exceptions;
17 
18 import android.net.ipsec.ike.ChildSessionCallback;
19 import android.net.ipsec.ike.IkeSessionCallback;
20 
21 import com.android.internal.net.ipsec.ike.utils.IkeMetrics;
22 
23 /**
24  * This exception is thrown when the remote server expected a different Diffie-Hellman group.
25  *
26  * <p>This exception indicates that the remote server received a different KE payload in the Child
27  * creation request from accepted Diffie-Hellman group. Callers can retry Child creation by
28  * proposing the expected DH group included in this exception.
29  *
30  * @see <a href="https://tools.ietf.org/html/rfc7296#section-1.3">RFC 7296, Internet Key Exchange
31  *     Protocol Version 2 (IKEv2)</a>
32  */
33 // Responder should include an INVALID_KE_PAYLOAD Notify payload in a response message for both
34 // IKE INIT exchange and other SA negotiation exchanges after IKE is setup, as per RFC 7296
35 // section-1.3.
36 public final class InvalidKeException extends IkeProtocolException {
37     private static final int EXPECTED_ERROR_DATA_LEN = 2;
38 
39     /**
40      * Construct an instance of InvalidKeException.
41      *
42      * <p>Except for testing, IKE library users normally do not instantiate this object themselves
43      * but instead get a reference via {@link IkeSessionCallback} or {@link ChildSessionCallback}.
44      *
45      * @param dhGroup the expected DH group
46      */
InvalidKeException(int dhGroup)47     public InvalidKeException(int dhGroup) {
48         super(ERROR_TYPE_INVALID_KE_PAYLOAD, integerToByteArray(dhGroup, EXPECTED_ERROR_DATA_LEN));
49     }
50 
51     /**
52      * Construct a instance of InvalidKeException from a notify payload.
53      *
54      * @param notifyData the notify data included in the payload.
55      * @hide
56      */
InvalidKeException(byte[] notifyData)57     public InvalidKeException(byte[] notifyData) {
58         super(ERROR_TYPE_INVALID_KE_PAYLOAD, notifyData);
59     }
60 
61     /**
62      * Return the expected DH Group included in this exception.
63      *
64      * @return the expected DH Group.
65      */
getDhGroup()66     public int getDhGroup() {
67         return byteArrayToInteger(getErrorData());
68     }
69 
70     /** @hide */
71     @Override
isValidDataLength(int dataLen)72     protected boolean isValidDataLength(int dataLen) {
73         return EXPECTED_ERROR_DATA_LEN == dataLen;
74     }
75 
76     /**
77      * Returns the error code for metrics
78      *
79      * @hide
80      */
81     @Override
getMetricsErrorCode()82     public int getMetricsErrorCode() {
83         return IkeMetrics.IKE_ERROR_PROTOCOL_INVALID_KE_PAYLOAD;
84     }
85 }
86