1 /* 2 * Copyright (C) 2019 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package android.net.ipsec.ike.exceptions; 17 18 import android.annotation.IntDef; 19 import android.annotation.Nullable; 20 import android.annotation.SystemApi; 21 22 import com.android.internal.net.ipsec.ike.message.IkeNotifyPayload; 23 24 import java.lang.annotation.Retention; 25 import java.lang.annotation.RetentionPolicy; 26 import java.nio.ByteBuffer; 27 28 /** 29 * IkeProtocolException is an abstract class that represents the common information for all IKE 30 * protocol errors. 31 * 32 * <p>Error types are as defined by RFC 7296. 33 * 34 * @see <a href="https://tools.ietf.org/html/rfc7296#section-3.10.1">RFC 7296, Internet Key Exchange 35 * Protocol Version 2 (IKEv2)</a> 36 */ 37 public abstract class IkeProtocolException extends IkeException { 38 /** @hide */ 39 @Retention(RetentionPolicy.SOURCE) 40 @IntDef({ 41 ERROR_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD, 42 ERROR_TYPE_INVALID_IKE_SPI, 43 ERROR_TYPE_INVALID_MAJOR_VERSION, 44 ERROR_TYPE_INVALID_SYNTAX, 45 ERROR_TYPE_INVALID_MESSAGE_ID, 46 ERROR_TYPE_NO_PROPOSAL_CHOSEN, 47 ERROR_TYPE_INVALID_KE_PAYLOAD, 48 ERROR_TYPE_AUTHENTICATION_FAILED, 49 ERROR_TYPE_SINGLE_PAIR_REQUIRED, 50 ERROR_TYPE_NO_ADDITIONAL_SAS, 51 ERROR_TYPE_INTERNAL_ADDRESS_FAILURE, 52 ERROR_TYPE_FAILED_CP_REQUIRED, 53 ERROR_TYPE_TS_UNACCEPTABLE, 54 ERROR_TYPE_INVALID_SELECTORS, 55 ERROR_TYPE_TEMPORARY_FAILURE, 56 ERROR_TYPE_CHILD_SA_NOT_FOUND, 57 }) 58 public @interface ErrorType {} 59 60 /** Unsupported critical payload */ 61 public static final int ERROR_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD = 1; 62 /** Unrecognized destination IKE SPI */ 63 public static final int ERROR_TYPE_INVALID_IKE_SPI = 4; 64 /** Invalid major version */ 65 public static final int ERROR_TYPE_INVALID_MAJOR_VERSION = 5; 66 /** Invalid syntax */ 67 public static final int ERROR_TYPE_INVALID_SYNTAX = 7; 68 /** Invalid message ID */ 69 public static final int ERROR_TYPE_INVALID_MESSAGE_ID = 9; 70 /** No SA Proposal Chosen is acceptable */ 71 public static final int ERROR_TYPE_NO_PROPOSAL_CHOSEN = 14; 72 /** Invalid Key Exchange Payload */ 73 public static final int ERROR_TYPE_INVALID_KE_PAYLOAD = 17; 74 /** IKE authentication failed */ 75 public static final int ERROR_TYPE_AUTHENTICATION_FAILED = 24; 76 /** Only Traffic Selectors specifying a single pair of addresses are acceptable */ 77 public static final int ERROR_TYPE_SINGLE_PAIR_REQUIRED = 34; 78 /** No additional SAa are acceptable */ 79 public static final int ERROR_TYPE_NO_ADDITIONAL_SAS = 35; 80 /** No internal addresses can be assigned */ 81 public static final int ERROR_TYPE_INTERNAL_ADDRESS_FAILURE = 36; 82 /** Configuration Payload required but not found in IKE setup */ 83 public static final int ERROR_TYPE_FAILED_CP_REQUIRED = 37; 84 /** No Traffic Selectors are acceptable */ 85 public static final int ERROR_TYPE_TS_UNACCEPTABLE = 38; 86 /** 87 * An IPsec Packet was found to have mismatched Traffic Selectors of the IPsec SA on which it 88 * was delivered 89 */ 90 public static final int ERROR_TYPE_INVALID_SELECTORS = 39; 91 /** Temporary failure */ 92 public static final int ERROR_TYPE_TEMPORARY_FAILURE = 43; 93 /** Child SA in the received packet does not exist */ 94 public static final int ERROR_TYPE_CHILD_SA_NOT_FOUND = 44; 95 96 /** @hide */ 97 public static final byte[] ERROR_DATA_NOT_INCLUDED = new byte[0]; 98 99 private static final int INTEGER_BYTE_SIZE = 4; 100 101 @ErrorType private final int mErrorType; 102 private final byte[] mErrorData; 103 104 /** @hide */ IkeProtocolException(@rrorType int code)105 protected IkeProtocolException(@ErrorType int code) { 106 super(); 107 mErrorType = code; 108 mErrorData = ERROR_DATA_NOT_INCLUDED; 109 } 110 111 /** @hide */ IkeProtocolException(@rrorType int code, String message)112 protected IkeProtocolException(@ErrorType int code, String message) { 113 super(message); 114 mErrorType = code; 115 mErrorData = ERROR_DATA_NOT_INCLUDED; 116 } 117 118 /** @hide */ IkeProtocolException(@rrorType int code, Throwable cause)119 protected IkeProtocolException(@ErrorType int code, Throwable cause) { 120 super(cause); 121 mErrorType = code; 122 mErrorData = ERROR_DATA_NOT_INCLUDED; 123 } 124 125 /** @hide */ IkeProtocolException(@rrorType int code, String message, Throwable cause)126 protected IkeProtocolException(@ErrorType int code, String message, Throwable cause) { 127 super(message, cause); 128 mErrorType = code; 129 mErrorData = ERROR_DATA_NOT_INCLUDED; 130 } 131 132 /** 133 * Construct an instance from a notify Payload. 134 * 135 * @hide 136 */ IkeProtocolException(@rrorType int code, byte[] notifyData)137 protected IkeProtocolException(@ErrorType int code, byte[] notifyData) { 138 super(); 139 140 if (!isValidDataLength(notifyData.length)) { 141 throw new IllegalArgumentException( 142 "Invalid error data for error type: " 143 + code 144 + " Received error data size: " 145 + notifyData.length); 146 } 147 148 mErrorType = code; 149 mErrorData = notifyData.clone(); 150 } 151 152 /** @hide */ isValidDataLength(int dataLen)153 protected abstract boolean isValidDataLength(int dataLen); 154 155 /** @hide */ integerToByteArray(int integer, int arraySize)156 protected static byte[] integerToByteArray(int integer, int arraySize) { 157 if (arraySize > INTEGER_BYTE_SIZE) { 158 throw new IllegalArgumentException( 159 "Cannot convert integer to a byte array of length: " + arraySize); 160 } 161 162 ByteBuffer dataBuffer = ByteBuffer.allocate(INTEGER_BYTE_SIZE); 163 dataBuffer.putInt(integer); 164 dataBuffer.rewind(); 165 166 byte[] zeroPad = new byte[INTEGER_BYTE_SIZE - arraySize]; 167 byte[] byteData = new byte[arraySize]; 168 dataBuffer.get(zeroPad).get(byteData); 169 170 return byteData; 171 } 172 173 /** @hide */ byteArrayToInteger(byte[] byteArray)174 protected static int byteArrayToInteger(byte[] byteArray) { 175 if (byteArray == null || byteArray.length > INTEGER_BYTE_SIZE) { 176 throw new IllegalArgumentException("Cannot convert the byte array to integer"); 177 } 178 179 ByteBuffer dataBuffer = ByteBuffer.allocate(INTEGER_BYTE_SIZE); 180 byte[] zeroPad = new byte[INTEGER_BYTE_SIZE - byteArray.length]; 181 dataBuffer.put(zeroPad).put(byteArray); 182 dataBuffer.rewind(); 183 184 return dataBuffer.getInt(); 185 } 186 187 /** 188 * Returns the IKE protocol error type of this {@link IkeProtocolException} instance. 189 * 190 * @return the IKE standard protocol error type defined in {@link IkeProtocolException} or the 191 * error code for an unrecognized error type. 192 */ 193 @ErrorType getErrorType()194 public int getErrorType() { 195 return mErrorType; 196 } 197 198 /** 199 * Returns the included error data of this {@link IkeProtocolException} instance. 200 * 201 * <p>Note that only few error types will go with an error data. This data has different meaning 202 * with different error types. Callers should first check if an error data is included before 203 * they call this method. 204 * 205 * @return the included error data in byte array, or {@code null} if no error data is available. 206 * @hide 207 */ 208 @SystemApi 209 @Nullable getErrorData()210 public byte[] getErrorData() { 211 return mErrorData; 212 } 213 214 /** 215 * Build an IKE Notification Payload for this {@link IkeProtocolException} instance. 216 * 217 * @return the notification payload. 218 * @hide 219 */ buildNotifyPayload()220 public IkeNotifyPayload buildNotifyPayload() { 221 return new IkeNotifyPayload(mErrorType, mErrorData); 222 } 223 } 224