From ed0fcf1faf6dfab919fb4df6fa3beca46b1be92f Mon Sep 17 00:00:00 2001
From: Nathan Harold <nharold@google.com>
Date: Thu, 6 Apr 2017 18:16:28 -0700
Subject: [PATCH] IpSecManager and IpSecAlgorithm API Tweaks

-Add a reserveSecurityParamterIndex() function that allows the
 system to select an SPI.
-Disallow INVALID_SECURITY_PARAMETER_INDEX from being passed as
 an explicit SPI request.
-Remove the ALGO_ prefix from constants in IpSecAlgorithm

Bug: 36073210
Test: Updated CTS tests still pass on bullhead
Change-Id: Ic94809996076b0718f153f550b82192fe7048a2e
---
 core/java/android/net/IpSecAlgorithm.java | 34 +++++++++++------------
 core/java/android/net/IpSecManager.java   | 31 ++++++++++++++++++++-
 2 files changed, 47 insertions(+), 18 deletions(-)

diff --git a/core/java/android/net/IpSecAlgorithm.java b/core/java/android/net/IpSecAlgorithm.java
index 7fea4a25ca..ce7894fb3b 100644
--- a/core/java/android/net/IpSecAlgorithm.java
+++ b/core/java/android/net/IpSecAlgorithm.java
@@ -32,7 +32,7 @@ public final class IpSecAlgorithm implements Parcelable {
      *
      * <p>Valid lengths for this key are {128, 192, 256}.
      */
-    public static final String ALGO_CRYPT_AES_CBC = "cbc(aes)";
+    public static final String CRYPT_AES_CBC = "cbc(aes)";
 
     /**
      * MD5 HMAC Authentication/Integrity Algorithm. This algorithm is not recommended for use in new
@@ -40,7 +40,7 @@ public final class IpSecAlgorithm implements Parcelable {
      *
      * <p>Valid truncation lengths are multiples of 8 bits from 96 to (default) 128.
      */
-    public static final String ALGO_AUTH_HMAC_MD5 = "hmac(md5)";
+    public static final String AUTH_HMAC_MD5 = "hmac(md5)";
 
     /**
      * SHA1 HMAC Authentication/Integrity Algorithm. This algorithm is not recommended for use in
@@ -48,35 +48,35 @@ public final class IpSecAlgorithm implements Parcelable {
      *
      * <p>Valid truncation lengths are multiples of 8 bits from 96 to (default) 160.
      */
-    public static final String ALGO_AUTH_HMAC_SHA1 = "hmac(sha1)";
+    public static final String AUTH_HMAC_SHA1 = "hmac(sha1)";
 
     /**
      * SHA256 HMAC Authentication/Integrity Algorithm.
      *
      * <p>Valid truncation lengths are multiples of 8 bits from 96 to (default) 256.
      */
-    public static final String ALGO_AUTH_HMAC_SHA256 = "hmac(sha256)";
+    public static final String AUTH_HMAC_SHA256 = "hmac(sha256)";
 
     /**
      * SHA384 HMAC Authentication/Integrity Algorithm.
      *
      * <p>Valid truncation lengths are multiples of 8 bits from 192 to (default) 384.
      */
-    public static final String ALGO_AUTH_HMAC_SHA384 = "hmac(sha384)";
+    public static final String AUTH_HMAC_SHA384 = "hmac(sha384)";
     /**
      * SHA512 HMAC Authentication/Integrity Algorithm
      *
      * <p>Valid truncation lengths are multiples of 8 bits from 256 to (default) 512.
      */
-    public static final String ALGO_AUTH_HMAC_SHA512 = "hmac(sha512)";
+    public static final String AUTH_HMAC_SHA512 = "hmac(sha512)";
 
     /** @hide */
     @StringDef({
-        ALGO_CRYPT_AES_CBC,
-        ALGO_AUTH_HMAC_MD5,
-        ALGO_AUTH_HMAC_SHA1,
-        ALGO_AUTH_HMAC_SHA256,
-        ALGO_AUTH_HMAC_SHA512
+        CRYPT_AES_CBC,
+        AUTH_HMAC_MD5,
+        AUTH_HMAC_SHA1,
+        AUTH_HMAC_SHA256,
+        AUTH_HMAC_SHA512
     })
     @Retention(RetentionPolicy.SOURCE)
     public @interface AlgorithmName {}
@@ -164,17 +164,17 @@ public final class IpSecAlgorithm implements Parcelable {
 
     private static boolean isTruncationLengthValid(String algo, int truncLenBits) {
         switch (algo) {
-            case ALGO_CRYPT_AES_CBC:
+            case CRYPT_AES_CBC:
                 return (truncLenBits == 128 || truncLenBits == 192 || truncLenBits == 256);
-            case ALGO_AUTH_HMAC_MD5:
+            case AUTH_HMAC_MD5:
                 return (truncLenBits >= 96 && truncLenBits <= 128);
-            case ALGO_AUTH_HMAC_SHA1:
+            case AUTH_HMAC_SHA1:
                 return (truncLenBits >= 96 && truncLenBits <= 160);
-            case ALGO_AUTH_HMAC_SHA256:
+            case AUTH_HMAC_SHA256:
                 return (truncLenBits >= 96 && truncLenBits <= 256);
-            case ALGO_AUTH_HMAC_SHA384:
+            case AUTH_HMAC_SHA384:
                 return (truncLenBits >= 192 && truncLenBits <= 384);
-            case ALGO_AUTH_HMAC_SHA512:
+            case AUTH_HMAC_SHA512:
                 return (truncLenBits >= 256 && truncLenBits <= 512);
             default:
                 return false;
diff --git a/core/java/android/net/IpSecManager.java b/core/java/android/net/IpSecManager.java
index 6852beb065..4bfeb096df 100644
--- a/core/java/android/net/IpSecManager.java
+++ b/core/java/android/net/IpSecManager.java
@@ -193,15 +193,44 @@ public final class IpSecManager {
      *
      * @param direction {@link IpSecTransform#DIRECTION_IN} or {@link IpSecTransform#DIRECTION_OUT}
      * @param remoteAddress address of the remote. SPIs must be unique for each remoteAddress.
-     * @param requestedSpi the requested SPI, or '0' to allocate a random SPI.
      * @return the reserved SecurityParameterIndex
      * @throws ResourceUnavailableException indicating that too many SPIs are currently allocated
      *     for this user
      * @throws SpiUnavailableException indicating that a particular SPI cannot be reserved
      */
+    public SecurityParameterIndex reserveSecurityParameterIndex(
+            int direction, InetAddress remoteAddress)
+            throws ResourceUnavailableException {
+        try {
+            return new SecurityParameterIndex(
+                    mService,
+                    direction,
+                    remoteAddress,
+                    IpSecManager.INVALID_SECURITY_PARAMETER_INDEX);
+        } catch (SpiUnavailableException unlikely) {
+            throw new ResourceUnavailableException("No SPIs available");
+        }
+    }
+
+    /**
+     * Reserve an SPI for traffic bound towards the specified remote address.
+     *
+     * <p>If successful, this SPI is guaranteed available until released by a call to {@link
+     * SecurityParameterIndex#close()}.
+     *
+     * @param direction {@link IpSecTransform#DIRECTION_IN} or {@link IpSecTransform#DIRECTION_OUT}
+     * @param remoteAddress address of the remote. SPIs must be unique for each remoteAddress.
+     * @param requestedSpi the requested SPI, or '0' to allocate a random SPI.
+     * @return the reserved SecurityParameterIndex
+     * @throws ResourceUnavailableException indicating that too many SPIs are currently allocated
+     *     for this user
+     */
     public SecurityParameterIndex reserveSecurityParameterIndex(
             int direction, InetAddress remoteAddress, int requestedSpi)
             throws SpiUnavailableException, ResourceUnavailableException {
+        if (requestedSpi == IpSecManager.INVALID_SECURITY_PARAMETER_INDEX) {
+            throw new IllegalArgumentException("Requested SPI must be a valid (non-zero) SPI");
+        }
         return new SecurityParameterIndex(mService, direction, remoteAddress, requestedSpi);
     }