1 /* 2 * Copyright (C) 2019 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package android.net.ipsec.ike.exceptions; 17 18 import android.net.ipsec.ike.ChildSessionCallback; 19 import android.net.ipsec.ike.IkeSessionCallback; 20 21 /** 22 * This exception is thrown when the remote server expected a different Diffie-Hellman group. 23 * 24 * <p>This exception indicates that the remote server received a different KE payload in the Child 25 * creation request from accepted Diffie-Hellman group. Callers can retry Child creation by 26 * proposing the expected DH group included in this exception. 27 * 28 * @see <a href="https://tools.ietf.org/html/rfc7296#section-1.3">RFC 7296, Internet Key Exchange 29 * Protocol Version 2 (IKEv2)</a> 30 */ 31 // Responder should include an INVALID_KE_PAYLOAD Notify payload in a response message for both 32 // IKE INIT exchange and other SA negotiation exchanges after IKE is setup, as per RFC 7296 33 // section-1.3. 34 public final class InvalidKeException extends IkeProtocolException { 35 private static final int EXPECTED_ERROR_DATA_LEN = 2; 36 37 /** 38 * Construct an instance of InvalidKeException. 39 * 40 * <p>Except for testing, IKE library users normally do not instantiate this object themselves 41 * but instead get a reference via {@link IkeSessionCallback} or {@link ChildSessionCallback}. 42 * 43 * @param dhGroup the expected DH group 44 */ InvalidKeException(int dhGroup)45 public InvalidKeException(int dhGroup) { 46 super(ERROR_TYPE_INVALID_KE_PAYLOAD, integerToByteArray(dhGroup, EXPECTED_ERROR_DATA_LEN)); 47 } 48 49 /** 50 * Construct a instance of InvalidKeException from a notify payload. 51 * 52 * @param notifyData the notify data included in the payload. 53 * @hide 54 */ InvalidKeException(byte[] notifyData)55 public InvalidKeException(byte[] notifyData) { 56 super(ERROR_TYPE_INVALID_KE_PAYLOAD, notifyData); 57 } 58 59 /** 60 * Return the expected DH Group included in this exception. 61 * 62 * @return the expected DH Group. 63 */ getDhGroup()64 public int getDhGroup() { 65 return byteArrayToInteger(getErrorData()); 66 } 67 68 /** @hide */ 69 @Override isValidDataLength(int dataLen)70 protected boolean isValidDataLength(int dataLen) { 71 return EXPECTED_ERROR_DATA_LEN == dataLen; 72 } 73 } 74