1 /* 2 * Copyright 2020 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package android.telephony.gba; 17 18 import android.annotation.IntDef; 19 import android.annotation.SystemApi; 20 21 import java.lang.annotation.Retention; 22 import java.lang.annotation.RetentionPolicy; 23 import java.util.Arrays; 24 25 /** 26 * Defines the TLS parameters for GBA as per IANA and TS 33.210, which are used 27 * by some UA security protocol identifiers defined in 3GPP TS 33.220 Annex H, 28 * and 3GPP TS 33.222. 29 * 30 * @hide 31 */ 32 @SystemApi 33 public class TlsParams { 34 TlsParams()35 private TlsParams() {} 36 37 /** 38 * TLS protocol version supported by GBA 39 */ 40 public static final int PROTOCOL_VERSION_TLS_1_2 = 0x0303; 41 public static final int PROTOCOL_VERSION_TLS_1_3 = 0x0304; 42 43 /** 44 * TLS cipher suites are used to create {@link UaSecurityProtocolIdentifier} 45 * by {@link UaSecurityProtocolIdentifier#create3GppUaSpId} 46 * 47 * @hide 48 */ 49 @Retention(RetentionPolicy.SOURCE) 50 @IntDef( 51 prefix = {"TLS_"}, 52 value = { 53 TLS_NULL_WITH_NULL_NULL, 54 TLS_RSA_WITH_NULL_MD5, 55 TLS_RSA_WITH_NULL_SHA, 56 TLS_RSA_WITH_RC4_128_MD5, 57 TLS_RSA_WITH_RC4_128_SHA, 58 TLS_RSA_WITH_3DES_EDE_CBC_SHA, 59 TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA, 60 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA, 61 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 62 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 63 TLS_DH_ANON_WITH_RC4_128_MD5, 64 TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA, 65 TLS_RSA_WITH_AES_128_CBC_SHA, 66 TLS_DH_DSS_WITH_AES_128_CBC_SHA, 67 TLS_DH_RSA_WITH_AES_128_CBC_SHA, 68 TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 69 TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 70 TLS_DH_ANON_WITH_AES_128_CBC_SHA, 71 TLS_RSA_WITH_AES_256_CBC_SHA, 72 TLS_DH_DSS_WITH_AES_256_CBC_SHA, 73 TLS_DH_RSA_WITH_AES_256_CBC_SHA, 74 TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 75 TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 76 TLS_DH_ANON_WITH_AES_256_CBC_SHA, 77 TLS_RSA_WITH_NULL_SHA256, 78 TLS_RSA_WITH_AES_128_CBC_SHA256, 79 TLS_RSA_WITH_AES_256_CBC_SHA256, 80 TLS_DH_DSS_WITH_AES_128_CBC_SHA256, 81 TLS_DH_RSA_WITH_AES_128_CBC_SHA256, 82 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, 83 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, 84 TLS_DH_DSS_WITH_AES_256_CBC_SHA256, 85 TLS_DH_RSA_WITH_AES_256_CBC_SHA256, 86 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, 87 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, 88 TLS_DH_ANON_WITH_AES_128_CBC_SHA256, 89 TLS_DH_ANON_WITH_AES_256_CBC_SHA256, 90 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 91 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, 92 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, 93 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, 94 TLS_AES_128_GCM_SHA256, 95 TLS_AES_256_GCM_SHA384, 96 TLS_CHACHA20_POLY1305_SHA256, 97 TLS_AES_128_CCM_SHA256, 98 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 99 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 100 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 101 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 102 TLS_DHE_RSA_WITH_AES_128_CCM, 103 TLS_DHE_RSA_WITH_AES_256_CCM, 104 TLS_DHE_PSK_WITH_AES_128_CCM, 105 TLS_DHE_PSK_WITH_AES_256_CCM, 106 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 107 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 108 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 109 TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256, 110 TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256, 111 TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256, 112 TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384, 113 TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 114 }) 115 public @interface TlsCipherSuite {} 116 117 // Cipher suites for TLS v1.2 per RFC5246 118 public static final int TLS_NULL_WITH_NULL_NULL = 0x0000; 119 public static final int TLS_RSA_WITH_NULL_MD5 = 0x0001; 120 public static final int TLS_RSA_WITH_NULL_SHA = 0x0002; 121 public static final int TLS_RSA_WITH_RC4_128_MD5 = 0x0004; 122 public static final int TLS_RSA_WITH_RC4_128_SHA = 0x0005; 123 public static final int TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A; 124 public static final int TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D; 125 public static final int TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010; 126 public static final int TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013; 127 public static final int TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016; 128 public static final int TLS_DH_ANON_WITH_RC4_128_MD5 = 0x0018; 129 public static final int TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA = 0x001B; 130 public static final int TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F; 131 public static final int TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030; 132 public static final int TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031; 133 public static final int TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032; 134 public static final int TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033; 135 public static final int TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034; 136 public static final int TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035; 137 public static final int TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036; 138 public static final int TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037; 139 public static final int TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038; 140 public static final int TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039; 141 public static final int TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A; 142 public static final int TLS_RSA_WITH_NULL_SHA256 = 0x003B; 143 public static final int TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C; 144 public static final int TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D; 145 public static final int TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E; 146 public static final int TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F; 147 public static final int TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040; 148 public static final int TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067; 149 public static final int TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068; 150 public static final int TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069; 151 public static final int TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A; 152 public static final int TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B; 153 public static final int TLS_DH_ANON_WITH_AES_128_CBC_SHA256 = 0x006C; 154 public static final int TLS_DH_ANON_WITH_AES_256_CBC_SHA256 = 0x006D; 155 156 // Cipher suites for TLS v1.3 per RFC8446 and recommended by IANA 157 public static final int TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E; 158 public static final int TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F; 159 public static final int TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA; 160 public static final int TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB; 161 public static final int TLS_AES_128_GCM_SHA256 = 0x1301; 162 public static final int TLS_AES_256_GCM_SHA384 = 0x1302; 163 public static final int TLS_CHACHA20_POLY1305_SHA256 = 0x1303; 164 public static final int TLS_AES_128_CCM_SHA256 = 0x1304; 165 public static final int TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B; 166 public static final int TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C; 167 public static final int TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F; 168 public static final int TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030; 169 public static final int TLS_DHE_RSA_WITH_AES_128_CCM = 0xC09E; 170 public static final int TLS_DHE_RSA_WITH_AES_256_CCM = 0xC09F; 171 public static final int TLS_DHE_PSK_WITH_AES_128_CCM = 0xC0A6; 172 public static final int TLS_DHE_PSK_WITH_AES_256_CCM = 0xC0A7; 173 public static final int TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA8; 174 public static final int TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA9; 175 public static final int TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCAA; 176 public static final int TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xCCAC; 177 public static final int TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xCCAD; 178 public static final int TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 = 0xD001; 179 public static final int TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 = 0xD002; 180 public static final int TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 = 0xD005; 181 182 private static final int[] CS_EXPECTED = { 183 TLS_NULL_WITH_NULL_NULL, 184 TLS_RSA_WITH_NULL_MD5, 185 TLS_RSA_WITH_NULL_SHA, 186 TLS_RSA_WITH_RC4_128_MD5, 187 TLS_RSA_WITH_RC4_128_SHA, 188 TLS_RSA_WITH_3DES_EDE_CBC_SHA, 189 TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA, 190 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA, 191 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 192 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 193 TLS_DH_ANON_WITH_RC4_128_MD5, 194 TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA, 195 TLS_RSA_WITH_AES_128_CBC_SHA, 196 TLS_DH_DSS_WITH_AES_128_CBC_SHA, 197 TLS_DH_RSA_WITH_AES_128_CBC_SHA, 198 TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 199 TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 200 TLS_DH_ANON_WITH_AES_128_CBC_SHA, 201 TLS_RSA_WITH_AES_256_CBC_SHA, 202 TLS_DH_DSS_WITH_AES_256_CBC_SHA, 203 TLS_DH_RSA_WITH_AES_256_CBC_SHA, 204 TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 205 TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 206 TLS_DH_ANON_WITH_AES_256_CBC_SHA, 207 TLS_RSA_WITH_NULL_SHA256, 208 TLS_RSA_WITH_AES_128_CBC_SHA256, 209 TLS_RSA_WITH_AES_256_CBC_SHA256, 210 TLS_DH_DSS_WITH_AES_128_CBC_SHA256, 211 TLS_DH_RSA_WITH_AES_128_CBC_SHA256, 212 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, 213 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, 214 TLS_DH_DSS_WITH_AES_256_CBC_SHA256, 215 TLS_DH_RSA_WITH_AES_256_CBC_SHA256, 216 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, 217 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, 218 TLS_DH_ANON_WITH_AES_128_CBC_SHA256, 219 TLS_DH_ANON_WITH_AES_256_CBC_SHA256, 220 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 221 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, 222 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, 223 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, 224 TLS_AES_128_GCM_SHA256, 225 TLS_AES_256_GCM_SHA384, 226 TLS_CHACHA20_POLY1305_SHA256, 227 TLS_AES_128_CCM_SHA256, 228 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 229 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 230 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 231 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 232 TLS_DHE_RSA_WITH_AES_128_CCM, 233 TLS_DHE_RSA_WITH_AES_256_CCM, 234 TLS_DHE_PSK_WITH_AES_128_CCM, 235 TLS_DHE_PSK_WITH_AES_256_CCM, 236 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 237 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 238 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 239 TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256, 240 TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256, 241 TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256, 242 TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384, 243 TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 244 }; 245 246 /** 247 * TLS supported groups required by TS 33.210 248 */ 249 public static final int GROUP_SECP256R1 = 23; 250 public static final int GROUP_SECP384R1 = 24; 251 public static final int GROUP_X25519 = 29; 252 public static final int GROUP_X448 = 30; 253 254 /** 255 * Signature algorithms shall be supported as per TS 33.210 256 */ 257 public static final int SIG_RSA_PKCS1_SHA1 = 0X0201; 258 public static final int SIG_ECDSA_SHA1 = 0X0203; 259 public static final int SIG_RSA_PKCS1_SHA256 = 0X0401; 260 public static final int SIG_ECDSA_SECP256R1_SHA256 = 0X0403; 261 public static final int SIG_RSA_PKCS1_SHA256_LEGACY = 0X0420; 262 public static final int SIG_RSA_PKCS1_SHA384 = 0X0501; 263 public static final int SIG_ECDSA_SECP384R1_SHA384 = 0X0503; 264 public static final int SIG_RSA_PKCS1_SHA384_LEGACY = 0X0520; 265 public static final int SIG_RSA_PKCS1_SHA512 = 0X0601; 266 public static final int SIG_ECDSA_SECP521R1_SHA512 = 0X0603; 267 public static final int SIG_RSA_PKCS1_SHA512_LEGACY = 0X0620; 268 public static final int SIG_RSA_PSS_RSAE_SHA256 = 0X0804; 269 public static final int SIG_RSA_PSS_RSAE_SHA384 = 0X0805; 270 public static final int SIG_RSA_PSS_RSAE_SHA512 = 0X0806; 271 public static final int SIG_ECDSA_BRAINPOOLP256R1TLS13_SHA256 = 0X081A; 272 public static final int SIG_ECDSA_BRAINPOOLP384R1TLS13_SHA384 = 0X081B; 273 public static final int SIG_ECDSA_BRAINPOOLP512R1TLS13_SHA512 = 0X081C; 274 275 /** 276 * Returns whether the TLS cipher suite id is supported 277 */ isTlsCipherSuiteSupported(int csId)278 public static boolean isTlsCipherSuiteSupported(int csId) { 279 return Arrays.binarySearch(CS_EXPECTED, csId) >= 0; 280 } 281 } 282