/* * Copyright (C) 2017 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package android.net; import android.annotation.NonNull; import android.annotation.StringDef; import android.content.res.Resources; import android.os.Build; import android.os.Parcel; import android.os.Parcelable; import com.android.internal.annotations.VisibleForTesting; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.util.Arrays; import java.util.Collections; import java.util.HashMap; import java.util.HashSet; import java.util.Map; import java.util.Map.Entry; import java.util.Set; /** * This class represents a single algorithm that can be used by an {@link IpSecTransform}. * * @see RFC 4301, Security Architecture for the * Internet Protocol */ public final class IpSecAlgorithm implements Parcelable { private static final String TAG = "IpSecAlgorithm"; /** * Null cipher. * * @hide */ public static final String CRYPT_NULL = "ecb(cipher_null)"; /** * AES-CBC Encryption/Ciphering Algorithm. * *
Valid lengths for this key are {128, 192, 256}. */ public static final String CRYPT_AES_CBC = "cbc(aes)"; /** * AES-CTR Encryption/Ciphering Algorithm. * *
Valid lengths for keying material are {160, 224, 288}. * *
As per RFC3686 (Section * 5.1), keying material consists of a 128, 192, or 256 bit AES key followed by a 32-bit * nonce. RFC compliance requires that the nonce must be unique per security association. * *
This algorithm may be available on the device. Caller MUST check if it is supported before * using it by calling {@link #getSupportedAlgorithms()} and checking if this algorithm is * included in the returned algorithm set. The returned algorithm set will not change unless the * device is rebooted. {@link IllegalArgumentException} will be thrown if this algorithm is * requested on an unsupported device. * *
@see {@link #getSupportedAlgorithms()} */ // This algorithm may be available on devices released before Android 12, and is guaranteed // to be available on devices first shipped with Android 12 or later. public static final String CRYPT_AES_CTR = "rfc3686(ctr(aes))"; /** * MD5 HMAC Authentication/Integrity Algorithm. This algorithm is not recommended for use in * new applications and is provided for legacy compatibility with 3gpp infrastructure. * *
Keys for this algorithm must be 128 bits in length. * *
Valid truncation lengths are multiples of 8 bits from 96 to 128. */ public static final String AUTH_HMAC_MD5 = "hmac(md5)"; /** * SHA1 HMAC Authentication/Integrity Algorithm. This algorithm is not recommended for use in * new applications and is provided for legacy compatibility with 3gpp infrastructure. * *
Keys for this algorithm must be 160 bits in length. * *
Valid truncation lengths are multiples of 8 bits from 96 to 160. */ public static final String AUTH_HMAC_SHA1 = "hmac(sha1)"; /** * SHA256 HMAC Authentication/Integrity Algorithm. * *
Keys for this algorithm must be 256 bits in length. * *
Valid truncation lengths are multiples of 8 bits from 96 to 256. */ public static final String AUTH_HMAC_SHA256 = "hmac(sha256)"; /** * SHA384 HMAC Authentication/Integrity Algorithm. * *
Keys for this algorithm must be 384 bits in length. * *
Valid truncation lengths are multiples of 8 bits from 192 to 384. */ public static final String AUTH_HMAC_SHA384 = "hmac(sha384)"; /** * SHA512 HMAC Authentication/Integrity Algorithm. * *
Keys for this algorithm must be 512 bits in length. * *
Valid truncation lengths are multiples of 8 bits from 256 to 512. */ public static final String AUTH_HMAC_SHA512 = "hmac(sha512)"; /** * AES-XCBC Authentication/Integrity Algorithm. * *
Keys for this algorithm must be 128 bits in length. * *
The only valid truncation length is 96 bits. * *
This algorithm may be available on the device. Caller MUST check if it is supported before * using it by calling {@link #getSupportedAlgorithms()} and checking if this algorithm is * included in the returned algorithm set. The returned algorithm set will not change unless the * device is rebooted. {@link IllegalArgumentException} will be thrown if this algorithm is * requested on an unsupported device. * *
@see {@link #getSupportedAlgorithms()} */ // This algorithm may be available on devices released before Android 12, and is guaranteed // to be available on devices first shipped with Android 12 or later. public static final String AUTH_AES_XCBC = "xcbc(aes)"; /** * AES-CMAC Authentication/Integrity Algorithm. * *
Keys for this algorithm must be 128 bits in length. * *
The only valid truncation length is 96 bits. * *
This algorithm may be available on the device. Caller MUST check if it is supported before * using it by calling {@link #getSupportedAlgorithms()} and checking if this algorithm is * included in the returned algorithm set. The returned algorithm set will not change unless the * device is rebooted. {@link IllegalArgumentException} will be thrown if this algorithm is * requested on an unsupported device. * *
@see {@link #getSupportedAlgorithms()} */ // This algorithm may be available on devices released before Android 12, and is guaranteed // to be available on devices first shipped with Android 12 or later. public static final String AUTH_AES_CMAC = "cmac(aes)"; /** * AES-GCM Authentication/Integrity + Encryption/Ciphering Algorithm. * *
Valid lengths for keying material are {160, 224, 288}. * *
As per RFC4106 (Section * 8.1), keying material consists of a 128, 192, or 256 bit AES key followed by a 32-bit * salt. RFC compliance requires that the salt must be unique per invocation with the same key. * *
Valid ICV (truncation) lengths are {64, 96, 128}. */ public static final String AUTH_CRYPT_AES_GCM = "rfc4106(gcm(aes))"; /** * ChaCha20-Poly1305 Authentication/Integrity + Encryption/Ciphering Algorithm. * *
Keys for this algorithm must be 288 bits in length. * *
As per RFC7634 (Section 2), * keying material consists of a 256 bit key followed by a 32-bit salt. The salt is fixed per * security association. * *
The only valid ICV (truncation) length is 128 bits. * *
This algorithm may be available on the device. Caller MUST check if it is supported before * using it by calling {@link #getSupportedAlgorithms()} and checking if this algorithm is * included in the returned algorithm set. The returned algorithm set will not change unless the * device is rebooted. {@link IllegalArgumentException} will be thrown if this algorithm is * requested on an unsupported device. * *
@see {@link #getSupportedAlgorithms()}
     */
    // This algorithm may be available on devices released before Android 12, and is guaranteed
    // to be available on devices first shipped with Android 12 or later.
    public static final String AUTH_CRYPT_CHACHA20_POLY1305 = "rfc7539esp(chacha20,poly1305)";
    /** @hide */
    @StringDef({
        CRYPT_AES_CBC,
        CRYPT_AES_CTR,
        AUTH_HMAC_MD5,
        AUTH_HMAC_SHA1,
        AUTH_HMAC_SHA256,
        AUTH_HMAC_SHA384,
        AUTH_HMAC_SHA512,
        AUTH_AES_XCBC,
        AUTH_AES_CMAC,
        AUTH_CRYPT_AES_GCM,
        AUTH_CRYPT_CHACHA20_POLY1305
    })
    @Retention(RetentionPolicy.SOURCE)
    public @interface AlgorithmName {}
    /** @hide */
    @VisibleForTesting
    public static final Map For algorithms that produce an integrity check value, the truncation length is a required
     * parameter. See {@link #IpSecAlgorithm(String algorithm, byte[] key, int truncLenBits)}
     *
     * @param algorithm name of the algorithm.
     * @param key key padded to a multiple of 8 bits.
     * @throws IllegalArgumentException if algorithm or key length is invalid.
     */
    public IpSecAlgorithm(@NonNull @AlgorithmName String algorithm, @NonNull byte[] key) {
        this(algorithm, key, 0);
    }
    /**
     * Creates an IpSecAlgorithm of one of the supported types. Supported algorithm names are
     * defined as constants in this class.
     *
     *  This constructor only supports algorithms that use a truncation length. i.e.
     * Authentication and Authenticated Encryption algorithms.
     *
     * @param algorithm name of the algorithm.
     * @param key key padded to a multiple of 8 bits.
     * @param truncLenBits number of bits of output hash to use.
     * @throws IllegalArgumentException if algorithm, key length or truncation length is invalid.
     */
    public IpSecAlgorithm(
            @NonNull @AlgorithmName String algorithm, @NonNull byte[] key, int truncLenBits) {
        mName = algorithm;
        mKey = key.clone();
        mTruncLenBits = truncLenBits;
        checkValidOrThrow(mName, mKey.length * 8, mTruncLenBits);
    }
    /** Get the algorithm name */
    @NonNull
    public String getName() {
        return mName;
    }
    /** Get the key for this algorithm */
    @NonNull
    public byte[] getKey() {
        return mKey.clone();
    }
    /** Get the truncation length of this algorithm, in bits */
    public int getTruncationLengthBits() {
        return mTruncLenBits;
    }
    /** Parcelable Implementation */
    public int describeContents() {
        return 0;
    }
    /** Write to parcel */
    public void writeToParcel(Parcel out, int flags) {
        out.writeString(mName);
        out.writeByteArray(mKey);
        out.writeInt(mTruncLenBits);
    }
    /** Parcelable Creator */
    public static final @android.annotation.NonNull Parcelable.Creator Some algorithms may not be supported on old devices. Callers MUST check if an algorithm is
     * supported before using it.
     */
    @NonNull
    public static Set