1 /* 2 * Copyright (C) 2023 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.telephony; 18 19 import android.annotation.FlaggedApi; 20 import android.annotation.IntDef; 21 import android.annotation.NonNull; 22 import android.annotation.SystemApi; 23 import android.annotation.TestApi; 24 import android.os.Parcel; 25 import android.os.Parcelable; 26 27 import com.android.internal.telephony.flags.Flags; 28 29 import java.lang.annotation.Retention; 30 import java.lang.annotation.RetentionPolicy; 31 import java.util.Objects; 32 33 /** 34 * A single occurrence capturing a notable change to previously reported 35 * cryptography algorithms for a given network and network event. 36 * 37 * @hide 38 */ 39 @SystemApi 40 @FlaggedApi(Flags.FLAG_SECURITY_ALGORITHMS_UPDATE_INDICATIONS) 41 public final class SecurityAlgorithmUpdate implements Parcelable { 42 private static final String TAG = "SecurityAlgorithmUpdate"; 43 44 /** 2G GSM circuit switched */ 45 public static final int CONNECTION_EVENT_CS_SIGNALLING_GSM = 0; 46 /** 2G GPRS packet services */ 47 public static final int CONNECTION_EVENT_PS_SIGNALLING_GPRS = 1; 48 /** 3G circuit switched*/ 49 public static final int CONNECTION_EVENT_CS_SIGNALLING_3G = 2; 50 /** 3G packet switched*/ 51 public static final int CONNECTION_EVENT_PS_SIGNALLING_3G = 3; 52 /** 4G Non-access stratum */ 53 public static final int CONNECTION_EVENT_NAS_SIGNALLING_LTE = 4; 54 /** 4G Access-stratum */ 55 public static final int CONNECTION_EVENT_AS_SIGNALLING_LTE = 5; 56 /** VOLTE SIP */ 57 public static final int CONNECTION_EVENT_VOLTE_SIP = 6; 58 /** VOLTE SIP SOS (emergency) */ 59 public static final int CONNECTION_EVENT_VOLTE_SIP_SOS = 7; 60 /** VOLTE RTP */ 61 public static final int CONNECTION_EVENT_VOLTE_RTP = 8; 62 /** VOLTE RTP SOS (emergency) */ 63 public static final int CONNECTION_EVENT_VOLTE_RTP_SOS = 9; 64 /** 5G Non-access stratum */ 65 public static final int CONNECTION_EVENT_NAS_SIGNALLING_5G = 10; 66 /** 5G Access stratum */ 67 public static final int CONNECTION_EVENT_AS_SIGNALLING_5G = 11; 68 /** VoNR SIP */ 69 public static final int CONNECTION_EVENT_VONR_SIP = 12; 70 /** VoNR SIP SOS (emergency) */ 71 public static final int CONNECTION_EVENT_VONR_SIP_SOS = 13; 72 /** VoNR RTP */ 73 public static final int CONNECTION_EVENT_VONR_RTP = 14; 74 /** VoNR RTP SOS (emergency) */ 75 public static final int CONNECTION_EVENT_VONR_RTP_SOS = 15; 76 77 /** @hide */ 78 @Retention(RetentionPolicy.SOURCE) 79 @IntDef(prefix = {"CONNECTION_EVENT_"}, value = {CONNECTION_EVENT_CS_SIGNALLING_GSM, 80 CONNECTION_EVENT_PS_SIGNALLING_GPRS, CONNECTION_EVENT_CS_SIGNALLING_3G, 81 CONNECTION_EVENT_PS_SIGNALLING_3G, CONNECTION_EVENT_NAS_SIGNALLING_LTE, 82 CONNECTION_EVENT_AS_SIGNALLING_LTE, CONNECTION_EVENT_VOLTE_SIP, 83 CONNECTION_EVENT_VOLTE_SIP_SOS, CONNECTION_EVENT_VOLTE_RTP, 84 CONNECTION_EVENT_VOLTE_RTP_SOS, CONNECTION_EVENT_NAS_SIGNALLING_5G, 85 CONNECTION_EVENT_AS_SIGNALLING_5G, CONNECTION_EVENT_VONR_SIP, 86 CONNECTION_EVENT_VONR_SIP_SOS, CONNECTION_EVENT_VONR_RTP, 87 CONNECTION_EVENT_VONR_RTP_SOS}) 88 public @interface ConnectionEvent { 89 } 90 91 /* GSM CS services, see 3GPP TS 43.020 for details */ 92 /** A5/0 - the null cipher */ 93 public static final int SECURITY_ALGORITHM_A50 = 0; 94 /** A5/1 cipher */ 95 public static final int SECURITY_ALGORITHM_A51 = 1; 96 /** A5/2 cipher */ 97 public static final int SECURITY_ALGORITHM_A52 = 2; 98 /** A5/3 cipher */ 99 public static final int SECURITY_ALGORITHM_A53 = 3; 100 /** A5/4 cipher */ 101 public static final int SECURITY_ALGORITHM_A54 = 4; 102 /* GPRS PS services (3GPP TS 43.020) */ 103 /** GEA0 - null cipher */ 104 public static final int SECURITY_ALGORITHM_GEA0 = 14; 105 /** GEA1 cipher */ 106 public static final int SECURITY_ALGORITHM_GEA1 = 15; 107 /** GEA2 cipher */ 108 public static final int SECURITY_ALGORITHM_GEA2 = 16; 109 /** GEA3 cipher */ 110 public static final int SECURITY_ALGORITHM_GEA3 = 17; 111 /** GEA4 cipher */ 112 public static final int SECURITY_ALGORITHM_GEA4 = 18; 113 /** GEA5 cipher */ 114 public static final int SECURITY_ALGORITHM_GEA5 = 19; 115 /* 3G PS/CS services (3GPP TS 33.102) */ 116 /** UEA0 - null cipher */ 117 public static final int SECURITY_ALGORITHM_UEA0 = 29; 118 /** UEA1 cipher */ 119 public static final int SECURITY_ALGORITHM_UEA1 = 30; 120 /** UEA2 cipher */ 121 public static final int SECURITY_ALGORITHM_UEA2 = 31; 122 /* 4G PS services & 5G NSA (3GPP TS 33.401) */ 123 /** EEA0 - null cipher */ 124 public static final int SECURITY_ALGORITHM_EEA0 = 41; 125 /** EEA1 */ 126 public static final int SECURITY_ALGORITHM_EEA1 = 42; 127 /** EEA2 */ 128 public static final int SECURITY_ALGORITHM_EEA2 = 43; 129 /** EEA3 */ 130 public static final int SECURITY_ALGORITHM_EEA3 = 44; 131 /* 5G PS services (3GPP TS 33.401 for 5G NSA and 3GPP TS 33.501 for 5G SA) */ 132 /** NEA0 - the null cipher */ 133 public static final int SECURITY_ALGORITHM_NEA0 = 55; 134 /** NEA1 */ 135 public static final int SECURITY_ALGORITHM_NEA1 = 56; 136 /** NEA2 */ 137 public static final int SECURITY_ALGORITHM_NEA2 = 57; 138 /** NEA3 */ 139 public static final int SECURITY_ALGORITHM_NEA3 = 58; 140 /* IMS and SIP layer security (See 3GPP TS 33.203) */ 141 /** No IPsec config */ 142 public static final int SECURITY_ALGORITHM_SIP_NO_IPSEC_CONFIG = 66; 143 /** No IMS security, recommended to use SIP_NO_IPSEC_CONFIG and SIP_NULL instead */ 144 public static final int SECURITY_ALGORITHM_IMS_NULL = 67; 145 /* IPSEC is present */ 146 /** SIP security is not enabled */ 147 public static final int SECURITY_ALGORITHM_SIP_NULL = 68; 148 /** AES GCM mode */ 149 public static final int SECURITY_ALGORITHM_AES_GCM = 69; 150 /** AES GMAC mode */ 151 public static final int SECURITY_ALGORITHM_AES_GMAC = 70; 152 /** AES CBC mode */ 153 public static final int SECURITY_ALGORITHM_AES_CBC = 71; 154 /** DES EDE3 CBC mode */ 155 public static final int SECURITY_ALGORITHM_DES_EDE3_CBC = 72; 156 /** AES EDE3 CBC mode */ 157 public static final int SECURITY_ALGORITHM_AES_EDE3_CBC = 73; 158 /** HMAC SHA1 96 */ 159 public static final int SECURITY_ALGORITHM_HMAC_SHA1_96 = 74; 160 /** HMAC MD5 96 */ 161 public static final int SECURITY_ALGORITHM_HMAC_MD5_96 = 75; 162 /* RTP and SRTP (see 3GPP TS 33.328) */ 163 /** RTP only, SRTP is not being used */ 164 public static final int SECURITY_ALGORITHM_RTP = 85; 165 /* When SRTP is available and used */ 166 /** SRTP with null ciphering */ 167 public static final int SECURITY_ALGORITHM_SRTP_NULL = 86; 168 /** SRTP with AES counter mode */ 169 public static final int SECURITY_ALGORITHM_SRTP_AES_COUNTER = 87; 170 /** SRTP with AES F8 mode */ 171 public static final int SECURITY_ALGORITHM_SRTP_AES_F8 = 88; 172 /** SRTP with HMAC SHA1 */ 173 public static final int SECURITY_ALGORITHM_SRTP_HMAC_SHA1 = 89; 174 /* Ciphers for ePDG (3GPP TS 33.402) */ 175 /** ePDG encryption - AES GCM mode */ 176 public static final int SECURITY_ALGORITHM_ENCR_AES_GCM_16 = 99; 177 /** ePDG encryption - AES GCM CBC mode */ 178 public static final int SECURITY_ALGORITHM_ENCR_AES_CBC = 100; 179 /** ePDG authentication - HMAC SHA1 256 128 */ 180 public static final int SECURITY_ALGORITHM_AUTH_HMAC_SHA2_256_128 = 101; 181 /** Unknown */ 182 public static final int SECURITY_ALGORITHM_UNKNOWN = 113; 183 /** Other */ 184 public static final int SECURITY_ALGORITHM_OTHER = 114; 185 /** Proprietary algorithms */ 186 public static final int SECURITY_ALGORITHM_ORYX = 124; 187 188 /** @hide */ 189 @Retention(RetentionPolicy.SOURCE) 190 @IntDef(prefix = {"CONNECTION_EVENT_"}, value = {SECURITY_ALGORITHM_A50, SECURITY_ALGORITHM_A51, 191 SECURITY_ALGORITHM_A52, SECURITY_ALGORITHM_A53, 192 SECURITY_ALGORITHM_A54, SECURITY_ALGORITHM_GEA0, SECURITY_ALGORITHM_GEA1, 193 SECURITY_ALGORITHM_GEA2, SECURITY_ALGORITHM_GEA3, SECURITY_ALGORITHM_GEA4, 194 SECURITY_ALGORITHM_GEA5, SECURITY_ALGORITHM_UEA0, SECURITY_ALGORITHM_UEA1, 195 SECURITY_ALGORITHM_UEA2, SECURITY_ALGORITHM_EEA0, SECURITY_ALGORITHM_EEA1, 196 SECURITY_ALGORITHM_EEA2, SECURITY_ALGORITHM_EEA3, SECURITY_ALGORITHM_NEA0, 197 SECURITY_ALGORITHM_NEA1, SECURITY_ALGORITHM_NEA2, SECURITY_ALGORITHM_NEA3, 198 SECURITY_ALGORITHM_SIP_NO_IPSEC_CONFIG, SECURITY_ALGORITHM_IMS_NULL, 199 SECURITY_ALGORITHM_SIP_NULL, SECURITY_ALGORITHM_AES_GCM, 200 SECURITY_ALGORITHM_AES_GMAC, SECURITY_ALGORITHM_AES_CBC, 201 SECURITY_ALGORITHM_DES_EDE3_CBC, SECURITY_ALGORITHM_AES_EDE3_CBC, 202 SECURITY_ALGORITHM_HMAC_SHA1_96, SECURITY_ALGORITHM_HMAC_MD5_96, 203 SECURITY_ALGORITHM_RTP, SECURITY_ALGORITHM_SRTP_NULL, 204 SECURITY_ALGORITHM_SRTP_AES_COUNTER, SECURITY_ALGORITHM_SRTP_AES_F8, 205 SECURITY_ALGORITHM_SRTP_HMAC_SHA1, SECURITY_ALGORITHM_ENCR_AES_GCM_16, 206 SECURITY_ALGORITHM_ENCR_AES_CBC, SECURITY_ALGORITHM_AUTH_HMAC_SHA2_256_128, 207 SECURITY_ALGORITHM_UNKNOWN, SECURITY_ALGORITHM_OTHER, SECURITY_ALGORITHM_ORYX}) 208 public @interface SecurityAlgorithm { 209 } 210 211 private @ConnectionEvent int mConnectionEvent; 212 private @SecurityAlgorithm int mEncryption; 213 private @SecurityAlgorithm int mIntegrity; 214 private boolean mIsUnprotectedEmergency; 215 216 /** 217 * Constructor for new SecurityAlgorithmUpdate instances. 218 * 219 * @hide 220 */ 221 @TestApi SecurityAlgorithmUpdate(@onnectionEvent int connectionEvent, @SecurityAlgorithm int encryption, @SecurityAlgorithm int integrity, boolean isUnprotectedEmergency)222 public SecurityAlgorithmUpdate(@ConnectionEvent int connectionEvent, 223 @SecurityAlgorithm int encryption, @SecurityAlgorithm int integrity, 224 boolean isUnprotectedEmergency) { 225 mConnectionEvent = connectionEvent; 226 mEncryption = encryption; 227 mIntegrity = integrity; 228 mIsUnprotectedEmergency = isUnprotectedEmergency; 229 } 230 SecurityAlgorithmUpdate(Parcel in)231 private SecurityAlgorithmUpdate(Parcel in) { 232 readFromParcel(in); 233 } 234 235 /** 236 * @return the connection event. 237 */ getConnectionEvent()238 public @ConnectionEvent int getConnectionEvent() { 239 return mConnectionEvent; 240 } 241 242 /** 243 * @return the encryption algorithm. 244 */ getEncryption()245 public @SecurityAlgorithm int getEncryption() { 246 return mEncryption; 247 } 248 249 /** 250 * @return the integrity algorithm. 251 */ getIntegrity()252 public @SecurityAlgorithm int getIntegrity() { 253 return mIntegrity; 254 } 255 256 /** 257 * @return if the security algorithm update is associated with an unprotected emergency call. 258 */ isUnprotectedEmergency()259 public boolean isUnprotectedEmergency() { 260 return mIsUnprotectedEmergency; 261 } 262 263 @Override describeContents()264 public int describeContents() { 265 return 0; 266 } 267 268 @Override writeToParcel(@onNull Parcel out, int flags)269 public void writeToParcel(@NonNull Parcel out, int flags) { 270 out.writeInt(mConnectionEvent); 271 out.writeInt(mEncryption); 272 out.writeInt(mIntegrity); 273 out.writeBoolean(mIsUnprotectedEmergency); 274 } 275 readFromParcel(@onNull Parcel in)276 private void readFromParcel(@NonNull Parcel in) { 277 mConnectionEvent = in.readInt(); 278 mEncryption = in.readInt(); 279 mIntegrity = in.readInt(); 280 mIsUnprotectedEmergency = in.readBoolean(); 281 } 282 283 public static final @NonNull Parcelable.Creator<SecurityAlgorithmUpdate> CREATOR = 284 new Parcelable.Creator<SecurityAlgorithmUpdate>() { 285 public SecurityAlgorithmUpdate createFromParcel(Parcel in) { 286 return new SecurityAlgorithmUpdate(in); 287 } 288 289 public SecurityAlgorithmUpdate[] newArray(int size) { 290 return new SecurityAlgorithmUpdate[size]; 291 } 292 }; 293 294 @Override toString()295 public String toString() { 296 return TAG + ":{ mConnectionEvent = " + mConnectionEvent + " mEncryption = " + mEncryption 297 + " mIntegrity = " + mIntegrity + " mIsUnprotectedEmergency = " 298 + mIsUnprotectedEmergency; 299 } 300 301 @Override equals(Object o)302 public boolean equals(Object o) { 303 if (this == o) return true; 304 if (!(o instanceof SecurityAlgorithmUpdate)) return false; 305 SecurityAlgorithmUpdate that = (SecurityAlgorithmUpdate) o; 306 return mConnectionEvent == that.mConnectionEvent 307 && mEncryption == that.mEncryption 308 && mIntegrity == that.mIntegrity 309 && mIsUnprotectedEmergency == that.mIsUnprotectedEmergency; 310 } 311 312 @Override hashCode()313 public int hashCode() { 314 return Objects.hash(mConnectionEvent, mEncryption, mIntegrity, mIsUnprotectedEmergency); 315 } 316 } 317