1330e1089da80cddcd68758512370d217b19f8890Nathan Harold/* 2330e1089da80cddcd68758512370d217b19f8890Nathan Harold * Copyright (C) 2017 The Android Open Source Project 3330e1089da80cddcd68758512370d217b19f8890Nathan Harold * 4330e1089da80cddcd68758512370d217b19f8890Nathan Harold * Licensed under the Apache License, Version 2.0 (the "License"); 5330e1089da80cddcd68758512370d217b19f8890Nathan Harold * you may not use this file except in compliance with the License. 6330e1089da80cddcd68758512370d217b19f8890Nathan Harold * You may obtain a copy of the License at 7330e1089da80cddcd68758512370d217b19f8890Nathan Harold * 8330e1089da80cddcd68758512370d217b19f8890Nathan Harold * http://www.apache.org/licenses/LICENSE-2.0 9330e1089da80cddcd68758512370d217b19f8890Nathan Harold * 10330e1089da80cddcd68758512370d217b19f8890Nathan Harold * Unless required by applicable law or agreed to in writing, software 11330e1089da80cddcd68758512370d217b19f8890Nathan Harold * distributed under the License is distributed on an "AS IS" BASIS, 12330e1089da80cddcd68758512370d217b19f8890Nathan Harold * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13330e1089da80cddcd68758512370d217b19f8890Nathan Harold * See the License for the specific language governing permissions and 14330e1089da80cddcd68758512370d217b19f8890Nathan Harold * limitations under the License. 15330e1089da80cddcd68758512370d217b19f8890Nathan Harold */ 16330e1089da80cddcd68758512370d217b19f8890Nathan Haroldpackage android.net; 17330e1089da80cddcd68758512370d217b19f8890Nathan Harold 18330e1089da80cddcd68758512370d217b19f8890Nathan Haroldimport android.annotation.StringDef; 19330e1089da80cddcd68758512370d217b19f8890Nathan Haroldimport android.os.Parcel; 20330e1089da80cddcd68758512370d217b19f8890Nathan Haroldimport android.os.Parcelable; 21330e1089da80cddcd68758512370d217b19f8890Nathan Haroldimport java.lang.annotation.Retention; 22330e1089da80cddcd68758512370d217b19f8890Nathan Haroldimport java.lang.annotation.RetentionPolicy; 23330e1089da80cddcd68758512370d217b19f8890Nathan Harold 24330e1089da80cddcd68758512370d217b19f8890Nathan Harold/** 25330e1089da80cddcd68758512370d217b19f8890Nathan Harold * IpSecAlgorithm specifies a single algorithm that can be applied to an IpSec Transform. Refer to 26330e1089da80cddcd68758512370d217b19f8890Nathan Harold * RFC 4301. 27bd62d6aff264b8e8ce4a06ca6417e69bcca3006bNathan Harold * 28bd62d6aff264b8e8ce4a06ca6417e69bcca3006bNathan Harold * @hide 29330e1089da80cddcd68758512370d217b19f8890Nathan Harold */ 30330e1089da80cddcd68758512370d217b19f8890Nathan Haroldpublic final class IpSecAlgorithm implements Parcelable { 31330e1089da80cddcd68758512370d217b19f8890Nathan Harold 32330e1089da80cddcd68758512370d217b19f8890Nathan Harold /** 33330e1089da80cddcd68758512370d217b19f8890Nathan Harold * AES-CBC Encryption/Ciphering Algorithm. 34330e1089da80cddcd68758512370d217b19f8890Nathan Harold * 35330e1089da80cddcd68758512370d217b19f8890Nathan Harold * <p>Valid lengths for this key are {128, 192, 256}. 36330e1089da80cddcd68758512370d217b19f8890Nathan Harold */ 375ad768c3b75c5dcc8e8aa90ee27f2beb7fe9590aNathan Harold public static final String CRYPT_AES_CBC = "cbc(aes)"; 38330e1089da80cddcd68758512370d217b19f8890Nathan Harold 39330e1089da80cddcd68758512370d217b19f8890Nathan Harold /** 40330e1089da80cddcd68758512370d217b19f8890Nathan Harold * MD5 HMAC Authentication/Integrity Algorithm. This algorithm is not recommended for use in new 41330e1089da80cddcd68758512370d217b19f8890Nathan Harold * applications and is provided for legacy compatibility with 3gpp infrastructure. 42330e1089da80cddcd68758512370d217b19f8890Nathan Harold * 43330e1089da80cddcd68758512370d217b19f8890Nathan Harold * <p>Valid truncation lengths are multiples of 8 bits from 96 to (default) 128. 44330e1089da80cddcd68758512370d217b19f8890Nathan Harold */ 455ad768c3b75c5dcc8e8aa90ee27f2beb7fe9590aNathan Harold public static final String AUTH_HMAC_MD5 = "hmac(md5)"; 46330e1089da80cddcd68758512370d217b19f8890Nathan Harold 47330e1089da80cddcd68758512370d217b19f8890Nathan Harold /** 48330e1089da80cddcd68758512370d217b19f8890Nathan Harold * SHA1 HMAC Authentication/Integrity Algorithm. This algorithm is not recommended for use in 49330e1089da80cddcd68758512370d217b19f8890Nathan Harold * new applications and is provided for legacy compatibility with 3gpp infrastructure. 50330e1089da80cddcd68758512370d217b19f8890Nathan Harold * 51330e1089da80cddcd68758512370d217b19f8890Nathan Harold * <p>Valid truncation lengths are multiples of 8 bits from 96 to (default) 160. 52330e1089da80cddcd68758512370d217b19f8890Nathan Harold */ 535ad768c3b75c5dcc8e8aa90ee27f2beb7fe9590aNathan Harold public static final String AUTH_HMAC_SHA1 = "hmac(sha1)"; 54330e1089da80cddcd68758512370d217b19f8890Nathan Harold 55330e1089da80cddcd68758512370d217b19f8890Nathan Harold /** 56330e1089da80cddcd68758512370d217b19f8890Nathan Harold * SHA256 HMAC Authentication/Integrity Algorithm. 57330e1089da80cddcd68758512370d217b19f8890Nathan Harold * 58330e1089da80cddcd68758512370d217b19f8890Nathan Harold * <p>Valid truncation lengths are multiples of 8 bits from 96 to (default) 256. 59330e1089da80cddcd68758512370d217b19f8890Nathan Harold */ 605ad768c3b75c5dcc8e8aa90ee27f2beb7fe9590aNathan Harold public static final String AUTH_HMAC_SHA256 = "hmac(sha256)"; 61330e1089da80cddcd68758512370d217b19f8890Nathan Harold 62330e1089da80cddcd68758512370d217b19f8890Nathan Harold /** 63330e1089da80cddcd68758512370d217b19f8890Nathan Harold * SHA384 HMAC Authentication/Integrity Algorithm. 64330e1089da80cddcd68758512370d217b19f8890Nathan Harold * 65330e1089da80cddcd68758512370d217b19f8890Nathan Harold * <p>Valid truncation lengths are multiples of 8 bits from 192 to (default) 384. 66330e1089da80cddcd68758512370d217b19f8890Nathan Harold */ 675ad768c3b75c5dcc8e8aa90ee27f2beb7fe9590aNathan Harold public static final String AUTH_HMAC_SHA384 = "hmac(sha384)"; 68330e1089da80cddcd68758512370d217b19f8890Nathan Harold /** 69330e1089da80cddcd68758512370d217b19f8890Nathan Harold * SHA512 HMAC Authentication/Integrity Algorithm 70330e1089da80cddcd68758512370d217b19f8890Nathan Harold * 71330e1089da80cddcd68758512370d217b19f8890Nathan Harold * <p>Valid truncation lengths are multiples of 8 bits from 256 to (default) 512. 72330e1089da80cddcd68758512370d217b19f8890Nathan Harold */ 735ad768c3b75c5dcc8e8aa90ee27f2beb7fe9590aNathan Harold public static final String AUTH_HMAC_SHA512 = "hmac(sha512)"; 74330e1089da80cddcd68758512370d217b19f8890Nathan Harold 75330e1089da80cddcd68758512370d217b19f8890Nathan Harold /** @hide */ 76330e1089da80cddcd68758512370d217b19f8890Nathan Harold @StringDef({ 775ad768c3b75c5dcc8e8aa90ee27f2beb7fe9590aNathan Harold CRYPT_AES_CBC, 785ad768c3b75c5dcc8e8aa90ee27f2beb7fe9590aNathan Harold AUTH_HMAC_MD5, 795ad768c3b75c5dcc8e8aa90ee27f2beb7fe9590aNathan Harold AUTH_HMAC_SHA1, 805ad768c3b75c5dcc8e8aa90ee27f2beb7fe9590aNathan Harold AUTH_HMAC_SHA256, 815ad768c3b75c5dcc8e8aa90ee27f2beb7fe9590aNathan Harold AUTH_HMAC_SHA512 82330e1089da80cddcd68758512370d217b19f8890Nathan Harold }) 83330e1089da80cddcd68758512370d217b19f8890Nathan Harold @Retention(RetentionPolicy.SOURCE) 84330e1089da80cddcd68758512370d217b19f8890Nathan Harold public @interface AlgorithmName {} 85330e1089da80cddcd68758512370d217b19f8890Nathan Harold 86330e1089da80cddcd68758512370d217b19f8890Nathan Harold private final String mName; 87330e1089da80cddcd68758512370d217b19f8890Nathan Harold private final byte[] mKey; 88330e1089da80cddcd68758512370d217b19f8890Nathan Harold private final int mTruncLenBits; 89330e1089da80cddcd68758512370d217b19f8890Nathan Harold 90330e1089da80cddcd68758512370d217b19f8890Nathan Harold /** 91330e1089da80cddcd68758512370d217b19f8890Nathan Harold * Specify a IpSecAlgorithm of one of the supported types including the truncation length of the 92330e1089da80cddcd68758512370d217b19f8890Nathan Harold * algorithm 93330e1089da80cddcd68758512370d217b19f8890Nathan Harold * 94330e1089da80cddcd68758512370d217b19f8890Nathan Harold * @param algorithm type for IpSec. 95330e1089da80cddcd68758512370d217b19f8890Nathan Harold * @param key non-null Key padded to a multiple of 8 bits. 96330e1089da80cddcd68758512370d217b19f8890Nathan Harold */ 97330e1089da80cddcd68758512370d217b19f8890Nathan Harold public IpSecAlgorithm(String algorithm, byte[] key) { 98330e1089da80cddcd68758512370d217b19f8890Nathan Harold this(algorithm, key, key.length * 8); 99330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 100330e1089da80cddcd68758512370d217b19f8890Nathan Harold 101330e1089da80cddcd68758512370d217b19f8890Nathan Harold /** 102330e1089da80cddcd68758512370d217b19f8890Nathan Harold * Specify a IpSecAlgorithm of one of the supported types including the truncation length of the 103330e1089da80cddcd68758512370d217b19f8890Nathan Harold * algorithm 104330e1089da80cddcd68758512370d217b19f8890Nathan Harold * 105330e1089da80cddcd68758512370d217b19f8890Nathan Harold * @param algoName precise name of the algorithm to be used. 106330e1089da80cddcd68758512370d217b19f8890Nathan Harold * @param key non-null Key padded to a multiple of 8 bits. 107330e1089da80cddcd68758512370d217b19f8890Nathan Harold * @param truncLenBits the number of bits of output hash to use; only meaningful for 108330e1089da80cddcd68758512370d217b19f8890Nathan Harold * Authentication. 109330e1089da80cddcd68758512370d217b19f8890Nathan Harold */ 110330e1089da80cddcd68758512370d217b19f8890Nathan Harold public IpSecAlgorithm(@AlgorithmName String algoName, byte[] key, int truncLenBits) { 111330e1089da80cddcd68758512370d217b19f8890Nathan Harold if (!isTruncationLengthValid(algoName, truncLenBits)) { 112330e1089da80cddcd68758512370d217b19f8890Nathan Harold throw new IllegalArgumentException("Unknown algorithm or invalid length"); 113330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 114330e1089da80cddcd68758512370d217b19f8890Nathan Harold mName = algoName; 115330e1089da80cddcd68758512370d217b19f8890Nathan Harold mKey = key.clone(); 116330e1089da80cddcd68758512370d217b19f8890Nathan Harold mTruncLenBits = Math.min(truncLenBits, key.length * 8); 117330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 118330e1089da80cddcd68758512370d217b19f8890Nathan Harold 119330e1089da80cddcd68758512370d217b19f8890Nathan Harold /** Retrieve the algorithm name */ 120330e1089da80cddcd68758512370d217b19f8890Nathan Harold public String getName() { 121330e1089da80cddcd68758512370d217b19f8890Nathan Harold return mName; 122330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 123330e1089da80cddcd68758512370d217b19f8890Nathan Harold 124330e1089da80cddcd68758512370d217b19f8890Nathan Harold /** Retrieve the key for this algorithm */ 125330e1089da80cddcd68758512370d217b19f8890Nathan Harold public byte[] getKey() { 126330e1089da80cddcd68758512370d217b19f8890Nathan Harold return mKey.clone(); 127330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 128330e1089da80cddcd68758512370d217b19f8890Nathan Harold 129330e1089da80cddcd68758512370d217b19f8890Nathan Harold /** 130330e1089da80cddcd68758512370d217b19f8890Nathan Harold * Retrieve the truncation length, in bits, for the key in this algo. By default this will be 131330e1089da80cddcd68758512370d217b19f8890Nathan Harold * the length in bits of the key. 132330e1089da80cddcd68758512370d217b19f8890Nathan Harold */ 133330e1089da80cddcd68758512370d217b19f8890Nathan Harold public int getTruncationLengthBits() { 134330e1089da80cddcd68758512370d217b19f8890Nathan Harold return mTruncLenBits; 135330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 136330e1089da80cddcd68758512370d217b19f8890Nathan Harold 137330e1089da80cddcd68758512370d217b19f8890Nathan Harold /* Parcelable Implementation */ 138330e1089da80cddcd68758512370d217b19f8890Nathan Harold public int describeContents() { 139330e1089da80cddcd68758512370d217b19f8890Nathan Harold return 0; 140330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 141330e1089da80cddcd68758512370d217b19f8890Nathan Harold 142330e1089da80cddcd68758512370d217b19f8890Nathan Harold /** Write to parcel */ 143330e1089da80cddcd68758512370d217b19f8890Nathan Harold public void writeToParcel(Parcel out, int flags) { 144330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeString(mName); 145330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeByteArray(mKey); 146330e1089da80cddcd68758512370d217b19f8890Nathan Harold out.writeInt(mTruncLenBits); 147330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 148330e1089da80cddcd68758512370d217b19f8890Nathan Harold 149330e1089da80cddcd68758512370d217b19f8890Nathan Harold /** Parcelable Creator */ 150330e1089da80cddcd68758512370d217b19f8890Nathan Harold public static final Parcelable.Creator<IpSecAlgorithm> CREATOR = 151330e1089da80cddcd68758512370d217b19f8890Nathan Harold new Parcelable.Creator<IpSecAlgorithm>() { 152330e1089da80cddcd68758512370d217b19f8890Nathan Harold public IpSecAlgorithm createFromParcel(Parcel in) { 153330e1089da80cddcd68758512370d217b19f8890Nathan Harold return new IpSecAlgorithm(in); 154330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 155330e1089da80cddcd68758512370d217b19f8890Nathan Harold 156330e1089da80cddcd68758512370d217b19f8890Nathan Harold public IpSecAlgorithm[] newArray(int size) { 157330e1089da80cddcd68758512370d217b19f8890Nathan Harold return new IpSecAlgorithm[size]; 158330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 159330e1089da80cddcd68758512370d217b19f8890Nathan Harold }; 160330e1089da80cddcd68758512370d217b19f8890Nathan Harold 161330e1089da80cddcd68758512370d217b19f8890Nathan Harold private IpSecAlgorithm(Parcel in) { 162330e1089da80cddcd68758512370d217b19f8890Nathan Harold mName = in.readString(); 163330e1089da80cddcd68758512370d217b19f8890Nathan Harold mKey = in.createByteArray(); 164330e1089da80cddcd68758512370d217b19f8890Nathan Harold mTruncLenBits = in.readInt(); 165330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 166330e1089da80cddcd68758512370d217b19f8890Nathan Harold 167330e1089da80cddcd68758512370d217b19f8890Nathan Harold private static boolean isTruncationLengthValid(String algo, int truncLenBits) { 168330e1089da80cddcd68758512370d217b19f8890Nathan Harold switch (algo) { 1695ad768c3b75c5dcc8e8aa90ee27f2beb7fe9590aNathan Harold case CRYPT_AES_CBC: 170f1dad26972dceac86edfc42bc87753b7ad8ad54fNathan Harold return (truncLenBits == 128 || truncLenBits == 192 || truncLenBits == 256); 1715ad768c3b75c5dcc8e8aa90ee27f2beb7fe9590aNathan Harold case AUTH_HMAC_MD5: 172330e1089da80cddcd68758512370d217b19f8890Nathan Harold return (truncLenBits >= 96 && truncLenBits <= 128); 1735ad768c3b75c5dcc8e8aa90ee27f2beb7fe9590aNathan Harold case AUTH_HMAC_SHA1: 174330e1089da80cddcd68758512370d217b19f8890Nathan Harold return (truncLenBits >= 96 && truncLenBits <= 160); 1755ad768c3b75c5dcc8e8aa90ee27f2beb7fe9590aNathan Harold case AUTH_HMAC_SHA256: 176330e1089da80cddcd68758512370d217b19f8890Nathan Harold return (truncLenBits >= 96 && truncLenBits <= 256); 1775ad768c3b75c5dcc8e8aa90ee27f2beb7fe9590aNathan Harold case AUTH_HMAC_SHA384: 178330e1089da80cddcd68758512370d217b19f8890Nathan Harold return (truncLenBits >= 192 && truncLenBits <= 384); 1795ad768c3b75c5dcc8e8aa90ee27f2beb7fe9590aNathan Harold case AUTH_HMAC_SHA512: 180330e1089da80cddcd68758512370d217b19f8890Nathan Harold return (truncLenBits >= 256 && truncLenBits <= 512); 181330e1089da80cddcd68758512370d217b19f8890Nathan Harold default: 182330e1089da80cddcd68758512370d217b19f8890Nathan Harold return false; 183330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 184330e1089da80cddcd68758512370d217b19f8890Nathan Harold } 185330e1089da80cddcd68758512370d217b19f8890Nathan Harold}; 186