Added in API level 28

IpSecAlgorithm

Kotlin |Java

public final class IpSecAlgorithm
extends Object implements Parcelable

java.lang.Object
↳	android.net.IpSecAlgorithm

This class represents a single algorithm that can be used by an IpSecTransform.

See also:

RFC 4301, Security Architecture for the Internet Protocol

Summary

Constants
`String`	`AUTH_AES_CMAC` AES-CMAC Authentication/Integrity Algorithm.
`String`	`AUTH_AES_XCBC` AES-XCBC Authentication/Integrity Algorithm.
`String`	`AUTH_CRYPT_AES_GCM` AES-GCM Authentication/Integrity + Encryption/Ciphering Algorithm.
`String`	`AUTH_CRYPT_CHACHA20_POLY1305` ChaCha20-Poly1305 Authentication/Integrity + Encryption/Ciphering Algorithm.
`String`	`AUTH_HMAC_MD5` MD5 HMAC Authentication/Integrity Algorithm.
`String`	`AUTH_HMAC_SHA1` SHA1 HMAC Authentication/Integrity Algorithm.
`String`	`AUTH_HMAC_SHA256` SHA256 HMAC Authentication/Integrity Algorithm.
`String`	`AUTH_HMAC_SHA384` SHA384 HMAC Authentication/Integrity Algorithm.
`String`	`AUTH_HMAC_SHA512` SHA512 HMAC Authentication/Integrity Algorithm.
`String`	`CRYPT_AES_CBC` AES-CBC Encryption/Ciphering Algorithm.
`String`	`CRYPT_AES_CTR` AES-CTR Encryption/Ciphering Algorithm.

Inherited constants

From interface android.os.Parcelable

`int`	`CONTENTS_FILE_DESCRIPTOR` Descriptor bit used with `describeContents()`: indicates that the Parcelable object's flattened representation includes a file descriptor.
`int`	`PARCELABLE_WRITE_RETURN_VALUE` Flag for use with `writeToParcel(Parcel, int)`: the object being written is a return value, that is the result of a function such as "`Parcelable someFunction()`", "`void someFunction(out Parcelable)`", or "`void someFunction(inout Parcelable)`".

Fields
`public static final Creator<IpSecAlgorithm>`	`CREATOR` Parcelable Creator

Public constructors
`IpSecAlgorithm(String algorithm, byte[] key)` Creates an IpSecAlgorithm of one of the supported types.
`IpSecAlgorithm(String algorithm, byte[] key, int truncLenBits)` Creates an IpSecAlgorithm of one of the supported types.

Public methods
`int`	`describeContents()` Parcelable Implementation
`byte[]`	`getKey()` Get the key for this algorithm
`String`	`getName()` Get the algorithm name
`static Set<String>`	`getSupportedAlgorithms()` Returns supported IPsec algorithms for the current device.
`int`	`getTruncationLengthBits()` Get the truncation length of this algorithm, in bits
`String`	`toString()` Returns a string representation of the object.
`void`	`writeToParcel(Parcel out, int flags)` Write to parcel

Inherited methods

From class


        
          java.lang.Object

`Object`	`clone()` Creates and returns a copy of this object.
`boolean`	`equals(Object obj)` Indicates whether some other object is "equal to" this one.
`void`	`finalize()` Called by the garbage collector on an object when garbage collection determines that there are no more references to the object.
`final Class<?>`	`getClass()` Returns the runtime class of this `Object`.
`int`	`hashCode()` Returns a hash code value for the object.
`final void`	`notify()` Wakes up a single thread that is waiting on this object's monitor.
`final void`	`notifyAll()` Wakes up all threads that are waiting on this object's monitor.
`String`	`toString()` Returns a string representation of the object.
`final void`	`wait(long timeoutMillis, int nanos)` Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.
`final void`	`wait(long timeoutMillis)` Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.
`final void`	`wait()` Causes the current thread to wait until it is awakened, typically by being notified or interrupted.

From interface


        
          android.os.Parcelable

`abstract int`	`describeContents()` Describe the kinds of special objects contained in this Parcelable instance's marshaled representation.
`abstract void`	`writeToParcel(Parcel dest, int flags)` Flatten this object in to a Parcel.

Constants

AUTH_AES_CMAC

Added in API level 31

public static final String AUTH_AES_CMAC

AES-CMAC Authentication/Integrity Algorithm.

Keys for this algorithm must be 128 bits in length.

The only valid truncation length is 96 bits.

This algorithm may be available on the device. Caller MUST check if it is supported before using it by calling getSupportedAlgorithms() and checking if this algorithm is included in the returned algorithm set. The returned algorithm set will not change unless the device is rebooted. IllegalArgumentException will be thrown if this algorithm is requested on an unsupported device.

@see getSupportedAlgorithms()

Constant Value: "cmac(aes)"

AUTH_AES_XCBC

Added in API level 31

public static final String AUTH_AES_XCBC

AES-XCBC Authentication/Integrity Algorithm.

Keys for this algorithm must be 128 bits in length.

The only valid truncation length is 96 bits.

@see getSupportedAlgorithms()

Constant Value: "xcbc(aes)"

AUTH_CRYPT_AES_GCM

Added in API level 28

public static final String AUTH_CRYPT_AES_GCM

AES-GCM Authentication/Integrity + Encryption/Ciphering Algorithm.

Valid lengths for keying material are {160, 224, 288}.

As per RFC4106 (Section 8.1), keying material consists of a 128, 192, or 256 bit AES key followed by a 32-bit salt. RFC compliance requires that the salt must be unique per invocation with the same key.

Valid ICV (truncation) lengths are {64, 96, 128}.

Constant Value: "rfc4106(gcm(aes))"

AUTH_CRYPT_CHACHA20_POLY1305

Added in API level 31

public static final String AUTH_CRYPT_CHACHA20_POLY1305

ChaCha20-Poly1305 Authentication/Integrity + Encryption/Ciphering Algorithm.

Keys for this algorithm must be 288 bits in length.

As per RFC7634 (Section 2), keying material consists of a 256 bit key followed by a 32-bit salt. The salt is fixed per security association.

The only valid ICV (truncation) length is 128 bits.

@see getSupportedAlgorithms()

Constant Value: "rfc7539esp(chacha20,poly1305)"

AUTH_HMAC_MD5

Added in API level 28

public static final String AUTH_HMAC_MD5

MD5 HMAC Authentication/Integrity Algorithm. This algorithm is not recommended for use in new applications and is provided for legacy compatibility with 3gpp infrastructure.

Keys for this algorithm must be 128 bits in length.

Valid truncation lengths are multiples of 8 bits from 96 to 128.

Constant Value: "hmac(md5)"

AUTH_HMAC_SHA1

Added in API level 28

public static final String AUTH_HMAC_SHA1

SHA1 HMAC Authentication/Integrity Algorithm. This algorithm is not recommended for use in new applications and is provided for legacy compatibility with 3gpp infrastructure.

Keys for this algorithm must be 160 bits in length.

Valid truncation lengths are multiples of 8 bits from 96 to 160.

Constant Value: "hmac(sha1)"

AUTH_HMAC_SHA256

Added in API level 28

public static final String AUTH_HMAC_SHA256

SHA256 HMAC Authentication/Integrity Algorithm.

Keys for this algorithm must be 256 bits in length.

Valid truncation lengths are multiples of 8 bits from 96 to 256.

Constant Value: "hmac(sha256)"

AUTH_HMAC_SHA384

Added in API level 28

public static final String AUTH_HMAC_SHA384

SHA384 HMAC Authentication/Integrity Algorithm.

Keys for this algorithm must be 384 bits in length.

Valid truncation lengths are multiples of 8 bits from 192 to 384.

Constant Value: "hmac(sha384)"

AUTH_HMAC_SHA512

Added in API level 28

public static final String AUTH_HMAC_SHA512

SHA512 HMAC Authentication/Integrity Algorithm.

Keys for this algorithm must be 512 bits in length.

Valid truncation lengths are multiples of 8 bits from 256 to 512.

Constant Value: "hmac(sha512)"

CRYPT_AES_CBC

Added in API level 28

public static final String CRYPT_AES_CBC

AES-CBC Encryption/Ciphering Algorithm.

Valid lengths for this key are {128, 192, 256}.

Constant Value: "cbc(aes)"

CRYPT_AES_CTR

Added in API level 31

public static final String CRYPT_AES_CTR

AES-CTR Encryption/Ciphering Algorithm.

Valid lengths for keying material are {160, 224, 288}.

As per RFC3686 (Section 5.1), keying material consists of a 128, 192, or 256 bit AES key followed by a 32-bit nonce. RFC compliance requires that the nonce must be unique per security association.

@see getSupportedAlgorithms()

Constant Value: "rfc3686(ctr(aes))"

Fields

CREATOR

Added in API level 28

public static final Creator<IpSecAlgorithm> CREATOR

Parcelable Creator

Public constructors

IpSecAlgorithm

Added in API level 28

public IpSecAlgorithm (String algorithm, 
                byte[] key)

Creates an IpSecAlgorithm of one of the supported types. Supported algorithm names are defined as constants in this class.

For algorithms that produce an integrity check value, the truncation length is a required parameter. See IpSecAlgorithm(java.lang.String, byte[], int)

Parameters
`algorithm`	`String`: name of the algorithm. This value cannot be `null`. Value is `CRYPT_AES_CBC`, `CRYPT_AES_CTR`, `AUTH_HMAC_MD5`, `AUTH_HMAC_SHA1`, `AUTH_HMAC_SHA256`, `AUTH_HMAC_SHA384`, `AUTH_HMAC_SHA512`, `AUTH_AES_XCBC`, `AUTH_AES_CMAC`, `AUTH_CRYPT_AES_GCM`, or `AUTH_CRYPT_CHACHA20_POLY1305`
`key`	`byte`: key padded to a multiple of 8 bits. This value cannot be `null`.

Throws
`IllegalArgumentException`	if algorithm or key length is invalid.

IpSecAlgorithm

Added in API level 28

public IpSecAlgorithm (String algorithm, 
                byte[] key, 
                int truncLenBits)

Creates an IpSecAlgorithm of one of the supported types. Supported algorithm names are defined as constants in this class.

This constructor only supports algorithms that use a truncation length. i.e. Authentication and Authenticated Encryption algorithms.

Parameters
`algorithm`	`String`: name of the algorithm. This value cannot be `null`. Value is `CRYPT_AES_CBC`, `CRYPT_AES_CTR`, `AUTH_HMAC_MD5`, `AUTH_HMAC_SHA1`, `AUTH_HMAC_SHA256`, `AUTH_HMAC_SHA384`, `AUTH_HMAC_SHA512`, `AUTH_AES_XCBC`, `AUTH_AES_CMAC`, `AUTH_CRYPT_AES_GCM`, or `AUTH_CRYPT_CHACHA20_POLY1305`
`key`	`byte`: key padded to a multiple of 8 bits. This value cannot be `null`.
`truncLenBits`	`int`: number of bits of output hash to use.

Throws
`IllegalArgumentException`	if algorithm, key length or truncation length is invalid.

Public methods

describeContents

Added in API level 28

public int describeContents ()

Parcelable Implementation

Returns
`int`	a bitmask indicating the set of special object types marshaled by this Parcelable object instance. Value is either `0` or `CONTENTS_FILE_DESCRIPTOR`

getKey

Added in API level 28

public byte[] getKey ()

Get the key for this algorithm

Returns
`byte[]`	This value cannot be `null`.

getName

Added in API level 28

public String getName ()

Get the algorithm name

Returns
`String`	This value cannot be `null`.

getSupportedAlgorithms

Added in API level 31

public static Set<String> getSupportedAlgorithms ()

Returns supported IPsec algorithms for the current device.

Some algorithms may not be supported on old devices. Callers MUST check if an algorithm is supported before using it.

Returns
`Set<String>`	This value cannot be `null`.

getTruncationLengthBits

Added in API level 28

public int getTruncationLengthBits ()

Get the truncation length of this algorithm, in bits

Returns
`int`

toString

Added in API level 28

public String toString ()

Returns a string representation of the object.

Returns
`String`	This value cannot be `null`.

writeToParcel

Added in API level 28

public void writeToParcel (Parcel out, 
                int flags)

Write to parcel

Parameters
`out`	`Parcel`: The Parcel in which the object should be written. This value cannot be `null`.
`flags`	`int`: Additional flags about how the object should be written. May be 0 or `Parcelable.PARCELABLE_WRITE_RETURN_VALUE`. Value is either `0` or a combination of `Parcelable.PARCELABLE_WRITE_RETURN_VALUE`, and android.os.Parcelable.PARCELABLE_ELIDE_DUPLICATES