IpSecAlgorithm
public
final
class
IpSecAlgorithm
extends Object
implements
Parcelable
java.lang.Object | |
↳ | android.net.IpSecAlgorithm |
This class represents a single algorithm that can be used by an IpSecTransform
.
Summary
Constants | |
---|---|
String |
AUTH_AES_CMAC
AES-CMAC Authentication/Integrity Algorithm. |
String |
AUTH_AES_XCBC
AES-XCBC Authentication/Integrity Algorithm. |
String |
AUTH_CRYPT_AES_GCM
AES-GCM Authentication/Integrity + Encryption/Ciphering Algorithm. |
String |
AUTH_CRYPT_CHACHA20_POLY1305
ChaCha20-Poly1305 Authentication/Integrity + Encryption/Ciphering Algorithm. |
String |
AUTH_HMAC_MD5
MD5 HMAC Authentication/Integrity Algorithm. |
String |
AUTH_HMAC_SHA1
SHA1 HMAC Authentication/Integrity Algorithm. |
String |
AUTH_HMAC_SHA256
SHA256 HMAC Authentication/Integrity Algorithm. |
String |
AUTH_HMAC_SHA384
SHA384 HMAC Authentication/Integrity Algorithm. |
String |
AUTH_HMAC_SHA512
SHA512 HMAC Authentication/Integrity Algorithm. |
String |
CRYPT_AES_CBC
AES-CBC Encryption/Ciphering Algorithm. |
String |
CRYPT_AES_CTR
AES-CTR Encryption/Ciphering Algorithm. |
Inherited constants |
---|
Fields | |
---|---|
public
static
final
Creator<IpSecAlgorithm> |
CREATOR
Parcelable Creator |
Public constructors | |
---|---|
IpSecAlgorithm(String algorithm, byte[] key)
Creates an IpSecAlgorithm of one of the supported types. |
|
IpSecAlgorithm(String algorithm, byte[] key, int truncLenBits)
Creates an IpSecAlgorithm of one of the supported types. |
Public methods | |
---|---|
int
|
describeContents()
Parcelable Implementation |
byte[]
|
getKey()
Get the key for this algorithm |
String
|
getName()
Get the algorithm name |
static
Set<String>
|
getSupportedAlgorithms()
Returns supported IPsec algorithms for the current device. |
int
|
getTruncationLengthBits()
Get the truncation length of this algorithm, in bits |
String
|
toString()
Returns a string representation of the object. |
void
|
writeToParcel(Parcel out, int flags)
Write to parcel |
Inherited methods | |
---|---|
Constants
AUTH_AES_CMAC
public static final String AUTH_AES_CMAC
AES-CMAC Authentication/Integrity Algorithm.
Keys for this algorithm must be 128 bits in length.
The only valid truncation length is 96 bits.
This algorithm may be available on the device. Caller MUST check if it is supported before
using it by calling getSupportedAlgorithms()
and checking if this algorithm is
included in the returned algorithm set. The returned algorithm set will not change unless the
device is rebooted. IllegalArgumentException
will be thrown if this algorithm is
requested on an unsupported device.
Constant Value: "cmac(aes)"
AUTH_AES_XCBC
public static final String AUTH_AES_XCBC
AES-XCBC Authentication/Integrity Algorithm.
Keys for this algorithm must be 128 bits in length.
The only valid truncation length is 96 bits.
This algorithm may be available on the device. Caller MUST check if it is supported before
using it by calling getSupportedAlgorithms()
and checking if this algorithm is
included in the returned algorithm set. The returned algorithm set will not change unless the
device is rebooted. IllegalArgumentException
will be thrown if this algorithm is
requested on an unsupported device.
Constant Value: "xcbc(aes)"
AUTH_CRYPT_AES_GCM
public static final String AUTH_CRYPT_AES_GCM
AES-GCM Authentication/Integrity + Encryption/Ciphering Algorithm.
Valid lengths for keying material are {160, 224, 288}.
As per RFC4106 (Section 8.1), keying material consists of a 128, 192, or 256 bit AES key followed by a 32-bit salt. RFC compliance requires that the salt must be unique per invocation with the same key.
Valid ICV (truncation) lengths are {64, 96, 128}.
Constant Value: "rfc4106(gcm(aes))"
AUTH_CRYPT_CHACHA20_POLY1305
public static final String AUTH_CRYPT_CHACHA20_POLY1305
ChaCha20-Poly1305 Authentication/Integrity + Encryption/Ciphering Algorithm.
Keys for this algorithm must be 288 bits in length.
As per RFC7634 (Section 2), keying material consists of a 256 bit key followed by a 32-bit salt. The salt is fixed per security association.
The only valid ICV (truncation) length is 128 bits.
This algorithm may be available on the device. Caller MUST check if it is supported before
using it by calling getSupportedAlgorithms()
and checking if this algorithm is
included in the returned algorithm set. The returned algorithm set will not change unless the
device is rebooted. IllegalArgumentException
will be thrown if this algorithm is
requested on an unsupported device.
Constant Value: "rfc7539esp(chacha20,poly1305)"
AUTH_HMAC_MD5
public static final String AUTH_HMAC_MD5
MD5 HMAC Authentication/Integrity Algorithm. This algorithm is not recommended for use in new applications and is provided for legacy compatibility with 3gpp infrastructure.
Keys for this algorithm must be 128 bits in length.
Valid truncation lengths are multiples of 8 bits from 96 to 128.
Constant Value: "hmac(md5)"
AUTH_HMAC_SHA1
public static final String AUTH_HMAC_SHA1
SHA1 HMAC Authentication/Integrity Algorithm. This algorithm is not recommended for use in new applications and is provided for legacy compatibility with 3gpp infrastructure.
Keys for this algorithm must be 160 bits in length.
Valid truncation lengths are multiples of 8 bits from 96 to 160.
Constant Value: "hmac(sha1)"
AUTH_HMAC_SHA256
public static final String AUTH_HMAC_SHA256
SHA256 HMAC Authentication/Integrity Algorithm.
Keys for this algorithm must be 256 bits in length.
Valid truncation lengths are multiples of 8 bits from 96 to 256.
Constant Value: "hmac(sha256)"
AUTH_HMAC_SHA384
public static final String AUTH_HMAC_SHA384
SHA384 HMAC Authentication/Integrity Algorithm.
Keys for this algorithm must be 384 bits in length.
Valid truncation lengths are multiples of 8 bits from 192 to 384.
Constant Value: "hmac(sha384)"
AUTH_HMAC_SHA512
public static final String AUTH_HMAC_SHA512
SHA512 HMAC Authentication/Integrity Algorithm.
Keys for this algorithm must be 512 bits in length.
Valid truncation lengths are multiples of 8 bits from 256 to 512.
Constant Value: "hmac(sha512)"
CRYPT_AES_CBC
public static final String CRYPT_AES_CBC
AES-CBC Encryption/Ciphering Algorithm.
Valid lengths for this key are {128, 192, 256}.
Constant Value: "cbc(aes)"
CRYPT_AES_CTR
public static final String CRYPT_AES_CTR
AES-CTR Encryption/Ciphering Algorithm.
Valid lengths for keying material are {160, 224, 288}.
As per RFC3686 (Section 5.1), keying material consists of a 128, 192, or 256 bit AES key followed by a 32-bit nonce. RFC compliance requires that the nonce must be unique per security association.
This algorithm may be available on the device. Caller MUST check if it is supported before
using it by calling getSupportedAlgorithms()
and checking if this algorithm is
included in the returned algorithm set. The returned algorithm set will not change unless the
device is rebooted. IllegalArgumentException
will be thrown if this algorithm is
requested on an unsupported device.
Constant Value: "rfc3686(ctr(aes))"
Fields
CREATOR
public static final Creator<IpSecAlgorithm> CREATOR
Parcelable Creator
Public constructors
IpSecAlgorithm
public IpSecAlgorithm (String algorithm, byte[] key)
Creates an IpSecAlgorithm of one of the supported types. Supported algorithm names are defined as constants in this class.
For algorithms that produce an integrity check value, the truncation length is a required
parameter. See IpSecAlgorithm(java.lang.String, byte[], int)
Parameters | |
---|---|
algorithm |
String : name of the algorithm.
This value cannot be null .
Value is CRYPT_AES_CBC , CRYPT_AES_CTR , AUTH_HMAC_MD5 , AUTH_HMAC_SHA1 , AUTH_HMAC_SHA256 , AUTH_HMAC_SHA384 , AUTH_HMAC_SHA512 , AUTH_AES_XCBC , AUTH_AES_CMAC , AUTH_CRYPT_AES_GCM , or AUTH_CRYPT_CHACHA20_POLY1305 |
key |
byte : key padded to a multiple of 8 bits.
This value cannot be null . |
Throws | |
---|---|
IllegalArgumentException |
if algorithm or key length is invalid. |
IpSecAlgorithm
public IpSecAlgorithm (String algorithm, byte[] key, int truncLenBits)
Creates an IpSecAlgorithm of one of the supported types. Supported algorithm names are defined as constants in this class.
This constructor only supports algorithms that use a truncation length. i.e. Authentication and Authenticated Encryption algorithms.
Parameters | |
---|---|
algorithm |
String : name of the algorithm.
This value cannot be null .
Value is CRYPT_AES_CBC , CRYPT_AES_CTR , AUTH_HMAC_MD5 , AUTH_HMAC_SHA1 , AUTH_HMAC_SHA256 , AUTH_HMAC_SHA384 , AUTH_HMAC_SHA512 , AUTH_AES_XCBC , AUTH_AES_CMAC , AUTH_CRYPT_AES_GCM , or AUTH_CRYPT_CHACHA20_POLY1305 |
key |
byte : key padded to a multiple of 8 bits.
This value cannot be null . |
truncLenBits |
int : number of bits of output hash to use. |
Throws | |
---|---|
IllegalArgumentException |
if algorithm, key length or truncation length is invalid. |
Public methods
describeContents
public int describeContents ()
Parcelable Implementation
Returns | |
---|---|
int |
a bitmask indicating the set of special object types marshaled
by this Parcelable object instance.
Value is either 0 or CONTENTS_FILE_DESCRIPTOR |
getKey
public byte[] getKey ()
Get the key for this algorithm
Returns | |
---|---|
byte[] |
This value cannot be null . |
getName
public String getName ()
Get the algorithm name
Returns | |
---|---|
String |
This value cannot be null . |
getSupportedAlgorithms
public static Set<String> getSupportedAlgorithms ()
Returns supported IPsec algorithms for the current device.
Some algorithms may not be supported on old devices. Callers MUST check if an algorithm is supported before using it.
Returns | |
---|---|
Set<String> |
This value cannot be null . |
getTruncationLengthBits
public int getTruncationLengthBits ()
Get the truncation length of this algorithm, in bits
Returns | |
---|---|
int |
toString
public String toString ()
Returns a string representation of the object.
Returns | |
---|---|
String |
This value cannot be null . |
writeToParcel
public void writeToParcel (Parcel out, int flags)
Write to parcel
Parameters | |
---|---|
out |
Parcel : The Parcel in which the object should be written.
This value cannot be null . |
flags |
int : Additional flags about how the object should be written.
May be 0 or Parcelable.PARCELABLE_WRITE_RETURN_VALUE .
Value is either 0 or a combination of Parcelable.PARCELABLE_WRITE_RETURN_VALUE , and android.os.Parcelable.PARCELABLE_ELIDE_DUPLICATES |