IpSecAlgorithm

public final class IpSecAlgorithm
extends Object implements Parcelable

java.lang.Object
   ↳ android.net.IpSecAlgorithm


This class represents a single algorithm that can be used by an IpSecTransform.

Summary

Constants

String AUTH_AES_CMAC

AES-CMAC Authentication/Integrity Algorithm.

String AUTH_AES_XCBC

AES-XCBC Authentication/Integrity Algorithm.

String AUTH_CRYPT_AES_GCM

AES-GCM Authentication/Integrity + Encryption/Ciphering Algorithm.

String AUTH_CRYPT_CHACHA20_POLY1305

ChaCha20-Poly1305 Authentication/Integrity + Encryption/Ciphering Algorithm.

String AUTH_HMAC_MD5

MD5 HMAC Authentication/Integrity Algorithm.

String AUTH_HMAC_SHA1

SHA1 HMAC Authentication/Integrity Algorithm.

String AUTH_HMAC_SHA256

SHA256 HMAC Authentication/Integrity Algorithm.

String AUTH_HMAC_SHA384

SHA384 HMAC Authentication/Integrity Algorithm.

String AUTH_HMAC_SHA512

SHA512 HMAC Authentication/Integrity Algorithm.

String CRYPT_AES_CBC

AES-CBC Encryption/Ciphering Algorithm.

String CRYPT_AES_CTR

AES-CTR Encryption/Ciphering Algorithm.

Inherited constants

Fields

public static final Creator<IpSecAlgorithm> CREATOR

Parcelable Creator

Public constructors

IpSecAlgorithm(String algorithm, byte[] key)

Creates an IpSecAlgorithm of one of the supported types.

IpSecAlgorithm(String algorithm, byte[] key, int truncLenBits)

Creates an IpSecAlgorithm of one of the supported types.

Public methods

int describeContents()

Parcelable Implementation

byte[] getKey()

Get the key for this algorithm

String getName()

Get the algorithm name

static Set<String> getSupportedAlgorithms()

Returns supported IPsec algorithms for the current device.

int getTruncationLengthBits()

Get the truncation length of this algorithm, in bits

String toString()

Returns a string representation of the object.

void writeToParcel(Parcel out, int flags)

Write to parcel

Inherited methods

Constants

AUTH_AES_CMAC

Added in API level 31
public static final String AUTH_AES_CMAC

AES-CMAC Authentication/Integrity Algorithm.

Keys for this algorithm must be 128 bits in length.

The only valid truncation length is 96 bits.

This algorithm may be available on the device. Caller MUST check if it is supported before using it by calling getSupportedAlgorithms() and checking if this algorithm is included in the returned algorithm set. The returned algorithm set will not change unless the device is rebooted. IllegalArgumentException will be thrown if this algorithm is requested on an unsupported device.

@see getSupportedAlgorithms()

Constant Value: "cmac(aes)"

AUTH_AES_XCBC

Added in API level 31
public static final String AUTH_AES_XCBC

AES-XCBC Authentication/Integrity Algorithm.

Keys for this algorithm must be 128 bits in length.

The only valid truncation length is 96 bits.

This algorithm may be available on the device. Caller MUST check if it is supported before using it by calling getSupportedAlgorithms() and checking if this algorithm is included in the returned algorithm set. The returned algorithm set will not change unless the device is rebooted. IllegalArgumentException will be thrown if this algorithm is requested on an unsupported device.

@see getSupportedAlgorithms()

Constant Value: "xcbc(aes)"

AUTH_CRYPT_AES_GCM

Added in API level 28
public static final String AUTH_CRYPT_AES_GCM

AES-GCM Authentication/Integrity + Encryption/Ciphering Algorithm.

Valid lengths for keying material are {160, 224, 288}.

As per RFC4106 (Section 8.1), keying material consists of a 128, 192, or 256 bit AES key followed by a 32-bit salt. RFC compliance requires that the salt must be unique per invocation with the same key.

Valid ICV (truncation) lengths are {64, 96, 128}.

Constant Value: "rfc4106(gcm(aes))"

AUTH_CRYPT_CHACHA20_POLY1305

Added in API level 31
public static final String AUTH_CRYPT_CHACHA20_POLY1305

ChaCha20-Poly1305 Authentication/Integrity + Encryption/Ciphering Algorithm.

Keys for this algorithm must be 288 bits in length.

As per RFC7634 (Section 2), keying material consists of a 256 bit key followed by a 32-bit salt. The salt is fixed per security association.

The only valid ICV (truncation) length is 128 bits.

This algorithm may be available on the device. Caller MUST check if it is supported before using it by calling getSupportedAlgorithms() and checking if this algorithm is included in the returned algorithm set. The returned algorithm set will not change unless the device is rebooted. IllegalArgumentException will be thrown if this algorithm is requested on an unsupported device.

@see getSupportedAlgorithms()

Constant Value: "rfc7539esp(chacha20,poly1305)"

AUTH_HMAC_MD5

Added in API level 28
public static final String AUTH_HMAC_MD5

MD5 HMAC Authentication/Integrity Algorithm. This algorithm is not recommended for use in new applications and is provided for legacy compatibility with 3gpp infrastructure.

Keys for this algorithm must be 128 bits in length.

Valid truncation lengths are multiples of 8 bits from 96 to 128.

Constant Value: "hmac(md5)"

AUTH_HMAC_SHA1

Added in API level 28
public static final String AUTH_HMAC_SHA1

SHA1 HMAC Authentication/Integrity Algorithm. This algorithm is not recommended for use in new applications and is provided for legacy compatibility with 3gpp infrastructure.

Keys for this algorithm must be 160 bits in length.

Valid truncation lengths are multiples of 8 bits from 96 to 160.

Constant Value: "hmac(sha1)"

AUTH_HMAC_SHA256

Added in API level 28
public static final String AUTH_HMAC_SHA256

SHA256 HMAC Authentication/Integrity Algorithm.

Keys for this algorithm must be 256 bits in length.

Valid truncation lengths are multiples of 8 bits from 96 to 256.

Constant Value: "hmac(sha256)"

AUTH_HMAC_SHA384

Added in API level 28
public static final String AUTH_HMAC_SHA384

SHA384 HMAC Authentication/Integrity Algorithm.

Keys for this algorithm must be 384 bits in length.

Valid truncation lengths are multiples of 8 bits from 192 to 384.

Constant Value: "hmac(sha384)"

AUTH_HMAC_SHA512

Added in API level 28
public static final String AUTH_HMAC_SHA512

SHA512 HMAC Authentication/Integrity Algorithm.

Keys for this algorithm must be 512 bits in length.

Valid truncation lengths are multiples of 8 bits from 256 to 512.

Constant Value: "hmac(sha512)"

CRYPT_AES_CBC

Added in API level 28
public static final String CRYPT_AES_CBC

AES-CBC Encryption/Ciphering Algorithm.

Valid lengths for this key are {128, 192, 256}.

Constant Value: "cbc(aes)"

CRYPT_AES_CTR

Added in API level 31
public static final String CRYPT_AES_CTR

AES-CTR Encryption/Ciphering Algorithm.

Valid lengths for keying material are {160, 224, 288}.

As per RFC3686 (Section 5.1), keying material consists of a 128, 192, or 256 bit AES key followed by a 32-bit nonce. RFC compliance requires that the nonce must be unique per security association.

This algorithm may be available on the device. Caller MUST check if it is supported before using it by calling getSupportedAlgorithms() and checking if this algorithm is included in the returned algorithm set. The returned algorithm set will not change unless the device is rebooted. IllegalArgumentException will be thrown if this algorithm is requested on an unsupported device.

@see getSupportedAlgorithms()

Constant Value: "rfc3686(ctr(aes))"

Fields

CREATOR

Added in API level 28
public static final Creator<IpSecAlgorithm> CREATOR

Parcelable Creator

Public constructors

IpSecAlgorithm

Added in API level 28
public IpSecAlgorithm (String algorithm, 
                byte[] key)

Creates an IpSecAlgorithm of one of the supported types. Supported algorithm names are defined as constants in this class.

For algorithms that produce an integrity check value, the truncation length is a required parameter. See IpSecAlgorithm(java.lang.String, byte[], int)

Parameters
algorithm String: name of the algorithm. This value cannot be null. Value is CRYPT_AES_CBC, CRYPT_AES_CTR, AUTH_HMAC_MD5, AUTH_HMAC_SHA1, AUTH_HMAC_SHA256, AUTH_HMAC_SHA384, AUTH_HMAC_SHA512, AUTH_AES_XCBC, AUTH_AES_CMAC, AUTH_CRYPT_AES_GCM, or AUTH_CRYPT_CHACHA20_POLY1305

key byte: key padded to a multiple of 8 bits. This value cannot be null.

Throws
IllegalArgumentException if algorithm or key length is invalid.

IpSecAlgorithm

Added in API level 28
public IpSecAlgorithm (String algorithm, 
                byte[] key, 
                int truncLenBits)

Creates an IpSecAlgorithm of one of the supported types. Supported algorithm names are defined as constants in this class.

This constructor only supports algorithms that use a truncation length. i.e. Authentication and Authenticated Encryption algorithms.

Parameters
algorithm String: name of the algorithm. This value cannot be null. Value is CRYPT_AES_CBC, CRYPT_AES_CTR, AUTH_HMAC_MD5, AUTH_HMAC_SHA1, AUTH_HMAC_SHA256, AUTH_HMAC_SHA384, AUTH_HMAC_SHA512, AUTH_AES_XCBC, AUTH_AES_CMAC, AUTH_CRYPT_AES_GCM, or AUTH_CRYPT_CHACHA20_POLY1305

key byte: key padded to a multiple of 8 bits. This value cannot be null.

truncLenBits int: number of bits of output hash to use.

Throws
IllegalArgumentException if algorithm, key length or truncation length is invalid.

Public methods

describeContents

Added in API level 28
public int describeContents ()

Parcelable Implementation

Returns
int a bitmask indicating the set of special object types marshaled by this Parcelable object instance. Value is either 0 or CONTENTS_FILE_DESCRIPTOR

getKey

Added in API level 28
public byte[] getKey ()

Get the key for this algorithm

Returns
byte[] This value cannot be null.

getName

Added in API level 28
public String getName ()

Get the algorithm name

Returns
String This value cannot be null.

getSupportedAlgorithms

Added in API level 31
public static Set<String> getSupportedAlgorithms ()

Returns supported IPsec algorithms for the current device.

Some algorithms may not be supported on old devices. Callers MUST check if an algorithm is supported before using it.

Returns
Set<String> This value cannot be null.

getTruncationLengthBits

Added in API level 28
public int getTruncationLengthBits ()

Get the truncation length of this algorithm, in bits

Returns
int

toString

Added in API level 28
public String toString ()

Returns a string representation of the object.

Returns
String This value cannot be null.

writeToParcel

Added in API level 28
public void writeToParcel (Parcel out, 
                int flags)

Write to parcel

Parameters
out Parcel: The Parcel in which the object should be written. This value cannot be null.

flags int: Additional flags about how the object should be written. May be 0 or Parcelable.PARCELABLE_WRITE_RETURN_VALUE. Value is either 0 or a combination of Parcelable.PARCELABLE_WRITE_RETURN_VALUE, and android.os.Parcelable.PARCELABLE_ELIDE_DUPLICATES