Add support for AES-GCM-ESP as an IPSec algorithm (0febe5ec) · Commits · e / os / android_frameworks_base

api/current.txt

+2 −0

Original line number	Diff line number	Diff line
		@@ -25559,6 +25559,7 @@ package android.net {
		method public java.lang.String getName();
		method public int getTruncationLengthBits();
		method public void writeToParcel(android.os.Parcel, int);
		field public static final java.lang.String AUTH_CRYPT_AES_GCM = "rfc4106(gcm(aes))";
		field public static final java.lang.String AUTH_HMAC_MD5 = "hmac(md5)";
		field public static final java.lang.String AUTH_HMAC_SHA1 = "hmac(sha1)";
		field public static final java.lang.String AUTH_HMAC_SHA256 = "hmac(sha256)";
		@@ -25606,6 +25607,7 @@ package android.net {
		public static class IpSecTransform.Builder {
		ctor public IpSecTransform.Builder(android.content.Context);
		method public android.net.IpSecTransform buildTransportModeTransform(java.net.InetAddress) throws java.io.IOException, android.net.IpSecManager.ResourceUnavailableException, android.net.IpSecManager.SpiUnavailableException;
		method public android.net.IpSecTransform.Builder setAuthenticatedEncryption(int, android.net.IpSecAlgorithm);
		method public android.net.IpSecTransform.Builder setAuthentication(int, android.net.IpSecAlgorithm);
		method public android.net.IpSecTransform.Builder setEncryption(int, android.net.IpSecAlgorithm);
		method public android.net.IpSecTransform.Builder setIpv4Encapsulation(android.net.IpSecManager.UdpEncapsulationSocket, int);

api/system-current.txt

+2 −0

Original line number	Diff line number	Diff line
		@@ -27755,6 +27755,7 @@ package android.net {
		method public java.lang.String getName();
		method public int getTruncationLengthBits();
		method public void writeToParcel(android.os.Parcel, int);
		field public static final java.lang.String AUTH_CRYPT_AES_GCM = "rfc4106(gcm(aes))";
		field public static final java.lang.String AUTH_HMAC_MD5 = "hmac(md5)";
		field public static final java.lang.String AUTH_HMAC_SHA1 = "hmac(sha1)";
		field public static final java.lang.String AUTH_HMAC_SHA256 = "hmac(sha256)";
		@@ -27802,6 +27803,7 @@ package android.net {
		public static class IpSecTransform.Builder {
		ctor public IpSecTransform.Builder(android.content.Context);
		method public android.net.IpSecTransform buildTransportModeTransform(java.net.InetAddress) throws java.io.IOException, android.net.IpSecManager.ResourceUnavailableException, android.net.IpSecManager.SpiUnavailableException;
		method public android.net.IpSecTransform.Builder setAuthenticatedEncryption(int, android.net.IpSecAlgorithm);
		method public android.net.IpSecTransform.Builder setAuthentication(int, android.net.IpSecAlgorithm);
		method public android.net.IpSecTransform.Builder setEncryption(int, android.net.IpSecAlgorithm);
		method public android.net.IpSecTransform.Builder setIpv4Encapsulation(android.net.IpSecManager.UdpEncapsulationSocket, int);

api/test-current.txt

+2 −0

Original line number	Diff line number	Diff line
		@@ -25668,6 +25668,7 @@ package android.net {
		method public java.lang.String getName();
		method public int getTruncationLengthBits();
		method public void writeToParcel(android.os.Parcel, int);
		field public static final java.lang.String AUTH_CRYPT_AES_GCM = "rfc4106(gcm(aes))";
		field public static final java.lang.String AUTH_HMAC_MD5 = "hmac(md5)";
		field public static final java.lang.String AUTH_HMAC_SHA1 = "hmac(sha1)";
		field public static final java.lang.String AUTH_HMAC_SHA256 = "hmac(sha256)";
		@@ -25715,6 +25716,7 @@ package android.net {
		public static class IpSecTransform.Builder {
		ctor public IpSecTransform.Builder(android.content.Context);
		method public android.net.IpSecTransform buildTransportModeTransform(java.net.InetAddress) throws java.io.IOException, android.net.IpSecManager.ResourceUnavailableException, android.net.IpSecManager.SpiUnavailableException;
		method public android.net.IpSecTransform.Builder setAuthenticatedEncryption(int, android.net.IpSecAlgorithm);
		method public android.net.IpSecTransform.Builder setAuthentication(int, android.net.IpSecAlgorithm);
		method public android.net.IpSecTransform.Builder setEncryption(int, android.net.IpSecAlgorithm);
		method public android.net.IpSecTransform.Builder setIpv4Encapsulation(android.net.IpSecManager.UdpEncapsulationSocket, int);

core/java/android/net/IpSecAlgorithm.java

+21 −3

Original line number	Diff line number	Diff line
		@@ -31,7 +31,6 @@ import java.util.Arrays;
		* RFC 4301.
		*/
		public final class IpSecAlgorithm implements Parcelable {

		/**
		* AES-CBC Encryption/Ciphering Algorithm.
		*
		@@ -68,6 +67,7 @@ public final class IpSecAlgorithm implements Parcelable {
		* <p>Valid truncation lengths are multiples of 8 bits from 192 to (default) 384.
		*/
		public static final String AUTH_HMAC_SHA384 = "hmac(sha384)";

		/**
		* SHA512 HMAC Authentication/Integrity Algorithm
		*
		@@ -75,8 +75,24 @@ public final class IpSecAlgorithm implements Parcelable {
		*/
		public static final String AUTH_HMAC_SHA512 = "hmac(sha512)";

		/**
		* AES-GCM Authentication/Integrity + Encryption/Ciphering Algorithm.
		*
		* <p>Valid lengths for this key are {128, 192, 256}.
		*
		* <p>Valid ICV (truncation) lengths are {64, 96, 128}.
		*/
		public static final String AUTH_CRYPT_AES_GCM = "rfc4106(gcm(aes))";

		/** @hide */
		@StringDef({CRYPT_AES_CBC, AUTH_HMAC_MD5, AUTH_HMAC_SHA1, AUTH_HMAC_SHA256, AUTH_HMAC_SHA512})
		@StringDef({
		CRYPT_AES_CBC,
		AUTH_HMAC_MD5,
		AUTH_HMAC_SHA1,
		AUTH_HMAC_SHA256,
		AUTH_HMAC_SHA512,
		AUTH_CRYPT_AES_GCM
		})
		@Retention(RetentionPolicy.SOURCE)
		public @interface AlgorithmName {}

		@@ -102,7 +118,7 @@ public final class IpSecAlgorithm implements Parcelable {
		* @param algoName precise name of the algorithm to be used.
		* @param key non-null Key padded to a multiple of 8 bits.
		* @param truncLenBits the number of bits of output hash to use; only meaningful for
		* Authentication.
		* Authentication or Authenticated Encryption (equivalent to ICV length).
		*/
		public IpSecAlgorithm(@AlgorithmName String algoName, byte[] key, int truncLenBits) {
		if (!isTruncationLengthValid(algoName, truncLenBits)) {
		@@ -175,6 +191,8 @@ public final class IpSecAlgorithm implements Parcelable {
		return (truncLenBits >= 192 && truncLenBits <= 384);
		case AUTH_HMAC_SHA512:
		return (truncLenBits >= 256 && truncLenBits <= 512);
		case AUTH_CRYPT_AES_GCM:
		return (truncLenBits == 64 \|\| truncLenBits == 96 \|\| truncLenBits == 128);
		default:
		return false;
		}

core/java/android/net/IpSecConfig.java

+20 −0

Original line number	Diff line number	Diff line
		@@ -50,6 +50,9 @@ public final class IpSecConfig implements Parcelable {
		// Authentication Algorithm
		private IpSecAlgorithm mAuthentication;

		// Authenticated Encryption Algorithm
		private IpSecAlgorithm mAuthenticatedEncryption;

		@Override
		public String toString() {
		return new StringBuilder()
		@@ -59,6 +62,8 @@ public final class IpSecConfig implements Parcelable {
		.append(mEncryption)
		.append(", mAuthentication=")
		.append(mAuthentication)
		.append(", mAuthenticatedEncryption=")
		.append(mAuthenticatedEncryption)
		.append("}")
		.toString();
		}
		@@ -118,6 +123,11 @@ public final class IpSecConfig implements Parcelable {
		mFlow[direction].mAuthentication = authentication;
		}

		/** Set the authenticated encryption algorithm for a given direction */
		public void setAuthenticatedEncryption(int direction, IpSecAlgorithm authenticatedEncryption) {
		mFlow[direction].mAuthenticatedEncryption = authenticatedEncryption;
		}

		public void setNetwork(Network network) {
		mNetwork = network;
		}
		@@ -163,6 +173,10 @@ public final class IpSecConfig implements Parcelable {
		return mFlow[direction].mAuthentication;
		}

		public IpSecAlgorithm getAuthenticatedEncryption(int direction) {
		return mFlow[direction].mAuthenticatedEncryption;
		}

		public Network getNetwork() {
		return mNetwork;
		}
		@@ -199,9 +213,11 @@ public final class IpSecConfig implements Parcelable {
		out.writeInt(mFlow[IpSecTransform.DIRECTION_IN].mSpiResourceId);
		out.writeParcelable(mFlow[IpSecTransform.DIRECTION_IN].mEncryption, flags);
		out.writeParcelable(mFlow[IpSecTransform.DIRECTION_IN].mAuthentication, flags);
		out.writeParcelable(mFlow[IpSecTransform.DIRECTION_IN].mAuthenticatedEncryption, flags);
		out.writeInt(mFlow[IpSecTransform.DIRECTION_OUT].mSpiResourceId);
		out.writeParcelable(mFlow[IpSecTransform.DIRECTION_OUT].mEncryption, flags);
		out.writeParcelable(mFlow[IpSecTransform.DIRECTION_OUT].mAuthentication, flags);
		out.writeParcelable(mFlow[IpSecTransform.DIRECTION_OUT].mAuthenticatedEncryption, flags);
		out.writeInt(mEncapType);
		out.writeInt(mEncapSocketResourceId);
		out.writeInt(mEncapRemotePort);
		@@ -221,11 +237,15 @@ public final class IpSecConfig implements Parcelable {
		(IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader());
		mFlow[IpSecTransform.DIRECTION_IN].mAuthentication =
		(IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader());
		mFlow[IpSecTransform.DIRECTION_IN].mAuthenticatedEncryption =
		(IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader());
		mFlow[IpSecTransform.DIRECTION_OUT].mSpiResourceId = in.readInt();
		mFlow[IpSecTransform.DIRECTION_OUT].mEncryption =
		(IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader());
		mFlow[IpSecTransform.DIRECTION_OUT].mAuthentication =
		(IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader());
		mFlow[IpSecTransform.DIRECTION_OUT].mAuthenticatedEncryption =
		(IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader());
		mEncapType = in.readInt();
		mEncapSocketResourceId = in.readInt();
		mEncapRemotePort = in.readInt();