Loading core/api/current.txt +1 −0 Original line number Original line Diff line number Diff line Loading @@ -24875,6 +24875,7 @@ package android.net { method @NonNull public static java.util.Set<java.lang.String> getSupportedAlgorithms(); method @NonNull public static java.util.Set<java.lang.String> getSupportedAlgorithms(); method public int getTruncationLengthBits(); method public int getTruncationLengthBits(); method public void writeToParcel(android.os.Parcel, int); method public void writeToParcel(android.os.Parcel, int); field public static final String AUTH_AES_CMAC = "cmac(aes)"; field public static final String AUTH_AES_XCBC = "xcbc(aes)"; field public static final String AUTH_AES_XCBC = "xcbc(aes)"; field public static final String AUTH_CRYPT_AES_GCM = "rfc4106(gcm(aes))"; field public static final String AUTH_CRYPT_AES_GCM = "rfc4106(gcm(aes))"; field public static final String AUTH_CRYPT_CHACHA20_POLY1305 = "rfc7539esp(chacha20,poly1305)"; field public static final String AUTH_CRYPT_CHACHA20_POLY1305 = "rfc7539esp(chacha20,poly1305)"; core/java/android/net/IpSecAlgorithm.java +26 −0 Original line number Original line Diff line number Diff line Loading @@ -145,6 +145,25 @@ public final class IpSecAlgorithm implements Parcelable { // to be available on devices first shipped with Android 12 or later. // to be available on devices first shipped with Android 12 or later. public static final String AUTH_AES_XCBC = "xcbc(aes)"; public static final String AUTH_AES_XCBC = "xcbc(aes)"; /** * AES-CMAC Authentication/Integrity Algorithm. * * <p>Keys for this algorithm must be 128 bits in length. * * <p>The only valid truncation length is 96 bits. * * <p>This algorithm may be available on the device. Caller MUST check if it is supported before * using it by calling {@link #getSupportedAlgorithms()} and checking if this algorithm is * included in the returned algorithm set. The returned algorithm set will not change unless the * device is rebooted. {@link IllegalArgumentException} will be thrown if this algorithm is * requested on an unsupported device. * * <p>@see {@link #getSupportedAlgorithms()} */ // This algorithm may be available on devices released before Android 12, and is guaranteed // to be available on devices first shipped with Android 12 or later. public static final String AUTH_AES_CMAC = "cmac(aes)"; /** /** * AES-GCM Authentication/Integrity + Encryption/Ciphering Algorithm. * AES-GCM Authentication/Integrity + Encryption/Ciphering Algorithm. * * Loading Loading @@ -191,6 +210,7 @@ public final class IpSecAlgorithm implements Parcelable { AUTH_HMAC_SHA384, AUTH_HMAC_SHA384, AUTH_HMAC_SHA512, AUTH_HMAC_SHA512, AUTH_AES_XCBC, AUTH_AES_XCBC, AUTH_AES_CMAC, AUTH_CRYPT_AES_GCM, AUTH_CRYPT_AES_GCM, AUTH_CRYPT_CHACHA20_POLY1305 AUTH_CRYPT_CHACHA20_POLY1305 }) }) Loading @@ -215,6 +235,7 @@ public final class IpSecAlgorithm implements Parcelable { // STOPSHIP: b/170424293 Use Build.VERSION_CODES.S when it is defined // STOPSHIP: b/170424293 Use Build.VERSION_CODES.S when it is defined ALGO_TO_REQUIRED_FIRST_SDK.put(CRYPT_AES_CTR, Build.VERSION_CODES.R + 1); ALGO_TO_REQUIRED_FIRST_SDK.put(CRYPT_AES_CTR, Build.VERSION_CODES.R + 1); ALGO_TO_REQUIRED_FIRST_SDK.put(AUTH_AES_XCBC, Build.VERSION_CODES.R + 1); ALGO_TO_REQUIRED_FIRST_SDK.put(AUTH_AES_XCBC, Build.VERSION_CODES.R + 1); ALGO_TO_REQUIRED_FIRST_SDK.put(AUTH_AES_CMAC, Build.VERSION_CODES.R + 1); ALGO_TO_REQUIRED_FIRST_SDK.put(AUTH_CRYPT_CHACHA20_POLY1305, Build.VERSION_CODES.R + 1); ALGO_TO_REQUIRED_FIRST_SDK.put(AUTH_CRYPT_CHACHA20_POLY1305, Build.VERSION_CODES.R + 1); } } Loading Loading @@ -383,6 +404,10 @@ public final class IpSecAlgorithm implements Parcelable { isValidLen = keyLen == 128; isValidLen = keyLen == 128; isValidTruncLen = truncLen == 96; isValidTruncLen = truncLen == 96; break; break; case AUTH_AES_CMAC: isValidLen = keyLen == 128; isValidTruncLen = truncLen == 96; break; case AUTH_CRYPT_AES_GCM: case AUTH_CRYPT_AES_GCM: // The keying material for GCM is a key plus a 32-bit salt // The keying material for GCM is a key plus a 32-bit salt isValidLen = keyLen == 128 + 32 || keyLen == 192 + 32 || keyLen == 256 + 32; isValidLen = keyLen == 128 + 32 || keyLen == 192 + 32 || keyLen == 256 + 32; Loading Loading @@ -416,6 +441,7 @@ public final class IpSecAlgorithm implements Parcelable { case AUTH_HMAC_SHA384: case AUTH_HMAC_SHA384: case AUTH_HMAC_SHA512: case AUTH_HMAC_SHA512: case AUTH_AES_XCBC: case AUTH_AES_XCBC: case AUTH_AES_CMAC: return true; return true; default: default: return false; return false; Loading core/res/res/values/config.xml +1 −1 Original line number Original line Diff line number Diff line Loading @@ -1691,7 +1691,7 @@ * SDK level 28 makes the following algorithms mandatory : "cbc(aes)", "hmac(md5)", * SDK level 28 makes the following algorithms mandatory : "cbc(aes)", "hmac(md5)", "hmac(sha1)", "hmac(sha256)", "hmac(sha384)", "hmac(sha512)", "rfc4106(gcm(aes))" "hmac(sha1)", "hmac(sha256)", "hmac(sha384)", "hmac(sha512)", "rfc4106(gcm(aes))" * SDK level 31 makes the following algorithms mandatory : "rfc3686(ctr(aes))", * SDK level 31 makes the following algorithms mandatory : "rfc3686(ctr(aes))", "xcbc(aes)", "rfc7539esp(chacha20,poly1305)" "xcbc(aes)", "cmac(aes)", "rfc7539esp(chacha20,poly1305)" --> --> <string-array name="config_optionalIpSecAlgorithms" translatable="false"> <string-array name="config_optionalIpSecAlgorithms" translatable="false"> <!-- Add algorithm here --> <!-- Add algorithm here --> Loading tests/net/java/android/net/IpSecAlgorithmTest.java +1 −0 Original line number Original line Diff line number Diff line Loading @@ -129,6 +129,7 @@ public class IpSecAlgorithmTest { checkCryptKeyLenValidation(IpSecAlgorithm.CRYPT_AES_CTR, len); checkCryptKeyLenValidation(IpSecAlgorithm.CRYPT_AES_CTR, len); } } checkAuthKeyAndTruncLenValidation(IpSecAlgorithm.AUTH_AES_XCBC, 128, 96); checkAuthKeyAndTruncLenValidation(IpSecAlgorithm.AUTH_AES_XCBC, 128, 96); checkAuthKeyAndTruncLenValidation(IpSecAlgorithm.AUTH_AES_CMAC, 128, 96); checkAuthKeyAndTruncLenValidation(IpSecAlgorithm.AUTH_CRYPT_CHACHA20_POLY1305, 288, 128); checkAuthKeyAndTruncLenValidation(IpSecAlgorithm.AUTH_CRYPT_CHACHA20_POLY1305, 288, 128); } } Loading Loading
core/api/current.txt +1 −0 Original line number Original line Diff line number Diff line Loading @@ -24875,6 +24875,7 @@ package android.net { method @NonNull public static java.util.Set<java.lang.String> getSupportedAlgorithms(); method @NonNull public static java.util.Set<java.lang.String> getSupportedAlgorithms(); method public int getTruncationLengthBits(); method public int getTruncationLengthBits(); method public void writeToParcel(android.os.Parcel, int); method public void writeToParcel(android.os.Parcel, int); field public static final String AUTH_AES_CMAC = "cmac(aes)"; field public static final String AUTH_AES_XCBC = "xcbc(aes)"; field public static final String AUTH_AES_XCBC = "xcbc(aes)"; field public static final String AUTH_CRYPT_AES_GCM = "rfc4106(gcm(aes))"; field public static final String AUTH_CRYPT_AES_GCM = "rfc4106(gcm(aes))"; field public static final String AUTH_CRYPT_CHACHA20_POLY1305 = "rfc7539esp(chacha20,poly1305)"; field public static final String AUTH_CRYPT_CHACHA20_POLY1305 = "rfc7539esp(chacha20,poly1305)";
core/java/android/net/IpSecAlgorithm.java +26 −0 Original line number Original line Diff line number Diff line Loading @@ -145,6 +145,25 @@ public final class IpSecAlgorithm implements Parcelable { // to be available on devices first shipped with Android 12 or later. // to be available on devices first shipped with Android 12 or later. public static final String AUTH_AES_XCBC = "xcbc(aes)"; public static final String AUTH_AES_XCBC = "xcbc(aes)"; /** * AES-CMAC Authentication/Integrity Algorithm. * * <p>Keys for this algorithm must be 128 bits in length. * * <p>The only valid truncation length is 96 bits. * * <p>This algorithm may be available on the device. Caller MUST check if it is supported before * using it by calling {@link #getSupportedAlgorithms()} and checking if this algorithm is * included in the returned algorithm set. The returned algorithm set will not change unless the * device is rebooted. {@link IllegalArgumentException} will be thrown if this algorithm is * requested on an unsupported device. * * <p>@see {@link #getSupportedAlgorithms()} */ // This algorithm may be available on devices released before Android 12, and is guaranteed // to be available on devices first shipped with Android 12 or later. public static final String AUTH_AES_CMAC = "cmac(aes)"; /** /** * AES-GCM Authentication/Integrity + Encryption/Ciphering Algorithm. * AES-GCM Authentication/Integrity + Encryption/Ciphering Algorithm. * * Loading Loading @@ -191,6 +210,7 @@ public final class IpSecAlgorithm implements Parcelable { AUTH_HMAC_SHA384, AUTH_HMAC_SHA384, AUTH_HMAC_SHA512, AUTH_HMAC_SHA512, AUTH_AES_XCBC, AUTH_AES_XCBC, AUTH_AES_CMAC, AUTH_CRYPT_AES_GCM, AUTH_CRYPT_AES_GCM, AUTH_CRYPT_CHACHA20_POLY1305 AUTH_CRYPT_CHACHA20_POLY1305 }) }) Loading @@ -215,6 +235,7 @@ public final class IpSecAlgorithm implements Parcelable { // STOPSHIP: b/170424293 Use Build.VERSION_CODES.S when it is defined // STOPSHIP: b/170424293 Use Build.VERSION_CODES.S when it is defined ALGO_TO_REQUIRED_FIRST_SDK.put(CRYPT_AES_CTR, Build.VERSION_CODES.R + 1); ALGO_TO_REQUIRED_FIRST_SDK.put(CRYPT_AES_CTR, Build.VERSION_CODES.R + 1); ALGO_TO_REQUIRED_FIRST_SDK.put(AUTH_AES_XCBC, Build.VERSION_CODES.R + 1); ALGO_TO_REQUIRED_FIRST_SDK.put(AUTH_AES_XCBC, Build.VERSION_CODES.R + 1); ALGO_TO_REQUIRED_FIRST_SDK.put(AUTH_AES_CMAC, Build.VERSION_CODES.R + 1); ALGO_TO_REQUIRED_FIRST_SDK.put(AUTH_CRYPT_CHACHA20_POLY1305, Build.VERSION_CODES.R + 1); ALGO_TO_REQUIRED_FIRST_SDK.put(AUTH_CRYPT_CHACHA20_POLY1305, Build.VERSION_CODES.R + 1); } } Loading Loading @@ -383,6 +404,10 @@ public final class IpSecAlgorithm implements Parcelable { isValidLen = keyLen == 128; isValidLen = keyLen == 128; isValidTruncLen = truncLen == 96; isValidTruncLen = truncLen == 96; break; break; case AUTH_AES_CMAC: isValidLen = keyLen == 128; isValidTruncLen = truncLen == 96; break; case AUTH_CRYPT_AES_GCM: case AUTH_CRYPT_AES_GCM: // The keying material for GCM is a key plus a 32-bit salt // The keying material for GCM is a key plus a 32-bit salt isValidLen = keyLen == 128 + 32 || keyLen == 192 + 32 || keyLen == 256 + 32; isValidLen = keyLen == 128 + 32 || keyLen == 192 + 32 || keyLen == 256 + 32; Loading Loading @@ -416,6 +441,7 @@ public final class IpSecAlgorithm implements Parcelable { case AUTH_HMAC_SHA384: case AUTH_HMAC_SHA384: case AUTH_HMAC_SHA512: case AUTH_HMAC_SHA512: case AUTH_AES_XCBC: case AUTH_AES_XCBC: case AUTH_AES_CMAC: return true; return true; default: default: return false; return false; Loading
core/res/res/values/config.xml +1 −1 Original line number Original line Diff line number Diff line Loading @@ -1691,7 +1691,7 @@ * SDK level 28 makes the following algorithms mandatory : "cbc(aes)", "hmac(md5)", * SDK level 28 makes the following algorithms mandatory : "cbc(aes)", "hmac(md5)", "hmac(sha1)", "hmac(sha256)", "hmac(sha384)", "hmac(sha512)", "rfc4106(gcm(aes))" "hmac(sha1)", "hmac(sha256)", "hmac(sha384)", "hmac(sha512)", "rfc4106(gcm(aes))" * SDK level 31 makes the following algorithms mandatory : "rfc3686(ctr(aes))", * SDK level 31 makes the following algorithms mandatory : "rfc3686(ctr(aes))", "xcbc(aes)", "rfc7539esp(chacha20,poly1305)" "xcbc(aes)", "cmac(aes)", "rfc7539esp(chacha20,poly1305)" --> --> <string-array name="config_optionalIpSecAlgorithms" translatable="false"> <string-array name="config_optionalIpSecAlgorithms" translatable="false"> <!-- Add algorithm here --> <!-- Add algorithm here --> Loading
tests/net/java/android/net/IpSecAlgorithmTest.java +1 −0 Original line number Original line Diff line number Diff line Loading @@ -129,6 +129,7 @@ public class IpSecAlgorithmTest { checkCryptKeyLenValidation(IpSecAlgorithm.CRYPT_AES_CTR, len); checkCryptKeyLenValidation(IpSecAlgorithm.CRYPT_AES_CTR, len); } } checkAuthKeyAndTruncLenValidation(IpSecAlgorithm.AUTH_AES_XCBC, 128, 96); checkAuthKeyAndTruncLenValidation(IpSecAlgorithm.AUTH_AES_XCBC, 128, 96); checkAuthKeyAndTruncLenValidation(IpSecAlgorithm.AUTH_AES_CMAC, 128, 96); checkAuthKeyAndTruncLenValidation(IpSecAlgorithm.AUTH_CRYPT_CHACHA20_POLY1305, 288, 128); checkAuthKeyAndTruncLenValidation(IpSecAlgorithm.AUTH_CRYPT_CHACHA20_POLY1305, 288, 128); } } Loading
