Added in API level 28

IpSecAlgorithm


class IpSecAlgorithm : Parcelable
kotlin.Any
   ↳ android.net.IpSecAlgorithm

This class represents a single algorithm that can be used by an IpSecTransform.

Summary

Constants
static String

AES-CMAC Authentication/Integrity Algorithm.

static String

AES-XCBC Authentication/Integrity Algorithm.

static String

AES-GCM Authentication/Integrity + Encryption/Ciphering Algorithm.

static String

ChaCha20-Poly1305 Authentication/Integrity + Encryption/Ciphering Algorithm.

static String

MD5 HMAC Authentication/Integrity Algorithm.

static String

SHA1 HMAC Authentication/Integrity Algorithm.

static String

SHA256 HMAC Authentication/Integrity Algorithm.

static String

SHA384 HMAC Authentication/Integrity Algorithm.

static String

SHA512 HMAC Authentication/Integrity Algorithm.

static String

AES-CBC Encryption/Ciphering Algorithm.

static String

AES-CTR Encryption/Ciphering Algorithm.

Inherited constants
Public constructors
IpSecAlgorithm(algorithm: String, key: ByteArray)

Creates an IpSecAlgorithm of one of the supported types.

IpSecAlgorithm(algorithm: String, key: ByteArray, truncLenBits: Int)

Creates an IpSecAlgorithm of one of the supported types.

Public methods
Int

Parcelable Implementation

ByteArray

Get the key for this algorithm

String

Get the algorithm name

static MutableSet<String!>

Returns supported IPsec algorithms for the current device.

Int

Get the truncation length of this algorithm, in bits

String

Returns a string representation of the object.

Unit
writeToParcel(out: Parcel, flags: Int)

Write to parcel

Properties
static Parcelable.Creator<IpSecAlgorithm!>

Parcelable Creator

Constants

AUTH_AES_CMAC

Added in API level 31
static val AUTH_AES_CMAC: String

AES-CMAC Authentication/Integrity Algorithm.

Keys for this algorithm must be 128 bits in length.

The only valid truncation length is 96 bits.

This algorithm may be available on the device. Caller MUST check if it is supported before using it by calling getSupportedAlgorithms() and checking if this algorithm is included in the returned algorithm set. The returned algorithm set will not change unless the device is rebooted. IllegalArgumentException will be thrown if this algorithm is requested on an unsupported device.

@see getSupportedAlgorithms()

Value: "cmac(aes)"

AUTH_AES_XCBC

Added in API level 31
static val AUTH_AES_XCBC: String

AES-XCBC Authentication/Integrity Algorithm.

Keys for this algorithm must be 128 bits in length.

The only valid truncation length is 96 bits.

This algorithm may be available on the device. Caller MUST check if it is supported before using it by calling getSupportedAlgorithms() and checking if this algorithm is included in the returned algorithm set. The returned algorithm set will not change unless the device is rebooted. IllegalArgumentException will be thrown if this algorithm is requested on an unsupported device.

@see getSupportedAlgorithms()

Value: "xcbc(aes)"

AUTH_CRYPT_AES_GCM

Added in API level 28
static val AUTH_CRYPT_AES_GCM: String

AES-GCM Authentication/Integrity + Encryption/Ciphering Algorithm.

Valid lengths for keying material are {160, 224, 288}.

As per RFC4106 (Section 8.1), keying material consists of a 128, 192, or 256 bit AES key followed by a 32-bit salt. RFC compliance requires that the salt must be unique per invocation with the same key.

Valid ICV (truncation) lengths are {64, 96, 128}.

Value: "rfc4106(gcm(aes))"

AUTH_CRYPT_CHACHA20_POLY1305

Added in API level 31
static val AUTH_CRYPT_CHACHA20_POLY1305: String

ChaCha20-Poly1305 Authentication/Integrity + Encryption/Ciphering Algorithm.

Keys for this algorithm must be 288 bits in length.

As per RFC7634 (Section 2), keying material consists of a 256 bit key followed by a 32-bit salt. The salt is fixed per security association.

The only valid ICV (truncation) length is 128 bits.

This algorithm may be available on the device. Caller MUST check if it is supported before using it by calling getSupportedAlgorithms() and checking if this algorithm is included in the returned algorithm set. The returned algorithm set will not change unless the device is rebooted. IllegalArgumentException will be thrown if this algorithm is requested on an unsupported device.

@see getSupportedAlgorithms()

Value: "rfc7539esp(chacha20,poly1305)"

AUTH_HMAC_MD5

Added in API level 28
static val AUTH_HMAC_MD5: String

MD5 HMAC Authentication/Integrity Algorithm. This algorithm is not recommended for use in new applications and is provided for legacy compatibility with 3gpp infrastructure.

Keys for this algorithm must be 128 bits in length.

Valid truncation lengths are multiples of 8 bits from 96 to 128.

Value: "hmac(md5)"

AUTH_HMAC_SHA1

Added in API level 28
static val AUTH_HMAC_SHA1: String

SHA1 HMAC Authentication/Integrity Algorithm. This algorithm is not recommended for use in new applications and is provided for legacy compatibility with 3gpp infrastructure.

Keys for this algorithm must be 160 bits in length.

Valid truncation lengths are multiples of 8 bits from 96 to 160.

Value: "hmac(sha1)"

AUTH_HMAC_SHA256

Added in API level 28
static val AUTH_HMAC_SHA256: String

SHA256 HMAC Authentication/Integrity Algorithm.

Keys for this algorithm must be 256 bits in length.

Valid truncation lengths are multiples of 8 bits from 96 to 256.

Value: "hmac(sha256)"

AUTH_HMAC_SHA384

Added in API level 28
static val AUTH_HMAC_SHA384: String

SHA384 HMAC Authentication/Integrity Algorithm.

Keys for this algorithm must be 384 bits in length.

Valid truncation lengths are multiples of 8 bits from 192 to 384.

Value: "hmac(sha384)"

AUTH_HMAC_SHA512

Added in API level 28
static val AUTH_HMAC_SHA512: String

SHA512 HMAC Authentication/Integrity Algorithm.

Keys for this algorithm must be 512 bits in length.

Valid truncation lengths are multiples of 8 bits from 256 to 512.

Value: "hmac(sha512)"

CRYPT_AES_CBC

Added in API level 28
static val CRYPT_AES_CBC: String

AES-CBC Encryption/Ciphering Algorithm.

Valid lengths for this key are {128, 192, 256}.

Value: "cbc(aes)"

CRYPT_AES_CTR

Added in API level 31
static val CRYPT_AES_CTR: String

AES-CTR Encryption/Ciphering Algorithm.

Valid lengths for keying material are {160, 224, 288}.

As per RFC3686 (Section 5.1), keying material consists of a 128, 192, or 256 bit AES key followed by a 32-bit nonce. RFC compliance requires that the nonce must be unique per security association.

This algorithm may be available on the device. Caller MUST check if it is supported before using it by calling getSupportedAlgorithms() and checking if this algorithm is included in the returned algorithm set. The returned algorithm set will not change unless the device is rebooted. IllegalArgumentException will be thrown if this algorithm is requested on an unsupported device.

@see getSupportedAlgorithms()

Value: "rfc3686(ctr(aes))"

Public constructors

IpSecAlgorithm

Added in API level 28
IpSecAlgorithm(
    algorithm: String,
    key: ByteArray)

Creates an IpSecAlgorithm of one of the supported types. Supported algorithm names are defined as constants in this class.

For algorithms that produce an integrity check value, the truncation length is a required parameter. See IpSecAlgorithm(java.lang.String,byte[] key,int truncLenBits)

Parameters
algorithm String: name of the algorithm. This value cannot be null. Value is android.net.IpSecAlgorithm#CRYPT_AES_CBC, android.net.IpSecAlgorithm#CRYPT_AES_CTR, android.net.IpSecAlgorithm#AUTH_HMAC_MD5, android.net.IpSecAlgorithm#AUTH_HMAC_SHA1, android.net.IpSecAlgorithm#AUTH_HMAC_SHA256, android.net.IpSecAlgorithm#AUTH_HMAC_SHA384, android.net.IpSecAlgorithm#AUTH_HMAC_SHA512, android.net.IpSecAlgorithm#AUTH_AES_XCBC, android.net.IpSecAlgorithm#AUTH_AES_CMAC, android.net.IpSecAlgorithm#AUTH_CRYPT_AES_GCM, or android.net.IpSecAlgorithm#AUTH_CRYPT_CHACHA20_POLY1305
key ByteArray: key padded to a multiple of 8 bits. This value cannot be null.
Exceptions
java.lang.IllegalArgumentException if algorithm or key length is invalid.

IpSecAlgorithm

Added in API level 28
IpSecAlgorithm(
    algorithm: String,
    key: ByteArray,
    truncLenBits: Int)

Creates an IpSecAlgorithm of one of the supported types. Supported algorithm names are defined as constants in this class.

This constructor only supports algorithms that use a truncation length. i.e. Authentication and Authenticated Encryption algorithms.

Parameters
algorithm String: name of the algorithm. This value cannot be null. Value is android.net.IpSecAlgorithm#CRYPT_AES_CBC, android.net.IpSecAlgorithm#CRYPT_AES_CTR, android.net.IpSecAlgorithm#AUTH_HMAC_MD5, android.net.IpSecAlgorithm#AUTH_HMAC_SHA1, android.net.IpSecAlgorithm#AUTH_HMAC_SHA256, android.net.IpSecAlgorithm#AUTH_HMAC_SHA384, android.net.IpSecAlgorithm#AUTH_HMAC_SHA512, android.net.IpSecAlgorithm#AUTH_AES_XCBC, android.net.IpSecAlgorithm#AUTH_AES_CMAC, android.net.IpSecAlgorithm#AUTH_CRYPT_AES_GCM, or android.net.IpSecAlgorithm#AUTH_CRYPT_CHACHA20_POLY1305
key ByteArray: key padded to a multiple of 8 bits. This value cannot be null.
truncLenBits Int: number of bits of output hash to use.
Exceptions
java.lang.IllegalArgumentException if algorithm, key length or truncation length is invalid.

Public methods

describeContents

Added in API level 28
fun describeContents(): Int

Parcelable Implementation

Return
Int a bitmask indicating the set of special object types marshaled by this Parcelable object instance. Value is either 0 or android.os.Parcelable#CONTENTS_FILE_DESCRIPTOR

getKey

Added in API level 28
fun getKey(): ByteArray

Get the key for this algorithm

Return
ByteArray This value cannot be null.

getName

Added in API level 28
fun getName(): String

Get the algorithm name

Return
String This value cannot be null.

getSupportedAlgorithms

Added in API level 31
static fun getSupportedAlgorithms(): MutableSet<String!>

Returns supported IPsec algorithms for the current device.

Some algorithms may not be supported on old devices. Callers MUST check if an algorithm is supported before using it.

Return
MutableSet<String!> This value cannot be null.

getTruncationLengthBits

Added in API level 28
fun getTruncationLengthBits(): Int

Get the truncation length of this algorithm, in bits

toString

Added in API level 28
fun toString(): String

Returns a string representation of the object.

Return
String This value cannot be null.

writeToParcel

Added in API level 28
fun writeToParcel(
    out: Parcel,
    flags: Int
): Unit

Write to parcel

Parameters
dest The Parcel in which the object should be written. This value cannot be null.
flags Int: Additional flags about how the object should be written. May be 0 or PARCELABLE_WRITE_RETURN_VALUE. Value is either 0 or a combination of android.os.Parcelable#PARCELABLE_WRITE_RETURN_VALUE, and android.os.Parcelable.PARCELABLE_ELIDE_DUPLICATES

Properties

CREATOR

Added in API level 28
static val CREATOR: Parcelable.Creator<IpSecAlgorithm!>

Parcelable Creator