Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2017 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | package android.net; |
| 17 | |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 18 | import android.annotation.NonNull; |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 19 | import android.annotation.StringDef; |
ludi | b0c95b1 | 2017-05-22 10:52:23 -0700 | [diff] [blame] | 20 | import android.os.Build; |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 21 | import android.os.Parcel; |
| 22 | import android.os.Parcelable; |
Nathan Harold | b728217 | 2017-09-11 19:50:19 -0700 | [diff] [blame] | 23 | |
Nathan Harold | 3349b26 | 2017-11-09 16:49:33 -0800 | [diff] [blame] | 24 | import com.android.internal.annotations.VisibleForTesting; |
ludi | b0c95b1 | 2017-05-22 10:52:23 -0700 | [diff] [blame] | 25 | import com.android.internal.util.HexDump; |
Nathan Harold | b728217 | 2017-09-11 19:50:19 -0700 | [diff] [blame] | 26 | |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 27 | import java.lang.annotation.Retention; |
| 28 | import java.lang.annotation.RetentionPolicy; |
Nathan Harold | 19ce70b | 2017-09-25 19:33:13 -0700 | [diff] [blame] | 29 | import java.util.Arrays; |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 30 | |
| 31 | /** |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 32 | * This class represents a single algorithm that can be used by an {@link IpSecTransform}. |
| 33 | * |
| 34 | * @see <a href="https://tools.ietf.org/html/rfc4301">RFC 4301, Security Architecture for the |
| 35 | * Internet Protocol</a> |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 36 | */ |
| 37 | public final class IpSecAlgorithm implements Parcelable { |
Nathan Harold | 3349b26 | 2017-11-09 16:49:33 -0800 | [diff] [blame] | 38 | private static final String TAG = "IpSecAlgorithm"; |
| 39 | |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 40 | /** |
Benedict Wong | bf013a3 | 2018-03-15 19:41:41 -0700 | [diff] [blame] | 41 | * Null cipher. |
| 42 | * |
| 43 | * @hide |
| 44 | */ |
| 45 | public static final String CRYPT_NULL = "ecb(cipher_null)"; |
| 46 | |
| 47 | /** |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 48 | * AES-CBC Encryption/Ciphering Algorithm. |
| 49 | * |
| 50 | * <p>Valid lengths for this key are {128, 192, 256}. |
| 51 | */ |
Nathan Harold | 6045429 | 2017-04-06 18:16:28 -0700 | [diff] [blame] | 52 | public static final String CRYPT_AES_CBC = "cbc(aes)"; |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 53 | |
| 54 | /** |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 55 | * MD5 HMAC Authentication/Integrity Algorithm. <b>This algorithm is not recommended for use in |
| 56 | * new applications and is provided for legacy compatibility with 3gpp infrastructure.</b> |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 57 | * |
Nathan Harold | 3349b26 | 2017-11-09 16:49:33 -0800 | [diff] [blame] | 58 | * <p>Keys for this algorithm must be 128 bits in length. |
Benedict Wong | bb7f282 | 2018-03-28 13:10:40 -0700 | [diff] [blame] | 59 | * |
| 60 | * <p>Valid truncation lengths are multiples of 8 bits from 96 to 128. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 61 | */ |
Nathan Harold | 6045429 | 2017-04-06 18:16:28 -0700 | [diff] [blame] | 62 | public static final String AUTH_HMAC_MD5 = "hmac(md5)"; |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 63 | |
| 64 | /** |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 65 | * SHA1 HMAC Authentication/Integrity Algorithm. <b>This algorithm is not recommended for use in |
| 66 | * new applications and is provided for legacy compatibility with 3gpp infrastructure.</b> |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 67 | * |
Nathan Harold | 3349b26 | 2017-11-09 16:49:33 -0800 | [diff] [blame] | 68 | * <p>Keys for this algorithm must be 160 bits in length. |
Benedict Wong | bb7f282 | 2018-03-28 13:10:40 -0700 | [diff] [blame] | 69 | * |
| 70 | * <p>Valid truncation lengths are multiples of 8 bits from 96 to 160. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 71 | */ |
Nathan Harold | 6045429 | 2017-04-06 18:16:28 -0700 | [diff] [blame] | 72 | public static final String AUTH_HMAC_SHA1 = "hmac(sha1)"; |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 73 | |
| 74 | /** |
| 75 | * SHA256 HMAC Authentication/Integrity Algorithm. |
| 76 | * |
Nathan Harold | 3349b26 | 2017-11-09 16:49:33 -0800 | [diff] [blame] | 77 | * <p>Keys for this algorithm must be 256 bits in length. |
Benedict Wong | bb7f282 | 2018-03-28 13:10:40 -0700 | [diff] [blame] | 78 | * |
| 79 | * <p>Valid truncation lengths are multiples of 8 bits from 96 to 256. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 80 | */ |
Nathan Harold | 6045429 | 2017-04-06 18:16:28 -0700 | [diff] [blame] | 81 | public static final String AUTH_HMAC_SHA256 = "hmac(sha256)"; |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 82 | |
| 83 | /** |
| 84 | * SHA384 HMAC Authentication/Integrity Algorithm. |
| 85 | * |
Nathan Harold | 3349b26 | 2017-11-09 16:49:33 -0800 | [diff] [blame] | 86 | * <p>Keys for this algorithm must be 384 bits in length. |
Benedict Wong | bb7f282 | 2018-03-28 13:10:40 -0700 | [diff] [blame] | 87 | * |
| 88 | * <p>Valid truncation lengths are multiples of 8 bits from 192 to 384. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 89 | */ |
Nathan Harold | 6045429 | 2017-04-06 18:16:28 -0700 | [diff] [blame] | 90 | public static final String AUTH_HMAC_SHA384 = "hmac(sha384)"; |
Benedict Wong | 0febe5e | 2017-08-22 21:42:33 -0700 | [diff] [blame] | 91 | |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 92 | /** |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 93 | * SHA512 HMAC Authentication/Integrity Algorithm. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 94 | * |
Nathan Harold | 3349b26 | 2017-11-09 16:49:33 -0800 | [diff] [blame] | 95 | * <p>Keys for this algorithm must be 512 bits in length. |
Benedict Wong | bb7f282 | 2018-03-28 13:10:40 -0700 | [diff] [blame] | 96 | * |
| 97 | * <p>Valid truncation lengths are multiples of 8 bits from 256 to 512. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 98 | */ |
Nathan Harold | 6045429 | 2017-04-06 18:16:28 -0700 | [diff] [blame] | 99 | public static final String AUTH_HMAC_SHA512 = "hmac(sha512)"; |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 100 | |
Benedict Wong | 0febe5e | 2017-08-22 21:42:33 -0700 | [diff] [blame] | 101 | /** |
| 102 | * AES-GCM Authentication/Integrity + Encryption/Ciphering Algorithm. |
| 103 | * |
Benedict Wong | 4ebc2c5 | 2017-11-01 17:14:25 -0700 | [diff] [blame] | 104 | * <p>Valid lengths for keying material are {160, 224, 288}. |
| 105 | * |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 106 | * <p>As per <a href="https://tools.ietf.org/html/rfc4106#section-8.1">RFC4106 (Section |
| 107 | * 8.1)</a>, keying material consists of a 128, 192, or 256 bit AES key followed by a 32-bit |
| 108 | * salt. RFC compliance requires that the salt must be unique per invocation with the same key. |
Benedict Wong | 0febe5e | 2017-08-22 21:42:33 -0700 | [diff] [blame] | 109 | * |
| 110 | * <p>Valid ICV (truncation) lengths are {64, 96, 128}. |
| 111 | */ |
| 112 | public static final String AUTH_CRYPT_AES_GCM = "rfc4106(gcm(aes))"; |
| 113 | |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 114 | /** @hide */ |
Benedict Wong | 0febe5e | 2017-08-22 21:42:33 -0700 | [diff] [blame] | 115 | @StringDef({ |
| 116 | CRYPT_AES_CBC, |
| 117 | AUTH_HMAC_MD5, |
| 118 | AUTH_HMAC_SHA1, |
| 119 | AUTH_HMAC_SHA256, |
Benedict Wong | bb7f282 | 2018-03-28 13:10:40 -0700 | [diff] [blame] | 120 | AUTH_HMAC_SHA384, |
Benedict Wong | 0febe5e | 2017-08-22 21:42:33 -0700 | [diff] [blame] | 121 | AUTH_HMAC_SHA512, |
| 122 | AUTH_CRYPT_AES_GCM |
| 123 | }) |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 124 | @Retention(RetentionPolicy.SOURCE) |
| 125 | public @interface AlgorithmName {} |
| 126 | |
| 127 | private final String mName; |
| 128 | private final byte[] mKey; |
| 129 | private final int mTruncLenBits; |
| 130 | |
| 131 | /** |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 132 | * Creates an IpSecAlgorithm of one of the supported types. Supported algorithm names are |
| 133 | * defined as constants in this class. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 134 | * |
Benedict Wong | bb7f282 | 2018-03-28 13:10:40 -0700 | [diff] [blame] | 135 | * <p>For algorithms that produce an integrity check value, the truncation length is a required |
| 136 | * parameter. See {@link #IpSecAlgorithm(String algorithm, byte[] key, int truncLenBits)} |
| 137 | * |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 138 | * @param algorithm name of the algorithm. |
| 139 | * @param key key padded to a multiple of 8 bits. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 140 | */ |
Nathan Harold | 8fd26f6 | 2018-03-16 17:27:30 -0700 | [diff] [blame] | 141 | public IpSecAlgorithm(@NonNull @AlgorithmName String algorithm, @NonNull byte[] key) { |
Benedict Wong | bb7f282 | 2018-03-28 13:10:40 -0700 | [diff] [blame] | 142 | this(algorithm, key, 0); |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 143 | } |
| 144 | |
| 145 | /** |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 146 | * Creates an IpSecAlgorithm of one of the supported types. Supported algorithm names are |
| 147 | * defined as constants in this class. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 148 | * |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 149 | * <p>This constructor only supports algorithms that use a truncation length. i.e. |
| 150 | * Authentication and Authenticated Encryption algorithms. |
| 151 | * |
| 152 | * @param algorithm name of the algorithm. |
| 153 | * @param key key padded to a multiple of 8 bits. |
| 154 | * @param truncLenBits number of bits of output hash to use. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 155 | */ |
Nathan Harold | 8fd26f6 | 2018-03-16 17:27:30 -0700 | [diff] [blame] | 156 | public IpSecAlgorithm( |
| 157 | @NonNull @AlgorithmName String algorithm, @NonNull byte[] key, int truncLenBits) { |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 158 | mName = algorithm; |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 159 | mKey = key.clone(); |
Nathan Harold | 3349b26 | 2017-11-09 16:49:33 -0800 | [diff] [blame] | 160 | mTruncLenBits = truncLenBits; |
| 161 | checkValidOrThrow(mName, mKey.length * 8, mTruncLenBits); |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 162 | } |
| 163 | |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 164 | /** Get the algorithm name */ |
Nathan Harold | 8fd26f6 | 2018-03-16 17:27:30 -0700 | [diff] [blame] | 165 | @NonNull |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 166 | public String getName() { |
| 167 | return mName; |
| 168 | } |
| 169 | |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 170 | /** Get the key for this algorithm */ |
Nathan Harold | 8fd26f6 | 2018-03-16 17:27:30 -0700 | [diff] [blame] | 171 | @NonNull |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 172 | public byte[] getKey() { |
| 173 | return mKey.clone(); |
| 174 | } |
| 175 | |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 176 | /** Get the truncation length of this algorithm, in bits */ |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 177 | public int getTruncationLengthBits() { |
| 178 | return mTruncLenBits; |
| 179 | } |
| 180 | |
| 181 | /* Parcelable Implementation */ |
| 182 | public int describeContents() { |
| 183 | return 0; |
| 184 | } |
| 185 | |
| 186 | /** Write to parcel */ |
| 187 | public void writeToParcel(Parcel out, int flags) { |
| 188 | out.writeString(mName); |
| 189 | out.writeByteArray(mKey); |
| 190 | out.writeInt(mTruncLenBits); |
| 191 | } |
| 192 | |
| 193 | /** Parcelable Creator */ |
Jeff Sharkey | 9e8f83d | 2019-02-28 12:06:45 -0700 | [diff] [blame] | 194 | public static final @android.annotation.NonNull Parcelable.Creator<IpSecAlgorithm> CREATOR = |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 195 | new Parcelable.Creator<IpSecAlgorithm>() { |
| 196 | public IpSecAlgorithm createFromParcel(Parcel in) { |
Nathan Harold | 3349b26 | 2017-11-09 16:49:33 -0800 | [diff] [blame] | 197 | final String name = in.readString(); |
| 198 | final byte[] key = in.createByteArray(); |
| 199 | final int truncLenBits = in.readInt(); |
| 200 | |
| 201 | return new IpSecAlgorithm(name, key, truncLenBits); |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 202 | } |
| 203 | |
| 204 | public IpSecAlgorithm[] newArray(int size) { |
| 205 | return new IpSecAlgorithm[size]; |
| 206 | } |
| 207 | }; |
| 208 | |
Nathan Harold | 3349b26 | 2017-11-09 16:49:33 -0800 | [diff] [blame] | 209 | private static void checkValidOrThrow(String name, int keyLen, int truncLen) { |
| 210 | boolean isValidLen = true; |
| 211 | boolean isValidTruncLen = true; |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 212 | |
Nathan Harold | 3349b26 | 2017-11-09 16:49:33 -0800 | [diff] [blame] | 213 | switch(name) { |
Nathan Harold | 6045429 | 2017-04-06 18:16:28 -0700 | [diff] [blame] | 214 | case CRYPT_AES_CBC: |
Nathan Harold | 3349b26 | 2017-11-09 16:49:33 -0800 | [diff] [blame] | 215 | isValidLen = keyLen == 128 || keyLen == 192 || keyLen == 256; |
| 216 | break; |
Nathan Harold | 6045429 | 2017-04-06 18:16:28 -0700 | [diff] [blame] | 217 | case AUTH_HMAC_MD5: |
Nathan Harold | 3349b26 | 2017-11-09 16:49:33 -0800 | [diff] [blame] | 218 | isValidLen = keyLen == 128; |
| 219 | isValidTruncLen = truncLen >= 96 && truncLen <= 128; |
| 220 | break; |
Nathan Harold | 6045429 | 2017-04-06 18:16:28 -0700 | [diff] [blame] | 221 | case AUTH_HMAC_SHA1: |
Nathan Harold | 3349b26 | 2017-11-09 16:49:33 -0800 | [diff] [blame] | 222 | isValidLen = keyLen == 160; |
| 223 | isValidTruncLen = truncLen >= 96 && truncLen <= 160; |
| 224 | break; |
Nathan Harold | 6045429 | 2017-04-06 18:16:28 -0700 | [diff] [blame] | 225 | case AUTH_HMAC_SHA256: |
Nathan Harold | 3349b26 | 2017-11-09 16:49:33 -0800 | [diff] [blame] | 226 | isValidLen = keyLen == 256; |
| 227 | isValidTruncLen = truncLen >= 96 && truncLen <= 256; |
| 228 | break; |
Nathan Harold | 6045429 | 2017-04-06 18:16:28 -0700 | [diff] [blame] | 229 | case AUTH_HMAC_SHA384: |
Nathan Harold | 3349b26 | 2017-11-09 16:49:33 -0800 | [diff] [blame] | 230 | isValidLen = keyLen == 384; |
| 231 | isValidTruncLen = truncLen >= 192 && truncLen <= 384; |
| 232 | break; |
Nathan Harold | 6045429 | 2017-04-06 18:16:28 -0700 | [diff] [blame] | 233 | case AUTH_HMAC_SHA512: |
Nathan Harold | 3349b26 | 2017-11-09 16:49:33 -0800 | [diff] [blame] | 234 | isValidLen = keyLen == 512; |
| 235 | isValidTruncLen = truncLen >= 256 && truncLen <= 512; |
| 236 | break; |
Benedict Wong | 0febe5e | 2017-08-22 21:42:33 -0700 | [diff] [blame] | 237 | case AUTH_CRYPT_AES_GCM: |
Nathan Harold | 3349b26 | 2017-11-09 16:49:33 -0800 | [diff] [blame] | 238 | // The keying material for GCM is a key plus a 32-bit salt |
| 239 | isValidLen = keyLen == 128 + 32 || keyLen == 192 + 32 || keyLen == 256 + 32; |
Benedict Wong | bb7f282 | 2018-03-28 13:10:40 -0700 | [diff] [blame] | 240 | isValidTruncLen = truncLen == 64 || truncLen == 96 || truncLen == 128; |
Nathan Harold | 3349b26 | 2017-11-09 16:49:33 -0800 | [diff] [blame] | 241 | break; |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 242 | default: |
Nathan Harold | 3349b26 | 2017-11-09 16:49:33 -0800 | [diff] [blame] | 243 | throw new IllegalArgumentException("Couldn't find an algorithm: " + name); |
| 244 | } |
| 245 | |
| 246 | if (!isValidLen) { |
| 247 | throw new IllegalArgumentException("Invalid key material keyLength: " + keyLen); |
| 248 | } |
| 249 | if (!isValidTruncLen) { |
| 250 | throw new IllegalArgumentException("Invalid truncation keyLength: " + truncLen); |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 251 | } |
| 252 | } |
ludi | b0c95b1 | 2017-05-22 10:52:23 -0700 | [diff] [blame] | 253 | |
Benedict Wong | 4f25570 | 2017-11-06 20:49:10 -0800 | [diff] [blame] | 254 | /** @hide */ |
| 255 | public boolean isAuthentication() { |
| 256 | switch (getName()) { |
| 257 | // Fallthrough |
| 258 | case AUTH_HMAC_MD5: |
| 259 | case AUTH_HMAC_SHA1: |
| 260 | case AUTH_HMAC_SHA256: |
| 261 | case AUTH_HMAC_SHA384: |
| 262 | case AUTH_HMAC_SHA512: |
| 263 | return true; |
| 264 | default: |
| 265 | return false; |
| 266 | } |
| 267 | } |
| 268 | |
| 269 | /** @hide */ |
| 270 | public boolean isEncryption() { |
| 271 | return getName().equals(CRYPT_AES_CBC); |
| 272 | } |
| 273 | |
| 274 | /** @hide */ |
| 275 | public boolean isAead() { |
| 276 | return getName().equals(AUTH_CRYPT_AES_GCM); |
| 277 | } |
| 278 | |
Nathan Harold | a252331 | 2018-01-05 19:25:13 -0800 | [diff] [blame] | 279 | // Because encryption keys are sensitive and userdebug builds are used by large user pools |
| 280 | // such as beta testers, we only allow sensitive info such as keys on eng builds. |
| 281 | private static boolean isUnsafeBuild() { |
| 282 | return Build.IS_DEBUGGABLE && Build.IS_ENG; |
| 283 | } |
| 284 | |
ludi | b0c95b1 | 2017-05-22 10:52:23 -0700 | [diff] [blame] | 285 | @Override |
Nathan Harold | 8fd26f6 | 2018-03-16 17:27:30 -0700 | [diff] [blame] | 286 | @NonNull |
ludi | b0c95b1 | 2017-05-22 10:52:23 -0700 | [diff] [blame] | 287 | public String toString() { |
| 288 | return new StringBuilder() |
| 289 | .append("{mName=") |
| 290 | .append(mName) |
| 291 | .append(", mKey=") |
Nathan Harold | a252331 | 2018-01-05 19:25:13 -0800 | [diff] [blame] | 292 | .append(isUnsafeBuild() ? HexDump.toHexString(mKey) : "<hidden>") |
ludi | b0c95b1 | 2017-05-22 10:52:23 -0700 | [diff] [blame] | 293 | .append(", mTruncLenBits=") |
| 294 | .append(mTruncLenBits) |
| 295 | .append("}") |
| 296 | .toString(); |
| 297 | } |
Nathan Harold | 19ce70b | 2017-09-25 19:33:13 -0700 | [diff] [blame] | 298 | |
Nathan Harold | 3349b26 | 2017-11-09 16:49:33 -0800 | [diff] [blame] | 299 | /** @hide */ |
| 300 | @VisibleForTesting |
| 301 | public static boolean equals(IpSecAlgorithm lhs, IpSecAlgorithm rhs) { |
Nathan Harold | 19ce70b | 2017-09-25 19:33:13 -0700 | [diff] [blame] | 302 | if (lhs == null || rhs == null) return (lhs == rhs); |
| 303 | return (lhs.mName.equals(rhs.mName) |
| 304 | && Arrays.equals(lhs.mKey, rhs.mKey) |
| 305 | && lhs.mTruncLenBits == rhs.mTruncLenBits); |
| 306 | } |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 307 | }; |