summaryrefslogtreecommitdiff
path: root/telephony/java/android/telephony/gba/TlsParams.java
diff options
context:
space:
mode:
Diffstat (limited to 'telephony/java/android/telephony/gba/TlsParams.java')
-rw-r--r--telephony/java/android/telephony/gba/TlsParams.java281
1 files changed, 281 insertions, 0 deletions
diff --git a/telephony/java/android/telephony/gba/TlsParams.java b/telephony/java/android/telephony/gba/TlsParams.java
new file mode 100644
index 000000000000..922f4bbb4dbf
--- /dev/null
+++ b/telephony/java/android/telephony/gba/TlsParams.java
@@ -0,0 +1,281 @@
+/*
+ * Copyright 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.telephony.gba;
+
+import android.annotation.IntDef;
+import android.annotation.SystemApi;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.util.Arrays;
+
+/**
+ * Defines the TLS parameters for GBA as per IANA and TS 33.210, which are used
+ * by some UA security protocol identifiers defined in 3GPP TS 33.220 Annex H,
+ * and 3GPP TS 33.222.
+ *
+ * @hide
+ */
+@SystemApi
+public class TlsParams {
+
+ private TlsParams() {}
+
+ /**
+ * TLS protocol version supported by GBA
+ */
+ public static final int PROTOCOL_VERSION_TLS_1_2 = 0x0303;
+ public static final int PROTOCOL_VERSION_TLS_1_3 = 0x0304;
+
+ /**
+ * TLS cipher suites are used to create {@link UaSecurityProtocolIdentifier}
+ * by {@link UaSecurityProtocolIdentifier#create3GppUaSpId}
+ *
+ * @hide
+ */
+ @Retention(RetentionPolicy.SOURCE)
+ @IntDef(
+ prefix = {"TLS_"},
+ value = {
+ TLS_NULL_WITH_NULL_NULL,
+ TLS_RSA_WITH_NULL_MD5,
+ TLS_RSA_WITH_NULL_SHA,
+ TLS_RSA_WITH_RC4_128_MD5,
+ TLS_RSA_WITH_RC4_128_SHA,
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,
+ TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
+ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_DH_ANON_WITH_RC4_128_MD5,
+ TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA,
+ TLS_RSA_WITH_AES_128_CBC_SHA,
+ TLS_DH_DSS_WITH_AES_128_CBC_SHA,
+ TLS_DH_RSA_WITH_AES_128_CBC_SHA,
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+ TLS_DH_ANON_WITH_AES_128_CBC_SHA,
+ TLS_RSA_WITH_AES_256_CBC_SHA,
+ TLS_DH_DSS_WITH_AES_256_CBC_SHA,
+ TLS_DH_RSA_WITH_AES_256_CBC_SHA,
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
+ TLS_DH_ANON_WITH_AES_256_CBC_SHA,
+ TLS_RSA_WITH_NULL_SHA256,
+ TLS_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_RSA_WITH_AES_256_CBC_SHA256,
+ TLS_DH_DSS_WITH_AES_128_CBC_SHA256,
+ TLS_DH_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_DH_DSS_WITH_AES_256_CBC_SHA256,
+ TLS_DH_RSA_WITH_AES_256_CBC_SHA256,
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
+ TLS_DH_ANON_WITH_AES_128_CBC_SHA256,
+ TLS_DH_ANON_WITH_AES_256_CBC_SHA256,
+ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
+ TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
+ TLS_AES_128_GCM_SHA256,
+ TLS_AES_256_GCM_SHA384,
+ TLS_CHACHA20_POLY1305_SHA256,
+ TLS_AES_128_CCM_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_DHE_RSA_WITH_AES_128_CCM,
+ TLS_DHE_RSA_WITH_AES_256_CCM,
+ TLS_DHE_PSK_WITH_AES_128_CCM,
+ TLS_DHE_PSK_WITH_AES_256_CCM,
+ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+ TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+ TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
+ TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
+ TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256
+ })
+ public @interface TlsCipherSuite {}
+
+ // Cipher suites for TLS v1.2 per RFC5246
+ public static final int TLS_NULL_WITH_NULL_NULL = 0x0000;
+ public static final int TLS_RSA_WITH_NULL_MD5 = 0x0001;
+ public static final int TLS_RSA_WITH_NULL_SHA = 0x0002;
+ public static final int TLS_RSA_WITH_RC4_128_MD5 = 0x0004;
+ public static final int TLS_RSA_WITH_RC4_128_SHA = 0x0005;
+ public static final int TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A;
+ public static final int TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D;
+ public static final int TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010;
+ public static final int TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013;
+ public static final int TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016;
+ public static final int TLS_DH_ANON_WITH_RC4_128_MD5 = 0x0018;
+ public static final int TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA = 0x001B;
+ public static final int TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F;
+ public static final int TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030;
+ public static final int TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031;
+ public static final int TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032;
+ public static final int TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033;
+ public static final int TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034;
+ public static final int TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035;
+ public static final int TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036;
+ public static final int TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037;
+ public static final int TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038;
+ public static final int TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039;
+ public static final int TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A;
+ public static final int TLS_RSA_WITH_NULL_SHA256 = 0x003B;
+ public static final int TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C;
+ public static final int TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D;
+ public static final int TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E;
+ public static final int TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F;
+ public static final int TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040;
+ public static final int TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067;
+ public static final int TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068;
+ public static final int TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069;
+ public static final int TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A;
+ public static final int TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B;
+ public static final int TLS_DH_ANON_WITH_AES_128_CBC_SHA256 = 0x006C;
+ public static final int TLS_DH_ANON_WITH_AES_256_CBC_SHA256 = 0x006D;
+
+ // Cipher suites for TLS v1.3 per RFC8446 and recommended by IANA
+ public static final int TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E;
+ public static final int TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F;
+ public static final int TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA;
+ public static final int TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB;
+ public static final int TLS_AES_128_GCM_SHA256 = 0x1301;
+ public static final int TLS_AES_256_GCM_SHA384 = 0x1302;
+ public static final int TLS_CHACHA20_POLY1305_SHA256 = 0x1303;
+ public static final int TLS_AES_128_CCM_SHA256 = 0x1304;
+ public static final int TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B;
+ public static final int TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C;
+ public static final int TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F;
+ public static final int TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030;
+ public static final int TLS_DHE_RSA_WITH_AES_128_CCM = 0xC09E;
+ public static final int TLS_DHE_RSA_WITH_AES_256_CCM = 0xC09F;
+ public static final int TLS_DHE_PSK_WITH_AES_128_CCM = 0xC0A6;
+ public static final int TLS_DHE_PSK_WITH_AES_256_CCM = 0xC0A7;
+ public static final int TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA8;
+ public static final int TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA9;
+ public static final int TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCAA;
+ public static final int TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xCCAC;
+ public static final int TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xCCAD;
+ public static final int TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 = 0xD001;
+ public static final int TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 = 0xD002;
+ public static final int TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 = 0xD005;
+
+ private static final int[] CS_EXPECTED = {
+ TLS_NULL_WITH_NULL_NULL,
+ TLS_RSA_WITH_NULL_MD5,
+ TLS_RSA_WITH_NULL_SHA,
+ TLS_RSA_WITH_RC4_128_MD5,
+ TLS_RSA_WITH_RC4_128_SHA,
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,
+ TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
+ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_DH_ANON_WITH_RC4_128_MD5,
+ TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA,
+ TLS_RSA_WITH_AES_128_CBC_SHA,
+ TLS_DH_DSS_WITH_AES_128_CBC_SHA,
+ TLS_DH_RSA_WITH_AES_128_CBC_SHA,
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+ TLS_DH_ANON_WITH_AES_128_CBC_SHA,
+ TLS_RSA_WITH_AES_256_CBC_SHA,
+ TLS_DH_DSS_WITH_AES_256_CBC_SHA,
+ TLS_DH_RSA_WITH_AES_256_CBC_SHA,
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
+ TLS_DH_ANON_WITH_AES_256_CBC_SHA,
+ TLS_RSA_WITH_NULL_SHA256,
+ TLS_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_RSA_WITH_AES_256_CBC_SHA256,
+ TLS_DH_DSS_WITH_AES_128_CBC_SHA256,
+ TLS_DH_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_DH_DSS_WITH_AES_256_CBC_SHA256,
+ TLS_DH_RSA_WITH_AES_256_CBC_SHA256,
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
+ TLS_DH_ANON_WITH_AES_128_CBC_SHA256,
+ TLS_DH_ANON_WITH_AES_256_CBC_SHA256,
+ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
+ TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
+ TLS_AES_128_GCM_SHA256,
+ TLS_AES_256_GCM_SHA384,
+ TLS_CHACHA20_POLY1305_SHA256,
+ TLS_AES_128_CCM_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_DHE_RSA_WITH_AES_128_CCM,
+ TLS_DHE_RSA_WITH_AES_256_CCM,
+ TLS_DHE_PSK_WITH_AES_128_CCM,
+ TLS_DHE_PSK_WITH_AES_256_CCM,
+ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+ TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+ TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
+ TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
+ TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256
+ };
+
+ /**
+ * TLS supported groups required by TS 33.210
+ */
+ public static final int GROUP_SECP256R1 = 23;
+ public static final int GROUP_SECP384R1 = 24;
+ public static final int GROUP_X25519 = 29;
+ public static final int GROUP_X448 = 30;
+
+ /**
+ * Signature algorithms shall be supported as per TS 33.210
+ */
+ public static final int SIG_RSA_PKCS1_SHA1 = 0X0201;
+ public static final int SIG_ECDSA_SHA1 = 0X0203;
+ public static final int SIG_RSA_PKCS1_SHA256 = 0X0401;
+ public static final int SIG_ECDSA_SECP256R1_SHA256 = 0X0403;
+ public static final int SIG_RSA_PKCS1_SHA256_LEGACY = 0X0420;
+ public static final int SIG_RSA_PKCS1_SHA384 = 0X0501;
+ public static final int SIG_ECDSA_SECP384R1_SHA384 = 0X0503;
+ public static final int SIG_RSA_PKCS1_SHA384_LEGACY = 0X0520;
+ public static final int SIG_RSA_PKCS1_SHA512 = 0X0601;
+ public static final int SIG_ECDSA_SECP521R1_SHA512 = 0X0603;
+ public static final int SIG_RSA_PKCS1_SHA512_LEGACY = 0X0620;
+ public static final int SIG_RSA_PSS_RSAE_SHA256 = 0X0804;
+ public static final int SIG_RSA_PSS_RSAE_SHA384 = 0X0805;
+ public static final int SIG_RSA_PSS_RSAE_SHA512 = 0X0806;
+ public static final int SIG_ECDSA_BRAINPOOLP256R1TLS13_SHA256 = 0X081A;
+ public static final int SIG_ECDSA_BRAINPOOLP384R1TLS13_SHA384 = 0X081B;
+ public static final int SIG_ECDSA_BRAINPOOLP512R1TLS13_SHA512 = 0X081C;
+
+ /**
+ * Returns whether the TLS cipher suite id is supported
+ */
+ public static boolean isTlsCipherSuiteSupported(int csId) {
+ return Arrays.binarySearch(CS_EXPECTED, csId) >= 0;
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-03 05:17:44 +0000