Add configs for ePDG
Bug: 140873586
Test: Manually tested the configs using the following commands:
adb shell cmd phone cc get-value [KEY]
adb shell cmd phone cc set-value [KEY] [VALUE]
Change-Id: I56672f8ac622fb6226dccd3d91e8d81e6124a16b
diff --git a/Android.bp b/Android.bp
index b3faef1..ead85eb 100644
--- a/Android.bp
+++ b/Android.bp
@@ -1277,6 +1277,7 @@
libs: [
"framework-minus-apex",
"unsupportedappusage",
+ "ike-stubs",
],
static_libs: [
"libphonenumber-platform",
diff --git a/api/current.txt b/api/current.txt
index e27c318..ad20e64 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -45472,6 +45472,59 @@
field public static final String KEY_WIFI_OFF_DEFERRING_TIME_INT = "ims.wifi_off_deferring_time_int";
}
+ public static final class CarrierConfigManager.Iwlan {
+ field public static final int AUTHENTICATION_METHOD_CERT = 1; // 0x1
+ field public static final int AUTHENTICATION_METHOD_EAP_ONLY = 0; // 0x0
+ field public static final int DH_GROUP_1024_BIT_MODP = 2; // 0x2
+ field public static final int DH_GROUP_2048_BIT_MODP = 14; // 0xe
+ field public static final int DH_GROUP_NONE = 0; // 0x0
+ field public static final int ENCRYPTION_ALGORITHM_3DES = 3; // 0x3
+ field public static final int ENCRYPTION_ALGORITHM_AES_CBC = 12; // 0xc
+ field public static final int ENCRYPTION_ALGORITHM_AES_GCM_12 = 19; // 0x13
+ field public static final int ENCRYPTION_ALGORITHM_AES_GCM_16 = 20; // 0x14
+ field public static final int ENCRYPTION_ALGORITHM_AES_GCM_8 = 18; // 0x12
+ field public static final int EPDG_ADDRESS_PCO = 2; // 0x2
+ field public static final int EPDG_ADDRESS_PLMN = 1; // 0x1
+ field public static final int EPDG_ADDRESS_STATIC = 0; // 0x0
+ field public static final int INTEGRITY_ALGORITHM_AES_XCBC_96 = 5; // 0x5
+ field public static final int INTEGRITY_ALGORITHM_HMAC_SHA1_96 = 2; // 0x2
+ field public static final int INTEGRITY_ALGORITHM_HMAC_SHA2_256_128 = 12; // 0xc
+ field public static final int INTEGRITY_ALGORITHM_HMAC_SHA2_384_192 = 13; // 0xd
+ field public static final int INTEGRITY_ALGORITHM_HMAC_SHA2_512_256 = 14; // 0xe
+ field public static final int INTEGRITY_ALGORITHM_NONE = 0; // 0x0
+ field public static final String KEY_CHILD_SA_REKEY_HARD_TIMER_SEC_INT = "iwlan.child_sa_rekey_hard_timer_sec_int";
+ field public static final String KEY_CHILD_SA_REKEY_SOFT_TIMER_SEC_INT = "iwlan.child_sa_rekey_soft_timer_sec_int";
+ field public static final String KEY_CHILD_SESSION_AES_CBC_KEY_SIZE_INT_ARRAY = "iwlan.child_session_aes_cbc_key_size_int_array";
+ field public static final String KEY_CHILD_SESSION_AES_CTR_KEY_SIZE_INT_ARRAY = "iwlan.child_encryption_aes_ctr_key_size_int_array";
+ field public static final String KEY_DIFFIE_HELLMAN_GROUPS_INT_ARRAY = "iwlan.diffie_hellman_groups_int_array";
+ field public static final String KEY_DPD_TIMER_SEC_INT = "iwlan.dpd_timer_sec_int";
+ field public static final String KEY_EPDG_ADDRESS_PRIORITY_INT_ARRAY = "iwlan.epdg_address_priority_int_array";
+ field public static final String KEY_EPDG_AUTHENTICATION_METHOD_INT = "iwlan.epdg_authentication_method_int";
+ field public static final String KEY_EPDG_STATIC_ADDRESS_ROAMING_STRING = "iwlan.epdg_static_address_roaming_string";
+ field public static final String KEY_EPDG_STATIC_ADDRESS_STRING = "iwlan.epdg_static_address_string";
+ field public static final String KEY_IKE_FRAGMENTATION_ENABLED_BOOL = "iwlan.ike_fragmentation_enabled_bool";
+ field public static final String KEY_IKE_REKEY_HARD_TIMER_SEC_INT = "iwlan.ike_rekey_hard_timer_in_sec";
+ field public static final String KEY_IKE_REKEY_SOFT_TIMER_SEC_INT = "iwlan.ike_rekey_soft_timer_sec_int";
+ field public static final String KEY_IKE_SESSION_AES_CBC_KEY_SIZE_INT_ARRAY = "iwlan.ike_session_encryption_aes_cbc_key_size_int_array";
+ field public static final String KEY_IKE_SESSION_AES_CTR_KEY_SIZE_INT_ARRAY = "iwlan.ike_session_aes_ctr_key_size_int_array";
+ field public static final int KEY_LEN_AES_128 = 128; // 0x80
+ field public static final int KEY_LEN_AES_192 = 192; // 0xc0
+ field public static final int KEY_LEN_AES_256 = 256; // 0x100
+ field public static final int KEY_LEN_UNUSED = 0; // 0x0
+ field public static final String KEY_MAX_RETRIES_INT = "iwlan.max_retries_int";
+ field public static final String KEY_MCC_MNCS_STRING_ARRAY = "iwlan.mcc_mncs_string_array";
+ field public static final String KEY_NATT_ENABLED_BOOL = "iwlan.natt_enabled_bool";
+ field public static final String KEY_NATT_KEEP_ALIVE_TIMER_SEC_INT = "iwlan.natt_keep_alive_timer_sec_int";
+ field public static final String KEY_PREFIX = "iwlan.";
+ field public static final String KEY_RETRANSMIT_TIMER_SEC_INT = "iwlan.retransmit_timer_sec_int";
+ field public static final String KEY_SUPPORTED_CHILD_SESSION_ENCRYPTION_ALGORITHMS_INT_ARRAY = "iwlan.supported_child_session_encryption_algorithms_int_array";
+ field public static final String KEY_SUPPORTED_IKE_SESSION_ENCRYPTION_ALGORITHMS_INT_ARRAY = "iwlan.supported_ike_session_encryption_algorithms_int_array";
+ field public static final String KEY_SUPPORTED_INTEGRITY_ALGORITHMS_INT_ARRAY = "iwlan.supported_integrity_algorithms_int_array";
+ field public static final String KEY_SUPPORTED_PRF_ALGORITHMS_INT_ARRAY = "iwlan.supported_prf_algorithms_int_array";
+ field public static final int PSEUDORANDOM_FUNCTION_AES128_XCBC = 4; // 0x4
+ field public static final int PSEUDORANDOM_FUNCTION_HMAC_SHA1 = 2; // 0x2
+ }
+
public abstract class CellIdentity implements android.os.Parcelable {
method public int describeContents();
method @Nullable public CharSequence getOperatorAlphaLong();
diff --git a/telephony/java/android/telephony/CarrierConfigManager.java b/telephony/java/android/telephony/CarrierConfigManager.java
index 5a7c3b3..528ceea 100755
--- a/telephony/java/android/telephony/CarrierConfigManager.java
+++ b/telephony/java/android/telephony/CarrierConfigManager.java
@@ -17,6 +17,7 @@
package android.telephony;
import android.Manifest;
+import android.annotation.IntDef;
import android.annotation.NonNull;
import android.annotation.Nullable;
import android.annotation.RequiresPermission;
@@ -27,6 +28,7 @@
import android.compat.annotation.UnsupportedAppUsage;
import android.content.ComponentName;
import android.content.Context;
+import android.net.ipsec.ike.SaProposal;
import android.os.PersistableBundle;
import android.os.RemoteException;
import android.service.carrier.CarrierService;
@@ -3414,6 +3416,369 @@
public static final String KEY_PREVENT_CLIR_ACTIVATION_AND_DEACTIVATION_CODE_BOOL =
"prevent_clir_activation_and_deactivation_code_bool";
+ /**
+ * Configs used for epdg tunnel bring up.
+ *
+ * @see <a href="https://tools.ietf.org/html/rfc7296">RFC 7296, Internet Key Exchange
+ * Protocol Version 2 (IKEv2)</a>
+ */
+ public static final class Iwlan {
+ /** Prefix of all Epdg.KEY_* constants. */
+ public static final String KEY_PREFIX = "iwlan.";
+
+ /**
+ * Time in seconds after which the child security association session is terminated if
+ * rekey procedure is not successful. If not set or set to <= 0, the default value is
+ * 3600 seconds.
+ */
+ public static final String KEY_CHILD_SA_REKEY_HARD_TIMER_SEC_INT =
+ KEY_PREFIX + "child_sa_rekey_hard_timer_sec_int";
+
+ /**
+ * Time in seconds after which the child session rekey procedure is started. If not set or
+ * set to <= 0, default value is 3000 seconds.
+ */
+ public static final String KEY_CHILD_SA_REKEY_SOFT_TIMER_SEC_INT =
+ KEY_PREFIX + "child_sa_rekey_soft_timer_sec_int";
+
+ /** Supported DH groups for IKE negotiation.
+ * Possible values are {@link #DH_GROUP_NONE}, {@link #DH_GROUP_1024_BIT_MODP},
+ * {@link #DH_GROUP_2048_BIT_MODP}
+ */
+ public static final String KEY_DIFFIE_HELLMAN_GROUPS_INT_ARRAY =
+ KEY_PREFIX + "diffie_hellman_groups_int_array";
+
+ /**
+ * Time in seconds after which a dead peer detection (DPD) request is sent.
+ * If not set or set to <= 0, default value is 120 seconds.
+ */
+ public static final String KEY_DPD_TIMER_SEC_INT = KEY_PREFIX + "dpd_timer_sec_int";
+
+ /**
+ * Method used to authenticate epdg server.
+ * Possible values are {@link #AUTHENTICATION_METHOD_EAP_ONLY},
+ * {@link #AUTHENTICATION_METHOD_CERT}
+ */
+ public static final String KEY_EPDG_AUTHENTICATION_METHOD_INT =
+ KEY_PREFIX + "epdg_authentication_method_int";
+
+ /**
+ * A priority list of ePDG addresses to be used.
+ * Possible values are {@link #EPDG_ADDRESS_STATIC}, {@link #EPDG_ADDRESS_PLMN},
+ * {@link #EPDG_ADDRESS_PCO}
+ */
+ public static final String KEY_EPDG_ADDRESS_PRIORITY_INT_ARRAY =
+ KEY_PREFIX + "epdg_address_priority_int_array";
+
+ /** Epdg static IP address or FQDN */
+ public static final String KEY_EPDG_STATIC_ADDRESS_STRING =
+ KEY_PREFIX + "epdg_static_address_string";
+
+ /** Epdg static IP address or FQDN for roaming */
+ public static final String KEY_EPDG_STATIC_ADDRESS_ROAMING_STRING =
+ KEY_PREFIX + "epdg_static_address_roaming_string";
+
+ /**
+ * List of supported key sizes for AES Cipher Block Chaining (CBC) encryption mode of child
+ * session.
+ * Possible values are {@link #KEY_LEN_UNUSED}, {@link #KEY_LEN_AES_128},
+ * {@link #KEY_LEN_AES_192}, {@link #KEY_LEN_AES_256}
+ */
+ public static final String KEY_CHILD_SESSION_AES_CBC_KEY_SIZE_INT_ARRAY =
+ KEY_PREFIX + "child_session_aes_cbc_key_size_int_array";
+
+ /**
+ * List of supported key sizes for AES counter (CTR) encryption mode of child session.
+ * Possible values are {@link #KEY_LEN_UNUSED}, {@link #KEY_LEN_AES_128},
+ * {@link #KEY_LEN_AES_192}, {@link #KEY_LEN_AES_256}
+ */
+ public static final String KEY_CHILD_SESSION_AES_CTR_KEY_SIZE_INT_ARRAY =
+ KEY_PREFIX + "child_encryption_aes_ctr_key_size_int_array";
+
+ /**
+ * List of supported encryption algorithms for child session.
+ * Possible values are {@link #ENCRYPTION_ALGORITHM_3DES},
+ * {@link #ENCRYPTION_ALGORITHM_AES_CBC}, {@link #ENCRYPTION_ALGORITHM_AES_GCM_8},
+ * {@link #ENCRYPTION_ALGORITHM_AES_GCM_12}, {@link #ENCRYPTION_ALGORITHM_AES_GCM_16}
+ */
+ public static final String KEY_SUPPORTED_CHILD_SESSION_ENCRYPTION_ALGORITHMS_INT_ARRAY =
+ KEY_PREFIX + "supported_child_session_encryption_algorithms_int_array";
+
+ /** Controls if IKE message fragmentation is enabled. */
+ public static final String KEY_IKE_FRAGMENTATION_ENABLED_BOOL =
+ KEY_PREFIX + "ike_fragmentation_enabled_bool";
+
+ /**
+ * Time in seconds after which the IKE session is terminated if rekey procedure is not
+ * successful. If not set or set to <= 0, default value is 3600 seconds.
+ */
+ public static final String KEY_IKE_REKEY_HARD_TIMER_SEC_INT =
+ KEY_PREFIX + "ike_rekey_hard_timer_in_sec";
+
+ /**
+ * Time in seconds after which the IKE session rekey procedure is started. If not set or
+ * set to <= 0, default value is 3000 seconds.
+ */
+ public static final String KEY_IKE_REKEY_SOFT_TIMER_SEC_INT =
+ KEY_PREFIX + "ike_rekey_soft_timer_sec_int";
+
+ /**
+ * List of supported key sizes for AES Cipher Block Chaining (CBC) encryption mode of IKE
+ * session.
+ * Possible values - {@link #KEY_LEN_UNUSED}, {@link #KEY_LEN_AES_128},
+ * {@link #KEY_LEN_AES_192}, {@link #KEY_LEN_AES_256}
+ */
+ public static final String KEY_IKE_SESSION_AES_CBC_KEY_SIZE_INT_ARRAY =
+ KEY_PREFIX + "ike_session_encryption_aes_cbc_key_size_int_array";
+
+ /**
+ * List of supported key sizes for AES counter (CTR) encryption mode of IKE session.
+ * Possible values - {@link #KEY_LEN_UNUSED}, {@link #KEY_LEN_AES_128},
+ * {@link #KEY_LEN_AES_192}, {@link #KEY_LEN_AES_256}
+ */
+ public static final String KEY_IKE_SESSION_AES_CTR_KEY_SIZE_INT_ARRAY =
+ KEY_PREFIX + "ike_session_aes_ctr_key_size_int_array";
+
+ /**
+ * List of supported encryption algorithms for IKE session.
+ * Possible values are {@link #ENCRYPTION_ALGORITHM_3DES},
+ * {@link #ENCRYPTION_ALGORITHM_AES_CBC}, {@link #ENCRYPTION_ALGORITHM_AES_GCM_8},
+ * {@link #ENCRYPTION_ALGORITHM_AES_GCM_12}, {@link #ENCRYPTION_ALGORITHM_AES_GCM_16}
+ */
+ public static final String KEY_SUPPORTED_IKE_SESSION_ENCRYPTION_ALGORITHMS_INT_ARRAY =
+ KEY_PREFIX + "supported_ike_session_encryption_algorithms_int_array";
+
+ /**
+ * List of supported integrity algorithms for IKE session
+ * Possible values are {@link #INTEGRITY_ALGORITHM_NONE},
+ * {@link #INTEGRITY_ALGORITHM_HMAC_SHA1_96}, {@link #INTEGRITY_ALGORITHM_AES_XCBC_96},
+ * {@link #INTEGRITY_ALGORITHM_HMAC_SHA2_256_128},
+ * {@link #INTEGRITY_ALGORITHM_HMAC_SHA2_384_192},
+ * {@link #INTEGRITY_ALGORITHM_HMAC_SHA2_512_256}
+ */
+ public static final String KEY_SUPPORTED_INTEGRITY_ALGORITHMS_INT_ARRAY =
+ KEY_PREFIX + "supported_integrity_algorithms_int_array";
+
+ /** Maximum number of retries for tunnel establishment. */
+ public static final String KEY_MAX_RETRIES_INT = KEY_PREFIX + "max_retries_int";
+
+ /** Controls if nat traversal should be enabled. */
+ public static final String KEY_NATT_ENABLED_BOOL = KEY_PREFIX + "natt_enabled_bool";
+
+ /**
+ * Time in seconds after which a NATT keep alive message is sent. If not set or set to <= 0,
+ * default value is 20 seconds.
+ */
+ public static final String KEY_NATT_KEEP_ALIVE_TIMER_SEC_INT =
+ KEY_PREFIX + "natt_keep_alive_timer_sec_int";
+
+ /** List of comma separated MCC/MNCs used to create ePDG FQDN as per 3GPP TS 23.003 */
+ public static final String KEY_MCC_MNCS_STRING_ARRAY = KEY_PREFIX + "mcc_mncs_string_array";
+
+ /**
+ * List of supported pseudo random function algorithms for IKE session
+ * Possible values are {@link #PSEUDORANDOM_FUNCTION_HMAC_SHA1},
+ * {@link #PSEUDORANDOM_FUNCTION_AES128_XCBC}
+ */
+ public static final String KEY_SUPPORTED_PRF_ALGORITHMS_INT_ARRAY = KEY_PREFIX +
+ "supported_prf_algorithms_int_array";
+
+ /**
+ * Time in seconds after which IKE message is retransmitted. If not set or set to <= 0,
+ * default value is 2 seconds.
+ */
+ public static final String KEY_RETRANSMIT_TIMER_SEC_INT =
+ KEY_PREFIX + "retransmit_timer_sec_int";
+
+ /** @hide */
+ @IntDef({
+ AUTHENTICATION_METHOD_EAP_ONLY,
+ AUTHENTICATION_METHOD_CERT
+ })
+ public @interface AuthenticationMethodType {}
+
+ /**
+ * Certificate sent from the server is ignored. Only Extensible Authentication Protocol
+ * (EAP) is used to authenticate the server.
+ * EAP_ONLY_AUTH payload is added to IKE_AUTH request if supported.
+ * @see <a href="https://tools.ietf.org/html/rfc5998">RFC 5998</a>
+ */
+ public static final int AUTHENTICATION_METHOD_EAP_ONLY = 0;
+ /** Server is authenticated using its certificate. */
+ public static final int AUTHENTICATION_METHOD_CERT = 1;
+
+ /** @hide */
+ @IntDef({
+ EPDG_ADDRESS_STATIC,
+ EPDG_ADDRESS_PLMN,
+ EPDG_ADDRESS_PCO
+ })
+ public @interface EpdgAddressType {}
+
+ /** Use static epdg address. */
+ public static final int EPDG_ADDRESS_STATIC = 0;
+ /** Construct the epdg address using plmn. */
+ public static final int EPDG_ADDRESS_PLMN = 1;
+ /**
+ * Use the epdg address received in protocol configuration options (PCO) from the
+ * network.
+ */
+ public static final int EPDG_ADDRESS_PCO = 2;
+
+ /** @hide */
+ @IntDef({
+ KEY_LEN_UNUSED,
+ KEY_LEN_AES_128,
+ KEY_LEN_AES_192,
+ KEY_LEN_AES_256
+ })
+ public @interface EncrpytionKeyLengthType {}
+
+ public static final int KEY_LEN_UNUSED = SaProposal.KEY_LEN_UNUSED;
+ /** AES Encryption/Ciphering Algorithm key length 128 bits. */
+ public static final int KEY_LEN_AES_128 = SaProposal.KEY_LEN_AES_128;
+ /** AES Encryption/Ciphering Algorithm key length 192 bits. */
+ public static final int KEY_LEN_AES_192 = SaProposal.KEY_LEN_AES_192;
+ /** AES Encryption/Ciphering Algorithm key length 256 bits. */
+ public static final int KEY_LEN_AES_256 = SaProposal.KEY_LEN_AES_256;
+
+ /** @hide */
+ @IntDef({
+ DH_GROUP_NONE,
+ DH_GROUP_1024_BIT_MODP,
+ DH_GROUP_2048_BIT_MODP
+ })
+ public @interface DhGroup {}
+
+ /** None Diffie-Hellman Group. */
+ public static final int DH_GROUP_NONE = SaProposal.DH_GROUP_NONE;
+ /** 1024-bit MODP Diffie-Hellman Group. */
+ public static final int DH_GROUP_1024_BIT_MODP = SaProposal.DH_GROUP_1024_BIT_MODP;
+ /** 2048-bit MODP Diffie-Hellman Group. */
+ public static final int DH_GROUP_2048_BIT_MODP = SaProposal.DH_GROUP_2048_BIT_MODP;
+
+ /** @hide */
+ @IntDef({
+ ENCRYPTION_ALGORITHM_3DES,
+ ENCRYPTION_ALGORITHM_AES_CBC,
+ ENCRYPTION_ALGORITHM_AES_GCM_8,
+ ENCRYPTION_ALGORITHM_AES_GCM_12,
+ ENCRYPTION_ALGORITHM_AES_GCM_16
+ })
+ public @interface EncryptionAlgorithm {}
+
+ /** 3DES Encryption/Ciphering Algorithm. */
+ public static final int ENCRYPTION_ALGORITHM_3DES = SaProposal.ENCRYPTION_ALGORITHM_3DES;
+ /** AES-CBC Encryption/Ciphering Algorithm. */
+ public static final int ENCRYPTION_ALGORITHM_AES_CBC =
+ SaProposal.ENCRYPTION_ALGORITHM_AES_CBC;
+
+ /**
+ * AES-GCM Authentication/Integrity + Encryption/Ciphering Algorithm with 8-octet ICV
+ * (truncation).
+ */
+ public static final int ENCRYPTION_ALGORITHM_AES_GCM_8 =
+ SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8;
+ /**
+ * AES-GCM Authentication/Integrity + Encryption/Ciphering Algorithm with 12-octet ICV
+ * (truncation).
+ */
+ public static final int ENCRYPTION_ALGORITHM_AES_GCM_12 =
+ SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12;
+ /**
+ * AES-GCM Authentication/Integrity + Encryption/Ciphering Algorithm with 16-octet ICV
+ * (truncation).
+ */
+ public static final int ENCRYPTION_ALGORITHM_AES_GCM_16 =
+ SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_16;
+
+ /** @hide */
+ @IntDef({
+ INTEGRITY_ALGORITHM_NONE,
+ INTEGRITY_ALGORITHM_HMAC_SHA1_96,
+ INTEGRITY_ALGORITHM_AES_XCBC_96,
+ INTEGRITY_ALGORITHM_HMAC_SHA2_256_128,
+ INTEGRITY_ALGORITHM_HMAC_SHA2_384_192,
+ INTEGRITY_ALGORITHM_HMAC_SHA2_512_256
+ })
+ public @interface IntegrityAlgorithm {}
+
+ /** None Authentication/Integrity Algorithm. */
+ public static final int INTEGRITY_ALGORITHM_NONE = SaProposal.INTEGRITY_ALGORITHM_NONE;
+ /** HMAC-SHA1 Authentication/Integrity Algorithm. */
+ public static final int INTEGRITY_ALGORITHM_HMAC_SHA1_96 =
+ SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96;
+ /** AES-XCBC-96 Authentication/Integrity Algorithm. */
+ public static final int INTEGRITY_ALGORITHM_AES_XCBC_96 =
+ SaProposal.INTEGRITY_ALGORITHM_AES_XCBC_96;
+ /** HMAC-SHA256 Authentication/Integrity Algorithm with 128-bit truncation. */
+ public static final int INTEGRITY_ALGORITHM_HMAC_SHA2_256_128 =
+ SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA2_256_128;
+ /** HMAC-SHA384 Authentication/Integrity Algorithm with 192-bit truncation. */
+ public static final int INTEGRITY_ALGORITHM_HMAC_SHA2_384_192 =
+ SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA2_384_192;
+ /** HMAC-SHA512 Authentication/Integrity Algorithm with 256-bit truncation. */
+ public static final int INTEGRITY_ALGORITHM_HMAC_SHA2_512_256 =
+ SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA2_512_256;
+
+ /** @hide */
+ @IntDef({
+ PSEUDORANDOM_FUNCTION_HMAC_SHA1,
+ PSEUDORANDOM_FUNCTION_AES128_XCBC
+ })
+ public @interface PseudorandomFunction {}
+
+ /** HMAC-SHA1 Pseudorandom Function. */
+ public static final int PSEUDORANDOM_FUNCTION_HMAC_SHA1 =
+ SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1;
+ /** AES128-XCBC Pseudorandom Function. */
+ public static final int PSEUDORANDOM_FUNCTION_AES128_XCBC =
+ SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC;
+
+ private Iwlan() {}
+
+ private static PersistableBundle getDefaults() {
+ PersistableBundle defaults = new PersistableBundle();
+ defaults.putInt(KEY_IKE_REKEY_SOFT_TIMER_SEC_INT, 3000);
+ defaults.putInt(KEY_IKE_REKEY_HARD_TIMER_SEC_INT, 3600);
+ defaults.putInt(KEY_CHILD_SA_REKEY_SOFT_TIMER_SEC_INT, 3000);
+ defaults.putInt(KEY_CHILD_SA_REKEY_HARD_TIMER_SEC_INT, 3600);
+ defaults.putInt(KEY_RETRANSMIT_TIMER_SEC_INT, 2);
+ defaults.putInt(KEY_DPD_TIMER_SEC_INT, 120);
+ defaults.putInt(KEY_MAX_RETRIES_INT, 3);
+ defaults.putIntArray(KEY_DIFFIE_HELLMAN_GROUPS_INT_ARRAY,
+ new int[]{DH_GROUP_1024_BIT_MODP, DH_GROUP_2048_BIT_MODP});
+ defaults.putIntArray(KEY_SUPPORTED_IKE_SESSION_ENCRYPTION_ALGORITHMS_INT_ARRAY,
+ new int[]{ENCRYPTION_ALGORITHM_3DES, ENCRYPTION_ALGORITHM_AES_CBC});
+ defaults.putIntArray(KEY_SUPPORTED_CHILD_SESSION_ENCRYPTION_ALGORITHMS_INT_ARRAY,
+ new int[]{ENCRYPTION_ALGORITHM_3DES, ENCRYPTION_ALGORITHM_AES_CBC});
+ defaults.putIntArray(KEY_SUPPORTED_INTEGRITY_ALGORITHMS_INT_ARRAY,
+ new int[]{INTEGRITY_ALGORITHM_AES_XCBC_96, INTEGRITY_ALGORITHM_HMAC_SHA1_96,
+ INTEGRITY_ALGORITHM_HMAC_SHA2_256_128});
+ defaults.putIntArray(KEY_SUPPORTED_PRF_ALGORITHMS_INT_ARRAY,
+ new int[]{PSEUDORANDOM_FUNCTION_HMAC_SHA1, PSEUDORANDOM_FUNCTION_AES128_XCBC});
+ defaults.putBoolean(KEY_NATT_ENABLED_BOOL, true);
+ defaults.putInt(KEY_EPDG_AUTHENTICATION_METHOD_INT, AUTHENTICATION_METHOD_CERT);
+ defaults.putString(KEY_EPDG_STATIC_ADDRESS_STRING, "");
+ defaults.putString(KEY_EPDG_STATIC_ADDRESS_ROAMING_STRING, "");
+ defaults.putInt(KEY_NATT_KEEP_ALIVE_TIMER_SEC_INT, 20);
+ defaults.putIntArray(KEY_IKE_SESSION_AES_CBC_KEY_SIZE_INT_ARRAY,
+ new int[]{KEY_LEN_AES_128, KEY_LEN_AES_256});
+ defaults.putIntArray(KEY_IKE_SESSION_AES_CTR_KEY_SIZE_INT_ARRAY,
+ new int[]{KEY_LEN_AES_128});
+ defaults.putIntArray(KEY_CHILD_SESSION_AES_CBC_KEY_SIZE_INT_ARRAY,
+ new int[]{KEY_LEN_AES_128, KEY_LEN_AES_256});
+ defaults.putIntArray(KEY_CHILD_SESSION_AES_CTR_KEY_SIZE_INT_ARRAY,
+ new int[]{KEY_LEN_AES_128});
+ defaults.putBoolean(KEY_IKE_FRAGMENTATION_ENABLED_BOOL, false);
+ defaults.putIntArray(KEY_EPDG_ADDRESS_PRIORITY_INT_ARRAY, new int[]{EPDG_ADDRESS_PLMN,
+ EPDG_ADDRESS_STATIC});
+ defaults.putStringArray(KEY_MCC_MNCS_STRING_ARRAY, new String[]{});
+
+ return defaults;
+ }
+ }
+
/** The default value for every variable. */
private final static PersistableBundle sDefaults;
@@ -3905,6 +4270,7 @@
// Default wifi configurations.
sDefaults.putAll(Wifi.getDefaults());
sDefaults.putBoolean(ENABLE_EAP_METHOD_PREFIX_BOOL, false);
+ sDefaults.putAll(Iwlan.getDefaults());
}
/**