From 01b1ab403426c82b854deac54598dffe67fedbd3 Mon Sep 17 00:00:00 2001
From: Benedict Wong <benedictwong@google.com>
Date: Wed, 1 Nov 2017 17:14:25 -0700
Subject: [PATCH] Update documentation for AES-GCM-ESP keymat length

Added notes that keymat length must include 32 bits of salt.

Bug: 68672051
Test: Frameworks-net unit tests & IpSecManager CTS tests run
Change-Id: I0ae0c5be8a45b2374783b3bd1fa8bf930f15e687
---
 core/java/android/net/IpSecAlgorithm.java | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/core/java/android/net/IpSecAlgorithm.java b/core/java/android/net/IpSecAlgorithm.java
index 16b1452311..64f8f39e2b 100644
--- a/core/java/android/net/IpSecAlgorithm.java
+++ b/core/java/android/net/IpSecAlgorithm.java
@@ -78,7 +78,11 @@ public final class IpSecAlgorithm implements Parcelable {
     /**
      * AES-GCM Authentication/Integrity + Encryption/Ciphering Algorithm.
      *
-     * <p>Valid lengths for this key are {128, 192, 256}.
+     * <p>Valid lengths for keying material are {160, 224, 288}.
+     *
+     * <p>As per RFC4106 (Section 8.1), keying material consists of a 128, 192, or 256 bit AES key
+     * followed by a 32-bit salt. RFC compliance requires that the salt must be unique per
+     * invocation with the same key.
      *
      * <p>Valid ICV (truncation) lengths are {64, 96, 128}.
      */