LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Verify kernel implementation of AES-CMAC

Browse Source 
This CL adds a test to verify kernel implementation of AES-CMAC

Since there is no hardware that first launched with SDK beyond R
at the time of writing this CL, the test for AES-CMAC was manually
enabled and verified on redfin (redfin kernel already supports
AES-CMAC)

Bug: 171083832
Test: atest IpSecAlgorithmImplTest
Change-Id: I8b7ee9272722aebdd84ca02475a6107ef61287a9
This commit is contained in:
Yan Yan
2021-05-04 19:29:04 -07:00
parent df24620850
commit 1f423e06e2
2 changed files with 27 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
tests/cts/net/src/android/net/cts/IpSecAlgorithmImplTest.java
View File

@@ -16,9 +16,13 @@
package android.net.cts;
import static android.net.IpSecAlgorithm.AUTH_AES_CMAC;
import static android.net.IpSecAlgorithm.AUTH_AES_XCBC;
import static android.net.IpSecAlgorithm.AUTH_CRYPT_CHACHA20_POLY1305;
import static android.net.IpSecAlgorithm.CRYPT_AES_CTR;
import static android.net.cts.PacketUtils.AES_CMAC;
import static android.net.cts.PacketUtils.AES_CMAC_ICV_LEN;
import static android.net.cts.PacketUtils.AES_CMAC_KEY_LEN;
import static android.net.cts.PacketUtils.AES_CTR;
import static android.net.cts.PacketUtils.AES_CTR_BLK_SIZE;
import static android.net.cts.PacketUtils.AES_CTR_IV_LEN;
@@ -257,6 +261,20 @@ public class IpSecAlgorithmImplTest extends IpSecBaseTest {
EspCipherNull.getInstance(), espAuth)));
}
@Test
public void testAesCmac() throws Exception {
assumeTrue(hasIpSecAlgorithm(AUTH_AES_CMAC));
final byte[] authKey = getKeyBytes(AES_CMAC_KEY_LEN);
final IpSecAlgorithm ipsecAuthAlgo =
new IpSecAlgorithm(IpSecAlgorithm.AUTH_AES_CMAC, authKey, AES_CMAC_ICV_LEN * 8);
final EspAuth espAuth = new EspAuth(AES_CMAC, authKey, AES_CMAC_ICV_LEN);
runWithShellPermissionIdentity(new TestNetworkRunnable(new CheckCryptoImplTest(
null /* ipsecEncryptAlgo */, ipsecAuthAlgo, null /* ipsecAeadAlgo */,
EspCipherNull.getInstance(), espAuth)));
}
@Test
public void testChaCha20Poly1305() throws Exception {
assumeTrue(hasIpSecAlgorithm(AUTH_CRYPT_CHACHA20_POLY1305));

16
tests/cts/net/src/android/net/cts/PacketUtils.java
View File

@@ -101,6 +101,7 @@ public class PacketUtils {
static final String HMAC_SHA_256 = "HmacSHA256";
static final String HMAC_SHA_384 = "HmacSHA384";
static final String HMAC_SHA_512 = "HmacSHA512";
static final String AES_CMAC = "AESCMAC";
static final String AES_XCBC = "AesXCbc";
public interface Payload {
@@ -666,14 +667,15 @@ public class PacketUtils {
public final byte[] key;
public final int icvLen;
private static final Set<String> SUPPORTED_HMAC_ALGOS = new HashSet<>();
private static final Set<String> JCE_SUPPORTED_MACS = new HashSet<>();
static {
SUPPORTED_HMAC_ALGOS.add(HMAC_MD5);
SUPPORTED_HMAC_ALGOS.add(HMAC_SHA1);
SUPPORTED_HMAC_ALGOS.add(HMAC_SHA_256);
SUPPORTED_HMAC_ALGOS.add(HMAC_SHA_384);
SUPPORTED_HMAC_ALGOS.add(HMAC_SHA_512);
JCE_SUPPORTED_MACS.add(HMAC_MD5);
JCE_SUPPORTED_MACS.add(HMAC_SHA1);
JCE_SUPPORTED_MACS.add(HMAC_SHA_256);
JCE_SUPPORTED_MACS.add(HMAC_SHA_384);
JCE_SUPPORTED_MACS.add(HMAC_SHA_512);
JCE_SUPPORTED_MACS.add(AES_CMAC);
}
public EspAuth(String algoName, byte[] key, int icvLen) {
@@ -686,7 +688,7 @@ public class PacketUtils {
if (AES_XCBC.equals(algoName)) {
final Cipher aesCipher = Cipher.getInstance(AES_CBC);
return new AesXCbcImpl().mac(key, authenticatedSection, true /* needTruncation */);
} else if (SUPPORTED_HMAC_ALGOS.contains(algoName)) {
} else if (JCE_SUPPORTED_MACS.contains(algoName)) {
final Mac mac = Mac.getInstance(algoName);
final SecretKeySpec authKey = new SecretKeySpec(key, algoName);
mac.init(authKey);