From 1f423e06e21fdca04896c460883a8171ae134080 Mon Sep 17 00:00:00 2001 From: Yan Yan Date: Tue, 4 May 2021 19:29:04 -0700 Subject: [PATCH] Verify kernel implementation of AES-CMAC This CL adds a test to verify kernel implementation of AES-CMAC Since there is no hardware that first launched with SDK beyond R at the time of writing this CL, the test for AES-CMAC was manually enabled and verified on redfin (redfin kernel already supports AES-CMAC) Bug: 171083832 Test: atest IpSecAlgorithmImplTest Change-Id: I8b7ee9272722aebdd84ca02475a6107ef61287a9 --- .../net/cts/IpSecAlgorithmImplTest.java | 18 ++++++++++++++++++ .../net/src/android/net/cts/PacketUtils.java | 16 +++++++++------- 2 files changed, 27 insertions(+), 7 deletions(-) diff --git a/tests/cts/net/src/android/net/cts/IpSecAlgorithmImplTest.java b/tests/cts/net/src/android/net/cts/IpSecAlgorithmImplTest.java index 080f7f988b..55030dbedc 100644 --- a/tests/cts/net/src/android/net/cts/IpSecAlgorithmImplTest.java +++ b/tests/cts/net/src/android/net/cts/IpSecAlgorithmImplTest.java @@ -16,9 +16,13 @@ package android.net.cts; +import static android.net.IpSecAlgorithm.AUTH_AES_CMAC; import static android.net.IpSecAlgorithm.AUTH_AES_XCBC; import static android.net.IpSecAlgorithm.AUTH_CRYPT_CHACHA20_POLY1305; import static android.net.IpSecAlgorithm.CRYPT_AES_CTR; +import static android.net.cts.PacketUtils.AES_CMAC; +import static android.net.cts.PacketUtils.AES_CMAC_ICV_LEN; +import static android.net.cts.PacketUtils.AES_CMAC_KEY_LEN; import static android.net.cts.PacketUtils.AES_CTR; import static android.net.cts.PacketUtils.AES_CTR_BLK_SIZE; import static android.net.cts.PacketUtils.AES_CTR_IV_LEN; @@ -257,6 +261,20 @@ public class IpSecAlgorithmImplTest extends IpSecBaseTest { EspCipherNull.getInstance(), espAuth))); } + @Test + public void testAesCmac() throws Exception { + assumeTrue(hasIpSecAlgorithm(AUTH_AES_CMAC)); + + final byte[] authKey = getKeyBytes(AES_CMAC_KEY_LEN); + final IpSecAlgorithm ipsecAuthAlgo = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_AES_CMAC, authKey, AES_CMAC_ICV_LEN * 8); + final EspAuth espAuth = new EspAuth(AES_CMAC, authKey, AES_CMAC_ICV_LEN); + + runWithShellPermissionIdentity(new TestNetworkRunnable(new CheckCryptoImplTest( + null /* ipsecEncryptAlgo */, ipsecAuthAlgo, null /* ipsecAeadAlgo */, + EspCipherNull.getInstance(), espAuth))); + } + @Test public void testChaCha20Poly1305() throws Exception { assumeTrue(hasIpSecAlgorithm(AUTH_CRYPT_CHACHA20_POLY1305)); diff --git a/tests/cts/net/src/android/net/cts/PacketUtils.java b/tests/cts/net/src/android/net/cts/PacketUtils.java index 0b3bad465a..9170cff1c0 100644 --- a/tests/cts/net/src/android/net/cts/PacketUtils.java +++ b/tests/cts/net/src/android/net/cts/PacketUtils.java @@ -101,6 +101,7 @@ public class PacketUtils { static final String HMAC_SHA_256 = "HmacSHA256"; static final String HMAC_SHA_384 = "HmacSHA384"; static final String HMAC_SHA_512 = "HmacSHA512"; + static final String AES_CMAC = "AESCMAC"; static final String AES_XCBC = "AesXCbc"; public interface Payload { @@ -666,14 +667,15 @@ public class PacketUtils { public final byte[] key; public final int icvLen; - private static final Set SUPPORTED_HMAC_ALGOS = new HashSet<>(); + private static final Set JCE_SUPPORTED_MACS = new HashSet<>(); static { - SUPPORTED_HMAC_ALGOS.add(HMAC_MD5); - SUPPORTED_HMAC_ALGOS.add(HMAC_SHA1); - SUPPORTED_HMAC_ALGOS.add(HMAC_SHA_256); - SUPPORTED_HMAC_ALGOS.add(HMAC_SHA_384); - SUPPORTED_HMAC_ALGOS.add(HMAC_SHA_512); + JCE_SUPPORTED_MACS.add(HMAC_MD5); + JCE_SUPPORTED_MACS.add(HMAC_SHA1); + JCE_SUPPORTED_MACS.add(HMAC_SHA_256); + JCE_SUPPORTED_MACS.add(HMAC_SHA_384); + JCE_SUPPORTED_MACS.add(HMAC_SHA_512); + JCE_SUPPORTED_MACS.add(AES_CMAC); } public EspAuth(String algoName, byte[] key, int icvLen) { @@ -686,7 +688,7 @@ public class PacketUtils { if (AES_XCBC.equals(algoName)) { final Cipher aesCipher = Cipher.getInstance(AES_CBC); return new AesXCbcImpl().mac(key, authenticatedSection, true /* needTruncation */); - } else if (SUPPORTED_HMAC_ALGOS.contains(algoName)) { + } else if (JCE_SUPPORTED_MACS.contains(algoName)) { final Mac mac = Mac.getInstance(algoName); final SecretKeySpec authKey = new SecretKeySpec(key, algoName); mac.init(authKey);