Verify kernel implementation of AES-CMAC

This CL adds a test to verify kernel implementation of AES-CMAC

Since there is no hardware that first launched with SDK beyond R
at the time of writing this CL, the test for AES-CMAC was manually
enabled and verified on redfin (redfin kernel already supports
AES-CMAC)

Bug: 171083832
Test: atest IpSecAlgorithmImplTest
Change-Id: I8b7ee9272722aebdd84ca02475a6107ef61287a9

tests/cts/net/src/android/net/cts/IpSecAlgorithmImplTest.java

@@ -16,9 +16,13 @@
 
 package android.net.cts;
 
+import static android.net.IpSecAlgorithm.AUTH_AES_CMAC;
 import static android.net.IpSecAlgorithm.AUTH_AES_XCBC;
 import static android.net.IpSecAlgorithm.AUTH_CRYPT_CHACHA20_POLY1305;
 import static android.net.IpSecAlgorithm.CRYPT_AES_CTR;
+import static android.net.cts.PacketUtils.AES_CMAC;
+import static android.net.cts.PacketUtils.AES_CMAC_ICV_LEN;
+import static android.net.cts.PacketUtils.AES_CMAC_KEY_LEN;
 import static android.net.cts.PacketUtils.AES_CTR;
 import static android.net.cts.PacketUtils.AES_CTR_BLK_SIZE;
 import static android.net.cts.PacketUtils.AES_CTR_IV_LEN;
@@ -257,6 +261,20 @@ public class IpSecAlgorithmImplTest extends IpSecBaseTest {
                 EspCipherNull.getInstance(), espAuth)));
     }
 
+    @Test
+    public void testAesCmac() throws Exception {
+        assumeTrue(hasIpSecAlgorithm(AUTH_AES_CMAC));
+
+        final byte[] authKey = getKeyBytes(AES_CMAC_KEY_LEN);
+        final IpSecAlgorithm ipsecAuthAlgo =
+                new IpSecAlgorithm(IpSecAlgorithm.AUTH_AES_CMAC, authKey, AES_CMAC_ICV_LEN * 8);
+        final EspAuth espAuth = new EspAuth(AES_CMAC, authKey, AES_CMAC_ICV_LEN);
+
+        runWithShellPermissionIdentity(new TestNetworkRunnable(new CheckCryptoImplTest(
+                null /* ipsecEncryptAlgo */, ipsecAuthAlgo, null /* ipsecAeadAlgo */,
+                EspCipherNull.getInstance(), espAuth)));
+    }
+
     @Test
     public void testChaCha20Poly1305() throws Exception {
         assumeTrue(hasIpSecAlgorithm(AUTH_CRYPT_CHACHA20_POLY1305));

tests/cts/net/src/android/net/cts/PacketUtils.java

@@ -101,6 +101,7 @@ public class PacketUtils {
     static final String HMAC_SHA_256 = "HmacSHA256";
     static final String HMAC_SHA_384 = "HmacSHA384";
     static final String HMAC_SHA_512 = "HmacSHA512";
+    static final String AES_CMAC = "AESCMAC";
     static final String AES_XCBC = "AesXCbc";
 
     public interface Payload {
@@ -666,14 +667,15 @@ public class PacketUtils {
         public final byte[] key;
         public final int icvLen;
 
-        private static final Set<String> SUPPORTED_HMAC_ALGOS = new HashSet<>();
+        private static final Set<String> JCE_SUPPORTED_MACS = new HashSet<>();
 
         static {
-            SUPPORTED_HMAC_ALGOS.add(HMAC_MD5);
+            JCE_SUPPORTED_MACS.add(HMAC_MD5);
-            SUPPORTED_HMAC_ALGOS.add(HMAC_SHA1);
+            JCE_SUPPORTED_MACS.add(HMAC_SHA1);
-            SUPPORTED_HMAC_ALGOS.add(HMAC_SHA_256);
+            JCE_SUPPORTED_MACS.add(HMAC_SHA_256);
-            SUPPORTED_HMAC_ALGOS.add(HMAC_SHA_384);
+            JCE_SUPPORTED_MACS.add(HMAC_SHA_384);
-            SUPPORTED_HMAC_ALGOS.add(HMAC_SHA_512);
+            JCE_SUPPORTED_MACS.add(HMAC_SHA_512);
+            JCE_SUPPORTED_MACS.add(AES_CMAC);
         }
 
         public EspAuth(String algoName, byte[] key, int icvLen) {
@@ -686,7 +688,7 @@ public class PacketUtils {
             if (AES_XCBC.equals(algoName)) {
                 final Cipher aesCipher = Cipher.getInstance(AES_CBC);
                 return new AesXCbcImpl().mac(key, authenticatedSection, true /* needTruncation */);
-            } else if (SUPPORTED_HMAC_ALGOS.contains(algoName)) {
+            } else if (JCE_SUPPORTED_MACS.contains(algoName)) {
                 final Mac mac = Mac.getInstance(algoName);
                 final SecretKeySpec authKey = new SecretKeySpec(key, algoName);
                 mac.init(authKey);