Verify kernel implementation of AES-CMAC
This CL adds a test to verify kernel implementation of AES-CMAC
Since there is no hardware that first launched with SDK beyond R
at the time of writing this CL, the test for AES-CMAC was manually
enabled and verified on redfin (redfin kernel already supports
AES-CMAC)
Bug: 171083832
Test: atest IpSecAlgorithmImplTest
Original-Change: https://android-review.googlesource.com/1697312
Merged-In: I8b7ee9272722aebdd84ca02475a6107ef61287a9
Change-Id: I8b7ee9272722aebdd84ca02475a6107ef61287a9
diff --git a/tests/cts/net/src/android/net/cts/IpSecAlgorithmImplTest.java b/tests/cts/net/src/android/net/cts/IpSecAlgorithmImplTest.java
index 080f7f9..55030db 100644
--- a/tests/cts/net/src/android/net/cts/IpSecAlgorithmImplTest.java
+++ b/tests/cts/net/src/android/net/cts/IpSecAlgorithmImplTest.java
@@ -16,9 +16,13 @@
package android.net.cts;
+import static android.net.IpSecAlgorithm.AUTH_AES_CMAC;
import static android.net.IpSecAlgorithm.AUTH_AES_XCBC;
import static android.net.IpSecAlgorithm.AUTH_CRYPT_CHACHA20_POLY1305;
import static android.net.IpSecAlgorithm.CRYPT_AES_CTR;
+import static android.net.cts.PacketUtils.AES_CMAC;
+import static android.net.cts.PacketUtils.AES_CMAC_ICV_LEN;
+import static android.net.cts.PacketUtils.AES_CMAC_KEY_LEN;
import static android.net.cts.PacketUtils.AES_CTR;
import static android.net.cts.PacketUtils.AES_CTR_BLK_SIZE;
import static android.net.cts.PacketUtils.AES_CTR_IV_LEN;
@@ -258,6 +262,20 @@
}
@Test
+ public void testAesCmac() throws Exception {
+ assumeTrue(hasIpSecAlgorithm(AUTH_AES_CMAC));
+
+ final byte[] authKey = getKeyBytes(AES_CMAC_KEY_LEN);
+ final IpSecAlgorithm ipsecAuthAlgo =
+ new IpSecAlgorithm(IpSecAlgorithm.AUTH_AES_CMAC, authKey, AES_CMAC_ICV_LEN * 8);
+ final EspAuth espAuth = new EspAuth(AES_CMAC, authKey, AES_CMAC_ICV_LEN);
+
+ runWithShellPermissionIdentity(new TestNetworkRunnable(new CheckCryptoImplTest(
+ null /* ipsecEncryptAlgo */, ipsecAuthAlgo, null /* ipsecAeadAlgo */,
+ EspCipherNull.getInstance(), espAuth)));
+ }
+
+ @Test
public void testChaCha20Poly1305() throws Exception {
assumeTrue(hasIpSecAlgorithm(AUTH_CRYPT_CHACHA20_POLY1305));
diff --git a/tests/cts/net/src/android/net/cts/PacketUtils.java b/tests/cts/net/src/android/net/cts/PacketUtils.java
index 0b3bad4..9170cff 100644
--- a/tests/cts/net/src/android/net/cts/PacketUtils.java
+++ b/tests/cts/net/src/android/net/cts/PacketUtils.java
@@ -101,6 +101,7 @@
static final String HMAC_SHA_256 = "HmacSHA256";
static final String HMAC_SHA_384 = "HmacSHA384";
static final String HMAC_SHA_512 = "HmacSHA512";
+ static final String AES_CMAC = "AESCMAC";
static final String AES_XCBC = "AesXCbc";
public interface Payload {
@@ -666,14 +667,15 @@
public final byte[] key;
public final int icvLen;
- private static final Set<String> SUPPORTED_HMAC_ALGOS = new HashSet<>();
+ private static final Set<String> JCE_SUPPORTED_MACS = new HashSet<>();
static {
- SUPPORTED_HMAC_ALGOS.add(HMAC_MD5);
- SUPPORTED_HMAC_ALGOS.add(HMAC_SHA1);
- SUPPORTED_HMAC_ALGOS.add(HMAC_SHA_256);
- SUPPORTED_HMAC_ALGOS.add(HMAC_SHA_384);
- SUPPORTED_HMAC_ALGOS.add(HMAC_SHA_512);
+ JCE_SUPPORTED_MACS.add(HMAC_MD5);
+ JCE_SUPPORTED_MACS.add(HMAC_SHA1);
+ JCE_SUPPORTED_MACS.add(HMAC_SHA_256);
+ JCE_SUPPORTED_MACS.add(HMAC_SHA_384);
+ JCE_SUPPORTED_MACS.add(HMAC_SHA_512);
+ JCE_SUPPORTED_MACS.add(AES_CMAC);
}
public EspAuth(String algoName, byte[] key, int icvLen) {
@@ -686,7 +688,7 @@
if (AES_XCBC.equals(algoName)) {
final Cipher aesCipher = Cipher.getInstance(AES_CBC);
return new AesXCbcImpl().mac(key, authenticatedSection, true /* needTruncation */);
- } else if (SUPPORTED_HMAC_ALGOS.contains(algoName)) {
+ } else if (JCE_SUPPORTED_MACS.contains(algoName)) {
final Mac mac = Mac.getInstance(algoName);
final SecretKeySpec authKey = new SecretKeySpec(key, algoName);
mac.init(authKey);