/* * Copyright (C) 2020 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.android.internal.net.ipsec.ike.testmode; import com.android.internal.annotations.VisibleForTesting; import com.android.internal.net.crypto.KeyGenerationUtils; import com.android.internal.util.HexDump; import java.nio.ByteBuffer; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import javax.crypto.Mac; import javax.crypto.spec.SecretKeySpec; /** * Deterministic SecureRandom to support test mode IKE library. * *

Deterministic SecureRandom MUST only be used in test mode. It allows IKE library to do IKE * Session negotiation with pre captured responder packets as well as always generates the same set * of crypto keys. * *

This deterministic SecureRandom is deterministic in the way that if caller constructs multiple * instances and call the same methods from these instances, all the outputs will be the same. This * class is random in the way that, from the same intance, caller will get different outputs by * calling the same method multiple times. */ @VisibleForTesting public class DeterministicSecureRandom extends SecureRandom implements KeyGenerationUtils.ByteSigner { private static final String TAG = DeterministicSecureRandom.class.getSimpleName(); private static final String MAC_SHA256_NAME = "HmacSHA256"; private static final String MAC_SHA256_KEY_HEX = "5D00F680E84F96374FC1BF8A4FC5F711467CBC62DF81A3B6169812531DF13E6C"; private static final String INITIAL_BYTE_TO_SIGN_HEX = "2514A9C2B797BDDC50A1975A00866C3CC87190C29DCEBB228A4D8730AF8881BC"; private final Mac mByteSignerMac; private byte[] mBytesToSign; @VisibleForTesting public DeterministicSecureRandom() { super(null /*secureRandomSpi*/, null /*provider*/); try { mByteSignerMac = Mac.getInstance(MAC_SHA256_NAME); byte[] byteSignerKey = HexDump.hexStringToByteArray(MAC_SHA256_KEY_HEX); mByteSignerMac.init(new SecretKeySpec(byteSignerKey, MAC_SHA256_NAME)); } catch (NoSuchAlgorithmException | InvalidKeyException e) { // Should never happen throw new IllegalArgumentException("Failed to construct DeterministicSecureRandom", e); } mBytesToSign = HexDump.hexStringToByteArray(INITIAL_BYTE_TO_SIGN_HEX); } @Override public byte[] signBytes(byte[] keyBytes, byte[] dataToSign) { mByteSignerMac.update(dataToSign); return mByteSignerMac.doFinal(); } private byte[] generateBytes(int numBytes) { mBytesToSign = KeyGenerationUtils.prfPlus( this, null /* keyBytes; unused */, mBytesToSign, numBytes); return mBytesToSign; } @Override public byte[] generateSeed(int numBytes) { return generateBytes(numBytes); } @Override public String getAlgorithm() { return TAG; } // This method serves to provide a source of random bits to all of the method inherited from // {@link Random} (for example, {@link nextInt}, {@link nextLong}). @Override public void nextBytes(byte[] bytes) { ByteBuffer buffer = ByteBuffer.wrap(generateBytes(bytes.length)); buffer.rewind(); buffer.get(bytes); } @Override public void setSeed(byte[] seed) { // Do nothing } @Override public void setSeed(long seed) { // Do nothing } }