1 /*
2  * Copyright (C) 2020 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 package com.android.internal.net.ipsec.ike.testmode;
17 
18 import com.android.internal.annotations.VisibleForTesting;
19 import com.android.internal.net.crypto.KeyGenerationUtils;
20 import com.android.internal.util.HexDump;
21 
22 import java.nio.ByteBuffer;
23 import java.security.InvalidKeyException;
24 import java.security.NoSuchAlgorithmException;
25 import java.security.SecureRandom;
26 
27 import javax.crypto.Mac;
28 import javax.crypto.spec.SecretKeySpec;
29 
30 /**
31  * Deterministic SecureRandom to support test mode IKE library.
32  *
33  * <p>Deterministic SecureRandom MUST only be used in test mode. It allows IKE library to do IKE
34  * Session negotiation with pre captured responder packets as well as always generates the same set
35  * of crypto keys.
36  *
37  * <p>This deterministic SecureRandom is deterministic in the way that if caller constructs multiple
38  * instances and call the same methods from these instances, all the outputs will be the same. This
39  * class is random in the way that, from the same intance, caller will get different outputs by
40  * calling the same method multiple times.
41  */
42 @VisibleForTesting
43 public class DeterministicSecureRandom extends SecureRandom
44         implements KeyGenerationUtils.ByteSigner {
45     private static final String TAG = DeterministicSecureRandom.class.getSimpleName();
46 
47     private static final String MAC_SHA256_NAME = "HmacSHA256";
48     private static final String MAC_SHA256_KEY_HEX =
49             "5D00F680E84F96374FC1BF8A4FC5F711467CBC62DF81A3B6169812531DF13E6C";
50     private static final String INITIAL_BYTE_TO_SIGN_HEX =
51             "2514A9C2B797BDDC50A1975A00866C3CC87190C29DCEBB228A4D8730AF8881BC";
52 
53     private final Mac mByteSignerMac;
54 
55     private byte[] mBytesToSign;
56 
57     @VisibleForTesting
DeterministicSecureRandom()58     public DeterministicSecureRandom() {
59         super(null /*secureRandomSpi*/, null /*provider*/);
60 
61         try {
62             mByteSignerMac = Mac.getInstance(MAC_SHA256_NAME);
63             byte[] byteSignerKey = HexDump.hexStringToByteArray(MAC_SHA256_KEY_HEX);
64             mByteSignerMac.init(new SecretKeySpec(byteSignerKey, MAC_SHA256_NAME));
65         } catch (NoSuchAlgorithmException | InvalidKeyException e) {
66             // Should never happen
67             throw new IllegalArgumentException("Failed to construct DeterministicSecureRandom", e);
68         }
69 
70         mBytesToSign = HexDump.hexStringToByteArray(INITIAL_BYTE_TO_SIGN_HEX);
71     }
72 
73     @Override
signBytes(byte[] keyBytes, byte[] dataToSign)74     public byte[] signBytes(byte[] keyBytes, byte[] dataToSign) {
75         mByteSignerMac.update(dataToSign);
76         return mByteSignerMac.doFinal();
77     }
78 
generateBytes(int numBytes)79     private byte[] generateBytes(int numBytes) {
80         mBytesToSign =
81                 KeyGenerationUtils.prfPlus(
82                         this, null /* keyBytes; unused */, mBytesToSign, numBytes);
83         return mBytesToSign;
84     }
85 
86     @Override
generateSeed(int numBytes)87     public byte[] generateSeed(int numBytes) {
88         return generateBytes(numBytes);
89     }
90 
91     @Override
getAlgorithm()92     public String getAlgorithm() {
93         return TAG;
94     }
95 
96     // This method serves to provide a source of random bits to all of the method inherited from
97     // {@link Random} (for example, {@link nextInt}, {@link nextLong}).
98     @Override
nextBytes(byte[] bytes)99     public void nextBytes(byte[] bytes) {
100         ByteBuffer buffer = ByteBuffer.wrap(generateBytes(bytes.length));
101         buffer.rewind();
102         buffer.get(bytes);
103     }
104 
105     @Override
setSeed(byte[] seed)106     public void setSeed(byte[] seed) {
107         // Do nothing
108     }
109 
110     @Override
setSeed(long seed)111     public void setSeed(long seed) {
112         // Do nothing
113     }
114 }
115