removed all hash function code from pluto
[strongswan.git] / src / pluto / alg / ike_alg_sha2.c
1 #include <stdio.h>
2 #include <string.h>
3 #include <stddef.h>
4 #include <sys/types.h>
5 #include <freeswan.h>
6
7 #include <crypto/hashers/hasher.h>
8
9 #include "constants.h"
10 #include "defs.h"
11 #include "log.h"
12 #include "alg_info.h"
13 #include "ike_alg.h"
14
15 /* SHA-256 hash test vectors
16 * from "The Secure Hash Algorithm Validation System (SHAVS)"
17 * July 22, 2004, Lawrence E. Bassham III, NIST
18 */
19
20 static const u_char sha256_short2_msg[] = {
21 0x19
22 };
23
24 static const u_char sha256_short2_msg_digest[] = {
25 0x68, 0xaa, 0x2e, 0x2e, 0xe5, 0xdf, 0xf9, 0x6e,
26 0x33, 0x55, 0xe6, 0xc7, 0xee, 0x37, 0x3e, 0x3d,
27 0x6a, 0x4e, 0x17, 0xf7, 0x5f, 0x95, 0x18, 0xd8,
28 0x43, 0x70, 0x9c, 0x0c, 0x9b, 0xc3, 0xe3, 0xd4
29 };
30
31 static const u_char sha256_short4_msg[] = {
32 0xe3, 0xd7, 0x25, 0x70, 0xdc, 0xdd, 0x78, 0x7c,
33 0xe3, 0x88, 0x7a, 0xb2, 0xcd, 0x68, 0x46, 0x52
34 };
35
36 static const u_char sha256_short4_msg_digest[] = {
37 0x17, 0x5e, 0xe6, 0x9b, 0x02, 0xba, 0x9b, 0x58,
38 0xe2, 0xb0, 0xa5, 0xfd, 0x13, 0x81, 0x9c, 0xea,
39 0x57, 0x3f, 0x39, 0x40, 0xa9, 0x4f, 0x82, 0x51,
40 0x28, 0xcf, 0x42, 0x09, 0xbe, 0xab, 0xb4, 0xe8
41 };
42
43 static const u_char sha256_long2_msg[] = {
44 0x83, 0x26, 0x75, 0x4e, 0x22, 0x77, 0x37, 0x2f,
45 0x4f, 0xc1, 0x2b, 0x20, 0x52, 0x7a, 0xfe, 0xf0,
46 0x4d, 0x8a, 0x05, 0x69, 0x71, 0xb1, 0x1a, 0xd5,
47 0x71, 0x23, 0xa7, 0xc1, 0x37, 0x76, 0x00, 0x00,
48 0xd7, 0xbe, 0xf6, 0xf3, 0xc1, 0xf7, 0xa9, 0x08,
49 0x3a, 0xa3, 0x9d, 0x81, 0x0d, 0xb3, 0x10, 0x77,
50 0x7d, 0xab, 0x8b, 0x1e, 0x7f, 0x02, 0xb8, 0x4a,
51 0x26, 0xc7, 0x73, 0x32, 0x5f, 0x8b, 0x23, 0x74,
52 0xde, 0x7a, 0x4b, 0x5a, 0x58, 0xcb, 0x5c, 0x5c,
53 0xf3, 0x5b, 0xce, 0xe6, 0xfb, 0x94, 0x6e, 0x5b,
54 0xd6, 0x94, 0xfa, 0x59, 0x3a, 0x8b, 0xeb, 0x3f,
55 0x9d, 0x65, 0x92, 0xec, 0xed, 0xaa, 0x66, 0xca,
56 0x82, 0xa2, 0x9d, 0x0c, 0x51, 0xbc, 0xf9, 0x33,
57 0x62, 0x30, 0xe5, 0xd7, 0x84, 0xe4, 0xc0, 0xa4,
58 0x3f, 0x8d, 0x79, 0xa3, 0x0a, 0x16, 0x5c, 0xba,
59 0xbe, 0x45, 0x2b, 0x77, 0x4b, 0x9c, 0x71, 0x09,
60 0xa9, 0x7d, 0x13, 0x8f, 0x12, 0x92, 0x28, 0x96,
61 0x6f, 0x6c, 0x0a, 0xdc, 0x10, 0x6a, 0xad, 0x5a,
62 0x9f, 0xdd, 0x30, 0x82, 0x57, 0x69, 0xb2, 0xc6,
63 0x71, 0xaf, 0x67, 0x59, 0xdf, 0x28, 0xeb, 0x39,
64 0x3d, 0x54, 0xd6
65 };
66
67 static const u_char sha256_long2_msg_digest[] = {
68 0x97, 0xdb, 0xca, 0x7d, 0xf4, 0x6d, 0x62, 0xc8,
69 0xa4, 0x22, 0xc9, 0x41, 0xdd, 0x7e, 0x83, 0x5b,
70 0x8a, 0xd3, 0x36, 0x17, 0x63, 0xf7, 0xe9, 0xb2,
71 0xd9, 0x5f, 0x4f, 0x0d, 0xa6, 0xe1, 0xcc, 0xbc
72 };
73
74 static const hash_testvector_t sha256_hash_testvectors[] = {
75 { sizeof(sha256_short2_msg), sha256_short2_msg, sha256_short2_msg_digest },
76 { sizeof(sha256_short4_msg), sha256_short4_msg, sha256_short4_msg_digest },
77 { sizeof(sha256_long2_msg), sha256_long2_msg, sha256_long2_msg_digest },
78 { 0, NULL, NULL }
79 };
80
81 /* SHA-384 hash test vectors
82 * from "The Secure Hash Algorithm Validation System (SHAVS)"
83 * July 22, 2004, Lawrence E. Bassham III, NIST
84 */
85
86 static const u_char sha384_short2_msg[] = {
87 0xb9
88 };
89
90 static const u_char sha384_short2_msg_digest[] = {
91 0xbc, 0x80, 0x89, 0xa1, 0x90, 0x07, 0xc0, 0xb1,
92 0x41, 0x95, 0xf4, 0xec, 0xc7, 0x40, 0x94, 0xfe,
93 0xc6, 0x4f, 0x01, 0xf9, 0x09, 0x29, 0x28, 0x2c,
94 0x2f, 0xb3, 0x92, 0x88, 0x15, 0x78, 0x20, 0x8a,
95 0xd4, 0x66, 0x82, 0x8b, 0x1c, 0x6c, 0x28, 0x3d,
96 0x27, 0x22, 0xcf, 0x0a, 0xd1, 0xab, 0x69, 0x38
97 };
98
99 static const u_char sha384_short4_msg[] = {
100 0xa4, 0x1c, 0x49, 0x77, 0x79, 0xc0, 0x37, 0x5f,
101 0xf1, 0x0a, 0x7f, 0x4e, 0x08, 0x59, 0x17, 0x39
102 };
103
104 static const u_char sha384_short4_msg_digest[] = {
105 0xc9, 0xa6, 0x84, 0x43, 0xa0, 0x05, 0x81, 0x22,
106 0x56, 0xb8, 0xec, 0x76, 0xb0, 0x05, 0x16, 0xf0,
107 0xdb, 0xb7, 0x4f, 0xab, 0x26, 0xd6, 0x65, 0x91,
108 0x3f, 0x19, 0x4b, 0x6f, 0xfb, 0x0e, 0x91, 0xea,
109 0x99, 0x67, 0x56, 0x6b, 0x58, 0x10, 0x9c, 0xbc,
110 0x67, 0x5c, 0xc2, 0x08, 0xe4, 0xc8, 0x23, 0xf7
111 };
112
113 static const u_char sha384_long2_msg[] = {
114 0x39, 0x96, 0x69, 0xe2, 0x8f, 0x6b, 0x9c, 0x6d,
115 0xbc, 0xbb, 0x69, 0x12, 0xec, 0x10, 0xff, 0xcf,
116 0x74, 0x79, 0x03, 0x49, 0xb7, 0xdc, 0x8f, 0xbe,
117 0x4a, 0x8e, 0x7b, 0x3b, 0x56, 0x21, 0xdb, 0x0f,
118 0x3e, 0x7d, 0xc8, 0x7f, 0x82, 0x32, 0x64, 0xbb,
119 0xe4, 0x0d, 0x18, 0x11, 0xc9, 0xea, 0x20, 0x61,
120 0xe1, 0xc8, 0x4a, 0xd1, 0x0a, 0x23, 0xfa, 0xc1,
121 0x72, 0x7e, 0x72, 0x02, 0xfc, 0x3f, 0x50, 0x42,
122 0xe6, 0xbf, 0x58, 0xcb, 0xa8, 0xa2, 0x74, 0x6e,
123 0x1f, 0x64, 0xf9, 0xb9, 0xea, 0x35, 0x2c, 0x71,
124 0x15, 0x07, 0x05, 0x3c, 0xf4, 0xe5, 0x33, 0x9d,
125 0x52, 0x86, 0x5f, 0x25, 0xcc, 0x22, 0xb5, 0xe8,
126 0x77, 0x84, 0xa1, 0x2f, 0xc9, 0x61, 0xd6, 0x6c,
127 0xb6, 0xe8, 0x95, 0x73, 0x19, 0x9a, 0x2c, 0xe6,
128 0x56, 0x5c, 0xbd, 0xf1, 0x3d, 0xca, 0x40, 0x38,
129 0x32, 0xcf, 0xcb, 0x0e, 0x8b, 0x72, 0x11, 0xe8,
130 0x3a, 0xf3, 0x2a, 0x11, 0xac, 0x17, 0x92, 0x9f,
131 0xf1, 0xc0, 0x73, 0xa5, 0x1c, 0xc0, 0x27, 0xaa,
132 0xed, 0xef, 0xf8, 0x5a, 0xad, 0x7c, 0x2b, 0x7c,
133 0x5a, 0x80, 0x3e, 0x24, 0x04, 0xd9, 0x6d, 0x2a,
134 0x77, 0x35, 0x7b, 0xda, 0x1a, 0x6d, 0xae, 0xed,
135 0x17, 0x15, 0x1c, 0xb9, 0xbc, 0x51, 0x25, 0xa4,
136 0x22, 0xe9, 0x41, 0xde, 0x0c, 0xa0, 0xfc, 0x50,
137 0x11, 0xc2, 0x3e, 0xcf, 0xfe, 0xfd, 0xd0, 0x96,
138 0x76, 0x71, 0x1c, 0xf3, 0xdb, 0x0a, 0x34, 0x40,
139 0x72, 0x0e ,0x16, 0x15, 0xc1, 0xf2, 0x2f, 0xbc,
140 0x3c, 0x72, 0x1d, 0xe5, 0x21, 0xe1, 0xb9, 0x9b,
141 0xa1, 0xbd, 0x55, 0x77, 0x40, 0x86, 0x42, 0x14,
142 0x7e, 0xd0, 0x96
143 };
144
145 static const u_char sha384_long2_msg_digest[] = {
146 0x4f, 0x44, 0x0d, 0xb1, 0xe6, 0xed, 0xd2, 0x89,
147 0x9f, 0xa3, 0x35, 0xf0, 0x95, 0x15, 0xaa, 0x02,
148 0x5e, 0xe1, 0x77, 0xa7, 0x9f, 0x4b, 0x4a, 0xaf,
149 0x38, 0xe4, 0x2b, 0x5c, 0x4d, 0xe6, 0x60, 0xf5,
150 0xde, 0x8f, 0xb2, 0xa5, 0xb2, 0xfb, 0xd2, 0xa3,
151 0xcb, 0xff, 0xd2, 0x0c, 0xff, 0x12, 0x88, 0xc0
152 };
153
154 static const hash_testvector_t sha384_hash_testvectors[] = {
155 { sizeof(sha384_short2_msg), sha384_short2_msg, sha384_short2_msg_digest },
156 { sizeof(sha384_short4_msg), sha384_short4_msg, sha384_short4_msg_digest },
157 { sizeof(sha384_long2_msg), sha384_long2_msg, sha384_long2_msg_digest },
158 { 0, NULL, NULL }
159 };
160
161 /* SHA-512 hash test vectors
162 * from "The Secure Hash Algorithm Validation System (SHAVS)"
163 * July 22, 2004, Lawrence E. Bassham III, NIST
164 */
165
166 static const u_char sha512_short2_msg[] = {
167 0xd0
168 };
169
170 static const u_char sha512_short2_msg_digest[] = {
171 0x99, 0x92, 0x20, 0x29, 0x38, 0xe8, 0x82, 0xe7,
172 0x3e, 0x20, 0xf6, 0xb6, 0x9e, 0x68, 0xa0, 0xa7,
173 0x14, 0x90, 0x90, 0x42, 0x3d, 0x93, 0xc8, 0x1b,
174 0xab, 0x3f, 0x21, 0x67, 0x8d, 0x4a, 0xce, 0xee,
175 0xe5, 0x0e, 0x4e, 0x8c, 0xaf, 0xad, 0xa4, 0xc8,
176 0x5a, 0x54, 0xea, 0x83, 0x06, 0x82, 0x6c, 0x4a,
177 0xd6, 0xe7, 0x4c, 0xec, 0xe9, 0x63, 0x1b, 0xfa,
178 0x8a, 0x54, 0x9b, 0x4a, 0xb3, 0xfb, 0xba, 0x15
179 };
180
181 static const u_char sha512_short4_msg[] = {
182 0x8d, 0x4e, 0x3c, 0x0e, 0x38, 0x89, 0x19, 0x14,
183 0x91, 0x81, 0x6e, 0x9d, 0x98, 0xbf, 0xf0, 0xa0
184 };
185
186 static const u_char sha512_short4_msg_digest[] = {
187 0xcb, 0x0b, 0x67, 0xa4, 0xb8, 0x71, 0x2c, 0xd7,
188 0x3c, 0x9a, 0xab, 0xc0, 0xb1, 0x99, 0xe9, 0x26,
189 0x9b, 0x20, 0x84, 0x4a, 0xfb, 0x75, 0xac, 0xbd,
190 0xd1, 0xc1, 0x53, 0xc9, 0x82, 0x89, 0x24, 0xc3,
191 0xdd, 0xed, 0xaa, 0xfe, 0x66, 0x9c, 0x5f, 0xdd,
192 0x0b, 0xc6, 0x6f, 0x63, 0x0f, 0x67, 0x73, 0x98,
193 0x82, 0x13, 0xeb, 0x1b, 0x16, 0xf5, 0x17, 0xad,
194 0x0d, 0xe4, 0xb2, 0xf0, 0xc9, 0x5c, 0x90, 0xf8
195 };
196
197 static const u_char sha512_long2_msg[] = {
198 0xa5, 0x5f, 0x20, 0xc4, 0x11, 0xaa, 0xd1, 0x32,
199 0x80, 0x7a, 0x50, 0x2d, 0x65, 0x82, 0x4e, 0x31,
200 0xa2, 0x30, 0x54, 0x32, 0xaa, 0x3d, 0x06, 0xd3,
201 0xe2, 0x82, 0xa8, 0xd8, 0x4e, 0x0d, 0xe1, 0xde,
202 0x69, 0x74, 0xbf, 0x49, 0x54, 0x69, 0xfc, 0x7f,
203 0x33, 0x8f, 0x80, 0x54, 0xd5, 0x8c, 0x26, 0xc4,
204 0x93, 0x60, 0xc3, 0xe8, 0x7a, 0xf5, 0x65, 0x23,
205 0xac, 0xf6, 0xd8, 0x9d, 0x03, 0xe5, 0x6f, 0xf2,
206 0xf8, 0x68, 0x00, 0x2b, 0xc3, 0xe4, 0x31, 0xed,
207 0xc4, 0x4d, 0xf2, 0xf0, 0x22, 0x3d, 0x4b, 0xb3,
208 0xb2, 0x43, 0x58, 0x6e, 0x1a, 0x7d, 0x92, 0x49,
209 0x36, 0x69, 0x4f, 0xcb, 0xba, 0xf8, 0x8d, 0x95,
210 0x19, 0xe4, 0xeb, 0x50, 0xa6, 0x44, 0xf8, 0xe4,
211 0xf9, 0x5e, 0xb0, 0xea, 0x95, 0xbc, 0x44, 0x65,
212 0xc8, 0x82, 0x1a, 0xac, 0xd2, 0xfe, 0x15, 0xab,
213 0x49, 0x81, 0x16, 0x4b, 0xbb, 0x6d, 0xc3, 0x2f,
214 0x96, 0x90, 0x87, 0xa1, 0x45, 0xb0, 0xd9, 0xcc,
215 0x9c, 0x67, 0xc2, 0x2b, 0x76, 0x32, 0x99, 0x41,
216 0x9c, 0xc4, 0x12, 0x8b, 0xe9, 0xa0, 0x77, 0xb3,
217 0xac, 0xe6, 0x34, 0x06, 0x4e, 0x6d, 0x99, 0x28,
218 0x35, 0x13, 0xdc, 0x06, 0xe7, 0x51, 0x5d, 0x0d,
219 0x73, 0x13, 0x2e, 0x9a, 0x0d, 0xc6, 0xd3, 0xb1,
220 0xf8, 0xb2, 0x46, 0xf1, 0xa9, 0x8a, 0x3f, 0xc7,
221 0x29, 0x41, 0xb1, 0xe3, 0xbb, 0x20, 0x98, 0xe8,
222 0xbf, 0x16, 0xf2, 0x68, 0xd6, 0x4f, 0x0b, 0x0f,
223 0x47, 0x07, 0xfe, 0x1e, 0xa1, 0xa1, 0x79, 0x1b,
224 0xa2, 0xf3, 0xc0, 0xc7, 0x58, 0xe5, 0xf5, 0x51,
225 0x86, 0x3a, 0x96, 0xc9, 0x49, 0xad, 0x47, 0xd7,
226 0xfb, 0x40, 0xd2
227 };
228
229 static const u_char sha512_long2_msg_digest[] = {
230 0xc6, 0x65, 0xbe, 0xfb, 0x36, 0xda, 0x18, 0x9d,
231 0x78, 0x82, 0x2d, 0x10, 0x52, 0x8c, 0xbf, 0x3b,
232 0x12, 0xb3, 0xee, 0xf7, 0x26, 0x03, 0x99, 0x09,
233 0xc1, 0xa1, 0x6a, 0x27, 0x0d, 0x48, 0x71, 0x93,
234 0x77, 0x96, 0x6b, 0x95, 0x7a, 0x87, 0x8e, 0x72,
235 0x05, 0x84, 0x77, 0x9a, 0x62, 0x82, 0x5c, 0x18,
236 0xda, 0x26, 0x41, 0x5e, 0x49, 0xa7, 0x17, 0x6a,
237 0x89, 0x4e, 0x75, 0x10, 0xfd, 0x14, 0x51, 0xf5
238 };
239
240 static const hash_testvector_t sha512_hash_testvectors[] = {
241 { sizeof(sha512_short2_msg), sha512_short2_msg, sha512_short2_msg_digest },
242 { sizeof(sha512_short4_msg), sha512_short4_msg, sha512_short4_msg_digest },
243 { sizeof(sha512_long2_msg), sha512_long2_msg, sha512_long2_msg_digest },
244 { 0, NULL, NULL }
245 };
246
247 /* SHA-256, SHA-384, and SHA-512 hmac test vectors
248 * from RFC 4231 "Identifiers and Test Vectors for HMAC-SHA-224,
249 * HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512"
250 * December 2005, M. Nystrom, RSA Security
251 */
252
253 static const u_char sha2_hmac1_key[] = {
254 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
255 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
256 0x0b, 0x0b, 0x0b, 0x0b
257 };
258
259 static const u_char sha2_hmac1_msg[] = {
260 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65
261 };
262
263 static const u_char sha2_hmac1_256[] = {
264 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53,
265 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b,
266 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7,
267 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7
268 };
269
270 static const u_char sha2_hmac1_384[] = {
271 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62,
272 0x6b, 0x08, 0x25, 0xf4, 0xab ,0x46, 0x90, 0x7f,
273 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,
274 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c,
275 0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f,
276 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6
277 };
278
279 static const u_char sha2_hmac1_512[] = {
280 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d,
281 0x4f, 0xf0, 0xb4, 0x24, 0x1a, 0x1d, 0x6c, 0xb0,
282 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78,
283 0x7a, 0xd0, 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde,
284 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7, 0x02,
285 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4,
286 0xbe, 0x9d, 0x91, 0x4e, 0xeb, 0x61, 0xf1, 0x70,
287 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54
288 };
289
290 static const u_char sha2_hmac2_key[] = {
291 0x4a, 0x65, 0x66, 0x65
292 };
293
294 static const u_char sha2_hmac2_msg[] = {
295 0x77, 0x68, 0x61, 0x74, 0x20, 0x64, 0x6f, 0x20,
296 0x79, 0x61, 0x20, 0x77, 0x61, 0x6e, 0x74, 0x20,
297 0x66, 0x6f, 0x72, 0x20, 0x6e, 0x6f, 0x74, 0x68,
298 0x69, 0x6e, 0x67, 0x3f
299 };
300
301 static const u_char sha2_hmac2_256[] = {
302 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e,
303 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7,
304 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83,
305 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43
306 };
307
308 static const u_char sha2_hmac2_384[] = {
309 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31,
310 0x61, 0x7f, 0x78, 0xd2, 0xb5, 0x8a, 0x6b, 0x1b,
311 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47,
312 0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e,
313 0x8e, 0x22, 0x40, 0xca, 0x5e, 0x69, 0xe2, 0xc7,
314 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49
315 };
316
317 static const u_char sha2_hmac2_512[] = {
318 0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2,
319 0xe3, 0x95, 0xfb, 0xe7, 0x3b, 0x56, 0xe0, 0xa3,
320 0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6,
321 0x10, 0x27, 0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54,
322 0x97, 0x58, 0xbf, 0x75, 0xc0, 0x5a, 0x99, 0x4a,
323 0x6d, 0x03, 0x4f, 0x65, 0xf8, 0xf0, 0xe6, 0xfd,
324 0xca, 0xea, 0xb1, 0xa3, 0x4d, 0x4a, 0x6b, 0x4b,
325 0x63, 0x6e, 0x07, 0x0a, 0x38, 0xbc, 0xe7, 0x37
326 };
327
328 static const u_char sha2_hmac3_key[] = {
329 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
330 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
331 0xaa, 0xaa, 0xaa, 0xaa
332 };
333
334 static const u_char sha2_hmac3_msg[] = {
335 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
336 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
337 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
338 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
339 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
340 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
341 0xdd, 0xdd
342 };
343
344 static const u_char sha2_hmac3_256[] = {
345 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46,
346 0x85, 0x4d, 0xb8, 0xeb, 0xd0, 0x91, 0x81, 0xa7,
347 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8, 0xc1, 0x22,
348 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe
349 };
350
351 static const u_char sha2_hmac3_384[] = {
352 0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a,
353 0x0a, 0xa2, 0xac, 0xe0, 0x14, 0xc8, 0xa8, 0x6f,
354 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb,
355 0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b,
356 0x2a, 0x5a, 0xb3, 0x9d, 0xc1, 0x38, 0x14, 0xb9,
357 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27
358 };
359
360 static const u_char sha2_hmac3_512[] = {
361 0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84,
362 0xef, 0xb0, 0xf0, 0x75, 0x6c, 0x89, 0x0b, 0xe9,
363 0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36,
364 0x55, 0xf8, 0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39,
365 0xbf, 0x3e, 0x84, 0x82, 0x79, 0xa7, 0x22, 0xc8,
366 0x06, 0xb4, 0x85, 0xa4, 0x7e, 0x67, 0xc8, 0x07,
367 0xb9, 0x46, 0xa3, 0x37, 0xbe, 0xe8, 0x94, 0x26,
368 0x74, 0x27, 0x88, 0x59, 0xe1, 0x32, 0x92, 0xfb
369 };
370
371 static const u_char sha2_hmac4_key[] = {
372 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
373 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
374 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
375 0x19
376 };
377
378 static const u_char sha2_hmac4_msg[] = {
379 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
380 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
381 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
382 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
383 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
384 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
385 0xcd, 0xcd
386 };
387
388 static const u_char sha2_hmac4_256[] = {
389 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e,
390 0xa4, 0xcc, 0x81, 0x98, 0x99, 0xf2, 0x08, 0x3a,
391 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78, 0xf8, 0x07,
392 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b
393 };
394
395 static const u_char sha2_hmac4_384[] = {
396 0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85,
397 0x19, 0x33, 0xab, 0x62, 0x90, 0xaf, 0x6c, 0xa7,
398 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c,
399 0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e,
400 0x68, 0x01, 0xdd, 0x23, 0xc4, 0xa7, 0xd6, 0x79,
401 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb
402 };
403
404 static const u_char sha2_hmac4_512[] = {
405 0xb0, 0xba, 0x46, 0x56, 0x37, 0x45, 0x8c, 0x69,
406 0x90, 0xe5, 0xa8, 0xc5, 0xf6, 0x1d, 0x4a, 0xf7,
407 0xe5, 0x76, 0xd9, 0x7f, 0xf9, 0x4b, 0x87, 0x2d,
408 0xe7, 0x6f, 0x80, 0x50, 0x36, 0x1e, 0xe3, 0xdb,
409 0xa9, 0x1c, 0xa5, 0xc1, 0x1a, 0xa2, 0x5e, 0xb4,
410 0xd6, 0x79, 0x27, 0x5c, 0xc5, 0x78, 0x80, 0x63,
411 0xa5, 0xf1, 0x97, 0x41, 0x12, 0x0c, 0x4f, 0x2d,
412 0xe2, 0xad, 0xeb, 0xeb, 0x10, 0xa2, 0x98, 0xdd
413 };
414
415 static const u_char sha2_hmac6_key[] = {
416 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
417 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
418 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
419 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
420 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
421 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
422 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
423 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
424 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
425 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
426 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
427 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
428 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
429 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
430 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
431 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
432 0xaa, 0xaa, 0xaa
433 };
434
435 static const u_char sha2_hmac6_msg[] = {
436 0x54, 0x65, 0x73, 0x74, 0x20, 0x55, 0x73, 0x69,
437 0x6e, 0x67, 0x20, 0x4c, 0x61, 0x72, 0x67, 0x65,
438 0x72, 0x20, 0x54, 0x68, 0x61, 0x6e, 0x20, 0x42,
439 0x6c, 0x6f, 0x63, 0x6b, 0x2d, 0x53, 0x69, 0x7a,
440 0x65, 0x20, 0x4b, 0x65, 0x79, 0x20, 0x2d, 0x20,
441 0x48, 0x61, 0x73, 0x68, 0x20, 0x4b, 0x65, 0x79,
442 0x20, 0x46, 0x69, 0x72, 0x73, 0x74
443 };
444
445 static const u_char sha2_hmac6_256[] = {
446 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f,
447 0x0d, 0x8a, 0x26, 0xaa, 0xcb, 0xf5, 0xb7, 0x7f,
448 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28, 0xc5, 0x14,
449 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54
450 };
451
452 static const u_char sha2_hmac6_384[] = {
453 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90,
454 0x88, 0xd2, 0xc6, 0x3a, 0x04, 0x1b, 0xc5, 0xb4,
455 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f,
456 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6,
457 0x0c, 0x2e, 0xf6, 0xab, 0x40, 0x30, 0xfe, 0x82,
458 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52
459 };
460
461 static const u_char sha2_hmac6_512[] = {
462 0x80, 0xb2, 0x42, 0x63, 0xc7, 0xc1, 0xa3, 0xeb,
463 0xb7, 0x14, 0x93, 0xc1, 0xdd, 0x7b, 0xe8, 0xb4,
464 0x9b, 0x46, 0xd1, 0xf4, 0x1b, 0x4a, 0xee, 0xc1,
465 0x12, 0x1b, 0x01, 0x37, 0x83, 0xf8, 0xf3, 0x52,
466 0x6b, 0x56, 0xd0, 0x37, 0xe0, 0x5f, 0x25, 0x98,
467 0xbd, 0x0f, 0xd2, 0x21, 0x5d, 0x6a, 0x1e, 0x52,
468 0x95, 0xe6, 0x4f, 0x73, 0xf6, 0x3f, 0x0a, 0xec,
469 0x8b, 0x91, 0x5a, 0x98, 0x5d, 0x78, 0x65, 0x98
470 };
471
472 static const u_char sha2_hmac7_msg[] = {
473 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
474 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x75,
475 0x73, 0x69, 0x6e, 0x67, 0x20, 0x61, 0x20, 0x6c,
476 0x61, 0x72, 0x67, 0x65, 0x72, 0x20, 0x74, 0x68,
477 0x61, 0x6e, 0x20, 0x62, 0x6c, 0x6f, 0x63, 0x6b,
478 0x2d, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x6b, 0x65,
479 0x79, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x61, 0x20,
480 0x6c, 0x61, 0x72, 0x67, 0x65, 0x72, 0x20, 0x74,
481 0x68, 0x61, 0x6e, 0x20, 0x62, 0x6c, 0x6f, 0x63,
482 0x6b, 0x2d, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x64,
483 0x61, 0x74, 0x61, 0x2e, 0x20, 0x54, 0x68, 0x65,
484 0x20, 0x6b, 0x65, 0x79, 0x20, 0x6e, 0x65, 0x65,
485 0x64, 0x73, 0x20, 0x74, 0x6f, 0x20, 0x62, 0x65,
486 0x20, 0x68, 0x61, 0x73, 0x68, 0x65, 0x64, 0x20,
487 0x62, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x20, 0x62,
488 0x65, 0x69, 0x6e, 0x67, 0x20, 0x75, 0x73, 0x65,
489 0x64, 0x20, 0x62, 0x79, 0x20, 0x74, 0x68, 0x65,
490 0x20, 0x48, 0x4d, 0x41, 0x43, 0x20, 0x61, 0x6c,
491 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x2e
492 };
493
494 static const u_char sha2_hmac7_256[] = {
495 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb,
496 0x27, 0x63, 0x5f, 0xbc, 0xd5, 0xb0, 0xe9, 0x44,
497 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07, 0x13, 0x93,
498 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2
499 };
500
501 static const u_char sha2_hmac7_384[] = {
502 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d,
503 0x35, 0x1e, 0x2f, 0x25, 0x4e, 0x8f, 0xd3, 0x2c,
504 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a,
505 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5,
506 0xa6, 0x78, 0xcc, 0x31, 0xe7, 0x99, 0x17, 0x6d,
507 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e
508 };
509
510 static const u_char sha2_hmac7_512[] = {
511 0xe3, 0x7b, 0x6a, 0x77, 0x5d, 0xc8, 0x7d, 0xba,
512 0xa4, 0xdf, 0xa9, 0xf9, 0x6e, 0x5e, 0x3f, 0xfd,
513 0xde, 0xbd, 0x71, 0xf8, 0x86, 0x72, 0x89, 0x86,
514 0x5d, 0xf5, 0xa3, 0x2d, 0x20, 0xcd, 0xc9, 0x44,
515 0xb6, 0x02, 0x2c, 0xac, 0x3c, 0x49, 0x82, 0xb1,
516 0x0d, 0x5e, 0xeb, 0x55, 0xc3, 0xe4, 0xde, 0x15,
517 0x13, 0x46, 0x76, 0xfb, 0x6d, 0xe0, 0x44, 0x60,
518 0x65, 0xc9, 0x74, 0x40, 0xfa, 0x8c, 0x6a, 0x58
519 };
520
521 static const hmac_testvector_t sha256_hmac_testvectors[] = {
522 { sizeof(sha2_hmac1_key), sha2_hmac1_key, sizeof(sha2_hmac1_msg), sha2_hmac1_msg, sha2_hmac1_256 },
523 { sizeof(sha2_hmac2_key), sha2_hmac2_key, sizeof(sha2_hmac2_msg), sha2_hmac2_msg, sha2_hmac2_256 },
524 { sizeof(sha2_hmac3_key), sha2_hmac3_key, sizeof(sha2_hmac3_msg), sha2_hmac3_msg, sha2_hmac3_256 },
525 { sizeof(sha2_hmac4_key), sha2_hmac4_key, sizeof(sha2_hmac4_msg), sha2_hmac4_msg, sha2_hmac4_256 },
526 { sizeof(sha2_hmac6_key), sha2_hmac6_key, sizeof(sha2_hmac6_msg), sha2_hmac6_msg, sha2_hmac6_256 },
527 { sizeof(sha2_hmac6_key), sha2_hmac6_key, sizeof(sha2_hmac7_msg), sha2_hmac7_msg, sha2_hmac7_256 },
528 { 0, NULL, 0, NULL, NULL }
529 };
530
531 static const hmac_testvector_t sha384_hmac_testvectors[] = {
532 { sizeof(sha2_hmac1_key), sha2_hmac1_key, sizeof(sha2_hmac1_msg), sha2_hmac1_msg, sha2_hmac1_384 },
533 { sizeof(sha2_hmac2_key), sha2_hmac2_key, sizeof(sha2_hmac2_msg), sha2_hmac2_msg, sha2_hmac2_384 },
534 { sizeof(sha2_hmac3_key), sha2_hmac3_key, sizeof(sha2_hmac3_msg), sha2_hmac3_msg, sha2_hmac3_384 },
535 { sizeof(sha2_hmac4_key), sha2_hmac4_key, sizeof(sha2_hmac4_msg), sha2_hmac4_msg, sha2_hmac4_384 },
536 { sizeof(sha2_hmac6_key), sha2_hmac6_key, sizeof(sha2_hmac6_msg), sha2_hmac6_msg, sha2_hmac6_384 },
537 { sizeof(sha2_hmac6_key), sha2_hmac6_key, sizeof(sha2_hmac7_msg), sha2_hmac7_msg, sha2_hmac7_384 },
538 { 0, NULL, 0, NULL, NULL }
539 };
540
541 static const hmac_testvector_t sha512_hmac_testvectors[] = {
542 { sizeof(sha2_hmac1_key), sha2_hmac1_key, sizeof(sha2_hmac1_msg), sha2_hmac1_msg, sha2_hmac1_512 },
543 { sizeof(sha2_hmac2_key), sha2_hmac2_key, sizeof(sha2_hmac2_msg), sha2_hmac2_msg, sha2_hmac2_512 },
544 { sizeof(sha2_hmac3_key), sha2_hmac3_key, sizeof(sha2_hmac3_msg), sha2_hmac3_msg, sha2_hmac3_512 },
545 { sizeof(sha2_hmac4_key), sha2_hmac4_key, sizeof(sha2_hmac4_msg), sha2_hmac4_msg, sha2_hmac4_512 },
546 { sizeof(sha2_hmac6_key), sha2_hmac6_key, sizeof(sha2_hmac6_msg), sha2_hmac6_msg, sha2_hmac6_512 },
547 { sizeof(sha2_hmac6_key), sha2_hmac6_key, sizeof(sha2_hmac7_msg), sha2_hmac7_msg, sha2_hmac7_512 },
548 { 0, NULL, 0, NULL, NULL }
549 };
550
551 struct hash_desc hash_desc_sha2_256 = {
552 algo_type: IKE_ALG_HASH,
553 algo_id: OAKLEY_SHA2_256,
554 algo_next: NULL,
555 hash_digest_size: HASH_SIZE_SHA256,
556 hash_testvectors: sha256_hash_testvectors,
557 hmac_testvectors: sha256_hmac_testvectors
558 };
559
560 struct hash_desc hash_desc_sha2_384 = {
561 algo_type: IKE_ALG_HASH,
562 algo_id: OAKLEY_SHA2_384,
563 algo_next: NULL,
564 hash_digest_size: HASH_SIZE_SHA384,
565 hash_testvectors: sha384_hash_testvectors,
566 hmac_testvectors: sha384_hmac_testvectors
567 };
568
569 struct hash_desc hash_desc_sha2_512 = {
570 algo_type: IKE_ALG_HASH,
571 algo_id: OAKLEY_SHA2_512,
572 algo_next: NULL,
573 hash_digest_size: HASH_SIZE_SHA512,
574 hash_testvectors: sha512_hash_testvectors,
575 hmac_testvectors: sha512_hmac_testvectors
576 };
577
578 int ike_alg_sha2_init(void);
579
580 int
581 ike_alg_sha2_init(void)
582 {
583 int ret
584 ;
585 ret = ike_alg_register_hash(&hash_desc_sha2_256);
586 if (ret)
587 goto out;
588 ret = ike_alg_register_hash(&hash_desc_sha2_384);
589 if (ret)
590 goto out;
591 ret = ike_alg_register_hash(&hash_desc_sha2_512);
592
593 out:
594 return ret;
595 }
596
597 /*
598 IKE_ALG_INIT_NAME: ike_alg_sha2_init
599 */