disable crypto self-test
[strongswan.git] / src / pluto / alg / ike_alg_sha2.c
1 /* IKE SHA-2 hash algorithm description
2 * Copyright (C) JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar>
3 * Copyright (C) 2009 Andreas Steffen
4 *
5 * Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 #include <crypto/hashers/hasher.h>
19
20 #include "ike_alg.h"
21
22 #ifdef SELF_TEST
23
24 /* SHA-256 hash test vectors
25 * from "The Secure Hash Algorithm Validation System (SHAVS)"
26 * July 22, 2004, Lawrence E. Bassham III, NIST
27 */
28
29 static const u_char sha256_short2_msg[] = {
30 0x19
31 };
32
33 static const u_char sha256_short2_msg_digest[] = {
34 0x68, 0xaa, 0x2e, 0x2e, 0xe5, 0xdf, 0xf9, 0x6e,
35 0x33, 0x55, 0xe6, 0xc7, 0xee, 0x37, 0x3e, 0x3d,
36 0x6a, 0x4e, 0x17, 0xf7, 0x5f, 0x95, 0x18, 0xd8,
37 0x43, 0x70, 0x9c, 0x0c, 0x9b, 0xc3, 0xe3, 0xd4
38 };
39
40 static const u_char sha256_short4_msg[] = {
41 0xe3, 0xd7, 0x25, 0x70, 0xdc, 0xdd, 0x78, 0x7c,
42 0xe3, 0x88, 0x7a, 0xb2, 0xcd, 0x68, 0x46, 0x52
43 };
44
45 static const u_char sha256_short4_msg_digest[] = {
46 0x17, 0x5e, 0xe6, 0x9b, 0x02, 0xba, 0x9b, 0x58,
47 0xe2, 0xb0, 0xa5, 0xfd, 0x13, 0x81, 0x9c, 0xea,
48 0x57, 0x3f, 0x39, 0x40, 0xa9, 0x4f, 0x82, 0x51,
49 0x28, 0xcf, 0x42, 0x09, 0xbe, 0xab, 0xb4, 0xe8
50 };
51
52 static const u_char sha256_long2_msg[] = {
53 0x83, 0x26, 0x75, 0x4e, 0x22, 0x77, 0x37, 0x2f,
54 0x4f, 0xc1, 0x2b, 0x20, 0x52, 0x7a, 0xfe, 0xf0,
55 0x4d, 0x8a, 0x05, 0x69, 0x71, 0xb1, 0x1a, 0xd5,
56 0x71, 0x23, 0xa7, 0xc1, 0x37, 0x76, 0x00, 0x00,
57 0xd7, 0xbe, 0xf6, 0xf3, 0xc1, 0xf7, 0xa9, 0x08,
58 0x3a, 0xa3, 0x9d, 0x81, 0x0d, 0xb3, 0x10, 0x77,
59 0x7d, 0xab, 0x8b, 0x1e, 0x7f, 0x02, 0xb8, 0x4a,
60 0x26, 0xc7, 0x73, 0x32, 0x5f, 0x8b, 0x23, 0x74,
61 0xde, 0x7a, 0x4b, 0x5a, 0x58, 0xcb, 0x5c, 0x5c,
62 0xf3, 0x5b, 0xce, 0xe6, 0xfb, 0x94, 0x6e, 0x5b,
63 0xd6, 0x94, 0xfa, 0x59, 0x3a, 0x8b, 0xeb, 0x3f,
64 0x9d, 0x65, 0x92, 0xec, 0xed, 0xaa, 0x66, 0xca,
65 0x82, 0xa2, 0x9d, 0x0c, 0x51, 0xbc, 0xf9, 0x33,
66 0x62, 0x30, 0xe5, 0xd7, 0x84, 0xe4, 0xc0, 0xa4,
67 0x3f, 0x8d, 0x79, 0xa3, 0x0a, 0x16, 0x5c, 0xba,
68 0xbe, 0x45, 0x2b, 0x77, 0x4b, 0x9c, 0x71, 0x09,
69 0xa9, 0x7d, 0x13, 0x8f, 0x12, 0x92, 0x28, 0x96,
70 0x6f, 0x6c, 0x0a, 0xdc, 0x10, 0x6a, 0xad, 0x5a,
71 0x9f, 0xdd, 0x30, 0x82, 0x57, 0x69, 0xb2, 0xc6,
72 0x71, 0xaf, 0x67, 0x59, 0xdf, 0x28, 0xeb, 0x39,
73 0x3d, 0x54, 0xd6
74 };
75
76 static const u_char sha256_long2_msg_digest[] = {
77 0x97, 0xdb, 0xca, 0x7d, 0xf4, 0x6d, 0x62, 0xc8,
78 0xa4, 0x22, 0xc9, 0x41, 0xdd, 0x7e, 0x83, 0x5b,
79 0x8a, 0xd3, 0x36, 0x17, 0x63, 0xf7, 0xe9, 0xb2,
80 0xd9, 0x5f, 0x4f, 0x0d, 0xa6, 0xe1, 0xcc, 0xbc
81 };
82
83 static const hash_testvector_t sha256_hash_testvectors[] = {
84 { sizeof(sha256_short2_msg), sha256_short2_msg, sha256_short2_msg_digest },
85 { sizeof(sha256_short4_msg), sha256_short4_msg, sha256_short4_msg_digest },
86 { sizeof(sha256_long2_msg), sha256_long2_msg, sha256_long2_msg_digest },
87 { 0, NULL, NULL }
88 };
89
90 /* SHA-384 hash test vectors
91 * from "The Secure Hash Algorithm Validation System (SHAVS)"
92 * July 22, 2004, Lawrence E. Bassham III, NIST
93 */
94
95 static const u_char sha384_short2_msg[] = {
96 0xb9
97 };
98
99 static const u_char sha384_short2_msg_digest[] = {
100 0xbc, 0x80, 0x89, 0xa1, 0x90, 0x07, 0xc0, 0xb1,
101 0x41, 0x95, 0xf4, 0xec, 0xc7, 0x40, 0x94, 0xfe,
102 0xc6, 0x4f, 0x01, 0xf9, 0x09, 0x29, 0x28, 0x2c,
103 0x2f, 0xb3, 0x92, 0x88, 0x15, 0x78, 0x20, 0x8a,
104 0xd4, 0x66, 0x82, 0x8b, 0x1c, 0x6c, 0x28, 0x3d,
105 0x27, 0x22, 0xcf, 0x0a, 0xd1, 0xab, 0x69, 0x38
106 };
107
108 static const u_char sha384_short4_msg[] = {
109 0xa4, 0x1c, 0x49, 0x77, 0x79, 0xc0, 0x37, 0x5f,
110 0xf1, 0x0a, 0x7f, 0x4e, 0x08, 0x59, 0x17, 0x39
111 };
112
113 static const u_char sha384_short4_msg_digest[] = {
114 0xc9, 0xa6, 0x84, 0x43, 0xa0, 0x05, 0x81, 0x22,
115 0x56, 0xb8, 0xec, 0x76, 0xb0, 0x05, 0x16, 0xf0,
116 0xdb, 0xb7, 0x4f, 0xab, 0x26, 0xd6, 0x65, 0x91,
117 0x3f, 0x19, 0x4b, 0x6f, 0xfb, 0x0e, 0x91, 0xea,
118 0x99, 0x67, 0x56, 0x6b, 0x58, 0x10, 0x9c, 0xbc,
119 0x67, 0x5c, 0xc2, 0x08, 0xe4, 0xc8, 0x23, 0xf7
120 };
121
122 static const u_char sha384_long2_msg[] = {
123 0x39, 0x96, 0x69, 0xe2, 0x8f, 0x6b, 0x9c, 0x6d,
124 0xbc, 0xbb, 0x69, 0x12, 0xec, 0x10, 0xff, 0xcf,
125 0x74, 0x79, 0x03, 0x49, 0xb7, 0xdc, 0x8f, 0xbe,
126 0x4a, 0x8e, 0x7b, 0x3b, 0x56, 0x21, 0xdb, 0x0f,
127 0x3e, 0x7d, 0xc8, 0x7f, 0x82, 0x32, 0x64, 0xbb,
128 0xe4, 0x0d, 0x18, 0x11, 0xc9, 0xea, 0x20, 0x61,
129 0xe1, 0xc8, 0x4a, 0xd1, 0x0a, 0x23, 0xfa, 0xc1,
130 0x72, 0x7e, 0x72, 0x02, 0xfc, 0x3f, 0x50, 0x42,
131 0xe6, 0xbf, 0x58, 0xcb, 0xa8, 0xa2, 0x74, 0x6e,
132 0x1f, 0x64, 0xf9, 0xb9, 0xea, 0x35, 0x2c, 0x71,
133 0x15, 0x07, 0x05, 0x3c, 0xf4, 0xe5, 0x33, 0x9d,
134 0x52, 0x86, 0x5f, 0x25, 0xcc, 0x22, 0xb5, 0xe8,
135 0x77, 0x84, 0xa1, 0x2f, 0xc9, 0x61, 0xd6, 0x6c,
136 0xb6, 0xe8, 0x95, 0x73, 0x19, 0x9a, 0x2c, 0xe6,
137 0x56, 0x5c, 0xbd, 0xf1, 0x3d, 0xca, 0x40, 0x38,
138 0x32, 0xcf, 0xcb, 0x0e, 0x8b, 0x72, 0x11, 0xe8,
139 0x3a, 0xf3, 0x2a, 0x11, 0xac, 0x17, 0x92, 0x9f,
140 0xf1, 0xc0, 0x73, 0xa5, 0x1c, 0xc0, 0x27, 0xaa,
141 0xed, 0xef, 0xf8, 0x5a, 0xad, 0x7c, 0x2b, 0x7c,
142 0x5a, 0x80, 0x3e, 0x24, 0x04, 0xd9, 0x6d, 0x2a,
143 0x77, 0x35, 0x7b, 0xda, 0x1a, 0x6d, 0xae, 0xed,
144 0x17, 0x15, 0x1c, 0xb9, 0xbc, 0x51, 0x25, 0xa4,
145 0x22, 0xe9, 0x41, 0xde, 0x0c, 0xa0, 0xfc, 0x50,
146 0x11, 0xc2, 0x3e, 0xcf, 0xfe, 0xfd, 0xd0, 0x96,
147 0x76, 0x71, 0x1c, 0xf3, 0xdb, 0x0a, 0x34, 0x40,
148 0x72, 0x0e ,0x16, 0x15, 0xc1, 0xf2, 0x2f, 0xbc,
149 0x3c, 0x72, 0x1d, 0xe5, 0x21, 0xe1, 0xb9, 0x9b,
150 0xa1, 0xbd, 0x55, 0x77, 0x40, 0x86, 0x42, 0x14,
151 0x7e, 0xd0, 0x96
152 };
153
154 static const u_char sha384_long2_msg_digest[] = {
155 0x4f, 0x44, 0x0d, 0xb1, 0xe6, 0xed, 0xd2, 0x89,
156 0x9f, 0xa3, 0x35, 0xf0, 0x95, 0x15, 0xaa, 0x02,
157 0x5e, 0xe1, 0x77, 0xa7, 0x9f, 0x4b, 0x4a, 0xaf,
158 0x38, 0xe4, 0x2b, 0x5c, 0x4d, 0xe6, 0x60, 0xf5,
159 0xde, 0x8f, 0xb2, 0xa5, 0xb2, 0xfb, 0xd2, 0xa3,
160 0xcb, 0xff, 0xd2, 0x0c, 0xff, 0x12, 0x88, 0xc0
161 };
162
163 static const hash_testvector_t sha384_hash_testvectors[] = {
164 { sizeof(sha384_short2_msg), sha384_short2_msg, sha384_short2_msg_digest },
165 { sizeof(sha384_short4_msg), sha384_short4_msg, sha384_short4_msg_digest },
166 { sizeof(sha384_long2_msg), sha384_long2_msg, sha384_long2_msg_digest },
167 { 0, NULL, NULL }
168 };
169
170 /* SHA-512 hash test vectors
171 * from "The Secure Hash Algorithm Validation System (SHAVS)"
172 * July 22, 2004, Lawrence E. Bassham III, NIST
173 */
174
175 static const u_char sha512_short2_msg[] = {
176 0xd0
177 };
178
179 static const u_char sha512_short2_msg_digest[] = {
180 0x99, 0x92, 0x20, 0x29, 0x38, 0xe8, 0x82, 0xe7,
181 0x3e, 0x20, 0xf6, 0xb6, 0x9e, 0x68, 0xa0, 0xa7,
182 0x14, 0x90, 0x90, 0x42, 0x3d, 0x93, 0xc8, 0x1b,
183 0xab, 0x3f, 0x21, 0x67, 0x8d, 0x4a, 0xce, 0xee,
184 0xe5, 0x0e, 0x4e, 0x8c, 0xaf, 0xad, 0xa4, 0xc8,
185 0x5a, 0x54, 0xea, 0x83, 0x06, 0x82, 0x6c, 0x4a,
186 0xd6, 0xe7, 0x4c, 0xec, 0xe9, 0x63, 0x1b, 0xfa,
187 0x8a, 0x54, 0x9b, 0x4a, 0xb3, 0xfb, 0xba, 0x15
188 };
189
190 static const u_char sha512_short4_msg[] = {
191 0x8d, 0x4e, 0x3c, 0x0e, 0x38, 0x89, 0x19, 0x14,
192 0x91, 0x81, 0x6e, 0x9d, 0x98, 0xbf, 0xf0, 0xa0
193 };
194
195 static const u_char sha512_short4_msg_digest[] = {
196 0xcb, 0x0b, 0x67, 0xa4, 0xb8, 0x71, 0x2c, 0xd7,
197 0x3c, 0x9a, 0xab, 0xc0, 0xb1, 0x99, 0xe9, 0x26,
198 0x9b, 0x20, 0x84, 0x4a, 0xfb, 0x75, 0xac, 0xbd,
199 0xd1, 0xc1, 0x53, 0xc9, 0x82, 0x89, 0x24, 0xc3,
200 0xdd, 0xed, 0xaa, 0xfe, 0x66, 0x9c, 0x5f, 0xdd,
201 0x0b, 0xc6, 0x6f, 0x63, 0x0f, 0x67, 0x73, 0x98,
202 0x82, 0x13, 0xeb, 0x1b, 0x16, 0xf5, 0x17, 0xad,
203 0x0d, 0xe4, 0xb2, 0xf0, 0xc9, 0x5c, 0x90, 0xf8
204 };
205
206 static const u_char sha512_long2_msg[] = {
207 0xa5, 0x5f, 0x20, 0xc4, 0x11, 0xaa, 0xd1, 0x32,
208 0x80, 0x7a, 0x50, 0x2d, 0x65, 0x82, 0x4e, 0x31,
209 0xa2, 0x30, 0x54, 0x32, 0xaa, 0x3d, 0x06, 0xd3,
210 0xe2, 0x82, 0xa8, 0xd8, 0x4e, 0x0d, 0xe1, 0xde,
211 0x69, 0x74, 0xbf, 0x49, 0x54, 0x69, 0xfc, 0x7f,
212 0x33, 0x8f, 0x80, 0x54, 0xd5, 0x8c, 0x26, 0xc4,
213 0x93, 0x60, 0xc3, 0xe8, 0x7a, 0xf5, 0x65, 0x23,
214 0xac, 0xf6, 0xd8, 0x9d, 0x03, 0xe5, 0x6f, 0xf2,
215 0xf8, 0x68, 0x00, 0x2b, 0xc3, 0xe4, 0x31, 0xed,
216 0xc4, 0x4d, 0xf2, 0xf0, 0x22, 0x3d, 0x4b, 0xb3,
217 0xb2, 0x43, 0x58, 0x6e, 0x1a, 0x7d, 0x92, 0x49,
218 0x36, 0x69, 0x4f, 0xcb, 0xba, 0xf8, 0x8d, 0x95,
219 0x19, 0xe4, 0xeb, 0x50, 0xa6, 0x44, 0xf8, 0xe4,
220 0xf9, 0x5e, 0xb0, 0xea, 0x95, 0xbc, 0x44, 0x65,
221 0xc8, 0x82, 0x1a, 0xac, 0xd2, 0xfe, 0x15, 0xab,
222 0x49, 0x81, 0x16, 0x4b, 0xbb, 0x6d, 0xc3, 0x2f,
223 0x96, 0x90, 0x87, 0xa1, 0x45, 0xb0, 0xd9, 0xcc,
224 0x9c, 0x67, 0xc2, 0x2b, 0x76, 0x32, 0x99, 0x41,
225 0x9c, 0xc4, 0x12, 0x8b, 0xe9, 0xa0, 0x77, 0xb3,
226 0xac, 0xe6, 0x34, 0x06, 0x4e, 0x6d, 0x99, 0x28,
227 0x35, 0x13, 0xdc, 0x06, 0xe7, 0x51, 0x5d, 0x0d,
228 0x73, 0x13, 0x2e, 0x9a, 0x0d, 0xc6, 0xd3, 0xb1,
229 0xf8, 0xb2, 0x46, 0xf1, 0xa9, 0x8a, 0x3f, 0xc7,
230 0x29, 0x41, 0xb1, 0xe3, 0xbb, 0x20, 0x98, 0xe8,
231 0xbf, 0x16, 0xf2, 0x68, 0xd6, 0x4f, 0x0b, 0x0f,
232 0x47, 0x07, 0xfe, 0x1e, 0xa1, 0xa1, 0x79, 0x1b,
233 0xa2, 0xf3, 0xc0, 0xc7, 0x58, 0xe5, 0xf5, 0x51,
234 0x86, 0x3a, 0x96, 0xc9, 0x49, 0xad, 0x47, 0xd7,
235 0xfb, 0x40, 0xd2
236 };
237
238 static const u_char sha512_long2_msg_digest[] = {
239 0xc6, 0x65, 0xbe, 0xfb, 0x36, 0xda, 0x18, 0x9d,
240 0x78, 0x82, 0x2d, 0x10, 0x52, 0x8c, 0xbf, 0x3b,
241 0x12, 0xb3, 0xee, 0xf7, 0x26, 0x03, 0x99, 0x09,
242 0xc1, 0xa1, 0x6a, 0x27, 0x0d, 0x48, 0x71, 0x93,
243 0x77, 0x96, 0x6b, 0x95, 0x7a, 0x87, 0x8e, 0x72,
244 0x05, 0x84, 0x77, 0x9a, 0x62, 0x82, 0x5c, 0x18,
245 0xda, 0x26, 0x41, 0x5e, 0x49, 0xa7, 0x17, 0x6a,
246 0x89, 0x4e, 0x75, 0x10, 0xfd, 0x14, 0x51, 0xf5
247 };
248
249 static const hash_testvector_t sha512_hash_testvectors[] = {
250 { sizeof(sha512_short2_msg), sha512_short2_msg, sha512_short2_msg_digest },
251 { sizeof(sha512_short4_msg), sha512_short4_msg, sha512_short4_msg_digest },
252 { sizeof(sha512_long2_msg), sha512_long2_msg, sha512_long2_msg_digest },
253 { 0, NULL, NULL }
254 };
255
256 /* SHA-256, SHA-384, and SHA-512 hmac test vectors
257 * from RFC 4231 "Identifiers and Test Vectors for HMAC-SHA-224,
258 * HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512"
259 * December 2005, M. Nystrom, RSA Security
260 */
261
262 static const u_char sha2_hmac1_key[] = {
263 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
264 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
265 0x0b, 0x0b, 0x0b, 0x0b
266 };
267
268 static const u_char sha2_hmac1_msg[] = {
269 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65
270 };
271
272 static const u_char sha2_hmac1_256[] = {
273 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53,
274 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b,
275 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7,
276 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7
277 };
278
279 static const u_char sha2_hmac1_384[] = {
280 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62,
281 0x6b, 0x08, 0x25, 0xf4, 0xab ,0x46, 0x90, 0x7f,
282 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,
283 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c,
284 0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f,
285 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6
286 };
287
288 static const u_char sha2_hmac1_512[] = {
289 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d,
290 0x4f, 0xf0, 0xb4, 0x24, 0x1a, 0x1d, 0x6c, 0xb0,
291 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78,
292 0x7a, 0xd0, 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde,
293 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7, 0x02,
294 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4,
295 0xbe, 0x9d, 0x91, 0x4e, 0xeb, 0x61, 0xf1, 0x70,
296 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54
297 };
298
299 static const u_char sha2_hmac2_key[] = {
300 0x4a, 0x65, 0x66, 0x65
301 };
302
303 static const u_char sha2_hmac2_msg[] = {
304 0x77, 0x68, 0x61, 0x74, 0x20, 0x64, 0x6f, 0x20,
305 0x79, 0x61, 0x20, 0x77, 0x61, 0x6e, 0x74, 0x20,
306 0x66, 0x6f, 0x72, 0x20, 0x6e, 0x6f, 0x74, 0x68,
307 0x69, 0x6e, 0x67, 0x3f
308 };
309
310 static const u_char sha2_hmac2_256[] = {
311 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e,
312 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7,
313 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83,
314 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43
315 };
316
317 static const u_char sha2_hmac2_384[] = {
318 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31,
319 0x61, 0x7f, 0x78, 0xd2, 0xb5, 0x8a, 0x6b, 0x1b,
320 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47,
321 0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e,
322 0x8e, 0x22, 0x40, 0xca, 0x5e, 0x69, 0xe2, 0xc7,
323 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49
324 };
325
326 static const u_char sha2_hmac2_512[] = {
327 0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2,
328 0xe3, 0x95, 0xfb, 0xe7, 0x3b, 0x56, 0xe0, 0xa3,
329 0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6,
330 0x10, 0x27, 0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54,
331 0x97, 0x58, 0xbf, 0x75, 0xc0, 0x5a, 0x99, 0x4a,
332 0x6d, 0x03, 0x4f, 0x65, 0xf8, 0xf0, 0xe6, 0xfd,
333 0xca, 0xea, 0xb1, 0xa3, 0x4d, 0x4a, 0x6b, 0x4b,
334 0x63, 0x6e, 0x07, 0x0a, 0x38, 0xbc, 0xe7, 0x37
335 };
336
337 static const u_char sha2_hmac3_key[] = {
338 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
339 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
340 0xaa, 0xaa, 0xaa, 0xaa
341 };
342
343 static const u_char sha2_hmac3_msg[] = {
344 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
345 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
346 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
347 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
348 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
349 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
350 0xdd, 0xdd
351 };
352
353 static const u_char sha2_hmac3_256[] = {
354 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46,
355 0x85, 0x4d, 0xb8, 0xeb, 0xd0, 0x91, 0x81, 0xa7,
356 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8, 0xc1, 0x22,
357 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe
358 };
359
360 static const u_char sha2_hmac3_384[] = {
361 0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a,
362 0x0a, 0xa2, 0xac, 0xe0, 0x14, 0xc8, 0xa8, 0x6f,
363 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb,
364 0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b,
365 0x2a, 0x5a, 0xb3, 0x9d, 0xc1, 0x38, 0x14, 0xb9,
366 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27
367 };
368
369 static const u_char sha2_hmac3_512[] = {
370 0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84,
371 0xef, 0xb0, 0xf0, 0x75, 0x6c, 0x89, 0x0b, 0xe9,
372 0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36,
373 0x55, 0xf8, 0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39,
374 0xbf, 0x3e, 0x84, 0x82, 0x79, 0xa7, 0x22, 0xc8,
375 0x06, 0xb4, 0x85, 0xa4, 0x7e, 0x67, 0xc8, 0x07,
376 0xb9, 0x46, 0xa3, 0x37, 0xbe, 0xe8, 0x94, 0x26,
377 0x74, 0x27, 0x88, 0x59, 0xe1, 0x32, 0x92, 0xfb
378 };
379
380 static const u_char sha2_hmac4_key[] = {
381 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
382 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
383 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
384 0x19
385 };
386
387 static const u_char sha2_hmac4_msg[] = {
388 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
389 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
390 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
391 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
392 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
393 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
394 0xcd, 0xcd
395 };
396
397 static const u_char sha2_hmac4_256[] = {
398 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e,
399 0xa4, 0xcc, 0x81, 0x98, 0x99, 0xf2, 0x08, 0x3a,
400 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78, 0xf8, 0x07,
401 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b
402 };
403
404 static const u_char sha2_hmac4_384[] = {
405 0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85,
406 0x19, 0x33, 0xab, 0x62, 0x90, 0xaf, 0x6c, 0xa7,
407 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c,
408 0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e,
409 0x68, 0x01, 0xdd, 0x23, 0xc4, 0xa7, 0xd6, 0x79,
410 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb
411 };
412
413 static const u_char sha2_hmac4_512[] = {
414 0xb0, 0xba, 0x46, 0x56, 0x37, 0x45, 0x8c, 0x69,
415 0x90, 0xe5, 0xa8, 0xc5, 0xf6, 0x1d, 0x4a, 0xf7,
416 0xe5, 0x76, 0xd9, 0x7f, 0xf9, 0x4b, 0x87, 0x2d,
417 0xe7, 0x6f, 0x80, 0x50, 0x36, 0x1e, 0xe3, 0xdb,
418 0xa9, 0x1c, 0xa5, 0xc1, 0x1a, 0xa2, 0x5e, 0xb4,
419 0xd6, 0x79, 0x27, 0x5c, 0xc5, 0x78, 0x80, 0x63,
420 0xa5, 0xf1, 0x97, 0x41, 0x12, 0x0c, 0x4f, 0x2d,
421 0xe2, 0xad, 0xeb, 0xeb, 0x10, 0xa2, 0x98, 0xdd
422 };
423
424 static const u_char sha2_hmac6_key[] = {
425 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
426 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
427 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
428 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
429 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
430 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
431 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
432 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
433 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
434 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
435 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
436 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
437 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
438 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
439 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
440 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
441 0xaa, 0xaa, 0xaa
442 };
443
444 static const u_char sha2_hmac6_msg[] = {
445 0x54, 0x65, 0x73, 0x74, 0x20, 0x55, 0x73, 0x69,
446 0x6e, 0x67, 0x20, 0x4c, 0x61, 0x72, 0x67, 0x65,
447 0x72, 0x20, 0x54, 0x68, 0x61, 0x6e, 0x20, 0x42,
448 0x6c, 0x6f, 0x63, 0x6b, 0x2d, 0x53, 0x69, 0x7a,
449 0x65, 0x20, 0x4b, 0x65, 0x79, 0x20, 0x2d, 0x20,
450 0x48, 0x61, 0x73, 0x68, 0x20, 0x4b, 0x65, 0x79,
451 0x20, 0x46, 0x69, 0x72, 0x73, 0x74
452 };
453
454 static const u_char sha2_hmac6_256[] = {
455 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f,
456 0x0d, 0x8a, 0x26, 0xaa, 0xcb, 0xf5, 0xb7, 0x7f,
457 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28, 0xc5, 0x14,
458 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54
459 };
460
461 static const u_char sha2_hmac6_384[] = {
462 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90,
463 0x88, 0xd2, 0xc6, 0x3a, 0x04, 0x1b, 0xc5, 0xb4,
464 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f,
465 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6,
466 0x0c, 0x2e, 0xf6, 0xab, 0x40, 0x30, 0xfe, 0x82,
467 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52
468 };
469
470 static const u_char sha2_hmac6_512[] = {
471 0x80, 0xb2, 0x42, 0x63, 0xc7, 0xc1, 0xa3, 0xeb,
472 0xb7, 0x14, 0x93, 0xc1, 0xdd, 0x7b, 0xe8, 0xb4,
473 0x9b, 0x46, 0xd1, 0xf4, 0x1b, 0x4a, 0xee, 0xc1,
474 0x12, 0x1b, 0x01, 0x37, 0x83, 0xf8, 0xf3, 0x52,
475 0x6b, 0x56, 0xd0, 0x37, 0xe0, 0x5f, 0x25, 0x98,
476 0xbd, 0x0f, 0xd2, 0x21, 0x5d, 0x6a, 0x1e, 0x52,
477 0x95, 0xe6, 0x4f, 0x73, 0xf6, 0x3f, 0x0a, 0xec,
478 0x8b, 0x91, 0x5a, 0x98, 0x5d, 0x78, 0x65, 0x98
479 };
480
481 static const u_char sha2_hmac7_msg[] = {
482 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
483 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x75,
484 0x73, 0x69, 0x6e, 0x67, 0x20, 0x61, 0x20, 0x6c,
485 0x61, 0x72, 0x67, 0x65, 0x72, 0x20, 0x74, 0x68,
486 0x61, 0x6e, 0x20, 0x62, 0x6c, 0x6f, 0x63, 0x6b,
487 0x2d, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x6b, 0x65,
488 0x79, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x61, 0x20,
489 0x6c, 0x61, 0x72, 0x67, 0x65, 0x72, 0x20, 0x74,
490 0x68, 0x61, 0x6e, 0x20, 0x62, 0x6c, 0x6f, 0x63,
491 0x6b, 0x2d, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x64,
492 0x61, 0x74, 0x61, 0x2e, 0x20, 0x54, 0x68, 0x65,
493 0x20, 0x6b, 0x65, 0x79, 0x20, 0x6e, 0x65, 0x65,
494 0x64, 0x73, 0x20, 0x74, 0x6f, 0x20, 0x62, 0x65,
495 0x20, 0x68, 0x61, 0x73, 0x68, 0x65, 0x64, 0x20,
496 0x62, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x20, 0x62,
497 0x65, 0x69, 0x6e, 0x67, 0x20, 0x75, 0x73, 0x65,
498 0x64, 0x20, 0x62, 0x79, 0x20, 0x74, 0x68, 0x65,
499 0x20, 0x48, 0x4d, 0x41, 0x43, 0x20, 0x61, 0x6c,
500 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x2e
501 };
502
503 static const u_char sha2_hmac7_256[] = {
504 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb,
505 0x27, 0x63, 0x5f, 0xbc, 0xd5, 0xb0, 0xe9, 0x44,
506 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07, 0x13, 0x93,
507 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2
508 };
509
510 static const u_char sha2_hmac7_384[] = {
511 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d,
512 0x35, 0x1e, 0x2f, 0x25, 0x4e, 0x8f, 0xd3, 0x2c,
513 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a,
514 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5,
515 0xa6, 0x78, 0xcc, 0x31, 0xe7, 0x99, 0x17, 0x6d,
516 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e
517 };
518
519 static const u_char sha2_hmac7_512[] = {
520 0xe3, 0x7b, 0x6a, 0x77, 0x5d, 0xc8, 0x7d, 0xba,
521 0xa4, 0xdf, 0xa9, 0xf9, 0x6e, 0x5e, 0x3f, 0xfd,
522 0xde, 0xbd, 0x71, 0xf8, 0x86, 0x72, 0x89, 0x86,
523 0x5d, 0xf5, 0xa3, 0x2d, 0x20, 0xcd, 0xc9, 0x44,
524 0xb6, 0x02, 0x2c, 0xac, 0x3c, 0x49, 0x82, 0xb1,
525 0x0d, 0x5e, 0xeb, 0x55, 0xc3, 0xe4, 0xde, 0x15,
526 0x13, 0x46, 0x76, 0xfb, 0x6d, 0xe0, 0x44, 0x60,
527 0x65, 0xc9, 0x74, 0x40, 0xfa, 0x8c, 0x6a, 0x58
528 };
529
530 static const hmac_testvector_t sha256_hmac_testvectors[] = {
531 { sizeof(sha2_hmac1_key), sha2_hmac1_key, sizeof(sha2_hmac1_msg), sha2_hmac1_msg, sha2_hmac1_256 },
532 { sizeof(sha2_hmac2_key), sha2_hmac2_key, sizeof(sha2_hmac2_msg), sha2_hmac2_msg, sha2_hmac2_256 },
533 { sizeof(sha2_hmac3_key), sha2_hmac3_key, sizeof(sha2_hmac3_msg), sha2_hmac3_msg, sha2_hmac3_256 },
534 { sizeof(sha2_hmac4_key), sha2_hmac4_key, sizeof(sha2_hmac4_msg), sha2_hmac4_msg, sha2_hmac4_256 },
535 { sizeof(sha2_hmac6_key), sha2_hmac6_key, sizeof(sha2_hmac6_msg), sha2_hmac6_msg, sha2_hmac6_256 },
536 { sizeof(sha2_hmac6_key), sha2_hmac6_key, sizeof(sha2_hmac7_msg), sha2_hmac7_msg, sha2_hmac7_256 },
537 { 0, NULL, 0, NULL, NULL }
538 };
539
540 static const hmac_testvector_t sha384_hmac_testvectors[] = {
541 { sizeof(sha2_hmac1_key), sha2_hmac1_key, sizeof(sha2_hmac1_msg), sha2_hmac1_msg, sha2_hmac1_384 },
542 { sizeof(sha2_hmac2_key), sha2_hmac2_key, sizeof(sha2_hmac2_msg), sha2_hmac2_msg, sha2_hmac2_384 },
543 { sizeof(sha2_hmac3_key), sha2_hmac3_key, sizeof(sha2_hmac3_msg), sha2_hmac3_msg, sha2_hmac3_384 },
544 { sizeof(sha2_hmac4_key), sha2_hmac4_key, sizeof(sha2_hmac4_msg), sha2_hmac4_msg, sha2_hmac4_384 },
545 { sizeof(sha2_hmac6_key), sha2_hmac6_key, sizeof(sha2_hmac6_msg), sha2_hmac6_msg, sha2_hmac6_384 },
546 { sizeof(sha2_hmac6_key), sha2_hmac6_key, sizeof(sha2_hmac7_msg), sha2_hmac7_msg, sha2_hmac7_384 },
547 { 0, NULL, 0, NULL, NULL }
548 };
549
550 static const hmac_testvector_t sha512_hmac_testvectors[] = {
551 { sizeof(sha2_hmac1_key), sha2_hmac1_key, sizeof(sha2_hmac1_msg), sha2_hmac1_msg, sha2_hmac1_512 },
552 { sizeof(sha2_hmac2_key), sha2_hmac2_key, sizeof(sha2_hmac2_msg), sha2_hmac2_msg, sha2_hmac2_512 },
553 { sizeof(sha2_hmac3_key), sha2_hmac3_key, sizeof(sha2_hmac3_msg), sha2_hmac3_msg, sha2_hmac3_512 },
554 { sizeof(sha2_hmac4_key), sha2_hmac4_key, sizeof(sha2_hmac4_msg), sha2_hmac4_msg, sha2_hmac4_512 },
555 { sizeof(sha2_hmac6_key), sha2_hmac6_key, sizeof(sha2_hmac6_msg), sha2_hmac6_msg, sha2_hmac6_512 },
556 { sizeof(sha2_hmac6_key), sha2_hmac6_key, sizeof(sha2_hmac7_msg), sha2_hmac7_msg, sha2_hmac7_512 },
557 { 0, NULL, 0, NULL, NULL }
558 };
559
560 #define SHA256_HASH_TESTVECTORS sha256_hash_testvectors
561 #define SHA256_HMAC_TESTVECTORS sha256_hmac_testvectors
562 #define SHA384_HASH_TESTVECTORS sha384_hash_testvectors
563 #define SHA384_HMAC_TESTVECTORS sha384_hmac_testvectors
564 #define SHA512_HASH_TESTVECTORS sha512_hash_testvectors
565 #define SHA512_HMAC_TESTVECTORS sha512_hmac_testvectors
566
567 #else
568
569 #define SHA256_HASH_TESTVECTORS NULL
570 #define SHA256_HMAC_TESTVECTORS NULL
571 #define SHA384_HASH_TESTVECTORS NULL
572 #define SHA384_HMAC_TESTVECTORS NULL
573 #define SHA512_HASH_TESTVECTORS NULL
574 #define SHA512_HMAC_TESTVECTORS NULL
575
576 #endif
577
578 struct hash_desc hash_desc_sha2_256 = {
579 algo_type: IKE_ALG_HASH,
580 algo_id: OAKLEY_SHA2_256,
581 algo_next: NULL,
582 hash_digest_size: HASH_SIZE_SHA256,
583 hash_testvectors: SHA256_HASH_TESTVECTORS,
584 hmac_testvectors: SHA256_HMAC_TESTVECTORS
585 };
586
587 struct hash_desc hash_desc_sha2_384 = {
588 algo_type: IKE_ALG_HASH,
589 algo_id: OAKLEY_SHA2_384,
590 algo_next: NULL,
591 hash_digest_size: HASH_SIZE_SHA384,
592 hash_testvectors: SHA384_HASH_TESTVECTORS,
593 hmac_testvectors: SHA384_HMAC_TESTVECTORS
594 };
595
596 struct hash_desc hash_desc_sha2_512 = {
597 algo_type: IKE_ALG_HASH,
598 algo_id: OAKLEY_SHA2_512,
599 algo_next: NULL,
600 hash_digest_size: HASH_SIZE_SHA512,
601 hash_testvectors: SHA512_HASH_TESTVECTORS,
602 hmac_testvectors: SHA512_HMAC_TESTVECTORS
603 };
604