cleaned up pluto's crypto framework
[strongswan.git] / src / pluto / crypto.c
1 /* crypto interfaces
2 * Copyright (C) 1998-2001 D. Hugh Redelmeier
3 * Copyright (C) 2007 Andreas Steffen
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <stdio.h>
17 #include <string.h>
18 #include <stddef.h>
19 #include <sys/types.h>
20
21 #include <freeswan.h>
22 #define HEADER_DES_LOCL_H /* stupid trick to force prototype decl in <des.h> */
23 #include <libdes/des.h>
24
25 #include <errno.h>
26
27 #include "constants.h"
28 #include "defs.h"
29 #include "state.h"
30 #include "log.h"
31 #include "crypto.h"
32 #include "alg_info.h"
33 #include "ike_alg.h"
34
35
36 /* moduli and generator. */
37
38 static MP_INT
39 modp1024_modulus,
40 modp1536_modulus,
41 modp2048_modulus,
42 modp3072_modulus,
43 modp4096_modulus,
44 modp6144_modulus,
45 modp8192_modulus;
46
47 MP_INT groupgenerator; /* MODP group generator (2) */
48
49 static struct encrypt_desc crypto_encryptor_3des =
50 {
51 algo_type: IKE_ALG_ENCRYPT,
52 algo_id: OAKLEY_3DES_CBC,
53 algo_next: NULL,
54
55 enc_blocksize: DES_BLOCK_SIZE,
56 keydeflen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE,
57 keyminlen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE,
58 keymaxlen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE,
59 enc_testvectors: NULL
60 };
61
62 /* MD5 hash test vectors
63 * from RFC 1321 "MD5 Message-Digest Algorithm"
64 * April 1992, R. Rivest, RSA Data Security
65 */
66
67 static const u_char md5_test0_msg[] = {
68
69 };
70
71 static const u_char md5_test0_msg_digest[] = {
72 0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
73 0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e
74 };
75
76 static const u_char md5_test1_msg[] = {
77 0x61
78 };
79
80 static const u_char md5_test1_msg_digest[] = {
81 0x0c, 0xc1, 0x75, 0xb9, 0xc0, 0xf1, 0xb6, 0xa8,
82 0x31, 0xc3, 0x99, 0xe2, 0x69, 0x77, 0x26, 0x61
83 };
84
85 static const u_char md5_test2_msg[] = {
86 0x61, 0x62, 0x63
87 };
88
89 static const u_char md5_test2_msg_digest[] = {
90 0x90, 0x01, 0x50, 0x98, 0x3c, 0xd2, 0x4f, 0xb0,
91 0xd6, 0x96, 0x3f, 0x7d, 0x28, 0xe1, 0x7f, 0x72
92 };
93
94 static const u_char md5_test3_msg[] = {
95 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x20,
96 0x64, 0x69, 0x67, 0x65, 0x73, 0x74
97 };
98
99 static const u_char md5_test3_msg_digest[] = {
100 0xf9, 0x6b, 0x69, 0x7d, 0x7c, 0xb7, 0x93, 0x8d,
101 0x52, 0x5a, 0x2f, 0x31, 0xaa, 0xf1, 0x61, 0xd0
102 };
103
104 static const u_char md5_test4_msg[] = {
105 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68,
106 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
107 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,
108 0x79, 0x7a
109 };
110
111 static const u_char md5_test4_msg_digest[] = {
112 0xc3, 0xfc, 0xd3, 0xd7, 0x61, 0x92, 0xe4, 0x00,
113 0x7d, 0xfb, 0x49, 0x6c, 0xca, 0x67, 0xe1, 0x3b
114 };
115
116 static const u_char md5_test5_msg[] = {
117 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48,
118 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50,
119 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58,
120 0x59, 0x5a, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
121 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
122 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76,
123 0x77, 0x78, 0x79, 0x7a, 0x30, 0x31, 0x32, 0x33,
124 0x34, 0x35, 0x36, 0x37, 0x38, 0x39
125 };
126
127 static const u_char md5_test5_msg_digest[] = {
128 0xd1, 0x74, 0xab, 0x98, 0xd2, 0x77, 0xd9, 0xf5,
129 0xa5, 0x61, 0x1c, 0x2c, 0x9f, 0x41, 0x9d, 0x9f
130 };
131
132 static const u_char md5_test6_msg[] = {
133 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
134 0x39, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36,
135 0x37, 0x38, 0x39, 0x30, 0x31, 0x32, 0x33, 0x34,
136 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x31, 0x32,
137 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30,
138 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
139 0x39, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36,
140 0x37, 0x38, 0x39, 0x30, 0x31, 0x32, 0x33, 0x34,
141 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x31, 0x32,
142 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30
143 };
144
145 static const u_char md5_test6_msg_digest[] = {
146 0x57, 0xed, 0xf4, 0xa2, 0x2b, 0xe3, 0xc9, 0x55,
147 0xac, 0x49, 0xda, 0x2e, 0x21, 0x07, 0xb6, 0x7a
148 };
149
150 static const hash_testvector_t md5_hash_testvectors[] = {
151 { sizeof(md5_test0_msg), md5_test0_msg, md5_test0_msg_digest },
152 { sizeof(md5_test1_msg), md5_test1_msg, md5_test1_msg_digest },
153 { sizeof(md5_test2_msg), md5_test2_msg, md5_test2_msg_digest },
154 { sizeof(md5_test3_msg), md5_test3_msg, md5_test3_msg_digest },
155 { sizeof(md5_test4_msg), md5_test4_msg, md5_test4_msg_digest },
156 { sizeof(md5_test5_msg), md5_test5_msg, md5_test5_msg_digest },
157 { sizeof(md5_test6_msg), md5_test6_msg, md5_test6_msg_digest },
158 { 0, NULL, NULL }
159 };
160
161 /* MD5 hmac test vectors
162 * from RFC 2202 "Test Cases for HMAC-MD5 and HMAC-SHA-1"
163 * September 1997, P. Cheng, IBM & R. Glenn, NIST
164 */
165
166 static const u_char md5_hmac1_key[] = {
167 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
168 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b
169 };
170
171 static const u_char md5_hmac1_msg[] = {
172 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65
173 };
174
175 static const u_char md5_hmac1[] = {
176 0x92, 0x94, 0x72, 0x7a, 0x36, 0x38, 0xbb, 0x1c,
177 0x13, 0xf4, 0x8e, 0xf8, 0x15, 0x8b, 0xfc, 0x9d
178 };
179
180 static const u_char md5_hmac2_key[] = {
181 0x4a, 0x65, 0x66, 0x65
182 };
183
184 static const u_char md5_hmac2_msg[] = {
185 0x77, 0x68, 0x61, 0x74, 0x20, 0x64, 0x6f, 0x20,
186 0x79, 0x61, 0x20, 0x77, 0x61, 0x6e, 0x74, 0x20,
187 0x66, 0x6f, 0x72, 0x20, 0x6e, 0x6f, 0x74, 0x68,
188 0x69, 0x6e, 0x67, 0x3f
189 };
190
191 static const u_char md5_hmac2[] = {
192 0x75, 0x0c, 0x78, 0x3e, 0x6a, 0xb0, 0xb5, 0x03,
193 0xea, 0xa8, 0x6e, 0x31, 0x0a, 0x5d, 0xb7, 0x38
194 };
195
196 static const u_char md5_hmac3_key[] = {
197 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
198 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
199 };
200
201 static const u_char md5_hmac3_msg[] = {
202 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
203 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
204 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
205 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
206 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
207 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
208 0xdd, 0xdd
209 };
210
211 static const u_char md5_hmac3[] = {
212 0x56, 0xbe, 0x34, 0x52, 0x1d, 0x14, 0x4c, 0x88,
213 0xdb, 0xb8, 0xc7, 0x33, 0xf0, 0xe8, 0xb3, 0xf6
214 };
215
216 static const u_char md5_hmac4_key[] = {
217 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
218 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
219 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
220 0x19
221 };
222
223 static const u_char md5_hmac4_msg[] = {
224 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
225 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
226 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
227 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
228 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
229 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
230 0xcd, 0xcd
231 };
232
233 static const u_char md5_hmac4[] = {
234 0x69, 0x7e, 0xaf, 0x0a, 0xca, 0x3a, 0x3a, 0xea,
235 0x3a, 0x75, 0x16, 0x47, 0x46, 0xff, 0xaa, 0x79
236 };
237
238 static const u_char md5_hmac6_key[] = {
239 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
240 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
241 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
242 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
243 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
244 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
245 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
246 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
247 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
248 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
249 };
250
251 static const u_char md5_hmac6_msg[] = {
252 0x54, 0x65, 0x73, 0x74, 0x20, 0x55, 0x73, 0x69,
253 0x6e, 0x67, 0x20, 0x4c, 0x61, 0x72, 0x67, 0x65,
254 0x72, 0x20, 0x54, 0x68, 0x61, 0x6e, 0x20, 0x42,
255 0x6c, 0x6f, 0x63, 0x6b, 0x2d, 0x53, 0x69, 0x7a,
256 0x65, 0x20, 0x4b, 0x65, 0x79, 0x20, 0x2d, 0x20,
257 0x48, 0x61, 0x73, 0x68, 0x20, 0x4b, 0x65, 0x79,
258 0x20, 0x46, 0x69, 0x72, 0x73, 0x74
259 };
260
261 static const u_char md5_hmac6[] = {
262 0x6b, 0x1a, 0xb7, 0xfe, 0x4b, 0xd7, 0xbf, 0x8f,
263 0x0b, 0x62, 0xe6, 0xce, 0x61, 0xb9, 0xd0, 0xcd
264 };
265
266 static const u_char md5_hmac7_msg[] = {
267 0x54, 0x65, 0x73, 0x74, 0x20, 0x55, 0x73, 0x69,
268 0x6e, 0x67, 0x20, 0x4c, 0x61, 0x72, 0x67, 0x65,
269 0x72, 0x20, 0x54, 0x68, 0x61, 0x6e, 0x20, 0x42,
270 0x6c, 0x6f, 0x63, 0x6b, 0x2d, 0x53, 0x69, 0x7a,
271 0x65, 0x20, 0x4b, 0x65, 0x79, 0x20, 0x61, 0x6e,
272 0x64, 0x20, 0x4c, 0x61, 0x72, 0x67, 0x65, 0x72,
273 0x20, 0x54, 0x68, 0x61, 0x6e, 0x20, 0x4f, 0x6e,
274 0x65, 0x20, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x2d,
275 0x53, 0x69, 0x7a, 0x65, 0x20, 0x44, 0x61, 0x74,
276 0x61
277 };
278
279 static const u_char md5_hmac7[] = {
280 0x6f, 0x63, 0x0f, 0xad, 0x67, 0xcd, 0xa0, 0xee,
281 0x1f, 0xb1, 0xf5, 0x62, 0xdb, 0x3a, 0xa5, 0x3e
282 };
283
284 static const hmac_testvector_t md5_hmac_testvectors[] = {
285 { sizeof(md5_hmac1_key), md5_hmac1_key, sizeof(md5_hmac1_msg), md5_hmac1_msg, md5_hmac1 },
286 { sizeof(md5_hmac2_key), md5_hmac2_key, sizeof(md5_hmac2_msg), md5_hmac2_msg, md5_hmac2 },
287 { sizeof(md5_hmac3_key), md5_hmac3_key, sizeof(md5_hmac3_msg), md5_hmac3_msg, md5_hmac3 },
288 { sizeof(md5_hmac4_key), md5_hmac4_key, sizeof(md5_hmac4_msg), md5_hmac4_msg, md5_hmac4 },
289 { sizeof(md5_hmac6_key), md5_hmac6_key, sizeof(md5_hmac6_msg), md5_hmac6_msg, md5_hmac6 },
290 { sizeof(md5_hmac6_key), md5_hmac6_key, sizeof(md5_hmac7_msg), md5_hmac7_msg, md5_hmac7 },
291 { 0, NULL, 0, NULL, NULL }
292 };
293
294 static struct hash_desc crypto_hasher_md5 =
295 {
296 algo_type: IKE_ALG_HASH,
297 algo_id: OAKLEY_MD5,
298 algo_next: NULL,
299 hash_digest_size: HASH_SIZE_MD5,
300 hash_testvectors: md5_hash_testvectors,
301 hmac_testvectors: md5_hmac_testvectors,
302 };
303
304 /* SHA-1 test vectors
305 * from "The Secure Hash Algorithm Validation System (SHAVS)"
306 * July 22, 2004, Lawrence E. Bassham III, NIST
307 */
308
309 static const u_char sha1_short2_msg[] = {
310 0x5e
311 };
312
313 static const u_char sha1_short2_msg_digest[] = {
314 0x5e, 0x6f, 0x80, 0xa3, 0x4a, 0x97, 0x98, 0xca,
315 0xfc, 0x6a, 0x5d, 0xb9, 0x6c, 0xc5, 0x7b, 0xa4,
316 0xc4, 0xdb, 0x59, 0xc2
317 };
318
319 static const u_char sha1_short4_msg[] = {
320 0x9a, 0x7d, 0xfd, 0xf1, 0xec, 0xea, 0xd0, 0x6e,
321 0xd6, 0x46, 0xaa, 0x55, 0xfe, 0x75, 0x71, 0x46
322 };
323
324 static const u_char sha1_short4_msg_digest[] = {
325 0x82, 0xab, 0xff, 0x66, 0x05, 0xdb, 0xe1, 0xc1,
326 0x7d, 0xef, 0x12, 0xa3, 0x94, 0xfa, 0x22, 0xa8,
327 0x2b, 0x54, 0x4a, 0x35
328 };
329
330 static const u_char sha1_long2_msg[] = {
331 0xf7, 0x8f, 0x92, 0x14, 0x1b, 0xcd, 0x17, 0x0a,
332 0xe8, 0x9b, 0x4f, 0xba, 0x15, 0xa1, 0xd5, 0x9f,
333 0x3f, 0xd8, 0x4d, 0x22, 0x3c, 0x92, 0x51, 0xbd,
334 0xac, 0xbb, 0xae, 0x61, 0xd0, 0x5e, 0xd1, 0x15,
335 0xa0, 0x6a, 0x7c, 0xe1, 0x17, 0xb7, 0xbe, 0xea,
336 0xd2, 0x44, 0x21, 0xde, 0xd9, 0xc3, 0x25, 0x92,
337 0xbd, 0x57, 0xed, 0xea, 0xe3, 0x9c, 0x39, 0xfa,
338 0x1f, 0xe8, 0x94, 0x6a, 0x84, 0xd0, 0xcf, 0x1f,
339 0x7b, 0xee, 0xad, 0x17, 0x13, 0xe2, 0xe0, 0x95,
340 0x98, 0x97, 0x34, 0x7f, 0x67, 0xc8, 0x0b, 0x04,
341 0x00, 0xc2, 0x09, 0x81, 0x5d, 0x6b, 0x10, 0xa6,
342 0x83, 0x83, 0x6f, 0xd5, 0x56, 0x2a, 0x56, 0xca,
343 0xb1, 0xa2, 0x8e, 0x81, 0xb6, 0x57, 0x66, 0x54,
344 0x63, 0x1c, 0xf1, 0x65, 0x66, 0xb8, 0x6e, 0x3b,
345 0x33, 0xa1, 0x08, 0xb0, 0x53, 0x07, 0xc0, 0x0a,
346 0xff, 0x14, 0xa7, 0x68, 0xed, 0x73, 0x50, 0x60,
347 0x6a, 0x0f, 0x85, 0xe6, 0xa9, 0x1d, 0x39, 0x6f,
348 0x5b, 0x5c, 0xbe, 0x57, 0x7f, 0x9b, 0x38, 0x80,
349 0x7c, 0x7d, 0x52, 0x3d, 0x6d, 0x79, 0x2f, 0x6e,
350 0xbc, 0x24, 0xa4, 0xec, 0xf2, 0xb3, 0xa4, 0x27,
351 0xcd, 0xbb, 0xfb
352 };
353
354 static const u_char sha1_long2_msg_digest[] = {
355 0xcb, 0x00, 0x82, 0xc8, 0xf1, 0x97, 0xd2, 0x60,
356 0x99, 0x1b, 0xa6, 0xa4, 0x60, 0xe7, 0x6e, 0x20,
357 0x2b, 0xad, 0x27, 0xb3
358 };
359
360 static const hash_testvector_t sha1_hash_testvectors[] = {
361 { sizeof(sha1_short2_msg), sha1_short2_msg, sha1_short2_msg_digest },
362 { sizeof(sha1_short4_msg), sha1_short4_msg, sha1_short4_msg_digest },
363 { sizeof(sha1_long2_msg), sha1_long2_msg, sha1_long2_msg_digest },
364 { 0, NULL, NULL }
365 };
366
367 /* SHA-1 hmac test vectors
368 * from RFC 2202 "Test Cases for HMAC-MD5 and HMAC-SHA-1"
369 * September 1997, P. Cheng, IBM & R. Glenn, NIST
370 */
371
372 static const u_char sha1_hmac1_key[] = {
373 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
374 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
375 0x0b, 0x0b, 0x0b, 0x0b
376 };
377
378 static const u_char sha1_hmac1[] = {
379 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64,
380 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e,
381 0xf1, 0x46, 0xbe, 0x00
382 };
383
384 static const u_char sha1_hmac2[] = {
385 0xef, 0xfc, 0xdf, 0x6a, 0xe5, 0xeb, 0x2f, 0xa2,
386 0xd2, 0x74, 0x16, 0xd5, 0xf1, 0x84, 0xdf, 0x9c,
387 0x25, 0x9a, 0x7c, 0x79
388 };
389
390 static const u_char sha1_hmac3_key[] = {
391 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
392 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
393 0xaa, 0xaa, 0xaa, 0xaa
394 };
395
396 static const u_char sha1_hmac3[] = {
397 0x12, 0x5d, 0x73, 0x42, 0xb9, 0xac, 0x11, 0xcd,
398 0x91, 0xa3, 0x9a, 0xf4, 0x8a, 0xa1, 0x7b, 0x4f,
399 0x63, 0xf1, 0x75, 0xd3
400 };
401
402 static const u_char sha1_hmac4[] = {
403 0x4c, 0x90, 0x07, 0xf4, 0x02, 0x62, 0x50, 0xc6,
404 0xbc, 0x84, 0x14, 0xf9, 0xbf, 0x50, 0xc8, 0x6c,
405 0x2d, 0x72, 0x35, 0xda
406 };
407
408 static const u_char sha1_hmac6[] = {
409 0xaa, 0x4a, 0xe5, 0xe1, 0x52, 0x72, 0xd0, 0x0e,
410 0x95, 0x70, 0x56, 0x37, 0xce, 0x8a, 0x3b, 0x55,
411 0xed, 0x40, 0x21, 0x12
412 };
413
414 static const u_char sha1_hmac7[] = {
415 0xe8, 0xe9, 0x9d, 0x0f, 0x45, 0x23, 0x7d, 0x78,
416 0x6d, 0x6b, 0xba, 0xa7, 0x96, 0x5c, 0x78, 0x08,
417 0xbb, 0xff, 0x1a, 0x91
418 };
419
420 static const hmac_testvector_t sha1_hmac_testvectors[] = {
421 { sizeof(sha1_hmac1_key), sha1_hmac1_key, sizeof(md5_hmac1_msg), md5_hmac1_msg, sha1_hmac1 },
422 { sizeof(md5_hmac2_key), md5_hmac2_key, sizeof(md5_hmac2_msg), md5_hmac2_msg, sha1_hmac2 },
423 { sizeof(sha1_hmac3_key), sha1_hmac3_key, sizeof(md5_hmac3_msg), md5_hmac3_msg, sha1_hmac3 },
424 { sizeof(md5_hmac4_key), md5_hmac4_key, sizeof(md5_hmac4_msg), md5_hmac4_msg, sha1_hmac4 },
425 { sizeof(md5_hmac6_key), md5_hmac6_key, sizeof(md5_hmac6_msg), md5_hmac6_msg, sha1_hmac6 },
426 { sizeof(md5_hmac6_key), md5_hmac6_key, sizeof(md5_hmac7_msg), md5_hmac7_msg, sha1_hmac7 },
427 { 0, NULL, 0, NULL, NULL }
428 };
429
430 static struct hash_desc crypto_hasher_sha1 =
431 {
432 algo_type: IKE_ALG_HASH,
433 algo_id: OAKLEY_SHA,
434 algo_next: NULL,
435 hash_digest_size: HASH_SIZE_SHA1,
436 hash_testvectors: sha1_hash_testvectors,
437 hmac_testvectors: sha1_hmac_testvectors
438 };
439
440 void init_crypto(void)
441 {
442 if (mpz_init_set_str(&groupgenerator, MODP_GENERATOR, 10) != 0
443 || mpz_init_set_str(&modp1024_modulus, MODP1024_MODULUS, 16) != 0
444 || mpz_init_set_str(&modp1536_modulus, MODP1536_MODULUS, 16) != 0
445 || mpz_init_set_str(&modp2048_modulus, MODP2048_MODULUS, 16) != 0
446 || mpz_init_set_str(&modp3072_modulus, MODP3072_MODULUS, 16) != 0
447 || mpz_init_set_str(&modp4096_modulus, MODP4096_MODULUS, 16) != 0
448 || mpz_init_set_str(&modp6144_modulus, MODP6144_MODULUS, 16) != 0
449 || mpz_init_set_str(&modp8192_modulus, MODP8192_MODULUS, 16) != 0)
450 exit_log("mpz_init_set_str() failed in init_crypto()");
451
452 ike_alg_add((struct ike_alg *) &crypto_encryptor_3des);
453 ike_alg_add((struct ike_alg *) &crypto_hasher_sha1);
454 ike_alg_add((struct ike_alg *) &crypto_hasher_md5);
455 ike_alg_init();
456 ike_alg_test();
457 }
458
459 void free_crypto(void)
460 {
461 mpz_clear(&groupgenerator);
462 mpz_clear(&modp1024_modulus);
463 mpz_clear(&modp1536_modulus);
464 mpz_clear(&modp2048_modulus);
465 mpz_clear(&modp3072_modulus);
466 mpz_clear(&modp4096_modulus);
467 mpz_clear(&modp6144_modulus);
468 mpz_clear(&modp8192_modulus);
469 }
470
471 /* Oakley group description
472 *
473 * See RFC2409 "The Internet key exchange (IKE)" 6.
474 */
475
476 const struct oakley_group_desc unset_group = {0, NULL, 0}; /* magic signifier */
477
478 const struct oakley_group_desc oakley_group[OAKLEY_GROUP_SIZE] = {
479 # define BYTES(bits) (((bits) + BITS_PER_BYTE - 1) / BITS_PER_BYTE)
480 { OAKLEY_GROUP_MODP1024, &modp1024_modulus, BYTES(1024) },
481 { OAKLEY_GROUP_MODP1536, &modp1536_modulus, BYTES(1536) },
482 { OAKLEY_GROUP_MODP2048, &modp2048_modulus, BYTES(2048) },
483 { OAKLEY_GROUP_MODP3072, &modp3072_modulus, BYTES(3072) },
484 { OAKLEY_GROUP_MODP4096, &modp4096_modulus, BYTES(4096) },
485 { OAKLEY_GROUP_MODP6144, &modp6144_modulus, BYTES(6144) },
486 { OAKLEY_GROUP_MODP8192, &modp8192_modulus, BYTES(8192) },
487 # undef BYTES
488 };
489
490 const struct oakley_group_desc *lookup_group(u_int16_t group)
491 {
492 int i;
493
494 for (i = 0; i != countof(oakley_group); i++)
495 if (group == oakley_group[i].group)
496 return &oakley_group[i];
497 return NULL;
498 }
499
500 /* Encryption Routines
501 *
502 * Each uses and updates the state object's st_new_iv.
503 * This must already be initialized.
504 */
505
506 encryption_algorithm_t oakley_to_encryption_algorithm(int alg)
507 {
508 switch (alg)
509 {
510 case OAKLEY_DES_CBC:
511 return ENCR_DES;
512 case OAKLEY_IDEA_CBC:
513 return ENCR_IDEA;
514 case OAKLEY_BLOWFISH_CBC:
515 return ENCR_BLOWFISH;
516 case OAKLEY_RC5_R16_B64_CBC:
517 return ENCR_RC5;
518 case OAKLEY_3DES_CBC:
519 return ENCR_3DES;
520 case OAKLEY_CAST_CBC:
521 return ENCR_CAST;
522 case OAKLEY_AES_CBC:
523 return ENCR_AES_CBC;
524 case OAKLEY_SERPENT_CBC:
525 return ENCR_SERPENT_CBC;
526 case OAKLEY_TWOFISH_CBC:
527 case OAKLEY_TWOFISH_CBC_SSH:
528 return ENCR_TWOFISH_CBC;
529 default:
530 return ENCR_UNDEFINED;
531 }
532 }
533
534 hash_algorithm_t oakley_to_hash_algorithm(int alg)
535 {
536 switch (alg)
537 {
538 case OAKLEY_MD5:
539 return HASH_MD5;
540 case OAKLEY_SHA:
541 return HASH_SHA1;
542 case OAKLEY_SHA2_256:
543 return HASH_SHA256;
544 case OAKLEY_SHA2_384:
545 return HASH_SHA384;
546 case OAKLEY_SHA2_512:
547 return HASH_SHA512;
548 default:
549 return HASH_UNKNOWN;
550 }
551 }
552
553 pseudo_random_function_t oakley_to_prf(int alg)
554 {
555 switch (alg)
556 {
557 case OAKLEY_MD5:
558 return PRF_HMAC_MD5;
559 case OAKLEY_SHA:
560 return PRF_HMAC_SHA1;
561 case OAKLEY_SHA2_256:
562 return PRF_HMAC_SHA2_256;
563 case OAKLEY_SHA2_384:
564 return PRF_HMAC_SHA2_384;
565 case OAKLEY_SHA2_512:
566 return PRF_HMAC_SHA2_512;
567 default:
568 return PRF_UNDEFINED;
569 }
570 }