summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobert Relyea <rrelyea@redhat.com>2020-12-17 16:33:35 -0800
committerRobert Relyea <rrelyea@redhat.com>2020-12-17 16:33:35 -0800
commitdc15f1596ab13dd1372a9bf2b08826b05b3e7d88 (patch)
treea2539a42094756ddc16aade0da89264b86390883
parent03ba1b57d65b99e83b1a2b58a43693eade149090 (diff)
downloadnss-hg-dc15f1596ab13dd1372a9bf2b08826b05b3e7d88.tar.gz
Bug 1682071 IKE Quick mode IPSEC give you incorrect keys if you are asking for keys smaller than the hash size.
IKE Appendix B fixes. This patch fixes 2 problems. If you run either ike v1 App B or quick mode asking for a key with length mod macsize = 0, you will generate an extra block that's not used and overwrites the end of the buffer. If you use quick mode, the function incorrectly subsets the existing key rather than generating a new key. This is correct behavior for Appendix B, where appendix B is trying to take a generated key and create a new longer key (with no diversification, just transform the key into something that's longer), so if you ask for a key less than or equal to, then you want to just subset the original key. In quick mode you are taking a base key and creating a set of new keys based on additional data, so you want to subset the generated data. This patch only subsets the original key if you aren't doing quickmode. Full test vectors have now been added for all ike modes in this patch as well (previously we depended on the FIPS CAVS tests to test ike, which covers basic IKEv1, IKEv1_psk, and IKEv2 but not IKEv1 App B and IKE v1 Quick mode). Differential Revision: https://phabricator.services.mozilla.com/D99569
Diffstat
-rw-r--r--gtests/common/testvectors/ike-aesxcbc-vectors.h101
-rw-r--r--gtests/common/testvectors/ike-sha1-vectors.h116
-rw-r--r--gtests/common/testvectors/ike-sha256-vectors.h134
-rw-r--r--gtests/common/testvectors/ike-sha384-vectors.h150
-rw-r--r--gtests/common/testvectors/ike-sha512-vectors.h148
-rw-r--r--gtests/common/testvectors_base/test-structs.h25
-rw-r--r--gtests/pk11_gtest/manifest.mn1
-rw-r--r--gtests/pk11_gtest/pk11_gtest.gyp1
-rw-r--r--gtests/pk11_gtest/pk11_ike_unittest.cc197
-rw-r--r--lib/softoken/sftkike.c16
10 files changed, 887 insertions, 2 deletions
diff --git a/gtests/common/testvectors/ike-aesxcbc-vectors.h b/gtests/common/testvectors/ike-aesxcbc-vectors.h
new file mode 100644
index 000000000..cb92f02ee
--- /dev/null
+++ b/gtests/common/testvectors/ike-aesxcbc-vectors.h
@@ -0,0 +1,101 @@
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This file is generated from sources in nss/gtests/common/wycheproof
+ * automatically and should not be touched manually.
+ * Generation is trigged by calling python3 genTestVectors.py */
+
+#ifndef ike_aesxcbc_vectors_h__
+#define ike_aesxcbc_vectors_h__
+
+#include "testvectors_base/test-structs.h"
+
+const IkeTestVector kIkeAesXcbcProofVectors[] = {
+ // these vectors are self generated.
+ {1, IkeTestType::ikeGxy,
+ "8ba4cbc73c0187301dc19a975823854dbd641c597f637f8d053a83b9514673eb", "", "",
+ "ef41a18b8c1ece71d74fedb292fd0f00", "69a62284195f1680", "80c94ba25c8abda5",
+ "", 0, 0, true},
+ {2, IkeTestType::ikeV1, "ef41a18b8c1ece71d74fedb292fd0f00",
+ "8ba4cbc73c0187301dc19a975823854dbd641c597f637f8d053a83b9514673eb", "",
+ "13525f37f9db53a65d1945b9af2c94f4", "8c3bcd3a69831d7f", "d2d9a7ff4fbe95a7",
+ "", 0, 0, true},
+ {3, IkeTestType::ikeV1, "ef41a18b8c1ece71d74fedb292fd0f00",
+ "8ba4cbc73c0187301dc19a975823854dbd641c597f637f8d053a83b9514673eb",
+ "13525f37f9db53a65d1945b9af2c94f4", "39d0712a1a96d1afaddbc35de86bc404",
+ "8c3bcd3a69831d7f", "d2d9a7ff4fbe95a7", "", 1, 0, true},
+ {4, IkeTestType::ikeV1, "ef41a18b8c1ece71d74fedb292fd0f00",
+ "8ba4cbc73c0187301dc19a975823854dbd641c597f637f8d053a83b9514673eb",
+ "39d0712a1a96d1afaddbc35de86bc404", "691cc90e93feb1cc06c8d376d3188293",
+ "8c3bcd3a69831d7f", "d2d9a7ff4fbe95a7", "", 2, 0, true},
+ {5, IkeTestType::ikeV1Psk, "c0", "", "", "8963b0c6057c347c4ddec448f1779e2a",
+ "03a6f25a83c8c2a3", "9d958a6618f77e7f", "", 0, 0, true},
+ {6, IkeTestType::ikeGxy,
+ "4b2c1f971981a8ad8d0abeafabf38cf75fc8349c148142465ed9c8b516b8be52", "", "",
+ "08b95345c9557240ddc98d6e1dfda875", "32b50d5f4a3763f3", "9206a04b26564cb1",
+ "", 0, 0, true},
+ {7, IkeTestType::ikeV2Rekey, "efa38ecee9fd05062f64b655105436d54",
+ "863f3c9d06efd39d2b907b97f8699e5dd5251ef64a2a176f36ee40c87d4f9330", "",
+ "a881d193f5140415586a2839e1cacb91", "32b50d5f4a3763f3", "9206a04b26564cb1",
+ "", 0, 0, true},
+ {8, IkeTestType::ikePlus, "08b95345c9557240ddc98d6e1dfda875", "", "",
+ "efa38ecee9fd05062f64b655105436d54b4728da66f3bc5768636170ff5017ab082342a68"
+ "3e7144a58d549c53d4575a2897d14c7c687040e86384065456b8dcd8aaea88b85b5e4d8ab"
+ "2f61c015859337000550cda1750a15c1f90af0ddd296e0a7f291afe46295dd3108078bd8e"
+ "adf09bc614c205a7c283907c3e6a384ad3f5373887e83",
+ "", "",
+ // seed_data is Ni || Nr || SPIi || SPIr
+ // NOTE: there is no comma so the strings are concatenated together.
+ "32b50d5f4a3763f3" // Ni
+ "9206a04b26564cb1" // Nr
+ "34c9e7c188868785" // SPIi
+ "3ff77d760d2b2199", // SPIr
+ 0,
+ 132, true},
+ {9, IkeTestType::ikePlus, "08b95345c9557240ddc98d6e1dfda875", "", "",
+ "efa38ecee9fd05062f64b655105436d5", "", "",
+ // seed_data is Ni || Nr || SPIi || SPIr
+ // NOTE: there is no comma so the strings are concatenated together.
+ "32b50d5f4a3763f3" // Ni
+ "9206a04b26564cb1" // Nr
+ "34c9e7c188868785" // SPIi
+ "3ff77d760d2b2199", // SPIr
+ 0,
+ 16, true},
+ {10, IkeTestType::ikePlus, "08b95345c9557240ddc98d6e1dfda875", "", "",
+ "efa38ecee9fd05062f64b655105436", "", "",
+ // seed_data is Ni || Nr || SPIi || SPIr
+ // NOTE: there is no comma so the strings are concatenated together.
+ "32b50d5f4a3763f3" // Ni
+ "9206a04b26564cb1" // Nr
+ "34c9e7c188868785" // SPIi
+ "3ff77d760d2b2199", // SPIr
+ 0,
+ 15, true},
+ // these vectors are self-generated
+ {11, IkeTestType::ikeV1AppB, "08b95345c9557240ddc98d6e1dfda875", "", "",
+ "9203190ea765285c14ec496acdb73f99479ee08f3e3b5f277a516439888f74a2ddb5023f2"
+ "92c629e7194b3673632ff96bccd7de7ae68a90952fec65301c89d3a32981d5bb9d68b677e"
+ "96703f34ed6474deee2d8aa5c5cee8997ec223a24cd537042b74d1b5274eebe76520481a7"
+ "5a6d083b004819ea9359ffacef3ac6076cbbb0b80faab",
+ "", "", "", 0, 132, true},
+ {12, IkeTestType::ikeV1AppB, "08b95345c9557240ddc98d6e1dfda875", "", "",
+ "08b95345c9557240ddc98d6e1dfda875", "", "", "", 0, 16, true},
+ {13, IkeTestType::ikeV1AppB, "08b95345c9557240ddc98d6e1dfda875", "", "",
+ "08b95345c9557240ddc98d6e1dfda8", "", "", "", 0, 15, true},
+ {14, IkeTestType::ikeV1AppBQuick, "08b95345c9557240ddc98d6e1dfda875", "",
+ "",
+ "9203190ea765285c14ec496acdb73f99a2358c44449799788d589fc426405bd0d9bc42758"
+ "04e2946d3cfd6072db257e2da4b9fecca10f23b271f793e7f66d19db446245e6cdd9446a8"
+ "e2ca27439c6692ce3f15cbcafc40c5879adb98310a4f8a5de14fe502d2c4e2b35f7054974"
+ "9a95f9510ac2d02a470973ca91931f1a82bf944935f76",
+ "", "", "0", 0, 132, true},
+ {12, IkeTestType::ikeV1AppBQuick, "08b95345c9557240ddc98d6e1dfda875", "",
+ "", "9203190ea765285c14ec496acdb73f99", "", "", "0", 0, 16, true},
+ {16, IkeTestType::ikeV1AppBQuick, "08b95345c9557240ddc98d6e1dfda875", "",
+ "", "9203190ea765285c14ec496acdb73f", "", "", "0", 0, 15, true},
+};
+
+#endif // ike_aesxcbc_vectors_h__
diff --git a/gtests/common/testvectors/ike-sha1-vectors.h b/gtests/common/testvectors/ike-sha1-vectors.h
new file mode 100644
index 000000000..fd8dd7535
--- /dev/null
+++ b/gtests/common/testvectors/ike-sha1-vectors.h
@@ -0,0 +1,116 @@
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This file is generated from sources in nss/gtests/common/wycheproof
+ * automatically and should not be touched manually.
+ * Generation is trigged by calling python3 genTestVectors.py */
+
+#ifndef ike_sha1_vectors_h__
+#define ike_sha1_vectors_h__
+
+#include "testvectors_base/test-structs.h"
+
+const IkeTestVector kIkeSha1ProofVectors[] = {
+ // these vectors are from this NIST samples
+ {1, IkeTestType::ikeGxy,
+ "8ba4cbc73c0187301dc19a975823854dbd641c597f637f8d053a83b9514673eb", "", "",
+ "707197817fb2d90cf54d1842606bdea59b9f4823", "69a62284195f1680",
+ "80c94ba25c8abda5", "", 0, 0, true},
+ {2, IkeTestType::ikeV1, "707197817fb2d90cf54d1842606bdea59b9f4823",
+ "8ba4cbc73c0187301dc19a975823854dbd641c597f637f8d053a83b9514673eb", "",
+ "384be709a8a5e63c3ed160cfe3921c4b37d5b32d", "8c3bcd3a69831d7f",
+ "d2d9a7ff4fbe95a7", "", 0, 0, true},
+ {3, IkeTestType::ikeV1, "707197817fb2d90cf54d1842606bdea59b9f4823",
+ "8ba4cbc73c0187301dc19a975823854dbd641c597f637f8d053a83b9514673eb",
+ "384be709a8a5e63c3ed160cfe3921c4b37d5b32d",
+ "48b327575abe3adba0f279849e289022a13e2b47", "8c3bcd3a69831d7f",
+ "d2d9a7ff4fbe95a7", "", 1, 0, true},
+ {4, IkeTestType::ikeV1, "707197817fb2d90cf54d1842606bdea59b9f4823",
+ "8ba4cbc73c0187301dc19a975823854dbd641c597f637f8d053a83b9514673eb",
+ "48b327575abe3adba0f279849e289022a13e2b47",
+ "a4a415c8e0c38c0da847c356cc61c24df8025560", "8c3bcd3a69831d7f",
+ "d2d9a7ff4fbe95a7", "", 2, 0, true},
+ {5, IkeTestType::ikeV1Psk, "c0", "", "",
+ "ab3be41bc62f2ef0c41a3076d58768be77fadd2e", "03a6f25a83c8c2a3",
+ "9d958a6618f77e7f", "", 0, 0, true},
+ {6, IkeTestType::ikeGxy,
+ "4b2c1f971981a8ad8d0abeafabf38cf75fc8349c148142465ed9c8b516b8be52", "", "",
+ "a9a7b222b59f8f48645f28a1db5b5f5d7479cba7", "32b50d5f4a3763f3",
+ "9206a04b26564cb1", "", 0, 0, true},
+ {7, IkeTestType::ikeV2Rekey, "a14293677cc80ff8f9cc0eee30d895da9d8f4056",
+ "863f3c9d06efd39d2b907b97f8699e5dd5251ef64a2a176f36ee40c87d4f9330", "",
+ "63e81194946ebd05df7df5ebf5d8750056bf1f1d", "32b50d5f4a3763f3",
+ "9206a04b26564cb1", "", 0, 0, true},
+ {8, IkeTestType::ikePlus, "a9a7b222b59f8f48645f28a1db5b5f5d7479cba7", "",
+ "",
+ "a14293677cc80ff8f9cc0eee30d895da9d8f405666e30ef0dfcb63c634a46002a2a63080e"
+ "514a062768b76606f9fa5e992204fc5a670bde3f10d6b027113936a5c55b648a194ae587b"
+ "0088d52204b702c979fa280870d2ed41efa9c549fd11198af1670b143d384bd275c5f594c"
+ "f266b05ebadca855e4249520a441a81157435a7a56cc4",
+ "", "",
+ // seed_data is Ni || Nr || SPIi || SPIr
+ // NOTE: there is no comma so the strings are concatenated together.
+ "32b50d5f4a3763f3" // Ni
+ "9206a04b26564cb1" // Nr
+ "34c9e7c188868785" // SPIi
+ "3ff77d760d2b2199", // SPIr
+ 0,
+ 132, true},
+ {9, IkeTestType::ikePlus, "a9a7b222b59f8f48645f28a1db5b5f5d7479cba7", "",
+ "",
+ "a14293677cc80ff8f9cc0eee30d895da9d8f405666e30ef0dfcb63c634a46002a2a63080e"
+ "514a062",
+ "", "",
+ // seed_data is Ni || Nr || SPIi || SPIr
+ // NOTE: there is no comma so the strings are concatenated together.
+ "32b50d5f4a3763f3" // Ni
+ "9206a04b26564cb1" // Nr
+ "34c9e7c188868785" // SPIi
+ "3ff77d760d2b2199", // SPIr
+ 0,
+ 40, true},
+ {10, IkeTestType::ikePlus, "a9a7b222b59f8f48645f28a1db5b5f5d7479cba7", "",
+ "", "a14293677cc80ff8f9cc0eee30d895", "", "",
+ // seed_data is Ni || Nr || SPIi || SPIr
+ // NOTE: there is no comma so the strings are concatenated together.
+ "32b50d5f4a3763f3" // Ni
+ "9206a04b26564cb1" // Nr
+ "34c9e7c188868785" // SPIi
+ "3ff77d760d2b2199", // SPIr
+ 0,
+ 15, true},
+ // these vectors are self-generated
+ {11, IkeTestType::ikeV1AppB, "63e81194946ebd05df7df5ebf5d8750056bf1f1d", "",
+ "",
+ "933347a07de5782247dd36d1562ffe0eecade1eb4134165257e3af1000af8ae3f16506382"
+ "8cbb60d910b7db38fa3c7f62c4afaaf3203da065c841729853edb23e9e7ac8286ae65c8cb"
+ "6c667d79268c0bd6705abb9131698eb822b1c1f9dd142fc7be2c1010ee0152e10195add98"
+ "999c6b6d42c8fe9c1b134d56ad5f2c6f20e815bd25c52",
+ "", "", "", 0, 132, true},
+ {12, IkeTestType::ikeV1AppB, "63e81194946ebd05df7df5ebf5d8750056bf1f1d", "",
+ "",
+ "933347a07de5782247dd36d1562ffe0eecade1eb4134165257e3af1000af8ae3f16506382"
+ "8cbb60d",
+ "", "", "", 0, 40, true},
+ {13, IkeTestType::ikeV1AppB, "63e81194946ebd05df7df5ebf5d8750056bf1f1d", "",
+ "", "63e81194946ebd05df7df5ebf5d875", "", "", "", 0, 15, true},
+ {14, IkeTestType::ikeV1AppBQuick,
+ "63e81194946ebd05df7df5ebf5d8750056bf1f1d", "", "",
+ "933347a07de5782247dd36d1562ffe0eecade1ebaeaa476a5f578c34a9b2b7101a621202f"
+ "61db924c5ef9efa3bb2698095841603b7ac8a880329a927ecd4ad53a944b607a5ac2f3d15"
+ "4e2748c188d7370d76be83fc204fdacf0f66b99dd760ba619ffac65eda1420c8a936dac5a"
+ "599afaf4043b29ef2b65dc042724355b550875316c6fd",
+ "", "", "0", 0, 132, true},
+ {15, IkeTestType::ikeV1AppBQuick,
+ "63e81194946ebd05df7df5ebf5d8750056bf1f1d", "", "",
+ "933347a07de5782247dd36d1562ffe0eecade1ebaeaa476a5f578c34a9b2b7101a621202f"
+ "61db924",
+ "", "", "0", 0, 40, true},
+ {16, IkeTestType::ikeV1AppBQuick,
+ "63e81194946ebd05df7df5ebf5d8750056bf1f1d", "", "",
+ "933347a07de5782247dd36d1562ffe", "", "", "0", 0, 15, true},
+};
+
+#endif // ike_sha1_vectors_h__
diff --git a/gtests/common/testvectors/ike-sha256-vectors.h b/gtests/common/testvectors/ike-sha256-vectors.h
new file mode 100644
index 000000000..e7c32b7c1
--- /dev/null
+++ b/gtests/common/testvectors/ike-sha256-vectors.h
@@ -0,0 +1,134 @@
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This file is generated from sources in nss/gtests/common/wycheproof
+ * automatically and should not be touched manually.
+ * Generation is trigged by calling python3 genTestVectors.py */
+
+#ifndef ike_sha256_vectors_h__
+#define ike_sha256_vectors_h__
+
+#include "testvectors_base/test-structs.h"
+
+const IkeTestVector kIkeSha256ProofVectors[] = {
+ // these vectors are from this NIST samples
+ {1, IkeTestType::ikeGxy,
+ "a1ff3dc6cf9b4c04709943cb4ca1f1789bcf360b03f1d027de3ae8ee039e9155", "", "",
+ "750c5c94b9c2ec20b68033e024dadf0fa87e8b48c6561b21c72478451a06583d",
+ "b1dee62505b47b223bae14ce7a5b757402ad1587511618d09f94950d47f1d8d4ce86aca12"
+ "d78db9854d86019ad735757ae79d8932ac0c7db842c85060150ca875ea5d47e3cfcb2a059"
+ "22ebb7959d49b9797a2289676ee79a1d9a18b790f87e4771ddaf4be3376057a553162f68f"
+ "e429aca73b07234543801ba2122b1bde82251770d05df813cf556a11ca4dc43ffcb85a97d"
+ "bed16e2fda6985e07e31be6364899e63c507c7c616e5eb7765a53560f76772de43918ba07"
+ "badfe85244dcdcd917cb065afb60e3b7e68b54dd94bfc7c31c8b752892781ed3cc4b7f28f"
+ "bc0ab9af908f5ae1f09f893f80100a7b3135993161b51fbba3bbb24b9f88c6147de82cd6f"
+ "0",
+ "f0acfef2ad1f7add0eaafda78c1cf1097d9fc91cb04a7c145069ac426fd164cbe661b1dd2"
+ "df0fb84e19512181f0d8ea50b7860845f332757a8e56d2a3b7be436b5718a2d49baa996a4"
+ "616684a208c2d611cd65e605dca6e3d3f116859b4410fe13679696bb2e23c08a40c7e1316"
+ "d54b4c9c0286701c221151b3642cb4112ca1a53e0e597a7e29c634caed86ca3c31973d37b"
+ "4c346134fd6784cd99913feedf3d29d89a0a02a5a750f02f5738109dcc670bb27701fb59f"
+ "78e83b76860c3fec079a1fc8c937ddb58ae7500422b7e49ce63759c65b6bc439381d56bcc"
+ "159edede894b073841036ebfa050a5b3e7c876a3f18def26b1768a263ac66c9d83b680eb5"
+ "e",
+ "", 0, 0, true},
+ {2, IkeTestType::ikeV1,
+ "750c5c94b9c2ec20b68033e024dadf0fa87e8b48c6561b21c72478451a06583d",
+ "a1ff3dc6cf9b4c04709943cb4ca1f1789bcf360b03f1d027de3ae8ee039e9155", "",
+ "a4f7ca7de913814813e3312099e7c943bd293483f387532330237f1b20957310",
+ "6c6beb72631ddc3d", "b84e24b22cffbd14", "", 0, 0, true},
+ {3, IkeTestType::ikeV1,
+ "750c5c94b9c2ec20b68033e024dadf0fa87e8b48c6561b21c72478451a06583d",
+ "a1ff3dc6cf9b4c04709943cb4ca1f1789bcf360b03f1d027de3ae8ee039e9155",
+ "a4f7ca7de913814813e3312099e7c943bd293483f387532330237f1b20957310",
+ "1d4b705746c43b0a6fcbb8db33983c0f24ff6f8b6543e3779fed227c6067f004",
+ "6c6beb72631ddc3d", "b84e24b22cffbd14", "", 1, 0, true},
+ {4, IkeTestType::ikeV1,
+ "750c5c94b9c2ec20b68033e024dadf0fa87e8b48c6561b21c72478451a06583d",
+ "a1ff3dc6cf9b4c04709943cb4ca1f1789bcf360b03f1d027de3ae8ee039e9155",
+ "1d4b705746c43b0a6fcbb8db33983c0f24ff6f8b6543e3779fed227c6067f004",
+ "03e6f16cd9ce9f64b5cdc5b34cca7163483ba5389a30afebef3d14640b0a815e",
+ "6c6beb72631ddc3d", "b84e24b22cffbd14", "", 2, 0, true},
+ {5, IkeTestType::ikeV1Psk, "a0", "", "",
+ "558a99b299773d267cf7c8ef073bf3b7af362c206c75a538403c5ef884d4cace",
+ "ead9ced494868f41", "f1aff4f425a94f18", "", 0, 0, true},
+ {6, IkeTestType::ikeGxy,
+ "0f4d257d7a58fc4545c7d7a88119eee5d5c9690c5b4c989171d3abbfd99d1d29", "", "",
+ "5f00d1bd2c58ec224b1e6b71fa0f19a1faa7a193952c444411b47c1a9d8ba6fe",
+ "3f302be1abcb28e1", "8c332ee006064c9b", "", 0, 0, true},
+ {7, IkeTestType::ikeV2Rekey,
+ "0b137d669b0947d7d026d593f0305ad401ff0c471357d695778a9c7f4b4869ec",
+ "25f3b12d6f282739256e39bf54eda53b60ffcf379bb7bcc90c27b4c4c578616c", "",
+ "2d63f6debc92048b4fef3889c4c99ca67d6496e0fac14a2bca9a2d6566ff2398",
+ "3f302be1abcb28e1", "8c332ee006064c9b", "", 0, 0, true},
+ {8, IkeTestType::ikePlus,
+ "5f00d1bd2c58ec224b1e6b71fa0f19a1faa7a193952c444411b47c1a9d8ba6fe", "", "",
+ "0b137d669b0947d7d026d593f0305ad401ff0c471357d695778a9c7f4b4869ece98aca531"
+ "188d16041b3bb936d2dbb3b4993a6e768a809160de45d0283f273a6cdf6854379e31be72b"
+ "8d3d1fa990cf9c5b015ca9f918a7df6253c958114a09d4e1c19bdcd4db14b29d98db1a74a"
+ "d405c588662c14a04d0d36aa4ab55e90f8986d12d4aad",
+ "", "",
+ // seed_data is Ni || Nr || SPIi || SPIr
+ // NOTE: there is no comma so the strings are concatenated together.
+ "3f302be1abcb28e1" // Ni
+ "8c332ee006064c9b" // Nr
+ "40dac39e1e1a8640" // SPIi
+ "8619a1cf9a6e4c07", // SPIr
+ 0,
+ 132, true},
+ {9, IkeTestType::ikePlus,
+ "5f00d1bd2c58ec224b1e6b71fa0f19a1faa7a193952c444411b47c1a9d8ba6fe", "", "",
+ "0b137d669b0947d7d026d593f0305ad401ff0c471357d695778a9c7f4b4869ec", "", "",
+ // seed_data is Ni || Nr || SPIi || SPIr
+ // NOTE: there is no comma so the strings are concatenated together.
+ "3f302be1abcb28e1" // Ni
+ "8c332ee006064c9b" // Nr
+ "40dac39e1e1a8640" // SPIi
+ "8619a1cf9a6e4c07", // SPIr
+ 0,
+ 32, true},
+ {10, IkeTestType::ikePlus,
+ "5f00d1bd2c58ec224b1e6b71fa0f19a1faa7a193952c444411b47c1a9d8ba6fe", "", "",
+ "0b137d669b0947d7d026d593f0305a", "", "",
+ // seed_data is Ni || Nr || SPIi || SPIr
+ // NOTE: there is no comma so the strings are concatenated together.
+ "3f302be1abcb28e1" // Ni
+ "8c332ee006064c9b" // Nr
+ "40dac39e1e1a8640" // SPIi
+ "8619a1cf9a6e4c07", // SPIr
+ 0,
+ 15, true},
+ // these vectors are self-generated
+ {11, IkeTestType::ikeV1AppB,
+ "5f00d1bd2c58ec224b1e6b71fa0f19a1faa7a193952c444411b47c1a9d8ba6fe", "", "",
+ "b10fff32cbeaa1e7afe6ab0b191e0bd63cd524849a4b56019146d232a24cf9af6b89494d2"
+ "a360b06825db8bb0324c15cecf47fc0bc99e39bf1171a7f4bf1733dc49ef64c642e73b054"
+ "b2e82456e34fa3c822da475e27e403b3da3929da50e6aa9e7f9252c68fa069b4b0edd374e"
+ "80d35378c4f5e8ec285a1b169c92bbb5353d05ba94165",
+ "", "", "", 0, 132, true},
+ {12, IkeTestType::ikeV1AppB,
+ "5f00d1bd2c58ec224b1e6b71fa0f19a1faa7a193952c444411b47c1a9d8ba6fe", "", "",
+ "5f00d1bd2c58ec224b1e6b71fa0f19a1faa7a193952c444411b47c1a9d8ba6fe", "", "",
+ "", 0, 32, true},
+ {13, IkeTestType::ikeV1AppB,
+ "5f00d1bd2c58ec224b1e6b71fa0f19a1faa7a193952c444411b47c1a9d8ba6fe", "", "",
+ "5f00d1bd2c58ec224b1e6b71fa0f19", "", "", "", 0, 15, true},
+ {14, IkeTestType::ikeV1AppBQuick,
+ "5f00d1bd2c58ec224b1e6b71fa0f19a1faa7a193952c444411b47c1a9d8ba6fe", "", "",
+ "b10fff32cbeaa1e7afe6ab0b191e0bd63cd524849a4b56019146d232a24cf9af59f18ed9a"
+ "abbb2dbbafecf48d72a34a8f72fab2ff4f37e5c917288a78ce00933612e9531a7469995c7"
+ "f7cc33c7627cac3efbc819330c4fe3bfa3788799630f37bcb74800d82bbebd17b1906e304"
+ "a786f4f810c266c15be1a30576039c293272748d65966",
+ "", "", "0", 0, 132, true},
+ {15, IkeTestType::ikeV1AppBQuick,
+ "5f00d1bd2c58ec224b1e6b71fa0f19a1faa7a193952c444411b47c1a9d8ba6fe", "", "",
+ "b10fff32cbeaa1e7afe6ab0b191e0bd63cd524849a4b56019146d232a24cf9af", "", "",
+ "0", 0, 32, true},
+ {16, IkeTestType::ikeV1AppBQuick,
+ "5f00d1bd2c58ec224b1e6b71fa0f19a1faa7a193952c444411b47c1a9d8ba6fe", "", "",
+ "b10fff32cbeaa1e7afe6ab0b191e0b", "", "", "0", 0, 15, true},
+};
+
+#endif // ike_sha256_vectors_h__
diff --git a/gtests/common/testvectors/ike-sha384-vectors.h b/gtests/common/testvectors/ike-sha384-vectors.h
new file mode 100644
index 000000000..d1efd94ff
--- /dev/null
+++ b/gtests/common/testvectors/ike-sha384-vectors.h
@@ -0,0 +1,150 @@
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This file is generated from sources in nss/gtests/common/wycheproof
+ * automatically and should not be touched manually.
+ * Generation is trigged by calling python3 genTestVectors.py */
+
+#ifndef ike_sha384_vectors_h__
+#define ike_sha384_vectors_h__
+
+#include "testvectors_base/test-structs.h"
+
+const IkeTestVector kIkeSha384ProofVectors[] = {
+ // these vectors are from this NIST samples
+ {1, IkeTestType::ikeGxy,
+ "1724dbd893523764bfef8c6fa927856fccfb77ae254358cce29c2769a32915c1", "", "",
+ "6e4514610bf82d0ab7bf0260096f6146a153c712071abb633ced813c572156c783e36874a"
+ "65a64690ca701d40d56ea18",
+ "cec89d845add83ef", "cebd43ab71d17db9", "", 0, 0, true},
+ {2, IkeTestType::ikeV1,
+ "6e4514610bf82d0ab7bf0260096f6146a153c712071abb633ced813c572156c783e36874a"
+ "65a64690ca701d40d56ea18",
+ "1724dbd893523764bfef8c6fa927856fccfb77ae254358cce29c2769a32915c1", "",
+ "b083234e9ed7745911f93eb31faa66fcf88906266830eb17ef166d295cb1f86a3543b8b8e"
+ "fa5df918533df537e9c809c",
+ "1c8aba986a00af0f", "b049d9672f73c920", "", 0, 0, true},
+ {3, IkeTestType::ikeV1,
+ "6e4514610bf82d0ab7bf0260096f6146a153c712071abb633ced813c572156c783e36874a"
+ "65a64690ca701d40d56ea18",
+ "1724dbd893523764bfef8c6fa927856fccfb77ae254358cce29c2769a32915c1",
+ "b083234e9ed7745911f93eb31faa66fcf88906266830eb17ef166d295cb1f86a3543b8b8e"
+ "fa5df918533df537e9c809c",
+ "938295a374aceb4147a8024c9a007dd313403fd8fd7070dbd0cfbe1ccd308dbfbb7b9e9c6"
+ "4049e4df44ff551016cb7b5",
+ "1c8aba986a00af0f", "b049d9672f73c920", "", 1, 0, true},
+ {4, IkeTestType::ikeV1,
+ "6e4514610bf82d0ab7bf0260096f6146a153c712071abb633ced813c572156c783e36874a"
+ "65a64690ca701d40d56ea18",
+ "1724dbd893523764bfef8c6fa927856fccfb77ae254358cce29c2769a32915c1",
+ "938295a374aceb4147a8024c9a007dd313403fd8fd7070dbd0cfbe1ccd308dbfbb7b9e9c6"
+ "4049e4df44ff551016cb7b5",
+ "8595b249dc1fa8599729f87eb6b9dd13bfbfdfd4f9ebd78929bab6ecc402539ad32cb6e7e"
+ "f4ba6a0f53da14e4df07ed4",
+ "1c8aba986a00af0f", "b049d9672f73c920", "", 2, 0, true},
+ {5, IkeTestType::ikeV1Psk, "9e", "", "",
+ "b54fa27cb4251051e44a659d73591845691d11f1874bf4e4088e5df6462d28e57a3a2af3a"
+ "b4f9b746a8f5766f8785f2b",
+ "d6596b7e5b398534", "136fbdfa8d0ceb8e", "", 0, 0, true},
+ {6, IkeTestType::ikeGxy,
+ "d3288cd87565101e88fe3bad918f31939d8dd26ff1071f8b2d7f447524e58d7c", "", "",
+ "69fe7a1ac94adaeb711295f5fe004b1a8d6a0b65d05692758ce8ad2f7a45f59d7d0b596f5"
+ "1f7dfcf3330061888f6a94f",
+ "fd1b572a8e735591", "6013b0ef88dacd3d", "", 0, 0, true},
+ {7, IkeTestType::ikeV2Rekey,
+ "4f904c2025c90c817ea5ff9b662a6fdb445a73b57cdf09eacd379b95e1f03cacb04cd6dee"
+ "da4f952191dd9bc1f7a9502",
+ "3358f620539473aee8d07e779764c4c6a9aabddc79a28e136b3bac021dbde44a", "",
+ "e0548c1682e13bce454026b3b1bdf42985b24e4e7408095a7c529de38c3d1fcb04c9fe686"
+ "8042a34c9614c6c99e3fcea",
+ "fd1b572a8e735591", "6013b0ef88dacd3d", "", 0, 0, true},
+ {8, IkeTestType::ikePlus,
+ "69fe7a1ac94adaeb711295f5fe004b1a8d6a0b65d05692758ce8ad2f7a45f59d7d0b596f5"
+ "1f7dfcf3330061888f6a94f",
+ "", "",
+ "4f904c2025c90c817ea5ff9b662a6fdb445a73b57cdf09eacd379b95e1f03cacb04cd6dee"
+ "da4f952191dd9bc1f7a9502471a648d74dc06d38112de48a42501f6b1a3ad55c2099cd9a6"
+ "48e5f17e5bf3e34bf9b5953decb768a34f875fe2b78dca0c2fcca81ec1a412006dfaed38f"
+ "a06882e61f4c148105fb8e231fdb33c4d484c001721d4",
+ "", "",
+ // seed_data is Ni || Nr || SPIi || SPIr
+ // NOTE: there is no comma so the strings are concatenated together.
+ "fd1b572a8e735591" // Ni
+ "6013b0ef88dacd3d" // Nr
+ "2116ad07ce61f749" // SPIi
+ "24880e55f11a65b7", // SPIr
+ 0,
+ 132, true},
+ {9, IkeTestType::ikePlus,
+ "69fe7a1ac94adaeb711295f5fe004b1a8d6a0b65d05692758ce8ad2f7a45f59d7d0b596f5"
+ "1f7dfcf3330061888f6a94f",
+ "", "",
+ "4f904c2025c90c817ea5ff9b662a6fdb445a73b57cdf09eacd379b95e1f03cacb04cd6dee"
+ "da4f952191dd9bc1f7a9502",
+ "", "",
+ // seed_data is Ni || Nr || SPIi || SPIr
+ // NOTE: there is no comma so the strings are concatenated together.
+ "fd1b572a8e735591" // Ni
+ "6013b0ef88dacd3d" // Nr
+ "2116ad07ce61f749" // SPIi
+ "24880e55f11a65b7", // SPIr
+ 0,
+ 48, true},
+ {10, IkeTestType::ikePlus,
+ "69fe7a1ac94adaeb711295f5fe004b1a8d6a0b65d05692758ce8ad2f7a45f59d7d0b596f5"
+ "1f7dfcf3330061888f6a94f",
+ "", "", "4f904c2025c90c817ea5ff9b662a6f", "", "",
+ // seed_data is Ni || Nr || SPIi || SPIr
+ // NOTE: there is no comma so the strings are concatenated together.
+ "fd1b572a8e735591" // Ni
+ "6013b0ef88dacd3d" // Nr
+ "2116ad07ce61f749" // SPIi
+ "24880e55f11a65b7", // SPIr
+ 0,
+ 15, true},
+ // these vectors are self-generated
+ {11, IkeTestType::ikeV1AppB,
+ "69fe7a1ac94adaeb711295f5fe004b1a8d6a0b65d05692758ce8ad2f7a45f59d7d0b596f5"
+ "1f7dfcf3330061888f6a94f",
+ "", "",
+ "9b9a56a512cc2c5d5bcee66d03974f2701d4634b3241df132b1d2fd31fb23f003969dd787"
+ "3425f771aae298871672cbfc908596c4d18165331b9fdff350cff787e700a140e123f2066"
+ "d8d8527f53e701d23abdb3b0bc713109e33dc233c6989fa64b95720495c859505c5c7a748"
+ "7778aab59365dafe60c7264ccde55829f60143a4bb095",
+ "", "", "", 0, 132, true},
+ {12, IkeTestType::ikeV1AppB,
+ "69fe7a1ac94adaeb711295f5fe004b1a8d6a0b65d05692758ce8ad2f7a45f59d7d0b596f5"
+ "1f7dfcf3330061888f6a94f",
+ "", "",
+ "69fe7a1ac94adaeb711295f5fe004b1a8d6a0b65d05692758ce8ad2f7a45f59d7d0b596f5"
+ "1f7dfcf3330061888f6a94f",
+ "", "", "", 0, 48, true},
+ {13, IkeTestType::ikeV1AppB,
+ "69fe7a1ac94adaeb711295f5fe004b1a8d6a0b65d05692758ce8ad2f7a45f59d7d0b596f5"
+ "1f7dfcf3330061888f6a94f",
+ "", "", "69fe7a1ac94adaeb711295f5fe004b", "", "", "", 0, 15, true},
+ {14, IkeTestType::ikeV1AppBQuick,
+ "69fe7a1ac94adaeb711295f5fe004b1a8d6a0b65d05692758ce8ad2f7a45f59d7d0b596f5"
+ "1f7dfcf3330061888f6a94f",
+ "", "",
+ "9b9a56a512cc2c5d5bcee66d03974f2701d4634b3241df132b1d2fd31fb23f003969dd787"
+ "3425f771aae298871672cbf0e0b966f3e961d3d94c2205decc285afae5aad6abe9ca6f5fb"
+ "8420fb940bc7760c63c45bd577f561f3643fc98bff8e26663f40f225865e79cca504f527f"
+ "abcfc24bd1ba8e2dbd022120f0fd9fb2caa28b031607b",
+ "", "", "0", 0, 132, true},
+ {15, IkeTestType::ikeV1AppBQuick,
+ "69fe7a1ac94adaeb711295f5fe004b1a8d6a0b65d05692758ce8ad2f7a45f59d7d0b596f5"
+ "1f7dfcf3330061888f6a94f",
+ "", "",
+ "9b9a56a512cc2c5d5bcee66d03974f2701d4634b3241df132b1d2fd31fb23f003969dd787"
+ "3425f771aae298871672cbf",
+ "", "", "0", 0, 48, true},
+ {16, IkeTestType::ikeV1AppBQuick,
+ "69fe7a1ac94adaeb711295f5fe004b1a8d6a0b65d05692758ce8ad2f7a45f59d7d0b596f5"
+ "1f7dfcf3330061888f6a94f",
+ "", "", "9b9a56a512cc2c5d5bcee66d03974f", "", "", "0", 0, 15, true},
+};
+
+#endif // ike_sha384_vectors_h__
diff --git a/gtests/common/testvectors/ike-sha512-vectors.h b/gtests/common/testvectors/ike-sha512-vectors.h
new file mode 100644
index 000000000..62982e877
--- /dev/null
+++ b/gtests/common/testvectors/ike-sha512-vectors.h
@@ -0,0 +1,148 @@
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This file is generated by hand from a subset of NIST ike sample CAVs test */
+
+#ifndef ike_sha512_vectors_h__
+#define ike_sha512_vectors_h__
+
+#include "testvectors_base/test-structs.h"
+
+const IkeTestVector kIkeSha512ProofVectors[] = {
+ // these vectors are from this NIST samples
+ {1, IkeTestType::ikeGxy,
+ "b15a9cfce8c8d7eab879d6243029d40188d3b740875a6ac62f56cac4377e2edd", "", "",
+ "f05aa036dfce45a558d40418dea98096e519bc7841e3db3dd93658d118c3e83b502f398ec"
+ "b1361ec77d38a8855efff407f6f772e5d65b58eb1134096e8478d2b",
+ "acadc6314a69cfcd", "4e4ad17718fea7ce", "", 0, 0, true},
+ {2, IkeTestType::ikeV1,
+ "f05aa036dfce45a558d40418dea98096e519bc7841e3db3dd93658d118c3e83b502f398ec"
+ "b1361ec77d38a8855efff407f6f772e5d65b58eb1134096e8478d2b",
+ "b15a9cfce8c8d7eab879d6243029d40188d3b740875a6ac62f56cac4377e2edd", "",
+ "3c4be16a631aa49018fa6740745a61ab1f1a2455a96e91f159a134ccfe30303d687216961"
+ "95e95bfd530510ef2f9532491878710944db7854f00ad13c68fca01",
+ "1ff4d76565b3151a", "1f11b8eb20d57a16", "", 0, 0, true},
+ {3, IkeTestType::ikeV1,
+ "f05aa036dfce45a558d40418dea98096e519bc7841e3db3dd93658d118c3e83b502f398ec"
+ "b1361ec77d38a8855efff407f6f772e5d65b58eb1134096e8478d2b",
+ "b15a9cfce8c8d7eab879d6243029d40188d3b740875a6ac62f56cac4377e2edd",
+ "3c4be16a631aa49018fa6740745a61ab1f1a2455a96e91f159a134ccfe30303d687216961"
+ "95e95bfd530510ef2f9532491878710944db7854f00ad13c68fca01",
+ "15ecf5c80b675585e10c4388f6f9c37e8b63269a0a99851f08ba617e28c561f43eaf41122"
+ "23ff97525bf0b3897f514fce7a3acee10a61ae088c01efc5f643587",
+ "1ff4d76565b3151a", "1f11b8eb20d57a16", "", 1, 0, true},
+ {4, IkeTestType::ikeV1,
+ "f05aa036dfce45a558d40418dea98096e519bc7841e3db3dd93658d118c3e83b502f398ec"
+ "b1361ec77d38a8855efff407f6f772e5d65b58eb1134096e8478d2b",
+ "b15a9cfce8c8d7eab879d6243029d40188d3b740875a6ac62f56cac4377e2edd",
+ "15ecf5c80b675585e10c4388f6f9c37e8b63269a0a99851f08ba617e28c561f43eaf41122"
+ "23ff97525bf0b3897f514fce7a3acee10a61ae088c01efc5f643587",
+ "60f6b6c10c2b6bedc085ad6546d993c9ce1f86918d1c935c89d6631170a5dab0e37298f21"
+ "ca3b7901a53bde55a15fad39f782039ce26fc8c2ba8cbd9d4287669",
+ "1ff4d76565b3151a", "1f11b8eb20d57a16", "", 2, 0, true},
+ {5, IkeTestType::ikeV1Psk, "4c", "", "",
+ "5bcb5499ae4c1437ce6c195392bf26bf7980a59bcb787a0b58671771a3d4b06dc1eb78092"
+ "41b7e5931740b05bf8a9873bb493c5f067e28e4f58ab65c3dbe44cd",
+ "482a05eca86fba51", "84ee19d02272de2e", "", 0, 0, true},
+ {6, IkeTestType::ikeGxy,
+ "276255c3eaace5c6db32b609aa86c0ef07bba4bf2dc4c262995efd95ca607c3f", "", "",
+ "d6e74966b75fd2afab48be319d63d97c8a5d2ffe2e320763a462c664b36c3a944067d867c"
+ "3a55fd8a7e5cca64b22e24415987e15549f09a81b455adaa5303df8",
+ "97c41a9b0a03e74c", "a659fd06e1746600", "", 0, 0, true},
+ {7, IkeTestType::ikeV2Rekey,
+ "22259105314717dc73c210919ee9cb3ded774dc087e866aa3960404c0ed7b8e78e79b9938"
+ "88388e2e5cb238d4bfcb4cdee9da074a26e329d6c2f2f660cc9c711",
+ "bb4015f7727b35532021336a9e4a6370ac8729b01fbb8f15d52236820fac4709", "",
+ "ecdaf3ccb990abc898a453b03fd56f9975275f150e1e571b0560b3cb2ee67289e82b899cd"
+ "c2129fd821fe8aebea796f190765c25798f5883f923526551f16a4b",
+ "97c41a9b0a03e74c", "a659fd06e1746600", "", 0, 0, true},
+ {8, IkeTestType::ikePlus,
+ "d6e74966b75fd2afab48be319d63d97c8a5d2ffe2e320763a462c664b36c3a944067d867c"
+ "3a55fd8a7e5cca64b22e24415987e15549f09a81b455adaa5303df8",
+ "", "",
+ "22259105314717dc73c210919ee9cb3ded774dc087e866aa3960404c0ed7b8e78e79b9938"
+ "88388e2e5cb238d4bfcb4cdee9da074a26e329d6c2f2f660cc9c711c941a2fb3d85a2e5d0"
+ "1e579c8f2c9d00fa6fabe76a137b00c7ff1b291899906588c26f073d819063238c4c844f0"
+ "f8d221b65b76dbc9ed6f6368e5dba86b3e81b60eb44a1",
+ "", "",
+ // seed_data is Ni || Nr || SPIi || SPIr
+ // NOTE: there is no comma so the strings are concatenated together.
+ "97c41a9b0a03e74c" // Ni
+ "a659fd06e1746600" // Nr
+ "ff43c5c689b95481" // SPIi
+ "e2ba607f30079bb7", // SPIr
+ 0,
+ 132, true},
+ {9, IkeTestType::ikePlus,
+ "d6e74966b75fd2afab48be319d63d97c8a5d2ffe2e320763a462c664b36c3a944067d867c"
+ "3a55fd8a7e5cca64b22e24415987e15549f09a81b455adaa5303df8",
+ "", "",
+ "22259105314717dc73c210919ee9cb3ded774dc087e866aa3960404c0ed7b8e78e79b9938"
+ "88388e2e5cb238d4bfcb4cdee9da074a26e329d6c2f2f660cc9c711",
+ "", "",
+ // seed_data is Ni || Nr || SPIi || SPIr
+ // NOTE: there is no comma so the strings are concatenated together.
+ "97c41a9b0a03e74c" // Ni
+ "a659fd06e1746600" // Nr
+ "ff43c5c689b95481" // SPIi
+ "e2ba607f30079bb7", // SPIr
+ 0,
+ 64, true},
+ {10, IkeTestType::ikePlus,
+ "d6e74966b75fd2afab48be319d63d97c8a5d2ffe2e320763a462c664b36c3a944067d867c"
+ "3a55fd8a7e5cca64b22e24415987e15549f09a81b455adaa5303df8",
+ "", "", "22259105314717dc73c210919ee9cb", "", "",
+ // seed_data is Ni || Nr || SPIi || SPIr
+ // NOTE: there is no comma so the strings are concatenated together.
+ "97c41a9b0a03e74c" // Ni
+ "a659fd06e1746600" // Nr
+ "ff43c5c689b95481" // SPIi
+ "e2ba607f30079bb7", // SPIr
+ 0,
+ 15, true},
+ // These vectors are self-generated
+ {11, IkeTestType::ikeV1AppB,
+ "d6e74966b75fd2afab48be319d63d97c8a5d2ffe2e320763a462c664b36c3a944067d867c"
+ "3a55fd8a7e5cca64b22e24415987e15549f09a81b455adaa5303df8",
+ "", "",
+ "05e3de273d8a611667894a8aed01bb41984f18dc539028fa0f5252e6f05e15891faa75dfd"
+ "c1f76b745d34a4820b0068efa93c176f8cd00a7ed5745d6cffe78a76603cdcf2ebb482b12"
+ "c8fddbaf942827891b7c423b6a3675ec62e2dcf92e96eb743ae58cfd7bf188a142626ea5c"
+ "15325c1862fffc3889fc38e379f68552556c2232de5fb",
+ "", "", "", 0, 132, true},
+ {12, IkeTestType::ikeV1AppB,
+ "d6e74966b75fd2afab48be319d63d97c8a5d2ffe2e320763a462c664b36c3a944067d867c"
+ "3a55fd8a7e5cca64b22e24415987e15549f09a81b455adaa5303df8",
+ "", "",
+ "d6e74966b75fd2afab48be319d63d97c8a5d2ffe2e320763a462c664b36c3a944067d867c"
+ "3a55fd8a7e5cca64b22e24415987e15549f09a81b455adaa5303df8",
+ "", "", "", 0, 64, true},
+ {13, IkeTestType::ikeV1AppB,
+ "d6e74966b75fd2afab48be319d63d97c8a5d2ffe2e320763a462c664b36c3a944067d867c"
+ "3a55fd8a7e5cca64b22e24415987e15549f09a81b455adaa5303df8",
+ "", "", "d6e74966b75fd2afab48be319d63d9", "", "", "", 0, 15, true},
+ {14, IkeTestType::ikeV1AppBQuick,
+ "d6e74966b75fd2afab48be319d63d97c8a5d2ffe2e320763a462c664b36c3a944067d867c"
+ "3a55fd8a7e5cca64b22e24415987e15549f09a81b455adaa5303df8",
+ "", "",
+ "05e3de273d8a611667894a8aed01bb41984f18dc539028fa0f5252e6f05e15891faa75dfd"
+ "c1f76b745d34a4820b0068efa93c176f8cd00a7ed5745d6cffe78a71de07d41ab9eb3fef7"
+ "64886c6edd39b32bc05943b089adda8ceed3de5160c936600e4b171a96172569fc4410f0d"
+ "d913bfa9719cb368ffedd78d78a404749ca03c16e72c8",
+ "", "", "0", 0, 132, true},
+ {15, IkeTestType::ikeV1AppBQuick,
+ "d6e74966b75fd2afab48be319d63d97c8a5d2ffe2e320763a462c664b36c3a944067d867c"
+ "3a55fd8a7e5cca64b22e24415987e15549f09a81b455adaa5303df8",
+ "", "",
+ "05e3de273d8a611667894a8aed01bb41984f18dc539028fa0f5252e6f05e15891faa75dfd"
+ "c1f76b745d34a4820b0068efa93c176f8cd00a7ed5745d6cffe78a7",
+ "", "", "0", 0, 64, true},
+ {16, IkeTestType::ikeV1AppBQuick,
+ "d6e74966b75fd2afab48be319d63d97c8a5d2ffe2e320763a462c664b36c3a944067d867c"
+ "3a55fd8a7e5cca64b22e24415987e15549f09a81b455adaa5303df8",
+ "", "", "05e3de273d8a611667894a8aed01bb", "", "", "0", 0, 15, true},
+};
+
+#endif // ike_sha512_vectors_h__
diff --git a/gtests/common/testvectors_base/test-structs.h b/gtests/common/testvectors_base/test-structs.h
index 1f1a7ed3a..2d3d98163 100644
--- a/gtests/common/testvectors_base/test-structs.h
+++ b/gtests/common/testvectors_base/test-structs.h
@@ -88,6 +88,31 @@ typedef struct HkdfTestVectorStr {
bool valid;
} HkdfTestVector;
+enum class IkeTestType {
+ ikeGxy, /* CKM_NSS_IKE_PRF_DERIVE case 1 */
+ ikeV1Psk, /* CKM_NSS_IKE_PRF_DERIVE case 2 */
+ ikeV2Rekey, /* CKM_NSS_IKE_PRF_DERIVE case 3 */
+ ikeV1, /* CKM_NSS_IKE1_PRF_DERIVE */
+ ikeV1AppB, /* CKM_NSS_IKE1_PRF_APP_B_DERIVE base mode */
+ ikeV1AppBQuick, /* CKM_NSS_IKE1_PRF_APP_B_DERIVE quick mode */
+ ikePlus /* CKM_NSS_IKE_PRF_DERIVE */
+};
+
+typedef struct IkeTestVectorStr {
+ uint32_t id;
+ IkeTestType test_type;
+ std::string ikm;
+ std::string gxykm;
+ std::string prevkm;
+ std::string okm;
+ std::string Ni;
+ std::string Nr;
+ std::string seed_data;
+ uint8_t key_number;
+ uint32_t size;
+ bool valid;
+} IkeTestVector;
+
typedef struct RsaSignatureTestVectorStr {
SECOidTag hash_oid;
uint32_t id;
diff --git a/gtests/pk11_gtest/manifest.mn b/gtests/pk11_gtest/manifest.mn
index f560d9eb1..80530675b 100644
--- a/gtests/pk11_gtest/manifest.mn
+++ b/gtests/pk11_gtest/manifest.mn
@@ -25,6 +25,7 @@ CPPSRCS = \
pk11_hkdf_unittest.cc \
pk11_hmac_unittest.cc \
pk11_hpke_unittest.cc \
+ pk11_ike_unittest.cc \
pk11_import_unittest.cc \
pk11_kbkdf.cc \
pk11_keygen.cc \
diff --git a/gtests/pk11_gtest/pk11_gtest.gyp b/gtests/pk11_gtest/pk11_gtest.gyp
index 1982fb484..4171ea382 100644
--- a/gtests/pk11_gtest/pk11_gtest.gyp
+++ b/gtests/pk11_gtest/pk11_gtest.gyp
@@ -30,6 +30,7 @@
'pk11_hkdf_unittest.cc',
'pk11_hmac_unittest.cc',
'pk11_hpke_unittest.cc',
+ 'pk11_ike_unittest.cc',
'pk11_import_unittest.cc',
'pk11_kbkdf.cc',
'pk11_keygen.cc',
diff --git a/gtests/pk11_gtest/pk11_ike_unittest.cc b/gtests/pk11_gtest/pk11_ike_unittest.cc
new file mode 100644
index 000000000..9a8c1d1a3
--- /dev/null
+++ b/gtests/pk11_gtest/pk11_ike_unittest.cc
@@ -0,0 +1,197 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "blapi.h"
+#include "gtest/gtest.h"
+#include "nss.h"
+#include "nss_scoped_ptrs.h"
+#include "pk11pub.h"
+#include "secerr.h"
+#include "sechash.h"
+#include "util.h"
+#include "databuffer.h"
+
+#include "testvectors/ike-sha1-vectors.h"
+#include "testvectors/ike-sha256-vectors.h"
+#include "testvectors/ike-sha384-vectors.h"
+#include "testvectors/ike-sha512-vectors.h"
+#include "testvectors/ike-aesxcbc-vectors.h"
+
+namespace nss_test {
+
+class Pkcs11IkeTest : public ::testing::TestWithParam<
+ std::tuple<IkeTestVector, CK_MECHANISM_TYPE>> {
+ protected:
+ ScopedPK11SymKey ImportKey(SECItem &ikm_item) {
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ if (!slot) {
+ ADD_FAILURE() << "Can't get slot";
+ return nullptr;
+ }
+ ScopedPK11SymKey ikm(
+ PK11_ImportSymKey(slot.get(), CKM_GENERIC_SECRET_KEY_GEN,
+ PK11_OriginUnwrap, CKA_DERIVE, &ikm_item, nullptr));
+ return ikm;
+ }
+
+ void RunVectorTest(const IkeTestVector &vec, CK_MECHANISM_TYPE prf_mech) {
+ std::string msg = "Test #" + std::to_string(vec.id) + " failed";
+ std::vector<uint8_t> vec_ikm = hex_string_to_bytes(vec.ikm);
+ std::vector<uint8_t> vec_okm = hex_string_to_bytes(vec.okm);
+ std::vector<uint8_t> vec_gxykm = hex_string_to_bytes(vec.gxykm);
+ std::vector<uint8_t> vec_prevkm = hex_string_to_bytes(vec.prevkm);
+ std::vector<uint8_t> vec_Ni = hex_string_to_bytes(vec.Ni);
+ std::vector<uint8_t> vec_Nr = hex_string_to_bytes(vec.Nr);
+ std::vector<uint8_t> vec_seed_data = hex_string_to_bytes(vec.seed_data);
+ SECItem ikm_item = {siBuffer, vec_ikm.data(),
+ static_cast<unsigned int>(vec_ikm.size())};
+ SECItem okm_item = {siBuffer, vec_okm.data(),
+ static_cast<unsigned int>(vec_okm.size())};
+ SECItem prevkm_item = {siBuffer, vec_prevkm.data(),
+ static_cast<unsigned int>(vec_prevkm.size())};
+ SECItem gxykm_item = {siBuffer, vec_gxykm.data(),
+ static_cast<unsigned int>(vec_gxykm.size())};
+ CK_MECHANISM_TYPE derive_mech = CKM_NSS_IKE_PRF_DERIVE;
+ ScopedPK11SymKey gxy_key = nullptr;
+ ScopedPK11SymKey prev_key = nullptr;
+ ScopedPK11SymKey ikm = ImportKey(ikm_item);
+
+ // IKE_PRF structure (used in cases 1, 2 and 3)
+ CK_NSS_IKE_PRF_DERIVE_PARAMS nss_ike_prf_params = {
+ prf_mech,
+ CK_FALSE,
+ CK_FALSE,
+ vec_Ni.data(),
+ static_cast<CK_ULONG>(vec_Ni.size()),
+ vec_Nr.data(),
+ static_cast<CK_ULONG>(vec_Nr.size()),
+ CK_INVALID_HANDLE};
+
+ // IKE_V1_PRF, used to derive session keys.
+ CK_NSS_IKE1_PRF_DERIVE_PARAMS nss_ike_v1_prf_params = {
+ prf_mech, false,
+ CK_INVALID_HANDLE, CK_INVALID_HANDLE,
+ vec_Ni.data(), static_cast<CK_ULONG>(vec_Ni.size()),
+ vec_Nr.data(), static_cast<CK_ULONG>(vec_Nr.size()),
+ vec.key_number};
+
+ // IKE_V1_APP_B, do quick mode (all session keys in one call).
+ CK_NSS_IKE1_APP_B_PRF_DERIVE_PARAMS nss_ike_app_b_prf_params_quick = {
+ prf_mech, CK_FALSE, CK_INVALID_HANDLE, vec_seed_data.data(),
+ static_cast<CK_ULONG>(vec_seed_data.size())};
+
+ // IKE_V1_APP_B, used for long session keys in ike_v1
+ CK_MECHANISM_TYPE nss_ike_app_b_prf_params = prf_mech;
+
+ // IKE_PRF_PLUS, used to generate session keys in ike v2
+ CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS nss_ike_prf_plus_params = {
+ prf_mech, CK_FALSE, CK_INVALID_HANDLE, vec_seed_data.data(),
+ static_cast<CK_ULONG>(vec_seed_data.size())};
+
+ SECItem params_item = {siBuffer, (unsigned char *)&nss_ike_prf_params,
+ sizeof(nss_ike_prf_params)};
+
+ switch (vec.test_type) {
+ case IkeTestType::ikeGxy:
+ nss_ike_prf_params.bDataAsKey = true;
+ break;
+ case IkeTestType::ikeV1Psk:
+ break;
+ case IkeTestType::ikeV2Rekey:
+ nss_ike_prf_params.bRekey = true;
+ gxy_key = ImportKey(gxykm_item);
+ nss_ike_prf_params.hNewKey = PK11_GetSymKeyHandle(gxy_key.get());
+ break;
+ case IkeTestType::ikeV1:
+ derive_mech = CKM_NSS_IKE1_PRF_DERIVE;
+ params_item.data = (unsigned char *)&nss_ike_v1_prf_params;
+ params_item.len = sizeof(nss_ike_v1_prf_params);
+ gxy_key = ImportKey(gxykm_item);
+ nss_ike_v1_prf_params.hKeygxy = PK11_GetSymKeyHandle(gxy_key.get());
+ if (prevkm_item.len != 0) {
+ prev_key = ImportKey(prevkm_item);
+ nss_ike_v1_prf_params.bHasPrevKey = true;
+ nss_ike_v1_prf_params.hPrevKey = PK11_GetSymKeyHandle(prev_key.get());
+ }
+ break;
+ case IkeTestType::ikeV1AppB:
+ derive_mech = CKM_NSS_IKE1_APP_B_PRF_DERIVE;
+ params_item.data = (unsigned char *)&nss_ike_app_b_prf_params;
+ params_item.len = sizeof(nss_ike_app_b_prf_params);
+ break;
+ case IkeTestType::ikeV1AppBQuick:
+ derive_mech = CKM_NSS_IKE1_APP_B_PRF_DERIVE;
+ params_item.data = (unsigned char *)&nss_ike_app_b_prf_params_quick;
+ params_item.len = sizeof(nss_ike_app_b_prf_params_quick);
+ if (gxykm_item.len != 0) {
+ gxy_key = ImportKey(gxykm_item);
+ nss_ike_app_b_prf_params_quick.bHasKeygxy = true;
+ nss_ike_app_b_prf_params_quick.hKeygxy =
+ PK11_GetSymKeyHandle(gxy_key.get());
+ }
+ break;
+ case IkeTestType::ikePlus:
+ derive_mech = CKM_NSS_IKE_PRF_PLUS_DERIVE;
+ params_item.data = (unsigned char *)&nss_ike_prf_plus_params;
+ params_item.len = sizeof(nss_ike_prf_plus_params);
+ break;
+ default:
+ ADD_FAILURE() << msg;
+ return;
+ }
+ ASSERT_NE(nullptr, ikm) << msg;
+
+ ScopedPK11SymKey okm = ScopedPK11SymKey(
+ PK11_Derive(ikm.get(), derive_mech, &params_item,
+ CKM_GENERIC_SECRET_KEY_GEN, CKA_DERIVE, vec.size));
+ if (vec.valid) {
+ ASSERT_NE(nullptr, okm.get()) << msg;
+ ASSERT_EQ(SECSuccess, PK11_ExtractKeyValue(okm.get())) << msg;
+ SECItem *outItem = PK11_GetKeyData(okm.get());
+ SECItem nullItem = {siBuffer, NULL, 0};
+ if (outItem == NULL) {
+ outItem = &nullItem;
+ }
+ ASSERT_EQ(0, SECITEM_CompareItem(&okm_item, PK11_GetKeyData(okm.get())))
+ << msg << std::endl
+ << " expect:" << DataBuffer(okm_item.data, okm_item.len) << std::endl
+ << " calc'd:" << DataBuffer(outItem->data, outItem->len) << std::endl;
+ } else {
+ ASSERT_EQ(nullptr, okm.get()) << msg;
+ }
+ }
+};
+
+TEST_P(Pkcs11IkeTest, IkeproofVectors) {
+ RunVectorTest(std::get<0>(GetParam()), std::get<1>(GetParam()));
+}
+
+INSTANTIATE_TEST_SUITE_P(
+ IkeSha1, Pkcs11IkeTest,
+ ::testing::Combine(::testing::ValuesIn(kIkeSha1ProofVectors),
+ ::testing::Values(CKM_SHA_1_HMAC)));
+INSTANTIATE_TEST_SUITE_P(
+ IkeSha256, Pkcs11IkeTest,
+ ::testing::Combine(::testing::ValuesIn(kIkeSha256ProofVectors),
+ ::testing::Values(CKM_SHA256_HMAC)));
+
+INSTANTIATE_TEST_SUITE_P(
+ IkeSha384, Pkcs11IkeTest,
+ ::testing::Combine(::testing::ValuesIn(kIkeSha384ProofVectors),
+ ::testing::Values(CKM_SHA384_HMAC)));
+
+INSTANTIATE_TEST_SUITE_P(
+ IkeSha512, Pkcs11IkeTest,
+ ::testing::Combine(::testing::ValuesIn(kIkeSha512ProofVectors),
+ ::testing::Values(CKM_SHA512_HMAC)));
+
+INSTANTIATE_TEST_SUITE_P(
+ IkeAESXCBC, Pkcs11IkeTest,
+ ::testing::Combine(::testing::ValuesIn(kIkeAesXcbcProofVectors),
+ ::testing::Values(CKM_AES_XCBC_MAC)));
+
+} // namespace nss_test
diff --git a/lib/softoken/sftkike.c b/lib/softoken/sftkike.c
index 27eacc087..049675ff8 100644
--- a/lib/softoken/sftkike.c
+++ b/lib/softoken/sftkike.c
@@ -720,6 +720,7 @@ sftk_ike1_appendix_b_prf(CK_SESSION_HANDLE hSession, const SFTKAttribute *inKey,
unsigned int macSize;
unsigned int outKeySize;
unsigned int genKeySize;
+ PRBool quickMode = PR_FALSE;
CK_RV crv;
prfContext context;
@@ -748,6 +749,11 @@ sftk_ike1_appendix_b_prf(CK_SESSION_HANDLE hSession, const SFTKAttribute *inKey,
crv = CKR_KEY_HANDLE_INVALID;
goto fail;
}
+ quickMode = PR_TRUE;
+ }
+
+ if (params->ulExtraDataLen != 0) {
+ quickMode = PR_TRUE;
}
macSize = prf_length(&context);
@@ -756,10 +762,16 @@ sftk_ike1_appendix_b_prf(CK_SESSION_HANDLE hSession, const SFTKAttribute *inKey,
keySize = macSize;
}
- if (keySize <= inKey->attrib.ulValueLen) {
+ /* In appendix B, we are just expanding or contracting a single key.
+ * If the input key is less than or equal to the the key size we want,
+ * just subset the original key. In quick mode we are actually getting
+ * new keys (salted with our seed data and our gxy key), so we want to
+ * run through our algorithm */
+ if ((!quickMode) && (keySize <= inKey->attrib.ulValueLen)) {
return sftk_forceAttribute(outKey, CKA_VALUE,
inKey->attrib.pValue, keySize);
}
+
outKeySize = PR_ROUNDUP(keySize, macSize);
outKeyData = PORT_Alloc(outKeySize);
if (outKeyData == NULL) {
@@ -774,7 +786,7 @@ sftk_ike1_appendix_b_prf(CK_SESSION_HANDLE hSession, const SFTKAttribute *inKey,
* key is inKey
*/
thisKey = outKeyData;
- for (genKeySize = 0; genKeySize <= keySize; genKeySize += macSize) {
+ for (genKeySize = 0; genKeySize < keySize; genKeySize += macSize) {
PRBool hashedData = PR_FALSE;
crv = prf_init(&context, inKey->attrib.pValue, inKey->attrib.ulValueLen);
if (crv != CKR_OK) {
View Lorry Controller Status