xref: /netbsd-src/tests/net/ipsec/algorithms.sh (revision 15fbe2319306d68c71b61a89e77da84565cd685a) 
1#	$NetBSD: algorithms.sh,v 1.3 2017/04/27 08:06:59 ozaki-r Exp $
2#
3# Copyright (c) 2017 Internet Initiative Japan Inc.
4# All rights reserved.
5#
6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions
8# are met:
9# 1. Redistributions of source code must retain the above copyright
10#    notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright
12#    notice, this list of conditions and the following disclaimer in the
13#    documentation and/or other materials provided with the distribution.
14#
15# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
16# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
17# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
18# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
19# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
20# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
21# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
23# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
24# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
25# POSSIBILITY OF SUCH DAMAGE.
26#
27
28ESP_ENCRYPTION_ALGORITHMS="des-cbc 3des-cbc null blowfish-cbc cast128-cbc \
29    des-deriv rijndael-cbc aes-ctr camellia-cbc aes-gcm-16 aes-gmac"
30ESP_ENCRYPTION_ALGORITHMS_MINIMUM="null rijndael-cbc"
31
32# Valid key lengths of ESP encription algorithms
33#    des-cbc         64
34#    3des-cbc        192
35#    null            0 to 2048     XXX only accept 0 length
36#    blowfish-cbc    40 to 448
37#    cast128-cbc     40 to 128
38#    des-deriv       64
39#    3des-deriv      192           XXX not implemented
40#    rijndael-cbc    128/192/256
41#    twofish-cbc     0 to 256      XXX not supported
42#    aes-ctr         160/224/288
43#    camellia-cbc    128/192/256
44#    aes-gcm-16      160/224/288
45#    aes-gmac        160/224/288
46valid_keys_descbc="64"
47invalid_keys_descbc="56 72"
48valid_keys_3descbc="192"
49invalid_keys_3descbc="184 200"
50#valid_keys_null="0 2048"
51valid_keys_null="0"
52invalid_keys_null="8"
53valid_keys_blowfishcbc="40 448"
54invalid_keys_blowfishcbc="32 456"
55valid_keys_cast128cbc="40 128"
56invalid_keys_cast128cbc="32 136"
57valid_keys_desderiv="64"
58invalid_keys_desderiv="56 72"
59#valid_keys_3desderiv="192"
60#invalid_keys_3desderiv="184 200"
61valid_keys_rijndaelcbc="128 192 256"
62invalid_keys_rijndaelcbc="120 136 184 200 248 264"
63#valid_keys_twofishcbc="0 256"
64#invalid_keys_twofishcbc="264"
65valid_keys_aesctr="160 224 288"
66invalid_keys_aesctr="152 168 216 232 280 296"
67valid_keys_camelliacbc="128 192 256"
68invalid_keys_camelliacbc="120 136 184 200 248 264"
69valid_keys_aesgcm16="160 224 288"
70invalid_keys_aesgcm16="152 168 216 232 280 296"
71valid_keys_aesgmac="160 224 288"
72invalid_keys_aesgmac="152 168 216 232 280 296"
73
74AH_AUTHENTICATION_ALGORITHMS="hmac-md5 hmac-sha1 keyed-md5 keyed-sha1 null \
75    hmac-sha256 hmac-sha384 hmac-sha512 hmac-ripemd160 aes-xcbc-mac"
76AH_AUTHENTICATION_ALGORITHMS_MINIMUM="null hmac-sha512"
77
78# Valid key lengths of AH authentication algorithms
79#    hmac-md5        128
80#    hmac-sha1       160
81#    keyed-md5       128
82#    keyed-sha1      160
83#    null            0 to 2048
84#    hmac-sha256     256
85#    hmac-sha384     384
86#    hmac-sha512     512
87#    hmac-ripemd160  160
88#    aes-xcbc-mac    128
89#    tcp-md5         8 to 640  XXX not enabled in rump kernels
90valid_keys_hmacmd5="128"
91invalid_keys_hmacmd5="120 136"
92valid_keys_hmacsha1="160"
93invalid_keys_hmacsha1="152 168"
94valid_keys_keyedmd5="128"
95invalid_keys_keyedmd5="120 136"
96valid_keys_keyedsha1="160"
97invalid_keys_keyedsha1="152 168"
98#valid_keys_null="0 2048"
99valid_keys_null="0"
100invalid_keys_null="8"
101valid_keys_hmacsha256="256"
102invalid_keys_hmacsha256="248 264"
103valid_keys_hmacsha384="384"
104invalid_keys_hmacsha384="376 392"
105valid_keys_hmacsha512="512"
106invalid_keys_hmacsha512="504 520"
107valid_keys_hmacripemd160="160"
108invalid_keys_hmacripemd160="152 168"
109valid_keys_aesxcbcmac="128"
110invalid_keys_aesxcbcmac="120 136"
111#valid_keys_tcpmd5="8 640"
112#invalid_keys_tcpmd5="648"
113
114get_one_valid_keylen()
115{
116	local algo=$1
117	local _algo=$(echo $algo | sed 's/-//g')
118	local len=
119	local keylengths=
120
121	eval keylengths="\$valid_keys_${_algo}"
122
123	for len in $(echo $keylengths); do
124		break;
125	done
126
127	echo $len
128}
129
130get_valid_keylengths()
131{
132	local algo=$1
133	local _algo=$(echo $algo | sed 's/-//g')
134
135	eval keylengths="\$valid_keys_${_algo}"
136	echo $keylengths
137}
138
139get_invalid_keylengths()
140{
141	local algo=$1
142	local _algo=$(echo $algo | sed 's/-//g')
143
144	eval keylengths="\$invalid_keys_${_algo}"
145	echo $keylengths
146}
147
148generate_key()
149{
150	local keylen=$(($1 / 8))
151	local key=
152
153	while [ $keylen -gt 0 ]; do
154		key="${key}a"
155		keylen=$((keylen - 1))
156	done
157	if [ ! -z "$key" ]; then
158		key="\"$key\""
159	fi
160
161	echo $key
162}
163