Bug 1682071 IKE Quick mode IPSEC give you incorrect keys if you are asking for keys smaller than the hash size.
IKE Appendix B fixes.
This patch fixes 2 problems.
If you run either ike v1 App B or quick mode asking for a key with length
mod macsize = 0, you will generate an extra block that's not used and
overwrites the end of the buffer.
If you use quick mode, the function incorrectly subsets the existing key
rather than generating a new key. This is correct behavior for Appendix B,
where appendix B is trying to take a generated key and create a new longer
key (with no diversification, just transform the key into something that's
longer), so if you ask for a key less than or equal to, then you want to just
subset the original key. In quick mode you are taking a base key and creating
a set of new keys based on additional data, so you want to subset the generated
data. This patch only subsets the original key if you aren't doing quickmode.
Full test vectors have now been added for all ike modes in this patch as well
(previously we depended on the FIPS CAVS tests to test ike, which covers
basic IKEv1, IKEv1_psk, and IKEv2 but not IKEv1 App B and IKE v1 Quick mode).
Differential Revision: https://phabricator.services.mozilla.com/D99569