1 /* 2 * Test program for SHA1 and MD5 3 * Copyright (c) 2003-2006, Jouni Malinen <j (at) w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 */ 14 15 #include "includes.h" 16 17 #include "common.h" 18 #include "crypto/sha1.h" 19 #include "md5.h" 20 #include "crypto.h" 21 22 23 static int test_eap_fast(void) 24 { 25 /* RFC 4851, Appendix B.1 */ 26 const u8 pac_key[] = { 27 0x0B, 0x97, 0x39, 0x0F, 0x37, 0x51, 0x78, 0x09, 28 0x81, 0x1E, 0xFD, 0x9C, 0x6E, 0x65, 0x94, 0x2B, 29 0x63, 0x2C, 0xE9, 0x53, 0x89, 0x38, 0x08, 0xBA, 30 0x36, 0x0B, 0x03, 0x7C, 0xD1, 0x85, 0xE4, 0x14 31 }; 32 const u8 seed[] = { 33 0x3F, 0xFB, 0x11, 0xC4, 0x6C, 0xBF, 0xA5, 0x7A, 34 0x54, 0x40, 0xDA, 0xE8, 0x22, 0xD3, 0x11, 0xD3, 35 0xF7, 0x6D, 0xE4, 0x1D, 0xD9, 0x33, 0xE5, 0x93, 36 0x70, 0x97, 0xEB, 0xA9, 0xB3, 0x66, 0xF4, 0x2A, 37 0x00, 0x00, 0x00, 0x02, 0x6A, 0x66, 0x43, 0x2A, 38 0x8D, 0x14, 0x43, 0x2C, 0xEC, 0x58, 0x2D, 0x2F, 39 0xC7, 0x9C, 0x33, 0x64, 0xBA, 0x04, 0xAD, 0x3A, 40 0x52, 0x54, 0xD6, 0xA5, 0x79, 0xAD, 0x1E, 0x00 41 }; 42 const u8 master_secret[] = { 43 0x4A, 0x1A, 0x51, 0x2C, 0x01, 0x60, 0xBC, 0x02, 44 0x3C, 0xCF, 0xBC, 0x83, 0x3F, 0x03, 0xBC, 0x64, 45 0x88, 0xC1, 0x31, 0x2F, 0x0B, 0xA9, 0xA2, 0x77, 46 0x16, 0xA8, 0xD8, 0xE8, 0xBD, 0xC9, 0xD2, 0x29, 47 0x38, 0x4B, 0x7A, 0x85, 0xBE, 0x16, 0x4D, 0x27, 48 0x33, 0xD5, 0x24, 0x79, 0x87, 0xB1, 0xC5, 0xA2 49 }; 50 const u8 key_block[] = { 51 0x59, 0x59, 0xBE, 0x8E, 0x41, 0x3A, 0x77, 0x74, 52 0x8B, 0xB2, 0xE5, 0xD3, 0x60, 0xAC, 0x4D, 0x35, 53 0xDF, 0xFB, 0xC8, 0x1E, 0x9C, 0x24, 0x9C, 0x8B, 54 0x0E, 0xC3, 0x1D, 0x72, 0xC8, 0x84, 0x9D, 0x57, 55 0x48, 0x51, 0x2E, 0x45, 0x97, 0x6C, 0x88, 0x70, 56 0xBE, 0x5F, 0x01, 0xD3, 0x64, 0xE7, 0x4C, 0xBB, 57 0x11, 0x24, 0xE3, 0x49, 0xE2, 0x3B, 0xCD, 0xEF, 58 0x7A, 0xB3, 0x05, 0x39, 0x5D, 0x64, 0x8A, 0x44, 59 0x11, 0xB6, 0x69, 0x88, 0x34, 0x2E, 0x8E, 0x29, 60 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05, 61 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96, 62 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84, 63 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98, 64 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71 65 }; 66 const u8 sks[] = { 67 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05, 68 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96, 69 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84, 70 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98, 71 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71 72 }; 73 const u8 isk[] = { 74 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 75 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 76 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 77 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 78 }; 79 const u8 imck[] = { 80 0x16, 0x15, 0x3C, 0x3F, 0x21, 0x55, 0xEF, 0xD9, 81 0x7F, 0x34, 0xAE, 0xC8, 0x1A, 0x4E, 0x66, 0x80, 82 0x4C, 0xC3, 0x76, 0xF2, 0x8A, 0xA9, 0x6F, 0x96, 83 0xC2, 0x54, 0x5F, 0x8C, 0xAB, 0x65, 0x02, 0xE1, 84 0x18, 0x40, 0x7B, 0x56, 0xBE, 0xEA, 0xA7, 0xC5, 85 0x76, 0x5D, 0x8F, 0x0B, 0xC5, 0x07, 0xC6, 0xB9, 86 0x04, 0xD0, 0x69, 0x56, 0x72, 0x8B, 0x6B, 0xB8, 87 0x15, 0xEC, 0x57, 0x7B 88 }; 89 const u8 msk[] = { 90 0x4D, 0x83, 0xA9, 0xBE, 0x6F, 0x8A, 0x74, 0xED, 91 0x6A, 0x02, 0x66, 0x0A, 0x63, 0x4D, 0x2C, 0x33, 92 0xC2, 0xDA, 0x60, 0x15, 0xC6, 0x37, 0x04, 0x51, 93 0x90, 0x38, 0x63, 0xDA, 0x54, 0x3E, 0x14, 0xB9, 94 0x27, 0x99, 0x18, 0x1E, 0x07, 0xBF, 0x0F, 0x5A, 95 0x5E, 0x3C, 0x32, 0x93, 0x80, 0x8C, 0x6C, 0x49, 96 0x67, 0xED, 0x24, 0xFE, 0x45, 0x40, 0xA0, 0x59, 97 0x5E, 0x37, 0xC2, 0xE9, 0xD0, 0x5D, 0x0A, 0xE3 98 }; 99 const u8 emsk[] = { 100 0x3A, 0xD4, 0xAB, 0xDB, 0x76, 0xB2, 0x7F, 0x3B, 101 0xEA, 0x32, 0x2C, 0x2B, 0x74, 0xF4, 0x28, 0x55, 102 0xEF, 0x2D, 0xBA, 0x78, 0xC9, 0x57, 0x2F, 0x0D, 103 0x06, 0xCD, 0x51, 0x7C, 0x20, 0x93, 0x98, 0xA9, 104 0x76, 0xEA, 0x70, 0x21, 0xD7, 0x0E, 0x25, 0x54, 105 0x97, 0xED, 0xB2, 0x8A, 0xF6, 0xED, 0xFD, 0x0A, 106 0x2A, 0xE7, 0xA1, 0x58, 0x90, 0x10, 0x50, 0x44, 107 0xB3, 0x82, 0x85, 0xDB, 0x06, 0x14, 0xD2, 0xF9 108 }; 109 /* RFC 4851, Appendix B.2 */ 110 u8 tlv[] = { 111 0x80, 0x0C, 0x00, 0x38, 0x00, 0x01, 0x01, 0x00, 112 0xD8, 0x6A, 0x8C, 0x68, 0x3C, 0x32, 0x31, 0xA8, 113 0x56, 0x63, 0xB6, 0x40, 0x21, 0xFE, 0x21, 0x14, 114 0x4E, 0xE7, 0x54, 0x20, 0x79, 0x2D, 0x42, 0x62, 115 0xC9, 0xBF, 0x53, 0x7F, 0x54, 0xFD, 0xAC, 0x58, 116 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF, 117 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC, 118 0x05, 0xC5, 0x5B, 0xB7 119 }; 120 const u8 compound_mac[] = { 121 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF, 122 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC, 123 0x05, 0xC5, 0x5B, 0xB7 124 }; 125 u8 buf[512]; 126 const u8 *simck, *cmk; 127 int errors = 0; 128 129 printf("EAP-FAST test cases\n"); 130 131 printf("- T-PRF (SHA1) test case / master_secret\n"); 132 sha1_t_prf(pac_key, sizeof(pac_key), "PAC to master secret label hash", 133 seed, sizeof(seed), buf, sizeof(master_secret)); 134 if (memcmp(master_secret, buf, sizeof(master_secret)) != 0) { 135 printf("T-PRF test - FAILED!\n"); 136 errors++; 137 } 138 139 printf("- PRF (TLS, SHA1/MD5) test case / key_block\n"); 140 tls_prf(master_secret, sizeof(master_secret), "key expansion", 141 seed, sizeof(seed), buf, sizeof(key_block)); 142 if (memcmp(key_block, buf, sizeof(key_block)) != 0) { 143 printf("PRF test - FAILED!\n"); 144 errors++; 145 } 146 147 printf("- T-PRF (SHA1) test case / IMCK\n"); 148 sha1_t_prf(sks, sizeof(sks), "Inner Methods Compound Keys", 149 isk, sizeof(isk), buf, sizeof(imck)); 150 if (memcmp(imck, buf, sizeof(imck)) != 0) { 151 printf("T-PRF test - FAILED!\n"); 152 errors++; 153 } 154 155 simck = imck; 156 cmk = imck + 40; 157 158 printf("- T-PRF (SHA1) test case / MSK\n"); 159 sha1_t_prf(simck, 40, "Session Key Generating Function", 160 (u8 *) "", 0, buf, sizeof(msk)); 161 if (memcmp(msk, buf, sizeof(msk)) != 0) { 162 printf("T-PRF test - FAILED!\n"); 163 errors++; 164 } 165 166 printf("- T-PRF (SHA1) test case / EMSK\n"); 167 sha1_t_prf(simck, 40, "Extended Session Key Generating Function", 168 (u8 *) "", 0, buf, sizeof(msk)); 169 if (memcmp(emsk, buf, sizeof(emsk)) != 0) { 170 printf("T-PRF test - FAILED!\n"); 171 errors++; 172 } 173 174 printf("- Compound MAC test case\n"); 175 memset(tlv + sizeof(tlv) - 20, 0, 20); 176 hmac_sha1(cmk, 20, tlv, sizeof(tlv), tlv + sizeof(tlv) - 20); 177 if (memcmp(tlv + sizeof(tlv) - 20, compound_mac, sizeof(compound_mac)) 178 != 0) { 179 printf("Compound MAC test - FAILED!\n"); 180 errors++; 181 } 182 183 return errors; 184 } 185 186 187 static u8 key0[] = 188 { 189 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 190 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 191 0x0b, 0x0b, 0x0b, 0x0b 192 }; 193 static u8 data0[] = "Hi There"; 194 static u8 prf0[] = 195 { 196 0xbc, 0xd4, 0xc6, 0x50, 0xb3, 0x0b, 0x96, 0x84, 197 0x95, 0x18, 0x29, 0xe0, 0xd7, 0x5f, 0x9d, 0x54, 198 0xb8, 0x62, 0x17, 0x5e, 0xd9, 0xf0, 0x06, 0x06, 199 0xe1, 0x7d, 0x8d, 0xa3, 0x54, 0x02, 0xff, 0xee, 200 0x75, 0xdf, 0x78, 0xc3, 0xd3, 0x1e, 0x0f, 0x88, 201 0x9f, 0x01, 0x21, 0x20, 0xc0, 0x86, 0x2b, 0xeb, 202 0x67, 0x75, 0x3e, 0x74, 0x39, 0xae, 0x24, 0x2e, 203 0xdb, 0x83, 0x73, 0x69, 0x83, 0x56, 0xcf, 0x5a 204 }; 205 206 static u8 key1[] = "Jefe"; 207 static u8 data1[] = "what do ya want for nothing?"; 208 static u8 prf1[] = 209 { 210 0x51, 0xf4, 0xde, 0x5b, 0x33, 0xf2, 0x49, 0xad, 211 0xf8, 0x1a, 0xeb, 0x71, 0x3a, 0x3c, 0x20, 0xf4, 212 0xfe, 0x63, 0x14, 0x46, 0xfa, 0xbd, 0xfa, 0x58, 213 0x24, 0x47, 0x59, 0xae, 0x58, 0xef, 0x90, 0x09, 214 0xa9, 0x9a, 0xbf, 0x4e, 0xac, 0x2c, 0xa5, 0xfa, 215 0x87, 0xe6, 0x92, 0xc4, 0x40, 0xeb, 0x40, 0x02, 216 0x3e, 0x7b, 0xab, 0xb2, 0x06, 0xd6, 0x1d, 0xe7, 217 0xb9, 0x2f, 0x41, 0x52, 0x90, 0x92, 0xb8, 0xfc 218 }; 219 220 221 static u8 key2[] = 222 { 223 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 224 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 225 0xaa, 0xaa, 0xaa, 0xaa 226 }; 227 static u8 data2[] = 228 { 229 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 230 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 231 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 232 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 233 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 234 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 235 0xdd, 0xdd 236 }; 237 static u8 prf2[] = 238 { 239 0xe1, 0xac, 0x54, 0x6e, 0xc4, 0xcb, 0x63, 0x6f, 240 0x99, 0x76, 0x48, 0x7b, 0xe5, 0xc8, 0x6b, 0xe1, 241 0x7a, 0x02, 0x52, 0xca, 0x5d, 0x8d, 0x8d, 0xf1, 242 0x2c, 0xfb, 0x04, 0x73, 0x52, 0x52, 0x49, 0xce, 243 0x9d, 0xd8, 0xd1, 0x77, 0xea, 0xd7, 0x10, 0xbc, 244 0x9b, 0x59, 0x05, 0x47, 0x23, 0x91, 0x07, 0xae, 245 0xf7, 0xb4, 0xab, 0xd4, 0x3d, 0x87, 0xf0, 0xa6, 246 0x8f, 0x1c, 0xbd, 0x9e, 0x2b, 0x6f, 0x76, 0x07 247 }; 248 249 250 struct passphrase_test { 251 char *passphrase; 252 char *ssid; 253 char psk[32]; 254 }; 255 256 static struct passphrase_test passphrase_tests[] = 257 { 258 { 259 "password", 260 "IEEE", 261 { 262 0xf4, 0x2c, 0x6f, 0xc5, 0x2d, 0xf0, 0xeb, 0xef, 263 0x9e, 0xbb, 0x4b, 0x90, 0xb3, 0x8a, 0x5f, 0x90, 264 0x2e, 0x83, 0xfe, 0x1b, 0x13, 0x5a, 0x70, 0xe2, 265 0x3a, 0xed, 0x76, 0x2e, 0x97, 0x10, 0xa1, 0x2e 266 } 267 }, 268 { 269 "ThisIsAPassword", 270 "ThisIsASSID", 271 { 272 0x0d, 0xc0, 0xd6, 0xeb, 0x90, 0x55, 0x5e, 0xd6, 273 0x41, 0x97, 0x56, 0xb9, 0xa1, 0x5e, 0xc3, 0xe3, 274 0x20, 0x9b, 0x63, 0xdf, 0x70, 0x7d, 0xd5, 0x08, 275 0xd1, 0x45, 0x81, 0xf8, 0x98, 0x27, 0x21, 0xaf 276 } 277 }, 278 { 279 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 280 "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ", 281 { 282 0xbe, 0xcb, 0x93, 0x86, 0x6b, 0xb8, 0xc3, 0x83, 283 0x2c, 0xb7, 0x77, 0xc2, 0xf5, 0x59, 0x80, 0x7c, 284 0x8c, 0x59, 0xaf, 0xcb, 0x6e, 0xae, 0x73, 0x48, 285 0x85, 0x00, 0x13, 0x00, 0xa9, 0x81, 0xcc, 0x62 286 } 287 }, 288 }; 289 290 #define NUM_PASSPHRASE_TESTS \ 291 (sizeof(passphrase_tests) / sizeof(passphrase_tests[0])) 292 293 294 int main(int argc, char *argv[]) 295 { 296 u8 res[512]; 297 int ret = 0; 298 unsigned int i; 299 300 printf("PRF-SHA1 test cases:\n"); 301 302 sha1_prf(key0, sizeof(key0), "prefix", data0, sizeof(data0) - 1, 303 res, sizeof(prf0)); 304 if (memcmp(res, prf0, sizeof(prf0)) == 0) 305 printf("Test case 0 - OK\n"); 306 else { 307 printf("Test case 0 - FAILED!\n"); 308 ret++; 309 } 310 311 sha1_prf(key1, sizeof(key1) - 1, "prefix", data1, sizeof(data1) - 1, 312 res, sizeof(prf1)); 313 if (memcmp(res, prf1, sizeof(prf1)) == 0) 314 printf("Test case 1 - OK\n"); 315 else { 316 printf("Test case 1 - FAILED!\n"); 317 ret++; 318 } 319 320 sha1_prf(key2, sizeof(key2), "prefix", data2, sizeof(data2), 321 res, sizeof(prf2)); 322 if (memcmp(res, prf2, sizeof(prf2)) == 0) 323 printf("Test case 2 - OK\n"); 324 else { 325 printf("Test case 2 - FAILED!\n"); 326 ret++; 327 } 328 329 ret += test_eap_fast(); 330 331 printf("PBKDF2-SHA1 Passphrase test cases:\n"); 332 for (i = 0; i < NUM_PASSPHRASE_TESTS; i++) { 333 u8 psk[32]; 334 struct passphrase_test *test = &passphrase_tests[i]; 335 pbkdf2_sha1(test->passphrase, 336 test->ssid, strlen(test->ssid), 337 4096, psk, 32); 338 if (memcmp(psk, test->psk, 32) == 0) 339 printf("Test case %d - OK\n", i); 340 else { 341 printf("Test case %d - FAILED!\n", i); 342 ret++; 343 } 344 } 345 346 return ret; 347 } 348
