1 /* 2 * crypto module tests 3 * Copyright (c) 2014-2015, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "crypto/aes_siv.h" 13 #include "crypto/aes_wrap.h" 14 #include "crypto/aes.h" 15 #include "crypto/ms_funcs.h" 16 #include "crypto/crypto.h" 17 #include "crypto/sha1.h" 18 #include "crypto/sha256.h" 19 20 21 static int test_siv(void) 22 { 23 #ifdef CONFIG_MESH 24 /* RFC 5297, A.1. Deterministic Authenticated Encryption Example */ 25 u8 key[] = { 26 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 27 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0, 28 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 29 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff 30 }; 31 u8 ad[] = { 32 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 33 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 34 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27 35 }; 36 u8 plaintext[] = { 37 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 38 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee 39 }; 40 u8 iv_c[] = { 41 0x85, 0x63, 0x2d, 0x07, 0xc6, 0xe8, 0xf3, 0x7f, 42 0x95, 0x0a, 0xcd, 0x32, 0x0a, 0x2e, 0xcc, 0x93, 43 0x40, 0xc0, 0x2b, 0x96, 0x90, 0xc4, 0xdc, 0x04, 44 0xda, 0xef, 0x7f, 0x6a, 0xfe, 0x5c 45 }; 46 /* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */ 47 u8 key_2[] = { 48 0x7f, 0x7e, 0x7d, 0x7c, 0x7b, 0x7a, 0x79, 0x78, 49 0x77, 0x76, 0x75, 0x74, 0x73, 0x72, 0x71, 0x70, 50 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 51 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f 52 }; 53 u8 ad1_2[] = { 54 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 55 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 56 0xde, 0xad, 0xda, 0xda, 0xde, 0xad, 0xda, 0xda, 57 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88, 58 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00 59 }; 60 u8 ad2_2[] = { 61 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80, 62 0x90, 0xa0 63 }; 64 u8 nonce_2[] = { 65 0x09, 0xf9, 0x11, 0x02, 0x9d, 0x74, 0xe3, 0x5b, 66 0xd8, 0x41, 0x56, 0xc5, 0x63, 0x56, 0x88, 0xc0 67 }; 68 u8 plaintext_2[] = { 69 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 70 0x73, 0x6f, 0x6d, 0x65, 0x20, 0x70, 0x6c, 0x61, 71 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x20, 0x74, 72 0x6f, 0x20, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 73 0x74, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x20, 74 0x53, 0x49, 0x56, 0x2d, 0x41, 0x45, 0x53 75 }; 76 u8 iv_c_2[] = { 77 0x7b, 0xdb, 0x6e, 0x3b, 0x43, 0x26, 0x67, 0xeb, 78 0x06, 0xf4, 0xd1, 0x4b, 0xff, 0x2f, 0xbd, 0x0f, 79 0xcb, 0x90, 0x0f, 0x2f, 0xdd, 0xbe, 0x40, 0x43, 80 0x26, 0x60, 0x19, 0x65, 0xc8, 0x89, 0xbf, 0x17, 81 0xdb, 0xa7, 0x7c, 0xeb, 0x09, 0x4f, 0xa6, 0x63, 82 0xb7, 0xa3, 0xf7, 0x48, 0xba, 0x8a, 0xf8, 0x29, 83 0xea, 0x64, 0xad, 0x54, 0x4a, 0x27, 0x2e, 0x9c, 84 0x48, 0x5b, 0x62, 0xa3, 0xfd, 0x5c, 0x0d 85 }; 86 u8 out[2 * AES_BLOCK_SIZE + sizeof(plaintext_2)]; 87 const u8 *addr[3]; 88 size_t len[3]; 89 90 /* RFC 5297, A.1. Deterministic Authenticated Encryption Example */ 91 addr[0] = ad; 92 len[0] = sizeof(ad); 93 94 if (aes_siv_encrypt(key, plaintext, sizeof(plaintext), 95 1, addr, len, out)) { 96 wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed"); 97 return 1; 98 } 99 if (os_memcmp(out, iv_c, sizeof(iv_c)) != 0) { 100 wpa_printf(MSG_ERROR, 101 "AES-SIV mode encryption returned invalid cipher text"); 102 return 1; 103 } 104 105 if (aes_siv_decrypt(key, iv_c, sizeof(iv_c), 1, addr, len, out)) { 106 wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed"); 107 return 1; 108 } 109 if (os_memcmp(out, plaintext, sizeof(plaintext)) != 0) { 110 wpa_printf(MSG_ERROR, 111 "AES-SIV mode decryption returned invalid plain text"); 112 return 1; 113 } 114 115 /* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */ 116 addr[0] = ad1_2; 117 len[0] = sizeof(ad1_2); 118 addr[1] = ad2_2; 119 len[1] = sizeof(ad2_2); 120 addr[2] = nonce_2; 121 len[2] = sizeof(nonce_2); 122 123 if (aes_siv_encrypt(key_2, plaintext_2, sizeof(plaintext_2), 124 3, addr, len, out)) { 125 wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed"); 126 return 1; 127 } 128 if (os_memcmp(out, iv_c_2, sizeof(iv_c_2)) != 0) { 129 wpa_printf(MSG_ERROR, 130 "AES-SIV mode encryption returned invalid cipher text"); 131 return 1; 132 } 133 134 if (aes_siv_decrypt(key_2, iv_c_2, sizeof(iv_c_2), 3, addr, len, out)) { 135 wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed"); 136 return 1; 137 } 138 if (os_memcmp(out, plaintext_2, sizeof(plaintext_2)) != 0) { 139 wpa_printf(MSG_ERROR, 140 "AES-SIV mode decryption returned invalid plain text"); 141 return 1; 142 } 143 144 wpa_printf(MSG_INFO, "AES-SIV test cases passed"); 145 #endif /* CONFIG_MESH */ 146 147 return 0; 148 } 149 150 151 /* OMAC1 AES-128 test vectors from 152 * http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/omac/omac-ad.pdf 153 * which are same as the examples from NIST SP800-38B 154 * http://csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf 155 */ 156 157 struct omac1_test_vector { 158 u8 k[16]; 159 u8 msg[64]; 160 int msg_len; 161 u8 tag[16]; 162 }; 163 164 static const struct omac1_test_vector omac1_test_vectors[] = 165 { 166 { 167 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 168 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 169 { }, 170 0, 171 { 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, 172 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 } 173 }, 174 { 175 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 176 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 177 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 178 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a}, 179 16, 180 { 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, 181 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c } 182 }, 183 { 184 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 185 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 186 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 187 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 188 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 189 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 190 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11 }, 191 40, 192 { 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, 193 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 } 194 }, 195 { 196 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 197 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 198 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 199 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 200 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 201 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 202 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 203 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, 204 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 205 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }, 206 64, 207 { 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, 208 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe } 209 }, 210 }; 211 212 213 static int test_omac1_vector(const struct omac1_test_vector *tv, 214 unsigned int i) 215 { 216 u8 key[] = { 217 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 218 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c 219 }; 220 u8 msg[] = { 0x12, 0x34, 0x56 }; 221 u8 result[24], result2[24]; 222 const u8 *addr[3]; 223 size_t len[3]; 224 225 if (omac1_aes_128(tv->k, tv->msg, tv->msg_len, result) || 226 os_memcmp(result, tv->tag, 16) != 0) { 227 wpa_printf(MSG_ERROR, "OMAC1-AES-128 test vector %u failed", i); 228 return 1; 229 } 230 231 if (tv->msg_len > 1) { 232 233 addr[0] = tv->msg; 234 len[0] = 1; 235 addr[1] = tv->msg + 1; 236 len[1] = tv->msg_len - 1; 237 238 if (omac1_aes_128_vector(tv->k, 2, addr, len, result) || 239 os_memcmp(result, tv->tag, 16) != 0) { 240 wpa_printf(MSG_ERROR, 241 "OMAC1-AES-128(vector) test vector %u failed", 242 i); 243 return 1; 244 } 245 246 addr[0] = tv->msg; 247 len[0] = tv->msg_len - 2; 248 addr[1] = tv->msg + tv->msg_len - 2; 249 len[1] = 1; 250 addr[2] = tv->msg + tv->msg_len - 1; 251 len[2] = 1; 252 253 if (omac1_aes_128_vector(tv->k, 3, addr, len, result) || 254 os_memcmp(result, tv->tag, 16) != 0) { 255 wpa_printf(MSG_ERROR, 256 "OMAC1-AES-128(vector2) test vector %u failed", 257 i); 258 return 1; 259 } 260 } 261 262 addr[0] = &msg[0]; 263 len[0] = 1; 264 addr[1] = &msg[1]; 265 len[1] = 1; 266 addr[2] = &msg[2]; 267 len[2] = 1; 268 if (omac1_aes_128(key, msg, sizeof(msg), result) || 269 omac1_aes_128_vector(key, 3, addr, len, result2) || 270 os_memcmp(result, result2, 16) != 0) { 271 wpa_printf(MSG_ERROR, "OMAC1-AES-128 short test mismatch"); 272 return 1; 273 } 274 275 return 0; 276 } 277 278 279 static int test_omac1(void) 280 { 281 unsigned int i; 282 283 for (i = 0; i < ARRAY_SIZE(omac1_test_vectors); i++) { 284 if (test_omac1_vector(&omac1_test_vectors[i], i)) 285 return 1; 286 } 287 288 wpa_printf(MSG_INFO, "OMAC1-AES-128 test cases passed"); 289 290 return 0; 291 } 292 293 294 static int test_eax(void) 295 { 296 #ifdef EAP_PSK 297 u8 msg[] = { 0xF7, 0xFB }; 298 u8 key[] = { 0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B, 299 0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4 }; 300 u8 nonce[] = { 0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84, 301 0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD }; 302 u8 hdr[] = { 0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA }; 303 u8 cipher[] = { 0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D, 304 0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79, 305 0x67, 0xE5 }; 306 u8 data[sizeof(msg)], tag[AES_BLOCK_SIZE]; 307 308 os_memcpy(data, msg, sizeof(msg)); 309 if (aes_128_eax_encrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr), 310 data, sizeof(data), tag)) { 311 wpa_printf(MSG_ERROR, "AES-128 EAX mode encryption failed"); 312 return 1; 313 } 314 if (os_memcmp(data, cipher, sizeof(data)) != 0) { 315 wpa_printf(MSG_ERROR, 316 "AES-128 EAX mode encryption returned invalid cipher text"); 317 return 1; 318 } 319 if (os_memcmp(tag, cipher + sizeof(data), AES_BLOCK_SIZE) != 0) { 320 wpa_printf(MSG_ERROR, 321 "AES-128 EAX mode encryption returned invalid tag"); 322 return 1; 323 } 324 325 if (aes_128_eax_decrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr), 326 data, sizeof(data), tag)) { 327 wpa_printf(MSG_ERROR, "AES-128 EAX mode decryption failed"); 328 return 1; 329 } 330 if (os_memcmp(data, msg, sizeof(data)) != 0) { 331 wpa_printf(MSG_ERROR, 332 "AES-128 EAX mode decryption returned invalid plain text"); 333 return 1; 334 } 335 336 wpa_printf(MSG_INFO, "AES-128 EAX mode test cases passed"); 337 #endif /* EAP_PSK */ 338 339 return 0; 340 } 341 342 343 static int test_cbc(void) 344 { 345 struct cbc_test_vector { 346 u8 key[16]; 347 u8 iv[16]; 348 u8 plain[32]; 349 u8 cipher[32]; 350 size_t len; 351 } vectors[] = { 352 { 353 { 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b, 354 0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 }, 355 { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30, 356 0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 }, 357 "Single block msg", 358 { 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8, 359 0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a }, 360 16 361 }, 362 { 363 { 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0, 364 0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a }, 365 { 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28, 366 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 }, 367 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 368 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 369 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 370 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, 371 { 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a, 372 0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a, 373 0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9, 374 0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 }, 375 32 376 } 377 }; 378 int ret = 0; 379 u8 *buf; 380 unsigned int i; 381 382 for (i = 0; i < ARRAY_SIZE(vectors); i++) { 383 struct cbc_test_vector *tv = &vectors[i]; 384 385 buf = os_malloc(tv->len); 386 if (buf == NULL) { 387 ret++; 388 break; 389 } 390 391 os_memcpy(buf, tv->plain, tv->len); 392 if (aes_128_cbc_encrypt(tv->key, tv->iv, buf, tv->len) || 393 os_memcmp(buf, tv->cipher, tv->len) != 0) { 394 wpa_printf(MSG_ERROR, "AES-CBC encrypt %d failed", i); 395 ret++; 396 } 397 398 os_memcpy(buf, tv->cipher, tv->len); 399 if (aes_128_cbc_decrypt(tv->key, tv->iv, buf, tv->len) || 400 os_memcmp(buf, tv->plain, tv->len) != 0) { 401 wpa_printf(MSG_ERROR, "AES-CBC decrypt %d failed", i); 402 ret++; 403 } 404 405 os_free(buf); 406 } 407 408 return ret; 409 } 410 411 412 static int test_ecb(void) 413 { 414 #ifdef EAP_PSK 415 struct ecb_test_vector { 416 char *key; 417 char *plaintext; 418 char *ciphertext; 419 } vectors[] = { 420 /* CAVS 11.1 - ECBGFSbox128.rsp */ 421 { 422 "00000000000000000000000000000000", 423 "f34481ec3cc627bacd5dc3fb08f273e6", 424 "0336763e966d92595a567cc9ce537f5e" 425 }, 426 { 427 "00000000000000000000000000000000", 428 "9798c4640bad75c7c3227db910174e72", 429 "a9a1631bf4996954ebc093957b234589" 430 }, 431 { 432 "00000000000000000000000000000000", 433 "96ab5c2ff612d9dfaae8c31f30c42168", 434 "ff4f8391a6a40ca5b25d23bedd44a597" 435 }, 436 { 437 "00000000000000000000000000000000", 438 "6a118a874519e64e9963798a503f1d35", 439 "dc43be40be0e53712f7e2bf5ca707209" 440 }, 441 { 442 "00000000000000000000000000000000", 443 "cb9fceec81286ca3e989bd979b0cb284", 444 "92beedab1895a94faa69b632e5cc47ce" 445 }, 446 { 447 "00000000000000000000000000000000", 448 "b26aeb1874e47ca8358ff22378f09144", 449 "459264f4798f6a78bacb89c15ed3d601" 450 }, 451 { 452 "00000000000000000000000000000000", 453 "58c8e00b2631686d54eab84b91f0aca1", 454 "08a4e2efec8a8e3312ca7460b9040bbf" 455 }, 456 /* CAVS 11.1 - ECBKeySbox128.rsp */ 457 { 458 "10a58869d74be5a374cf867cfb473859", 459 "00000000000000000000000000000000", 460 "6d251e6944b051e04eaa6fb4dbf78465" 461 }, 462 { 463 "caea65cdbb75e9169ecd22ebe6e54675", 464 "00000000000000000000000000000000", 465 "6e29201190152df4ee058139def610bb", 466 } 467 }; 468 int ret = 0; 469 unsigned int i; 470 u8 key[16], plain[16], cipher[16], out[16]; 471 472 for (i = 0; i < ARRAY_SIZE(vectors); i++) { 473 struct ecb_test_vector *tv = &vectors[i]; 474 475 if (hexstr2bin(tv->key, key, sizeof(key)) || 476 hexstr2bin(tv->plaintext, plain, sizeof(plain)) || 477 hexstr2bin(tv->ciphertext, cipher, sizeof(cipher))) { 478 wpa_printf(MSG_ERROR, "Invalid AES-ECB test vector %u", 479 i); 480 ret++; 481 continue; 482 } 483 484 if (aes_128_encrypt_block(key, plain, out) < 0 || 485 os_memcmp(out, cipher, 16) != 0) { 486 wpa_printf(MSG_ERROR, "AES-ECB encrypt %u failed", i); 487 ret++; 488 } 489 } 490 491 if (!ret) 492 wpa_printf(MSG_INFO, "AES ECB mode test cases passed"); 493 494 return ret; 495 #endif /* EAP_PSK */ 496 497 return 0; 498 } 499 500 501 static int test_key_wrap(void) 502 { 503 int ret = 0; 504 505 /* RFC 3394 - Test vector 4.1 */ 506 u8 kek41[] = { 507 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 508 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f 509 }; 510 u8 plain41[] = { 511 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 512 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff 513 }; 514 u8 crypt41[] = { 515 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47, 516 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82, 517 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5 518 }; 519 /* RFC 3394 - Test vector 4.2 */ 520 u8 kek42[] = { 521 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 522 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 523 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 524 }; 525 u8 plain42[] = { 526 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 527 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff 528 }; 529 u8 crypt42[] = { 530 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35, 531 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2, 532 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D 533 }; 534 /* RFC 3394 - Test vector 4.3 */ 535 u8 kek43[] = { 536 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 537 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 538 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 539 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F 540 }; 541 u8 plain43[] = { 542 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 543 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff 544 }; 545 u8 crypt43[] = { 546 0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2, 547 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A, 548 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7, 549 }; 550 /* RFC 3394 - Test vector 4.4 */ 551 u8 kek44[] = { 552 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 553 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 554 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 555 }; 556 u8 plain44[] = { 557 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 558 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 559 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 560 }; 561 u8 crypt44[] = { 562 0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32, 563 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC, 564 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93, 565 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2 566 }; 567 /* RFC 3394 - Test vector 4.5 */ 568 u8 kek45[] = { 569 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 570 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 571 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 572 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F 573 }; 574 u8 plain45[] = { 575 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 576 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 577 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 578 }; 579 u8 crypt45[] = { 580 0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F, 581 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4, 582 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95, 583 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1, 584 }; 585 /* RFC 3394 - Test vector 4.6 */ 586 u8 kek46[] = { 587 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 588 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 589 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 590 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F 591 }; 592 u8 plain46[] = { 593 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 594 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 595 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 596 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F 597 }; 598 u8 crypt46[] = { 599 0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4, 600 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26, 601 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26, 602 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B, 603 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21 604 }; 605 u8 result[40]; 606 607 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.1"); 608 if (aes_wrap(kek41, sizeof(kek41), sizeof(plain41) / 8, plain41, 609 result)) { 610 wpa_printf(MSG_ERROR, "AES-WRAP-128 reported failure"); 611 ret++; 612 } 613 if (os_memcmp(result, crypt41, sizeof(crypt41)) != 0) { 614 wpa_printf(MSG_ERROR, "AES-WRAP-128 failed"); 615 ret++; 616 } 617 if (aes_unwrap(kek41, sizeof(kek41), sizeof(plain41) / 8, crypt41, 618 result)) { 619 wpa_printf(MSG_ERROR, "AES-UNWRAP-128 reported failure"); 620 ret++; 621 } 622 if (os_memcmp(result, plain41, sizeof(plain41)) != 0) { 623 wpa_printf(MSG_ERROR, "AES-UNWRAP-128 failed"); 624 ret++; 625 } 626 627 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.2"); 628 if (aes_wrap(kek42, sizeof(kek42), sizeof(plain42) / 8, plain42, 629 result)) { 630 wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure"); 631 ret++; 632 } 633 if (os_memcmp(result, crypt42, sizeof(crypt42)) != 0) { 634 wpa_printf(MSG_ERROR, "AES-WRAP-192 failed"); 635 ret++; 636 } 637 if (aes_unwrap(kek42, sizeof(kek42), sizeof(plain42) / 8, crypt42, 638 result)) { 639 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure"); 640 ret++; 641 } 642 if (os_memcmp(result, plain42, sizeof(plain42)) != 0) { 643 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed"); 644 ret++; 645 } 646 647 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.3"); 648 if (aes_wrap(kek43, sizeof(kek43), sizeof(plain43) / 8, plain43, 649 result)) { 650 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure"); 651 ret++; 652 } 653 if (os_memcmp(result, crypt43, sizeof(crypt43)) != 0) { 654 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed"); 655 ret++; 656 } 657 if (aes_unwrap(kek43, sizeof(kek43), sizeof(plain43) / 8, crypt43, 658 result)) { 659 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure"); 660 ret++; 661 } 662 if (os_memcmp(result, plain43, sizeof(plain43)) != 0) { 663 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed"); 664 ret++; 665 } 666 667 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.4"); 668 if (aes_wrap(kek44, sizeof(kek44), sizeof(plain44) / 8, plain44, 669 result)) { 670 wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure"); 671 ret++; 672 } 673 if (os_memcmp(result, crypt44, sizeof(crypt44)) != 0) { 674 wpa_printf(MSG_ERROR, "AES-WRAP-192 failed"); 675 ret++; 676 } 677 if (aes_unwrap(kek44, sizeof(kek44), sizeof(plain44) / 8, crypt44, 678 result)) { 679 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure"); 680 ret++; 681 } 682 if (os_memcmp(result, plain44, sizeof(plain44)) != 0) { 683 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed"); 684 ret++; 685 } 686 687 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.5"); 688 if (aes_wrap(kek45, sizeof(kek45), sizeof(plain45) / 8, plain45, 689 result)) { 690 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure"); 691 ret++; 692 } 693 if (os_memcmp(result, crypt45, sizeof(crypt45)) != 0) { 694 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed"); 695 ret++; 696 } 697 if (aes_unwrap(kek45, sizeof(kek45), sizeof(plain45) / 8, crypt45, 698 result)) { 699 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure"); 700 ret++; 701 } 702 if (os_memcmp(result, plain45, sizeof(plain45)) != 0) { 703 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed"); 704 ret++; 705 } 706 707 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.6"); 708 if (aes_wrap(kek46, sizeof(kek46), sizeof(plain46) / 8, plain46, 709 result)) { 710 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure"); 711 ret++; 712 } 713 if (os_memcmp(result, crypt46, sizeof(crypt46)) != 0) { 714 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed"); 715 ret++; 716 } 717 if (aes_unwrap(kek46, sizeof(kek46), sizeof(plain46) / 8, crypt46, 718 result)) { 719 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure"); 720 ret++; 721 } 722 if (os_memcmp(result, plain46, sizeof(plain46)) != 0) { 723 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed"); 724 ret++; 725 } 726 727 if (!ret) 728 wpa_printf(MSG_INFO, "AES key wrap/unwrap test cases passed"); 729 730 return ret; 731 } 732 733 734 static int test_md5(void) 735 { 736 struct { 737 char *data; 738 char *hash; 739 } tests[] = { 740 { 741 "", 742 "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04" 743 "\xe9\x80\x09\x98\xec\xf8\x42\x7e" 744 }, 745 { 746 "a", 747 "\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8" 748 "\x31\xc3\x99\xe2\x69\x77\x26\x61" 749 }, 750 { 751 "abc", 752 "\x90\x01\x50\x98\x3c\xd2\x4f\xb0" 753 "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72" 754 }, 755 { 756 "message digest", 757 "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d" 758 "\x52\x5a\x2f\x31\xaa\xf1\x61\xd0" 759 }, 760 { 761 "abcdefghijklmnopqrstuvwxyz", 762 "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00" 763 "\x7d\xfb\x49\x6c\xca\x67\xe1\x3b" 764 }, 765 { 766 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" 767 "0123456789", 768 "\xd1\x74\xab\x98\xd2\x77\xd9\xf5" 769 "\xa5\x61\x1c\x2c\x9f\x41\x9d\x9f" 770 }, 771 { 772 "12345678901234567890123456789012345678901234567890" 773 "123456789012345678901234567890", 774 "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55" 775 "\xac\x49\xda\x2e\x21\x07\xb6\x7a" 776 } 777 }; 778 unsigned int i; 779 u8 hash[16]; 780 const u8 *addr[2]; 781 size_t len[2]; 782 int errors = 0; 783 784 for (i = 0; i < ARRAY_SIZE(tests); i++) { 785 wpa_printf(MSG_INFO, "MD5 test case %d", i); 786 787 addr[0] = (u8 *) tests[i].data; 788 len[0] = strlen(tests[i].data); 789 if (md5_vector(1, addr, len, hash) < 0 || 790 os_memcmp(hash, tests[i].hash, 16) != 0) { 791 wpa_printf(MSG_INFO, " FAIL"); 792 errors++; 793 } else 794 wpa_printf(MSG_INFO, " OK"); 795 796 if (len[0]) { 797 addr[0] = (u8 *) tests[i].data; 798 len[0] = strlen(tests[i].data); 799 addr[1] = (u8 *) tests[i].data + 1; 800 len[1] = strlen(tests[i].data) - 1; 801 if (md5_vector(1, addr, len, hash) < 0 || 802 os_memcmp(hash, tests[i].hash, 16) != 0) { 803 wpa_printf(MSG_INFO, " FAIL"); 804 errors++; 805 } else 806 wpa_printf(MSG_INFO, " OK"); 807 } 808 } 809 810 if (!errors) 811 wpa_printf(MSG_INFO, "MD5 test cases passed"); 812 813 return errors; 814 } 815 816 817 static int test_eap_fast(void) 818 { 819 #ifdef EAP_FAST 820 /* RFC 4851, Appendix B.1 */ 821 const u8 pac_key[] = { 822 0x0B, 0x97, 0x39, 0x0F, 0x37, 0x51, 0x78, 0x09, 823 0x81, 0x1E, 0xFD, 0x9C, 0x6E, 0x65, 0x94, 0x2B, 824 0x63, 0x2C, 0xE9, 0x53, 0x89, 0x38, 0x08, 0xBA, 825 0x36, 0x0B, 0x03, 0x7C, 0xD1, 0x85, 0xE4, 0x14 826 }; 827 const u8 seed[] = { 828 0x3F, 0xFB, 0x11, 0xC4, 0x6C, 0xBF, 0xA5, 0x7A, 829 0x54, 0x40, 0xDA, 0xE8, 0x22, 0xD3, 0x11, 0xD3, 830 0xF7, 0x6D, 0xE4, 0x1D, 0xD9, 0x33, 0xE5, 0x93, 831 0x70, 0x97, 0xEB, 0xA9, 0xB3, 0x66, 0xF4, 0x2A, 832 0x00, 0x00, 0x00, 0x02, 0x6A, 0x66, 0x43, 0x2A, 833 0x8D, 0x14, 0x43, 0x2C, 0xEC, 0x58, 0x2D, 0x2F, 834 0xC7, 0x9C, 0x33, 0x64, 0xBA, 0x04, 0xAD, 0x3A, 835 0x52, 0x54, 0xD6, 0xA5, 0x79, 0xAD, 0x1E, 0x00 836 }; 837 const u8 master_secret[] = { 838 0x4A, 0x1A, 0x51, 0x2C, 0x01, 0x60, 0xBC, 0x02, 839 0x3C, 0xCF, 0xBC, 0x83, 0x3F, 0x03, 0xBC, 0x64, 840 0x88, 0xC1, 0x31, 0x2F, 0x0B, 0xA9, 0xA2, 0x77, 841 0x16, 0xA8, 0xD8, 0xE8, 0xBD, 0xC9, 0xD2, 0x29, 842 0x38, 0x4B, 0x7A, 0x85, 0xBE, 0x16, 0x4D, 0x27, 843 0x33, 0xD5, 0x24, 0x79, 0x87, 0xB1, 0xC5, 0xA2 844 }; 845 const u8 key_block[] = { 846 0x59, 0x59, 0xBE, 0x8E, 0x41, 0x3A, 0x77, 0x74, 847 0x8B, 0xB2, 0xE5, 0xD3, 0x60, 0xAC, 0x4D, 0x35, 848 0xDF, 0xFB, 0xC8, 0x1E, 0x9C, 0x24, 0x9C, 0x8B, 849 0x0E, 0xC3, 0x1D, 0x72, 0xC8, 0x84, 0x9D, 0x57, 850 0x48, 0x51, 0x2E, 0x45, 0x97, 0x6C, 0x88, 0x70, 851 0xBE, 0x5F, 0x01, 0xD3, 0x64, 0xE7, 0x4C, 0xBB, 852 0x11, 0x24, 0xE3, 0x49, 0xE2, 0x3B, 0xCD, 0xEF, 853 0x7A, 0xB3, 0x05, 0x39, 0x5D, 0x64, 0x8A, 0x44, 854 0x11, 0xB6, 0x69, 0x88, 0x34, 0x2E, 0x8E, 0x29, 855 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05, 856 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96, 857 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84, 858 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98, 859 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71 860 }; 861 const u8 sks[] = { 862 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05, 863 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96, 864 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84, 865 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98, 866 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71 867 }; 868 const u8 isk[] = { 869 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 870 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 871 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 872 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 873 }; 874 const u8 imck[] = { 875 0x16, 0x15, 0x3C, 0x3F, 0x21, 0x55, 0xEF, 0xD9, 876 0x7F, 0x34, 0xAE, 0xC8, 0x1A, 0x4E, 0x66, 0x80, 877 0x4C, 0xC3, 0x76, 0xF2, 0x8A, 0xA9, 0x6F, 0x96, 878 0xC2, 0x54, 0x5F, 0x8C, 0xAB, 0x65, 0x02, 0xE1, 879 0x18, 0x40, 0x7B, 0x56, 0xBE, 0xEA, 0xA7, 0xC5, 880 0x76, 0x5D, 0x8F, 0x0B, 0xC5, 0x07, 0xC6, 0xB9, 881 0x04, 0xD0, 0x69, 0x56, 0x72, 0x8B, 0x6B, 0xB8, 882 0x15, 0xEC, 0x57, 0x7B 883 }; 884 const u8 msk[] = { 885 0x4D, 0x83, 0xA9, 0xBE, 0x6F, 0x8A, 0x74, 0xED, 886 0x6A, 0x02, 0x66, 0x0A, 0x63, 0x4D, 0x2C, 0x33, 887 0xC2, 0xDA, 0x60, 0x15, 0xC6, 0x37, 0x04, 0x51, 888 0x90, 0x38, 0x63, 0xDA, 0x54, 0x3E, 0x14, 0xB9, 889 0x27, 0x99, 0x18, 0x1E, 0x07, 0xBF, 0x0F, 0x5A, 890 0x5E, 0x3C, 0x32, 0x93, 0x80, 0x8C, 0x6C, 0x49, 891 0x67, 0xED, 0x24, 0xFE, 0x45, 0x40, 0xA0, 0x59, 892 0x5E, 0x37, 0xC2, 0xE9, 0xD0, 0x5D, 0x0A, 0xE3 893 }; 894 const u8 emsk[] = { 895 0x3A, 0xD4, 0xAB, 0xDB, 0x76, 0xB2, 0x7F, 0x3B, 896 0xEA, 0x32, 0x2C, 0x2B, 0x74, 0xF4, 0x28, 0x55, 897 0xEF, 0x2D, 0xBA, 0x78, 0xC9, 0x57, 0x2F, 0x0D, 898 0x06, 0xCD, 0x51, 0x7C, 0x20, 0x93, 0x98, 0xA9, 899 0x76, 0xEA, 0x70, 0x21, 0xD7, 0x0E, 0x25, 0x54, 900 0x97, 0xED, 0xB2, 0x8A, 0xF6, 0xED, 0xFD, 0x0A, 901 0x2A, 0xE7, 0xA1, 0x58, 0x90, 0x10, 0x50, 0x44, 902 0xB3, 0x82, 0x85, 0xDB, 0x06, 0x14, 0xD2, 0xF9 903 }; 904 /* RFC 4851, Appendix B.2 */ 905 u8 tlv[] = { 906 0x80, 0x0C, 0x00, 0x38, 0x00, 0x01, 0x01, 0x00, 907 0xD8, 0x6A, 0x8C, 0x68, 0x3C, 0x32, 0x31, 0xA8, 908 0x56, 0x63, 0xB6, 0x40, 0x21, 0xFE, 0x21, 0x14, 909 0x4E, 0xE7, 0x54, 0x20, 0x79, 0x2D, 0x42, 0x62, 910 0xC9, 0xBF, 0x53, 0x7F, 0x54, 0xFD, 0xAC, 0x58, 911 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF, 912 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC, 913 0x05, 0xC5, 0x5B, 0xB7 914 }; 915 const u8 compound_mac[] = { 916 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF, 917 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC, 918 0x05, 0xC5, 0x5B, 0xB7 919 }; 920 u8 buf[512]; 921 const u8 *simck, *cmk; 922 int errors = 0; 923 924 wpa_printf(MSG_INFO, "EAP-FAST test cases"); 925 926 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / master_secret"); 927 if (sha1_t_prf(pac_key, sizeof(pac_key), 928 "PAC to master secret label hash", 929 seed, sizeof(seed), buf, sizeof(master_secret)) < 0 || 930 os_memcmp(master_secret, buf, sizeof(master_secret)) != 0) { 931 wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 932 errors++; 933 } 934 935 wpa_printf(MSG_INFO, "- PRF (TLS, SHA1/MD5) test case / key_block"); 936 if (tls_prf_sha1_md5(master_secret, sizeof(master_secret), 937 "key expansion", seed, sizeof(seed), 938 buf, sizeof(key_block)) || 939 os_memcmp(key_block, buf, sizeof(key_block)) != 0) { 940 wpa_printf(MSG_INFO, "PRF test - FAILED!"); 941 errors++; 942 } 943 944 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / IMCK"); 945 if (sha1_t_prf(sks, sizeof(sks), "Inner Methods Compound Keys", 946 isk, sizeof(isk), buf, sizeof(imck)) < 0 || 947 os_memcmp(imck, buf, sizeof(imck)) != 0) { 948 wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 949 errors++; 950 } 951 952 simck = imck; 953 cmk = imck + 40; 954 955 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / MSK"); 956 if (sha1_t_prf(simck, 40, "Session Key Generating Function", 957 (u8 *) "", 0, buf, sizeof(msk)) < 0 || 958 os_memcmp(msk, buf, sizeof(msk)) != 0) { 959 wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 960 errors++; 961 } 962 963 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / EMSK"); 964 if (sha1_t_prf(simck, 40, "Extended Session Key Generating Function", 965 (u8 *) "", 0, buf, sizeof(msk)) < 0 || 966 os_memcmp(emsk, buf, sizeof(emsk)) != 0) { 967 wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 968 errors++; 969 } 970 971 wpa_printf(MSG_INFO, "- Compound MAC test case"); 972 os_memset(tlv + sizeof(tlv) - 20, 0, 20); 973 if (hmac_sha1(cmk, 20, tlv, sizeof(tlv), tlv + sizeof(tlv) - 20) < 0 || 974 os_memcmp(tlv + sizeof(tlv) - 20, compound_mac, 975 sizeof(compound_mac)) != 0) { 976 wpa_printf(MSG_INFO, "Compound MAC test - FAILED!"); 977 errors++; 978 } 979 980 return errors; 981 #else /* EAP_FAST */ 982 return 0; 983 #endif /* EAP_FAST */ 984 } 985 986 987 static const u8 key0[] = 988 { 989 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 990 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 991 0x0b, 0x0b, 0x0b, 0x0b 992 }; 993 static const u8 data0[] = "Hi There"; 994 static const u8 prf0[] = 995 { 996 0xbc, 0xd4, 0xc6, 0x50, 0xb3, 0x0b, 0x96, 0x84, 997 0x95, 0x18, 0x29, 0xe0, 0xd7, 0x5f, 0x9d, 0x54, 998 0xb8, 0x62, 0x17, 0x5e, 0xd9, 0xf0, 0x06, 0x06, 999 0xe1, 0x7d, 0x8d, 0xa3, 0x54, 0x02, 0xff, 0xee, 1000 0x75, 0xdf, 0x78, 0xc3, 0xd3, 0x1e, 0x0f, 0x88, 1001 0x9f, 0x01, 0x21, 0x20, 0xc0, 0x86, 0x2b, 0xeb, 1002 0x67, 0x75, 0x3e, 0x74, 0x39, 0xae, 0x24, 0x2e, 1003 0xdb, 0x83, 0x73, 0x69, 0x83, 0x56, 0xcf, 0x5a 1004 }; 1005 1006 static const u8 key1[] = "Jefe"; 1007 static const u8 data1[] = "what do ya want for nothing?"; 1008 static const u8 prf1[] = 1009 { 1010 0x51, 0xf4, 0xde, 0x5b, 0x33, 0xf2, 0x49, 0xad, 1011 0xf8, 0x1a, 0xeb, 0x71, 0x3a, 0x3c, 0x20, 0xf4, 1012 0xfe, 0x63, 0x14, 0x46, 0xfa, 0xbd, 0xfa, 0x58, 1013 0x24, 0x47, 0x59, 0xae, 0x58, 0xef, 0x90, 0x09, 1014 0xa9, 0x9a, 0xbf, 0x4e, 0xac, 0x2c, 0xa5, 0xfa, 1015 0x87, 0xe6, 0x92, 0xc4, 0x40, 0xeb, 0x40, 0x02, 1016 0x3e, 0x7b, 0xab, 0xb2, 0x06, 0xd6, 0x1d, 0xe7, 1017 0xb9, 0x2f, 0x41, 0x52, 0x90, 0x92, 0xb8, 0xfc 1018 }; 1019 1020 1021 static const u8 key2[] = 1022 { 1023 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1024 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1025 0xaa, 0xaa, 0xaa, 0xaa 1026 }; 1027 static const u8 data2[] = 1028 { 1029 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1030 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1031 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1032 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1033 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1034 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1035 0xdd, 0xdd 1036 }; 1037 static const u8 prf2[] = 1038 { 1039 0xe1, 0xac, 0x54, 0x6e, 0xc4, 0xcb, 0x63, 0x6f, 1040 0x99, 0x76, 0x48, 0x7b, 0xe5, 0xc8, 0x6b, 0xe1, 1041 0x7a, 0x02, 0x52, 0xca, 0x5d, 0x8d, 0x8d, 0xf1, 1042 0x2c, 0xfb, 0x04, 0x73, 0x52, 0x52, 0x49, 0xce, 1043 0x9d, 0xd8, 0xd1, 0x77, 0xea, 0xd7, 0x10, 0xbc, 1044 0x9b, 0x59, 0x05, 0x47, 0x23, 0x91, 0x07, 0xae, 1045 0xf7, 0xb4, 0xab, 0xd4, 0x3d, 0x87, 0xf0, 0xa6, 1046 0x8f, 0x1c, 0xbd, 0x9e, 0x2b, 0x6f, 0x76, 0x07 1047 }; 1048 1049 1050 struct passphrase_test { 1051 char *passphrase; 1052 char *ssid; 1053 char psk[32]; 1054 }; 1055 1056 static const struct passphrase_test passphrase_tests[] = 1057 { 1058 { 1059 "password", 1060 "IEEE", 1061 { 1062 0xf4, 0x2c, 0x6f, 0xc5, 0x2d, 0xf0, 0xeb, 0xef, 1063 0x9e, 0xbb, 0x4b, 0x90, 0xb3, 0x8a, 0x5f, 0x90, 1064 0x2e, 0x83, 0xfe, 0x1b, 0x13, 0x5a, 0x70, 0xe2, 1065 0x3a, 0xed, 0x76, 0x2e, 0x97, 0x10, 0xa1, 0x2e 1066 } 1067 }, 1068 { 1069 "ThisIsAPassword", 1070 "ThisIsASSID", 1071 { 1072 0x0d, 0xc0, 0xd6, 0xeb, 0x90, 0x55, 0x5e, 0xd6, 1073 0x41, 0x97, 0x56, 0xb9, 0xa1, 0x5e, 0xc3, 0xe3, 1074 0x20, 0x9b, 0x63, 0xdf, 0x70, 0x7d, 0xd5, 0x08, 1075 0xd1, 0x45, 0x81, 0xf8, 0x98, 0x27, 0x21, 0xaf 1076 } 1077 }, 1078 { 1079 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 1080 "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ", 1081 { 1082 0xbe, 0xcb, 0x93, 0x86, 0x6b, 0xb8, 0xc3, 0x83, 1083 0x2c, 0xb7, 0x77, 0xc2, 0xf5, 0x59, 0x80, 0x7c, 1084 0x8c, 0x59, 0xaf, 0xcb, 0x6e, 0xae, 0x73, 0x48, 1085 0x85, 0x00, 0x13, 0x00, 0xa9, 0x81, 0xcc, 0x62 1086 } 1087 }, 1088 }; 1089 1090 #define NUM_PASSPHRASE_TESTS ARRAY_SIZE(passphrase_tests) 1091 1092 1093 struct rfc6070_test { 1094 char *p; 1095 char *s; 1096 int c; 1097 char dk[32]; 1098 size_t dk_len; 1099 }; 1100 1101 static const struct rfc6070_test rfc6070_tests[] = 1102 { 1103 { 1104 "password", 1105 "salt", 1106 1, 1107 { 1108 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71, 1109 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06, 1110 0x2f, 0xe0, 0x37, 0xa6 1111 }, 1112 20 1113 }, 1114 { 1115 "password", 1116 "salt", 1117 2, 1118 { 1119 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c, 1120 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0, 1121 0xd8, 0xde, 0x89, 0x57 1122 }, 1123 20 1124 }, 1125 { 1126 "password", 1127 "salt", 1128 4096, 1129 { 1130 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a, 1131 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0, 1132 0x65, 0xa4, 0x29, 0xc1 1133 }, 1134 20 1135 }, 1136 #if 0 /* This takes quite long to derive.. */ 1137 { 1138 "password", 1139 "salt", 1140 16777216, 1141 { 1142 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4, 1143 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c, 1144 0x26, 0x34, 0xe9, 0x84 1145 }, 1146 20 1147 }, 1148 #endif 1149 { 1150 "passwordPASSWORDpassword", 1151 "saltSALTsaltSALTsaltSALTsaltSALTsalt", 1152 4096, 1153 { 1154 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b, 1155 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a, 1156 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70, 1157 0x38 1158 }, 1159 25 1160 }, 1161 #if 0 /* \0 not currently supported in passphrase parameters.. */ 1162 { 1163 "pass\0word", 1164 "sa\0lt", 1165 4096, 1166 { 1167 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d, 1168 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3 1169 }, 1170 16 1171 }, 1172 #endif 1173 }; 1174 1175 #define NUM_RFC6070_TESTS ARRAY_SIZE(rfc6070_tests) 1176 1177 1178 static int test_sha1(void) 1179 { 1180 u8 res[512]; 1181 int ret = 0; 1182 unsigned int i; 1183 1184 wpa_printf(MSG_INFO, "PRF-SHA1 test cases:"); 1185 1186 if (sha1_prf(key0, sizeof(key0), "prefix", data0, sizeof(data0) - 1, 1187 res, sizeof(prf0)) == 0 && 1188 os_memcmp(res, prf0, sizeof(prf0)) == 0) 1189 wpa_printf(MSG_INFO, "Test case 0 - OK"); 1190 else { 1191 wpa_printf(MSG_INFO, "Test case 0 - FAILED!"); 1192 ret++; 1193 } 1194 1195 if (sha1_prf(key1, sizeof(key1) - 1, "prefix", data1, sizeof(data1) - 1, 1196 res, sizeof(prf1)) == 0 && 1197 os_memcmp(res, prf1, sizeof(prf1)) == 0) 1198 wpa_printf(MSG_INFO, "Test case 1 - OK"); 1199 else { 1200 wpa_printf(MSG_INFO, "Test case 1 - FAILED!"); 1201 ret++; 1202 } 1203 1204 if (sha1_prf(key2, sizeof(key2), "prefix", data2, sizeof(data2), 1205 res, sizeof(prf2)) == 0 && 1206 os_memcmp(res, prf2, sizeof(prf2)) == 0) 1207 wpa_printf(MSG_INFO, "Test case 2 - OK"); 1208 else { 1209 wpa_printf(MSG_INFO, "Test case 2 - FAILED!"); 1210 ret++; 1211 } 1212 1213 ret += test_eap_fast(); 1214 1215 wpa_printf(MSG_INFO, "PBKDF2-SHA1 Passphrase test cases:"); 1216 for (i = 0; i < NUM_PASSPHRASE_TESTS; i++) { 1217 u8 psk[32]; 1218 const struct passphrase_test *test = &passphrase_tests[i]; 1219 1220 if (pbkdf2_sha1(test->passphrase, 1221 (const u8 *) test->ssid, strlen(test->ssid), 1222 4096, psk, 32) == 0 && 1223 os_memcmp(psk, test->psk, 32) == 0) 1224 wpa_printf(MSG_INFO, "Test case %d - OK", i); 1225 else { 1226 wpa_printf(MSG_INFO, "Test case %d - FAILED!", i); 1227 ret++; 1228 } 1229 } 1230 1231 wpa_printf(MSG_INFO, "PBKDF2-SHA1 test cases (RFC 6070):"); 1232 for (i = 0; i < NUM_RFC6070_TESTS; i++) { 1233 u8 dk[25]; 1234 const struct rfc6070_test *test = &rfc6070_tests[i]; 1235 1236 if (pbkdf2_sha1(test->p, (const u8 *) test->s, strlen(test->s), 1237 test->c, dk, test->dk_len) == 0 && 1238 os_memcmp(dk, test->dk, test->dk_len) == 0) 1239 wpa_printf(MSG_INFO, "Test case %d - OK", i); 1240 else { 1241 wpa_printf(MSG_INFO, "Test case %d - FAILED!", i); 1242 ret++; 1243 } 1244 } 1245 1246 if (!ret) 1247 wpa_printf(MSG_INFO, "SHA1 test cases passed"); 1248 return ret; 1249 } 1250 1251 1252 const struct { 1253 char *data; 1254 u8 hash[32]; 1255 } tests[] = { 1256 { 1257 "abc", 1258 { 1259 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 1260 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, 1261 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 1262 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad 1263 } 1264 }, 1265 { 1266 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1267 { 1268 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, 1269 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, 1270 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, 1271 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1 1272 } 1273 } 1274 }; 1275 1276 const struct hmac_test { 1277 u8 key[80]; 1278 size_t key_len; 1279 u8 data[128]; 1280 size_t data_len; 1281 u8 hash[32]; 1282 } hmac_tests[] = { 1283 /* draft-ietf-ipsec-ciph-sha-256-01.txt */ 1284 { 1285 { 1286 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1287 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1288 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1289 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 1290 }, 1291 32, 1292 "abc", 3, 1293 { 1294 0xa2, 0x1b, 0x1f, 0x5d, 0x4c, 0xf4, 0xf7, 0x3a, 1295 0x4d, 0xd9, 0x39, 0x75, 0x0f, 0x7a, 0x06, 0x6a, 1296 0x7f, 0x98, 0xcc, 0x13, 0x1c, 0xb1, 0x6a, 0x66, 1297 0x92, 0x75, 0x90, 0x21, 0xcf, 0xab, 0x81, 0x81 1298 } 1299 }, 1300 { 1301 { 1302 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1303 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1304 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1305 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 1306 }, 1307 32, 1308 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1309 56, 1310 { 1311 0x10, 0x4f, 0xdc, 0x12, 0x57, 0x32, 0x8f, 0x08, 1312 0x18, 0x4b, 0xa7, 0x31, 0x31, 0xc5, 0x3c, 0xae, 1313 0xe6, 0x98, 0xe3, 0x61, 0x19, 0x42, 0x11, 0x49, 1314 0xea, 0x8c, 0x71, 0x24, 0x56, 0x69, 0x7d, 0x30 1315 } 1316 }, 1317 { 1318 { 1319 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1320 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1321 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1322 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 1323 }, 1324 32, 1325 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" 1326 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1327 112, 1328 { 1329 0x47, 0x03, 0x05, 0xfc, 0x7e, 0x40, 0xfe, 0x34, 1330 0xd3, 0xee, 0xb3, 0xe7, 0x73, 0xd9, 0x5a, 0xab, 1331 0x73, 0xac, 0xf0, 0xfd, 0x06, 0x04, 0x47, 0xa5, 1332 0xeb, 0x45, 0x95, 0xbf, 0x33, 0xa9, 0xd1, 0xa3 1333 } 1334 }, 1335 { 1336 { 1337 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1338 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1339 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1340 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b 1341 }, 1342 32, 1343 "Hi There", 1344 8, 1345 { 1346 0x19, 0x8a, 0x60, 0x7e, 0xb4, 0x4b, 0xfb, 0xc6, 1347 0x99, 0x03, 0xa0, 0xf1, 0xcf, 0x2b, 0xbd, 0xc5, 1348 0xba, 0x0a, 0xa3, 0xf3, 0xd9, 0xae, 0x3c, 0x1c, 1349 0x7a, 0x3b, 0x16, 0x96, 0xa0, 0xb6, 0x8c, 0xf7 1350 } 1351 }, 1352 { 1353 "Jefe", 1354 4, 1355 "what do ya want for nothing?", 1356 28, 1357 { 1358 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 1359 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7, 1360 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83, 1361 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43 1362 } 1363 }, 1364 { 1365 { 1366 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1367 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1368 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1369 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa 1370 }, 1371 32, 1372 { 1373 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1374 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1375 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1376 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1377 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1378 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1379 0xdd, 0xdd 1380 }, 1381 50, 1382 { 1383 0xcd, 0xcb, 0x12, 0x20, 0xd1, 0xec, 0xcc, 0xea, 1384 0x91, 0xe5, 0x3a, 0xba, 0x30, 0x92, 0xf9, 0x62, 1385 0xe5, 0x49, 0xfe, 0x6c, 0xe9, 0xed, 0x7f, 0xdc, 1386 0x43, 0x19, 0x1f, 0xbd, 0xe4, 0x5c, 0x30, 0xb0 1387 } 1388 }, 1389 { 1390 { 1391 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1392 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1393 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1394 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 1395 0x21, 0x22, 0x23, 0x24, 0x25 1396 }, 1397 37, 1398 { 1399 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1400 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1401 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1402 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1403 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1404 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1405 0xcd, 0xcd 1406 }, 1407 50, 1408 { 1409 0xd4, 0x63, 0x3c, 0x17, 0xf6, 0xfb, 0x8d, 0x74, 1410 0x4c, 0x66, 0xde, 0xe0, 0xf8, 0xf0, 0x74, 0x55, 1411 0x6e, 0xc4, 0xaf, 0x55, 0xef, 0x07, 0x99, 0x85, 1412 0x41, 0x46, 0x8e, 0xb4, 0x9b, 0xd2, 0xe9, 0x17 1413 } 1414 }, 1415 { 1416 { 1417 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 1418 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 1419 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 1420 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c 1421 }, 1422 32, 1423 "Test With Truncation", 1424 20, 1425 { 1426 0x75, 0x46, 0xaf, 0x01, 0x84, 0x1f, 0xc0, 0x9b, 1427 0x1a, 0xb9, 0xc3, 0x74, 0x9a, 0x5f, 0x1c, 0x17, 1428 0xd4, 0xf5, 0x89, 0x66, 0x8a, 0x58, 0x7b, 0x27, 1429 0x00, 0xa9, 0xc9, 0x7c, 0x11, 0x93, 0xcf, 0x42 1430 } 1431 }, 1432 { 1433 { 1434 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1435 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1436 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1437 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1438 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1439 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1440 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1441 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1442 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1443 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa 1444 }, 1445 80, 1446 "Test Using Larger Than Block-Size Key - Hash Key First", 1447 54, 1448 { 1449 0x69, 0x53, 0x02, 0x5e, 0xd9, 0x6f, 0x0c, 0x09, 1450 0xf8, 0x0a, 0x96, 0xf7, 0x8e, 0x65, 0x38, 0xdb, 1451 0xe2, 0xe7, 0xb8, 0x20, 0xe3, 0xdd, 0x97, 0x0e, 1452 0x7d, 0xdd, 0x39, 0x09, 0x1b, 0x32, 0x35, 0x2f 1453 } 1454 }, 1455 { 1456 { 1457 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1458 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1459 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1460 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1461 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1462 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1463 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1464 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1465 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1466 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa 1467 }, 1468 80, 1469 "Test Using Larger Than Block-Size Key and Larger Than One " 1470 "Block-Size Data", 1471 73, 1472 { 1473 0x63, 0x55, 0xac, 0x22, 0xe8, 0x90, 0xd0, 0xa3, 1474 0xc8, 0x48, 0x1a, 0x5c, 0xa4, 0x82, 0x5b, 0xc8, 1475 0x84, 0xd3, 0xe7, 0xa1, 0xff, 0x98, 0xa2, 0xfc, 1476 0x2a, 0xc7, 0xd8, 0xe0, 0x64, 0xc3, 0xb2, 0xe6 1477 } 1478 } 1479 }; 1480 1481 1482 static int test_sha256(void) 1483 { 1484 unsigned int i; 1485 u8 hash[32]; 1486 const u8 *addr[2]; 1487 size_t len[2]; 1488 int errors = 0; 1489 1490 for (i = 0; i < ARRAY_SIZE(tests); i++) { 1491 wpa_printf(MSG_INFO, "SHA256 test case %d:", i + 1); 1492 1493 addr[0] = (u8 *) tests[i].data; 1494 len[0] = strlen(tests[i].data); 1495 sha256_vector(1, addr, len, hash); 1496 if (memcmp(hash, tests[i].hash, 32) != 0) { 1497 wpa_printf(MSG_INFO, " FAIL"); 1498 errors++; 1499 } else 1500 wpa_printf(MSG_INFO, " OK"); 1501 1502 if (len[0]) { 1503 addr[0] = (u8 *) tests[i].data; 1504 len[0] = 1; 1505 addr[1] = (u8 *) tests[i].data + 1; 1506 len[1] = strlen(tests[i].data) - 1; 1507 sha256_vector(2, addr, len, hash); 1508 if (memcmp(hash, tests[i].hash, 32) != 0) { 1509 wpa_printf(MSG_INFO, " FAIL"); 1510 errors++; 1511 } else 1512 wpa_printf(MSG_INFO, " OK"); 1513 } 1514 } 1515 1516 for (i = 0; i < ARRAY_SIZE(hmac_tests); i++) { 1517 const struct hmac_test *t = &hmac_tests[i]; 1518 1519 wpa_printf(MSG_INFO, "HMAC-SHA256 test case %d:", i + 1); 1520 1521 if (hmac_sha256(t->key, t->key_len, t->data, t->data_len, 1522 hash) < 0 || 1523 os_memcmp(hash, t->hash, 32) != 0) { 1524 wpa_printf(MSG_INFO, " FAIL"); 1525 errors++; 1526 } else 1527 wpa_printf(MSG_INFO, " OK"); 1528 1529 addr[0] = t->data; 1530 len[0] = t->data_len; 1531 if (hmac_sha256_vector(t->key, t->key_len, 1, addr, len, 1532 hash) < 0 || 1533 os_memcmp(hash, t->hash, 32) != 0) { 1534 wpa_printf(MSG_INFO, " FAIL"); 1535 errors++; 1536 } else 1537 wpa_printf(MSG_INFO, " OK"); 1538 1539 if (len[0]) { 1540 addr[0] = t->data; 1541 len[0] = 1; 1542 addr[1] = t->data + 1; 1543 len[1] = t->data_len - 1; 1544 if (hmac_sha256_vector(t->key, t->key_len, 2, addr, len, 1545 hash) < 0 || 1546 os_memcmp(hash, t->hash, 32) != 0) { 1547 wpa_printf(MSG_INFO, " FAIL"); 1548 errors++; 1549 } else 1550 wpa_printf(MSG_INFO, " OK"); 1551 } 1552 } 1553 1554 wpa_printf(MSG_INFO, "Test IEEE 802.11r KDF"); 1555 sha256_prf((u8 *) "abc", 3, "KDF test", (u8 *) "data", 4, 1556 hash, sizeof(hash)); 1557 /* TODO: add proper test case for this */ 1558 1559 if (!errors) 1560 wpa_printf(MSG_INFO, "SHA256 test cases passed"); 1561 return errors; 1562 } 1563 1564 1565 static int test_ms_funcs(void) 1566 { 1567 /* Test vector from RFC2759 example */ 1568 char *username = "User"; 1569 char *password = "clientPass"; 1570 u8 auth_challenge[] = { 1571 0x5B, 0x5D, 0x7C, 0x7D, 0x7B, 0x3F, 0x2F, 0x3E, 1572 0x3C, 0x2C, 0x60, 0x21, 0x32, 0x26, 0x26, 0x28 1573 }; 1574 u8 peer_challenge[] = { 1575 0x21, 0x40, 0x23, 0x24, 0x25, 0x5E, 0x26, 0x2A, 1576 0x28, 0x29, 0x5F, 0x2B, 0x3A, 0x33, 0x7C, 0x7E 1577 }; 1578 u8 password_hash[] = { 1579 0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6, 1580 0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE 1581 }; 1582 u8 nt_response[] = { 1583 0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E, 1584 0xA0, 0x8F, 0xAA, 0x39, 0x81, 0xCD, 0x83, 0x54, 1585 0x42, 0x33, 0x11, 0x4A, 0x3D, 0x85, 0xD6, 0xDF 1586 }; 1587 u8 password_hash_hash[] = { 1588 0x41, 0xC0, 0x0C, 0x58, 0x4B, 0xD2, 0xD9, 0x1C, 1589 0x40, 0x17, 0xA2, 0xA1, 0x2F, 0xA5, 0x9F, 0x3F 1590 }; 1591 u8 authenticator_response[] = { 1592 0x40, 0x7A, 0x55, 0x89, 0x11, 0x5F, 0xD0, 0xD6, 1593 0x20, 0x9F, 0x51, 0x0F, 0xE9, 0xC0, 0x45, 0x66, 1594 0x93, 0x2C, 0xDA, 0x56 1595 }; 1596 u8 master_key[] = { 1597 0xFD, 0xEC, 0xE3, 0x71, 0x7A, 0x8C, 0x83, 0x8C, 1598 0xB3, 0x88, 0xE5, 0x27, 0xAE, 0x3C, 0xDD, 0x31 1599 }; 1600 u8 send_start_key[] = { 1601 0x8B, 0x7C, 0xDC, 0x14, 0x9B, 0x99, 0x3A, 0x1B, 1602 0xA1, 0x18, 0xCB, 0x15, 0x3F, 0x56, 0xDC, 0xCB 1603 }; 1604 u8 buf[32]; 1605 int errors = 0; 1606 1607 if (nt_password_hash((u8 *) password, os_strlen(password), buf) || 1608 os_memcmp(password_hash, buf, sizeof(password_hash)) != 0) { 1609 wpa_printf(MSG_ERROR, "nt_password_hash failed"); 1610 errors++; 1611 } 1612 1613 if (generate_nt_response(auth_challenge, peer_challenge, 1614 (u8 *) username, os_strlen(username), 1615 (u8 *) password, os_strlen(password), buf) || 1616 os_memcmp(nt_response, buf, sizeof(nt_response)) != 0) { 1617 wpa_printf(MSG_ERROR, "generate_nt_response failed"); 1618 errors++; 1619 } 1620 1621 if (hash_nt_password_hash(password_hash, buf) || 1622 os_memcmp(password_hash_hash, buf, 1623 sizeof(password_hash_hash)) != 0) { 1624 wpa_printf(MSG_ERROR, "hash_nt_password_hash failed"); 1625 errors++; 1626 } 1627 1628 if (generate_authenticator_response((u8 *) password, 1629 os_strlen(password), 1630 peer_challenge, auth_challenge, 1631 (u8 *) username, 1632 os_strlen(username), 1633 nt_response, buf) || 1634 os_memcmp(authenticator_response, buf, 1635 sizeof(authenticator_response)) != 0) { 1636 wpa_printf(MSG_ERROR, "generate_authenticator_response failed"); 1637 errors++; 1638 } 1639 1640 if (get_master_key(password_hash_hash, nt_response, buf) || 1641 os_memcmp(master_key, buf, sizeof(master_key)) != 0) { 1642 wpa_printf(MSG_ERROR, "get_master_key failed"); 1643 errors++; 1644 } 1645 1646 if (get_asymetric_start_key(master_key, buf, sizeof(send_start_key), 1647 1, 1) || 1648 os_memcmp(send_start_key, buf, sizeof(send_start_key)) != 0) { 1649 wpa_printf(MSG_ERROR, "get_asymetric_start_key failed"); 1650 errors++; 1651 } 1652 1653 if (errors) 1654 wpa_printf(MSG_ERROR, "ms_funcs: %d errors", errors); 1655 else 1656 wpa_printf(MSG_INFO, "ms_funcs test cases passed"); 1657 1658 return errors; 1659 } 1660 1661 1662 int crypto_module_tests(void) 1663 { 1664 int ret = 0; 1665 1666 wpa_printf(MSG_INFO, "crypto module tests"); 1667 if (test_siv() || 1668 test_omac1() || 1669 test_eax() || 1670 test_cbc() || 1671 test_ecb() || 1672 test_key_wrap() || 1673 test_md5() || 1674 test_sha1() || 1675 test_sha256() || 1676 test_ms_funcs()) 1677 ret = -1; 1678 1679 return ret; 1680 } 1681
