1 /* 2 * crypto module tests 3 * Copyright (c) 2014-2015, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "crypto/aes_siv.h" 13 #include "crypto/aes_wrap.h" 14 #include "crypto/aes.h" 15 #include "crypto/ms_funcs.h" 16 #include "crypto/crypto.h" 17 #include "crypto/sha1.h" 18 #include "crypto/sha256.h" 19 20 21 static int test_siv(void) 22 { 23 #ifdef CONFIG_MESH 24 /* RFC 5297, A.1. Deterministic Authenticated Encryption Example */ 25 u8 key[] = { 26 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 27 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0, 28 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 29 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff 30 }; 31 u8 ad[] = { 32 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 33 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 34 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27 35 }; 36 u8 plaintext[] = { 37 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 38 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee 39 }; 40 u8 iv_c[] = { 41 0x85, 0x63, 0x2d, 0x07, 0xc6, 0xe8, 0xf3, 0x7f, 42 0x95, 0x0a, 0xcd, 0x32, 0x0a, 0x2e, 0xcc, 0x93, 43 0x40, 0xc0, 0x2b, 0x96, 0x90, 0xc4, 0xdc, 0x04, 44 0xda, 0xef, 0x7f, 0x6a, 0xfe, 0x5c 45 }; 46 /* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */ 47 u8 key_2[] = { 48 0x7f, 0x7e, 0x7d, 0x7c, 0x7b, 0x7a, 0x79, 0x78, 49 0x77, 0x76, 0x75, 0x74, 0x73, 0x72, 0x71, 0x70, 50 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 51 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f 52 }; 53 u8 ad1_2[] = { 54 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 55 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 56 0xde, 0xad, 0xda, 0xda, 0xde, 0xad, 0xda, 0xda, 57 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88, 58 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00 59 }; 60 u8 ad2_2[] = { 61 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80, 62 0x90, 0xa0 63 }; 64 u8 nonce_2[] = { 65 0x09, 0xf9, 0x11, 0x02, 0x9d, 0x74, 0xe3, 0x5b, 66 0xd8, 0x41, 0x56, 0xc5, 0x63, 0x56, 0x88, 0xc0 67 }; 68 u8 plaintext_2[] = { 69 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 70 0x73, 0x6f, 0x6d, 0x65, 0x20, 0x70, 0x6c, 0x61, 71 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x20, 0x74, 72 0x6f, 0x20, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 73 0x74, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x20, 74 0x53, 0x49, 0x56, 0x2d, 0x41, 0x45, 0x53 75 }; 76 u8 iv_c_2[] = { 77 0x7b, 0xdb, 0x6e, 0x3b, 0x43, 0x26, 0x67, 0xeb, 78 0x06, 0xf4, 0xd1, 0x4b, 0xff, 0x2f, 0xbd, 0x0f, 79 0xcb, 0x90, 0x0f, 0x2f, 0xdd, 0xbe, 0x40, 0x43, 80 0x26, 0x60, 0x19, 0x65, 0xc8, 0x89, 0xbf, 0x17, 81 0xdb, 0xa7, 0x7c, 0xeb, 0x09, 0x4f, 0xa6, 0x63, 82 0xb7, 0xa3, 0xf7, 0x48, 0xba, 0x8a, 0xf8, 0x29, 83 0xea, 0x64, 0xad, 0x54, 0x4a, 0x27, 0x2e, 0x9c, 84 0x48, 0x5b, 0x62, 0xa3, 0xfd, 0x5c, 0x0d 85 }; 86 u8 out[2 * AES_BLOCK_SIZE + sizeof(plaintext_2)]; 87 const u8 *addr[3]; 88 size_t len[3]; 89 90 /* RFC 5297, A.1. Deterministic Authenticated Encryption Example */ 91 addr[0] = ad; 92 len[0] = sizeof(ad); 93 94 if (aes_siv_encrypt(key, plaintext, sizeof(plaintext), 95 1, addr, len, out)) { 96 wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed"); 97 return 1; 98 } 99 if (os_memcmp(out, iv_c, sizeof(iv_c)) != 0) { 100 wpa_printf(MSG_ERROR, 101 "AES-SIV mode encryption returned invalid cipher text"); 102 return 1; 103 } 104 105 if (aes_siv_decrypt(key, iv_c, sizeof(iv_c), 1, addr, len, out)) { 106 wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed"); 107 return 1; 108 } 109 if (os_memcmp(out, plaintext, sizeof(plaintext)) != 0) { 110 wpa_printf(MSG_ERROR, 111 "AES-SIV mode decryption returned invalid plain text"); 112 return 1; 113 } 114 115 /* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */ 116 addr[0] = ad1_2; 117 len[0] = sizeof(ad1_2); 118 addr[1] = ad2_2; 119 len[1] = sizeof(ad2_2); 120 addr[2] = nonce_2; 121 len[2] = sizeof(nonce_2); 122 123 if (aes_siv_encrypt(key_2, plaintext_2, sizeof(plaintext_2), 124 3, addr, len, out)) { 125 wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed"); 126 return 1; 127 } 128 if (os_memcmp(out, iv_c_2, sizeof(iv_c_2)) != 0) { 129 wpa_printf(MSG_ERROR, 130 "AES-SIV mode encryption returned invalid cipher text"); 131 return 1; 132 } 133 134 if (aes_siv_decrypt(key_2, iv_c_2, sizeof(iv_c_2), 3, addr, len, out)) { 135 wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed"); 136 return 1; 137 } 138 if (os_memcmp(out, plaintext_2, sizeof(plaintext_2)) != 0) { 139 wpa_printf(MSG_ERROR, 140 "AES-SIV mode decryption returned invalid plain text"); 141 return 1; 142 } 143 144 wpa_printf(MSG_INFO, "AES-SIV test cases passed"); 145 #endif /* CONFIG_MESH */ 146 147 return 0; 148 } 149 150 151 /* OMAC1 AES-128 test vectors from 152 * http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/omac/omac-ad.pdf 153 * which are same as the examples from NIST SP800-38B 154 * http://csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf 155 */ 156 157 struct omac1_test_vector { 158 u8 k[16]; 159 u8 msg[64]; 160 int msg_len; 161 u8 tag[16]; 162 }; 163 164 static const struct omac1_test_vector omac1_test_vectors[] = 165 { 166 { 167 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 168 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 169 { }, 170 0, 171 { 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, 172 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 } 173 }, 174 { 175 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 176 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 177 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 178 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a}, 179 16, 180 { 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, 181 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c } 182 }, 183 { 184 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 185 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 186 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 187 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 188 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 189 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 190 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11 }, 191 40, 192 { 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, 193 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 } 194 }, 195 { 196 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 197 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 198 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 199 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 200 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 201 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 202 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 203 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, 204 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 205 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }, 206 64, 207 { 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, 208 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe } 209 }, 210 }; 211 212 213 static int test_omac1_vector(const struct omac1_test_vector *tv, 214 unsigned int i) 215 { 216 u8 key[] = { 217 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 218 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c 219 }; 220 u8 msg[] = { 0x12, 0x34, 0x56 }; 221 u8 result[24], result2[24]; 222 const u8 *addr[3]; 223 size_t len[3]; 224 225 if (omac1_aes_128(tv->k, tv->msg, tv->msg_len, result) || 226 os_memcmp(result, tv->tag, 16) != 0) { 227 wpa_printf(MSG_ERROR, "OMAC1-AES-128 test vector %u failed", i); 228 return 1; 229 } 230 231 if (tv->msg_len > 1) { 232 233 addr[0] = tv->msg; 234 len[0] = 1; 235 addr[1] = tv->msg + 1; 236 len[1] = tv->msg_len - 1; 237 238 if (omac1_aes_128_vector(tv->k, 2, addr, len, result) || 239 os_memcmp(result, tv->tag, 16) != 0) { 240 wpa_printf(MSG_ERROR, 241 "OMAC1-AES-128(vector) test vector %u failed", 242 i); 243 return 1; 244 } 245 246 addr[0] = tv->msg; 247 len[0] = tv->msg_len - 2; 248 addr[1] = tv->msg + tv->msg_len - 2; 249 len[1] = 1; 250 addr[2] = tv->msg + tv->msg_len - 1; 251 len[2] = 1; 252 253 if (omac1_aes_128_vector(tv->k, 3, addr, len, result) || 254 os_memcmp(result, tv->tag, 16) != 0) { 255 wpa_printf(MSG_ERROR, 256 "OMAC1-AES-128(vector2) test vector %u failed", 257 i); 258 return 1; 259 } 260 } 261 262 addr[0] = &msg[0]; 263 len[0] = 1; 264 addr[1] = &msg[1]; 265 len[1] = 1; 266 addr[2] = &msg[2]; 267 len[2] = 1; 268 if (omac1_aes_128(key, msg, sizeof(msg), result) || 269 omac1_aes_128_vector(key, 3, addr, len, result2) || 270 os_memcmp(result, result2, 16) != 0) { 271 wpa_printf(MSG_ERROR, "OMAC1-AES-128 short test mismatch"); 272 return 1; 273 } 274 275 return 0; 276 } 277 278 279 static int test_omac1(void) 280 { 281 unsigned int i; 282 283 for (i = 0; i < ARRAY_SIZE(omac1_test_vectors); i++) { 284 if (test_omac1_vector(&omac1_test_vectors[i], i)) 285 return 1; 286 } 287 288 wpa_printf(MSG_INFO, "OMAC1-AES-128 test cases passed"); 289 290 return 0; 291 } 292 293 294 static int test_eax(void) 295 { 296 #ifdef EAP_PSK 297 u8 msg[] = { 0xF7, 0xFB }; 298 u8 key[] = { 0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B, 299 0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4 }; 300 u8 nonce[] = { 0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84, 301 0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD }; 302 u8 hdr[] = { 0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA }; 303 u8 cipher[] = { 0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D, 304 0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79, 305 0x67, 0xE5 }; 306 u8 data[sizeof(msg)], tag[AES_BLOCK_SIZE]; 307 308 os_memcpy(data, msg, sizeof(msg)); 309 if (aes_128_eax_encrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr), 310 data, sizeof(data), tag)) { 311 wpa_printf(MSG_ERROR, "AES-128 EAX mode encryption failed"); 312 return 1; 313 } 314 if (os_memcmp(data, cipher, sizeof(data)) != 0) { 315 wpa_printf(MSG_ERROR, 316 "AES-128 EAX mode encryption returned invalid cipher text"); 317 return 1; 318 } 319 if (os_memcmp(tag, cipher + sizeof(data), AES_BLOCK_SIZE) != 0) { 320 wpa_printf(MSG_ERROR, 321 "AES-128 EAX mode encryption returned invalid tag"); 322 return 1; 323 } 324 325 if (aes_128_eax_decrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr), 326 data, sizeof(data), tag)) { 327 wpa_printf(MSG_ERROR, "AES-128 EAX mode decryption failed"); 328 return 1; 329 } 330 if (os_memcmp(data, msg, sizeof(data)) != 0) { 331 wpa_printf(MSG_ERROR, 332 "AES-128 EAX mode decryption returned invalid plain text"); 333 return 1; 334 } 335 336 wpa_printf(MSG_INFO, "AES-128 EAX mode test cases passed"); 337 #endif /* EAP_PSK */ 338 339 return 0; 340 } 341 342 343 static int test_cbc(void) 344 { 345 struct cbc_test_vector { 346 u8 key[16]; 347 u8 iv[16]; 348 u8 plain[32]; 349 u8 cipher[32]; 350 size_t len; 351 } vectors[] = { 352 { 353 { 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b, 354 0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 }, 355 { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30, 356 0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 }, 357 "Single block msg", 358 { 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8, 359 0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a }, 360 16 361 }, 362 { 363 { 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0, 364 0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a }, 365 { 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28, 366 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 }, 367 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 368 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 369 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 370 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, 371 { 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a, 372 0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a, 373 0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9, 374 0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 }, 375 32 376 } 377 }; 378 int ret = 0; 379 u8 *buf; 380 unsigned int i; 381 382 for (i = 0; i < ARRAY_SIZE(vectors); i++) { 383 struct cbc_test_vector *tv = &vectors[i]; 384 385 buf = os_malloc(tv->len); 386 if (buf == NULL) { 387 ret++; 388 break; 389 } 390 391 os_memcpy(buf, tv->plain, tv->len); 392 if (aes_128_cbc_encrypt(tv->key, tv->iv, buf, tv->len) || 393 os_memcmp(buf, tv->cipher, tv->len) != 0) { 394 wpa_printf(MSG_ERROR, "AES-CBC encrypt %d failed", i); 395 ret++; 396 } 397 398 os_memcpy(buf, tv->cipher, tv->len); 399 if (aes_128_cbc_decrypt(tv->key, tv->iv, buf, tv->len) || 400 os_memcmp(buf, tv->plain, tv->len) != 0) { 401 wpa_printf(MSG_ERROR, "AES-CBC decrypt %d failed", i); 402 ret++; 403 } 404 405 os_free(buf); 406 } 407 408 return ret; 409 } 410 411 412 static int test_ecb(void) 413 { 414 #ifdef EAP_PSK 415 struct ecb_test_vector { 416 char *key; 417 char *plaintext; 418 char *ciphertext; 419 } vectors[] = { 420 /* CAVS 11.1 - ECBGFSbox128.rsp */ 421 { 422 "00000000000000000000000000000000", 423 "f34481ec3cc627bacd5dc3fb08f273e6", 424 "0336763e966d92595a567cc9ce537f5e" 425 }, 426 { 427 "00000000000000000000000000000000", 428 "9798c4640bad75c7c3227db910174e72", 429 "a9a1631bf4996954ebc093957b234589" 430 }, 431 { 432 "00000000000000000000000000000000", 433 "96ab5c2ff612d9dfaae8c31f30c42168", 434 "ff4f8391a6a40ca5b25d23bedd44a597" 435 }, 436 { 437 "00000000000000000000000000000000", 438 "6a118a874519e64e9963798a503f1d35", 439 "dc43be40be0e53712f7e2bf5ca707209" 440 }, 441 { 442 "00000000000000000000000000000000", 443 "cb9fceec81286ca3e989bd979b0cb284", 444 "92beedab1895a94faa69b632e5cc47ce" 445 }, 446 { 447 "00000000000000000000000000000000", 448 "b26aeb1874e47ca8358ff22378f09144", 449 "459264f4798f6a78bacb89c15ed3d601" 450 }, 451 { 452 "00000000000000000000000000000000", 453 "58c8e00b2631686d54eab84b91f0aca1", 454 "08a4e2efec8a8e3312ca7460b9040bbf" 455 }, 456 /* CAVS 11.1 - ECBKeySbox128.rsp */ 457 { 458 "10a58869d74be5a374cf867cfb473859", 459 "00000000000000000000000000000000", 460 "6d251e6944b051e04eaa6fb4dbf78465" 461 }, 462 { 463 "caea65cdbb75e9169ecd22ebe6e54675", 464 "00000000000000000000000000000000", 465 "6e29201190152df4ee058139def610bb", 466 } 467 }; 468 int ret = 0; 469 unsigned int i; 470 u8 key[16], plain[16], cipher[16], out[16]; 471 472 for (i = 0; i < ARRAY_SIZE(vectors); i++) { 473 struct ecb_test_vector *tv = &vectors[i]; 474 475 if (hexstr2bin(tv->key, key, sizeof(key)) || 476 hexstr2bin(tv->plaintext, plain, sizeof(plain)) || 477 hexstr2bin(tv->ciphertext, cipher, sizeof(cipher))) { 478 wpa_printf(MSG_ERROR, "Invalid AES-ECB test vector %u", 479 i); 480 ret++; 481 continue; 482 } 483 484 if (aes_128_encrypt_block(key, plain, out) < 0 || 485 os_memcmp(out, cipher, 16) != 0) { 486 wpa_printf(MSG_ERROR, "AES-ECB encrypt %u failed", i); 487 ret++; 488 } 489 } 490 491 if (!ret) 492 wpa_printf(MSG_INFO, "AES ECB mode test cases passed"); 493 494 return ret; 495 #endif /* EAP_PSK */ 496 497 return 0; 498 } 499 500 501 static int test_key_wrap(void) 502 { 503 int ret = 0; 504 505 /* RFC 3394 - Test vector 4.1 */ 506 u8 kek41[] = { 507 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 508 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f 509 }; 510 u8 plain41[] = { 511 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 512 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff 513 }; 514 u8 crypt41[] = { 515 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47, 516 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82, 517 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5 518 }; 519 #ifndef CONFIG_BORINGSSL 520 /* RFC 3394 - Test vector 4.2 */ 521 u8 kek42[] = { 522 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 523 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 524 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 525 }; 526 u8 plain42[] = { 527 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 528 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff 529 }; 530 u8 crypt42[] = { 531 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35, 532 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2, 533 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D 534 }; 535 #endif /* CONFIG_BORINGSSL */ 536 /* RFC 3394 - Test vector 4.3 */ 537 u8 kek43[] = { 538 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 539 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 540 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 541 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F 542 }; 543 u8 plain43[] = { 544 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 545 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff 546 }; 547 u8 crypt43[] = { 548 0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2, 549 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A, 550 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7, 551 }; 552 #ifndef CONFIG_BORINGSSL 553 /* RFC 3394 - Test vector 4.4 */ 554 u8 kek44[] = { 555 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 556 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 557 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 558 }; 559 u8 plain44[] = { 560 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 561 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 562 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 563 }; 564 u8 crypt44[] = { 565 0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32, 566 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC, 567 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93, 568 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2 569 }; 570 #endif /* CONFIG_BORINGSSL */ 571 /* RFC 3394 - Test vector 4.5 */ 572 u8 kek45[] = { 573 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 574 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 575 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 576 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F 577 }; 578 u8 plain45[] = { 579 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 580 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 581 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 582 }; 583 u8 crypt45[] = { 584 0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F, 585 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4, 586 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95, 587 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1, 588 }; 589 /* RFC 3394 - Test vector 4.6 */ 590 u8 kek46[] = { 591 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 592 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 593 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 594 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F 595 }; 596 u8 plain46[] = { 597 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 598 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 599 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 600 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F 601 }; 602 u8 crypt46[] = { 603 0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4, 604 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26, 605 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26, 606 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B, 607 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21 608 }; 609 u8 result[40]; 610 611 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.1"); 612 if (aes_wrap(kek41, sizeof(kek41), sizeof(plain41) / 8, plain41, 613 result)) { 614 wpa_printf(MSG_ERROR, "AES-WRAP-128 reported failure"); 615 ret++; 616 } 617 if (os_memcmp(result, crypt41, sizeof(crypt41)) != 0) { 618 wpa_printf(MSG_ERROR, "AES-WRAP-128 failed"); 619 ret++; 620 } 621 if (aes_unwrap(kek41, sizeof(kek41), sizeof(plain41) / 8, crypt41, 622 result)) { 623 wpa_printf(MSG_ERROR, "AES-UNWRAP-128 reported failure"); 624 ret++; 625 } 626 if (os_memcmp(result, plain41, sizeof(plain41)) != 0) { 627 wpa_printf(MSG_ERROR, "AES-UNWRAP-128 failed"); 628 ret++; 629 } 630 631 #ifndef CONFIG_BORINGSSL 632 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.2"); 633 if (aes_wrap(kek42, sizeof(kek42), sizeof(plain42) / 8, plain42, 634 result)) { 635 wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure"); 636 ret++; 637 } 638 if (os_memcmp(result, crypt42, sizeof(crypt42)) != 0) { 639 wpa_printf(MSG_ERROR, "AES-WRAP-192 failed"); 640 ret++; 641 } 642 if (aes_unwrap(kek42, sizeof(kek42), sizeof(plain42) / 8, crypt42, 643 result)) { 644 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure"); 645 ret++; 646 } 647 if (os_memcmp(result, plain42, sizeof(plain42)) != 0) { 648 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed"); 649 ret++; 650 } 651 #endif /* CONFIG_BORINGSSL */ 652 653 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.3"); 654 if (aes_wrap(kek43, sizeof(kek43), sizeof(plain43) / 8, plain43, 655 result)) { 656 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure"); 657 ret++; 658 } 659 if (os_memcmp(result, crypt43, sizeof(crypt43)) != 0) { 660 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed"); 661 ret++; 662 } 663 if (aes_unwrap(kek43, sizeof(kek43), sizeof(plain43) / 8, crypt43, 664 result)) { 665 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure"); 666 ret++; 667 } 668 if (os_memcmp(result, plain43, sizeof(plain43)) != 0) { 669 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed"); 670 ret++; 671 } 672 673 #ifndef CONFIG_BORINGSSL 674 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.4"); 675 if (aes_wrap(kek44, sizeof(kek44), sizeof(plain44) / 8, plain44, 676 result)) { 677 wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure"); 678 ret++; 679 } 680 if (os_memcmp(result, crypt44, sizeof(crypt44)) != 0) { 681 wpa_printf(MSG_ERROR, "AES-WRAP-192 failed"); 682 ret++; 683 } 684 if (aes_unwrap(kek44, sizeof(kek44), sizeof(plain44) / 8, crypt44, 685 result)) { 686 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure"); 687 ret++; 688 } 689 if (os_memcmp(result, plain44, sizeof(plain44)) != 0) { 690 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed"); 691 ret++; 692 } 693 #endif /* CONFIG_BORINGSSL */ 694 695 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.5"); 696 if (aes_wrap(kek45, sizeof(kek45), sizeof(plain45) / 8, plain45, 697 result)) { 698 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure"); 699 ret++; 700 } 701 if (os_memcmp(result, crypt45, sizeof(crypt45)) != 0) { 702 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed"); 703 ret++; 704 } 705 if (aes_unwrap(kek45, sizeof(kek45), sizeof(plain45) / 8, crypt45, 706 result)) { 707 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure"); 708 ret++; 709 } 710 if (os_memcmp(result, plain45, sizeof(plain45)) != 0) { 711 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed"); 712 ret++; 713 } 714 715 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.6"); 716 if (aes_wrap(kek46, sizeof(kek46), sizeof(plain46) / 8, plain46, 717 result)) { 718 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure"); 719 ret++; 720 } 721 if (os_memcmp(result, crypt46, sizeof(crypt46)) != 0) { 722 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed"); 723 ret++; 724 } 725 if (aes_unwrap(kek46, sizeof(kek46), sizeof(plain46) / 8, crypt46, 726 result)) { 727 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure"); 728 ret++; 729 } 730 if (os_memcmp(result, plain46, sizeof(plain46)) != 0) { 731 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed"); 732 ret++; 733 } 734 735 if (!ret) 736 wpa_printf(MSG_INFO, "AES key wrap/unwrap test cases passed"); 737 738 return ret; 739 } 740 741 742 static int test_md5(void) 743 { 744 #ifndef CONFIG_FIPS 745 struct { 746 char *data; 747 char *hash; 748 } tests[] = { 749 { 750 "", 751 "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04" 752 "\xe9\x80\x09\x98\xec\xf8\x42\x7e" 753 }, 754 { 755 "a", 756 "\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8" 757 "\x31\xc3\x99\xe2\x69\x77\x26\x61" 758 }, 759 { 760 "abc", 761 "\x90\x01\x50\x98\x3c\xd2\x4f\xb0" 762 "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72" 763 }, 764 { 765 "message digest", 766 "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d" 767 "\x52\x5a\x2f\x31\xaa\xf1\x61\xd0" 768 }, 769 { 770 "abcdefghijklmnopqrstuvwxyz", 771 "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00" 772 "\x7d\xfb\x49\x6c\xca\x67\xe1\x3b" 773 }, 774 { 775 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" 776 "0123456789", 777 "\xd1\x74\xab\x98\xd2\x77\xd9\xf5" 778 "\xa5\x61\x1c\x2c\x9f\x41\x9d\x9f" 779 }, 780 { 781 "12345678901234567890123456789012345678901234567890" 782 "123456789012345678901234567890", 783 "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55" 784 "\xac\x49\xda\x2e\x21\x07\xb6\x7a" 785 } 786 }; 787 unsigned int i; 788 u8 hash[16]; 789 const u8 *addr[2]; 790 size_t len[2]; 791 int errors = 0; 792 793 for (i = 0; i < ARRAY_SIZE(tests); i++) { 794 wpa_printf(MSG_INFO, "MD5 test case %d", i); 795 796 addr[0] = (u8 *) tests[i].data; 797 len[0] = strlen(tests[i].data); 798 if (md5_vector(1, addr, len, hash) < 0 || 799 os_memcmp(hash, tests[i].hash, 16) != 0) { 800 wpa_printf(MSG_INFO, " FAIL"); 801 errors++; 802 } else 803 wpa_printf(MSG_INFO, " OK"); 804 805 if (len[0]) { 806 addr[0] = (u8 *) tests[i].data; 807 len[0] = strlen(tests[i].data); 808 addr[1] = (u8 *) tests[i].data + 1; 809 len[1] = strlen(tests[i].data) - 1; 810 if (md5_vector(1, addr, len, hash) < 0 || 811 os_memcmp(hash, tests[i].hash, 16) != 0) { 812 wpa_printf(MSG_INFO, " FAIL"); 813 errors++; 814 } else 815 wpa_printf(MSG_INFO, " OK"); 816 } 817 } 818 819 if (!errors) 820 wpa_printf(MSG_INFO, "MD5 test cases passed"); 821 822 return errors; 823 #else /* CONFIG_FIPS */ 824 wpa_printf(MSG_INFO, "MD5 test cases skipped due to CONFIG_FIPS"); 825 return 0; 826 #endif /* CONFIG_FIPS */ 827 } 828 829 830 static int test_eap_fast(void) 831 { 832 #ifdef EAP_FAST 833 /* RFC 4851, Appendix B.1 */ 834 const u8 pac_key[] = { 835 0x0B, 0x97, 0x39, 0x0F, 0x37, 0x51, 0x78, 0x09, 836 0x81, 0x1E, 0xFD, 0x9C, 0x6E, 0x65, 0x94, 0x2B, 837 0x63, 0x2C, 0xE9, 0x53, 0x89, 0x38, 0x08, 0xBA, 838 0x36, 0x0B, 0x03, 0x7C, 0xD1, 0x85, 0xE4, 0x14 839 }; 840 const u8 seed[] = { 841 0x3F, 0xFB, 0x11, 0xC4, 0x6C, 0xBF, 0xA5, 0x7A, 842 0x54, 0x40, 0xDA, 0xE8, 0x22, 0xD3, 0x11, 0xD3, 843 0xF7, 0x6D, 0xE4, 0x1D, 0xD9, 0x33, 0xE5, 0x93, 844 0x70, 0x97, 0xEB, 0xA9, 0xB3, 0x66, 0xF4, 0x2A, 845 0x00, 0x00, 0x00, 0x02, 0x6A, 0x66, 0x43, 0x2A, 846 0x8D, 0x14, 0x43, 0x2C, 0xEC, 0x58, 0x2D, 0x2F, 847 0xC7, 0x9C, 0x33, 0x64, 0xBA, 0x04, 0xAD, 0x3A, 848 0x52, 0x54, 0xD6, 0xA5, 0x79, 0xAD, 0x1E, 0x00 849 }; 850 const u8 master_secret[] = { 851 0x4A, 0x1A, 0x51, 0x2C, 0x01, 0x60, 0xBC, 0x02, 852 0x3C, 0xCF, 0xBC, 0x83, 0x3F, 0x03, 0xBC, 0x64, 853 0x88, 0xC1, 0x31, 0x2F, 0x0B, 0xA9, 0xA2, 0x77, 854 0x16, 0xA8, 0xD8, 0xE8, 0xBD, 0xC9, 0xD2, 0x29, 855 0x38, 0x4B, 0x7A, 0x85, 0xBE, 0x16, 0x4D, 0x27, 856 0x33, 0xD5, 0x24, 0x79, 0x87, 0xB1, 0xC5, 0xA2 857 }; 858 #ifndef CONFIG_FIPS 859 const u8 key_block[] = { 860 0x59, 0x59, 0xBE, 0x8E, 0x41, 0x3A, 0x77, 0x74, 861 0x8B, 0xB2, 0xE5, 0xD3, 0x60, 0xAC, 0x4D, 0x35, 862 0xDF, 0xFB, 0xC8, 0x1E, 0x9C, 0x24, 0x9C, 0x8B, 863 0x0E, 0xC3, 0x1D, 0x72, 0xC8, 0x84, 0x9D, 0x57, 864 0x48, 0x51, 0x2E, 0x45, 0x97, 0x6C, 0x88, 0x70, 865 0xBE, 0x5F, 0x01, 0xD3, 0x64, 0xE7, 0x4C, 0xBB, 866 0x11, 0x24, 0xE3, 0x49, 0xE2, 0x3B, 0xCD, 0xEF, 867 0x7A, 0xB3, 0x05, 0x39, 0x5D, 0x64, 0x8A, 0x44, 868 0x11, 0xB6, 0x69, 0x88, 0x34, 0x2E, 0x8E, 0x29, 869 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05, 870 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96, 871 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84, 872 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98, 873 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71 874 }; 875 #endif /* CONFIG_FIPS */ 876 const u8 sks[] = { 877 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05, 878 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96, 879 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84, 880 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98, 881 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71 882 }; 883 const u8 isk[] = { 884 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 885 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 886 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 887 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 888 }; 889 const u8 imck[] = { 890 0x16, 0x15, 0x3C, 0x3F, 0x21, 0x55, 0xEF, 0xD9, 891 0x7F, 0x34, 0xAE, 0xC8, 0x1A, 0x4E, 0x66, 0x80, 892 0x4C, 0xC3, 0x76, 0xF2, 0x8A, 0xA9, 0x6F, 0x96, 893 0xC2, 0x54, 0x5F, 0x8C, 0xAB, 0x65, 0x02, 0xE1, 894 0x18, 0x40, 0x7B, 0x56, 0xBE, 0xEA, 0xA7, 0xC5, 895 0x76, 0x5D, 0x8F, 0x0B, 0xC5, 0x07, 0xC6, 0xB9, 896 0x04, 0xD0, 0x69, 0x56, 0x72, 0x8B, 0x6B, 0xB8, 897 0x15, 0xEC, 0x57, 0x7B 898 }; 899 const u8 msk[] = { 900 0x4D, 0x83, 0xA9, 0xBE, 0x6F, 0x8A, 0x74, 0xED, 901 0x6A, 0x02, 0x66, 0x0A, 0x63, 0x4D, 0x2C, 0x33, 902 0xC2, 0xDA, 0x60, 0x15, 0xC6, 0x37, 0x04, 0x51, 903 0x90, 0x38, 0x63, 0xDA, 0x54, 0x3E, 0x14, 0xB9, 904 0x27, 0x99, 0x18, 0x1E, 0x07, 0xBF, 0x0F, 0x5A, 905 0x5E, 0x3C, 0x32, 0x93, 0x80, 0x8C, 0x6C, 0x49, 906 0x67, 0xED, 0x24, 0xFE, 0x45, 0x40, 0xA0, 0x59, 907 0x5E, 0x37, 0xC2, 0xE9, 0xD0, 0x5D, 0x0A, 0xE3 908 }; 909 const u8 emsk[] = { 910 0x3A, 0xD4, 0xAB, 0xDB, 0x76, 0xB2, 0x7F, 0x3B, 911 0xEA, 0x32, 0x2C, 0x2B, 0x74, 0xF4, 0x28, 0x55, 912 0xEF, 0x2D, 0xBA, 0x78, 0xC9, 0x57, 0x2F, 0x0D, 913 0x06, 0xCD, 0x51, 0x7C, 0x20, 0x93, 0x98, 0xA9, 914 0x76, 0xEA, 0x70, 0x21, 0xD7, 0x0E, 0x25, 0x54, 915 0x97, 0xED, 0xB2, 0x8A, 0xF6, 0xED, 0xFD, 0x0A, 916 0x2A, 0xE7, 0xA1, 0x58, 0x90, 0x10, 0x50, 0x44, 917 0xB3, 0x82, 0x85, 0xDB, 0x06, 0x14, 0xD2, 0xF9 918 }; 919 /* RFC 4851, Appendix B.2 */ 920 u8 tlv[] = { 921 0x80, 0x0C, 0x00, 0x38, 0x00, 0x01, 0x01, 0x00, 922 0xD8, 0x6A, 0x8C, 0x68, 0x3C, 0x32, 0x31, 0xA8, 923 0x56, 0x63, 0xB6, 0x40, 0x21, 0xFE, 0x21, 0x14, 924 0x4E, 0xE7, 0x54, 0x20, 0x79, 0x2D, 0x42, 0x62, 925 0xC9, 0xBF, 0x53, 0x7F, 0x54, 0xFD, 0xAC, 0x58, 926 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF, 927 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC, 928 0x05, 0xC5, 0x5B, 0xB7 929 }; 930 const u8 compound_mac[] = { 931 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF, 932 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC, 933 0x05, 0xC5, 0x5B, 0xB7 934 }; 935 u8 buf[512]; 936 const u8 *simck, *cmk; 937 int errors = 0; 938 939 wpa_printf(MSG_INFO, "EAP-FAST test cases"); 940 941 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / master_secret"); 942 if (sha1_t_prf(pac_key, sizeof(pac_key), 943 "PAC to master secret label hash", 944 seed, sizeof(seed), buf, sizeof(master_secret)) < 0 || 945 os_memcmp(master_secret, buf, sizeof(master_secret)) != 0) { 946 wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 947 errors++; 948 } 949 950 #ifndef CONFIG_FIPS 951 wpa_printf(MSG_INFO, "- PRF (TLS, SHA1/MD5) test case / key_block"); 952 if (tls_prf_sha1_md5(master_secret, sizeof(master_secret), 953 "key expansion", seed, sizeof(seed), 954 buf, sizeof(key_block)) || 955 os_memcmp(key_block, buf, sizeof(key_block)) != 0) { 956 wpa_printf(MSG_INFO, "PRF test - FAILED!"); 957 errors++; 958 } 959 #endif /* CONFIG_FIPS */ 960 961 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / IMCK"); 962 if (sha1_t_prf(sks, sizeof(sks), "Inner Methods Compound Keys", 963 isk, sizeof(isk), buf, sizeof(imck)) < 0 || 964 os_memcmp(imck, buf, sizeof(imck)) != 0) { 965 wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 966 errors++; 967 } 968 969 simck = imck; 970 cmk = imck + 40; 971 972 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / MSK"); 973 if (sha1_t_prf(simck, 40, "Session Key Generating Function", 974 (u8 *) "", 0, buf, sizeof(msk)) < 0 || 975 os_memcmp(msk, buf, sizeof(msk)) != 0) { 976 wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 977 errors++; 978 } 979 980 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / EMSK"); 981 if (sha1_t_prf(simck, 40, "Extended Session Key Generating Function", 982 (u8 *) "", 0, buf, sizeof(msk)) < 0 || 983 os_memcmp(emsk, buf, sizeof(emsk)) != 0) { 984 wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 985 errors++; 986 } 987 988 wpa_printf(MSG_INFO, "- Compound MAC test case"); 989 os_memset(tlv + sizeof(tlv) - 20, 0, 20); 990 if (hmac_sha1(cmk, 20, tlv, sizeof(tlv), tlv + sizeof(tlv) - 20) < 0 || 991 os_memcmp(tlv + sizeof(tlv) - 20, compound_mac, 992 sizeof(compound_mac)) != 0) { 993 wpa_printf(MSG_INFO, "Compound MAC test - FAILED!"); 994 errors++; 995 } 996 997 return errors; 998 #else /* EAP_FAST */ 999 return 0; 1000 #endif /* EAP_FAST */ 1001 } 1002 1003 1004 static const u8 key0[] = 1005 { 1006 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1007 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1008 0x0b, 0x0b, 0x0b, 0x0b 1009 }; 1010 static const u8 data0[] = "Hi There"; 1011 static const u8 prf0[] = 1012 { 1013 0xbc, 0xd4, 0xc6, 0x50, 0xb3, 0x0b, 0x96, 0x84, 1014 0x95, 0x18, 0x29, 0xe0, 0xd7, 0x5f, 0x9d, 0x54, 1015 0xb8, 0x62, 0x17, 0x5e, 0xd9, 0xf0, 0x06, 0x06, 1016 0xe1, 0x7d, 0x8d, 0xa3, 0x54, 0x02, 0xff, 0xee, 1017 0x75, 0xdf, 0x78, 0xc3, 0xd3, 0x1e, 0x0f, 0x88, 1018 0x9f, 0x01, 0x21, 0x20, 0xc0, 0x86, 0x2b, 0xeb, 1019 0x67, 0x75, 0x3e, 0x74, 0x39, 0xae, 0x24, 0x2e, 1020 0xdb, 0x83, 0x73, 0x69, 0x83, 0x56, 0xcf, 0x5a 1021 }; 1022 1023 static const u8 key1[] = "Jefe"; 1024 static const u8 data1[] = "what do ya want for nothing?"; 1025 static const u8 prf1[] = 1026 { 1027 0x51, 0xf4, 0xde, 0x5b, 0x33, 0xf2, 0x49, 0xad, 1028 0xf8, 0x1a, 0xeb, 0x71, 0x3a, 0x3c, 0x20, 0xf4, 1029 0xfe, 0x63, 0x14, 0x46, 0xfa, 0xbd, 0xfa, 0x58, 1030 0x24, 0x47, 0x59, 0xae, 0x58, 0xef, 0x90, 0x09, 1031 0xa9, 0x9a, 0xbf, 0x4e, 0xac, 0x2c, 0xa5, 0xfa, 1032 0x87, 0xe6, 0x92, 0xc4, 0x40, 0xeb, 0x40, 0x02, 1033 0x3e, 0x7b, 0xab, 0xb2, 0x06, 0xd6, 0x1d, 0xe7, 1034 0xb9, 0x2f, 0x41, 0x52, 0x90, 0x92, 0xb8, 0xfc 1035 }; 1036 1037 1038 static const u8 key2[] = 1039 { 1040 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1041 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1042 0xaa, 0xaa, 0xaa, 0xaa 1043 }; 1044 static const u8 data2[] = 1045 { 1046 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1047 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1048 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1049 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1050 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1051 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1052 0xdd, 0xdd 1053 }; 1054 static const u8 prf2[] = 1055 { 1056 0xe1, 0xac, 0x54, 0x6e, 0xc4, 0xcb, 0x63, 0x6f, 1057 0x99, 0x76, 0x48, 0x7b, 0xe5, 0xc8, 0x6b, 0xe1, 1058 0x7a, 0x02, 0x52, 0xca, 0x5d, 0x8d, 0x8d, 0xf1, 1059 0x2c, 0xfb, 0x04, 0x73, 0x52, 0x52, 0x49, 0xce, 1060 0x9d, 0xd8, 0xd1, 0x77, 0xea, 0xd7, 0x10, 0xbc, 1061 0x9b, 0x59, 0x05, 0x47, 0x23, 0x91, 0x07, 0xae, 1062 0xf7, 0xb4, 0xab, 0xd4, 0x3d, 0x87, 0xf0, 0xa6, 1063 0x8f, 0x1c, 0xbd, 0x9e, 0x2b, 0x6f, 0x76, 0x07 1064 }; 1065 1066 1067 struct passphrase_test { 1068 char *passphrase; 1069 char *ssid; 1070 char psk[32]; 1071 }; 1072 1073 static const struct passphrase_test passphrase_tests[] = 1074 { 1075 { 1076 "password", 1077 "IEEE", 1078 { 1079 0xf4, 0x2c, 0x6f, 0xc5, 0x2d, 0xf0, 0xeb, 0xef, 1080 0x9e, 0xbb, 0x4b, 0x90, 0xb3, 0x8a, 0x5f, 0x90, 1081 0x2e, 0x83, 0xfe, 0x1b, 0x13, 0x5a, 0x70, 0xe2, 1082 0x3a, 0xed, 0x76, 0x2e, 0x97, 0x10, 0xa1, 0x2e 1083 } 1084 }, 1085 { 1086 "ThisIsAPassword", 1087 "ThisIsASSID", 1088 { 1089 0x0d, 0xc0, 0xd6, 0xeb, 0x90, 0x55, 0x5e, 0xd6, 1090 0x41, 0x97, 0x56, 0xb9, 0xa1, 0x5e, 0xc3, 0xe3, 1091 0x20, 0x9b, 0x63, 0xdf, 0x70, 0x7d, 0xd5, 0x08, 1092 0xd1, 0x45, 0x81, 0xf8, 0x98, 0x27, 0x21, 0xaf 1093 } 1094 }, 1095 { 1096 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 1097 "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ", 1098 { 1099 0xbe, 0xcb, 0x93, 0x86, 0x6b, 0xb8, 0xc3, 0x83, 1100 0x2c, 0xb7, 0x77, 0xc2, 0xf5, 0x59, 0x80, 0x7c, 1101 0x8c, 0x59, 0xaf, 0xcb, 0x6e, 0xae, 0x73, 0x48, 1102 0x85, 0x00, 0x13, 0x00, 0xa9, 0x81, 0xcc, 0x62 1103 } 1104 }, 1105 }; 1106 1107 #define NUM_PASSPHRASE_TESTS ARRAY_SIZE(passphrase_tests) 1108 1109 1110 struct rfc6070_test { 1111 char *p; 1112 char *s; 1113 int c; 1114 char dk[32]; 1115 size_t dk_len; 1116 }; 1117 1118 static const struct rfc6070_test rfc6070_tests[] = 1119 { 1120 { 1121 "password", 1122 "salt", 1123 1, 1124 { 1125 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71, 1126 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06, 1127 0x2f, 0xe0, 0x37, 0xa6 1128 }, 1129 20 1130 }, 1131 { 1132 "password", 1133 "salt", 1134 2, 1135 { 1136 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c, 1137 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0, 1138 0xd8, 0xde, 0x89, 0x57 1139 }, 1140 20 1141 }, 1142 { 1143 "password", 1144 "salt", 1145 4096, 1146 { 1147 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a, 1148 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0, 1149 0x65, 0xa4, 0x29, 0xc1 1150 }, 1151 20 1152 }, 1153 #if 0 /* This takes quite long to derive.. */ 1154 { 1155 "password", 1156 "salt", 1157 16777216, 1158 { 1159 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4, 1160 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c, 1161 0x26, 0x34, 0xe9, 0x84 1162 }, 1163 20 1164 }, 1165 #endif 1166 { 1167 "passwordPASSWORDpassword", 1168 "saltSALTsaltSALTsaltSALTsaltSALTsalt", 1169 4096, 1170 { 1171 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b, 1172 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a, 1173 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70, 1174 0x38 1175 }, 1176 25 1177 }, 1178 #if 0 /* \0 not currently supported in passphrase parameters.. */ 1179 { 1180 "pass\0word", 1181 "sa\0lt", 1182 4096, 1183 { 1184 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d, 1185 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3 1186 }, 1187 16 1188 }, 1189 #endif 1190 }; 1191 1192 #define NUM_RFC6070_TESTS ARRAY_SIZE(rfc6070_tests) 1193 1194 1195 static int test_sha1(void) 1196 { 1197 u8 res[512]; 1198 int ret = 0; 1199 unsigned int i; 1200 1201 wpa_printf(MSG_INFO, "PRF-SHA1 test cases:"); 1202 1203 if (sha1_prf(key0, sizeof(key0), "prefix", data0, sizeof(data0) - 1, 1204 res, sizeof(prf0)) == 0 && 1205 os_memcmp(res, prf0, sizeof(prf0)) == 0) 1206 wpa_printf(MSG_INFO, "Test case 0 - OK"); 1207 else { 1208 wpa_printf(MSG_INFO, "Test case 0 - FAILED!"); 1209 ret++; 1210 } 1211 1212 if (sha1_prf(key1, sizeof(key1) - 1, "prefix", data1, sizeof(data1) - 1, 1213 res, sizeof(prf1)) == 0 && 1214 os_memcmp(res, prf1, sizeof(prf1)) == 0) 1215 wpa_printf(MSG_INFO, "Test case 1 - OK"); 1216 else { 1217 wpa_printf(MSG_INFO, "Test case 1 - FAILED!"); 1218 ret++; 1219 } 1220 1221 if (sha1_prf(key2, sizeof(key2), "prefix", data2, sizeof(data2), 1222 res, sizeof(prf2)) == 0 && 1223 os_memcmp(res, prf2, sizeof(prf2)) == 0) 1224 wpa_printf(MSG_INFO, "Test case 2 - OK"); 1225 else { 1226 wpa_printf(MSG_INFO, "Test case 2 - FAILED!"); 1227 ret++; 1228 } 1229 1230 ret += test_eap_fast(); 1231 1232 wpa_printf(MSG_INFO, "PBKDF2-SHA1 Passphrase test cases:"); 1233 for (i = 0; i < NUM_PASSPHRASE_TESTS; i++) { 1234 u8 psk[32]; 1235 const struct passphrase_test *test = &passphrase_tests[i]; 1236 1237 if (pbkdf2_sha1(test->passphrase, 1238 (const u8 *) test->ssid, strlen(test->ssid), 1239 4096, psk, 32) == 0 && 1240 os_memcmp(psk, test->psk, 32) == 0) 1241 wpa_printf(MSG_INFO, "Test case %d - OK", i); 1242 else { 1243 wpa_printf(MSG_INFO, "Test case %d - FAILED!", i); 1244 ret++; 1245 } 1246 } 1247 1248 wpa_printf(MSG_INFO, "PBKDF2-SHA1 test cases (RFC 6070):"); 1249 for (i = 0; i < NUM_RFC6070_TESTS; i++) { 1250 u8 dk[25]; 1251 const struct rfc6070_test *test = &rfc6070_tests[i]; 1252 1253 if (pbkdf2_sha1(test->p, (const u8 *) test->s, strlen(test->s), 1254 test->c, dk, test->dk_len) == 0 && 1255 os_memcmp(dk, test->dk, test->dk_len) == 0) 1256 wpa_printf(MSG_INFO, "Test case %d - OK", i); 1257 else { 1258 wpa_printf(MSG_INFO, "Test case %d - FAILED!", i); 1259 ret++; 1260 } 1261 } 1262 1263 if (!ret) 1264 wpa_printf(MSG_INFO, "SHA1 test cases passed"); 1265 return ret; 1266 } 1267 1268 1269 const struct { 1270 char *data; 1271 u8 hash[32]; 1272 } tests[] = { 1273 { 1274 "abc", 1275 { 1276 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 1277 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, 1278 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 1279 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad 1280 } 1281 }, 1282 { 1283 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1284 { 1285 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, 1286 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, 1287 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, 1288 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1 1289 } 1290 } 1291 }; 1292 1293 const struct hmac_test { 1294 u8 key[80]; 1295 size_t key_len; 1296 u8 data[128]; 1297 size_t data_len; 1298 u8 hash[32]; 1299 } hmac_tests[] = { 1300 /* draft-ietf-ipsec-ciph-sha-256-01.txt */ 1301 { 1302 { 1303 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1304 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1305 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1306 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 1307 }, 1308 32, 1309 "abc", 3, 1310 { 1311 0xa2, 0x1b, 0x1f, 0x5d, 0x4c, 0xf4, 0xf7, 0x3a, 1312 0x4d, 0xd9, 0x39, 0x75, 0x0f, 0x7a, 0x06, 0x6a, 1313 0x7f, 0x98, 0xcc, 0x13, 0x1c, 0xb1, 0x6a, 0x66, 1314 0x92, 0x75, 0x90, 0x21, 0xcf, 0xab, 0x81, 0x81 1315 } 1316 }, 1317 { 1318 { 1319 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1320 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1321 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1322 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 1323 }, 1324 32, 1325 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1326 56, 1327 { 1328 0x10, 0x4f, 0xdc, 0x12, 0x57, 0x32, 0x8f, 0x08, 1329 0x18, 0x4b, 0xa7, 0x31, 0x31, 0xc5, 0x3c, 0xae, 1330 0xe6, 0x98, 0xe3, 0x61, 0x19, 0x42, 0x11, 0x49, 1331 0xea, 0x8c, 0x71, 0x24, 0x56, 0x69, 0x7d, 0x30 1332 } 1333 }, 1334 { 1335 { 1336 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1337 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1338 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1339 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 1340 }, 1341 32, 1342 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" 1343 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1344 112, 1345 { 1346 0x47, 0x03, 0x05, 0xfc, 0x7e, 0x40, 0xfe, 0x34, 1347 0xd3, 0xee, 0xb3, 0xe7, 0x73, 0xd9, 0x5a, 0xab, 1348 0x73, 0xac, 0xf0, 0xfd, 0x06, 0x04, 0x47, 0xa5, 1349 0xeb, 0x45, 0x95, 0xbf, 0x33, 0xa9, 0xd1, 0xa3 1350 } 1351 }, 1352 { 1353 { 1354 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1355 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1356 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1357 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b 1358 }, 1359 32, 1360 "Hi There", 1361 8, 1362 { 1363 0x19, 0x8a, 0x60, 0x7e, 0xb4, 0x4b, 0xfb, 0xc6, 1364 0x99, 0x03, 0xa0, 0xf1, 0xcf, 0x2b, 0xbd, 0xc5, 1365 0xba, 0x0a, 0xa3, 0xf3, 0xd9, 0xae, 0x3c, 0x1c, 1366 0x7a, 0x3b, 0x16, 0x96, 0xa0, 0xb6, 0x8c, 0xf7 1367 } 1368 }, 1369 { 1370 "Jefe", 1371 4, 1372 "what do ya want for nothing?", 1373 28, 1374 { 1375 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 1376 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7, 1377 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83, 1378 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43 1379 } 1380 }, 1381 { 1382 { 1383 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1384 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1385 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1386 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa 1387 }, 1388 32, 1389 { 1390 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1391 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1392 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1393 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1394 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1395 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1396 0xdd, 0xdd 1397 }, 1398 50, 1399 { 1400 0xcd, 0xcb, 0x12, 0x20, 0xd1, 0xec, 0xcc, 0xea, 1401 0x91, 0xe5, 0x3a, 0xba, 0x30, 0x92, 0xf9, 0x62, 1402 0xe5, 0x49, 0xfe, 0x6c, 0xe9, 0xed, 0x7f, 0xdc, 1403 0x43, 0x19, 0x1f, 0xbd, 0xe4, 0x5c, 0x30, 0xb0 1404 } 1405 }, 1406 { 1407 { 1408 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1409 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1410 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1411 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 1412 0x21, 0x22, 0x23, 0x24, 0x25 1413 }, 1414 37, 1415 { 1416 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1417 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1418 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1419 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1420 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1421 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1422 0xcd, 0xcd 1423 }, 1424 50, 1425 { 1426 0xd4, 0x63, 0x3c, 0x17, 0xf6, 0xfb, 0x8d, 0x74, 1427 0x4c, 0x66, 0xde, 0xe0, 0xf8, 0xf0, 0x74, 0x55, 1428 0x6e, 0xc4, 0xaf, 0x55, 0xef, 0x07, 0x99, 0x85, 1429 0x41, 0x46, 0x8e, 0xb4, 0x9b, 0xd2, 0xe9, 0x17 1430 } 1431 }, 1432 { 1433 { 1434 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 1435 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 1436 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 1437 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c 1438 }, 1439 32, 1440 "Test With Truncation", 1441 20, 1442 { 1443 0x75, 0x46, 0xaf, 0x01, 0x84, 0x1f, 0xc0, 0x9b, 1444 0x1a, 0xb9, 0xc3, 0x74, 0x9a, 0x5f, 0x1c, 0x17, 1445 0xd4, 0xf5, 0x89, 0x66, 0x8a, 0x58, 0x7b, 0x27, 1446 0x00, 0xa9, 0xc9, 0x7c, 0x11, 0x93, 0xcf, 0x42 1447 } 1448 }, 1449 { 1450 { 1451 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1452 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1453 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1454 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1455 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1456 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1457 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1458 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1459 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1460 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa 1461 }, 1462 80, 1463 "Test Using Larger Than Block-Size Key - Hash Key First", 1464 54, 1465 { 1466 0x69, 0x53, 0x02, 0x5e, 0xd9, 0x6f, 0x0c, 0x09, 1467 0xf8, 0x0a, 0x96, 0xf7, 0x8e, 0x65, 0x38, 0xdb, 1468 0xe2, 0xe7, 0xb8, 0x20, 0xe3, 0xdd, 0x97, 0x0e, 1469 0x7d, 0xdd, 0x39, 0x09, 0x1b, 0x32, 0x35, 0x2f 1470 } 1471 }, 1472 { 1473 { 1474 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1475 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1476 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1477 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1478 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1479 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1480 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1481 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1482 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1483 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa 1484 }, 1485 80, 1486 "Test Using Larger Than Block-Size Key and Larger Than One " 1487 "Block-Size Data", 1488 73, 1489 { 1490 0x63, 0x55, 0xac, 0x22, 0xe8, 0x90, 0xd0, 0xa3, 1491 0xc8, 0x48, 0x1a, 0x5c, 0xa4, 0x82, 0x5b, 0xc8, 1492 0x84, 0xd3, 0xe7, 0xa1, 0xff, 0x98, 0xa2, 0xfc, 1493 0x2a, 0xc7, 0xd8, 0xe0, 0x64, 0xc3, 0xb2, 0xe6 1494 } 1495 } 1496 }; 1497 1498 1499 static int test_sha256(void) 1500 { 1501 unsigned int i; 1502 u8 hash[32]; 1503 const u8 *addr[2]; 1504 size_t len[2]; 1505 int errors = 0; 1506 u8 *key; 1507 1508 for (i = 0; i < ARRAY_SIZE(tests); i++) { 1509 wpa_printf(MSG_INFO, "SHA256 test case %d:", i + 1); 1510 1511 addr[0] = (u8 *) tests[i].data; 1512 len[0] = strlen(tests[i].data); 1513 sha256_vector(1, addr, len, hash); 1514 if (memcmp(hash, tests[i].hash, 32) != 0) { 1515 wpa_printf(MSG_INFO, " FAIL"); 1516 errors++; 1517 } else 1518 wpa_printf(MSG_INFO, " OK"); 1519 1520 if (len[0]) { 1521 addr[0] = (u8 *) tests[i].data; 1522 len[0] = 1; 1523 addr[1] = (u8 *) tests[i].data + 1; 1524 len[1] = strlen(tests[i].data) - 1; 1525 sha256_vector(2, addr, len, hash); 1526 if (memcmp(hash, tests[i].hash, 32) != 0) { 1527 wpa_printf(MSG_INFO, " FAIL"); 1528 errors++; 1529 } else 1530 wpa_printf(MSG_INFO, " OK"); 1531 } 1532 } 1533 1534 for (i = 0; i < ARRAY_SIZE(hmac_tests); i++) { 1535 const struct hmac_test *t = &hmac_tests[i]; 1536 1537 wpa_printf(MSG_INFO, "HMAC-SHA256 test case %d:", i + 1); 1538 1539 if (hmac_sha256(t->key, t->key_len, t->data, t->data_len, 1540 hash) < 0 || 1541 os_memcmp(hash, t->hash, 32) != 0) { 1542 wpa_printf(MSG_INFO, " FAIL"); 1543 errors++; 1544 } else 1545 wpa_printf(MSG_INFO, " OK"); 1546 1547 addr[0] = t->data; 1548 len[0] = t->data_len; 1549 if (hmac_sha256_vector(t->key, t->key_len, 1, addr, len, 1550 hash) < 0 || 1551 os_memcmp(hash, t->hash, 32) != 0) { 1552 wpa_printf(MSG_INFO, " FAIL"); 1553 errors++; 1554 } else 1555 wpa_printf(MSG_INFO, " OK"); 1556 1557 if (len[0]) { 1558 addr[0] = t->data; 1559 len[0] = 1; 1560 addr[1] = t->data + 1; 1561 len[1] = t->data_len - 1; 1562 if (hmac_sha256_vector(t->key, t->key_len, 2, addr, len, 1563 hash) < 0 || 1564 os_memcmp(hash, t->hash, 32) != 0) { 1565 wpa_printf(MSG_INFO, " FAIL"); 1566 errors++; 1567 } else 1568 wpa_printf(MSG_INFO, " OK"); 1569 } 1570 } 1571 1572 wpa_printf(MSG_INFO, "Test IEEE 802.11r KDF"); 1573 sha256_prf((u8 *) "abc", 3, "KDF test", (u8 *) "data", 4, 1574 hash, sizeof(hash)); 1575 /* TODO: add proper test case for this */ 1576 1577 key = os_malloc(8161); 1578 if (key) { 1579 #ifdef CONFIG_HMAC_SHA256_KDF 1580 int res; 1581 1582 res = hmac_sha256_kdf((u8 *) "secret", 6, "label", 1583 (u8 *) "seed", 4, key, 8160); 1584 if (res) { 1585 wpa_printf(MSG_INFO, 1586 "Unexpected hmac_sha256_kdf(outlen=8160) failure"); 1587 errors++; 1588 } 1589 1590 res = hmac_sha256_kdf((u8 *) "secret", 6, "label", 1591 (u8 *) "seed", 4, key, 8161); 1592 if (res == 0) { 1593 wpa_printf(MSG_INFO, 1594 "Unexpected hmac_sha256_kdf(outlen=8161) success"); 1595 errors++; 1596 } 1597 #endif /* CONFIG_HMAC_SHA256_KDF */ 1598 1599 os_free(key); 1600 } 1601 1602 if (!errors) 1603 wpa_printf(MSG_INFO, "SHA256 test cases passed"); 1604 return errors; 1605 } 1606 1607 1608 static int test_fips186_2_prf(void) 1609 { 1610 /* http://csrc.nist.gov/encryption/dss/Examples-1024bit.pdf */ 1611 u8 xkey[] = { 1612 0xbd, 0x02, 0x9b, 0xbe, 0x7f, 0x51, 0x96, 0x0b, 1613 0xcf, 0x9e, 0xdb, 0x2b, 0x61, 0xf0, 0x6f, 0x0f, 1614 0xeb, 0x5a, 0x38, 0xb6 1615 }; 1616 u8 w[] = { 1617 0x20, 0x70, 0xb3, 0x22, 0x3d, 0xba, 0x37, 0x2f, 1618 0xde, 0x1c, 0x0f, 0xfc, 0x7b, 0x2e, 0x3b, 0x49, 1619 0x8b, 0x26, 0x06, 0x14, 0x3c, 0x6c, 0x18, 0xba, 1620 0xcb, 0x0f, 0x6c, 0x55, 0xba, 0xbb, 0x13, 0x78, 1621 0x8e, 0x20, 0xd7, 0x37, 0xa3, 0x27, 0x51, 0x16 1622 }; 1623 u8 buf[40]; 1624 1625 wpa_printf(MSG_INFO, 1626 "Testing EAP-SIM PRF (FIPS 186-2 + change notice 1)"); 1627 if (fips186_2_prf(xkey, sizeof(xkey), buf, sizeof(buf)) < 0 || 1628 os_memcmp(w, buf, sizeof(w)) != 0) { 1629 wpa_printf(MSG_INFO, "fips186_2_prf failed"); 1630 return 1; 1631 } 1632 1633 return 0; 1634 } 1635 1636 1637 static int test_ms_funcs(void) 1638 { 1639 #ifndef CONFIG_FIPS 1640 /* Test vector from RFC2759 example */ 1641 char *username = "User"; 1642 char *password = "clientPass"; 1643 u8 auth_challenge[] = { 1644 0x5B, 0x5D, 0x7C, 0x7D, 0x7B, 0x3F, 0x2F, 0x3E, 1645 0x3C, 0x2C, 0x60, 0x21, 0x32, 0x26, 0x26, 0x28 1646 }; 1647 u8 peer_challenge[] = { 1648 0x21, 0x40, 0x23, 0x24, 0x25, 0x5E, 0x26, 0x2A, 1649 0x28, 0x29, 0x5F, 0x2B, 0x3A, 0x33, 0x7C, 0x7E 1650 }; 1651 u8 password_hash[] = { 1652 0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6, 1653 0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE 1654 }; 1655 u8 nt_response[] = { 1656 0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E, 1657 0xA0, 0x8F, 0xAA, 0x39, 0x81, 0xCD, 0x83, 0x54, 1658 0x42, 0x33, 0x11, 0x4A, 0x3D, 0x85, 0xD6, 0xDF 1659 }; 1660 u8 password_hash_hash[] = { 1661 0x41, 0xC0, 0x0C, 0x58, 0x4B, 0xD2, 0xD9, 0x1C, 1662 0x40, 0x17, 0xA2, 0xA1, 0x2F, 0xA5, 0x9F, 0x3F 1663 }; 1664 u8 authenticator_response[] = { 1665 0x40, 0x7A, 0x55, 0x89, 0x11, 0x5F, 0xD0, 0xD6, 1666 0x20, 0x9F, 0x51, 0x0F, 0xE9, 0xC0, 0x45, 0x66, 1667 0x93, 0x2C, 0xDA, 0x56 1668 }; 1669 u8 master_key[] = { 1670 0xFD, 0xEC, 0xE3, 0x71, 0x7A, 0x8C, 0x83, 0x8C, 1671 0xB3, 0x88, 0xE5, 0x27, 0xAE, 0x3C, 0xDD, 0x31 1672 }; 1673 u8 send_start_key[] = { 1674 0x8B, 0x7C, 0xDC, 0x14, 0x9B, 0x99, 0x3A, 0x1B, 1675 0xA1, 0x18, 0xCB, 0x15, 0x3F, 0x56, 0xDC, 0xCB 1676 }; 1677 u8 buf[32]; 1678 int errors = 0; 1679 1680 if (nt_password_hash((u8 *) password, os_strlen(password), buf) || 1681 os_memcmp(password_hash, buf, sizeof(password_hash)) != 0) { 1682 wpa_printf(MSG_ERROR, "nt_password_hash failed"); 1683 errors++; 1684 } 1685 1686 if (generate_nt_response(auth_challenge, peer_challenge, 1687 (u8 *) username, os_strlen(username), 1688 (u8 *) password, os_strlen(password), buf) || 1689 os_memcmp(nt_response, buf, sizeof(nt_response)) != 0) { 1690 wpa_printf(MSG_ERROR, "generate_nt_response failed"); 1691 errors++; 1692 } 1693 1694 if (hash_nt_password_hash(password_hash, buf) || 1695 os_memcmp(password_hash_hash, buf, 1696 sizeof(password_hash_hash)) != 0) { 1697 wpa_printf(MSG_ERROR, "hash_nt_password_hash failed"); 1698 errors++; 1699 } 1700 1701 if (generate_authenticator_response((u8 *) password, 1702 os_strlen(password), 1703 peer_challenge, auth_challenge, 1704 (u8 *) username, 1705 os_strlen(username), 1706 nt_response, buf) || 1707 os_memcmp(authenticator_response, buf, 1708 sizeof(authenticator_response)) != 0) { 1709 wpa_printf(MSG_ERROR, "generate_authenticator_response failed"); 1710 errors++; 1711 } 1712 1713 if (get_master_key(password_hash_hash, nt_response, buf) || 1714 os_memcmp(master_key, buf, sizeof(master_key)) != 0) { 1715 wpa_printf(MSG_ERROR, "get_master_key failed"); 1716 errors++; 1717 } 1718 1719 if (get_asymetric_start_key(master_key, buf, sizeof(send_start_key), 1720 1, 1) || 1721 os_memcmp(send_start_key, buf, sizeof(send_start_key)) != 0) { 1722 wpa_printf(MSG_ERROR, "get_asymetric_start_key failed"); 1723 errors++; 1724 } 1725 1726 if (errors) 1727 wpa_printf(MSG_ERROR, "ms_funcs: %d errors", errors); 1728 else 1729 wpa_printf(MSG_INFO, "ms_funcs test cases passed"); 1730 1731 return errors; 1732 #else /* CONFIG_FIPS */ 1733 wpa_printf(MSG_INFO, "ms_funcs test cases skipped due to CONFIG_FIPS"); 1734 return 0; 1735 #endif /* CONFIG_FIPS */ 1736 } 1737 1738 1739 int crypto_module_tests(void) 1740 { 1741 int ret = 0; 1742 1743 wpa_printf(MSG_INFO, "crypto module tests"); 1744 if (test_siv() || 1745 test_omac1() || 1746 test_eax() || 1747 test_cbc() || 1748 test_ecb() || 1749 test_key_wrap() || 1750 test_md5() || 1751 test_sha1() || 1752 test_sha256() || 1753 test_fips186_2_prf() || 1754 test_ms_funcs()) 1755 ret = -1; 1756 1757 return ret; 1758 } 1759
