1 /* 2 * crypto module tests 3 * Copyright (c) 2014-2015, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "utils/module_tests.h" 13 #include "crypto/aes_siv.h" 14 #include "crypto/aes_wrap.h" 15 #include "crypto/aes.h" 16 #include "crypto/ms_funcs.h" 17 #include "crypto/crypto.h" 18 #include "crypto/sha1.h" 19 #include "crypto/sha256.h" 20 #include "crypto/sha384.h" 21 22 23 static int test_siv(void) 24 { 25 #ifdef CONFIG_MESH 26 /* RFC 5297, A.1. Deterministic Authenticated Encryption Example */ 27 u8 key[] = { 28 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 29 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0, 30 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 31 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff 32 }; 33 u8 ad[] = { 34 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 35 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 36 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27 37 }; 38 u8 plaintext[] = { 39 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 40 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee 41 }; 42 u8 iv_c[] = { 43 0x85, 0x63, 0x2d, 0x07, 0xc6, 0xe8, 0xf3, 0x7f, 44 0x95, 0x0a, 0xcd, 0x32, 0x0a, 0x2e, 0xcc, 0x93, 45 0x40, 0xc0, 0x2b, 0x96, 0x90, 0xc4, 0xdc, 0x04, 46 0xda, 0xef, 0x7f, 0x6a, 0xfe, 0x5c 47 }; 48 /* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */ 49 u8 key_2[] = { 50 0x7f, 0x7e, 0x7d, 0x7c, 0x7b, 0x7a, 0x79, 0x78, 51 0x77, 0x76, 0x75, 0x74, 0x73, 0x72, 0x71, 0x70, 52 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 53 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f 54 }; 55 u8 ad1_2[] = { 56 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 57 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 58 0xde, 0xad, 0xda, 0xda, 0xde, 0xad, 0xda, 0xda, 59 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88, 60 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00 61 }; 62 u8 ad2_2[] = { 63 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80, 64 0x90, 0xa0 65 }; 66 u8 nonce_2[] = { 67 0x09, 0xf9, 0x11, 0x02, 0x9d, 0x74, 0xe3, 0x5b, 68 0xd8, 0x41, 0x56, 0xc5, 0x63, 0x56, 0x88, 0xc0 69 }; 70 u8 plaintext_2[] = { 71 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 72 0x73, 0x6f, 0x6d, 0x65, 0x20, 0x70, 0x6c, 0x61, 73 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x20, 0x74, 74 0x6f, 0x20, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 75 0x74, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x20, 76 0x53, 0x49, 0x56, 0x2d, 0x41, 0x45, 0x53 77 }; 78 u8 iv_c_2[] = { 79 0x7b, 0xdb, 0x6e, 0x3b, 0x43, 0x26, 0x67, 0xeb, 80 0x06, 0xf4, 0xd1, 0x4b, 0xff, 0x2f, 0xbd, 0x0f, 81 0xcb, 0x90, 0x0f, 0x2f, 0xdd, 0xbe, 0x40, 0x43, 82 0x26, 0x60, 0x19, 0x65, 0xc8, 0x89, 0xbf, 0x17, 83 0xdb, 0xa7, 0x7c, 0xeb, 0x09, 0x4f, 0xa6, 0x63, 84 0xb7, 0xa3, 0xf7, 0x48, 0xba, 0x8a, 0xf8, 0x29, 85 0xea, 0x64, 0xad, 0x54, 0x4a, 0x27, 0x2e, 0x9c, 86 0x48, 0x5b, 0x62, 0xa3, 0xfd, 0x5c, 0x0d 87 }; 88 u8 out[2 * AES_BLOCK_SIZE + sizeof(plaintext_2)]; 89 const u8 *addr[3]; 90 size_t len[3]; 91 92 /* RFC 5297, A.1. Deterministic Authenticated Encryption Example */ 93 addr[0] = ad; 94 len[0] = sizeof(ad); 95 96 if (aes_siv_encrypt(key, sizeof(key), plaintext, sizeof(plaintext), 97 1, addr, len, out)) { 98 wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed"); 99 return 1; 100 } 101 if (os_memcmp(out, iv_c, sizeof(iv_c)) != 0) { 102 wpa_printf(MSG_ERROR, 103 "AES-SIV mode encryption returned invalid cipher text"); 104 return 1; 105 } 106 107 if (aes_siv_decrypt(key, sizeof(key), iv_c, sizeof(iv_c), 108 1, addr, len, out)) { 109 wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed"); 110 return 1; 111 } 112 if (os_memcmp(out, plaintext, sizeof(plaintext)) != 0) { 113 wpa_printf(MSG_ERROR, 114 "AES-SIV mode decryption returned invalid plain text"); 115 return 1; 116 } 117 118 /* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */ 119 addr[0] = ad1_2; 120 len[0] = sizeof(ad1_2); 121 addr[1] = ad2_2; 122 len[1] = sizeof(ad2_2); 123 addr[2] = nonce_2; 124 len[2] = sizeof(nonce_2); 125 126 if (aes_siv_encrypt(key_2, sizeof(key_2), 127 plaintext_2, sizeof(plaintext_2), 128 3, addr, len, out)) { 129 wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed"); 130 return 1; 131 } 132 if (os_memcmp(out, iv_c_2, sizeof(iv_c_2)) != 0) { 133 wpa_printf(MSG_ERROR, 134 "AES-SIV mode encryption returned invalid cipher text"); 135 return 1; 136 } 137 138 if (aes_siv_decrypt(key_2, sizeof(key_2), iv_c_2, sizeof(iv_c_2), 139 3, addr, len, out)) { 140 wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed"); 141 return 1; 142 } 143 if (os_memcmp(out, plaintext_2, sizeof(plaintext_2)) != 0) { 144 wpa_printf(MSG_ERROR, 145 "AES-SIV mode decryption returned invalid plain text"); 146 return 1; 147 } 148 149 wpa_printf(MSG_INFO, "AES-SIV test cases passed"); 150 #endif /* CONFIG_MESH */ 151 152 return 0; 153 } 154 155 156 /* OMAC1 AES-128 test vectors from 157 * http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/omac/omac-ad.pdf 158 * which are same as the examples from NIST SP800-38B 159 * http://csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf 160 */ 161 162 struct omac1_test_vector { 163 u8 k[16]; 164 u8 msg[64]; 165 int msg_len; 166 u8 tag[16]; 167 }; 168 169 static const struct omac1_test_vector omac1_test_vectors[] = 170 { 171 { 172 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 173 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 174 { }, 175 0, 176 { 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, 177 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 } 178 }, 179 { 180 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 181 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 182 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 183 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a}, 184 16, 185 { 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, 186 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c } 187 }, 188 { 189 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 190 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 191 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 192 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 193 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 194 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 195 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11 }, 196 40, 197 { 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, 198 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 } 199 }, 200 { 201 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 202 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 203 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 204 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 205 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 206 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 207 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 208 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, 209 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 210 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }, 211 64, 212 { 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, 213 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe } 214 }, 215 }; 216 217 218 static int test_omac1_vector(const struct omac1_test_vector *tv, 219 unsigned int i) 220 { 221 u8 key[] = { 222 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 223 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c 224 }; 225 u8 msg[] = { 0x12, 0x34, 0x56 }; 226 u8 result[24], result2[24]; 227 const u8 *addr[3]; 228 size_t len[3]; 229 230 if (omac1_aes_128(tv->k, tv->msg, tv->msg_len, result) || 231 os_memcmp(result, tv->tag, 16) != 0) { 232 wpa_printf(MSG_ERROR, "OMAC1-AES-128 test vector %u failed", i); 233 return 1; 234 } 235 236 if (tv->msg_len > 1) { 237 238 addr[0] = tv->msg; 239 len[0] = 1; 240 addr[1] = tv->msg + 1; 241 len[1] = tv->msg_len - 1; 242 243 if (omac1_aes_128_vector(tv->k, 2, addr, len, result) || 244 os_memcmp(result, tv->tag, 16) != 0) { 245 wpa_printf(MSG_ERROR, 246 "OMAC1-AES-128(vector) test vector %u failed", 247 i); 248 return 1; 249 } 250 251 addr[0] = tv->msg; 252 len[0] = tv->msg_len - 2; 253 addr[1] = tv->msg + tv->msg_len - 2; 254 len[1] = 1; 255 addr[2] = tv->msg + tv->msg_len - 1; 256 len[2] = 1; 257 258 if (omac1_aes_128_vector(tv->k, 3, addr, len, result) || 259 os_memcmp(result, tv->tag, 16) != 0) { 260 wpa_printf(MSG_ERROR, 261 "OMAC1-AES-128(vector2) test vector %u failed", 262 i); 263 return 1; 264 } 265 } 266 267 addr[0] = &msg[0]; 268 len[0] = 1; 269 addr[1] = &msg[1]; 270 len[1] = 1; 271 addr[2] = &msg[2]; 272 len[2] = 1; 273 if (omac1_aes_128(key, msg, sizeof(msg), result) || 274 omac1_aes_128_vector(key, 3, addr, len, result2) || 275 os_memcmp(result, result2, 16) != 0) { 276 wpa_printf(MSG_ERROR, "OMAC1-AES-128 short test mismatch"); 277 return 1; 278 } 279 280 return 0; 281 } 282 283 284 static int test_omac1(void) 285 { 286 unsigned int i; 287 288 for (i = 0; i < ARRAY_SIZE(omac1_test_vectors); i++) { 289 if (test_omac1_vector(&omac1_test_vectors[i], i)) 290 return 1; 291 } 292 293 wpa_printf(MSG_INFO, "OMAC1-AES-128 test cases passed"); 294 295 return 0; 296 } 297 298 299 static int test_eax(void) 300 { 301 #ifdef EAP_PSK 302 u8 msg[] = { 0xF7, 0xFB }; 303 u8 key[] = { 0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B, 304 0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4 }; 305 u8 nonce[] = { 0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84, 306 0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD }; 307 u8 hdr[] = { 0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA }; 308 u8 cipher[] = { 0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D, 309 0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79, 310 0x67, 0xE5 }; 311 u8 data[sizeof(msg)], tag[AES_BLOCK_SIZE]; 312 313 os_memcpy(data, msg, sizeof(msg)); 314 if (aes_128_eax_encrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr), 315 data, sizeof(data), tag)) { 316 wpa_printf(MSG_ERROR, "AES-128 EAX mode encryption failed"); 317 return 1; 318 } 319 if (os_memcmp(data, cipher, sizeof(data)) != 0) { 320 wpa_printf(MSG_ERROR, 321 "AES-128 EAX mode encryption returned invalid cipher text"); 322 return 1; 323 } 324 if (os_memcmp(tag, cipher + sizeof(data), AES_BLOCK_SIZE) != 0) { 325 wpa_printf(MSG_ERROR, 326 "AES-128 EAX mode encryption returned invalid tag"); 327 return 1; 328 } 329 330 if (aes_128_eax_decrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr), 331 data, sizeof(data), tag)) { 332 wpa_printf(MSG_ERROR, "AES-128 EAX mode decryption failed"); 333 return 1; 334 } 335 if (os_memcmp(data, msg, sizeof(data)) != 0) { 336 wpa_printf(MSG_ERROR, 337 "AES-128 EAX mode decryption returned invalid plain text"); 338 return 1; 339 } 340 341 wpa_printf(MSG_INFO, "AES-128 EAX mode test cases passed"); 342 #endif /* EAP_PSK */ 343 344 return 0; 345 } 346 347 348 static int test_cbc(void) 349 { 350 struct cbc_test_vector { 351 u8 key[16]; 352 u8 iv[16]; 353 u8 plain[32]; 354 u8 cipher[32]; 355 size_t len; 356 } vectors[] = { 357 { 358 { 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b, 359 0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 }, 360 { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30, 361 0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 }, 362 "Single block msg", 363 { 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8, 364 0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a }, 365 16 366 }, 367 { 368 { 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0, 369 0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a }, 370 { 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28, 371 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 }, 372 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 373 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 374 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 375 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, 376 { 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a, 377 0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a, 378 0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9, 379 0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 }, 380 32 381 } 382 }; 383 int ret = 0; 384 u8 *buf; 385 unsigned int i; 386 387 for (i = 0; i < ARRAY_SIZE(vectors); i++) { 388 struct cbc_test_vector *tv = &vectors[i]; 389 390 buf = os_malloc(tv->len); 391 if (buf == NULL) { 392 ret++; 393 break; 394 } 395 396 os_memcpy(buf, tv->plain, tv->len); 397 if (aes_128_cbc_encrypt(tv->key, tv->iv, buf, tv->len) || 398 os_memcmp(buf, tv->cipher, tv->len) != 0) { 399 wpa_printf(MSG_ERROR, "AES-CBC encrypt %d failed", i); 400 ret++; 401 } 402 403 os_memcpy(buf, tv->cipher, tv->len); 404 if (aes_128_cbc_decrypt(tv->key, tv->iv, buf, tv->len) || 405 os_memcmp(buf, tv->plain, tv->len) != 0) { 406 wpa_printf(MSG_ERROR, "AES-CBC decrypt %d failed", i); 407 ret++; 408 } 409 410 os_free(buf); 411 } 412 413 return ret; 414 } 415 416 417 static int test_ecb(void) 418 { 419 #ifdef EAP_PSK 420 struct ecb_test_vector { 421 char *key; 422 char *plaintext; 423 char *ciphertext; 424 } vectors[] = { 425 /* CAVS 11.1 - ECBGFSbox128.rsp */ 426 { 427 "00000000000000000000000000000000", 428 "f34481ec3cc627bacd5dc3fb08f273e6", 429 "0336763e966d92595a567cc9ce537f5e" 430 }, 431 { 432 "00000000000000000000000000000000", 433 "9798c4640bad75c7c3227db910174e72", 434 "a9a1631bf4996954ebc093957b234589" 435 }, 436 { 437 "00000000000000000000000000000000", 438 "96ab5c2ff612d9dfaae8c31f30c42168", 439 "ff4f8391a6a40ca5b25d23bedd44a597" 440 }, 441 { 442 "00000000000000000000000000000000", 443 "6a118a874519e64e9963798a503f1d35", 444 "dc43be40be0e53712f7e2bf5ca707209" 445 }, 446 { 447 "00000000000000000000000000000000", 448 "cb9fceec81286ca3e989bd979b0cb284", 449 "92beedab1895a94faa69b632e5cc47ce" 450 }, 451 { 452 "00000000000000000000000000000000", 453 "b26aeb1874e47ca8358ff22378f09144", 454 "459264f4798f6a78bacb89c15ed3d601" 455 }, 456 { 457 "00000000000000000000000000000000", 458 "58c8e00b2631686d54eab84b91f0aca1", 459 "08a4e2efec8a8e3312ca7460b9040bbf" 460 }, 461 /* CAVS 11.1 - ECBKeySbox128.rsp */ 462 { 463 "10a58869d74be5a374cf867cfb473859", 464 "00000000000000000000000000000000", 465 "6d251e6944b051e04eaa6fb4dbf78465" 466 }, 467 { 468 "caea65cdbb75e9169ecd22ebe6e54675", 469 "00000000000000000000000000000000", 470 "6e29201190152df4ee058139def610bb", 471 } 472 }; 473 int ret = 0; 474 unsigned int i; 475 u8 key[16], plain[16], cipher[16], out[16]; 476 477 for (i = 0; i < ARRAY_SIZE(vectors); i++) { 478 struct ecb_test_vector *tv = &vectors[i]; 479 480 if (hexstr2bin(tv->key, key, sizeof(key)) || 481 hexstr2bin(tv->plaintext, plain, sizeof(plain)) || 482 hexstr2bin(tv->ciphertext, cipher, sizeof(cipher))) { 483 wpa_printf(MSG_ERROR, "Invalid AES-ECB test vector %u", 484 i); 485 ret++; 486 continue; 487 } 488 489 if (aes_128_encrypt_block(key, plain, out) < 0 || 490 os_memcmp(out, cipher, 16) != 0) { 491 wpa_printf(MSG_ERROR, "AES-ECB encrypt %u failed", i); 492 ret++; 493 } 494 } 495 496 if (!ret) 497 wpa_printf(MSG_INFO, "AES ECB mode test cases passed"); 498 499 return ret; 500 #endif /* EAP_PSK */ 501 502 return 0; 503 } 504 505 506 static int test_key_wrap(void) 507 { 508 int ret = 0; 509 510 /* RFC 3394 - Test vector 4.1 */ 511 u8 kek41[] = { 512 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 513 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f 514 }; 515 u8 plain41[] = { 516 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 517 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff 518 }; 519 u8 crypt41[] = { 520 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47, 521 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82, 522 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5 523 }; 524 #ifndef CONFIG_BORINGSSL 525 /* RFC 3394 - Test vector 4.2 */ 526 u8 kek42[] = { 527 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 528 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 529 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 530 }; 531 u8 plain42[] = { 532 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 533 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff 534 }; 535 u8 crypt42[] = { 536 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35, 537 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2, 538 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D 539 }; 540 #endif /* CONFIG_BORINGSSL */ 541 /* RFC 3394 - Test vector 4.3 */ 542 u8 kek43[] = { 543 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 544 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 545 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 546 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F 547 }; 548 u8 plain43[] = { 549 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 550 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff 551 }; 552 u8 crypt43[] = { 553 0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2, 554 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A, 555 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7, 556 }; 557 #ifndef CONFIG_BORINGSSL 558 /* RFC 3394 - Test vector 4.4 */ 559 u8 kek44[] = { 560 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 561 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 562 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 563 }; 564 u8 plain44[] = { 565 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 566 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 567 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 568 }; 569 u8 crypt44[] = { 570 0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32, 571 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC, 572 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93, 573 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2 574 }; 575 #endif /* CONFIG_BORINGSSL */ 576 /* RFC 3394 - Test vector 4.5 */ 577 u8 kek45[] = { 578 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 579 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 580 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 581 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F 582 }; 583 u8 plain45[] = { 584 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 585 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 586 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 587 }; 588 u8 crypt45[] = { 589 0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F, 590 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4, 591 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95, 592 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1, 593 }; 594 /* RFC 3394 - Test vector 4.6 */ 595 u8 kek46[] = { 596 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 597 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 598 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 599 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F 600 }; 601 u8 plain46[] = { 602 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 603 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 604 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 605 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F 606 }; 607 u8 crypt46[] = { 608 0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4, 609 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26, 610 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26, 611 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B, 612 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21 613 }; 614 u8 result[40]; 615 616 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.1"); 617 if (aes_wrap(kek41, sizeof(kek41), sizeof(plain41) / 8, plain41, 618 result)) { 619 wpa_printf(MSG_ERROR, "AES-WRAP-128 reported failure"); 620 ret++; 621 } 622 if (os_memcmp(result, crypt41, sizeof(crypt41)) != 0) { 623 wpa_printf(MSG_ERROR, "AES-WRAP-128 failed"); 624 ret++; 625 } 626 if (aes_unwrap(kek41, sizeof(kek41), sizeof(plain41) / 8, crypt41, 627 result)) { 628 wpa_printf(MSG_ERROR, "AES-UNWRAP-128 reported failure"); 629 ret++; 630 } 631 if (os_memcmp(result, plain41, sizeof(plain41)) != 0) { 632 wpa_printf(MSG_ERROR, "AES-UNWRAP-128 failed"); 633 ret++; 634 } 635 636 #ifndef CONFIG_BORINGSSL 637 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.2"); 638 if (aes_wrap(kek42, sizeof(kek42), sizeof(plain42) / 8, plain42, 639 result)) { 640 wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure"); 641 ret++; 642 } 643 if (os_memcmp(result, crypt42, sizeof(crypt42)) != 0) { 644 wpa_printf(MSG_ERROR, "AES-WRAP-192 failed"); 645 ret++; 646 } 647 if (aes_unwrap(kek42, sizeof(kek42), sizeof(plain42) / 8, crypt42, 648 result)) { 649 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure"); 650 ret++; 651 } 652 if (os_memcmp(result, plain42, sizeof(plain42)) != 0) { 653 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed"); 654 ret++; 655 } 656 #endif /* CONFIG_BORINGSSL */ 657 658 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.3"); 659 if (aes_wrap(kek43, sizeof(kek43), sizeof(plain43) / 8, plain43, 660 result)) { 661 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure"); 662 ret++; 663 } 664 if (os_memcmp(result, crypt43, sizeof(crypt43)) != 0) { 665 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed"); 666 ret++; 667 } 668 if (aes_unwrap(kek43, sizeof(kek43), sizeof(plain43) / 8, crypt43, 669 result)) { 670 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure"); 671 ret++; 672 } 673 if (os_memcmp(result, plain43, sizeof(plain43)) != 0) { 674 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed"); 675 ret++; 676 } 677 678 #ifndef CONFIG_BORINGSSL 679 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.4"); 680 if (aes_wrap(kek44, sizeof(kek44), sizeof(plain44) / 8, plain44, 681 result)) { 682 wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure"); 683 ret++; 684 } 685 if (os_memcmp(result, crypt44, sizeof(crypt44)) != 0) { 686 wpa_printf(MSG_ERROR, "AES-WRAP-192 failed"); 687 ret++; 688 } 689 if (aes_unwrap(kek44, sizeof(kek44), sizeof(plain44) / 8, crypt44, 690 result)) { 691 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure"); 692 ret++; 693 } 694 if (os_memcmp(result, plain44, sizeof(plain44)) != 0) { 695 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed"); 696 ret++; 697 } 698 #endif /* CONFIG_BORINGSSL */ 699 700 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.5"); 701 if (aes_wrap(kek45, sizeof(kek45), sizeof(plain45) / 8, plain45, 702 result)) { 703 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure"); 704 ret++; 705 } 706 if (os_memcmp(result, crypt45, sizeof(crypt45)) != 0) { 707 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed"); 708 ret++; 709 } 710 if (aes_unwrap(kek45, sizeof(kek45), sizeof(plain45) / 8, crypt45, 711 result)) { 712 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure"); 713 ret++; 714 } 715 if (os_memcmp(result, plain45, sizeof(plain45)) != 0) { 716 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed"); 717 ret++; 718 } 719 720 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.6"); 721 if (aes_wrap(kek46, sizeof(kek46), sizeof(plain46) / 8, plain46, 722 result)) { 723 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure"); 724 ret++; 725 } 726 if (os_memcmp(result, crypt46, sizeof(crypt46)) != 0) { 727 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed"); 728 ret++; 729 } 730 if (aes_unwrap(kek46, sizeof(kek46), sizeof(plain46) / 8, crypt46, 731 result)) { 732 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure"); 733 ret++; 734 } 735 if (os_memcmp(result, plain46, sizeof(plain46)) != 0) { 736 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed"); 737 ret++; 738 } 739 740 if (!ret) 741 wpa_printf(MSG_INFO, "AES key wrap/unwrap test cases passed"); 742 743 return ret; 744 } 745 746 747 static int test_md5(void) 748 { 749 #ifndef CONFIG_FIPS 750 struct { 751 char *data; 752 char *hash; 753 } tests[] = { 754 { 755 "", 756 "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04" 757 "\xe9\x80\x09\x98\xec\xf8\x42\x7e" 758 }, 759 { 760 "a", 761 "\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8" 762 "\x31\xc3\x99\xe2\x69\x77\x26\x61" 763 }, 764 { 765 "abc", 766 "\x90\x01\x50\x98\x3c\xd2\x4f\xb0" 767 "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72" 768 }, 769 { 770 "message digest", 771 "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d" 772 "\x52\x5a\x2f\x31\xaa\xf1\x61\xd0" 773 }, 774 { 775 "abcdefghijklmnopqrstuvwxyz", 776 "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00" 777 "\x7d\xfb\x49\x6c\xca\x67\xe1\x3b" 778 }, 779 { 780 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" 781 "0123456789", 782 "\xd1\x74\xab\x98\xd2\x77\xd9\xf5" 783 "\xa5\x61\x1c\x2c\x9f\x41\x9d\x9f" 784 }, 785 { 786 "12345678901234567890123456789012345678901234567890" 787 "123456789012345678901234567890", 788 "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55" 789 "\xac\x49\xda\x2e\x21\x07\xb6\x7a" 790 } 791 }; 792 unsigned int i; 793 u8 hash[16]; 794 const u8 *addr[2]; 795 size_t len[2]; 796 int errors = 0; 797 798 for (i = 0; i < ARRAY_SIZE(tests); i++) { 799 wpa_printf(MSG_INFO, "MD5 test case %d", i); 800 801 addr[0] = (u8 *) tests[i].data; 802 len[0] = strlen(tests[i].data); 803 if (md5_vector(1, addr, len, hash) < 0 || 804 os_memcmp(hash, tests[i].hash, 16) != 0) { 805 wpa_printf(MSG_INFO, " FAIL"); 806 errors++; 807 } else 808 wpa_printf(MSG_INFO, " OK"); 809 810 if (len[0]) { 811 addr[0] = (u8 *) tests[i].data; 812 len[0] = strlen(tests[i].data); 813 addr[1] = (u8 *) tests[i].data + 1; 814 len[1] = strlen(tests[i].data) - 1; 815 if (md5_vector(1, addr, len, hash) < 0 || 816 os_memcmp(hash, tests[i].hash, 16) != 0) { 817 wpa_printf(MSG_INFO, " FAIL"); 818 errors++; 819 } else 820 wpa_printf(MSG_INFO, " OK"); 821 } 822 } 823 824 if (!errors) 825 wpa_printf(MSG_INFO, "MD5 test cases passed"); 826 827 return errors; 828 #else /* CONFIG_FIPS */ 829 wpa_printf(MSG_INFO, "MD5 test cases skipped due to CONFIG_FIPS"); 830 return 0; 831 #endif /* CONFIG_FIPS */ 832 } 833 834 835 static int test_eap_fast(void) 836 { 837 #ifdef EAP_FAST 838 /* RFC 4851, Appendix B.1 */ 839 const u8 pac_key[] = { 840 0x0B, 0x97, 0x39, 0x0F, 0x37, 0x51, 0x78, 0x09, 841 0x81, 0x1E, 0xFD, 0x9C, 0x6E, 0x65, 0x94, 0x2B, 842 0x63, 0x2C, 0xE9, 0x53, 0x89, 0x38, 0x08, 0xBA, 843 0x36, 0x0B, 0x03, 0x7C, 0xD1, 0x85, 0xE4, 0x14 844 }; 845 const u8 seed[] = { 846 0x3F, 0xFB, 0x11, 0xC4, 0x6C, 0xBF, 0xA5, 0x7A, 847 0x54, 0x40, 0xDA, 0xE8, 0x22, 0xD3, 0x11, 0xD3, 848 0xF7, 0x6D, 0xE4, 0x1D, 0xD9, 0x33, 0xE5, 0x93, 849 0x70, 0x97, 0xEB, 0xA9, 0xB3, 0x66, 0xF4, 0x2A, 850 0x00, 0x00, 0x00, 0x02, 0x6A, 0x66, 0x43, 0x2A, 851 0x8D, 0x14, 0x43, 0x2C, 0xEC, 0x58, 0x2D, 0x2F, 852 0xC7, 0x9C, 0x33, 0x64, 0xBA, 0x04, 0xAD, 0x3A, 853 0x52, 0x54, 0xD6, 0xA5, 0x79, 0xAD, 0x1E, 0x00 854 }; 855 const u8 master_secret[] = { 856 0x4A, 0x1A, 0x51, 0x2C, 0x01, 0x60, 0xBC, 0x02, 857 0x3C, 0xCF, 0xBC, 0x83, 0x3F, 0x03, 0xBC, 0x64, 858 0x88, 0xC1, 0x31, 0x2F, 0x0B, 0xA9, 0xA2, 0x77, 859 0x16, 0xA8, 0xD8, 0xE8, 0xBD, 0xC9, 0xD2, 0x29, 860 0x38, 0x4B, 0x7A, 0x85, 0xBE, 0x16, 0x4D, 0x27, 861 0x33, 0xD5, 0x24, 0x79, 0x87, 0xB1, 0xC5, 0xA2 862 }; 863 #ifndef CONFIG_FIPS 864 const u8 key_block[] = { 865 0x59, 0x59, 0xBE, 0x8E, 0x41, 0x3A, 0x77, 0x74, 866 0x8B, 0xB2, 0xE5, 0xD3, 0x60, 0xAC, 0x4D, 0x35, 867 0xDF, 0xFB, 0xC8, 0x1E, 0x9C, 0x24, 0x9C, 0x8B, 868 0x0E, 0xC3, 0x1D, 0x72, 0xC8, 0x84, 0x9D, 0x57, 869 0x48, 0x51, 0x2E, 0x45, 0x97, 0x6C, 0x88, 0x70, 870 0xBE, 0x5F, 0x01, 0xD3, 0x64, 0xE7, 0x4C, 0xBB, 871 0x11, 0x24, 0xE3, 0x49, 0xE2, 0x3B, 0xCD, 0xEF, 872 0x7A, 0xB3, 0x05, 0x39, 0x5D, 0x64, 0x8A, 0x44, 873 0x11, 0xB6, 0x69, 0x88, 0x34, 0x2E, 0x8E, 0x29, 874 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05, 875 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96, 876 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84, 877 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98, 878 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71 879 }; 880 #endif /* CONFIG_FIPS */ 881 const u8 sks[] = { 882 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05, 883 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96, 884 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84, 885 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98, 886 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71 887 }; 888 const u8 isk[] = { 889 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 890 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 891 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 892 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 893 }; 894 const u8 imck[] = { 895 0x16, 0x15, 0x3C, 0x3F, 0x21, 0x55, 0xEF, 0xD9, 896 0x7F, 0x34, 0xAE, 0xC8, 0x1A, 0x4E, 0x66, 0x80, 897 0x4C, 0xC3, 0x76, 0xF2, 0x8A, 0xA9, 0x6F, 0x96, 898 0xC2, 0x54, 0x5F, 0x8C, 0xAB, 0x65, 0x02, 0xE1, 899 0x18, 0x40, 0x7B, 0x56, 0xBE, 0xEA, 0xA7, 0xC5, 900 0x76, 0x5D, 0x8F, 0x0B, 0xC5, 0x07, 0xC6, 0xB9, 901 0x04, 0xD0, 0x69, 0x56, 0x72, 0x8B, 0x6B, 0xB8, 902 0x15, 0xEC, 0x57, 0x7B 903 }; 904 const u8 msk[] = { 905 0x4D, 0x83, 0xA9, 0xBE, 0x6F, 0x8A, 0x74, 0xED, 906 0x6A, 0x02, 0x66, 0x0A, 0x63, 0x4D, 0x2C, 0x33, 907 0xC2, 0xDA, 0x60, 0x15, 0xC6, 0x37, 0x04, 0x51, 908 0x90, 0x38, 0x63, 0xDA, 0x54, 0x3E, 0x14, 0xB9, 909 0x27, 0x99, 0x18, 0x1E, 0x07, 0xBF, 0x0F, 0x5A, 910 0x5E, 0x3C, 0x32, 0x93, 0x80, 0x8C, 0x6C, 0x49, 911 0x67, 0xED, 0x24, 0xFE, 0x45, 0x40, 0xA0, 0x59, 912 0x5E, 0x37, 0xC2, 0xE9, 0xD0, 0x5D, 0x0A, 0xE3 913 }; 914 const u8 emsk[] = { 915 0x3A, 0xD4, 0xAB, 0xDB, 0x76, 0xB2, 0x7F, 0x3B, 916 0xEA, 0x32, 0x2C, 0x2B, 0x74, 0xF4, 0x28, 0x55, 917 0xEF, 0x2D, 0xBA, 0x78, 0xC9, 0x57, 0x2F, 0x0D, 918 0x06, 0xCD, 0x51, 0x7C, 0x20, 0x93, 0x98, 0xA9, 919 0x76, 0xEA, 0x70, 0x21, 0xD7, 0x0E, 0x25, 0x54, 920 0x97, 0xED, 0xB2, 0x8A, 0xF6, 0xED, 0xFD, 0x0A, 921 0x2A, 0xE7, 0xA1, 0x58, 0x90, 0x10, 0x50, 0x44, 922 0xB3, 0x82, 0x85, 0xDB, 0x06, 0x14, 0xD2, 0xF9 923 }; 924 /* RFC 4851, Appendix B.2 */ 925 u8 tlv[] = { 926 0x80, 0x0C, 0x00, 0x38, 0x00, 0x01, 0x01, 0x00, 927 0xD8, 0x6A, 0x8C, 0x68, 0x3C, 0x32, 0x31, 0xA8, 928 0x56, 0x63, 0xB6, 0x40, 0x21, 0xFE, 0x21, 0x14, 929 0x4E, 0xE7, 0x54, 0x20, 0x79, 0x2D, 0x42, 0x62, 930 0xC9, 0xBF, 0x53, 0x7F, 0x54, 0xFD, 0xAC, 0x58, 931 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF, 932 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC, 933 0x05, 0xC5, 0x5B, 0xB7 934 }; 935 const u8 compound_mac[] = { 936 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF, 937 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC, 938 0x05, 0xC5, 0x5B, 0xB7 939 }; 940 u8 buf[512]; 941 const u8 *simck, *cmk; 942 int errors = 0; 943 944 wpa_printf(MSG_INFO, "EAP-FAST test cases"); 945 946 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / master_secret"); 947 if (sha1_t_prf(pac_key, sizeof(pac_key), 948 "PAC to master secret label hash", 949 seed, sizeof(seed), buf, sizeof(master_secret)) < 0 || 950 os_memcmp(master_secret, buf, sizeof(master_secret)) != 0) { 951 wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 952 errors++; 953 } 954 955 #ifndef CONFIG_FIPS 956 wpa_printf(MSG_INFO, "- PRF (TLS, SHA1/MD5) test case / key_block"); 957 if (tls_prf_sha1_md5(master_secret, sizeof(master_secret), 958 "key expansion", seed, sizeof(seed), 959 buf, sizeof(key_block)) || 960 os_memcmp(key_block, buf, sizeof(key_block)) != 0) { 961 wpa_printf(MSG_INFO, "PRF test - FAILED!"); 962 errors++; 963 } 964 #endif /* CONFIG_FIPS */ 965 966 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / IMCK"); 967 if (sha1_t_prf(sks, sizeof(sks), "Inner Methods Compound Keys", 968 isk, sizeof(isk), buf, sizeof(imck)) < 0 || 969 os_memcmp(imck, buf, sizeof(imck)) != 0) { 970 wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 971 errors++; 972 } 973 974 simck = imck; 975 cmk = imck + 40; 976 977 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / MSK"); 978 if (sha1_t_prf(simck, 40, "Session Key Generating Function", 979 (u8 *) "", 0, buf, sizeof(msk)) < 0 || 980 os_memcmp(msk, buf, sizeof(msk)) != 0) { 981 wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 982 errors++; 983 } 984 985 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / EMSK"); 986 if (sha1_t_prf(simck, 40, "Extended Session Key Generating Function", 987 (u8 *) "", 0, buf, sizeof(msk)) < 0 || 988 os_memcmp(emsk, buf, sizeof(emsk)) != 0) { 989 wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 990 errors++; 991 } 992 993 wpa_printf(MSG_INFO, "- Compound MAC test case"); 994 os_memset(tlv + sizeof(tlv) - 20, 0, 20); 995 if (hmac_sha1(cmk, 20, tlv, sizeof(tlv), tlv + sizeof(tlv) - 20) < 0 || 996 os_memcmp(tlv + sizeof(tlv) - 20, compound_mac, 997 sizeof(compound_mac)) != 0) { 998 wpa_printf(MSG_INFO, "Compound MAC test - FAILED!"); 999 errors++; 1000 } 1001 1002 return errors; 1003 #else /* EAP_FAST */ 1004 return 0; 1005 #endif /* EAP_FAST */ 1006 } 1007 1008 1009 static const u8 key0[] = 1010 { 1011 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1012 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1013 0x0b, 0x0b, 0x0b, 0x0b 1014 }; 1015 static const u8 data0[] = "Hi There"; 1016 static const u8 prf0[] = 1017 { 1018 0xbc, 0xd4, 0xc6, 0x50, 0xb3, 0x0b, 0x96, 0x84, 1019 0x95, 0x18, 0x29, 0xe0, 0xd7, 0x5f, 0x9d, 0x54, 1020 0xb8, 0x62, 0x17, 0x5e, 0xd9, 0xf0, 0x06, 0x06, 1021 0xe1, 0x7d, 0x8d, 0xa3, 0x54, 0x02, 0xff, 0xee, 1022 0x75, 0xdf, 0x78, 0xc3, 0xd3, 0x1e, 0x0f, 0x88, 1023 0x9f, 0x01, 0x21, 0x20, 0xc0, 0x86, 0x2b, 0xeb, 1024 0x67, 0x75, 0x3e, 0x74, 0x39, 0xae, 0x24, 0x2e, 1025 0xdb, 0x83, 0x73, 0x69, 0x83, 0x56, 0xcf, 0x5a 1026 }; 1027 1028 static const u8 key1[] = "Jefe"; 1029 static const u8 data1[] = "what do ya want for nothing?"; 1030 static const u8 prf1[] = 1031 { 1032 0x51, 0xf4, 0xde, 0x5b, 0x33, 0xf2, 0x49, 0xad, 1033 0xf8, 0x1a, 0xeb, 0x71, 0x3a, 0x3c, 0x20, 0xf4, 1034 0xfe, 0x63, 0x14, 0x46, 0xfa, 0xbd, 0xfa, 0x58, 1035 0x24, 0x47, 0x59, 0xae, 0x58, 0xef, 0x90, 0x09, 1036 0xa9, 0x9a, 0xbf, 0x4e, 0xac, 0x2c, 0xa5, 0xfa, 1037 0x87, 0xe6, 0x92, 0xc4, 0x40, 0xeb, 0x40, 0x02, 1038 0x3e, 0x7b, 0xab, 0xb2, 0x06, 0xd6, 0x1d, 0xe7, 1039 0xb9, 0x2f, 0x41, 0x52, 0x90, 0x92, 0xb8, 0xfc 1040 }; 1041 1042 1043 static const u8 key2[] = 1044 { 1045 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1046 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1047 0xaa, 0xaa, 0xaa, 0xaa 1048 }; 1049 static const u8 data2[] = 1050 { 1051 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1052 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1053 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1054 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1055 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1056 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1057 0xdd, 0xdd 1058 }; 1059 static const u8 prf2[] = 1060 { 1061 0xe1, 0xac, 0x54, 0x6e, 0xc4, 0xcb, 0x63, 0x6f, 1062 0x99, 0x76, 0x48, 0x7b, 0xe5, 0xc8, 0x6b, 0xe1, 1063 0x7a, 0x02, 0x52, 0xca, 0x5d, 0x8d, 0x8d, 0xf1, 1064 0x2c, 0xfb, 0x04, 0x73, 0x52, 0x52, 0x49, 0xce, 1065 0x9d, 0xd8, 0xd1, 0x77, 0xea, 0xd7, 0x10, 0xbc, 1066 0x9b, 0x59, 0x05, 0x47, 0x23, 0x91, 0x07, 0xae, 1067 0xf7, 0xb4, 0xab, 0xd4, 0x3d, 0x87, 0xf0, 0xa6, 1068 0x8f, 0x1c, 0xbd, 0x9e, 0x2b, 0x6f, 0x76, 0x07 1069 }; 1070 1071 1072 struct passphrase_test { 1073 char *passphrase; 1074 char *ssid; 1075 char psk[32]; 1076 }; 1077 1078 static const struct passphrase_test passphrase_tests[] = 1079 { 1080 { 1081 "password", 1082 "IEEE", 1083 { 1084 0xf4, 0x2c, 0x6f, 0xc5, 0x2d, 0xf0, 0xeb, 0xef, 1085 0x9e, 0xbb, 0x4b, 0x90, 0xb3, 0x8a, 0x5f, 0x90, 1086 0x2e, 0x83, 0xfe, 0x1b, 0x13, 0x5a, 0x70, 0xe2, 1087 0x3a, 0xed, 0x76, 0x2e, 0x97, 0x10, 0xa1, 0x2e 1088 } 1089 }, 1090 { 1091 "ThisIsAPassword", 1092 "ThisIsASSID", 1093 { 1094 0x0d, 0xc0, 0xd6, 0xeb, 0x90, 0x55, 0x5e, 0xd6, 1095 0x41, 0x97, 0x56, 0xb9, 0xa1, 0x5e, 0xc3, 0xe3, 1096 0x20, 0x9b, 0x63, 0xdf, 0x70, 0x7d, 0xd5, 0x08, 1097 0xd1, 0x45, 0x81, 0xf8, 0x98, 0x27, 0x21, 0xaf 1098 } 1099 }, 1100 { 1101 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 1102 "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ", 1103 { 1104 0xbe, 0xcb, 0x93, 0x86, 0x6b, 0xb8, 0xc3, 0x83, 1105 0x2c, 0xb7, 0x77, 0xc2, 0xf5, 0x59, 0x80, 0x7c, 1106 0x8c, 0x59, 0xaf, 0xcb, 0x6e, 0xae, 0x73, 0x48, 1107 0x85, 0x00, 0x13, 0x00, 0xa9, 0x81, 0xcc, 0x62 1108 } 1109 }, 1110 }; 1111 1112 #define NUM_PASSPHRASE_TESTS ARRAY_SIZE(passphrase_tests) 1113 1114 1115 struct rfc6070_test { 1116 char *p; 1117 char *s; 1118 int c; 1119 char dk[32]; 1120 size_t dk_len; 1121 }; 1122 1123 static const struct rfc6070_test rfc6070_tests[] = 1124 { 1125 { 1126 "password", 1127 "salt", 1128 1, 1129 { 1130 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71, 1131 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06, 1132 0x2f, 0xe0, 0x37, 0xa6 1133 }, 1134 20 1135 }, 1136 { 1137 "password", 1138 "salt", 1139 2, 1140 { 1141 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c, 1142 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0, 1143 0xd8, 0xde, 0x89, 0x57 1144 }, 1145 20 1146 }, 1147 { 1148 "password", 1149 "salt", 1150 4096, 1151 { 1152 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a, 1153 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0, 1154 0x65, 0xa4, 0x29, 0xc1 1155 }, 1156 20 1157 }, 1158 #if 0 /* This takes quite long to derive.. */ 1159 { 1160 "password", 1161 "salt", 1162 16777216, 1163 { 1164 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4, 1165 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c, 1166 0x26, 0x34, 0xe9, 0x84 1167 }, 1168 20 1169 }, 1170 #endif 1171 { 1172 "passwordPASSWORDpassword", 1173 "saltSALTsaltSALTsaltSALTsaltSALTsalt", 1174 4096, 1175 { 1176 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b, 1177 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a, 1178 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70, 1179 0x38 1180 }, 1181 25 1182 }, 1183 #if 0 /* \0 not currently supported in passphrase parameters.. */ 1184 { 1185 "pass\0word", 1186 "sa\0lt", 1187 4096, 1188 { 1189 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d, 1190 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3 1191 }, 1192 16 1193 }, 1194 #endif 1195 }; 1196 1197 #define NUM_RFC6070_TESTS ARRAY_SIZE(rfc6070_tests) 1198 1199 1200 static int test_sha1(void) 1201 { 1202 u8 res[512]; 1203 int ret = 0; 1204 unsigned int i; 1205 1206 wpa_printf(MSG_INFO, "PRF-SHA1 test cases:"); 1207 1208 if (sha1_prf(key0, sizeof(key0), "prefix", data0, sizeof(data0) - 1, 1209 res, sizeof(prf0)) == 0 && 1210 os_memcmp(res, prf0, sizeof(prf0)) == 0) 1211 wpa_printf(MSG_INFO, "Test case 0 - OK"); 1212 else { 1213 wpa_printf(MSG_INFO, "Test case 0 - FAILED!"); 1214 ret++; 1215 } 1216 1217 if (sha1_prf(key1, sizeof(key1) - 1, "prefix", data1, sizeof(data1) - 1, 1218 res, sizeof(prf1)) == 0 && 1219 os_memcmp(res, prf1, sizeof(prf1)) == 0) 1220 wpa_printf(MSG_INFO, "Test case 1 - OK"); 1221 else { 1222 wpa_printf(MSG_INFO, "Test case 1 - FAILED!"); 1223 ret++; 1224 } 1225 1226 if (sha1_prf(key2, sizeof(key2), "prefix", data2, sizeof(data2), 1227 res, sizeof(prf2)) == 0 && 1228 os_memcmp(res, prf2, sizeof(prf2)) == 0) 1229 wpa_printf(MSG_INFO, "Test case 2 - OK"); 1230 else { 1231 wpa_printf(MSG_INFO, "Test case 2 - FAILED!"); 1232 ret++; 1233 } 1234 1235 ret += test_eap_fast(); 1236 1237 wpa_printf(MSG_INFO, "PBKDF2-SHA1 Passphrase test cases:"); 1238 for (i = 0; i < NUM_PASSPHRASE_TESTS; i++) { 1239 u8 psk[32]; 1240 const struct passphrase_test *test = &passphrase_tests[i]; 1241 1242 if (pbkdf2_sha1(test->passphrase, 1243 (const u8 *) test->ssid, strlen(test->ssid), 1244 4096, psk, 32) == 0 && 1245 os_memcmp(psk, test->psk, 32) == 0) 1246 wpa_printf(MSG_INFO, "Test case %d - OK", i); 1247 else { 1248 wpa_printf(MSG_INFO, "Test case %d - FAILED!", i); 1249 ret++; 1250 } 1251 } 1252 1253 wpa_printf(MSG_INFO, "PBKDF2-SHA1 test cases (RFC 6070):"); 1254 for (i = 0; i < NUM_RFC6070_TESTS; i++) { 1255 u8 dk[25]; 1256 const struct rfc6070_test *test = &rfc6070_tests[i]; 1257 1258 if (pbkdf2_sha1(test->p, (const u8 *) test->s, strlen(test->s), 1259 test->c, dk, test->dk_len) == 0 && 1260 os_memcmp(dk, test->dk, test->dk_len) == 0) 1261 wpa_printf(MSG_INFO, "Test case %d - OK", i); 1262 else { 1263 wpa_printf(MSG_INFO, "Test case %d - FAILED!", i); 1264 ret++; 1265 } 1266 } 1267 1268 if (!ret) 1269 wpa_printf(MSG_INFO, "SHA1 test cases passed"); 1270 return ret; 1271 } 1272 1273 1274 static const struct { 1275 char *data; 1276 u8 hash[32]; 1277 } tests[] = { 1278 { 1279 "abc", 1280 { 1281 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 1282 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, 1283 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 1284 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad 1285 } 1286 }, 1287 { 1288 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1289 { 1290 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, 1291 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, 1292 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, 1293 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1 1294 } 1295 } 1296 }; 1297 1298 static const struct hmac_test { 1299 u8 key[150]; 1300 size_t key_len; 1301 u8 data[160]; 1302 size_t data_len; 1303 u8 hash[32]; /* HMAC-SHA-256 */ 1304 u8 hash384[48]; /* HMAC-SHA-384 */ 1305 } hmac_tests[] = { 1306 /* draft-ietf-ipsec-ciph-sha-256-01.txt; RFC 4231 */ 1307 { 1308 { 1309 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1310 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1311 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1312 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 1313 }, 1314 32, 1315 "abc", 3, 1316 { 1317 0xa2, 0x1b, 0x1f, 0x5d, 0x4c, 0xf4, 0xf7, 0x3a, 1318 0x4d, 0xd9, 0x39, 0x75, 0x0f, 0x7a, 0x06, 0x6a, 1319 0x7f, 0x98, 0xcc, 0x13, 0x1c, 0xb1, 0x6a, 0x66, 1320 0x92, 0x75, 0x90, 0x21, 0xcf, 0xab, 0x81, 0x81 1321 }, 1322 { } 1323 }, 1324 { 1325 { 1326 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1327 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1328 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1329 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 1330 }, 1331 32, 1332 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1333 56, 1334 { 1335 0x10, 0x4f, 0xdc, 0x12, 0x57, 0x32, 0x8f, 0x08, 1336 0x18, 0x4b, 0xa7, 0x31, 0x31, 0xc5, 0x3c, 0xae, 1337 0xe6, 0x98, 0xe3, 0x61, 0x19, 0x42, 0x11, 0x49, 1338 0xea, 0x8c, 0x71, 0x24, 0x56, 0x69, 0x7d, 0x30 1339 }, 1340 { } 1341 }, 1342 { 1343 { 1344 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1345 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1346 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1347 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 1348 }, 1349 32, 1350 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" 1351 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1352 112, 1353 { 1354 0x47, 0x03, 0x05, 0xfc, 0x7e, 0x40, 0xfe, 0x34, 1355 0xd3, 0xee, 0xb3, 0xe7, 0x73, 0xd9, 0x5a, 0xab, 1356 0x73, 0xac, 0xf0, 0xfd, 0x06, 0x04, 0x47, 0xa5, 1357 0xeb, 0x45, 0x95, 0xbf, 0x33, 0xa9, 0xd1, 0xa3 1358 }, 1359 { } 1360 }, 1361 { 1362 { 1363 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1364 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1365 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1366 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b 1367 }, 1368 32, 1369 "Hi There", 1370 8, 1371 { 1372 0x19, 0x8a, 0x60, 0x7e, 0xb4, 0x4b, 0xfb, 0xc6, 1373 0x99, 0x03, 0xa0, 0xf1, 0xcf, 0x2b, 0xbd, 0xc5, 1374 0xba, 0x0a, 0xa3, 0xf3, 0xd9, 0xae, 0x3c, 0x1c, 1375 0x7a, 0x3b, 0x16, 0x96, 0xa0, 0xb6, 0x8c, 0xf7 1376 }, 1377 { } 1378 }, 1379 { /* RFC 4231 - Test Case 1 */ 1380 { 1381 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1382 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1383 0x0b, 0x0b, 0x0b, 0x0b 1384 }, 1385 20, 1386 "Hi There", 1387 8, 1388 { 1389 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 1390 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 1391 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 1392 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7 1393 }, 1394 { 1395 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 1396 0x6b, 0x08, 0x25, 0xf4, 0xab, 0x46, 0x90, 0x7f, 1397 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6, 1398 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, 1399 0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f, 1400 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6 1401 } 1402 }, 1403 { /* RFC 4231 - Test Case 2 */ 1404 "Jefe", 1405 4, 1406 "what do ya want for nothing?", 1407 28, 1408 { 1409 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 1410 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7, 1411 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83, 1412 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43 1413 }, 1414 { 1415 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31, 1416 0x61, 0x7f, 0x78, 0xd2, 0xb5, 0x8a, 0x6b, 0x1b, 1417 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47, 1418 0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e, 1419 0x8e, 0x22, 0x40, 0xca, 0x5e, 0x69, 0xe2, 0xc7, 1420 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49 1421 } 1422 }, 1423 { 1424 { 1425 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1426 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1427 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1428 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa 1429 }, 1430 32, 1431 { 1432 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1433 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1434 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1435 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1436 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1437 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1438 0xdd, 0xdd 1439 }, 1440 50, 1441 { 1442 0xcd, 0xcb, 0x12, 0x20, 0xd1, 0xec, 0xcc, 0xea, 1443 0x91, 0xe5, 0x3a, 0xba, 0x30, 0x92, 0xf9, 0x62, 1444 0xe5, 0x49, 0xfe, 0x6c, 0xe9, 0xed, 0x7f, 0xdc, 1445 0x43, 0x19, 0x1f, 0xbd, 0xe4, 0x5c, 0x30, 0xb0 1446 }, 1447 { } 1448 }, 1449 { /* RFC 4231 - Test Case 3 */ 1450 { 1451 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1452 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1453 0xaa, 0xaa, 0xaa, 0xaa 1454 }, 1455 20, 1456 { 1457 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1458 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1459 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1460 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1461 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1462 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1463 0xdd, 0xdd 1464 }, 1465 50, 1466 { 1467 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 1468 0x85, 0x4d, 0xb8, 0xeb, 0xd0, 0x91, 0x81, 0xa7, 1469 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8, 0xc1, 0x22, 1470 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe 1471 }, 1472 { 1473 0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a, 1474 0x0a, 0xa2, 0xac, 0xe0, 0x14, 0xc8, 0xa8, 0x6f, 1475 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb, 1476 0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b, 1477 0x2a, 0x5a, 0xb3, 0x9d, 0xc1, 0x38, 0x14, 0xb9, 1478 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27 1479 } 1480 }, 1481 { 1482 { 1483 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1484 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1485 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1486 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 1487 0x21, 0x22, 0x23, 0x24, 0x25 1488 }, 1489 37, 1490 { 1491 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1492 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1493 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1494 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1495 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1496 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1497 0xcd, 0xcd 1498 }, 1499 50, 1500 { 1501 0xd4, 0x63, 0x3c, 0x17, 0xf6, 0xfb, 0x8d, 0x74, 1502 0x4c, 0x66, 0xde, 0xe0, 0xf8, 0xf0, 0x74, 0x55, 1503 0x6e, 0xc4, 0xaf, 0x55, 0xef, 0x07, 0x99, 0x85, 1504 0x41, 0x46, 0x8e, 0xb4, 0x9b, 0xd2, 0xe9, 0x17 1505 }, 1506 { } 1507 }, 1508 { /* RFC 4231 - Test Case 4 */ 1509 { 1510 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1511 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1512 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1513 0x19, 1514 }, 1515 25, 1516 { 1517 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1518 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1519 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1520 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1521 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1522 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1523 0xcd, 0xcd 1524 }, 1525 50, 1526 { 1527 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 1528 0xa4, 0xcc, 0x81, 0x98, 0x99, 0xf2, 0x08, 0x3a, 1529 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78, 0xf8, 0x07, 1530 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b 1531 }, 1532 { 1533 0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85, 1534 0x19, 0x33, 0xab, 0x62, 0x90, 0xaf, 0x6c, 0xa7, 1535 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c, 1536 0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e, 1537 0x68, 0x01, 0xdd, 0x23, 0xc4, 0xa7, 0xd6, 0x79, 1538 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb 1539 } 1540 }, 1541 { 1542 { 1543 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 1544 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 1545 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 1546 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c 1547 }, 1548 32, 1549 "Test With Truncation", 1550 20, 1551 { 1552 0x75, 0x46, 0xaf, 0x01, 0x84, 0x1f, 0xc0, 0x9b, 1553 0x1a, 0xb9, 0xc3, 0x74, 0x9a, 0x5f, 0x1c, 0x17, 1554 0xd4, 0xf5, 0x89, 0x66, 0x8a, 0x58, 0x7b, 0x27, 1555 0x00, 0xa9, 0xc9, 0x7c, 0x11, 0x93, 0xcf, 0x42 1556 }, 1557 { } 1558 }, 1559 { 1560 { 1561 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1562 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1563 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1564 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1565 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1566 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1567 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1568 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1569 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1570 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa 1571 }, 1572 80, 1573 "Test Using Larger Than Block-Size Key - Hash Key First", 1574 54, 1575 { 1576 0x69, 0x53, 0x02, 0x5e, 0xd9, 0x6f, 0x0c, 0x09, 1577 0xf8, 0x0a, 0x96, 0xf7, 0x8e, 0x65, 0x38, 0xdb, 1578 0xe2, 0xe7, 0xb8, 0x20, 0xe3, 0xdd, 0x97, 0x0e, 1579 0x7d, 0xdd, 0x39, 0x09, 0x1b, 0x32, 0x35, 0x2f 1580 }, 1581 { } 1582 }, 1583 { /* RFC 4231 - Test Case 6 */ 1584 { 1585 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1586 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1587 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1588 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1589 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1590 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1591 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1592 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1593 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1594 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1595 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1596 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1597 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1598 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1599 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1600 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1601 0xaa, 0xaa, 0xaa 1602 }, 1603 131, 1604 "Test Using Larger Than Block-Size Key - Hash Key First", 1605 54, 1606 { 1607 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 1608 0x0d, 0x8a, 0x26, 0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 1609 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28, 0xc5, 0x14, 1610 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54 1611 }, 1612 { 1613 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90, 1614 0x88, 0xd2, 0xc6, 0x3a, 0x04, 0x1b, 0xc5, 0xb4, 1615 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f, 1616 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6, 1617 0x0c, 0x2e, 0xf6, 0xab, 0x40, 0x30, 0xfe, 0x82, 1618 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52 1619 } 1620 }, 1621 { 1622 { 1623 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1624 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1625 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1626 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1627 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1628 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1629 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1630 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1631 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1632 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa 1633 }, 1634 80, 1635 "Test Using Larger Than Block-Size Key and Larger Than One " 1636 "Block-Size Data", 1637 73, 1638 { 1639 0x63, 0x55, 0xac, 0x22, 0xe8, 0x90, 0xd0, 0xa3, 1640 0xc8, 0x48, 0x1a, 0x5c, 0xa4, 0x82, 0x5b, 0xc8, 1641 0x84, 0xd3, 0xe7, 0xa1, 0xff, 0x98, 0xa2, 0xfc, 1642 0x2a, 0xc7, 0xd8, 0xe0, 0x64, 0xc3, 0xb2, 0xe6 1643 }, 1644 { } 1645 }, 1646 { /* RFC 4231 - Test Case 7 */ 1647 { 1648 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1649 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1650 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1651 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1652 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1653 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1654 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1655 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1656 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1657 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1658 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1659 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1660 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1661 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1662 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1663 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1664 0xaa, 0xaa, 0xaa 1665 }, 1666 131, 1667 "This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.", 1668 152, 1669 { 1670 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 1671 0x27, 0x63, 0x5f, 0xbc, 0xd5, 0xb0, 0xe9, 0x44, 1672 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07, 0x13, 0x93, 1673 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2 1674 }, 1675 { 1676 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d, 1677 0x35, 0x1e, 0x2f, 0x25, 0x4e, 0x8f, 0xd3, 0x2c, 1678 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a, 1679 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5, 1680 0xa6, 0x78, 0xcc, 0x31, 0xe7, 0x99, 0x17, 0x6d, 1681 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e 1682 } 1683 } 1684 }; 1685 1686 1687 static int test_sha256(void) 1688 { 1689 unsigned int i; 1690 u8 hash[32]; 1691 const u8 *addr[2]; 1692 size_t len[2]; 1693 int errors = 0; 1694 u8 *key; 1695 1696 for (i = 0; i < ARRAY_SIZE(tests); i++) { 1697 wpa_printf(MSG_INFO, "SHA256 test case %d:", i + 1); 1698 1699 addr[0] = (u8 *) tests[i].data; 1700 len[0] = strlen(tests[i].data); 1701 sha256_vector(1, addr, len, hash); 1702 if (memcmp(hash, tests[i].hash, 32) != 0) { 1703 wpa_printf(MSG_INFO, " FAIL"); 1704 errors++; 1705 } else 1706 wpa_printf(MSG_INFO, " OK"); 1707 1708 if (len[0]) { 1709 addr[0] = (u8 *) tests[i].data; 1710 len[0] = 1; 1711 addr[1] = (u8 *) tests[i].data + 1; 1712 len[1] = strlen(tests[i].data) - 1; 1713 sha256_vector(2, addr, len, hash); 1714 if (memcmp(hash, tests[i].hash, 32) != 0) { 1715 wpa_printf(MSG_INFO, " FAIL"); 1716 errors++; 1717 } else 1718 wpa_printf(MSG_INFO, " OK"); 1719 } 1720 } 1721 1722 for (i = 0; i < ARRAY_SIZE(hmac_tests); i++) { 1723 const struct hmac_test *t = &hmac_tests[i]; 1724 1725 wpa_printf(MSG_INFO, "HMAC-SHA256 test case %d:", i + 1); 1726 1727 if (hmac_sha256(t->key, t->key_len, t->data, t->data_len, 1728 hash) < 0 || 1729 os_memcmp(hash, t->hash, 32) != 0) { 1730 wpa_printf(MSG_INFO, " FAIL"); 1731 errors++; 1732 } else 1733 wpa_printf(MSG_INFO, " OK"); 1734 1735 addr[0] = t->data; 1736 len[0] = t->data_len; 1737 if (hmac_sha256_vector(t->key, t->key_len, 1, addr, len, 1738 hash) < 0 || 1739 os_memcmp(hash, t->hash, 32) != 0) { 1740 wpa_printf(MSG_INFO, " FAIL"); 1741 errors++; 1742 } else 1743 wpa_printf(MSG_INFO, " OK"); 1744 1745 if (len[0]) { 1746 addr[0] = t->data; 1747 len[0] = 1; 1748 addr[1] = t->data + 1; 1749 len[1] = t->data_len - 1; 1750 if (hmac_sha256_vector(t->key, t->key_len, 2, addr, len, 1751 hash) < 0 || 1752 os_memcmp(hash, t->hash, 32) != 0) { 1753 wpa_printf(MSG_INFO, " FAIL"); 1754 errors++; 1755 } else 1756 wpa_printf(MSG_INFO, " OK"); 1757 } 1758 } 1759 1760 wpa_printf(MSG_INFO, "Test IEEE 802.11r KDF"); 1761 sha256_prf((u8 *) "abc", 3, "KDF test", (u8 *) "data", 4, 1762 hash, sizeof(hash)); 1763 /* TODO: add proper test case for this */ 1764 1765 key = os_malloc(8161); 1766 if (key) { 1767 #ifdef CONFIG_HMAC_SHA256_KDF 1768 int res; 1769 1770 res = hmac_sha256_kdf((u8 *) "secret", 6, "label", 1771 (u8 *) "seed", 4, key, 8160); 1772 if (res) { 1773 wpa_printf(MSG_INFO, 1774 "Unexpected hmac_sha256_kdf(outlen=8160) failure"); 1775 errors++; 1776 } 1777 1778 res = hmac_sha256_kdf((u8 *) "secret", 6, "label", 1779 (u8 *) "seed", 4, key, 8161); 1780 if (res == 0) { 1781 wpa_printf(MSG_INFO, 1782 "Unexpected hmac_sha256_kdf(outlen=8161) success"); 1783 errors++; 1784 } 1785 #endif /* CONFIG_HMAC_SHA256_KDF */ 1786 1787 os_free(key); 1788 } 1789 1790 if (!errors) 1791 wpa_printf(MSG_INFO, "SHA256 test cases passed"); 1792 return errors; 1793 } 1794 1795 1796 static int test_sha384(void) 1797 { 1798 #ifdef CONFIG_SHA384 1799 unsigned int i; 1800 u8 hash[48]; 1801 const u8 *addr[2]; 1802 size_t len[2]; 1803 int errors = 0; 1804 const char *data = "hello"; 1805 const u8 hash_res[] = { 1806 0x59, 0xe1, 0x74, 0x87, 0x77, 0x44, 0x8c, 0x69, 1807 0xde, 0x6b, 0x80, 0x0d, 0x7a, 0x33, 0xbb, 0xfb, 1808 0x9f, 0xf1, 0xb4, 0x63, 0xe4, 0x43, 0x54, 0xc3, 1809 0x55, 0x3b, 0xcd, 0xb9, 0xc6, 0x66, 0xfa, 0x90, 1810 0x12, 0x5a, 0x3c, 0x79, 0xf9, 0x03, 0x97, 0xbd, 1811 0xf5, 0xf6, 0xa1, 0x3d, 0xe8, 0x28, 0x68, 0x4f 1812 }; 1813 1814 addr[0] = (const u8 *) data; 1815 len[0] = 5; 1816 if (sha384_vector(1, addr, len, hash) < 0 || 1817 os_memcmp(hash, hash_res, 48) != 0) { 1818 wpa_printf(MSG_INFO, "SHA384 test case 1: FAIL"); 1819 errors++; 1820 } else { 1821 wpa_printf(MSG_INFO, "SHA384 test case 1: OK"); 1822 } 1823 1824 addr[0] = (const u8 *) data; 1825 len[0] = 4; 1826 addr[1] = (const u8 *) data + 4; 1827 len[1] = 1; 1828 if (sha384_vector(2, addr, len, hash) < 0 || 1829 os_memcmp(hash, hash_res, 48) != 0) { 1830 wpa_printf(MSG_INFO, "SHA384 test case 2: FAIL"); 1831 errors++; 1832 } else { 1833 wpa_printf(MSG_INFO, "SHA384 test case 2: OK"); 1834 } 1835 1836 for (i = 0; i < ARRAY_SIZE(hmac_tests); i++) { 1837 const struct hmac_test *t = &hmac_tests[i]; 1838 1839 if (t->hash384[0] == 0 && t->hash384[1] == 0 && 1840 t->hash384[2] == 0 && t->hash384[3] == 0) 1841 continue; 1842 wpa_printf(MSG_INFO, "HMAC-SHA384 test case %d:", i + 1); 1843 1844 if (hmac_sha384(t->key, t->key_len, t->data, t->data_len, 1845 hash) < 0 || 1846 os_memcmp(hash, t->hash384, 48) != 0) { 1847 wpa_printf(MSG_INFO, " FAIL"); 1848 errors++; 1849 } else 1850 wpa_printf(MSG_INFO, " OK"); 1851 1852 addr[0] = t->data; 1853 len[0] = t->data_len; 1854 if (hmac_sha384_vector(t->key, t->key_len, 1, addr, len, 1855 hash) < 0 || 1856 os_memcmp(hash, t->hash384, 48) != 0) { 1857 wpa_printf(MSG_INFO, " FAIL"); 1858 errors++; 1859 } else 1860 wpa_printf(MSG_INFO, " OK"); 1861 1862 if (len[0]) { 1863 addr[0] = t->data; 1864 len[0] = 1; 1865 addr[1] = t->data + 1; 1866 len[1] = t->data_len - 1; 1867 if (hmac_sha384_vector(t->key, t->key_len, 2, addr, len, 1868 hash) < 0 || 1869 os_memcmp(hash, t->hash384, 48) != 0) { 1870 wpa_printf(MSG_INFO, " FAIL"); 1871 errors++; 1872 } else 1873 wpa_printf(MSG_INFO, " OK"); 1874 } 1875 } 1876 1877 if (!errors) 1878 wpa_printf(MSG_INFO, "SHA384 test cases passed"); 1879 return errors; 1880 #else /* CONFIG_SHA384 */ 1881 return 0; 1882 #endif /* CONFIG_SHA384 */ 1883 } 1884 1885 1886 static int test_fips186_2_prf(void) 1887 { 1888 /* http://csrc.nist.gov/encryption/dss/Examples-1024bit.pdf */ 1889 u8 xkey[] = { 1890 0xbd, 0x02, 0x9b, 0xbe, 0x7f, 0x51, 0x96, 0x0b, 1891 0xcf, 0x9e, 0xdb, 0x2b, 0x61, 0xf0, 0x6f, 0x0f, 1892 0xeb, 0x5a, 0x38, 0xb6 1893 }; 1894 u8 w[] = { 1895 0x20, 0x70, 0xb3, 0x22, 0x3d, 0xba, 0x37, 0x2f, 1896 0xde, 0x1c, 0x0f, 0xfc, 0x7b, 0x2e, 0x3b, 0x49, 1897 0x8b, 0x26, 0x06, 0x14, 0x3c, 0x6c, 0x18, 0xba, 1898 0xcb, 0x0f, 0x6c, 0x55, 0xba, 0xbb, 0x13, 0x78, 1899 0x8e, 0x20, 0xd7, 0x37, 0xa3, 0x27, 0x51, 0x16 1900 }; 1901 u8 buf[40]; 1902 1903 wpa_printf(MSG_INFO, 1904 "Testing EAP-SIM PRF (FIPS 186-2 + change notice 1)"); 1905 if (fips186_2_prf(xkey, sizeof(xkey), buf, sizeof(buf)) < 0 || 1906 os_memcmp(w, buf, sizeof(w)) != 0) { 1907 wpa_printf(MSG_INFO, "fips186_2_prf failed"); 1908 return 1; 1909 } 1910 1911 return 0; 1912 } 1913 1914 1915 static int test_extract_expand_hkdf(void) 1916 { 1917 u8 prk[SHA256_MAC_LEN]; 1918 u8 okm[82]; 1919 1920 /* RFC 5869, A.1 */ 1921 u8 ikm1[22] = { 1922 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1923 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1924 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b 1925 }; 1926 u8 salt1[13] = { 1927 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 1928 0x08, 0x09, 0x0a, 0x0b, 0x0c 1929 }; 1930 u8 info1[10] = { 1931 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 1932 0xf8, 0xf9 1933 }; 1934 u8 prk1[32] = { 1935 0x07, 0x77, 0x09, 0x36, 0x2c, 0x2e, 0x32, 0xdf, 1936 0x0d, 0xdc, 0x3f, 0x0d, 0xc4, 0x7b, 0xba, 0x63, 1937 0x90, 0xb6, 0xc7, 0x3b, 0xb5, 0x0f, 0x9c, 0x31, 1938 0x22, 0xec, 0x84, 0x4a, 0xd7, 0xc2, 0xb3, 0xe5 1939 }; 1940 u8 okm1[42] = { 1941 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 1942 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, 1943 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c, 1944 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf, 1945 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, 1946 0x58, 0x65 1947 }; 1948 1949 /* RFC 5869, A.2 */ 1950 u8 ikm2[80] = { 1951 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 1952 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 1953 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 1954 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 1955 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 1956 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 1957 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 1958 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 1959 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 1960 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f 1961 }; 1962 u8 salt2[80] = { 1963 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 1964 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 1965 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 1966 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 1967 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 1968 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 1969 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 1970 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, 1971 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 1972 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf 1973 }; 1974 u8 info2[80] = { 1975 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, 1976 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, 1977 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 1978 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, 1979 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, 1980 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 1981 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 1982 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 1983 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 1984 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff 1985 }; 1986 u8 prk2[32] = { 1987 0x06, 0xa6, 0xb8, 0x8c, 0x58, 0x53, 0x36, 0x1a, 1988 0x06, 0x10, 0x4c, 0x9c, 0xeb, 0x35, 0xb4, 0x5c, 1989 0xef, 0x76, 0x00, 0x14, 0x90, 0x46, 0x71, 0x01, 1990 0x4a, 0x19, 0x3f, 0x40, 0xc1, 0x5f, 0xc2, 0x44 1991 }; 1992 u8 okm2[82] = { 1993 0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1, 1994 0xc8, 0xe7, 0xf7, 0x8c, 0x59, 0x6a, 0x49, 0x34, 1995 0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, 0xfa, 0xd8, 1996 0xa0, 0x50, 0xcc, 0x4c, 0x19, 0xaf, 0xa9, 0x7c, 1997 0x59, 0x04, 0x5a, 0x99, 0xca, 0xc7, 0x82, 0x72, 1998 0x71, 0xcb, 0x41, 0xc6, 0x5e, 0x59, 0x0e, 0x09, 1999 0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8, 2000 0x36, 0x77, 0x93, 0xa9, 0xac, 0xa3, 0xdb, 0x71, 2001 0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, 0x3e, 0x87, 2002 0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f, 2003 0x1d, 0x87 2004 }; 2005 2006 wpa_printf(MSG_INFO, "Testing Extract-and-Expand HKDF (RFC 5869)"); 2007 2008 wpa_printf(MSG_INFO, "RFC 5869 - Test Case 1"); 2009 if (hmac_sha256(salt1, sizeof(salt1), ikm1, sizeof(ikm1), prk) < 0) 2010 return -1; 2011 if (os_memcmp(prk, prk1, SHA256_MAC_LEN) != 0) { 2012 wpa_printf(MSG_INFO, "HKDF-Extract mismatch in PRK"); 2013 return -1; 2014 } 2015 if (hmac_sha256_kdf(prk1, sizeof(prk1), NULL, info1, sizeof(info1), 2016 okm, sizeof(okm1)) < 0) 2017 return -1; 2018 if (os_memcmp(okm, okm1, sizeof(okm1)) != 0) { 2019 wpa_printf(MSG_INFO, "HKDF-Expand mismatch in OKM"); 2020 return -1; 2021 } 2022 2023 wpa_printf(MSG_INFO, "RFC 5869 - Test Case 2"); 2024 if (hmac_sha256(salt2, sizeof(salt2), ikm2, sizeof(ikm2), prk) < 0) 2025 return -1; 2026 if (os_memcmp(prk, prk2, SHA256_MAC_LEN) != 0) { 2027 wpa_printf(MSG_INFO, "HKDF-Extract mismatch in PRK"); 2028 return -1; 2029 } 2030 if (hmac_sha256_kdf(prk2, sizeof(prk2), NULL, info2, sizeof(info2), 2031 okm, sizeof(okm2)) < 0) 2032 return -1; 2033 if (os_memcmp(okm, okm2, sizeof(okm2)) != 0) { 2034 wpa_printf(MSG_INFO, "HKDF-Expand mismatch in OKM"); 2035 return -1; 2036 } 2037 2038 wpa_printf(MSG_INFO, "Extract-and-Expand HKDF test cases passed"); 2039 2040 return 0; 2041 } 2042 2043 2044 static int test_ms_funcs(void) 2045 { 2046 #ifndef CONFIG_FIPS 2047 /* Test vector from RFC2759 example */ 2048 char *username = "User"; 2049 char *password = "clientPass"; 2050 u8 auth_challenge[] = { 2051 0x5B, 0x5D, 0x7C, 0x7D, 0x7B, 0x3F, 0x2F, 0x3E, 2052 0x3C, 0x2C, 0x60, 0x21, 0x32, 0x26, 0x26, 0x28 2053 }; 2054 u8 peer_challenge[] = { 2055 0x21, 0x40, 0x23, 0x24, 0x25, 0x5E, 0x26, 0x2A, 2056 0x28, 0x29, 0x5F, 0x2B, 0x3A, 0x33, 0x7C, 0x7E 2057 }; 2058 u8 password_hash[] = { 2059 0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6, 2060 0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE 2061 }; 2062 u8 nt_response[] = { 2063 0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E, 2064 0xA0, 0x8F, 0xAA, 0x39, 0x81, 0xCD, 0x83, 0x54, 2065 0x42, 0x33, 0x11, 0x4A, 0x3D, 0x85, 0xD6, 0xDF 2066 }; 2067 u8 password_hash_hash[] = { 2068 0x41, 0xC0, 0x0C, 0x58, 0x4B, 0xD2, 0xD9, 0x1C, 2069 0x40, 0x17, 0xA2, 0xA1, 0x2F, 0xA5, 0x9F, 0x3F 2070 }; 2071 u8 authenticator_response[] = { 2072 0x40, 0x7A, 0x55, 0x89, 0x11, 0x5F, 0xD0, 0xD6, 2073 0x20, 0x9F, 0x51, 0x0F, 0xE9, 0xC0, 0x45, 0x66, 2074 0x93, 0x2C, 0xDA, 0x56 2075 }; 2076 u8 master_key[] = { 2077 0xFD, 0xEC, 0xE3, 0x71, 0x7A, 0x8C, 0x83, 0x8C, 2078 0xB3, 0x88, 0xE5, 0x27, 0xAE, 0x3C, 0xDD, 0x31 2079 }; 2080 u8 send_start_key[] = { 2081 0x8B, 0x7C, 0xDC, 0x14, 0x9B, 0x99, 0x3A, 0x1B, 2082 0xA1, 0x18, 0xCB, 0x15, 0x3F, 0x56, 0xDC, 0xCB 2083 }; 2084 u8 buf[32]; 2085 int errors = 0; 2086 2087 if (nt_password_hash((u8 *) password, os_strlen(password), buf) || 2088 os_memcmp(password_hash, buf, sizeof(password_hash)) != 0) { 2089 wpa_printf(MSG_ERROR, "nt_password_hash failed"); 2090 errors++; 2091 } 2092 2093 if (generate_nt_response(auth_challenge, peer_challenge, 2094 (u8 *) username, os_strlen(username), 2095 (u8 *) password, os_strlen(password), buf) || 2096 os_memcmp(nt_response, buf, sizeof(nt_response)) != 0) { 2097 wpa_printf(MSG_ERROR, "generate_nt_response failed"); 2098 errors++; 2099 } 2100 2101 if (hash_nt_password_hash(password_hash, buf) || 2102 os_memcmp(password_hash_hash, buf, 2103 sizeof(password_hash_hash)) != 0) { 2104 wpa_printf(MSG_ERROR, "hash_nt_password_hash failed"); 2105 errors++; 2106 } 2107 2108 if (generate_authenticator_response((u8 *) password, 2109 os_strlen(password), 2110 peer_challenge, auth_challenge, 2111 (u8 *) username, 2112 os_strlen(username), 2113 nt_response, buf) || 2114 os_memcmp(authenticator_response, buf, 2115 sizeof(authenticator_response)) != 0) { 2116 wpa_printf(MSG_ERROR, "generate_authenticator_response failed"); 2117 errors++; 2118 } 2119 2120 if (get_master_key(password_hash_hash, nt_response, buf) || 2121 os_memcmp(master_key, buf, sizeof(master_key)) != 0) { 2122 wpa_printf(MSG_ERROR, "get_master_key failed"); 2123 errors++; 2124 } 2125 2126 if (get_asymetric_start_key(master_key, buf, sizeof(send_start_key), 2127 1, 1) || 2128 os_memcmp(send_start_key, buf, sizeof(send_start_key)) != 0) { 2129 wpa_printf(MSG_ERROR, "get_asymetric_start_key failed"); 2130 errors++; 2131 } 2132 2133 if (errors) 2134 wpa_printf(MSG_ERROR, "ms_funcs: %d errors", errors); 2135 else 2136 wpa_printf(MSG_INFO, "ms_funcs test cases passed"); 2137 2138 return errors; 2139 #else /* CONFIG_FIPS */ 2140 wpa_printf(MSG_INFO, "ms_funcs test cases skipped due to CONFIG_FIPS"); 2141 return 0; 2142 #endif /* CONFIG_FIPS */ 2143 } 2144 2145 2146 int crypto_module_tests(void) 2147 { 2148 int ret = 0; 2149 2150 wpa_printf(MSG_INFO, "crypto module tests"); 2151 if (test_siv() || 2152 test_omac1() || 2153 test_eax() || 2154 test_cbc() || 2155 test_ecb() || 2156 test_key_wrap() || 2157 test_md5() || 2158 test_sha1() || 2159 test_sha256() || 2160 test_sha384() || 2161 test_fips186_2_prf() || 2162 test_extract_expand_hkdf() || 2163 test_ms_funcs()) 2164 ret = -1; 2165 2166 return ret; 2167 } 2168