15b9c547cSRui Paulo /*
25b9c547cSRui Paulo * crypto module tests
35b9c547cSRui Paulo * Copyright (c) 2014-2015, Jouni Malinen <j@w1.fi>
45b9c547cSRui Paulo *
55b9c547cSRui Paulo * This software may be distributed under the terms of the BSD license.
65b9c547cSRui Paulo * See README for more details.
75b9c547cSRui Paulo */
85b9c547cSRui Paulo
95b9c547cSRui Paulo #include "utils/includes.h"
105b9c547cSRui Paulo
115b9c547cSRui Paulo #include "utils/common.h"
12780fb4a2SCy Schubert #include "utils/module_tests.h"
135b9c547cSRui Paulo #include "crypto/aes_siv.h"
145b9c547cSRui Paulo #include "crypto/aes_wrap.h"
155b9c547cSRui Paulo #include "crypto/aes.h"
165b9c547cSRui Paulo #include "crypto/ms_funcs.h"
175b9c547cSRui Paulo #include "crypto/crypto.h"
185b9c547cSRui Paulo #include "crypto/sha1.h"
195b9c547cSRui Paulo #include "crypto/sha256.h"
2085732ac8SCy Schubert #include "crypto/sha384.h"
215b9c547cSRui Paulo
225b9c547cSRui Paulo
test_siv(void)235b9c547cSRui Paulo static int test_siv(void)
245b9c547cSRui Paulo {
255b9c547cSRui Paulo #ifdef CONFIG_MESH
265b9c547cSRui Paulo /* RFC 5297, A.1. Deterministic Authenticated Encryption Example */
275b9c547cSRui Paulo u8 key[] = {
285b9c547cSRui Paulo 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
295b9c547cSRui Paulo 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
305b9c547cSRui Paulo 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
315b9c547cSRui Paulo 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
325b9c547cSRui Paulo };
335b9c547cSRui Paulo u8 ad[] = {
345b9c547cSRui Paulo 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
355b9c547cSRui Paulo 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
365b9c547cSRui Paulo 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27
375b9c547cSRui Paulo };
385b9c547cSRui Paulo u8 plaintext[] = {
395b9c547cSRui Paulo 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
405b9c547cSRui Paulo 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee
415b9c547cSRui Paulo };
425b9c547cSRui Paulo u8 iv_c[] = {
435b9c547cSRui Paulo 0x85, 0x63, 0x2d, 0x07, 0xc6, 0xe8, 0xf3, 0x7f,
445b9c547cSRui Paulo 0x95, 0x0a, 0xcd, 0x32, 0x0a, 0x2e, 0xcc, 0x93,
455b9c547cSRui Paulo 0x40, 0xc0, 0x2b, 0x96, 0x90, 0xc4, 0xdc, 0x04,
465b9c547cSRui Paulo 0xda, 0xef, 0x7f, 0x6a, 0xfe, 0x5c
475b9c547cSRui Paulo };
485b9c547cSRui Paulo /* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */
495b9c547cSRui Paulo u8 key_2[] = {
505b9c547cSRui Paulo 0x7f, 0x7e, 0x7d, 0x7c, 0x7b, 0x7a, 0x79, 0x78,
515b9c547cSRui Paulo 0x77, 0x76, 0x75, 0x74, 0x73, 0x72, 0x71, 0x70,
525b9c547cSRui Paulo 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
535b9c547cSRui Paulo 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
545b9c547cSRui Paulo };
555b9c547cSRui Paulo u8 ad1_2[] = {
565b9c547cSRui Paulo 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
575b9c547cSRui Paulo 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
585b9c547cSRui Paulo 0xde, 0xad, 0xda, 0xda, 0xde, 0xad, 0xda, 0xda,
595b9c547cSRui Paulo 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
605b9c547cSRui Paulo 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00
615b9c547cSRui Paulo };
625b9c547cSRui Paulo u8 ad2_2[] = {
635b9c547cSRui Paulo 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80,
645b9c547cSRui Paulo 0x90, 0xa0
655b9c547cSRui Paulo };
665b9c547cSRui Paulo u8 nonce_2[] = {
675b9c547cSRui Paulo 0x09, 0xf9, 0x11, 0x02, 0x9d, 0x74, 0xe3, 0x5b,
685b9c547cSRui Paulo 0xd8, 0x41, 0x56, 0xc5, 0x63, 0x56, 0x88, 0xc0
695b9c547cSRui Paulo };
705b9c547cSRui Paulo u8 plaintext_2[] = {
715b9c547cSRui Paulo 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
725b9c547cSRui Paulo 0x73, 0x6f, 0x6d, 0x65, 0x20, 0x70, 0x6c, 0x61,
735b9c547cSRui Paulo 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x20, 0x74,
745b9c547cSRui Paulo 0x6f, 0x20, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70,
755b9c547cSRui Paulo 0x74, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x20,
765b9c547cSRui Paulo 0x53, 0x49, 0x56, 0x2d, 0x41, 0x45, 0x53
775b9c547cSRui Paulo };
785b9c547cSRui Paulo u8 iv_c_2[] = {
795b9c547cSRui Paulo 0x7b, 0xdb, 0x6e, 0x3b, 0x43, 0x26, 0x67, 0xeb,
805b9c547cSRui Paulo 0x06, 0xf4, 0xd1, 0x4b, 0xff, 0x2f, 0xbd, 0x0f,
815b9c547cSRui Paulo 0xcb, 0x90, 0x0f, 0x2f, 0xdd, 0xbe, 0x40, 0x43,
825b9c547cSRui Paulo 0x26, 0x60, 0x19, 0x65, 0xc8, 0x89, 0xbf, 0x17,
835b9c547cSRui Paulo 0xdb, 0xa7, 0x7c, 0xeb, 0x09, 0x4f, 0xa6, 0x63,
845b9c547cSRui Paulo 0xb7, 0xa3, 0xf7, 0x48, 0xba, 0x8a, 0xf8, 0x29,
855b9c547cSRui Paulo 0xea, 0x64, 0xad, 0x54, 0x4a, 0x27, 0x2e, 0x9c,
865b9c547cSRui Paulo 0x48, 0x5b, 0x62, 0xa3, 0xfd, 0x5c, 0x0d
875b9c547cSRui Paulo };
885b9c547cSRui Paulo u8 out[2 * AES_BLOCK_SIZE + sizeof(plaintext_2)];
895b9c547cSRui Paulo const u8 *addr[3];
905b9c547cSRui Paulo size_t len[3];
915b9c547cSRui Paulo
925b9c547cSRui Paulo /* RFC 5297, A.1. Deterministic Authenticated Encryption Example */
935b9c547cSRui Paulo addr[0] = ad;
945b9c547cSRui Paulo len[0] = sizeof(ad);
955b9c547cSRui Paulo
9685732ac8SCy Schubert if (aes_siv_encrypt(key, sizeof(key), plaintext, sizeof(plaintext),
975b9c547cSRui Paulo 1, addr, len, out)) {
985b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed");
995b9c547cSRui Paulo return 1;
1005b9c547cSRui Paulo }
1015b9c547cSRui Paulo if (os_memcmp(out, iv_c, sizeof(iv_c)) != 0) {
1025b9c547cSRui Paulo wpa_printf(MSG_ERROR,
1035b9c547cSRui Paulo "AES-SIV mode encryption returned invalid cipher text");
1045b9c547cSRui Paulo return 1;
1055b9c547cSRui Paulo }
1065b9c547cSRui Paulo
10785732ac8SCy Schubert if (aes_siv_decrypt(key, sizeof(key), iv_c, sizeof(iv_c),
10885732ac8SCy Schubert 1, addr, len, out)) {
1095b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed");
1105b9c547cSRui Paulo return 1;
1115b9c547cSRui Paulo }
1125b9c547cSRui Paulo if (os_memcmp(out, plaintext, sizeof(plaintext)) != 0) {
1135b9c547cSRui Paulo wpa_printf(MSG_ERROR,
1145b9c547cSRui Paulo "AES-SIV mode decryption returned invalid plain text");
1155b9c547cSRui Paulo return 1;
1165b9c547cSRui Paulo }
1175b9c547cSRui Paulo
1185b9c547cSRui Paulo /* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */
1195b9c547cSRui Paulo addr[0] = ad1_2;
1205b9c547cSRui Paulo len[0] = sizeof(ad1_2);
1215b9c547cSRui Paulo addr[1] = ad2_2;
1225b9c547cSRui Paulo len[1] = sizeof(ad2_2);
1235b9c547cSRui Paulo addr[2] = nonce_2;
1245b9c547cSRui Paulo len[2] = sizeof(nonce_2);
1255b9c547cSRui Paulo
12685732ac8SCy Schubert if (aes_siv_encrypt(key_2, sizeof(key_2),
12785732ac8SCy Schubert plaintext_2, sizeof(plaintext_2),
1285b9c547cSRui Paulo 3, addr, len, out)) {
1295b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed");
1305b9c547cSRui Paulo return 1;
1315b9c547cSRui Paulo }
1325b9c547cSRui Paulo if (os_memcmp(out, iv_c_2, sizeof(iv_c_2)) != 0) {
1335b9c547cSRui Paulo wpa_printf(MSG_ERROR,
1345b9c547cSRui Paulo "AES-SIV mode encryption returned invalid cipher text");
1355b9c547cSRui Paulo return 1;
1365b9c547cSRui Paulo }
1375b9c547cSRui Paulo
13885732ac8SCy Schubert if (aes_siv_decrypt(key_2, sizeof(key_2), iv_c_2, sizeof(iv_c_2),
13985732ac8SCy Schubert 3, addr, len, out)) {
1405b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed");
1415b9c547cSRui Paulo return 1;
1425b9c547cSRui Paulo }
1435b9c547cSRui Paulo if (os_memcmp(out, plaintext_2, sizeof(plaintext_2)) != 0) {
1445b9c547cSRui Paulo wpa_printf(MSG_ERROR,
1455b9c547cSRui Paulo "AES-SIV mode decryption returned invalid plain text");
1465b9c547cSRui Paulo return 1;
1475b9c547cSRui Paulo }
1485b9c547cSRui Paulo
1495b9c547cSRui Paulo wpa_printf(MSG_INFO, "AES-SIV test cases passed");
1505b9c547cSRui Paulo #endif /* CONFIG_MESH */
1515b9c547cSRui Paulo
1525b9c547cSRui Paulo return 0;
1535b9c547cSRui Paulo }
1545b9c547cSRui Paulo
1555b9c547cSRui Paulo
1565b9c547cSRui Paulo /* OMAC1 AES-128 test vectors from
1575b9c547cSRui Paulo * http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/omac/omac-ad.pdf
1585b9c547cSRui Paulo * which are same as the examples from NIST SP800-38B
1595b9c547cSRui Paulo * http://csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf
1605b9c547cSRui Paulo */
1615b9c547cSRui Paulo
1625b9c547cSRui Paulo struct omac1_test_vector {
1635b9c547cSRui Paulo u8 k[16];
1645b9c547cSRui Paulo u8 msg[64];
1655b9c547cSRui Paulo int msg_len;
1665b9c547cSRui Paulo u8 tag[16];
1675b9c547cSRui Paulo };
1685b9c547cSRui Paulo
169325151a3SRui Paulo static const struct omac1_test_vector omac1_test_vectors[] =
1705b9c547cSRui Paulo {
1715b9c547cSRui Paulo {
1725b9c547cSRui Paulo { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
1735b9c547cSRui Paulo 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
1745b9c547cSRui Paulo { },
1755b9c547cSRui Paulo 0,
1765b9c547cSRui Paulo { 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
1775b9c547cSRui Paulo 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 }
1785b9c547cSRui Paulo },
1795b9c547cSRui Paulo {
1805b9c547cSRui Paulo { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
1815b9c547cSRui Paulo 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
1825b9c547cSRui Paulo { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1835b9c547cSRui Paulo 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a},
1845b9c547cSRui Paulo 16,
1855b9c547cSRui Paulo { 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
1865b9c547cSRui Paulo 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c }
1875b9c547cSRui Paulo },
1885b9c547cSRui Paulo {
1895b9c547cSRui Paulo { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
1905b9c547cSRui Paulo 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
1915b9c547cSRui Paulo { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1925b9c547cSRui Paulo 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
1935b9c547cSRui Paulo 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
1945b9c547cSRui Paulo 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
1955b9c547cSRui Paulo 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11 },
1965b9c547cSRui Paulo 40,
1975b9c547cSRui Paulo { 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
1985b9c547cSRui Paulo 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 }
1995b9c547cSRui Paulo },
2005b9c547cSRui Paulo {
2015b9c547cSRui Paulo { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
2025b9c547cSRui Paulo 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
2035b9c547cSRui Paulo { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
2045b9c547cSRui Paulo 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
2055b9c547cSRui Paulo 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
2065b9c547cSRui Paulo 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
2075b9c547cSRui Paulo 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
2085b9c547cSRui Paulo 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
2095b9c547cSRui Paulo 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
2105b9c547cSRui Paulo 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 },
2115b9c547cSRui Paulo 64,
2125b9c547cSRui Paulo { 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
2135b9c547cSRui Paulo 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe }
2145b9c547cSRui Paulo },
2155b9c547cSRui Paulo };
2165b9c547cSRui Paulo
2175b9c547cSRui Paulo
test_omac1_vector(const struct omac1_test_vector * tv,unsigned int i)218325151a3SRui Paulo static int test_omac1_vector(const struct omac1_test_vector *tv,
219325151a3SRui Paulo unsigned int i)
2205b9c547cSRui Paulo {
2215b9c547cSRui Paulo u8 key[] = {
2225b9c547cSRui Paulo 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
2235b9c547cSRui Paulo 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
2245b9c547cSRui Paulo };
2255b9c547cSRui Paulo u8 msg[] = { 0x12, 0x34, 0x56 };
2265b9c547cSRui Paulo u8 result[24], result2[24];
2275b9c547cSRui Paulo const u8 *addr[3];
2285b9c547cSRui Paulo size_t len[3];
2295b9c547cSRui Paulo
2305b9c547cSRui Paulo if (omac1_aes_128(tv->k, tv->msg, tv->msg_len, result) ||
2315b9c547cSRui Paulo os_memcmp(result, tv->tag, 16) != 0) {
2325b9c547cSRui Paulo wpa_printf(MSG_ERROR, "OMAC1-AES-128 test vector %u failed", i);
2335b9c547cSRui Paulo return 1;
2345b9c547cSRui Paulo }
2355b9c547cSRui Paulo
2365b9c547cSRui Paulo if (tv->msg_len > 1) {
2375b9c547cSRui Paulo
2385b9c547cSRui Paulo addr[0] = tv->msg;
2395b9c547cSRui Paulo len[0] = 1;
2405b9c547cSRui Paulo addr[1] = tv->msg + 1;
2415b9c547cSRui Paulo len[1] = tv->msg_len - 1;
2425b9c547cSRui Paulo
2435b9c547cSRui Paulo if (omac1_aes_128_vector(tv->k, 2, addr, len, result) ||
2445b9c547cSRui Paulo os_memcmp(result, tv->tag, 16) != 0) {
2455b9c547cSRui Paulo wpa_printf(MSG_ERROR,
2465b9c547cSRui Paulo "OMAC1-AES-128(vector) test vector %u failed",
2475b9c547cSRui Paulo i);
2485b9c547cSRui Paulo return 1;
2495b9c547cSRui Paulo }
2505b9c547cSRui Paulo
2515b9c547cSRui Paulo addr[0] = tv->msg;
2525b9c547cSRui Paulo len[0] = tv->msg_len - 2;
2535b9c547cSRui Paulo addr[1] = tv->msg + tv->msg_len - 2;
2545b9c547cSRui Paulo len[1] = 1;
2555b9c547cSRui Paulo addr[2] = tv->msg + tv->msg_len - 1;
2565b9c547cSRui Paulo len[2] = 1;
2575b9c547cSRui Paulo
2585b9c547cSRui Paulo if (omac1_aes_128_vector(tv->k, 3, addr, len, result) ||
2595b9c547cSRui Paulo os_memcmp(result, tv->tag, 16) != 0) {
2605b9c547cSRui Paulo wpa_printf(MSG_ERROR,
2615b9c547cSRui Paulo "OMAC1-AES-128(vector2) test vector %u failed",
2625b9c547cSRui Paulo i);
2635b9c547cSRui Paulo return 1;
2645b9c547cSRui Paulo }
2655b9c547cSRui Paulo }
2665b9c547cSRui Paulo
2675b9c547cSRui Paulo addr[0] = &msg[0];
2685b9c547cSRui Paulo len[0] = 1;
2695b9c547cSRui Paulo addr[1] = &msg[1];
2705b9c547cSRui Paulo len[1] = 1;
2715b9c547cSRui Paulo addr[2] = &msg[2];
2725b9c547cSRui Paulo len[2] = 1;
2735b9c547cSRui Paulo if (omac1_aes_128(key, msg, sizeof(msg), result) ||
2745b9c547cSRui Paulo omac1_aes_128_vector(key, 3, addr, len, result2) ||
2755b9c547cSRui Paulo os_memcmp(result, result2, 16) != 0) {
2765b9c547cSRui Paulo wpa_printf(MSG_ERROR, "OMAC1-AES-128 short test mismatch");
2775b9c547cSRui Paulo return 1;
2785b9c547cSRui Paulo }
2795b9c547cSRui Paulo
2805b9c547cSRui Paulo return 0;
2815b9c547cSRui Paulo }
2825b9c547cSRui Paulo
2835b9c547cSRui Paulo
test_omac1(void)2845b9c547cSRui Paulo static int test_omac1(void)
2855b9c547cSRui Paulo {
2865b9c547cSRui Paulo unsigned int i;
2875b9c547cSRui Paulo
2885b9c547cSRui Paulo for (i = 0; i < ARRAY_SIZE(omac1_test_vectors); i++) {
2895b9c547cSRui Paulo if (test_omac1_vector(&omac1_test_vectors[i], i))
2905b9c547cSRui Paulo return 1;
2915b9c547cSRui Paulo }
2925b9c547cSRui Paulo
2935b9c547cSRui Paulo wpa_printf(MSG_INFO, "OMAC1-AES-128 test cases passed");
2945b9c547cSRui Paulo
2955b9c547cSRui Paulo return 0;
2965b9c547cSRui Paulo }
2975b9c547cSRui Paulo
2985b9c547cSRui Paulo
test_eax(void)2995b9c547cSRui Paulo static int test_eax(void)
3005b9c547cSRui Paulo {
3015b9c547cSRui Paulo #ifdef EAP_PSK
3025b9c547cSRui Paulo u8 msg[] = { 0xF7, 0xFB };
3035b9c547cSRui Paulo u8 key[] = { 0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B,
3045b9c547cSRui Paulo 0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4 };
3055b9c547cSRui Paulo u8 nonce[] = { 0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84,
3065b9c547cSRui Paulo 0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD };
3075b9c547cSRui Paulo u8 hdr[] = { 0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA };
3085b9c547cSRui Paulo u8 cipher[] = { 0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D,
3095b9c547cSRui Paulo 0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79,
3105b9c547cSRui Paulo 0x67, 0xE5 };
3115b9c547cSRui Paulo u8 data[sizeof(msg)], tag[AES_BLOCK_SIZE];
3125b9c547cSRui Paulo
3135b9c547cSRui Paulo os_memcpy(data, msg, sizeof(msg));
3145b9c547cSRui Paulo if (aes_128_eax_encrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
3155b9c547cSRui Paulo data, sizeof(data), tag)) {
3165b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-128 EAX mode encryption failed");
3175b9c547cSRui Paulo return 1;
3185b9c547cSRui Paulo }
3195b9c547cSRui Paulo if (os_memcmp(data, cipher, sizeof(data)) != 0) {
3205b9c547cSRui Paulo wpa_printf(MSG_ERROR,
3215b9c547cSRui Paulo "AES-128 EAX mode encryption returned invalid cipher text");
3225b9c547cSRui Paulo return 1;
3235b9c547cSRui Paulo }
3245b9c547cSRui Paulo if (os_memcmp(tag, cipher + sizeof(data), AES_BLOCK_SIZE) != 0) {
3255b9c547cSRui Paulo wpa_printf(MSG_ERROR,
3265b9c547cSRui Paulo "AES-128 EAX mode encryption returned invalid tag");
3275b9c547cSRui Paulo return 1;
3285b9c547cSRui Paulo }
3295b9c547cSRui Paulo
3305b9c547cSRui Paulo if (aes_128_eax_decrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
3315b9c547cSRui Paulo data, sizeof(data), tag)) {
3325b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-128 EAX mode decryption failed");
3335b9c547cSRui Paulo return 1;
3345b9c547cSRui Paulo }
3355b9c547cSRui Paulo if (os_memcmp(data, msg, sizeof(data)) != 0) {
3365b9c547cSRui Paulo wpa_printf(MSG_ERROR,
3375b9c547cSRui Paulo "AES-128 EAX mode decryption returned invalid plain text");
3385b9c547cSRui Paulo return 1;
3395b9c547cSRui Paulo }
3405b9c547cSRui Paulo
3415b9c547cSRui Paulo wpa_printf(MSG_INFO, "AES-128 EAX mode test cases passed");
3425b9c547cSRui Paulo #endif /* EAP_PSK */
3435b9c547cSRui Paulo
3445b9c547cSRui Paulo return 0;
3455b9c547cSRui Paulo }
3465b9c547cSRui Paulo
3475b9c547cSRui Paulo
test_cbc(void)3485b9c547cSRui Paulo static int test_cbc(void)
3495b9c547cSRui Paulo {
3505b9c547cSRui Paulo struct cbc_test_vector {
3515b9c547cSRui Paulo u8 key[16];
3525b9c547cSRui Paulo u8 iv[16];
3535b9c547cSRui Paulo u8 plain[32];
3545b9c547cSRui Paulo u8 cipher[32];
3555b9c547cSRui Paulo size_t len;
3565b9c547cSRui Paulo } vectors[] = {
3575b9c547cSRui Paulo {
3585b9c547cSRui Paulo { 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b,
3595b9c547cSRui Paulo 0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 },
3605b9c547cSRui Paulo { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30,
3615b9c547cSRui Paulo 0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 },
3625b9c547cSRui Paulo "Single block msg",
3635b9c547cSRui Paulo { 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8,
3645b9c547cSRui Paulo 0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a },
3655b9c547cSRui Paulo 16
3665b9c547cSRui Paulo },
3675b9c547cSRui Paulo {
3685b9c547cSRui Paulo { 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0,
3695b9c547cSRui Paulo 0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a },
3705b9c547cSRui Paulo { 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28,
3715b9c547cSRui Paulo 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 },
3725b9c547cSRui Paulo { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
3735b9c547cSRui Paulo 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
3745b9c547cSRui Paulo 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3755b9c547cSRui Paulo 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
3765b9c547cSRui Paulo { 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a,
3775b9c547cSRui Paulo 0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a,
3785b9c547cSRui Paulo 0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9,
3795b9c547cSRui Paulo 0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 },
3805b9c547cSRui Paulo 32
3815b9c547cSRui Paulo }
3825b9c547cSRui Paulo };
3835b9c547cSRui Paulo int ret = 0;
3845b9c547cSRui Paulo u8 *buf;
3855b9c547cSRui Paulo unsigned int i;
3865b9c547cSRui Paulo
3875b9c547cSRui Paulo for (i = 0; i < ARRAY_SIZE(vectors); i++) {
3885b9c547cSRui Paulo struct cbc_test_vector *tv = &vectors[i];
3895b9c547cSRui Paulo
3905b9c547cSRui Paulo buf = os_malloc(tv->len);
3915b9c547cSRui Paulo if (buf == NULL) {
3925b9c547cSRui Paulo ret++;
3935b9c547cSRui Paulo break;
3945b9c547cSRui Paulo }
3955b9c547cSRui Paulo
3965b9c547cSRui Paulo os_memcpy(buf, tv->plain, tv->len);
3975b9c547cSRui Paulo if (aes_128_cbc_encrypt(tv->key, tv->iv, buf, tv->len) ||
3985b9c547cSRui Paulo os_memcmp(buf, tv->cipher, tv->len) != 0) {
3995b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-CBC encrypt %d failed", i);
4005b9c547cSRui Paulo ret++;
4015b9c547cSRui Paulo }
4025b9c547cSRui Paulo
4035b9c547cSRui Paulo os_memcpy(buf, tv->cipher, tv->len);
4045b9c547cSRui Paulo if (aes_128_cbc_decrypt(tv->key, tv->iv, buf, tv->len) ||
4055b9c547cSRui Paulo os_memcmp(buf, tv->plain, tv->len) != 0) {
4065b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-CBC decrypt %d failed", i);
4075b9c547cSRui Paulo ret++;
4085b9c547cSRui Paulo }
4095b9c547cSRui Paulo
4105b9c547cSRui Paulo os_free(buf);
4115b9c547cSRui Paulo }
4125b9c547cSRui Paulo
4135b9c547cSRui Paulo return ret;
4145b9c547cSRui Paulo }
4155b9c547cSRui Paulo
4165b9c547cSRui Paulo
test_ecb(void)4175b9c547cSRui Paulo static int test_ecb(void)
4185b9c547cSRui Paulo {
4195b9c547cSRui Paulo #ifdef EAP_PSK
4205b9c547cSRui Paulo struct ecb_test_vector {
4215b9c547cSRui Paulo char *key;
4225b9c547cSRui Paulo char *plaintext;
4235b9c547cSRui Paulo char *ciphertext;
4245b9c547cSRui Paulo } vectors[] = {
4255b9c547cSRui Paulo /* CAVS 11.1 - ECBGFSbox128.rsp */
4265b9c547cSRui Paulo {
4275b9c547cSRui Paulo "00000000000000000000000000000000",
4285b9c547cSRui Paulo "f34481ec3cc627bacd5dc3fb08f273e6",
4295b9c547cSRui Paulo "0336763e966d92595a567cc9ce537f5e"
4305b9c547cSRui Paulo },
4315b9c547cSRui Paulo {
4325b9c547cSRui Paulo "00000000000000000000000000000000",
4335b9c547cSRui Paulo "9798c4640bad75c7c3227db910174e72",
4345b9c547cSRui Paulo "a9a1631bf4996954ebc093957b234589"
4355b9c547cSRui Paulo },
4365b9c547cSRui Paulo {
4375b9c547cSRui Paulo "00000000000000000000000000000000",
4385b9c547cSRui Paulo "96ab5c2ff612d9dfaae8c31f30c42168",
4395b9c547cSRui Paulo "ff4f8391a6a40ca5b25d23bedd44a597"
4405b9c547cSRui Paulo },
4415b9c547cSRui Paulo {
4425b9c547cSRui Paulo "00000000000000000000000000000000",
4435b9c547cSRui Paulo "6a118a874519e64e9963798a503f1d35",
4445b9c547cSRui Paulo "dc43be40be0e53712f7e2bf5ca707209"
4455b9c547cSRui Paulo },
4465b9c547cSRui Paulo {
4475b9c547cSRui Paulo "00000000000000000000000000000000",
4485b9c547cSRui Paulo "cb9fceec81286ca3e989bd979b0cb284",
4495b9c547cSRui Paulo "92beedab1895a94faa69b632e5cc47ce"
4505b9c547cSRui Paulo },
4515b9c547cSRui Paulo {
4525b9c547cSRui Paulo "00000000000000000000000000000000",
4535b9c547cSRui Paulo "b26aeb1874e47ca8358ff22378f09144",
4545b9c547cSRui Paulo "459264f4798f6a78bacb89c15ed3d601"
4555b9c547cSRui Paulo },
4565b9c547cSRui Paulo {
4575b9c547cSRui Paulo "00000000000000000000000000000000",
4585b9c547cSRui Paulo "58c8e00b2631686d54eab84b91f0aca1",
4595b9c547cSRui Paulo "08a4e2efec8a8e3312ca7460b9040bbf"
4605b9c547cSRui Paulo },
4615b9c547cSRui Paulo /* CAVS 11.1 - ECBKeySbox128.rsp */
4625b9c547cSRui Paulo {
4635b9c547cSRui Paulo "10a58869d74be5a374cf867cfb473859",
4645b9c547cSRui Paulo "00000000000000000000000000000000",
4655b9c547cSRui Paulo "6d251e6944b051e04eaa6fb4dbf78465"
4665b9c547cSRui Paulo },
4675b9c547cSRui Paulo {
4685b9c547cSRui Paulo "caea65cdbb75e9169ecd22ebe6e54675",
4695b9c547cSRui Paulo "00000000000000000000000000000000",
4705b9c547cSRui Paulo "6e29201190152df4ee058139def610bb",
4715b9c547cSRui Paulo }
4725b9c547cSRui Paulo };
4735b9c547cSRui Paulo int ret = 0;
4745b9c547cSRui Paulo unsigned int i;
4755b9c547cSRui Paulo u8 key[16], plain[16], cipher[16], out[16];
4765b9c547cSRui Paulo
4775b9c547cSRui Paulo for (i = 0; i < ARRAY_SIZE(vectors); i++) {
4785b9c547cSRui Paulo struct ecb_test_vector *tv = &vectors[i];
4795b9c547cSRui Paulo
4805b9c547cSRui Paulo if (hexstr2bin(tv->key, key, sizeof(key)) ||
4815b9c547cSRui Paulo hexstr2bin(tv->plaintext, plain, sizeof(plain)) ||
4825b9c547cSRui Paulo hexstr2bin(tv->ciphertext, cipher, sizeof(cipher))) {
4835b9c547cSRui Paulo wpa_printf(MSG_ERROR, "Invalid AES-ECB test vector %u",
4845b9c547cSRui Paulo i);
4855b9c547cSRui Paulo ret++;
4865b9c547cSRui Paulo continue;
4875b9c547cSRui Paulo }
4885b9c547cSRui Paulo
4895b9c547cSRui Paulo if (aes_128_encrypt_block(key, plain, out) < 0 ||
4905b9c547cSRui Paulo os_memcmp(out, cipher, 16) != 0) {
4915b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-ECB encrypt %u failed", i);
4925b9c547cSRui Paulo ret++;
4935b9c547cSRui Paulo }
4945b9c547cSRui Paulo }
4955b9c547cSRui Paulo
4965b9c547cSRui Paulo if (!ret)
4975b9c547cSRui Paulo wpa_printf(MSG_INFO, "AES ECB mode test cases passed");
4985b9c547cSRui Paulo
4995b9c547cSRui Paulo return ret;
5005b9c547cSRui Paulo #endif /* EAP_PSK */
5015b9c547cSRui Paulo
5025b9c547cSRui Paulo return 0;
5035b9c547cSRui Paulo }
5045b9c547cSRui Paulo
5055b9c547cSRui Paulo
test_key_wrap(void)5065b9c547cSRui Paulo static int test_key_wrap(void)
5075b9c547cSRui Paulo {
5085b9c547cSRui Paulo int ret = 0;
5095b9c547cSRui Paulo
5105b9c547cSRui Paulo /* RFC 3394 - Test vector 4.1 */
5115b9c547cSRui Paulo u8 kek41[] = {
5125b9c547cSRui Paulo 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
5135b9c547cSRui Paulo 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
5145b9c547cSRui Paulo };
5155b9c547cSRui Paulo u8 plain41[] = {
5165b9c547cSRui Paulo 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
5175b9c547cSRui Paulo 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
5185b9c547cSRui Paulo };
5195b9c547cSRui Paulo u8 crypt41[] = {
5205b9c547cSRui Paulo 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
5215b9c547cSRui Paulo 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
5225b9c547cSRui Paulo 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5
5235b9c547cSRui Paulo };
524325151a3SRui Paulo #ifndef CONFIG_BORINGSSL
5255b9c547cSRui Paulo /* RFC 3394 - Test vector 4.2 */
5265b9c547cSRui Paulo u8 kek42[] = {
5275b9c547cSRui Paulo 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
5285b9c547cSRui Paulo 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
5295b9c547cSRui Paulo 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
5305b9c547cSRui Paulo };
5315b9c547cSRui Paulo u8 plain42[] = {
5325b9c547cSRui Paulo 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
5335b9c547cSRui Paulo 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
5345b9c547cSRui Paulo };
5355b9c547cSRui Paulo u8 crypt42[] = {
5365b9c547cSRui Paulo 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35,
5375b9c547cSRui Paulo 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2,
5385b9c547cSRui Paulo 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D
5395b9c547cSRui Paulo };
540325151a3SRui Paulo #endif /* CONFIG_BORINGSSL */
5415b9c547cSRui Paulo /* RFC 3394 - Test vector 4.3 */
5425b9c547cSRui Paulo u8 kek43[] = {
5435b9c547cSRui Paulo 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
5445b9c547cSRui Paulo 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
5455b9c547cSRui Paulo 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
5465b9c547cSRui Paulo 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
5475b9c547cSRui Paulo };
5485b9c547cSRui Paulo u8 plain43[] = {
5495b9c547cSRui Paulo 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
5505b9c547cSRui Paulo 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
5515b9c547cSRui Paulo };
5525b9c547cSRui Paulo u8 crypt43[] = {
5535b9c547cSRui Paulo 0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2,
5545b9c547cSRui Paulo 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A,
5555b9c547cSRui Paulo 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7,
5565b9c547cSRui Paulo };
557325151a3SRui Paulo #ifndef CONFIG_BORINGSSL
5585b9c547cSRui Paulo /* RFC 3394 - Test vector 4.4 */
5595b9c547cSRui Paulo u8 kek44[] = {
5605b9c547cSRui Paulo 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
5615b9c547cSRui Paulo 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
5625b9c547cSRui Paulo 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
5635b9c547cSRui Paulo };
5645b9c547cSRui Paulo u8 plain44[] = {
5655b9c547cSRui Paulo 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
5665b9c547cSRui Paulo 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
5675b9c547cSRui Paulo 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
5685b9c547cSRui Paulo };
5695b9c547cSRui Paulo u8 crypt44[] = {
5705b9c547cSRui Paulo 0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32,
5715b9c547cSRui Paulo 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC,
5725b9c547cSRui Paulo 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93,
5735b9c547cSRui Paulo 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2
5745b9c547cSRui Paulo };
575325151a3SRui Paulo #endif /* CONFIG_BORINGSSL */
5765b9c547cSRui Paulo /* RFC 3394 - Test vector 4.5 */
5775b9c547cSRui Paulo u8 kek45[] = {
5785b9c547cSRui Paulo 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
5795b9c547cSRui Paulo 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
5805b9c547cSRui Paulo 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
5815b9c547cSRui Paulo 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
5825b9c547cSRui Paulo };
5835b9c547cSRui Paulo u8 plain45[] = {
5845b9c547cSRui Paulo 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
5855b9c547cSRui Paulo 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
5865b9c547cSRui Paulo 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
5875b9c547cSRui Paulo };
5885b9c547cSRui Paulo u8 crypt45[] = {
5895b9c547cSRui Paulo 0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F,
5905b9c547cSRui Paulo 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4,
5915b9c547cSRui Paulo 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95,
5925b9c547cSRui Paulo 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1,
5935b9c547cSRui Paulo };
5945b9c547cSRui Paulo /* RFC 3394 - Test vector 4.6 */
5955b9c547cSRui Paulo u8 kek46[] = {
5965b9c547cSRui Paulo 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
5975b9c547cSRui Paulo 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
5985b9c547cSRui Paulo 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
5995b9c547cSRui Paulo 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
6005b9c547cSRui Paulo };
6015b9c547cSRui Paulo u8 plain46[] = {
6025b9c547cSRui Paulo 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
6035b9c547cSRui Paulo 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
6045b9c547cSRui Paulo 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
6055b9c547cSRui Paulo 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
6065b9c547cSRui Paulo };
6075b9c547cSRui Paulo u8 crypt46[] = {
6085b9c547cSRui Paulo 0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4,
6095b9c547cSRui Paulo 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26,
6105b9c547cSRui Paulo 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26,
6115b9c547cSRui Paulo 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B,
6125b9c547cSRui Paulo 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21
6135b9c547cSRui Paulo };
6145b9c547cSRui Paulo u8 result[40];
6155b9c547cSRui Paulo
6165b9c547cSRui Paulo wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.1");
6175b9c547cSRui Paulo if (aes_wrap(kek41, sizeof(kek41), sizeof(plain41) / 8, plain41,
6185b9c547cSRui Paulo result)) {
6195b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-WRAP-128 reported failure");
6205b9c547cSRui Paulo ret++;
6215b9c547cSRui Paulo }
6225b9c547cSRui Paulo if (os_memcmp(result, crypt41, sizeof(crypt41)) != 0) {
6235b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-WRAP-128 failed");
6245b9c547cSRui Paulo ret++;
6255b9c547cSRui Paulo }
6265b9c547cSRui Paulo if (aes_unwrap(kek41, sizeof(kek41), sizeof(plain41) / 8, crypt41,
6275b9c547cSRui Paulo result)) {
6285b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-UNWRAP-128 reported failure");
6295b9c547cSRui Paulo ret++;
6305b9c547cSRui Paulo }
6315b9c547cSRui Paulo if (os_memcmp(result, plain41, sizeof(plain41)) != 0) {
6325b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-UNWRAP-128 failed");
6335b9c547cSRui Paulo ret++;
6345b9c547cSRui Paulo }
6355b9c547cSRui Paulo
636325151a3SRui Paulo #ifndef CONFIG_BORINGSSL
6375b9c547cSRui Paulo wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.2");
6385b9c547cSRui Paulo if (aes_wrap(kek42, sizeof(kek42), sizeof(plain42) / 8, plain42,
6395b9c547cSRui Paulo result)) {
6405b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure");
6415b9c547cSRui Paulo ret++;
6425b9c547cSRui Paulo }
6435b9c547cSRui Paulo if (os_memcmp(result, crypt42, sizeof(crypt42)) != 0) {
6445b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-WRAP-192 failed");
6455b9c547cSRui Paulo ret++;
6465b9c547cSRui Paulo }
6475b9c547cSRui Paulo if (aes_unwrap(kek42, sizeof(kek42), sizeof(plain42) / 8, crypt42,
6485b9c547cSRui Paulo result)) {
6495b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure");
6505b9c547cSRui Paulo ret++;
6515b9c547cSRui Paulo }
6525b9c547cSRui Paulo if (os_memcmp(result, plain42, sizeof(plain42)) != 0) {
6535b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed");
6545b9c547cSRui Paulo ret++;
6555b9c547cSRui Paulo }
656325151a3SRui Paulo #endif /* CONFIG_BORINGSSL */
6575b9c547cSRui Paulo
6585b9c547cSRui Paulo wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.3");
6595b9c547cSRui Paulo if (aes_wrap(kek43, sizeof(kek43), sizeof(plain43) / 8, plain43,
6605b9c547cSRui Paulo result)) {
6615b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure");
6625b9c547cSRui Paulo ret++;
6635b9c547cSRui Paulo }
6645b9c547cSRui Paulo if (os_memcmp(result, crypt43, sizeof(crypt43)) != 0) {
6655b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-WRAP-256 failed");
6665b9c547cSRui Paulo ret++;
6675b9c547cSRui Paulo }
6685b9c547cSRui Paulo if (aes_unwrap(kek43, sizeof(kek43), sizeof(plain43) / 8, crypt43,
6695b9c547cSRui Paulo result)) {
6705b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure");
6715b9c547cSRui Paulo ret++;
6725b9c547cSRui Paulo }
6735b9c547cSRui Paulo if (os_memcmp(result, plain43, sizeof(plain43)) != 0) {
6745b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed");
6755b9c547cSRui Paulo ret++;
6765b9c547cSRui Paulo }
6775b9c547cSRui Paulo
678325151a3SRui Paulo #ifndef CONFIG_BORINGSSL
6795b9c547cSRui Paulo wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.4");
6805b9c547cSRui Paulo if (aes_wrap(kek44, sizeof(kek44), sizeof(plain44) / 8, plain44,
6815b9c547cSRui Paulo result)) {
6825b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure");
6835b9c547cSRui Paulo ret++;
6845b9c547cSRui Paulo }
6855b9c547cSRui Paulo if (os_memcmp(result, crypt44, sizeof(crypt44)) != 0) {
6865b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-WRAP-192 failed");
6875b9c547cSRui Paulo ret++;
6885b9c547cSRui Paulo }
6895b9c547cSRui Paulo if (aes_unwrap(kek44, sizeof(kek44), sizeof(plain44) / 8, crypt44,
6905b9c547cSRui Paulo result)) {
6915b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure");
6925b9c547cSRui Paulo ret++;
6935b9c547cSRui Paulo }
6945b9c547cSRui Paulo if (os_memcmp(result, plain44, sizeof(plain44)) != 0) {
6955b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed");
6965b9c547cSRui Paulo ret++;
6975b9c547cSRui Paulo }
698325151a3SRui Paulo #endif /* CONFIG_BORINGSSL */
6995b9c547cSRui Paulo
7005b9c547cSRui Paulo wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.5");
7015b9c547cSRui Paulo if (aes_wrap(kek45, sizeof(kek45), sizeof(plain45) / 8, plain45,
7025b9c547cSRui Paulo result)) {
7035b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure");
7045b9c547cSRui Paulo ret++;
7055b9c547cSRui Paulo }
7065b9c547cSRui Paulo if (os_memcmp(result, crypt45, sizeof(crypt45)) != 0) {
7075b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-WRAP-256 failed");
7085b9c547cSRui Paulo ret++;
7095b9c547cSRui Paulo }
7105b9c547cSRui Paulo if (aes_unwrap(kek45, sizeof(kek45), sizeof(plain45) / 8, crypt45,
7115b9c547cSRui Paulo result)) {
7125b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure");
7135b9c547cSRui Paulo ret++;
7145b9c547cSRui Paulo }
7155b9c547cSRui Paulo if (os_memcmp(result, plain45, sizeof(plain45)) != 0) {
7165b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed");
7175b9c547cSRui Paulo ret++;
7185b9c547cSRui Paulo }
7195b9c547cSRui Paulo
7205b9c547cSRui Paulo wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.6");
7215b9c547cSRui Paulo if (aes_wrap(kek46, sizeof(kek46), sizeof(plain46) / 8, plain46,
7225b9c547cSRui Paulo result)) {
7235b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure");
7245b9c547cSRui Paulo ret++;
7255b9c547cSRui Paulo }
7265b9c547cSRui Paulo if (os_memcmp(result, crypt46, sizeof(crypt46)) != 0) {
7275b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-WRAP-256 failed");
7285b9c547cSRui Paulo ret++;
7295b9c547cSRui Paulo }
7305b9c547cSRui Paulo if (aes_unwrap(kek46, sizeof(kek46), sizeof(plain46) / 8, crypt46,
7315b9c547cSRui Paulo result)) {
7325b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure");
7335b9c547cSRui Paulo ret++;
7345b9c547cSRui Paulo }
7355b9c547cSRui Paulo if (os_memcmp(result, plain46, sizeof(plain46)) != 0) {
7365b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed");
7375b9c547cSRui Paulo ret++;
7385b9c547cSRui Paulo }
7395b9c547cSRui Paulo
7405b9c547cSRui Paulo if (!ret)
7415b9c547cSRui Paulo wpa_printf(MSG_INFO, "AES key wrap/unwrap test cases passed");
7425b9c547cSRui Paulo
7435b9c547cSRui Paulo return ret;
7445b9c547cSRui Paulo }
7455b9c547cSRui Paulo
7465b9c547cSRui Paulo
test_aes_ctr(void)747c1d255d3SCy Schubert static int test_aes_ctr(void)
748c1d255d3SCy Schubert {
749c1d255d3SCy Schubert int res = 0;
750c1d255d3SCy Schubert
751c1d255d3SCy Schubert #if defined(CONFIG_MESH) || defined(CONFIG_PSK)
752c1d255d3SCy Schubert /* CTR-AES*.Encrypt test vectors from NIST SP 800-38a */
753c1d255d3SCy Schubert const u8 key128[] = {
754c1d255d3SCy Schubert 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
755c1d255d3SCy Schubert 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
756c1d255d3SCy Schubert };
757c1d255d3SCy Schubert const u8 counter128[] = {
758c1d255d3SCy Schubert 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
759c1d255d3SCy Schubert 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
760c1d255d3SCy Schubert };
761c1d255d3SCy Schubert const u8 plain128[] = {
762c1d255d3SCy Schubert 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
763c1d255d3SCy Schubert 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
764c1d255d3SCy Schubert 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
765c1d255d3SCy Schubert 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
766c1d255d3SCy Schubert 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
767c1d255d3SCy Schubert 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
768c1d255d3SCy Schubert 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
769c1d255d3SCy Schubert 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
770c1d255d3SCy Schubert };
771c1d255d3SCy Schubert const u8 cipher128[] = {
772c1d255d3SCy Schubert 0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26,
773c1d255d3SCy Schubert 0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce,
774c1d255d3SCy Schubert 0x98, 0x06, 0xf6, 0x6b, 0x79, 0x70, 0xfd, 0xff,
775c1d255d3SCy Schubert 0x86, 0x17, 0x18, 0x7b, 0xb9, 0xff, 0xfd, 0xff,
776c1d255d3SCy Schubert 0x5a, 0xe4, 0xdf, 0x3e, 0xdb, 0xd5, 0xd3, 0x5e,
777c1d255d3SCy Schubert 0x5b, 0x4f, 0x09, 0x02, 0x0d, 0xb0, 0x3e, 0xab,
778c1d255d3SCy Schubert 0x1e, 0x03, 0x1d, 0xda, 0x2f, 0xbe, 0x03, 0xd1,
779c1d255d3SCy Schubert 0x79, 0x21, 0x70, 0xa0, 0xf3, 0x00, 0x9c, 0xee
780c1d255d3SCy Schubert };
781c1d255d3SCy Schubert const u8 key192[] = {
782c1d255d3SCy Schubert 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
783c1d255d3SCy Schubert 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
784c1d255d3SCy Schubert 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b
785c1d255d3SCy Schubert };
786c1d255d3SCy Schubert const u8 counter192[] = {
787c1d255d3SCy Schubert 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
788c1d255d3SCy Schubert 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
789c1d255d3SCy Schubert };
790c1d255d3SCy Schubert const u8 plain192[] = {
791c1d255d3SCy Schubert 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
792c1d255d3SCy Schubert 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
793c1d255d3SCy Schubert 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
794c1d255d3SCy Schubert 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
795c1d255d3SCy Schubert 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
796c1d255d3SCy Schubert 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
797c1d255d3SCy Schubert 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
798c1d255d3SCy Schubert 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
799c1d255d3SCy Schubert };
800c1d255d3SCy Schubert const u8 cipher192[] = {
801c1d255d3SCy Schubert 0x1a, 0xbc, 0x93, 0x24, 0x17, 0x52, 0x1c, 0xa2,
802c1d255d3SCy Schubert 0x4f, 0x2b, 0x04, 0x59, 0xfe, 0x7e, 0x6e, 0x0b,
803c1d255d3SCy Schubert 0x09, 0x03, 0x39, 0xec, 0x0a, 0xa6, 0xfa, 0xef,
804c1d255d3SCy Schubert 0xd5, 0xcc, 0xc2, 0xc6, 0xf4, 0xce, 0x8e, 0x94,
805c1d255d3SCy Schubert 0x1e, 0x36, 0xb2, 0x6b, 0xd1, 0xeb, 0xc6, 0x70,
806c1d255d3SCy Schubert 0xd1, 0xbd, 0x1d, 0x66, 0x56, 0x20, 0xab, 0xf7,
807c1d255d3SCy Schubert 0x4f, 0x78, 0xa7, 0xf6, 0xd2, 0x98, 0x09, 0x58,
808c1d255d3SCy Schubert 0x5a, 0x97, 0xda, 0xec, 0x58, 0xc6, 0xb0, 0x50
809c1d255d3SCy Schubert };
810c1d255d3SCy Schubert const u8 key256[] = {
811c1d255d3SCy Schubert 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
812c1d255d3SCy Schubert 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
813c1d255d3SCy Schubert 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
814c1d255d3SCy Schubert 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
815c1d255d3SCy Schubert };
816c1d255d3SCy Schubert const u8 counter256[] = {
817c1d255d3SCy Schubert 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
818c1d255d3SCy Schubert 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
819c1d255d3SCy Schubert };
820c1d255d3SCy Schubert const u8 plain256[] = {
821c1d255d3SCy Schubert 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
822c1d255d3SCy Schubert 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
823c1d255d3SCy Schubert 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
824c1d255d3SCy Schubert 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
825c1d255d3SCy Schubert 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
826c1d255d3SCy Schubert 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
827c1d255d3SCy Schubert 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
828c1d255d3SCy Schubert 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
829c1d255d3SCy Schubert };
830c1d255d3SCy Schubert const u8 cipher256[] = {
831c1d255d3SCy Schubert 0x60, 0x1e, 0xc3, 0x13, 0x77, 0x57, 0x89, 0xa5,
832c1d255d3SCy Schubert 0xb7, 0xa7, 0xf5, 0x04, 0xbb, 0xf3, 0xd2, 0x28,
833c1d255d3SCy Schubert 0xf4, 0x43, 0xe3, 0xca, 0x4d, 0x62, 0xb5, 0x9a,
834c1d255d3SCy Schubert 0xca, 0x84, 0xe9, 0x90, 0xca, 0xca, 0xf5, 0xc5,
835c1d255d3SCy Schubert 0x2b, 0x09, 0x30, 0xda, 0xa2, 0x3d, 0xe9, 0x4c,
836c1d255d3SCy Schubert 0xe8, 0x70, 0x17, 0xba, 0x2d, 0x84, 0x98, 0x8d,
837c1d255d3SCy Schubert 0xdf, 0xc9, 0xc5, 0x8d, 0xb6, 0x7a, 0xad, 0xa6,
838c1d255d3SCy Schubert 0x13, 0xc2, 0xdd, 0x08, 0x45, 0x79, 0x41, 0xa6
839c1d255d3SCy Schubert };
840c1d255d3SCy Schubert size_t len;
841c1d255d3SCy Schubert u8 *tmp;
842c1d255d3SCy Schubert
843c1d255d3SCy Schubert wpa_printf(MSG_DEBUG, "CTR-AES128.Encrypt");
844c1d255d3SCy Schubert len = sizeof(plain128);
845c1d255d3SCy Schubert tmp = os_malloc(len);
846c1d255d3SCy Schubert if (!tmp)
847c1d255d3SCy Schubert return -1;
848c1d255d3SCy Schubert os_memcpy(tmp, plain128, len);
849c1d255d3SCy Schubert if (aes_ctr_encrypt(key128, sizeof(key128), counter128, tmp, len) < 0) {
850c1d255d3SCy Schubert wpa_printf(MSG_ERROR, "aes_ctr_encrypt() failed");
851c1d255d3SCy Schubert res = -1;
852c1d255d3SCy Schubert } else if (os_memcmp(tmp, cipher128, len) != 0) {
853c1d255d3SCy Schubert wpa_printf(MSG_ERROR,
854c1d255d3SCy Schubert "CTR-AES128.Encrypt test vector did not match");
855c1d255d3SCy Schubert res = -1;
856c1d255d3SCy Schubert }
857c1d255d3SCy Schubert os_free(tmp);
858c1d255d3SCy Schubert
859c1d255d3SCy Schubert wpa_printf(MSG_DEBUG, "CTR-AES192.Encrypt");
860c1d255d3SCy Schubert len = sizeof(plain192);
861c1d255d3SCy Schubert tmp = os_malloc(len);
862c1d255d3SCy Schubert if (!tmp)
863c1d255d3SCy Schubert return -1;
864c1d255d3SCy Schubert os_memcpy(tmp, plain192, len);
865c1d255d3SCy Schubert if (aes_ctr_encrypt(key192, sizeof(key192), counter192, tmp, len) < 0) {
866c1d255d3SCy Schubert wpa_printf(MSG_ERROR, "aes_ctr_encrypt() failed");
867c1d255d3SCy Schubert res = -1;
868c1d255d3SCy Schubert } else if (os_memcmp(tmp, cipher192, len) != 0) {
869c1d255d3SCy Schubert wpa_printf(MSG_ERROR,
870c1d255d3SCy Schubert "CTR-AES192.Encrypt test vector did not match");
871c1d255d3SCy Schubert res = -1;
872c1d255d3SCy Schubert }
873c1d255d3SCy Schubert os_free(tmp);
874c1d255d3SCy Schubert
875c1d255d3SCy Schubert wpa_printf(MSG_DEBUG, "CTR-AES256.Encrypt");
876c1d255d3SCy Schubert len = sizeof(plain256);
877c1d255d3SCy Schubert tmp = os_malloc(len);
878c1d255d3SCy Schubert if (!tmp)
879c1d255d3SCy Schubert return -1;
880c1d255d3SCy Schubert os_memcpy(tmp, plain256, len);
881c1d255d3SCy Schubert if (aes_ctr_encrypt(key256, sizeof(key256), counter256, tmp, len) < 0) {
882c1d255d3SCy Schubert wpa_printf(MSG_ERROR, "aes_ctr_encrypt() failed");
883c1d255d3SCy Schubert res = -1;
884c1d255d3SCy Schubert } else if (os_memcmp(tmp, cipher256, len) != 0) {
885c1d255d3SCy Schubert wpa_printf(MSG_ERROR,
886c1d255d3SCy Schubert "CTR-AES256.Encrypt test vector did not match");
887c1d255d3SCy Schubert res = -1;
888c1d255d3SCy Schubert }
889c1d255d3SCy Schubert os_free(tmp);
890c1d255d3SCy Schubert #endif
891c1d255d3SCy Schubert
892c1d255d3SCy Schubert return res;
893c1d255d3SCy Schubert }
894c1d255d3SCy Schubert
895c1d255d3SCy Schubert
test_md5(void)8965b9c547cSRui Paulo static int test_md5(void)
8975b9c547cSRui Paulo {
898325151a3SRui Paulo #ifndef CONFIG_FIPS
8995b9c547cSRui Paulo struct {
9005b9c547cSRui Paulo char *data;
9015b9c547cSRui Paulo char *hash;
9025b9c547cSRui Paulo } tests[] = {
9035b9c547cSRui Paulo {
9045b9c547cSRui Paulo "",
9055b9c547cSRui Paulo "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04"
9065b9c547cSRui Paulo "\xe9\x80\x09\x98\xec\xf8\x42\x7e"
9075b9c547cSRui Paulo },
9085b9c547cSRui Paulo {
9095b9c547cSRui Paulo "a",
9105b9c547cSRui Paulo "\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8"
9115b9c547cSRui Paulo "\x31\xc3\x99\xe2\x69\x77\x26\x61"
9125b9c547cSRui Paulo },
9135b9c547cSRui Paulo {
9145b9c547cSRui Paulo "abc",
9155b9c547cSRui Paulo "\x90\x01\x50\x98\x3c\xd2\x4f\xb0"
9165b9c547cSRui Paulo "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72"
9175b9c547cSRui Paulo },
9185b9c547cSRui Paulo {
9195b9c547cSRui Paulo "message digest",
9205b9c547cSRui Paulo "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d"
9215b9c547cSRui Paulo "\x52\x5a\x2f\x31\xaa\xf1\x61\xd0"
9225b9c547cSRui Paulo },
9235b9c547cSRui Paulo {
9245b9c547cSRui Paulo "abcdefghijklmnopqrstuvwxyz",
9255b9c547cSRui Paulo "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00"
9265b9c547cSRui Paulo "\x7d\xfb\x49\x6c\xca\x67\xe1\x3b"
9275b9c547cSRui Paulo },
9285b9c547cSRui Paulo {
9295b9c547cSRui Paulo "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
9305b9c547cSRui Paulo "0123456789",
9315b9c547cSRui Paulo "\xd1\x74\xab\x98\xd2\x77\xd9\xf5"
9325b9c547cSRui Paulo "\xa5\x61\x1c\x2c\x9f\x41\x9d\x9f"
9335b9c547cSRui Paulo },
9345b9c547cSRui Paulo {
9355b9c547cSRui Paulo "12345678901234567890123456789012345678901234567890"
9365b9c547cSRui Paulo "123456789012345678901234567890",
9375b9c547cSRui Paulo "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55"
9385b9c547cSRui Paulo "\xac\x49\xda\x2e\x21\x07\xb6\x7a"
9395b9c547cSRui Paulo }
9405b9c547cSRui Paulo };
9415b9c547cSRui Paulo unsigned int i;
9425b9c547cSRui Paulo u8 hash[16];
9435b9c547cSRui Paulo const u8 *addr[2];
9445b9c547cSRui Paulo size_t len[2];
9455b9c547cSRui Paulo int errors = 0;
9465b9c547cSRui Paulo
9475b9c547cSRui Paulo for (i = 0; i < ARRAY_SIZE(tests); i++) {
9485b9c547cSRui Paulo wpa_printf(MSG_INFO, "MD5 test case %d", i);
9495b9c547cSRui Paulo
9505b9c547cSRui Paulo addr[0] = (u8 *) tests[i].data;
9515b9c547cSRui Paulo len[0] = strlen(tests[i].data);
9525b9c547cSRui Paulo if (md5_vector(1, addr, len, hash) < 0 ||
9535b9c547cSRui Paulo os_memcmp(hash, tests[i].hash, 16) != 0) {
9545b9c547cSRui Paulo wpa_printf(MSG_INFO, " FAIL");
9555b9c547cSRui Paulo errors++;
9565b9c547cSRui Paulo } else
9575b9c547cSRui Paulo wpa_printf(MSG_INFO, " OK");
9585b9c547cSRui Paulo
9595b9c547cSRui Paulo if (len[0]) {
9605b9c547cSRui Paulo addr[0] = (u8 *) tests[i].data;
9615b9c547cSRui Paulo len[0] = strlen(tests[i].data);
9625b9c547cSRui Paulo addr[1] = (u8 *) tests[i].data + 1;
9635b9c547cSRui Paulo len[1] = strlen(tests[i].data) - 1;
9645b9c547cSRui Paulo if (md5_vector(1, addr, len, hash) < 0 ||
9655b9c547cSRui Paulo os_memcmp(hash, tests[i].hash, 16) != 0) {
9665b9c547cSRui Paulo wpa_printf(MSG_INFO, " FAIL");
9675b9c547cSRui Paulo errors++;
9685b9c547cSRui Paulo } else
9695b9c547cSRui Paulo wpa_printf(MSG_INFO, " OK");
9705b9c547cSRui Paulo }
9715b9c547cSRui Paulo }
9725b9c547cSRui Paulo
9735b9c547cSRui Paulo if (!errors)
9745b9c547cSRui Paulo wpa_printf(MSG_INFO, "MD5 test cases passed");
9755b9c547cSRui Paulo
9765b9c547cSRui Paulo return errors;
977325151a3SRui Paulo #else /* CONFIG_FIPS */
978325151a3SRui Paulo wpa_printf(MSG_INFO, "MD5 test cases skipped due to CONFIG_FIPS");
979325151a3SRui Paulo return 0;
980325151a3SRui Paulo #endif /* CONFIG_FIPS */
9815b9c547cSRui Paulo }
9825b9c547cSRui Paulo
9835b9c547cSRui Paulo
test_eap_fast(void)9845b9c547cSRui Paulo static int test_eap_fast(void)
9855b9c547cSRui Paulo {
9865b9c547cSRui Paulo #ifdef EAP_FAST
9875b9c547cSRui Paulo /* RFC 4851, Appendix B.1 */
9885b9c547cSRui Paulo const u8 pac_key[] = {
9895b9c547cSRui Paulo 0x0B, 0x97, 0x39, 0x0F, 0x37, 0x51, 0x78, 0x09,
9905b9c547cSRui Paulo 0x81, 0x1E, 0xFD, 0x9C, 0x6E, 0x65, 0x94, 0x2B,
9915b9c547cSRui Paulo 0x63, 0x2C, 0xE9, 0x53, 0x89, 0x38, 0x08, 0xBA,
9925b9c547cSRui Paulo 0x36, 0x0B, 0x03, 0x7C, 0xD1, 0x85, 0xE4, 0x14
9935b9c547cSRui Paulo };
9945b9c547cSRui Paulo const u8 seed[] = {
9955b9c547cSRui Paulo 0x3F, 0xFB, 0x11, 0xC4, 0x6C, 0xBF, 0xA5, 0x7A,
9965b9c547cSRui Paulo 0x54, 0x40, 0xDA, 0xE8, 0x22, 0xD3, 0x11, 0xD3,
9975b9c547cSRui Paulo 0xF7, 0x6D, 0xE4, 0x1D, 0xD9, 0x33, 0xE5, 0x93,
9985b9c547cSRui Paulo 0x70, 0x97, 0xEB, 0xA9, 0xB3, 0x66, 0xF4, 0x2A,
9995b9c547cSRui Paulo 0x00, 0x00, 0x00, 0x02, 0x6A, 0x66, 0x43, 0x2A,
10005b9c547cSRui Paulo 0x8D, 0x14, 0x43, 0x2C, 0xEC, 0x58, 0x2D, 0x2F,
10015b9c547cSRui Paulo 0xC7, 0x9C, 0x33, 0x64, 0xBA, 0x04, 0xAD, 0x3A,
10025b9c547cSRui Paulo 0x52, 0x54, 0xD6, 0xA5, 0x79, 0xAD, 0x1E, 0x00
10035b9c547cSRui Paulo };
10045b9c547cSRui Paulo const u8 master_secret[] = {
10055b9c547cSRui Paulo 0x4A, 0x1A, 0x51, 0x2C, 0x01, 0x60, 0xBC, 0x02,
10065b9c547cSRui Paulo 0x3C, 0xCF, 0xBC, 0x83, 0x3F, 0x03, 0xBC, 0x64,
10075b9c547cSRui Paulo 0x88, 0xC1, 0x31, 0x2F, 0x0B, 0xA9, 0xA2, 0x77,
10085b9c547cSRui Paulo 0x16, 0xA8, 0xD8, 0xE8, 0xBD, 0xC9, 0xD2, 0x29,
10095b9c547cSRui Paulo 0x38, 0x4B, 0x7A, 0x85, 0xBE, 0x16, 0x4D, 0x27,
10105b9c547cSRui Paulo 0x33, 0xD5, 0x24, 0x79, 0x87, 0xB1, 0xC5, 0xA2
10115b9c547cSRui Paulo };
1012325151a3SRui Paulo #ifndef CONFIG_FIPS
10135b9c547cSRui Paulo const u8 key_block[] = {
10145b9c547cSRui Paulo 0x59, 0x59, 0xBE, 0x8E, 0x41, 0x3A, 0x77, 0x74,
10155b9c547cSRui Paulo 0x8B, 0xB2, 0xE5, 0xD3, 0x60, 0xAC, 0x4D, 0x35,
10165b9c547cSRui Paulo 0xDF, 0xFB, 0xC8, 0x1E, 0x9C, 0x24, 0x9C, 0x8B,
10175b9c547cSRui Paulo 0x0E, 0xC3, 0x1D, 0x72, 0xC8, 0x84, 0x9D, 0x57,
10185b9c547cSRui Paulo 0x48, 0x51, 0x2E, 0x45, 0x97, 0x6C, 0x88, 0x70,
10195b9c547cSRui Paulo 0xBE, 0x5F, 0x01, 0xD3, 0x64, 0xE7, 0x4C, 0xBB,
10205b9c547cSRui Paulo 0x11, 0x24, 0xE3, 0x49, 0xE2, 0x3B, 0xCD, 0xEF,
10215b9c547cSRui Paulo 0x7A, 0xB3, 0x05, 0x39, 0x5D, 0x64, 0x8A, 0x44,
10225b9c547cSRui Paulo 0x11, 0xB6, 0x69, 0x88, 0x34, 0x2E, 0x8E, 0x29,
10235b9c547cSRui Paulo 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05,
10245b9c547cSRui Paulo 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96,
10255b9c547cSRui Paulo 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84,
10265b9c547cSRui Paulo 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98,
10275b9c547cSRui Paulo 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71
10285b9c547cSRui Paulo };
1029325151a3SRui Paulo #endif /* CONFIG_FIPS */
10305b9c547cSRui Paulo const u8 sks[] = {
10315b9c547cSRui Paulo 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05,
10325b9c547cSRui Paulo 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96,
10335b9c547cSRui Paulo 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84,
10345b9c547cSRui Paulo 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98,
10355b9c547cSRui Paulo 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71
10365b9c547cSRui Paulo };
10375b9c547cSRui Paulo const u8 isk[] = {
10385b9c547cSRui Paulo 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
10395b9c547cSRui Paulo 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
10405b9c547cSRui Paulo 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
10415b9c547cSRui Paulo 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
10425b9c547cSRui Paulo };
10435b9c547cSRui Paulo const u8 imck[] = {
10445b9c547cSRui Paulo 0x16, 0x15, 0x3C, 0x3F, 0x21, 0x55, 0xEF, 0xD9,
10455b9c547cSRui Paulo 0x7F, 0x34, 0xAE, 0xC8, 0x1A, 0x4E, 0x66, 0x80,
10465b9c547cSRui Paulo 0x4C, 0xC3, 0x76, 0xF2, 0x8A, 0xA9, 0x6F, 0x96,
10475b9c547cSRui Paulo 0xC2, 0x54, 0x5F, 0x8C, 0xAB, 0x65, 0x02, 0xE1,
10485b9c547cSRui Paulo 0x18, 0x40, 0x7B, 0x56, 0xBE, 0xEA, 0xA7, 0xC5,
10495b9c547cSRui Paulo 0x76, 0x5D, 0x8F, 0x0B, 0xC5, 0x07, 0xC6, 0xB9,
10505b9c547cSRui Paulo 0x04, 0xD0, 0x69, 0x56, 0x72, 0x8B, 0x6B, 0xB8,
10515b9c547cSRui Paulo 0x15, 0xEC, 0x57, 0x7B
10525b9c547cSRui Paulo };
10535b9c547cSRui Paulo const u8 msk[] = {
10545b9c547cSRui Paulo 0x4D, 0x83, 0xA9, 0xBE, 0x6F, 0x8A, 0x74, 0xED,
10555b9c547cSRui Paulo 0x6A, 0x02, 0x66, 0x0A, 0x63, 0x4D, 0x2C, 0x33,
10565b9c547cSRui Paulo 0xC2, 0xDA, 0x60, 0x15, 0xC6, 0x37, 0x04, 0x51,
10575b9c547cSRui Paulo 0x90, 0x38, 0x63, 0xDA, 0x54, 0x3E, 0x14, 0xB9,
10585b9c547cSRui Paulo 0x27, 0x99, 0x18, 0x1E, 0x07, 0xBF, 0x0F, 0x5A,
10595b9c547cSRui Paulo 0x5E, 0x3C, 0x32, 0x93, 0x80, 0x8C, 0x6C, 0x49,
10605b9c547cSRui Paulo 0x67, 0xED, 0x24, 0xFE, 0x45, 0x40, 0xA0, 0x59,
10615b9c547cSRui Paulo 0x5E, 0x37, 0xC2, 0xE9, 0xD0, 0x5D, 0x0A, 0xE3
10625b9c547cSRui Paulo };
10635b9c547cSRui Paulo const u8 emsk[] = {
10645b9c547cSRui Paulo 0x3A, 0xD4, 0xAB, 0xDB, 0x76, 0xB2, 0x7F, 0x3B,
10655b9c547cSRui Paulo 0xEA, 0x32, 0x2C, 0x2B, 0x74, 0xF4, 0x28, 0x55,
10665b9c547cSRui Paulo 0xEF, 0x2D, 0xBA, 0x78, 0xC9, 0x57, 0x2F, 0x0D,
10675b9c547cSRui Paulo 0x06, 0xCD, 0x51, 0x7C, 0x20, 0x93, 0x98, 0xA9,
10685b9c547cSRui Paulo 0x76, 0xEA, 0x70, 0x21, 0xD7, 0x0E, 0x25, 0x54,
10695b9c547cSRui Paulo 0x97, 0xED, 0xB2, 0x8A, 0xF6, 0xED, 0xFD, 0x0A,
10705b9c547cSRui Paulo 0x2A, 0xE7, 0xA1, 0x58, 0x90, 0x10, 0x50, 0x44,
10715b9c547cSRui Paulo 0xB3, 0x82, 0x85, 0xDB, 0x06, 0x14, 0xD2, 0xF9
10725b9c547cSRui Paulo };
10735b9c547cSRui Paulo /* RFC 4851, Appendix B.2 */
10745b9c547cSRui Paulo u8 tlv[] = {
10755b9c547cSRui Paulo 0x80, 0x0C, 0x00, 0x38, 0x00, 0x01, 0x01, 0x00,
10765b9c547cSRui Paulo 0xD8, 0x6A, 0x8C, 0x68, 0x3C, 0x32, 0x31, 0xA8,
10775b9c547cSRui Paulo 0x56, 0x63, 0xB6, 0x40, 0x21, 0xFE, 0x21, 0x14,
10785b9c547cSRui Paulo 0x4E, 0xE7, 0x54, 0x20, 0x79, 0x2D, 0x42, 0x62,
10795b9c547cSRui Paulo 0xC9, 0xBF, 0x53, 0x7F, 0x54, 0xFD, 0xAC, 0x58,
10805b9c547cSRui Paulo 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF,
10815b9c547cSRui Paulo 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC,
10825b9c547cSRui Paulo 0x05, 0xC5, 0x5B, 0xB7
10835b9c547cSRui Paulo };
10845b9c547cSRui Paulo const u8 compound_mac[] = {
10855b9c547cSRui Paulo 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF,
10865b9c547cSRui Paulo 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC,
10875b9c547cSRui Paulo 0x05, 0xC5, 0x5B, 0xB7
10885b9c547cSRui Paulo };
10895b9c547cSRui Paulo u8 buf[512];
10905b9c547cSRui Paulo const u8 *simck, *cmk;
10915b9c547cSRui Paulo int errors = 0;
10925b9c547cSRui Paulo
10935b9c547cSRui Paulo wpa_printf(MSG_INFO, "EAP-FAST test cases");
10945b9c547cSRui Paulo
10955b9c547cSRui Paulo wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / master_secret");
10965b9c547cSRui Paulo if (sha1_t_prf(pac_key, sizeof(pac_key),
10975b9c547cSRui Paulo "PAC to master secret label hash",
10985b9c547cSRui Paulo seed, sizeof(seed), buf, sizeof(master_secret)) < 0 ||
10995b9c547cSRui Paulo os_memcmp(master_secret, buf, sizeof(master_secret)) != 0) {
11005b9c547cSRui Paulo wpa_printf(MSG_INFO, "T-PRF test - FAILED!");
11015b9c547cSRui Paulo errors++;
11025b9c547cSRui Paulo }
11035b9c547cSRui Paulo
1104325151a3SRui Paulo #ifndef CONFIG_FIPS
11055b9c547cSRui Paulo wpa_printf(MSG_INFO, "- PRF (TLS, SHA1/MD5) test case / key_block");
11065b9c547cSRui Paulo if (tls_prf_sha1_md5(master_secret, sizeof(master_secret),
11075b9c547cSRui Paulo "key expansion", seed, sizeof(seed),
11085b9c547cSRui Paulo buf, sizeof(key_block)) ||
11095b9c547cSRui Paulo os_memcmp(key_block, buf, sizeof(key_block)) != 0) {
11105b9c547cSRui Paulo wpa_printf(MSG_INFO, "PRF test - FAILED!");
11115b9c547cSRui Paulo errors++;
11125b9c547cSRui Paulo }
1113325151a3SRui Paulo #endif /* CONFIG_FIPS */
11145b9c547cSRui Paulo
11155b9c547cSRui Paulo wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / IMCK");
11165b9c547cSRui Paulo if (sha1_t_prf(sks, sizeof(sks), "Inner Methods Compound Keys",
11175b9c547cSRui Paulo isk, sizeof(isk), buf, sizeof(imck)) < 0 ||
11185b9c547cSRui Paulo os_memcmp(imck, buf, sizeof(imck)) != 0) {
11195b9c547cSRui Paulo wpa_printf(MSG_INFO, "T-PRF test - FAILED!");
11205b9c547cSRui Paulo errors++;
11215b9c547cSRui Paulo }
11225b9c547cSRui Paulo
11235b9c547cSRui Paulo simck = imck;
11245b9c547cSRui Paulo cmk = imck + 40;
11255b9c547cSRui Paulo
11265b9c547cSRui Paulo wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / MSK");
11275b9c547cSRui Paulo if (sha1_t_prf(simck, 40, "Session Key Generating Function",
11285b9c547cSRui Paulo (u8 *) "", 0, buf, sizeof(msk)) < 0 ||
11295b9c547cSRui Paulo os_memcmp(msk, buf, sizeof(msk)) != 0) {
11305b9c547cSRui Paulo wpa_printf(MSG_INFO, "T-PRF test - FAILED!");
11315b9c547cSRui Paulo errors++;
11325b9c547cSRui Paulo }
11335b9c547cSRui Paulo
11345b9c547cSRui Paulo wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / EMSK");
11355b9c547cSRui Paulo if (sha1_t_prf(simck, 40, "Extended Session Key Generating Function",
11365b9c547cSRui Paulo (u8 *) "", 0, buf, sizeof(msk)) < 0 ||
11375b9c547cSRui Paulo os_memcmp(emsk, buf, sizeof(emsk)) != 0) {
11385b9c547cSRui Paulo wpa_printf(MSG_INFO, "T-PRF test - FAILED!");
11395b9c547cSRui Paulo errors++;
11405b9c547cSRui Paulo }
11415b9c547cSRui Paulo
11425b9c547cSRui Paulo wpa_printf(MSG_INFO, "- Compound MAC test case");
11435b9c547cSRui Paulo os_memset(tlv + sizeof(tlv) - 20, 0, 20);
11445b9c547cSRui Paulo if (hmac_sha1(cmk, 20, tlv, sizeof(tlv), tlv + sizeof(tlv) - 20) < 0 ||
11455b9c547cSRui Paulo os_memcmp(tlv + sizeof(tlv) - 20, compound_mac,
11465b9c547cSRui Paulo sizeof(compound_mac)) != 0) {
11475b9c547cSRui Paulo wpa_printf(MSG_INFO, "Compound MAC test - FAILED!");
11485b9c547cSRui Paulo errors++;
11495b9c547cSRui Paulo }
11505b9c547cSRui Paulo
11515b9c547cSRui Paulo return errors;
11525b9c547cSRui Paulo #else /* EAP_FAST */
11535b9c547cSRui Paulo return 0;
11545b9c547cSRui Paulo #endif /* EAP_FAST */
11555b9c547cSRui Paulo }
11565b9c547cSRui Paulo
11575b9c547cSRui Paulo
1158325151a3SRui Paulo static const u8 key0[] =
11595b9c547cSRui Paulo {
11605b9c547cSRui Paulo 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
11615b9c547cSRui Paulo 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
11625b9c547cSRui Paulo 0x0b, 0x0b, 0x0b, 0x0b
11635b9c547cSRui Paulo };
1164325151a3SRui Paulo static const u8 data0[] = "Hi There";
1165325151a3SRui Paulo static const u8 prf0[] =
11665b9c547cSRui Paulo {
11675b9c547cSRui Paulo 0xbc, 0xd4, 0xc6, 0x50, 0xb3, 0x0b, 0x96, 0x84,
11685b9c547cSRui Paulo 0x95, 0x18, 0x29, 0xe0, 0xd7, 0x5f, 0x9d, 0x54,
11695b9c547cSRui Paulo 0xb8, 0x62, 0x17, 0x5e, 0xd9, 0xf0, 0x06, 0x06,
11705b9c547cSRui Paulo 0xe1, 0x7d, 0x8d, 0xa3, 0x54, 0x02, 0xff, 0xee,
11715b9c547cSRui Paulo 0x75, 0xdf, 0x78, 0xc3, 0xd3, 0x1e, 0x0f, 0x88,
11725b9c547cSRui Paulo 0x9f, 0x01, 0x21, 0x20, 0xc0, 0x86, 0x2b, 0xeb,
11735b9c547cSRui Paulo 0x67, 0x75, 0x3e, 0x74, 0x39, 0xae, 0x24, 0x2e,
11745b9c547cSRui Paulo 0xdb, 0x83, 0x73, 0x69, 0x83, 0x56, 0xcf, 0x5a
11755b9c547cSRui Paulo };
11765b9c547cSRui Paulo
1177325151a3SRui Paulo static const u8 key1[] = "Jefe";
1178325151a3SRui Paulo static const u8 data1[] = "what do ya want for nothing?";
1179325151a3SRui Paulo static const u8 prf1[] =
11805b9c547cSRui Paulo {
11815b9c547cSRui Paulo 0x51, 0xf4, 0xde, 0x5b, 0x33, 0xf2, 0x49, 0xad,
11825b9c547cSRui Paulo 0xf8, 0x1a, 0xeb, 0x71, 0x3a, 0x3c, 0x20, 0xf4,
11835b9c547cSRui Paulo 0xfe, 0x63, 0x14, 0x46, 0xfa, 0xbd, 0xfa, 0x58,
11845b9c547cSRui Paulo 0x24, 0x47, 0x59, 0xae, 0x58, 0xef, 0x90, 0x09,
11855b9c547cSRui Paulo 0xa9, 0x9a, 0xbf, 0x4e, 0xac, 0x2c, 0xa5, 0xfa,
11865b9c547cSRui Paulo 0x87, 0xe6, 0x92, 0xc4, 0x40, 0xeb, 0x40, 0x02,
11875b9c547cSRui Paulo 0x3e, 0x7b, 0xab, 0xb2, 0x06, 0xd6, 0x1d, 0xe7,
11885b9c547cSRui Paulo 0xb9, 0x2f, 0x41, 0x52, 0x90, 0x92, 0xb8, 0xfc
11895b9c547cSRui Paulo };
11905b9c547cSRui Paulo
11915b9c547cSRui Paulo
1192325151a3SRui Paulo static const u8 key2[] =
11935b9c547cSRui Paulo {
11945b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
11955b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
11965b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa
11975b9c547cSRui Paulo };
1198325151a3SRui Paulo static const u8 data2[] =
11995b9c547cSRui Paulo {
12005b9c547cSRui Paulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
12015b9c547cSRui Paulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
12025b9c547cSRui Paulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
12035b9c547cSRui Paulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
12045b9c547cSRui Paulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
12055b9c547cSRui Paulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
12065b9c547cSRui Paulo 0xdd, 0xdd
12075b9c547cSRui Paulo };
1208325151a3SRui Paulo static const u8 prf2[] =
12095b9c547cSRui Paulo {
12105b9c547cSRui Paulo 0xe1, 0xac, 0x54, 0x6e, 0xc4, 0xcb, 0x63, 0x6f,
12115b9c547cSRui Paulo 0x99, 0x76, 0x48, 0x7b, 0xe5, 0xc8, 0x6b, 0xe1,
12125b9c547cSRui Paulo 0x7a, 0x02, 0x52, 0xca, 0x5d, 0x8d, 0x8d, 0xf1,
12135b9c547cSRui Paulo 0x2c, 0xfb, 0x04, 0x73, 0x52, 0x52, 0x49, 0xce,
12145b9c547cSRui Paulo 0x9d, 0xd8, 0xd1, 0x77, 0xea, 0xd7, 0x10, 0xbc,
12155b9c547cSRui Paulo 0x9b, 0x59, 0x05, 0x47, 0x23, 0x91, 0x07, 0xae,
12165b9c547cSRui Paulo 0xf7, 0xb4, 0xab, 0xd4, 0x3d, 0x87, 0xf0, 0xa6,
12175b9c547cSRui Paulo 0x8f, 0x1c, 0xbd, 0x9e, 0x2b, 0x6f, 0x76, 0x07
12185b9c547cSRui Paulo };
12195b9c547cSRui Paulo
12205b9c547cSRui Paulo
12215b9c547cSRui Paulo struct passphrase_test {
12225b9c547cSRui Paulo char *passphrase;
12235b9c547cSRui Paulo char *ssid;
12245b9c547cSRui Paulo char psk[32];
12255b9c547cSRui Paulo };
12265b9c547cSRui Paulo
1227325151a3SRui Paulo static const struct passphrase_test passphrase_tests[] =
12285b9c547cSRui Paulo {
12295b9c547cSRui Paulo {
12305b9c547cSRui Paulo "password",
12315b9c547cSRui Paulo "IEEE",
12325b9c547cSRui Paulo {
12335b9c547cSRui Paulo 0xf4, 0x2c, 0x6f, 0xc5, 0x2d, 0xf0, 0xeb, 0xef,
12345b9c547cSRui Paulo 0x9e, 0xbb, 0x4b, 0x90, 0xb3, 0x8a, 0x5f, 0x90,
12355b9c547cSRui Paulo 0x2e, 0x83, 0xfe, 0x1b, 0x13, 0x5a, 0x70, 0xe2,
12365b9c547cSRui Paulo 0x3a, 0xed, 0x76, 0x2e, 0x97, 0x10, 0xa1, 0x2e
12375b9c547cSRui Paulo }
12385b9c547cSRui Paulo },
12395b9c547cSRui Paulo {
12405b9c547cSRui Paulo "ThisIsAPassword",
12415b9c547cSRui Paulo "ThisIsASSID",
12425b9c547cSRui Paulo {
12435b9c547cSRui Paulo 0x0d, 0xc0, 0xd6, 0xeb, 0x90, 0x55, 0x5e, 0xd6,
12445b9c547cSRui Paulo 0x41, 0x97, 0x56, 0xb9, 0xa1, 0x5e, 0xc3, 0xe3,
12455b9c547cSRui Paulo 0x20, 0x9b, 0x63, 0xdf, 0x70, 0x7d, 0xd5, 0x08,
12465b9c547cSRui Paulo 0xd1, 0x45, 0x81, 0xf8, 0x98, 0x27, 0x21, 0xaf
12475b9c547cSRui Paulo }
12485b9c547cSRui Paulo },
12495b9c547cSRui Paulo {
12505b9c547cSRui Paulo "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
12515b9c547cSRui Paulo "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ",
12525b9c547cSRui Paulo {
12535b9c547cSRui Paulo 0xbe, 0xcb, 0x93, 0x86, 0x6b, 0xb8, 0xc3, 0x83,
12545b9c547cSRui Paulo 0x2c, 0xb7, 0x77, 0xc2, 0xf5, 0x59, 0x80, 0x7c,
12555b9c547cSRui Paulo 0x8c, 0x59, 0xaf, 0xcb, 0x6e, 0xae, 0x73, 0x48,
12565b9c547cSRui Paulo 0x85, 0x00, 0x13, 0x00, 0xa9, 0x81, 0xcc, 0x62
12575b9c547cSRui Paulo }
12585b9c547cSRui Paulo },
12595b9c547cSRui Paulo };
12605b9c547cSRui Paulo
12615b9c547cSRui Paulo #define NUM_PASSPHRASE_TESTS ARRAY_SIZE(passphrase_tests)
12625b9c547cSRui Paulo
12635b9c547cSRui Paulo
12645b9c547cSRui Paulo struct rfc6070_test {
12655b9c547cSRui Paulo char *p;
12665b9c547cSRui Paulo char *s;
12675b9c547cSRui Paulo int c;
12685b9c547cSRui Paulo char dk[32];
12695b9c547cSRui Paulo size_t dk_len;
12705b9c547cSRui Paulo };
12715b9c547cSRui Paulo
1272325151a3SRui Paulo static const struct rfc6070_test rfc6070_tests[] =
12735b9c547cSRui Paulo {
12745b9c547cSRui Paulo {
12755b9c547cSRui Paulo "password",
12765b9c547cSRui Paulo "salt",
12775b9c547cSRui Paulo 1,
12785b9c547cSRui Paulo {
12795b9c547cSRui Paulo 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
12805b9c547cSRui Paulo 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06,
12815b9c547cSRui Paulo 0x2f, 0xe0, 0x37, 0xa6
12825b9c547cSRui Paulo },
12835b9c547cSRui Paulo 20
12845b9c547cSRui Paulo },
12855b9c547cSRui Paulo {
12865b9c547cSRui Paulo "password",
12875b9c547cSRui Paulo "salt",
12885b9c547cSRui Paulo 2,
12895b9c547cSRui Paulo {
12905b9c547cSRui Paulo 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c,
12915b9c547cSRui Paulo 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0,
12925b9c547cSRui Paulo 0xd8, 0xde, 0x89, 0x57
12935b9c547cSRui Paulo },
12945b9c547cSRui Paulo 20
12955b9c547cSRui Paulo },
12965b9c547cSRui Paulo {
12975b9c547cSRui Paulo "password",
12985b9c547cSRui Paulo "salt",
12995b9c547cSRui Paulo 4096,
13005b9c547cSRui Paulo {
13015b9c547cSRui Paulo 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a,
13025b9c547cSRui Paulo 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0,
13035b9c547cSRui Paulo 0x65, 0xa4, 0x29, 0xc1
13045b9c547cSRui Paulo },
13055b9c547cSRui Paulo 20
13065b9c547cSRui Paulo },
13075b9c547cSRui Paulo #if 0 /* This takes quite long to derive.. */
13085b9c547cSRui Paulo {
13095b9c547cSRui Paulo "password",
13105b9c547cSRui Paulo "salt",
13115b9c547cSRui Paulo 16777216,
13125b9c547cSRui Paulo {
13135b9c547cSRui Paulo 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4,
13145b9c547cSRui Paulo 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c,
13155b9c547cSRui Paulo 0x26, 0x34, 0xe9, 0x84
13165b9c547cSRui Paulo },
13175b9c547cSRui Paulo 20
13185b9c547cSRui Paulo },
13195b9c547cSRui Paulo #endif
13205b9c547cSRui Paulo {
13215b9c547cSRui Paulo "passwordPASSWORDpassword",
13225b9c547cSRui Paulo "saltSALTsaltSALTsaltSALTsaltSALTsalt",
13235b9c547cSRui Paulo 4096,
13245b9c547cSRui Paulo {
13255b9c547cSRui Paulo 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b,
13265b9c547cSRui Paulo 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a,
13275b9c547cSRui Paulo 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70,
13285b9c547cSRui Paulo 0x38
13295b9c547cSRui Paulo },
13305b9c547cSRui Paulo 25
13315b9c547cSRui Paulo },
13325b9c547cSRui Paulo #if 0 /* \0 not currently supported in passphrase parameters.. */
13335b9c547cSRui Paulo {
13345b9c547cSRui Paulo "pass\0word",
13355b9c547cSRui Paulo "sa\0lt",
13365b9c547cSRui Paulo 4096,
13375b9c547cSRui Paulo {
13385b9c547cSRui Paulo 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d,
13395b9c547cSRui Paulo 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3
13405b9c547cSRui Paulo },
13415b9c547cSRui Paulo 16
13425b9c547cSRui Paulo },
13435b9c547cSRui Paulo #endif
13445b9c547cSRui Paulo };
13455b9c547cSRui Paulo
13465b9c547cSRui Paulo #define NUM_RFC6070_TESTS ARRAY_SIZE(rfc6070_tests)
13475b9c547cSRui Paulo
13485b9c547cSRui Paulo
test_sha1(void)13495b9c547cSRui Paulo static int test_sha1(void)
13505b9c547cSRui Paulo {
13515b9c547cSRui Paulo u8 res[512];
13525b9c547cSRui Paulo int ret = 0;
13535b9c547cSRui Paulo unsigned int i;
13545b9c547cSRui Paulo
13555b9c547cSRui Paulo wpa_printf(MSG_INFO, "PRF-SHA1 test cases:");
13565b9c547cSRui Paulo
13575b9c547cSRui Paulo if (sha1_prf(key0, sizeof(key0), "prefix", data0, sizeof(data0) - 1,
13585b9c547cSRui Paulo res, sizeof(prf0)) == 0 &&
13595b9c547cSRui Paulo os_memcmp(res, prf0, sizeof(prf0)) == 0)
13605b9c547cSRui Paulo wpa_printf(MSG_INFO, "Test case 0 - OK");
13615b9c547cSRui Paulo else {
13625b9c547cSRui Paulo wpa_printf(MSG_INFO, "Test case 0 - FAILED!");
13635b9c547cSRui Paulo ret++;
13645b9c547cSRui Paulo }
13655b9c547cSRui Paulo
13665b9c547cSRui Paulo if (sha1_prf(key1, sizeof(key1) - 1, "prefix", data1, sizeof(data1) - 1,
13675b9c547cSRui Paulo res, sizeof(prf1)) == 0 &&
13685b9c547cSRui Paulo os_memcmp(res, prf1, sizeof(prf1)) == 0)
13695b9c547cSRui Paulo wpa_printf(MSG_INFO, "Test case 1 - OK");
13705b9c547cSRui Paulo else {
13715b9c547cSRui Paulo wpa_printf(MSG_INFO, "Test case 1 - FAILED!");
13725b9c547cSRui Paulo ret++;
13735b9c547cSRui Paulo }
13745b9c547cSRui Paulo
13755b9c547cSRui Paulo if (sha1_prf(key2, sizeof(key2), "prefix", data2, sizeof(data2),
13765b9c547cSRui Paulo res, sizeof(prf2)) == 0 &&
13775b9c547cSRui Paulo os_memcmp(res, prf2, sizeof(prf2)) == 0)
13785b9c547cSRui Paulo wpa_printf(MSG_INFO, "Test case 2 - OK");
13795b9c547cSRui Paulo else {
13805b9c547cSRui Paulo wpa_printf(MSG_INFO, "Test case 2 - FAILED!");
13815b9c547cSRui Paulo ret++;
13825b9c547cSRui Paulo }
13835b9c547cSRui Paulo
13845b9c547cSRui Paulo ret += test_eap_fast();
13855b9c547cSRui Paulo
13865b9c547cSRui Paulo wpa_printf(MSG_INFO, "PBKDF2-SHA1 Passphrase test cases:");
13875b9c547cSRui Paulo for (i = 0; i < NUM_PASSPHRASE_TESTS; i++) {
13885b9c547cSRui Paulo u8 psk[32];
1389325151a3SRui Paulo const struct passphrase_test *test = &passphrase_tests[i];
13905b9c547cSRui Paulo
13915b9c547cSRui Paulo if (pbkdf2_sha1(test->passphrase,
13925b9c547cSRui Paulo (const u8 *) test->ssid, strlen(test->ssid),
13935b9c547cSRui Paulo 4096, psk, 32) == 0 &&
13945b9c547cSRui Paulo os_memcmp(psk, test->psk, 32) == 0)
13955b9c547cSRui Paulo wpa_printf(MSG_INFO, "Test case %d - OK", i);
13965b9c547cSRui Paulo else {
13975b9c547cSRui Paulo wpa_printf(MSG_INFO, "Test case %d - FAILED!", i);
13985b9c547cSRui Paulo ret++;
13995b9c547cSRui Paulo }
14005b9c547cSRui Paulo }
14015b9c547cSRui Paulo
14025b9c547cSRui Paulo wpa_printf(MSG_INFO, "PBKDF2-SHA1 test cases (RFC 6070):");
14035b9c547cSRui Paulo for (i = 0; i < NUM_RFC6070_TESTS; i++) {
14045b9c547cSRui Paulo u8 dk[25];
1405325151a3SRui Paulo const struct rfc6070_test *test = &rfc6070_tests[i];
14065b9c547cSRui Paulo
14075b9c547cSRui Paulo if (pbkdf2_sha1(test->p, (const u8 *) test->s, strlen(test->s),
14085b9c547cSRui Paulo test->c, dk, test->dk_len) == 0 &&
14095b9c547cSRui Paulo os_memcmp(dk, test->dk, test->dk_len) == 0)
14105b9c547cSRui Paulo wpa_printf(MSG_INFO, "Test case %d - OK", i);
14115b9c547cSRui Paulo else {
14125b9c547cSRui Paulo wpa_printf(MSG_INFO, "Test case %d - FAILED!", i);
14135b9c547cSRui Paulo ret++;
14145b9c547cSRui Paulo }
14155b9c547cSRui Paulo }
14165b9c547cSRui Paulo
14175b9c547cSRui Paulo if (!ret)
14185b9c547cSRui Paulo wpa_printf(MSG_INFO, "SHA1 test cases passed");
14195b9c547cSRui Paulo return ret;
14205b9c547cSRui Paulo }
14215b9c547cSRui Paulo
14225b9c547cSRui Paulo
1423780fb4a2SCy Schubert static const struct {
14245b9c547cSRui Paulo char *data;
14255b9c547cSRui Paulo u8 hash[32];
14265b9c547cSRui Paulo } tests[] = {
14275b9c547cSRui Paulo {
14285b9c547cSRui Paulo "abc",
14295b9c547cSRui Paulo {
14305b9c547cSRui Paulo 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea,
14315b9c547cSRui Paulo 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
14325b9c547cSRui Paulo 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
14335b9c547cSRui Paulo 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad
14345b9c547cSRui Paulo }
14355b9c547cSRui Paulo },
14365b9c547cSRui Paulo {
14375b9c547cSRui Paulo "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
14385b9c547cSRui Paulo {
14395b9c547cSRui Paulo 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8,
14405b9c547cSRui Paulo 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39,
14415b9c547cSRui Paulo 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67,
14425b9c547cSRui Paulo 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1
14435b9c547cSRui Paulo }
14445b9c547cSRui Paulo }
14455b9c547cSRui Paulo };
14465b9c547cSRui Paulo
1447780fb4a2SCy Schubert static const struct hmac_test {
144885732ac8SCy Schubert u8 key[150];
14495b9c547cSRui Paulo size_t key_len;
145085732ac8SCy Schubert u8 data[160];
14515b9c547cSRui Paulo size_t data_len;
145285732ac8SCy Schubert u8 hash[32]; /* HMAC-SHA-256 */
145385732ac8SCy Schubert u8 hash384[48]; /* HMAC-SHA-384 */
14545b9c547cSRui Paulo } hmac_tests[] = {
145585732ac8SCy Schubert /* draft-ietf-ipsec-ciph-sha-256-01.txt; RFC 4231 */
14565b9c547cSRui Paulo {
14575b9c547cSRui Paulo {
14585b9c547cSRui Paulo 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
14595b9c547cSRui Paulo 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
14605b9c547cSRui Paulo 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
14615b9c547cSRui Paulo 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20
14625b9c547cSRui Paulo },
14635b9c547cSRui Paulo 32,
14645b9c547cSRui Paulo "abc", 3,
14655b9c547cSRui Paulo {
14665b9c547cSRui Paulo 0xa2, 0x1b, 0x1f, 0x5d, 0x4c, 0xf4, 0xf7, 0x3a,
14675b9c547cSRui Paulo 0x4d, 0xd9, 0x39, 0x75, 0x0f, 0x7a, 0x06, 0x6a,
14685b9c547cSRui Paulo 0x7f, 0x98, 0xcc, 0x13, 0x1c, 0xb1, 0x6a, 0x66,
14695b9c547cSRui Paulo 0x92, 0x75, 0x90, 0x21, 0xcf, 0xab, 0x81, 0x81
147085732ac8SCy Schubert },
147185732ac8SCy Schubert { }
14725b9c547cSRui Paulo },
14735b9c547cSRui Paulo {
14745b9c547cSRui Paulo {
14755b9c547cSRui Paulo 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
14765b9c547cSRui Paulo 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
14775b9c547cSRui Paulo 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
14785b9c547cSRui Paulo 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20
14795b9c547cSRui Paulo },
14805b9c547cSRui Paulo 32,
14815b9c547cSRui Paulo "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
14825b9c547cSRui Paulo 56,
14835b9c547cSRui Paulo {
14845b9c547cSRui Paulo 0x10, 0x4f, 0xdc, 0x12, 0x57, 0x32, 0x8f, 0x08,
14855b9c547cSRui Paulo 0x18, 0x4b, 0xa7, 0x31, 0x31, 0xc5, 0x3c, 0xae,
14865b9c547cSRui Paulo 0xe6, 0x98, 0xe3, 0x61, 0x19, 0x42, 0x11, 0x49,
14875b9c547cSRui Paulo 0xea, 0x8c, 0x71, 0x24, 0x56, 0x69, 0x7d, 0x30
148885732ac8SCy Schubert },
148985732ac8SCy Schubert { }
14905b9c547cSRui Paulo },
14915b9c547cSRui Paulo {
14925b9c547cSRui Paulo {
14935b9c547cSRui Paulo 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
14945b9c547cSRui Paulo 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
14955b9c547cSRui Paulo 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
14965b9c547cSRui Paulo 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20
14975b9c547cSRui Paulo },
14985b9c547cSRui Paulo 32,
14995b9c547cSRui Paulo "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
15005b9c547cSRui Paulo "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
15015b9c547cSRui Paulo 112,
15025b9c547cSRui Paulo {
15035b9c547cSRui Paulo 0x47, 0x03, 0x05, 0xfc, 0x7e, 0x40, 0xfe, 0x34,
15045b9c547cSRui Paulo 0xd3, 0xee, 0xb3, 0xe7, 0x73, 0xd9, 0x5a, 0xab,
15055b9c547cSRui Paulo 0x73, 0xac, 0xf0, 0xfd, 0x06, 0x04, 0x47, 0xa5,
15065b9c547cSRui Paulo 0xeb, 0x45, 0x95, 0xbf, 0x33, 0xa9, 0xd1, 0xa3
150785732ac8SCy Schubert },
150885732ac8SCy Schubert { }
15095b9c547cSRui Paulo },
15105b9c547cSRui Paulo {
15115b9c547cSRui Paulo {
15125b9c547cSRui Paulo 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
15135b9c547cSRui Paulo 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
15145b9c547cSRui Paulo 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
15155b9c547cSRui Paulo 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b
15165b9c547cSRui Paulo },
15175b9c547cSRui Paulo 32,
15185b9c547cSRui Paulo "Hi There",
15195b9c547cSRui Paulo 8,
15205b9c547cSRui Paulo {
15215b9c547cSRui Paulo 0x19, 0x8a, 0x60, 0x7e, 0xb4, 0x4b, 0xfb, 0xc6,
15225b9c547cSRui Paulo 0x99, 0x03, 0xa0, 0xf1, 0xcf, 0x2b, 0xbd, 0xc5,
15235b9c547cSRui Paulo 0xba, 0x0a, 0xa3, 0xf3, 0xd9, 0xae, 0x3c, 0x1c,
15245b9c547cSRui Paulo 0x7a, 0x3b, 0x16, 0x96, 0xa0, 0xb6, 0x8c, 0xf7
152585732ac8SCy Schubert },
152685732ac8SCy Schubert { }
152785732ac8SCy Schubert },
152885732ac8SCy Schubert { /* RFC 4231 - Test Case 1 */
152985732ac8SCy Schubert {
153085732ac8SCy Schubert 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
153185732ac8SCy Schubert 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
153285732ac8SCy Schubert 0x0b, 0x0b, 0x0b, 0x0b
153385732ac8SCy Schubert },
153485732ac8SCy Schubert 20,
153585732ac8SCy Schubert "Hi There",
153685732ac8SCy Schubert 8,
153785732ac8SCy Schubert {
153885732ac8SCy Schubert 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53,
153985732ac8SCy Schubert 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b,
154085732ac8SCy Schubert 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7,
154185732ac8SCy Schubert 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7
15425b9c547cSRui Paulo },
15435b9c547cSRui Paulo {
154485732ac8SCy Schubert 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62,
154585732ac8SCy Schubert 0x6b, 0x08, 0x25, 0xf4, 0xab, 0x46, 0x90, 0x7f,
154685732ac8SCy Schubert 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,
154785732ac8SCy Schubert 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c,
154885732ac8SCy Schubert 0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f,
154985732ac8SCy Schubert 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6
155085732ac8SCy Schubert }
155185732ac8SCy Schubert },
155285732ac8SCy Schubert { /* RFC 4231 - Test Case 2 */
15535b9c547cSRui Paulo "Jefe",
15545b9c547cSRui Paulo 4,
15555b9c547cSRui Paulo "what do ya want for nothing?",
15565b9c547cSRui Paulo 28,
15575b9c547cSRui Paulo {
15585b9c547cSRui Paulo 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e,
15595b9c547cSRui Paulo 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7,
15605b9c547cSRui Paulo 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83,
15615b9c547cSRui Paulo 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43
156285732ac8SCy Schubert },
156385732ac8SCy Schubert {
156485732ac8SCy Schubert 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31,
156585732ac8SCy Schubert 0x61, 0x7f, 0x78, 0xd2, 0xb5, 0x8a, 0x6b, 0x1b,
156685732ac8SCy Schubert 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47,
156785732ac8SCy Schubert 0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e,
156885732ac8SCy Schubert 0x8e, 0x22, 0x40, 0xca, 0x5e, 0x69, 0xe2, 0xc7,
156985732ac8SCy Schubert 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49
15705b9c547cSRui Paulo }
15715b9c547cSRui Paulo },
15725b9c547cSRui Paulo {
15735b9c547cSRui Paulo {
15745b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
15755b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
15765b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
15775b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
15785b9c547cSRui Paulo },
15795b9c547cSRui Paulo 32,
15805b9c547cSRui Paulo {
15815b9c547cSRui Paulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
15825b9c547cSRui Paulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
15835b9c547cSRui Paulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
15845b9c547cSRui Paulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
15855b9c547cSRui Paulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
15865b9c547cSRui Paulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
15875b9c547cSRui Paulo 0xdd, 0xdd
15885b9c547cSRui Paulo },
15895b9c547cSRui Paulo 50,
15905b9c547cSRui Paulo {
15915b9c547cSRui Paulo 0xcd, 0xcb, 0x12, 0x20, 0xd1, 0xec, 0xcc, 0xea,
15925b9c547cSRui Paulo 0x91, 0xe5, 0x3a, 0xba, 0x30, 0x92, 0xf9, 0x62,
15935b9c547cSRui Paulo 0xe5, 0x49, 0xfe, 0x6c, 0xe9, 0xed, 0x7f, 0xdc,
15945b9c547cSRui Paulo 0x43, 0x19, 0x1f, 0xbd, 0xe4, 0x5c, 0x30, 0xb0
159585732ac8SCy Schubert },
159685732ac8SCy Schubert { }
159785732ac8SCy Schubert },
159885732ac8SCy Schubert { /* RFC 4231 - Test Case 3 */
159985732ac8SCy Schubert {
160085732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
160185732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
160285732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa
160385732ac8SCy Schubert },
160485732ac8SCy Schubert 20,
160585732ac8SCy Schubert {
160685732ac8SCy Schubert 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
160785732ac8SCy Schubert 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
160885732ac8SCy Schubert 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
160985732ac8SCy Schubert 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
161085732ac8SCy Schubert 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
161185732ac8SCy Schubert 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
161285732ac8SCy Schubert 0xdd, 0xdd
161385732ac8SCy Schubert },
161485732ac8SCy Schubert 50,
161585732ac8SCy Schubert {
161685732ac8SCy Schubert 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46,
161785732ac8SCy Schubert 0x85, 0x4d, 0xb8, 0xeb, 0xd0, 0x91, 0x81, 0xa7,
161885732ac8SCy Schubert 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8, 0xc1, 0x22,
161985732ac8SCy Schubert 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe
162085732ac8SCy Schubert },
162185732ac8SCy Schubert {
162285732ac8SCy Schubert 0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a,
162385732ac8SCy Schubert 0x0a, 0xa2, 0xac, 0xe0, 0x14, 0xc8, 0xa8, 0x6f,
162485732ac8SCy Schubert 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb,
162585732ac8SCy Schubert 0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b,
162685732ac8SCy Schubert 0x2a, 0x5a, 0xb3, 0x9d, 0xc1, 0x38, 0x14, 0xb9,
162785732ac8SCy Schubert 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27
16285b9c547cSRui Paulo }
16295b9c547cSRui Paulo },
16305b9c547cSRui Paulo {
16315b9c547cSRui Paulo {
16325b9c547cSRui Paulo 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
16335b9c547cSRui Paulo 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
16345b9c547cSRui Paulo 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
16355b9c547cSRui Paulo 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
16365b9c547cSRui Paulo 0x21, 0x22, 0x23, 0x24, 0x25
16375b9c547cSRui Paulo },
16385b9c547cSRui Paulo 37,
16395b9c547cSRui Paulo {
16405b9c547cSRui Paulo 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
16415b9c547cSRui Paulo 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
16425b9c547cSRui Paulo 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
16435b9c547cSRui Paulo 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
16445b9c547cSRui Paulo 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
16455b9c547cSRui Paulo 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
16465b9c547cSRui Paulo 0xcd, 0xcd
16475b9c547cSRui Paulo },
16485b9c547cSRui Paulo 50,
16495b9c547cSRui Paulo {
16505b9c547cSRui Paulo 0xd4, 0x63, 0x3c, 0x17, 0xf6, 0xfb, 0x8d, 0x74,
16515b9c547cSRui Paulo 0x4c, 0x66, 0xde, 0xe0, 0xf8, 0xf0, 0x74, 0x55,
16525b9c547cSRui Paulo 0x6e, 0xc4, 0xaf, 0x55, 0xef, 0x07, 0x99, 0x85,
16535b9c547cSRui Paulo 0x41, 0x46, 0x8e, 0xb4, 0x9b, 0xd2, 0xe9, 0x17
165485732ac8SCy Schubert },
165585732ac8SCy Schubert { }
165685732ac8SCy Schubert },
165785732ac8SCy Schubert { /* RFC 4231 - Test Case 4 */
165885732ac8SCy Schubert {
165985732ac8SCy Schubert 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
166085732ac8SCy Schubert 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
166185732ac8SCy Schubert 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
166285732ac8SCy Schubert 0x19,
166385732ac8SCy Schubert },
166485732ac8SCy Schubert 25,
166585732ac8SCy Schubert {
166685732ac8SCy Schubert 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
166785732ac8SCy Schubert 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
166885732ac8SCy Schubert 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
166985732ac8SCy Schubert 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
167085732ac8SCy Schubert 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
167185732ac8SCy Schubert 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
167285732ac8SCy Schubert 0xcd, 0xcd
167385732ac8SCy Schubert },
167485732ac8SCy Schubert 50,
167585732ac8SCy Schubert {
167685732ac8SCy Schubert 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e,
167785732ac8SCy Schubert 0xa4, 0xcc, 0x81, 0x98, 0x99, 0xf2, 0x08, 0x3a,
167885732ac8SCy Schubert 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78, 0xf8, 0x07,
167985732ac8SCy Schubert 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b
168085732ac8SCy Schubert },
168185732ac8SCy Schubert {
168285732ac8SCy Schubert 0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85,
168385732ac8SCy Schubert 0x19, 0x33, 0xab, 0x62, 0x90, 0xaf, 0x6c, 0xa7,
168485732ac8SCy Schubert 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c,
168585732ac8SCy Schubert 0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e,
168685732ac8SCy Schubert 0x68, 0x01, 0xdd, 0x23, 0xc4, 0xa7, 0xd6, 0x79,
168785732ac8SCy Schubert 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb
16885b9c547cSRui Paulo }
16895b9c547cSRui Paulo },
16905b9c547cSRui Paulo {
16915b9c547cSRui Paulo {
16925b9c547cSRui Paulo 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
16935b9c547cSRui Paulo 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
16945b9c547cSRui Paulo 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
16955b9c547cSRui Paulo 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c
16965b9c547cSRui Paulo },
16975b9c547cSRui Paulo 32,
16985b9c547cSRui Paulo "Test With Truncation",
16995b9c547cSRui Paulo 20,
17005b9c547cSRui Paulo {
17015b9c547cSRui Paulo 0x75, 0x46, 0xaf, 0x01, 0x84, 0x1f, 0xc0, 0x9b,
17025b9c547cSRui Paulo 0x1a, 0xb9, 0xc3, 0x74, 0x9a, 0x5f, 0x1c, 0x17,
17035b9c547cSRui Paulo 0xd4, 0xf5, 0x89, 0x66, 0x8a, 0x58, 0x7b, 0x27,
17045b9c547cSRui Paulo 0x00, 0xa9, 0xc9, 0x7c, 0x11, 0x93, 0xcf, 0x42
170585732ac8SCy Schubert },
170685732ac8SCy Schubert { }
17075b9c547cSRui Paulo },
17085b9c547cSRui Paulo {
17095b9c547cSRui Paulo {
17105b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
17115b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
17125b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
17135b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
17145b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
17155b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
17165b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
17175b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
17185b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
17195b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
17205b9c547cSRui Paulo },
17215b9c547cSRui Paulo 80,
17225b9c547cSRui Paulo "Test Using Larger Than Block-Size Key - Hash Key First",
17235b9c547cSRui Paulo 54,
17245b9c547cSRui Paulo {
17255b9c547cSRui Paulo 0x69, 0x53, 0x02, 0x5e, 0xd9, 0x6f, 0x0c, 0x09,
17265b9c547cSRui Paulo 0xf8, 0x0a, 0x96, 0xf7, 0x8e, 0x65, 0x38, 0xdb,
17275b9c547cSRui Paulo 0xe2, 0xe7, 0xb8, 0x20, 0xe3, 0xdd, 0x97, 0x0e,
17285b9c547cSRui Paulo 0x7d, 0xdd, 0x39, 0x09, 0x1b, 0x32, 0x35, 0x2f
172985732ac8SCy Schubert },
173085732ac8SCy Schubert { }
173185732ac8SCy Schubert },
173285732ac8SCy Schubert { /* RFC 4231 - Test Case 6 */
173385732ac8SCy Schubert {
173485732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
173585732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
173685732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
173785732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
173885732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
173985732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
174085732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
174185732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
174285732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
174385732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
174485732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
174585732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
174685732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
174785732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
174885732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
174985732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
175085732ac8SCy Schubert 0xaa, 0xaa, 0xaa
175185732ac8SCy Schubert },
175285732ac8SCy Schubert 131,
175385732ac8SCy Schubert "Test Using Larger Than Block-Size Key - Hash Key First",
175485732ac8SCy Schubert 54,
175585732ac8SCy Schubert {
175685732ac8SCy Schubert 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f,
175785732ac8SCy Schubert 0x0d, 0x8a, 0x26, 0xaa, 0xcb, 0xf5, 0xb7, 0x7f,
175885732ac8SCy Schubert 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28, 0xc5, 0x14,
175985732ac8SCy Schubert 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54
176085732ac8SCy Schubert },
176185732ac8SCy Schubert {
176285732ac8SCy Schubert 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90,
176385732ac8SCy Schubert 0x88, 0xd2, 0xc6, 0x3a, 0x04, 0x1b, 0xc5, 0xb4,
176485732ac8SCy Schubert 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f,
176585732ac8SCy Schubert 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6,
176685732ac8SCy Schubert 0x0c, 0x2e, 0xf6, 0xab, 0x40, 0x30, 0xfe, 0x82,
176785732ac8SCy Schubert 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52
17685b9c547cSRui Paulo }
17695b9c547cSRui Paulo },
17705b9c547cSRui Paulo {
17715b9c547cSRui Paulo {
17725b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
17735b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
17745b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
17755b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
17765b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
17775b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
17785b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
17795b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
17805b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
17815b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
17825b9c547cSRui Paulo },
17835b9c547cSRui Paulo 80,
17845b9c547cSRui Paulo "Test Using Larger Than Block-Size Key and Larger Than One "
17855b9c547cSRui Paulo "Block-Size Data",
17865b9c547cSRui Paulo 73,
17875b9c547cSRui Paulo {
17885b9c547cSRui Paulo 0x63, 0x55, 0xac, 0x22, 0xe8, 0x90, 0xd0, 0xa3,
17895b9c547cSRui Paulo 0xc8, 0x48, 0x1a, 0x5c, 0xa4, 0x82, 0x5b, 0xc8,
17905b9c547cSRui Paulo 0x84, 0xd3, 0xe7, 0xa1, 0xff, 0x98, 0xa2, 0xfc,
17915b9c547cSRui Paulo 0x2a, 0xc7, 0xd8, 0xe0, 0x64, 0xc3, 0xb2, 0xe6
179285732ac8SCy Schubert },
179385732ac8SCy Schubert { }
179485732ac8SCy Schubert },
179585732ac8SCy Schubert { /* RFC 4231 - Test Case 7 */
179685732ac8SCy Schubert {
179785732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
179885732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
179985732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
180085732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
180185732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
180285732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
180385732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
180485732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
180585732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
180685732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
180785732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
180885732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
180985732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
181085732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
181185732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
181285732ac8SCy Schubert 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
181385732ac8SCy Schubert 0xaa, 0xaa, 0xaa
181485732ac8SCy Schubert },
181585732ac8SCy Schubert 131,
181685732ac8SCy Schubert "This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.",
181785732ac8SCy Schubert 152,
181885732ac8SCy Schubert {
181985732ac8SCy Schubert 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb,
182085732ac8SCy Schubert 0x27, 0x63, 0x5f, 0xbc, 0xd5, 0xb0, 0xe9, 0x44,
182185732ac8SCy Schubert 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07, 0x13, 0x93,
182285732ac8SCy Schubert 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2
182385732ac8SCy Schubert },
182485732ac8SCy Schubert {
182585732ac8SCy Schubert 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d,
182685732ac8SCy Schubert 0x35, 0x1e, 0x2f, 0x25, 0x4e, 0x8f, 0xd3, 0x2c,
182785732ac8SCy Schubert 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a,
182885732ac8SCy Schubert 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5,
182985732ac8SCy Schubert 0xa6, 0x78, 0xcc, 0x31, 0xe7, 0x99, 0x17, 0x6d,
183085732ac8SCy Schubert 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e
18315b9c547cSRui Paulo }
18325b9c547cSRui Paulo }
18335b9c547cSRui Paulo };
18345b9c547cSRui Paulo
18355b9c547cSRui Paulo
test_sha256(void)18365b9c547cSRui Paulo static int test_sha256(void)
18375b9c547cSRui Paulo {
18385b9c547cSRui Paulo unsigned int i;
18395b9c547cSRui Paulo u8 hash[32];
18405b9c547cSRui Paulo const u8 *addr[2];
18415b9c547cSRui Paulo size_t len[2];
18425b9c547cSRui Paulo int errors = 0;
1843780fb4a2SCy Schubert u8 *key;
18445b9c547cSRui Paulo
18455b9c547cSRui Paulo for (i = 0; i < ARRAY_SIZE(tests); i++) {
18465b9c547cSRui Paulo wpa_printf(MSG_INFO, "SHA256 test case %d:", i + 1);
18475b9c547cSRui Paulo
18485b9c547cSRui Paulo addr[0] = (u8 *) tests[i].data;
18495b9c547cSRui Paulo len[0] = strlen(tests[i].data);
18505b9c547cSRui Paulo sha256_vector(1, addr, len, hash);
18515b9c547cSRui Paulo if (memcmp(hash, tests[i].hash, 32) != 0) {
18525b9c547cSRui Paulo wpa_printf(MSG_INFO, " FAIL");
18535b9c547cSRui Paulo errors++;
18545b9c547cSRui Paulo } else
18555b9c547cSRui Paulo wpa_printf(MSG_INFO, " OK");
18565b9c547cSRui Paulo
18575b9c547cSRui Paulo if (len[0]) {
18585b9c547cSRui Paulo addr[0] = (u8 *) tests[i].data;
18595b9c547cSRui Paulo len[0] = 1;
18605b9c547cSRui Paulo addr[1] = (u8 *) tests[i].data + 1;
18615b9c547cSRui Paulo len[1] = strlen(tests[i].data) - 1;
18625b9c547cSRui Paulo sha256_vector(2, addr, len, hash);
18635b9c547cSRui Paulo if (memcmp(hash, tests[i].hash, 32) != 0) {
18645b9c547cSRui Paulo wpa_printf(MSG_INFO, " FAIL");
18655b9c547cSRui Paulo errors++;
18665b9c547cSRui Paulo } else
18675b9c547cSRui Paulo wpa_printf(MSG_INFO, " OK");
18685b9c547cSRui Paulo }
18695b9c547cSRui Paulo }
18705b9c547cSRui Paulo
18715b9c547cSRui Paulo for (i = 0; i < ARRAY_SIZE(hmac_tests); i++) {
1872325151a3SRui Paulo const struct hmac_test *t = &hmac_tests[i];
18735b9c547cSRui Paulo
18745b9c547cSRui Paulo wpa_printf(MSG_INFO, "HMAC-SHA256 test case %d:", i + 1);
18755b9c547cSRui Paulo
18765b9c547cSRui Paulo if (hmac_sha256(t->key, t->key_len, t->data, t->data_len,
18775b9c547cSRui Paulo hash) < 0 ||
18785b9c547cSRui Paulo os_memcmp(hash, t->hash, 32) != 0) {
18795b9c547cSRui Paulo wpa_printf(MSG_INFO, " FAIL");
18805b9c547cSRui Paulo errors++;
18815b9c547cSRui Paulo } else
18825b9c547cSRui Paulo wpa_printf(MSG_INFO, " OK");
18835b9c547cSRui Paulo
18845b9c547cSRui Paulo addr[0] = t->data;
18855b9c547cSRui Paulo len[0] = t->data_len;
18865b9c547cSRui Paulo if (hmac_sha256_vector(t->key, t->key_len, 1, addr, len,
18875b9c547cSRui Paulo hash) < 0 ||
18885b9c547cSRui Paulo os_memcmp(hash, t->hash, 32) != 0) {
18895b9c547cSRui Paulo wpa_printf(MSG_INFO, " FAIL");
18905b9c547cSRui Paulo errors++;
18915b9c547cSRui Paulo } else
18925b9c547cSRui Paulo wpa_printf(MSG_INFO, " OK");
18935b9c547cSRui Paulo
18945b9c547cSRui Paulo if (len[0]) {
18955b9c547cSRui Paulo addr[0] = t->data;
18965b9c547cSRui Paulo len[0] = 1;
18975b9c547cSRui Paulo addr[1] = t->data + 1;
18985b9c547cSRui Paulo len[1] = t->data_len - 1;
18995b9c547cSRui Paulo if (hmac_sha256_vector(t->key, t->key_len, 2, addr, len,
19005b9c547cSRui Paulo hash) < 0 ||
19015b9c547cSRui Paulo os_memcmp(hash, t->hash, 32) != 0) {
19025b9c547cSRui Paulo wpa_printf(MSG_INFO, " FAIL");
19035b9c547cSRui Paulo errors++;
19045b9c547cSRui Paulo } else
19055b9c547cSRui Paulo wpa_printf(MSG_INFO, " OK");
19065b9c547cSRui Paulo }
19075b9c547cSRui Paulo }
19085b9c547cSRui Paulo
19095b9c547cSRui Paulo wpa_printf(MSG_INFO, "Test IEEE 802.11r KDF");
19105b9c547cSRui Paulo sha256_prf((u8 *) "abc", 3, "KDF test", (u8 *) "data", 4,
19115b9c547cSRui Paulo hash, sizeof(hash));
19125b9c547cSRui Paulo /* TODO: add proper test case for this */
19135b9c547cSRui Paulo
1914780fb4a2SCy Schubert key = os_malloc(8161);
1915780fb4a2SCy Schubert if (key) {
1916780fb4a2SCy Schubert #ifdef CONFIG_HMAC_SHA256_KDF
1917780fb4a2SCy Schubert int res;
1918780fb4a2SCy Schubert
1919780fb4a2SCy Schubert res = hmac_sha256_kdf((u8 *) "secret", 6, "label",
1920780fb4a2SCy Schubert (u8 *) "seed", 4, key, 8160);
1921780fb4a2SCy Schubert if (res) {
1922780fb4a2SCy Schubert wpa_printf(MSG_INFO,
1923780fb4a2SCy Schubert "Unexpected hmac_sha256_kdf(outlen=8160) failure");
1924780fb4a2SCy Schubert errors++;
1925780fb4a2SCy Schubert }
1926780fb4a2SCy Schubert
1927780fb4a2SCy Schubert res = hmac_sha256_kdf((u8 *) "secret", 6, "label",
1928780fb4a2SCy Schubert (u8 *) "seed", 4, key, 8161);
1929780fb4a2SCy Schubert if (res == 0) {
1930780fb4a2SCy Schubert wpa_printf(MSG_INFO,
1931780fb4a2SCy Schubert "Unexpected hmac_sha256_kdf(outlen=8161) success");
1932780fb4a2SCy Schubert errors++;
1933780fb4a2SCy Schubert }
1934780fb4a2SCy Schubert #endif /* CONFIG_HMAC_SHA256_KDF */
1935780fb4a2SCy Schubert
1936780fb4a2SCy Schubert os_free(key);
1937780fb4a2SCy Schubert }
1938780fb4a2SCy Schubert
19395b9c547cSRui Paulo if (!errors)
19405b9c547cSRui Paulo wpa_printf(MSG_INFO, "SHA256 test cases passed");
19415b9c547cSRui Paulo return errors;
19425b9c547cSRui Paulo }
19435b9c547cSRui Paulo
19445b9c547cSRui Paulo
test_sha384(void)194585732ac8SCy Schubert static int test_sha384(void)
194685732ac8SCy Schubert {
194785732ac8SCy Schubert #ifdef CONFIG_SHA384
194885732ac8SCy Schubert unsigned int i;
194985732ac8SCy Schubert u8 hash[48];
195085732ac8SCy Schubert const u8 *addr[2];
195185732ac8SCy Schubert size_t len[2];
195285732ac8SCy Schubert int errors = 0;
195385732ac8SCy Schubert const char *data = "hello";
195485732ac8SCy Schubert const u8 hash_res[] = {
195585732ac8SCy Schubert 0x59, 0xe1, 0x74, 0x87, 0x77, 0x44, 0x8c, 0x69,
195685732ac8SCy Schubert 0xde, 0x6b, 0x80, 0x0d, 0x7a, 0x33, 0xbb, 0xfb,
195785732ac8SCy Schubert 0x9f, 0xf1, 0xb4, 0x63, 0xe4, 0x43, 0x54, 0xc3,
195885732ac8SCy Schubert 0x55, 0x3b, 0xcd, 0xb9, 0xc6, 0x66, 0xfa, 0x90,
195985732ac8SCy Schubert 0x12, 0x5a, 0x3c, 0x79, 0xf9, 0x03, 0x97, 0xbd,
196085732ac8SCy Schubert 0xf5, 0xf6, 0xa1, 0x3d, 0xe8, 0x28, 0x68, 0x4f
196185732ac8SCy Schubert };
196285732ac8SCy Schubert
196385732ac8SCy Schubert addr[0] = (const u8 *) data;
196485732ac8SCy Schubert len[0] = 5;
196585732ac8SCy Schubert if (sha384_vector(1, addr, len, hash) < 0 ||
196685732ac8SCy Schubert os_memcmp(hash, hash_res, 48) != 0) {
196785732ac8SCy Schubert wpa_printf(MSG_INFO, "SHA384 test case 1: FAIL");
196885732ac8SCy Schubert errors++;
196985732ac8SCy Schubert } else {
197085732ac8SCy Schubert wpa_printf(MSG_INFO, "SHA384 test case 1: OK");
197185732ac8SCy Schubert }
197285732ac8SCy Schubert
197385732ac8SCy Schubert addr[0] = (const u8 *) data;
197485732ac8SCy Schubert len[0] = 4;
197585732ac8SCy Schubert addr[1] = (const u8 *) data + 4;
197685732ac8SCy Schubert len[1] = 1;
197785732ac8SCy Schubert if (sha384_vector(2, addr, len, hash) < 0 ||
197885732ac8SCy Schubert os_memcmp(hash, hash_res, 48) != 0) {
197985732ac8SCy Schubert wpa_printf(MSG_INFO, "SHA384 test case 2: FAIL");
198085732ac8SCy Schubert errors++;
198185732ac8SCy Schubert } else {
198285732ac8SCy Schubert wpa_printf(MSG_INFO, "SHA384 test case 2: OK");
198385732ac8SCy Schubert }
198485732ac8SCy Schubert
198585732ac8SCy Schubert for (i = 0; i < ARRAY_SIZE(hmac_tests); i++) {
198685732ac8SCy Schubert const struct hmac_test *t = &hmac_tests[i];
198785732ac8SCy Schubert
198885732ac8SCy Schubert if (t->hash384[0] == 0 && t->hash384[1] == 0 &&
198985732ac8SCy Schubert t->hash384[2] == 0 && t->hash384[3] == 0)
199085732ac8SCy Schubert continue;
199185732ac8SCy Schubert wpa_printf(MSG_INFO, "HMAC-SHA384 test case %d:", i + 1);
199285732ac8SCy Schubert
199385732ac8SCy Schubert if (hmac_sha384(t->key, t->key_len, t->data, t->data_len,
199485732ac8SCy Schubert hash) < 0 ||
199585732ac8SCy Schubert os_memcmp(hash, t->hash384, 48) != 0) {
199685732ac8SCy Schubert wpa_printf(MSG_INFO, " FAIL");
199785732ac8SCy Schubert errors++;
199885732ac8SCy Schubert } else
199985732ac8SCy Schubert wpa_printf(MSG_INFO, " OK");
200085732ac8SCy Schubert
200185732ac8SCy Schubert addr[0] = t->data;
200285732ac8SCy Schubert len[0] = t->data_len;
200385732ac8SCy Schubert if (hmac_sha384_vector(t->key, t->key_len, 1, addr, len,
200485732ac8SCy Schubert hash) < 0 ||
200585732ac8SCy Schubert os_memcmp(hash, t->hash384, 48) != 0) {
200685732ac8SCy Schubert wpa_printf(MSG_INFO, " FAIL");
200785732ac8SCy Schubert errors++;
200885732ac8SCy Schubert } else
200985732ac8SCy Schubert wpa_printf(MSG_INFO, " OK");
201085732ac8SCy Schubert
201185732ac8SCy Schubert if (len[0]) {
201285732ac8SCy Schubert addr[0] = t->data;
201385732ac8SCy Schubert len[0] = 1;
201485732ac8SCy Schubert addr[1] = t->data + 1;
201585732ac8SCy Schubert len[1] = t->data_len - 1;
201685732ac8SCy Schubert if (hmac_sha384_vector(t->key, t->key_len, 2, addr, len,
201785732ac8SCy Schubert hash) < 0 ||
201885732ac8SCy Schubert os_memcmp(hash, t->hash384, 48) != 0) {
201985732ac8SCy Schubert wpa_printf(MSG_INFO, " FAIL");
202085732ac8SCy Schubert errors++;
202185732ac8SCy Schubert } else
202285732ac8SCy Schubert wpa_printf(MSG_INFO, " OK");
202385732ac8SCy Schubert }
202485732ac8SCy Schubert }
202585732ac8SCy Schubert
202685732ac8SCy Schubert if (!errors)
202785732ac8SCy Schubert wpa_printf(MSG_INFO, "SHA384 test cases passed");
202885732ac8SCy Schubert return errors;
202985732ac8SCy Schubert #else /* CONFIG_SHA384 */
203085732ac8SCy Schubert return 0;
203185732ac8SCy Schubert #endif /* CONFIG_SHA384 */
203285732ac8SCy Schubert }
203385732ac8SCy Schubert
203485732ac8SCy Schubert
test_fips186_2_prf(void)2035780fb4a2SCy Schubert static int test_fips186_2_prf(void)
2036780fb4a2SCy Schubert {
2037780fb4a2SCy Schubert /* http://csrc.nist.gov/encryption/dss/Examples-1024bit.pdf */
2038780fb4a2SCy Schubert u8 xkey[] = {
2039780fb4a2SCy Schubert 0xbd, 0x02, 0x9b, 0xbe, 0x7f, 0x51, 0x96, 0x0b,
2040780fb4a2SCy Schubert 0xcf, 0x9e, 0xdb, 0x2b, 0x61, 0xf0, 0x6f, 0x0f,
2041780fb4a2SCy Schubert 0xeb, 0x5a, 0x38, 0xb6
2042780fb4a2SCy Schubert };
2043780fb4a2SCy Schubert u8 w[] = {
2044780fb4a2SCy Schubert 0x20, 0x70, 0xb3, 0x22, 0x3d, 0xba, 0x37, 0x2f,
2045780fb4a2SCy Schubert 0xde, 0x1c, 0x0f, 0xfc, 0x7b, 0x2e, 0x3b, 0x49,
2046780fb4a2SCy Schubert 0x8b, 0x26, 0x06, 0x14, 0x3c, 0x6c, 0x18, 0xba,
2047780fb4a2SCy Schubert 0xcb, 0x0f, 0x6c, 0x55, 0xba, 0xbb, 0x13, 0x78,
2048780fb4a2SCy Schubert 0x8e, 0x20, 0xd7, 0x37, 0xa3, 0x27, 0x51, 0x16
2049780fb4a2SCy Schubert };
2050780fb4a2SCy Schubert u8 buf[40];
2051780fb4a2SCy Schubert
2052780fb4a2SCy Schubert wpa_printf(MSG_INFO,
2053780fb4a2SCy Schubert "Testing EAP-SIM PRF (FIPS 186-2 + change notice 1)");
2054780fb4a2SCy Schubert if (fips186_2_prf(xkey, sizeof(xkey), buf, sizeof(buf)) < 0 ||
2055780fb4a2SCy Schubert os_memcmp(w, buf, sizeof(w)) != 0) {
2056780fb4a2SCy Schubert wpa_printf(MSG_INFO, "fips186_2_prf failed");
2057780fb4a2SCy Schubert return 1;
2058780fb4a2SCy Schubert }
2059780fb4a2SCy Schubert
2060780fb4a2SCy Schubert return 0;
2061780fb4a2SCy Schubert }
2062780fb4a2SCy Schubert
2063780fb4a2SCy Schubert
test_extract_expand_hkdf(void)206485732ac8SCy Schubert static int test_extract_expand_hkdf(void)
206585732ac8SCy Schubert {
206685732ac8SCy Schubert u8 prk[SHA256_MAC_LEN];
206785732ac8SCy Schubert u8 okm[82];
206885732ac8SCy Schubert
206985732ac8SCy Schubert /* RFC 5869, A.1 */
207085732ac8SCy Schubert u8 ikm1[22] = {
207185732ac8SCy Schubert 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
207285732ac8SCy Schubert 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
207385732ac8SCy Schubert 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b
207485732ac8SCy Schubert };
207585732ac8SCy Schubert u8 salt1[13] = {
207685732ac8SCy Schubert 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
207785732ac8SCy Schubert 0x08, 0x09, 0x0a, 0x0b, 0x0c
207885732ac8SCy Schubert };
207985732ac8SCy Schubert u8 info1[10] = {
208085732ac8SCy Schubert 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
208185732ac8SCy Schubert 0xf8, 0xf9
208285732ac8SCy Schubert };
208385732ac8SCy Schubert u8 prk1[32] = {
208485732ac8SCy Schubert 0x07, 0x77, 0x09, 0x36, 0x2c, 0x2e, 0x32, 0xdf,
208585732ac8SCy Schubert 0x0d, 0xdc, 0x3f, 0x0d, 0xc4, 0x7b, 0xba, 0x63,
208685732ac8SCy Schubert 0x90, 0xb6, 0xc7, 0x3b, 0xb5, 0x0f, 0x9c, 0x31,
208785732ac8SCy Schubert 0x22, 0xec, 0x84, 0x4a, 0xd7, 0xc2, 0xb3, 0xe5
208885732ac8SCy Schubert };
208985732ac8SCy Schubert u8 okm1[42] = {
209085732ac8SCy Schubert 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
209185732ac8SCy Schubert 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
209285732ac8SCy Schubert 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
209385732ac8SCy Schubert 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
209485732ac8SCy Schubert 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
209585732ac8SCy Schubert 0x58, 0x65
209685732ac8SCy Schubert };
209785732ac8SCy Schubert
209885732ac8SCy Schubert /* RFC 5869, A.2 */
209985732ac8SCy Schubert u8 ikm2[80] = {
210085732ac8SCy Schubert 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
210185732ac8SCy Schubert 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
210285732ac8SCy Schubert 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
210385732ac8SCy Schubert 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
210485732ac8SCy Schubert 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
210585732ac8SCy Schubert 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
210685732ac8SCy Schubert 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
210785732ac8SCy Schubert 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
210885732ac8SCy Schubert 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
210985732ac8SCy Schubert 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
211085732ac8SCy Schubert };
211185732ac8SCy Schubert u8 salt2[80] = {
211285732ac8SCy Schubert 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
211385732ac8SCy Schubert 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
211485732ac8SCy Schubert 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
211585732ac8SCy Schubert 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
211685732ac8SCy Schubert 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
211785732ac8SCy Schubert 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
211885732ac8SCy Schubert 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
211985732ac8SCy Schubert 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
212085732ac8SCy Schubert 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
212185732ac8SCy Schubert 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf
212285732ac8SCy Schubert };
212385732ac8SCy Schubert u8 info2[80] = {
212485732ac8SCy Schubert 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
212585732ac8SCy Schubert 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
212685732ac8SCy Schubert 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
212785732ac8SCy Schubert 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
212885732ac8SCy Schubert 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
212985732ac8SCy Schubert 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
213085732ac8SCy Schubert 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
213185732ac8SCy Schubert 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
213285732ac8SCy Schubert 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
213385732ac8SCy Schubert 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
213485732ac8SCy Schubert };
213585732ac8SCy Schubert u8 prk2[32] = {
213685732ac8SCy Schubert 0x06, 0xa6, 0xb8, 0x8c, 0x58, 0x53, 0x36, 0x1a,
213785732ac8SCy Schubert 0x06, 0x10, 0x4c, 0x9c, 0xeb, 0x35, 0xb4, 0x5c,
213885732ac8SCy Schubert 0xef, 0x76, 0x00, 0x14, 0x90, 0x46, 0x71, 0x01,
213985732ac8SCy Schubert 0x4a, 0x19, 0x3f, 0x40, 0xc1, 0x5f, 0xc2, 0x44
214085732ac8SCy Schubert };
214185732ac8SCy Schubert u8 okm2[82] = {
214285732ac8SCy Schubert 0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1,
214385732ac8SCy Schubert 0xc8, 0xe7, 0xf7, 0x8c, 0x59, 0x6a, 0x49, 0x34,
214485732ac8SCy Schubert 0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, 0xfa, 0xd8,
214585732ac8SCy Schubert 0xa0, 0x50, 0xcc, 0x4c, 0x19, 0xaf, 0xa9, 0x7c,
214685732ac8SCy Schubert 0x59, 0x04, 0x5a, 0x99, 0xca, 0xc7, 0x82, 0x72,
214785732ac8SCy Schubert 0x71, 0xcb, 0x41, 0xc6, 0x5e, 0x59, 0x0e, 0x09,
214885732ac8SCy Schubert 0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8,
214985732ac8SCy Schubert 0x36, 0x77, 0x93, 0xa9, 0xac, 0xa3, 0xdb, 0x71,
215085732ac8SCy Schubert 0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, 0x3e, 0x87,
215185732ac8SCy Schubert 0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f,
215285732ac8SCy Schubert 0x1d, 0x87
215385732ac8SCy Schubert };
215485732ac8SCy Schubert
215585732ac8SCy Schubert wpa_printf(MSG_INFO, "Testing Extract-and-Expand HKDF (RFC 5869)");
215685732ac8SCy Schubert
215785732ac8SCy Schubert wpa_printf(MSG_INFO, "RFC 5869 - Test Case 1");
215885732ac8SCy Schubert if (hmac_sha256(salt1, sizeof(salt1), ikm1, sizeof(ikm1), prk) < 0)
215985732ac8SCy Schubert return -1;
216085732ac8SCy Schubert if (os_memcmp(prk, prk1, SHA256_MAC_LEN) != 0) {
216185732ac8SCy Schubert wpa_printf(MSG_INFO, "HKDF-Extract mismatch in PRK");
216285732ac8SCy Schubert return -1;
216385732ac8SCy Schubert }
216485732ac8SCy Schubert if (hmac_sha256_kdf(prk1, sizeof(prk1), NULL, info1, sizeof(info1),
216585732ac8SCy Schubert okm, sizeof(okm1)) < 0)
216685732ac8SCy Schubert return -1;
216785732ac8SCy Schubert if (os_memcmp(okm, okm1, sizeof(okm1)) != 0) {
216885732ac8SCy Schubert wpa_printf(MSG_INFO, "HKDF-Expand mismatch in OKM");
216985732ac8SCy Schubert return -1;
217085732ac8SCy Schubert }
217185732ac8SCy Schubert
217285732ac8SCy Schubert wpa_printf(MSG_INFO, "RFC 5869 - Test Case 2");
217385732ac8SCy Schubert if (hmac_sha256(salt2, sizeof(salt2), ikm2, sizeof(ikm2), prk) < 0)
217485732ac8SCy Schubert return -1;
217585732ac8SCy Schubert if (os_memcmp(prk, prk2, SHA256_MAC_LEN) != 0) {
217685732ac8SCy Schubert wpa_printf(MSG_INFO, "HKDF-Extract mismatch in PRK");
217785732ac8SCy Schubert return -1;
217885732ac8SCy Schubert }
217985732ac8SCy Schubert if (hmac_sha256_kdf(prk2, sizeof(prk2), NULL, info2, sizeof(info2),
218085732ac8SCy Schubert okm, sizeof(okm2)) < 0)
218185732ac8SCy Schubert return -1;
218285732ac8SCy Schubert if (os_memcmp(okm, okm2, sizeof(okm2)) != 0) {
218385732ac8SCy Schubert wpa_printf(MSG_INFO, "HKDF-Expand mismatch in OKM");
218485732ac8SCy Schubert return -1;
218585732ac8SCy Schubert }
218685732ac8SCy Schubert
218785732ac8SCy Schubert wpa_printf(MSG_INFO, "Extract-and-Expand HKDF test cases passed");
218885732ac8SCy Schubert
218985732ac8SCy Schubert return 0;
219085732ac8SCy Schubert }
219185732ac8SCy Schubert
219285732ac8SCy Schubert
2193*a90b9d01SCy Schubert #ifdef CONFIG_DPP3
2194*a90b9d01SCy Schubert
2195*a90b9d01SCy Schubert static const struct hpke_test {
2196*a90b9d01SCy Schubert const char *name;
2197*a90b9d01SCy Schubert enum hpke_mode mode;
2198*a90b9d01SCy Schubert enum hpke_kem_id kem_id;
2199*a90b9d01SCy Schubert enum hpke_kdf_id kdf_id;
2200*a90b9d01SCy Schubert enum hpke_aead_id aead_id;
2201*a90b9d01SCy Schubert const char *info;
2202*a90b9d01SCy Schubert int sk_r_group;
2203*a90b9d01SCy Schubert const char *pk_r;
2204*a90b9d01SCy Schubert const char *sk_r;
2205*a90b9d01SCy Schubert const char *enc;
2206*a90b9d01SCy Schubert const char *pt;
2207*a90b9d01SCy Schubert const char *aad;
2208*a90b9d01SCy Schubert const char *ct;
2209*a90b9d01SCy Schubert } hpke_tests[] = {
2210*a90b9d01SCy Schubert {
2211*a90b9d01SCy Schubert .name = "A.3. DHKEM(P-256, HKDF-SHA256), HKDF-SHA256, AES-128-GCM",
2212*a90b9d01SCy Schubert .mode = HPKE_MODE_BASE,
2213*a90b9d01SCy Schubert .kem_id = HPKE_DHKEM_P256_HKDF_SHA256,
2214*a90b9d01SCy Schubert .kdf_id = HPKE_KDF_HKDF_SHA256,
2215*a90b9d01SCy Schubert .aead_id = HPKE_AEAD_AES_128_GCM,
2216*a90b9d01SCy Schubert .info = "4f6465206f6e2061204772656369616e2055726e",
2217*a90b9d01SCy Schubert .sk_r_group = 19,
2218*a90b9d01SCy Schubert .pk_r = "04fe8c19ce0905191ebc298a9245792531f26f0cece2460639e8bc39cb7f706a826a779b4cf969b8a0e539c7f62fb3d30ad6aa8f80e30f1d128aafd68a2ce72ea0",
2219*a90b9d01SCy Schubert .sk_r = "f3ce7fdae57e1a310d87f1ebbde6f328be0a99cdbcadf4d6589cf29de4b8ffd2",
2220*a90b9d01SCy Schubert .enc = "04a92719c6195d5085104f469a8b9814d5838ff72b60501e2c4466e5e67b325ac98536d7b61a1af4b78e5b7f951c0900be863c403ce65c9bfcb9382657222d18c4",
2221*a90b9d01SCy Schubert .pt = "4265617574792069732074727574682c20747275746820626561757479",
2222*a90b9d01SCy Schubert .aad = "436f756e742d30",
2223*a90b9d01SCy Schubert .ct = "5ad590bb8baa577f8619db35a36311226a896e7342a6d836d8b7bcd2f20b6c7f9076ac232e3ab2523f39513434",
2224*a90b9d01SCy Schubert },
2225*a90b9d01SCy Schubert {
2226*a90b9d01SCy Schubert .name = "A.4. DHKEM(P-256, HKDF-SHA256), HKDF-SHA512, AES-128-GCM",
2227*a90b9d01SCy Schubert .mode = HPKE_MODE_BASE,
2228*a90b9d01SCy Schubert .kem_id = HPKE_DHKEM_P256_HKDF_SHA256,
2229*a90b9d01SCy Schubert .kdf_id = HPKE_KDF_HKDF_SHA512,
2230*a90b9d01SCy Schubert .aead_id = HPKE_AEAD_AES_128_GCM,
2231*a90b9d01SCy Schubert .info = "4f6465206f6e2061204772656369616e2055726e",
2232*a90b9d01SCy Schubert .sk_r_group = 19,
2233*a90b9d01SCy Schubert .pk_r = "04085aa5b665dc3826f9650ccbcc471be268c8ada866422f739e2d531d4a8818a9466bc6b449357096232919ec4fe9070ccbac4aac30f4a1a53efcf7af90610edd",
2234*a90b9d01SCy Schubert .sk_r = "3ac8530ad1b01885960fab38cf3cdc4f7aef121eaa239f222623614b4079fb38",
2235*a90b9d01SCy Schubert .enc = "0493ed86735bdfb978cc055c98b45695ad7ce61ce748f4dd63c525a3b8d53a15565c6897888070070c1579db1f86aaa56deb8297e64db7e8924e72866f9a472580",
2236*a90b9d01SCy Schubert .pt = "4265617574792069732074727574682c20747275746820626561757479",
2237*a90b9d01SCy Schubert .aad = "436f756e742d30",
2238*a90b9d01SCy Schubert .ct = "d3cf4984931484a080f74c1bb2a6782700dc1fef9abe8442e44a6f09044c88907200b332003543754eb51917ba",
2239*a90b9d01SCy Schubert },
2240*a90b9d01SCy Schubert {
2241*a90b9d01SCy Schubert .name = "A.6. DHKEM(P-521, HKDF-SHA512), HKDF-SHA512, AES-256-GCM",
2242*a90b9d01SCy Schubert .mode = HPKE_MODE_BASE,
2243*a90b9d01SCy Schubert .kem_id = HPKE_DHKEM_P521_HKDF_SHA512,
2244*a90b9d01SCy Schubert .kdf_id = HPKE_KDF_HKDF_SHA512,
2245*a90b9d01SCy Schubert .aead_id = HPKE_AEAD_AES_256_GCM,
2246*a90b9d01SCy Schubert .info = "4f6465206f6e2061204772656369616e2055726e",
2247*a90b9d01SCy Schubert .sk_r_group = 21,
2248*a90b9d01SCy Schubert .pk_r = "0401b45498c1714e2dce167d3caf162e45e0642afc7ed435df7902ccae0e84ba0f7d373f646b7738bbbdca11ed91bdeae3cdcba3301f2457be452f271fa6837580e661012af49583a62e48d44bed350c7118c0d8dc861c238c72a2bda17f64704f464b57338e7f40b60959480c0e58e6559b190d81663ed816e523b6b6a418f66d2451ec64",
2249*a90b9d01SCy Schubert .sk_r = "01462680369ae375e4b3791070a7458ed527842f6a98a79ff5e0d4cbde83c27196a3916956655523a6a2556a7af62c5cadabe2ef9da3760bb21e005202f7b2462847",
2250*a90b9d01SCy Schubert .enc = "040138b385ca16bb0d5fa0c0665fbbd7e69e3ee29f63991d3e9b5fa740aab8900aaeed46ed73a49055758425a0ce36507c54b29cc5b85a5cee6bae0cf1c21f2731ece2013dc3fb7c8d21654bb161b463962ca19e8c654ff24c94dd2898de12051f1ed0692237fb02b2f8d1dc1c73e9b366b529eb436e98a996ee522aef863dd5739d2f29b0",
2251*a90b9d01SCy Schubert .pt = "4265617574792069732074727574682c20747275746820626561757479",
2252*a90b9d01SCy Schubert .aad = "436f756e742d30",
2253*a90b9d01SCy Schubert .ct = "170f8beddfe949b75ef9c387e201baf4132fa7374593dfafa90768788b7b2b200aafcc6d80ea4c795a7c5b841a",
2254*a90b9d01SCy Schubert },
2255*a90b9d01SCy Schubert { /* self-generated test vector for P-384 */
2256*a90b9d01SCy Schubert .name = "custom DHKEM(P-384, HKDF-SHA384), HKDF-SHA384, AES-256-GCM",
2257*a90b9d01SCy Schubert .mode = HPKE_MODE_BASE,
2258*a90b9d01SCy Schubert .kem_id = HPKE_DHKEM_P384_HKDF_SHA384,
2259*a90b9d01SCy Schubert .kdf_id = HPKE_KDF_HKDF_SHA384,
2260*a90b9d01SCy Schubert .aead_id = HPKE_AEAD_AES_256_GCM,
2261*a90b9d01SCy Schubert .info = "4f6465206f6e2061204772656369616e2055726e",
2262*a90b9d01SCy Schubert .sk_r_group = 20,
2263*a90b9d01SCy Schubert .pk_r = "049c0e4dcbbb3c80715cafaa1839d0bc3c3adcc95eb8062f84175f9c3cec115e6b799061c65a0605907785c25b3571564706a8ba6a204452b38c7c205db17d328f2353df05d5f1c568e7503331178c36c2d37bbed48401295407face3f8dae5ed8",
2264*a90b9d01SCy Schubert .sk_r = "cabffb07d20ffcfdaa043e1de49e1654659e0f0aba5de56523e8b73dc80c579a9e5c89ed3810ec21c4bafcf74ad2a245",
2265*a90b9d01SCy Schubert .enc = "04b30bea96d0e51582033b02a4d676d0464a5eb2d858be86cda1c4e6f8b2aa9fb80f5365483f781b1b3a8b3b8efd50b0f7bca16f06d0435fa3da1d671ea0a318b40fe170a074923c651e5dc824966b7b98d0e36bdf932875dae7130369a793cecc",
2266*a90b9d01SCy Schubert .pt = "4265617574792069732074727574682c20747275746820626561757479",
2267*a90b9d01SCy Schubert .aad = "436f756e742d30",
2268*a90b9d01SCy Schubert .ct = "ae7feccfea0f8fcd620d15369a28db8701cdc90d55c20efff6296bd441697b0da34671d1f3c4864183e86d27fc",
2269*a90b9d01SCy Schubert },
2270*a90b9d01SCy Schubert { /* self-generated test vector for BP-256 */
2271*a90b9d01SCy Schubert .name = "custom PB-256 using DHKEM(P-256, HKDF-SHA256), HKDF-SHA256, AES-128-GCM",
2272*a90b9d01SCy Schubert .mode = HPKE_MODE_BASE,
2273*a90b9d01SCy Schubert .kem_id = HPKE_DHKEM_P256_HKDF_SHA256,
2274*a90b9d01SCy Schubert .kdf_id = HPKE_KDF_HKDF_SHA256,
2275*a90b9d01SCy Schubert .aead_id = HPKE_AEAD_AES_128_GCM,
2276*a90b9d01SCy Schubert .info = "4f6465206f6e2061204772656369616e2055726e",
2277*a90b9d01SCy Schubert .sk_r_group = 28,
2278*a90b9d01SCy Schubert .pk_r = "04a2cb9c4cae90cdc1c27516e9f84b6b166e4b1dcc517286268239ddb0bf74cca6390fed092ac4423ab2192b8bb41a4824d908d2053b93fc813830bebac5ce19b9",
2279*a90b9d01SCy Schubert .sk_r = "11d9db41c4341166ca52f5a1775595c0bdb4934350daeb7bce659c4b7a40e314",
2280*a90b9d01SCy Schubert .enc = "047a25e309c7ee50ec27f13d44734a3ccd8c703e3affcc728513df416511ef9bf02f5e7750e7415de8b5f306ebd3fc88ea9b9368523eb1733a8d82c1a877e5a0f4",
2281*a90b9d01SCy Schubert .pt = "4265617574792069732074727574682c20747275746820626561757479",
2282*a90b9d01SCy Schubert .aad = "436f756e742d30",
2283*a90b9d01SCy Schubert .ct = "17c84b3f07f6ffe08ff2be45c709ea782229504aa5b2253876725c6c39f8d8c992304fc5877994f79d6c10d462",
2284*a90b9d01SCy Schubert },
2285*a90b9d01SCy Schubert { /* self-generated test vector for BP-384 */
2286*a90b9d01SCy Schubert .name = "custom PB-384 using DHKEM(P-384, HKDF-SHA384), HKDF-SHA384, AES-256-GCM",
2287*a90b9d01SCy Schubert .mode = HPKE_MODE_BASE,
2288*a90b9d01SCy Schubert .kem_id = HPKE_DHKEM_P384_HKDF_SHA384,
2289*a90b9d01SCy Schubert .kdf_id = HPKE_KDF_HKDF_SHA384,
2290*a90b9d01SCy Schubert .aead_id = HPKE_AEAD_AES_256_GCM,
2291*a90b9d01SCy Schubert .info = "4f6465206f6e2061204772656369616e2055726e",
2292*a90b9d01SCy Schubert .sk_r_group = 29,
2293*a90b9d01SCy Schubert .pk_r = "041f4199ad28835908079c45d165d55630098be53eb4beede9921f5b2204fa396111f99ac54c56411f7cb2c43ec18d8e604d895027228cf975f5a4b598f189d8fb03e3fefe020258c40d4d1b15fd7587d209925d67a41f9659a8ed6f662fb441e4",
2294*a90b9d01SCy Schubert .sk_r = "7017cf8a5a9a81ad4e0d755ccbea27a378b787561f8d5662639850805fefcbaab6b9a15729872abb7dc53d19a6cf77e4",
2295*a90b9d01SCy Schubert .enc = "0415d49dedc5bc1ffe9f8de9022c266bb605ec6cd7b77b6ce68974095398856f8aefa4b7abbfbd496b99a2dda3a9c65f1a71b9d40255aa1c7c4205a8b4ef611b96ed29fd2d7b0cde4c0e82058805e6276025cc4fc606f6e5771c31bd9704e9ba0b",
2296*a90b9d01SCy Schubert .pt = "4265617574792069732074727574682c20747275746820626561757479",
2297*a90b9d01SCy Schubert .aad = "436f756e742d30",
2298*a90b9d01SCy Schubert .ct = "5f5e9f82bedadec0e9b01a1b304cb48b05c0d6d397b1c8a95ed541218ec54f634a41cbc4066910a409e47b254e",
2299*a90b9d01SCy Schubert },
2300*a90b9d01SCy Schubert { /* self-generated test vector for BP-512 */
2301*a90b9d01SCy Schubert .name = "custom PB-512 using DHKEM(P-521, HKDF-SHA512), HKDF-SHA512, AES-256-GCM",
2302*a90b9d01SCy Schubert .mode = HPKE_MODE_BASE,
2303*a90b9d01SCy Schubert .kem_id = HPKE_DHKEM_P521_HKDF_SHA512,
2304*a90b9d01SCy Schubert .kdf_id = HPKE_KDF_HKDF_SHA512,
2305*a90b9d01SCy Schubert .aead_id = HPKE_AEAD_AES_256_GCM,
2306*a90b9d01SCy Schubert .info = "4f6465206f6e2061204772656369616e2055726e",
2307*a90b9d01SCy Schubert .sk_r_group = 30,
2308*a90b9d01SCy Schubert .pk_r = "049e81046a531365a3b5215ac37e7b38f5fa34f86c4eb2e03113b197390a26c555bb007596e131c2541f336eb24a45f44283b5b53fedddfa5642675602fdec17d34120a35efffb44952e32dee7732f2f3245c3314269996b610703a63fb8555a75ca5092690a1125ae8712c1e31fd77aee42bd052e71f9f9459814d6f4065bcea0",
2309*a90b9d01SCy Schubert .sk_r = "483b6882608182b296843fa7dfffbdd61ed0372574d4aa32a035c8e33a493927aaf00d42bd9124ebe4df26010b38124668c02b35a749e74845d565734310cfe9",
2310*a90b9d01SCy Schubert .enc = "04158d18473aeb3b283d3345b1a87d3de2b192ff9e41b5a98f91daacfb24be72e698cbc04c33078681e507bf346c0ea70c927083a22ca9ea027f420067ee42285b798d95fea51002d097ce28371883202bfd300fb64943669e32c6f1a348087368bb480b757892ebd199a9389978c92cbc44076626d705a771fbbd90c030a6767e",
2311*a90b9d01SCy Schubert .pt = "4265617574792069732074727574682c20747275746820626561757479",
2312*a90b9d01SCy Schubert .aad = "436f756e742d30",
2313*a90b9d01SCy Schubert .ct = "033d91c4514857da5b833635180c1acc09f175cbf44777a7b71e177705cfd17437b1c85d671dd767bb4fe20e2e",
2314*a90b9d01SCy Schubert },
2315*a90b9d01SCy Schubert };
2316*a90b9d01SCy Schubert
2317*a90b9d01SCy Schubert
run_hpke_test(const struct hpke_test * test)2318*a90b9d01SCy Schubert static int run_hpke_test(const struct hpke_test *test)
2319*a90b9d01SCy Schubert {
2320*a90b9d01SCy Schubert struct wpabuf *info, *pk_r, *sk_r, *enc, *pt, *aad, *ct;
2321*a90b9d01SCy Schubert struct wpabuf *res_pt = NULL, *enc_ct = NULL, *res_ct = NULL;
2322*a90b9d01SCy Schubert struct crypto_ec_key *own_priv = NULL, *peer_pub = NULL;
2323*a90b9d01SCy Schubert int res = -1;
2324*a90b9d01SCy Schubert size_t coord_len;
2325*a90b9d01SCy Schubert
2326*a90b9d01SCy Schubert wpa_printf(MSG_INFO, "- %s", test->name);
2327*a90b9d01SCy Schubert
2328*a90b9d01SCy Schubert info = wpabuf_parse_bin(test->info);
2329*a90b9d01SCy Schubert pk_r = wpabuf_parse_bin(test->pk_r);
2330*a90b9d01SCy Schubert sk_r = wpabuf_parse_bin(test->sk_r);
2331*a90b9d01SCy Schubert enc = wpabuf_parse_bin(test->enc);
2332*a90b9d01SCy Schubert pt = wpabuf_parse_bin(test->pt);
2333*a90b9d01SCy Schubert aad = wpabuf_parse_bin(test->aad);
2334*a90b9d01SCy Schubert ct = wpabuf_parse_bin(test->ct);
2335*a90b9d01SCy Schubert if (!info || !pk_r || !sk_r || !enc || !pt || !aad || !ct) {
2336*a90b9d01SCy Schubert wpa_printf(MSG_ERROR, "Could not parse test data");
2337*a90b9d01SCy Schubert goto fail;
2338*a90b9d01SCy Schubert }
2339*a90b9d01SCy Schubert
2340*a90b9d01SCy Schubert /* Receiver - decryption against the test vector */
2341*a90b9d01SCy Schubert
2342*a90b9d01SCy Schubert enc_ct = wpabuf_concat(enc, ct);
2343*a90b9d01SCy Schubert enc = NULL;
2344*a90b9d01SCy Schubert ct = NULL;
2345*a90b9d01SCy Schubert if (!enc_ct)
2346*a90b9d01SCy Schubert goto fail;
2347*a90b9d01SCy Schubert
2348*a90b9d01SCy Schubert own_priv = crypto_ec_key_set_priv(test->sk_r_group, wpabuf_head(sk_r),
2349*a90b9d01SCy Schubert wpabuf_len(sk_r));
2350*a90b9d01SCy Schubert if (!own_priv) {
2351*a90b9d01SCy Schubert wpa_printf(MSG_ERROR,
2352*a90b9d01SCy Schubert "HPKE base open - failed to set private key");
2353*a90b9d01SCy Schubert goto fail;
2354*a90b9d01SCy Schubert }
2355*a90b9d01SCy Schubert
2356*a90b9d01SCy Schubert res_pt = hpke_base_open(test->kem_id, test->kdf_id, test->aead_id,
2357*a90b9d01SCy Schubert own_priv,
2358*a90b9d01SCy Schubert wpabuf_head(info), wpabuf_len(info),
2359*a90b9d01SCy Schubert wpabuf_head(aad), wpabuf_len(aad),
2360*a90b9d01SCy Schubert wpabuf_head(enc_ct), wpabuf_len(enc_ct));
2361*a90b9d01SCy Schubert if (!res_pt) {
2362*a90b9d01SCy Schubert wpa_printf(MSG_ERROR, "HPKE base open - failed to decrypt");
2363*a90b9d01SCy Schubert wpa_hexdump_buf(MSG_INFO, "pt", res_pt);
2364*a90b9d01SCy Schubert goto fail;
2365*a90b9d01SCy Schubert }
2366*a90b9d01SCy Schubert if (wpabuf_len(res_pt) != wpabuf_len(pt) ||
2367*a90b9d01SCy Schubert os_memcmp(wpabuf_head(res_pt), wpabuf_head(pt),
2368*a90b9d01SCy Schubert wpabuf_len(pt)) != 0) {
2369*a90b9d01SCy Schubert wpa_printf(MSG_ERROR,
2370*a90b9d01SCy Schubert "HPKE base open - failed - decryption mismatch");
2371*a90b9d01SCy Schubert goto fail;
2372*a90b9d01SCy Schubert }
2373*a90b9d01SCy Schubert
2374*a90b9d01SCy Schubert /* Sender - encryption (randomized algorithm) */
2375*a90b9d01SCy Schubert
2376*a90b9d01SCy Schubert if (test->sk_r_group == 19)
2377*a90b9d01SCy Schubert coord_len = 32;
2378*a90b9d01SCy Schubert else if (test->sk_r_group == 20)
2379*a90b9d01SCy Schubert coord_len = 48;
2380*a90b9d01SCy Schubert else if (test->sk_r_group == 21)
2381*a90b9d01SCy Schubert coord_len = 66;
2382*a90b9d01SCy Schubert else if (test->sk_r_group == 28)
2383*a90b9d01SCy Schubert coord_len = 32;
2384*a90b9d01SCy Schubert else if (test->sk_r_group == 29)
2385*a90b9d01SCy Schubert coord_len = 48;
2386*a90b9d01SCy Schubert else if (test->sk_r_group == 30)
2387*a90b9d01SCy Schubert coord_len = 64;
2388*a90b9d01SCy Schubert else
2389*a90b9d01SCy Schubert goto fail;
2390*a90b9d01SCy Schubert if (wpabuf_len(pk_r) != 1 + 2 * coord_len) {
2391*a90b9d01SCy Schubert wpa_printf(MSG_ERROR, "Unexpected pkR length (%zu != %zu)",
2392*a90b9d01SCy Schubert wpabuf_len(pk_r), 1 + 2 * coord_len);
2393*a90b9d01SCy Schubert goto fail;
2394*a90b9d01SCy Schubert }
2395*a90b9d01SCy Schubert peer_pub = crypto_ec_key_set_pub(test->sk_r_group,
2396*a90b9d01SCy Schubert wpabuf_head_u8(pk_r) + 1,
2397*a90b9d01SCy Schubert wpabuf_head_u8(pk_r) + 1 + coord_len,
2398*a90b9d01SCy Schubert coord_len);
2399*a90b9d01SCy Schubert if (!peer_pub) {
2400*a90b9d01SCy Schubert wpa_printf(MSG_ERROR,
2401*a90b9d01SCy Schubert "HPKE base open - failed to set public key");
2402*a90b9d01SCy Schubert goto fail;
2403*a90b9d01SCy Schubert }
2404*a90b9d01SCy Schubert
2405*a90b9d01SCy Schubert res_ct = hpke_base_seal(test->kem_id, test->kdf_id, test->aead_id,
2406*a90b9d01SCy Schubert peer_pub,
2407*a90b9d01SCy Schubert wpabuf_head(info), wpabuf_len(info),
2408*a90b9d01SCy Schubert wpabuf_head(aad), wpabuf_len(aad),
2409*a90b9d01SCy Schubert wpabuf_head(pt), wpabuf_len(pt));
2410*a90b9d01SCy Schubert if (!res_ct) {
2411*a90b9d01SCy Schubert wpa_printf(MSG_ERROR, "HPKE base open - failed to encrypt");
2412*a90b9d01SCy Schubert goto fail;
2413*a90b9d01SCy Schubert }
2414*a90b9d01SCy Schubert
2415*a90b9d01SCy Schubert /* Receiver - decryption (to verify own encryption) */
2416*a90b9d01SCy Schubert
2417*a90b9d01SCy Schubert wpabuf_free(res_pt);
2418*a90b9d01SCy Schubert res_pt = hpke_base_open(test->kem_id, test->kdf_id, test->aead_id,
2419*a90b9d01SCy Schubert own_priv,
2420*a90b9d01SCy Schubert wpabuf_head(info), wpabuf_len(info),
2421*a90b9d01SCy Schubert wpabuf_head(aad), wpabuf_len(aad),
2422*a90b9d01SCy Schubert wpabuf_head(res_ct), wpabuf_len(res_ct));
2423*a90b9d01SCy Schubert if (!res_pt) {
2424*a90b9d01SCy Schubert wpa_printf(MSG_ERROR, "HPKE base open - failed to decrypt own encrypted version");
2425*a90b9d01SCy Schubert goto fail;
2426*a90b9d01SCy Schubert }
2427*a90b9d01SCy Schubert if (wpabuf_len(res_pt) != wpabuf_len(pt) ||
2428*a90b9d01SCy Schubert os_memcmp(wpabuf_head(res_pt), wpabuf_head(pt),
2429*a90b9d01SCy Schubert wpabuf_len(pt)) != 0) {
2430*a90b9d01SCy Schubert wpa_printf(MSG_ERROR,
2431*a90b9d01SCy Schubert "HPKE base open - failed - decryption mismatch for own encrypted version");
2432*a90b9d01SCy Schubert wpa_hexdump_buf(MSG_INFO, "pt", res_pt);
2433*a90b9d01SCy Schubert goto fail;
2434*a90b9d01SCy Schubert }
2435*a90b9d01SCy Schubert
2436*a90b9d01SCy Schubert res = 0;
2437*a90b9d01SCy Schubert fail:
2438*a90b9d01SCy Schubert wpabuf_free(info);
2439*a90b9d01SCy Schubert wpabuf_free(pk_r);
2440*a90b9d01SCy Schubert wpabuf_free(sk_r);
2441*a90b9d01SCy Schubert wpabuf_free(enc);
2442*a90b9d01SCy Schubert wpabuf_free(pt);
2443*a90b9d01SCy Schubert wpabuf_free(aad);
2444*a90b9d01SCy Schubert wpabuf_free(ct);
2445*a90b9d01SCy Schubert wpabuf_free(enc_ct);
2446*a90b9d01SCy Schubert wpabuf_free(res_pt);
2447*a90b9d01SCy Schubert wpabuf_free(res_ct);
2448*a90b9d01SCy Schubert crypto_ec_key_deinit(own_priv);
2449*a90b9d01SCy Schubert crypto_ec_key_deinit(peer_pub);
2450*a90b9d01SCy Schubert return res;
2451*a90b9d01SCy Schubert }
2452*a90b9d01SCy Schubert
2453*a90b9d01SCy Schubert #endif /* CONFIG_DPP3 */
2454*a90b9d01SCy Schubert
2455*a90b9d01SCy Schubert
test_hpke(void)2456*a90b9d01SCy Schubert static int test_hpke(void)
2457*a90b9d01SCy Schubert {
2458*a90b9d01SCy Schubert #ifdef CONFIG_DPP3
2459*a90b9d01SCy Schubert unsigned int i;
2460*a90b9d01SCy Schubert
2461*a90b9d01SCy Schubert wpa_printf(MSG_INFO, "RFC 9180 - HPKE");
2462*a90b9d01SCy Schubert for (i = 0; i < ARRAY_SIZE(hpke_tests); i++) {
2463*a90b9d01SCy Schubert if (run_hpke_test(&hpke_tests[i]) < 0)
2464*a90b9d01SCy Schubert return -1;
2465*a90b9d01SCy Schubert }
2466*a90b9d01SCy Schubert
2467*a90b9d01SCy Schubert wpa_printf(MSG_INFO, "HPKE base open test cases passed");
2468*a90b9d01SCy Schubert #endif /* CONFIG_DPP3 */
2469*a90b9d01SCy Schubert return 0;
2470*a90b9d01SCy Schubert }
2471*a90b9d01SCy Schubert
2472*a90b9d01SCy Schubert
test_ms_funcs(void)24735b9c547cSRui Paulo static int test_ms_funcs(void)
24745b9c547cSRui Paulo {
2475325151a3SRui Paulo #ifndef CONFIG_FIPS
24765b9c547cSRui Paulo /* Test vector from RFC2759 example */
24775b9c547cSRui Paulo char *username = "User";
24785b9c547cSRui Paulo char *password = "clientPass";
24795b9c547cSRui Paulo u8 auth_challenge[] = {
24805b9c547cSRui Paulo 0x5B, 0x5D, 0x7C, 0x7D, 0x7B, 0x3F, 0x2F, 0x3E,
24815b9c547cSRui Paulo 0x3C, 0x2C, 0x60, 0x21, 0x32, 0x26, 0x26, 0x28
24825b9c547cSRui Paulo };
24835b9c547cSRui Paulo u8 peer_challenge[] = {
24845b9c547cSRui Paulo 0x21, 0x40, 0x23, 0x24, 0x25, 0x5E, 0x26, 0x2A,
24855b9c547cSRui Paulo 0x28, 0x29, 0x5F, 0x2B, 0x3A, 0x33, 0x7C, 0x7E
24865b9c547cSRui Paulo };
24875b9c547cSRui Paulo u8 password_hash[] = {
24885b9c547cSRui Paulo 0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6,
24895b9c547cSRui Paulo 0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE
24905b9c547cSRui Paulo };
24915b9c547cSRui Paulo u8 nt_response[] = {
24925b9c547cSRui Paulo 0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E,
24935b9c547cSRui Paulo 0xA0, 0x8F, 0xAA, 0x39, 0x81, 0xCD, 0x83, 0x54,
24945b9c547cSRui Paulo 0x42, 0x33, 0x11, 0x4A, 0x3D, 0x85, 0xD6, 0xDF
24955b9c547cSRui Paulo };
24965b9c547cSRui Paulo u8 password_hash_hash[] = {
24975b9c547cSRui Paulo 0x41, 0xC0, 0x0C, 0x58, 0x4B, 0xD2, 0xD9, 0x1C,
24985b9c547cSRui Paulo 0x40, 0x17, 0xA2, 0xA1, 0x2F, 0xA5, 0x9F, 0x3F
24995b9c547cSRui Paulo };
25005b9c547cSRui Paulo u8 authenticator_response[] = {
25015b9c547cSRui Paulo 0x40, 0x7A, 0x55, 0x89, 0x11, 0x5F, 0xD0, 0xD6,
25025b9c547cSRui Paulo 0x20, 0x9F, 0x51, 0x0F, 0xE9, 0xC0, 0x45, 0x66,
25035b9c547cSRui Paulo 0x93, 0x2C, 0xDA, 0x56
25045b9c547cSRui Paulo };
25055b9c547cSRui Paulo u8 master_key[] = {
25065b9c547cSRui Paulo 0xFD, 0xEC, 0xE3, 0x71, 0x7A, 0x8C, 0x83, 0x8C,
25075b9c547cSRui Paulo 0xB3, 0x88, 0xE5, 0x27, 0xAE, 0x3C, 0xDD, 0x31
25085b9c547cSRui Paulo };
25095b9c547cSRui Paulo u8 send_start_key[] = {
25105b9c547cSRui Paulo 0x8B, 0x7C, 0xDC, 0x14, 0x9B, 0x99, 0x3A, 0x1B,
25115b9c547cSRui Paulo 0xA1, 0x18, 0xCB, 0x15, 0x3F, 0x56, 0xDC, 0xCB
25125b9c547cSRui Paulo };
25135b9c547cSRui Paulo u8 buf[32];
25145b9c547cSRui Paulo int errors = 0;
25155b9c547cSRui Paulo
25165b9c547cSRui Paulo if (nt_password_hash((u8 *) password, os_strlen(password), buf) ||
25175b9c547cSRui Paulo os_memcmp(password_hash, buf, sizeof(password_hash)) != 0) {
25185b9c547cSRui Paulo wpa_printf(MSG_ERROR, "nt_password_hash failed");
25195b9c547cSRui Paulo errors++;
25205b9c547cSRui Paulo }
25215b9c547cSRui Paulo
25225b9c547cSRui Paulo if (generate_nt_response(auth_challenge, peer_challenge,
25235b9c547cSRui Paulo (u8 *) username, os_strlen(username),
25245b9c547cSRui Paulo (u8 *) password, os_strlen(password), buf) ||
25255b9c547cSRui Paulo os_memcmp(nt_response, buf, sizeof(nt_response)) != 0) {
25265b9c547cSRui Paulo wpa_printf(MSG_ERROR, "generate_nt_response failed");
25275b9c547cSRui Paulo errors++;
25285b9c547cSRui Paulo }
25295b9c547cSRui Paulo
25305b9c547cSRui Paulo if (hash_nt_password_hash(password_hash, buf) ||
25315b9c547cSRui Paulo os_memcmp(password_hash_hash, buf,
25325b9c547cSRui Paulo sizeof(password_hash_hash)) != 0) {
25335b9c547cSRui Paulo wpa_printf(MSG_ERROR, "hash_nt_password_hash failed");
25345b9c547cSRui Paulo errors++;
25355b9c547cSRui Paulo }
25365b9c547cSRui Paulo
25375b9c547cSRui Paulo if (generate_authenticator_response((u8 *) password,
25385b9c547cSRui Paulo os_strlen(password),
25395b9c547cSRui Paulo peer_challenge, auth_challenge,
25405b9c547cSRui Paulo (u8 *) username,
25415b9c547cSRui Paulo os_strlen(username),
25425b9c547cSRui Paulo nt_response, buf) ||
25435b9c547cSRui Paulo os_memcmp(authenticator_response, buf,
25445b9c547cSRui Paulo sizeof(authenticator_response)) != 0) {
25455b9c547cSRui Paulo wpa_printf(MSG_ERROR, "generate_authenticator_response failed");
25465b9c547cSRui Paulo errors++;
25475b9c547cSRui Paulo }
25485b9c547cSRui Paulo
25495b9c547cSRui Paulo if (get_master_key(password_hash_hash, nt_response, buf) ||
25505b9c547cSRui Paulo os_memcmp(master_key, buf, sizeof(master_key)) != 0) {
25515b9c547cSRui Paulo wpa_printf(MSG_ERROR, "get_master_key failed");
25525b9c547cSRui Paulo errors++;
25535b9c547cSRui Paulo }
25545b9c547cSRui Paulo
25555b9c547cSRui Paulo if (get_asymetric_start_key(master_key, buf, sizeof(send_start_key),
25565b9c547cSRui Paulo 1, 1) ||
25575b9c547cSRui Paulo os_memcmp(send_start_key, buf, sizeof(send_start_key)) != 0) {
25585b9c547cSRui Paulo wpa_printf(MSG_ERROR, "get_asymetric_start_key failed");
25595b9c547cSRui Paulo errors++;
25605b9c547cSRui Paulo }
25615b9c547cSRui Paulo
25625b9c547cSRui Paulo if (errors)
25635b9c547cSRui Paulo wpa_printf(MSG_ERROR, "ms_funcs: %d errors", errors);
25645b9c547cSRui Paulo else
25655b9c547cSRui Paulo wpa_printf(MSG_INFO, "ms_funcs test cases passed");
25665b9c547cSRui Paulo
25675b9c547cSRui Paulo return errors;
2568325151a3SRui Paulo #else /* CONFIG_FIPS */
2569325151a3SRui Paulo wpa_printf(MSG_INFO, "ms_funcs test cases skipped due to CONFIG_FIPS");
2570325151a3SRui Paulo return 0;
2571325151a3SRui Paulo #endif /* CONFIG_FIPS */
25725b9c547cSRui Paulo }
25735b9c547cSRui Paulo
25745b9c547cSRui Paulo
crypto_module_tests(void)25755b9c547cSRui Paulo int crypto_module_tests(void)
25765b9c547cSRui Paulo {
25775b9c547cSRui Paulo int ret = 0;
25785b9c547cSRui Paulo
25795b9c547cSRui Paulo wpa_printf(MSG_INFO, "crypto module tests");
25805b9c547cSRui Paulo if (test_siv() ||
25815b9c547cSRui Paulo test_omac1() ||
25825b9c547cSRui Paulo test_eax() ||
25835b9c547cSRui Paulo test_cbc() ||
25845b9c547cSRui Paulo test_ecb() ||
25855b9c547cSRui Paulo test_key_wrap() ||
2586c1d255d3SCy Schubert test_aes_ctr() ||
25875b9c547cSRui Paulo test_md5() ||
25885b9c547cSRui Paulo test_sha1() ||
25895b9c547cSRui Paulo test_sha256() ||
259085732ac8SCy Schubert test_sha384() ||
2591780fb4a2SCy Schubert test_fips186_2_prf() ||
259285732ac8SCy Schubert test_extract_expand_hkdf() ||
2593*a90b9d01SCy Schubert test_hpke() ||
25945b9c547cSRui Paulo test_ms_funcs())
25955b9c547cSRui Paulo ret = -1;
25965b9c547cSRui Paulo
25975b9c547cSRui Paulo return ret;
25985b9c547cSRui Paulo }
2599