15b9c547cSRui Paulo /* 25b9c547cSRui Paulo * crypto module tests 35b9c547cSRui Paulo * Copyright (c) 2014-2015, Jouni Malinen <j@w1.fi> 45b9c547cSRui Paulo * 55b9c547cSRui Paulo * This software may be distributed under the terms of the BSD license. 65b9c547cSRui Paulo * See README for more details. 75b9c547cSRui Paulo */ 85b9c547cSRui Paulo 95b9c547cSRui Paulo #include "utils/includes.h" 105b9c547cSRui Paulo 115b9c547cSRui Paulo #include "utils/common.h" 125b9c547cSRui Paulo #include "crypto/aes_siv.h" 135b9c547cSRui Paulo #include "crypto/aes_wrap.h" 145b9c547cSRui Paulo #include "crypto/aes.h" 155b9c547cSRui Paulo #include "crypto/ms_funcs.h" 165b9c547cSRui Paulo #include "crypto/crypto.h" 175b9c547cSRui Paulo #include "crypto/sha1.h" 185b9c547cSRui Paulo #include "crypto/sha256.h" 195b9c547cSRui Paulo 205b9c547cSRui Paulo 215b9c547cSRui Paulo static int test_siv(void) 225b9c547cSRui Paulo { 235b9c547cSRui Paulo #ifdef CONFIG_MESH 245b9c547cSRui Paulo /* RFC 5297, A.1. Deterministic Authenticated Encryption Example */ 255b9c547cSRui Paulo u8 key[] = { 265b9c547cSRui Paulo 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 275b9c547cSRui Paulo 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0, 285b9c547cSRui Paulo 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 295b9c547cSRui Paulo 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff 305b9c547cSRui Paulo }; 315b9c547cSRui Paulo u8 ad[] = { 325b9c547cSRui Paulo 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 335b9c547cSRui Paulo 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 345b9c547cSRui Paulo 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27 355b9c547cSRui Paulo }; 365b9c547cSRui Paulo u8 plaintext[] = { 375b9c547cSRui Paulo 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 385b9c547cSRui Paulo 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee 395b9c547cSRui Paulo }; 405b9c547cSRui Paulo u8 iv_c[] = { 415b9c547cSRui Paulo 0x85, 0x63, 0x2d, 0x07, 0xc6, 0xe8, 0xf3, 0x7f, 425b9c547cSRui Paulo 0x95, 0x0a, 0xcd, 0x32, 0x0a, 0x2e, 0xcc, 0x93, 435b9c547cSRui Paulo 0x40, 0xc0, 0x2b, 0x96, 0x90, 0xc4, 0xdc, 0x04, 445b9c547cSRui Paulo 0xda, 0xef, 0x7f, 0x6a, 0xfe, 0x5c 455b9c547cSRui Paulo }; 465b9c547cSRui Paulo /* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */ 475b9c547cSRui Paulo u8 key_2[] = { 485b9c547cSRui Paulo 0x7f, 0x7e, 0x7d, 0x7c, 0x7b, 0x7a, 0x79, 0x78, 495b9c547cSRui Paulo 0x77, 0x76, 0x75, 0x74, 0x73, 0x72, 0x71, 0x70, 505b9c547cSRui Paulo 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 515b9c547cSRui Paulo 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f 525b9c547cSRui Paulo }; 535b9c547cSRui Paulo u8 ad1_2[] = { 545b9c547cSRui Paulo 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 555b9c547cSRui Paulo 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 565b9c547cSRui Paulo 0xde, 0xad, 0xda, 0xda, 0xde, 0xad, 0xda, 0xda, 575b9c547cSRui Paulo 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88, 585b9c547cSRui Paulo 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00 595b9c547cSRui Paulo }; 605b9c547cSRui Paulo u8 ad2_2[] = { 615b9c547cSRui Paulo 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80, 625b9c547cSRui Paulo 0x90, 0xa0 635b9c547cSRui Paulo }; 645b9c547cSRui Paulo u8 nonce_2[] = { 655b9c547cSRui Paulo 0x09, 0xf9, 0x11, 0x02, 0x9d, 0x74, 0xe3, 0x5b, 665b9c547cSRui Paulo 0xd8, 0x41, 0x56, 0xc5, 0x63, 0x56, 0x88, 0xc0 675b9c547cSRui Paulo }; 685b9c547cSRui Paulo u8 plaintext_2[] = { 695b9c547cSRui Paulo 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 705b9c547cSRui Paulo 0x73, 0x6f, 0x6d, 0x65, 0x20, 0x70, 0x6c, 0x61, 715b9c547cSRui Paulo 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x20, 0x74, 725b9c547cSRui Paulo 0x6f, 0x20, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 735b9c547cSRui Paulo 0x74, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x20, 745b9c547cSRui Paulo 0x53, 0x49, 0x56, 0x2d, 0x41, 0x45, 0x53 755b9c547cSRui Paulo }; 765b9c547cSRui Paulo u8 iv_c_2[] = { 775b9c547cSRui Paulo 0x7b, 0xdb, 0x6e, 0x3b, 0x43, 0x26, 0x67, 0xeb, 785b9c547cSRui Paulo 0x06, 0xf4, 0xd1, 0x4b, 0xff, 0x2f, 0xbd, 0x0f, 795b9c547cSRui Paulo 0xcb, 0x90, 0x0f, 0x2f, 0xdd, 0xbe, 0x40, 0x43, 805b9c547cSRui Paulo 0x26, 0x60, 0x19, 0x65, 0xc8, 0x89, 0xbf, 0x17, 815b9c547cSRui Paulo 0xdb, 0xa7, 0x7c, 0xeb, 0x09, 0x4f, 0xa6, 0x63, 825b9c547cSRui Paulo 0xb7, 0xa3, 0xf7, 0x48, 0xba, 0x8a, 0xf8, 0x29, 835b9c547cSRui Paulo 0xea, 0x64, 0xad, 0x54, 0x4a, 0x27, 0x2e, 0x9c, 845b9c547cSRui Paulo 0x48, 0x5b, 0x62, 0xa3, 0xfd, 0x5c, 0x0d 855b9c547cSRui Paulo }; 865b9c547cSRui Paulo u8 out[2 * AES_BLOCK_SIZE + sizeof(plaintext_2)]; 875b9c547cSRui Paulo const u8 *addr[3]; 885b9c547cSRui Paulo size_t len[3]; 895b9c547cSRui Paulo 905b9c547cSRui Paulo /* RFC 5297, A.1. Deterministic Authenticated Encryption Example */ 915b9c547cSRui Paulo addr[0] = ad; 925b9c547cSRui Paulo len[0] = sizeof(ad); 935b9c547cSRui Paulo 945b9c547cSRui Paulo if (aes_siv_encrypt(key, plaintext, sizeof(plaintext), 955b9c547cSRui Paulo 1, addr, len, out)) { 965b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed"); 975b9c547cSRui Paulo return 1; 985b9c547cSRui Paulo } 995b9c547cSRui Paulo if (os_memcmp(out, iv_c, sizeof(iv_c)) != 0) { 1005b9c547cSRui Paulo wpa_printf(MSG_ERROR, 1015b9c547cSRui Paulo "AES-SIV mode encryption returned invalid cipher text"); 1025b9c547cSRui Paulo return 1; 1035b9c547cSRui Paulo } 1045b9c547cSRui Paulo 1055b9c547cSRui Paulo if (aes_siv_decrypt(key, iv_c, sizeof(iv_c), 1, addr, len, out)) { 1065b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed"); 1075b9c547cSRui Paulo return 1; 1085b9c547cSRui Paulo } 1095b9c547cSRui Paulo if (os_memcmp(out, plaintext, sizeof(plaintext)) != 0) { 1105b9c547cSRui Paulo wpa_printf(MSG_ERROR, 1115b9c547cSRui Paulo "AES-SIV mode decryption returned invalid plain text"); 1125b9c547cSRui Paulo return 1; 1135b9c547cSRui Paulo } 1145b9c547cSRui Paulo 1155b9c547cSRui Paulo /* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */ 1165b9c547cSRui Paulo addr[0] = ad1_2; 1175b9c547cSRui Paulo len[0] = sizeof(ad1_2); 1185b9c547cSRui Paulo addr[1] = ad2_2; 1195b9c547cSRui Paulo len[1] = sizeof(ad2_2); 1205b9c547cSRui Paulo addr[2] = nonce_2; 1215b9c547cSRui Paulo len[2] = sizeof(nonce_2); 1225b9c547cSRui Paulo 1235b9c547cSRui Paulo if (aes_siv_encrypt(key_2, plaintext_2, sizeof(plaintext_2), 1245b9c547cSRui Paulo 3, addr, len, out)) { 1255b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed"); 1265b9c547cSRui Paulo return 1; 1275b9c547cSRui Paulo } 1285b9c547cSRui Paulo if (os_memcmp(out, iv_c_2, sizeof(iv_c_2)) != 0) { 1295b9c547cSRui Paulo wpa_printf(MSG_ERROR, 1305b9c547cSRui Paulo "AES-SIV mode encryption returned invalid cipher text"); 1315b9c547cSRui Paulo return 1; 1325b9c547cSRui Paulo } 1335b9c547cSRui Paulo 1345b9c547cSRui Paulo if (aes_siv_decrypt(key_2, iv_c_2, sizeof(iv_c_2), 3, addr, len, out)) { 1355b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed"); 1365b9c547cSRui Paulo return 1; 1375b9c547cSRui Paulo } 1385b9c547cSRui Paulo if (os_memcmp(out, plaintext_2, sizeof(plaintext_2)) != 0) { 1395b9c547cSRui Paulo wpa_printf(MSG_ERROR, 1405b9c547cSRui Paulo "AES-SIV mode decryption returned invalid plain text"); 1415b9c547cSRui Paulo return 1; 1425b9c547cSRui Paulo } 1435b9c547cSRui Paulo 1445b9c547cSRui Paulo wpa_printf(MSG_INFO, "AES-SIV test cases passed"); 1455b9c547cSRui Paulo #endif /* CONFIG_MESH */ 1465b9c547cSRui Paulo 1475b9c547cSRui Paulo return 0; 1485b9c547cSRui Paulo } 1495b9c547cSRui Paulo 1505b9c547cSRui Paulo 1515b9c547cSRui Paulo /* OMAC1 AES-128 test vectors from 1525b9c547cSRui Paulo * http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/omac/omac-ad.pdf 1535b9c547cSRui Paulo * which are same as the examples from NIST SP800-38B 1545b9c547cSRui Paulo * http://csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf 1555b9c547cSRui Paulo */ 1565b9c547cSRui Paulo 1575b9c547cSRui Paulo struct omac1_test_vector { 1585b9c547cSRui Paulo u8 k[16]; 1595b9c547cSRui Paulo u8 msg[64]; 1605b9c547cSRui Paulo int msg_len; 1615b9c547cSRui Paulo u8 tag[16]; 1625b9c547cSRui Paulo }; 1635b9c547cSRui Paulo 164*325151a3SRui Paulo static const struct omac1_test_vector omac1_test_vectors[] = 1655b9c547cSRui Paulo { 1665b9c547cSRui Paulo { 1675b9c547cSRui Paulo { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 1685b9c547cSRui Paulo 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 1695b9c547cSRui Paulo { }, 1705b9c547cSRui Paulo 0, 1715b9c547cSRui Paulo { 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, 1725b9c547cSRui Paulo 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 } 1735b9c547cSRui Paulo }, 1745b9c547cSRui Paulo { 1755b9c547cSRui Paulo { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 1765b9c547cSRui Paulo 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 1775b9c547cSRui Paulo { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 1785b9c547cSRui Paulo 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a}, 1795b9c547cSRui Paulo 16, 1805b9c547cSRui Paulo { 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, 1815b9c547cSRui Paulo 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c } 1825b9c547cSRui Paulo }, 1835b9c547cSRui Paulo { 1845b9c547cSRui Paulo { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 1855b9c547cSRui Paulo 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 1865b9c547cSRui Paulo { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 1875b9c547cSRui Paulo 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 1885b9c547cSRui Paulo 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 1895b9c547cSRui Paulo 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 1905b9c547cSRui Paulo 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11 }, 1915b9c547cSRui Paulo 40, 1925b9c547cSRui Paulo { 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, 1935b9c547cSRui Paulo 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 } 1945b9c547cSRui Paulo }, 1955b9c547cSRui Paulo { 1965b9c547cSRui Paulo { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 1975b9c547cSRui Paulo 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 1985b9c547cSRui Paulo { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 1995b9c547cSRui Paulo 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 2005b9c547cSRui Paulo 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 2015b9c547cSRui Paulo 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 2025b9c547cSRui Paulo 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 2035b9c547cSRui Paulo 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, 2045b9c547cSRui Paulo 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 2055b9c547cSRui Paulo 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }, 2065b9c547cSRui Paulo 64, 2075b9c547cSRui Paulo { 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, 2085b9c547cSRui Paulo 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe } 2095b9c547cSRui Paulo }, 2105b9c547cSRui Paulo }; 2115b9c547cSRui Paulo 2125b9c547cSRui Paulo 213*325151a3SRui Paulo static int test_omac1_vector(const struct omac1_test_vector *tv, 214*325151a3SRui Paulo unsigned int i) 2155b9c547cSRui Paulo { 2165b9c547cSRui Paulo u8 key[] = { 2175b9c547cSRui Paulo 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 2185b9c547cSRui Paulo 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c 2195b9c547cSRui Paulo }; 2205b9c547cSRui Paulo u8 msg[] = { 0x12, 0x34, 0x56 }; 2215b9c547cSRui Paulo u8 result[24], result2[24]; 2225b9c547cSRui Paulo const u8 *addr[3]; 2235b9c547cSRui Paulo size_t len[3]; 2245b9c547cSRui Paulo 2255b9c547cSRui Paulo if (omac1_aes_128(tv->k, tv->msg, tv->msg_len, result) || 2265b9c547cSRui Paulo os_memcmp(result, tv->tag, 16) != 0) { 2275b9c547cSRui Paulo wpa_printf(MSG_ERROR, "OMAC1-AES-128 test vector %u failed", i); 2285b9c547cSRui Paulo return 1; 2295b9c547cSRui Paulo } 2305b9c547cSRui Paulo 2315b9c547cSRui Paulo if (tv->msg_len > 1) { 2325b9c547cSRui Paulo 2335b9c547cSRui Paulo addr[0] = tv->msg; 2345b9c547cSRui Paulo len[0] = 1; 2355b9c547cSRui Paulo addr[1] = tv->msg + 1; 2365b9c547cSRui Paulo len[1] = tv->msg_len - 1; 2375b9c547cSRui Paulo 2385b9c547cSRui Paulo if (omac1_aes_128_vector(tv->k, 2, addr, len, result) || 2395b9c547cSRui Paulo os_memcmp(result, tv->tag, 16) != 0) { 2405b9c547cSRui Paulo wpa_printf(MSG_ERROR, 2415b9c547cSRui Paulo "OMAC1-AES-128(vector) test vector %u failed", 2425b9c547cSRui Paulo i); 2435b9c547cSRui Paulo return 1; 2445b9c547cSRui Paulo } 2455b9c547cSRui Paulo 2465b9c547cSRui Paulo addr[0] = tv->msg; 2475b9c547cSRui Paulo len[0] = tv->msg_len - 2; 2485b9c547cSRui Paulo addr[1] = tv->msg + tv->msg_len - 2; 2495b9c547cSRui Paulo len[1] = 1; 2505b9c547cSRui Paulo addr[2] = tv->msg + tv->msg_len - 1; 2515b9c547cSRui Paulo len[2] = 1; 2525b9c547cSRui Paulo 2535b9c547cSRui Paulo if (omac1_aes_128_vector(tv->k, 3, addr, len, result) || 2545b9c547cSRui Paulo os_memcmp(result, tv->tag, 16) != 0) { 2555b9c547cSRui Paulo wpa_printf(MSG_ERROR, 2565b9c547cSRui Paulo "OMAC1-AES-128(vector2) test vector %u failed", 2575b9c547cSRui Paulo i); 2585b9c547cSRui Paulo return 1; 2595b9c547cSRui Paulo } 2605b9c547cSRui Paulo } 2615b9c547cSRui Paulo 2625b9c547cSRui Paulo addr[0] = &msg[0]; 2635b9c547cSRui Paulo len[0] = 1; 2645b9c547cSRui Paulo addr[1] = &msg[1]; 2655b9c547cSRui Paulo len[1] = 1; 2665b9c547cSRui Paulo addr[2] = &msg[2]; 2675b9c547cSRui Paulo len[2] = 1; 2685b9c547cSRui Paulo if (omac1_aes_128(key, msg, sizeof(msg), result) || 2695b9c547cSRui Paulo omac1_aes_128_vector(key, 3, addr, len, result2) || 2705b9c547cSRui Paulo os_memcmp(result, result2, 16) != 0) { 2715b9c547cSRui Paulo wpa_printf(MSG_ERROR, "OMAC1-AES-128 short test mismatch"); 2725b9c547cSRui Paulo return 1; 2735b9c547cSRui Paulo } 2745b9c547cSRui Paulo 2755b9c547cSRui Paulo return 0; 2765b9c547cSRui Paulo } 2775b9c547cSRui Paulo 2785b9c547cSRui Paulo 2795b9c547cSRui Paulo static int test_omac1(void) 2805b9c547cSRui Paulo { 2815b9c547cSRui Paulo unsigned int i; 2825b9c547cSRui Paulo 2835b9c547cSRui Paulo for (i = 0; i < ARRAY_SIZE(omac1_test_vectors); i++) { 2845b9c547cSRui Paulo if (test_omac1_vector(&omac1_test_vectors[i], i)) 2855b9c547cSRui Paulo return 1; 2865b9c547cSRui Paulo } 2875b9c547cSRui Paulo 2885b9c547cSRui Paulo wpa_printf(MSG_INFO, "OMAC1-AES-128 test cases passed"); 2895b9c547cSRui Paulo 2905b9c547cSRui Paulo return 0; 2915b9c547cSRui Paulo } 2925b9c547cSRui Paulo 2935b9c547cSRui Paulo 2945b9c547cSRui Paulo static int test_eax(void) 2955b9c547cSRui Paulo { 2965b9c547cSRui Paulo #ifdef EAP_PSK 2975b9c547cSRui Paulo u8 msg[] = { 0xF7, 0xFB }; 2985b9c547cSRui Paulo u8 key[] = { 0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B, 2995b9c547cSRui Paulo 0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4 }; 3005b9c547cSRui Paulo u8 nonce[] = { 0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84, 3015b9c547cSRui Paulo 0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD }; 3025b9c547cSRui Paulo u8 hdr[] = { 0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA }; 3035b9c547cSRui Paulo u8 cipher[] = { 0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D, 3045b9c547cSRui Paulo 0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79, 3055b9c547cSRui Paulo 0x67, 0xE5 }; 3065b9c547cSRui Paulo u8 data[sizeof(msg)], tag[AES_BLOCK_SIZE]; 3075b9c547cSRui Paulo 3085b9c547cSRui Paulo os_memcpy(data, msg, sizeof(msg)); 3095b9c547cSRui Paulo if (aes_128_eax_encrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr), 3105b9c547cSRui Paulo data, sizeof(data), tag)) { 3115b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-128 EAX mode encryption failed"); 3125b9c547cSRui Paulo return 1; 3135b9c547cSRui Paulo } 3145b9c547cSRui Paulo if (os_memcmp(data, cipher, sizeof(data)) != 0) { 3155b9c547cSRui Paulo wpa_printf(MSG_ERROR, 3165b9c547cSRui Paulo "AES-128 EAX mode encryption returned invalid cipher text"); 3175b9c547cSRui Paulo return 1; 3185b9c547cSRui Paulo } 3195b9c547cSRui Paulo if (os_memcmp(tag, cipher + sizeof(data), AES_BLOCK_SIZE) != 0) { 3205b9c547cSRui Paulo wpa_printf(MSG_ERROR, 3215b9c547cSRui Paulo "AES-128 EAX mode encryption returned invalid tag"); 3225b9c547cSRui Paulo return 1; 3235b9c547cSRui Paulo } 3245b9c547cSRui Paulo 3255b9c547cSRui Paulo if (aes_128_eax_decrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr), 3265b9c547cSRui Paulo data, sizeof(data), tag)) { 3275b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-128 EAX mode decryption failed"); 3285b9c547cSRui Paulo return 1; 3295b9c547cSRui Paulo } 3305b9c547cSRui Paulo if (os_memcmp(data, msg, sizeof(data)) != 0) { 3315b9c547cSRui Paulo wpa_printf(MSG_ERROR, 3325b9c547cSRui Paulo "AES-128 EAX mode decryption returned invalid plain text"); 3335b9c547cSRui Paulo return 1; 3345b9c547cSRui Paulo } 3355b9c547cSRui Paulo 3365b9c547cSRui Paulo wpa_printf(MSG_INFO, "AES-128 EAX mode test cases passed"); 3375b9c547cSRui Paulo #endif /* EAP_PSK */ 3385b9c547cSRui Paulo 3395b9c547cSRui Paulo return 0; 3405b9c547cSRui Paulo } 3415b9c547cSRui Paulo 3425b9c547cSRui Paulo 3435b9c547cSRui Paulo static int test_cbc(void) 3445b9c547cSRui Paulo { 3455b9c547cSRui Paulo struct cbc_test_vector { 3465b9c547cSRui Paulo u8 key[16]; 3475b9c547cSRui Paulo u8 iv[16]; 3485b9c547cSRui Paulo u8 plain[32]; 3495b9c547cSRui Paulo u8 cipher[32]; 3505b9c547cSRui Paulo size_t len; 3515b9c547cSRui Paulo } vectors[] = { 3525b9c547cSRui Paulo { 3535b9c547cSRui Paulo { 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b, 3545b9c547cSRui Paulo 0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 }, 3555b9c547cSRui Paulo { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30, 3565b9c547cSRui Paulo 0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 }, 3575b9c547cSRui Paulo "Single block msg", 3585b9c547cSRui Paulo { 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8, 3595b9c547cSRui Paulo 0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a }, 3605b9c547cSRui Paulo 16 3615b9c547cSRui Paulo }, 3625b9c547cSRui Paulo { 3635b9c547cSRui Paulo { 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0, 3645b9c547cSRui Paulo 0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a }, 3655b9c547cSRui Paulo { 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28, 3665b9c547cSRui Paulo 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 }, 3675b9c547cSRui Paulo { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 3685b9c547cSRui Paulo 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 3695b9c547cSRui Paulo 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 3705b9c547cSRui Paulo 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, 3715b9c547cSRui Paulo { 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a, 3725b9c547cSRui Paulo 0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a, 3735b9c547cSRui Paulo 0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9, 3745b9c547cSRui Paulo 0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 }, 3755b9c547cSRui Paulo 32 3765b9c547cSRui Paulo } 3775b9c547cSRui Paulo }; 3785b9c547cSRui Paulo int ret = 0; 3795b9c547cSRui Paulo u8 *buf; 3805b9c547cSRui Paulo unsigned int i; 3815b9c547cSRui Paulo 3825b9c547cSRui Paulo for (i = 0; i < ARRAY_SIZE(vectors); i++) { 3835b9c547cSRui Paulo struct cbc_test_vector *tv = &vectors[i]; 3845b9c547cSRui Paulo 3855b9c547cSRui Paulo buf = os_malloc(tv->len); 3865b9c547cSRui Paulo if (buf == NULL) { 3875b9c547cSRui Paulo ret++; 3885b9c547cSRui Paulo break; 3895b9c547cSRui Paulo } 3905b9c547cSRui Paulo 3915b9c547cSRui Paulo os_memcpy(buf, tv->plain, tv->len); 3925b9c547cSRui Paulo if (aes_128_cbc_encrypt(tv->key, tv->iv, buf, tv->len) || 3935b9c547cSRui Paulo os_memcmp(buf, tv->cipher, tv->len) != 0) { 3945b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-CBC encrypt %d failed", i); 3955b9c547cSRui Paulo ret++; 3965b9c547cSRui Paulo } 3975b9c547cSRui Paulo 3985b9c547cSRui Paulo os_memcpy(buf, tv->cipher, tv->len); 3995b9c547cSRui Paulo if (aes_128_cbc_decrypt(tv->key, tv->iv, buf, tv->len) || 4005b9c547cSRui Paulo os_memcmp(buf, tv->plain, tv->len) != 0) { 4015b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-CBC decrypt %d failed", i); 4025b9c547cSRui Paulo ret++; 4035b9c547cSRui Paulo } 4045b9c547cSRui Paulo 4055b9c547cSRui Paulo os_free(buf); 4065b9c547cSRui Paulo } 4075b9c547cSRui Paulo 4085b9c547cSRui Paulo return ret; 4095b9c547cSRui Paulo } 4105b9c547cSRui Paulo 4115b9c547cSRui Paulo 4125b9c547cSRui Paulo static int test_ecb(void) 4135b9c547cSRui Paulo { 4145b9c547cSRui Paulo #ifdef EAP_PSK 4155b9c547cSRui Paulo struct ecb_test_vector { 4165b9c547cSRui Paulo char *key; 4175b9c547cSRui Paulo char *plaintext; 4185b9c547cSRui Paulo char *ciphertext; 4195b9c547cSRui Paulo } vectors[] = { 4205b9c547cSRui Paulo /* CAVS 11.1 - ECBGFSbox128.rsp */ 4215b9c547cSRui Paulo { 4225b9c547cSRui Paulo "00000000000000000000000000000000", 4235b9c547cSRui Paulo "f34481ec3cc627bacd5dc3fb08f273e6", 4245b9c547cSRui Paulo "0336763e966d92595a567cc9ce537f5e" 4255b9c547cSRui Paulo }, 4265b9c547cSRui Paulo { 4275b9c547cSRui Paulo "00000000000000000000000000000000", 4285b9c547cSRui Paulo "9798c4640bad75c7c3227db910174e72", 4295b9c547cSRui Paulo "a9a1631bf4996954ebc093957b234589" 4305b9c547cSRui Paulo }, 4315b9c547cSRui Paulo { 4325b9c547cSRui Paulo "00000000000000000000000000000000", 4335b9c547cSRui Paulo "96ab5c2ff612d9dfaae8c31f30c42168", 4345b9c547cSRui Paulo "ff4f8391a6a40ca5b25d23bedd44a597" 4355b9c547cSRui Paulo }, 4365b9c547cSRui Paulo { 4375b9c547cSRui Paulo "00000000000000000000000000000000", 4385b9c547cSRui Paulo "6a118a874519e64e9963798a503f1d35", 4395b9c547cSRui Paulo "dc43be40be0e53712f7e2bf5ca707209" 4405b9c547cSRui Paulo }, 4415b9c547cSRui Paulo { 4425b9c547cSRui Paulo "00000000000000000000000000000000", 4435b9c547cSRui Paulo "cb9fceec81286ca3e989bd979b0cb284", 4445b9c547cSRui Paulo "92beedab1895a94faa69b632e5cc47ce" 4455b9c547cSRui Paulo }, 4465b9c547cSRui Paulo { 4475b9c547cSRui Paulo "00000000000000000000000000000000", 4485b9c547cSRui Paulo "b26aeb1874e47ca8358ff22378f09144", 4495b9c547cSRui Paulo "459264f4798f6a78bacb89c15ed3d601" 4505b9c547cSRui Paulo }, 4515b9c547cSRui Paulo { 4525b9c547cSRui Paulo "00000000000000000000000000000000", 4535b9c547cSRui Paulo "58c8e00b2631686d54eab84b91f0aca1", 4545b9c547cSRui Paulo "08a4e2efec8a8e3312ca7460b9040bbf" 4555b9c547cSRui Paulo }, 4565b9c547cSRui Paulo /* CAVS 11.1 - ECBKeySbox128.rsp */ 4575b9c547cSRui Paulo { 4585b9c547cSRui Paulo "10a58869d74be5a374cf867cfb473859", 4595b9c547cSRui Paulo "00000000000000000000000000000000", 4605b9c547cSRui Paulo "6d251e6944b051e04eaa6fb4dbf78465" 4615b9c547cSRui Paulo }, 4625b9c547cSRui Paulo { 4635b9c547cSRui Paulo "caea65cdbb75e9169ecd22ebe6e54675", 4645b9c547cSRui Paulo "00000000000000000000000000000000", 4655b9c547cSRui Paulo "6e29201190152df4ee058139def610bb", 4665b9c547cSRui Paulo } 4675b9c547cSRui Paulo }; 4685b9c547cSRui Paulo int ret = 0; 4695b9c547cSRui Paulo unsigned int i; 4705b9c547cSRui Paulo u8 key[16], plain[16], cipher[16], out[16]; 4715b9c547cSRui Paulo 4725b9c547cSRui Paulo for (i = 0; i < ARRAY_SIZE(vectors); i++) { 4735b9c547cSRui Paulo struct ecb_test_vector *tv = &vectors[i]; 4745b9c547cSRui Paulo 4755b9c547cSRui Paulo if (hexstr2bin(tv->key, key, sizeof(key)) || 4765b9c547cSRui Paulo hexstr2bin(tv->plaintext, plain, sizeof(plain)) || 4775b9c547cSRui Paulo hexstr2bin(tv->ciphertext, cipher, sizeof(cipher))) { 4785b9c547cSRui Paulo wpa_printf(MSG_ERROR, "Invalid AES-ECB test vector %u", 4795b9c547cSRui Paulo i); 4805b9c547cSRui Paulo ret++; 4815b9c547cSRui Paulo continue; 4825b9c547cSRui Paulo } 4835b9c547cSRui Paulo 4845b9c547cSRui Paulo if (aes_128_encrypt_block(key, plain, out) < 0 || 4855b9c547cSRui Paulo os_memcmp(out, cipher, 16) != 0) { 4865b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-ECB encrypt %u failed", i); 4875b9c547cSRui Paulo ret++; 4885b9c547cSRui Paulo } 4895b9c547cSRui Paulo } 4905b9c547cSRui Paulo 4915b9c547cSRui Paulo if (!ret) 4925b9c547cSRui Paulo wpa_printf(MSG_INFO, "AES ECB mode test cases passed"); 4935b9c547cSRui Paulo 4945b9c547cSRui Paulo return ret; 4955b9c547cSRui Paulo #endif /* EAP_PSK */ 4965b9c547cSRui Paulo 4975b9c547cSRui Paulo return 0; 4985b9c547cSRui Paulo } 4995b9c547cSRui Paulo 5005b9c547cSRui Paulo 5015b9c547cSRui Paulo static int test_key_wrap(void) 5025b9c547cSRui Paulo { 5035b9c547cSRui Paulo int ret = 0; 5045b9c547cSRui Paulo 5055b9c547cSRui Paulo /* RFC 3394 - Test vector 4.1 */ 5065b9c547cSRui Paulo u8 kek41[] = { 5075b9c547cSRui Paulo 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 5085b9c547cSRui Paulo 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f 5095b9c547cSRui Paulo }; 5105b9c547cSRui Paulo u8 plain41[] = { 5115b9c547cSRui Paulo 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 5125b9c547cSRui Paulo 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff 5135b9c547cSRui Paulo }; 5145b9c547cSRui Paulo u8 crypt41[] = { 5155b9c547cSRui Paulo 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47, 5165b9c547cSRui Paulo 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82, 5175b9c547cSRui Paulo 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5 5185b9c547cSRui Paulo }; 519*325151a3SRui Paulo #ifndef CONFIG_BORINGSSL 5205b9c547cSRui Paulo /* RFC 3394 - Test vector 4.2 */ 5215b9c547cSRui Paulo u8 kek42[] = { 5225b9c547cSRui Paulo 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 5235b9c547cSRui Paulo 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 5245b9c547cSRui Paulo 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 5255b9c547cSRui Paulo }; 5265b9c547cSRui Paulo u8 plain42[] = { 5275b9c547cSRui Paulo 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 5285b9c547cSRui Paulo 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff 5295b9c547cSRui Paulo }; 5305b9c547cSRui Paulo u8 crypt42[] = { 5315b9c547cSRui Paulo 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35, 5325b9c547cSRui Paulo 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2, 5335b9c547cSRui Paulo 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D 5345b9c547cSRui Paulo }; 535*325151a3SRui Paulo #endif /* CONFIG_BORINGSSL */ 5365b9c547cSRui Paulo /* RFC 3394 - Test vector 4.3 */ 5375b9c547cSRui Paulo u8 kek43[] = { 5385b9c547cSRui Paulo 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 5395b9c547cSRui Paulo 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 5405b9c547cSRui Paulo 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 5415b9c547cSRui Paulo 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F 5425b9c547cSRui Paulo }; 5435b9c547cSRui Paulo u8 plain43[] = { 5445b9c547cSRui Paulo 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 5455b9c547cSRui Paulo 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff 5465b9c547cSRui Paulo }; 5475b9c547cSRui Paulo u8 crypt43[] = { 5485b9c547cSRui Paulo 0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2, 5495b9c547cSRui Paulo 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A, 5505b9c547cSRui Paulo 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7, 5515b9c547cSRui Paulo }; 552*325151a3SRui Paulo #ifndef CONFIG_BORINGSSL 5535b9c547cSRui Paulo /* RFC 3394 - Test vector 4.4 */ 5545b9c547cSRui Paulo u8 kek44[] = { 5555b9c547cSRui Paulo 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 5565b9c547cSRui Paulo 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 5575b9c547cSRui Paulo 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 5585b9c547cSRui Paulo }; 5595b9c547cSRui Paulo u8 plain44[] = { 5605b9c547cSRui Paulo 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 5615b9c547cSRui Paulo 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 5625b9c547cSRui Paulo 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 5635b9c547cSRui Paulo }; 5645b9c547cSRui Paulo u8 crypt44[] = { 5655b9c547cSRui Paulo 0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32, 5665b9c547cSRui Paulo 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC, 5675b9c547cSRui Paulo 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93, 5685b9c547cSRui Paulo 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2 5695b9c547cSRui Paulo }; 570*325151a3SRui Paulo #endif /* CONFIG_BORINGSSL */ 5715b9c547cSRui Paulo /* RFC 3394 - Test vector 4.5 */ 5725b9c547cSRui Paulo u8 kek45[] = { 5735b9c547cSRui Paulo 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 5745b9c547cSRui Paulo 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 5755b9c547cSRui Paulo 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 5765b9c547cSRui Paulo 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F 5775b9c547cSRui Paulo }; 5785b9c547cSRui Paulo u8 plain45[] = { 5795b9c547cSRui Paulo 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 5805b9c547cSRui Paulo 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 5815b9c547cSRui Paulo 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 5825b9c547cSRui Paulo }; 5835b9c547cSRui Paulo u8 crypt45[] = { 5845b9c547cSRui Paulo 0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F, 5855b9c547cSRui Paulo 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4, 5865b9c547cSRui Paulo 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95, 5875b9c547cSRui Paulo 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1, 5885b9c547cSRui Paulo }; 5895b9c547cSRui Paulo /* RFC 3394 - Test vector 4.6 */ 5905b9c547cSRui Paulo u8 kek46[] = { 5915b9c547cSRui Paulo 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 5925b9c547cSRui Paulo 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 5935b9c547cSRui Paulo 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 5945b9c547cSRui Paulo 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F 5955b9c547cSRui Paulo }; 5965b9c547cSRui Paulo u8 plain46[] = { 5975b9c547cSRui Paulo 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 5985b9c547cSRui Paulo 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 5995b9c547cSRui Paulo 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 6005b9c547cSRui Paulo 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F 6015b9c547cSRui Paulo }; 6025b9c547cSRui Paulo u8 crypt46[] = { 6035b9c547cSRui Paulo 0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4, 6045b9c547cSRui Paulo 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26, 6055b9c547cSRui Paulo 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26, 6065b9c547cSRui Paulo 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B, 6075b9c547cSRui Paulo 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21 6085b9c547cSRui Paulo }; 6095b9c547cSRui Paulo u8 result[40]; 6105b9c547cSRui Paulo 6115b9c547cSRui Paulo wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.1"); 6125b9c547cSRui Paulo if (aes_wrap(kek41, sizeof(kek41), sizeof(plain41) / 8, plain41, 6135b9c547cSRui Paulo result)) { 6145b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-WRAP-128 reported failure"); 6155b9c547cSRui Paulo ret++; 6165b9c547cSRui Paulo } 6175b9c547cSRui Paulo if (os_memcmp(result, crypt41, sizeof(crypt41)) != 0) { 6185b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-WRAP-128 failed"); 6195b9c547cSRui Paulo ret++; 6205b9c547cSRui Paulo } 6215b9c547cSRui Paulo if (aes_unwrap(kek41, sizeof(kek41), sizeof(plain41) / 8, crypt41, 6225b9c547cSRui Paulo result)) { 6235b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-UNWRAP-128 reported failure"); 6245b9c547cSRui Paulo ret++; 6255b9c547cSRui Paulo } 6265b9c547cSRui Paulo if (os_memcmp(result, plain41, sizeof(plain41)) != 0) { 6275b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-UNWRAP-128 failed"); 6285b9c547cSRui Paulo ret++; 6295b9c547cSRui Paulo } 6305b9c547cSRui Paulo 631*325151a3SRui Paulo #ifndef CONFIG_BORINGSSL 6325b9c547cSRui Paulo wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.2"); 6335b9c547cSRui Paulo if (aes_wrap(kek42, sizeof(kek42), sizeof(plain42) / 8, plain42, 6345b9c547cSRui Paulo result)) { 6355b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure"); 6365b9c547cSRui Paulo ret++; 6375b9c547cSRui Paulo } 6385b9c547cSRui Paulo if (os_memcmp(result, crypt42, sizeof(crypt42)) != 0) { 6395b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-WRAP-192 failed"); 6405b9c547cSRui Paulo ret++; 6415b9c547cSRui Paulo } 6425b9c547cSRui Paulo if (aes_unwrap(kek42, sizeof(kek42), sizeof(plain42) / 8, crypt42, 6435b9c547cSRui Paulo result)) { 6445b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure"); 6455b9c547cSRui Paulo ret++; 6465b9c547cSRui Paulo } 6475b9c547cSRui Paulo if (os_memcmp(result, plain42, sizeof(plain42)) != 0) { 6485b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed"); 6495b9c547cSRui Paulo ret++; 6505b9c547cSRui Paulo } 651*325151a3SRui Paulo #endif /* CONFIG_BORINGSSL */ 6525b9c547cSRui Paulo 6535b9c547cSRui Paulo wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.3"); 6545b9c547cSRui Paulo if (aes_wrap(kek43, sizeof(kek43), sizeof(plain43) / 8, plain43, 6555b9c547cSRui Paulo result)) { 6565b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure"); 6575b9c547cSRui Paulo ret++; 6585b9c547cSRui Paulo } 6595b9c547cSRui Paulo if (os_memcmp(result, crypt43, sizeof(crypt43)) != 0) { 6605b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-WRAP-256 failed"); 6615b9c547cSRui Paulo ret++; 6625b9c547cSRui Paulo } 6635b9c547cSRui Paulo if (aes_unwrap(kek43, sizeof(kek43), sizeof(plain43) / 8, crypt43, 6645b9c547cSRui Paulo result)) { 6655b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure"); 6665b9c547cSRui Paulo ret++; 6675b9c547cSRui Paulo } 6685b9c547cSRui Paulo if (os_memcmp(result, plain43, sizeof(plain43)) != 0) { 6695b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed"); 6705b9c547cSRui Paulo ret++; 6715b9c547cSRui Paulo } 6725b9c547cSRui Paulo 673*325151a3SRui Paulo #ifndef CONFIG_BORINGSSL 6745b9c547cSRui Paulo wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.4"); 6755b9c547cSRui Paulo if (aes_wrap(kek44, sizeof(kek44), sizeof(plain44) / 8, plain44, 6765b9c547cSRui Paulo result)) { 6775b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure"); 6785b9c547cSRui Paulo ret++; 6795b9c547cSRui Paulo } 6805b9c547cSRui Paulo if (os_memcmp(result, crypt44, sizeof(crypt44)) != 0) { 6815b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-WRAP-192 failed"); 6825b9c547cSRui Paulo ret++; 6835b9c547cSRui Paulo } 6845b9c547cSRui Paulo if (aes_unwrap(kek44, sizeof(kek44), sizeof(plain44) / 8, crypt44, 6855b9c547cSRui Paulo result)) { 6865b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure"); 6875b9c547cSRui Paulo ret++; 6885b9c547cSRui Paulo } 6895b9c547cSRui Paulo if (os_memcmp(result, plain44, sizeof(plain44)) != 0) { 6905b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed"); 6915b9c547cSRui Paulo ret++; 6925b9c547cSRui Paulo } 693*325151a3SRui Paulo #endif /* CONFIG_BORINGSSL */ 6945b9c547cSRui Paulo 6955b9c547cSRui Paulo wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.5"); 6965b9c547cSRui Paulo if (aes_wrap(kek45, sizeof(kek45), sizeof(plain45) / 8, plain45, 6975b9c547cSRui Paulo result)) { 6985b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure"); 6995b9c547cSRui Paulo ret++; 7005b9c547cSRui Paulo } 7015b9c547cSRui Paulo if (os_memcmp(result, crypt45, sizeof(crypt45)) != 0) { 7025b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-WRAP-256 failed"); 7035b9c547cSRui Paulo ret++; 7045b9c547cSRui Paulo } 7055b9c547cSRui Paulo if (aes_unwrap(kek45, sizeof(kek45), sizeof(plain45) / 8, crypt45, 7065b9c547cSRui Paulo result)) { 7075b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure"); 7085b9c547cSRui Paulo ret++; 7095b9c547cSRui Paulo } 7105b9c547cSRui Paulo if (os_memcmp(result, plain45, sizeof(plain45)) != 0) { 7115b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed"); 7125b9c547cSRui Paulo ret++; 7135b9c547cSRui Paulo } 7145b9c547cSRui Paulo 7155b9c547cSRui Paulo wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.6"); 7165b9c547cSRui Paulo if (aes_wrap(kek46, sizeof(kek46), sizeof(plain46) / 8, plain46, 7175b9c547cSRui Paulo result)) { 7185b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure"); 7195b9c547cSRui Paulo ret++; 7205b9c547cSRui Paulo } 7215b9c547cSRui Paulo if (os_memcmp(result, crypt46, sizeof(crypt46)) != 0) { 7225b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-WRAP-256 failed"); 7235b9c547cSRui Paulo ret++; 7245b9c547cSRui Paulo } 7255b9c547cSRui Paulo if (aes_unwrap(kek46, sizeof(kek46), sizeof(plain46) / 8, crypt46, 7265b9c547cSRui Paulo result)) { 7275b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure"); 7285b9c547cSRui Paulo ret++; 7295b9c547cSRui Paulo } 7305b9c547cSRui Paulo if (os_memcmp(result, plain46, sizeof(plain46)) != 0) { 7315b9c547cSRui Paulo wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed"); 7325b9c547cSRui Paulo ret++; 7335b9c547cSRui Paulo } 7345b9c547cSRui Paulo 7355b9c547cSRui Paulo if (!ret) 7365b9c547cSRui Paulo wpa_printf(MSG_INFO, "AES key wrap/unwrap test cases passed"); 7375b9c547cSRui Paulo 7385b9c547cSRui Paulo return ret; 7395b9c547cSRui Paulo } 7405b9c547cSRui Paulo 7415b9c547cSRui Paulo 7425b9c547cSRui Paulo static int test_md5(void) 7435b9c547cSRui Paulo { 744*325151a3SRui Paulo #ifndef CONFIG_FIPS 7455b9c547cSRui Paulo struct { 7465b9c547cSRui Paulo char *data; 7475b9c547cSRui Paulo char *hash; 7485b9c547cSRui Paulo } tests[] = { 7495b9c547cSRui Paulo { 7505b9c547cSRui Paulo "", 7515b9c547cSRui Paulo "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04" 7525b9c547cSRui Paulo "\xe9\x80\x09\x98\xec\xf8\x42\x7e" 7535b9c547cSRui Paulo }, 7545b9c547cSRui Paulo { 7555b9c547cSRui Paulo "a", 7565b9c547cSRui Paulo "\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8" 7575b9c547cSRui Paulo "\x31\xc3\x99\xe2\x69\x77\x26\x61" 7585b9c547cSRui Paulo }, 7595b9c547cSRui Paulo { 7605b9c547cSRui Paulo "abc", 7615b9c547cSRui Paulo "\x90\x01\x50\x98\x3c\xd2\x4f\xb0" 7625b9c547cSRui Paulo "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72" 7635b9c547cSRui Paulo }, 7645b9c547cSRui Paulo { 7655b9c547cSRui Paulo "message digest", 7665b9c547cSRui Paulo "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d" 7675b9c547cSRui Paulo "\x52\x5a\x2f\x31\xaa\xf1\x61\xd0" 7685b9c547cSRui Paulo }, 7695b9c547cSRui Paulo { 7705b9c547cSRui Paulo "abcdefghijklmnopqrstuvwxyz", 7715b9c547cSRui Paulo "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00" 7725b9c547cSRui Paulo "\x7d\xfb\x49\x6c\xca\x67\xe1\x3b" 7735b9c547cSRui Paulo }, 7745b9c547cSRui Paulo { 7755b9c547cSRui Paulo "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" 7765b9c547cSRui Paulo "0123456789", 7775b9c547cSRui Paulo "\xd1\x74\xab\x98\xd2\x77\xd9\xf5" 7785b9c547cSRui Paulo "\xa5\x61\x1c\x2c\x9f\x41\x9d\x9f" 7795b9c547cSRui Paulo }, 7805b9c547cSRui Paulo { 7815b9c547cSRui Paulo "12345678901234567890123456789012345678901234567890" 7825b9c547cSRui Paulo "123456789012345678901234567890", 7835b9c547cSRui Paulo "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55" 7845b9c547cSRui Paulo "\xac\x49\xda\x2e\x21\x07\xb6\x7a" 7855b9c547cSRui Paulo } 7865b9c547cSRui Paulo }; 7875b9c547cSRui Paulo unsigned int i; 7885b9c547cSRui Paulo u8 hash[16]; 7895b9c547cSRui Paulo const u8 *addr[2]; 7905b9c547cSRui Paulo size_t len[2]; 7915b9c547cSRui Paulo int errors = 0; 7925b9c547cSRui Paulo 7935b9c547cSRui Paulo for (i = 0; i < ARRAY_SIZE(tests); i++) { 7945b9c547cSRui Paulo wpa_printf(MSG_INFO, "MD5 test case %d", i); 7955b9c547cSRui Paulo 7965b9c547cSRui Paulo addr[0] = (u8 *) tests[i].data; 7975b9c547cSRui Paulo len[0] = strlen(tests[i].data); 7985b9c547cSRui Paulo if (md5_vector(1, addr, len, hash) < 0 || 7995b9c547cSRui Paulo os_memcmp(hash, tests[i].hash, 16) != 0) { 8005b9c547cSRui Paulo wpa_printf(MSG_INFO, " FAIL"); 8015b9c547cSRui Paulo errors++; 8025b9c547cSRui Paulo } else 8035b9c547cSRui Paulo wpa_printf(MSG_INFO, " OK"); 8045b9c547cSRui Paulo 8055b9c547cSRui Paulo if (len[0]) { 8065b9c547cSRui Paulo addr[0] = (u8 *) tests[i].data; 8075b9c547cSRui Paulo len[0] = strlen(tests[i].data); 8085b9c547cSRui Paulo addr[1] = (u8 *) tests[i].data + 1; 8095b9c547cSRui Paulo len[1] = strlen(tests[i].data) - 1; 8105b9c547cSRui Paulo if (md5_vector(1, addr, len, hash) < 0 || 8115b9c547cSRui Paulo os_memcmp(hash, tests[i].hash, 16) != 0) { 8125b9c547cSRui Paulo wpa_printf(MSG_INFO, " FAIL"); 8135b9c547cSRui Paulo errors++; 8145b9c547cSRui Paulo } else 8155b9c547cSRui Paulo wpa_printf(MSG_INFO, " OK"); 8165b9c547cSRui Paulo } 8175b9c547cSRui Paulo } 8185b9c547cSRui Paulo 8195b9c547cSRui Paulo if (!errors) 8205b9c547cSRui Paulo wpa_printf(MSG_INFO, "MD5 test cases passed"); 8215b9c547cSRui Paulo 8225b9c547cSRui Paulo return errors; 823*325151a3SRui Paulo #else /* CONFIG_FIPS */ 824*325151a3SRui Paulo wpa_printf(MSG_INFO, "MD5 test cases skipped due to CONFIG_FIPS"); 825*325151a3SRui Paulo return 0; 826*325151a3SRui Paulo #endif /* CONFIG_FIPS */ 8275b9c547cSRui Paulo } 8285b9c547cSRui Paulo 8295b9c547cSRui Paulo 8305b9c547cSRui Paulo static int test_eap_fast(void) 8315b9c547cSRui Paulo { 8325b9c547cSRui Paulo #ifdef EAP_FAST 8335b9c547cSRui Paulo /* RFC 4851, Appendix B.1 */ 8345b9c547cSRui Paulo const u8 pac_key[] = { 8355b9c547cSRui Paulo 0x0B, 0x97, 0x39, 0x0F, 0x37, 0x51, 0x78, 0x09, 8365b9c547cSRui Paulo 0x81, 0x1E, 0xFD, 0x9C, 0x6E, 0x65, 0x94, 0x2B, 8375b9c547cSRui Paulo 0x63, 0x2C, 0xE9, 0x53, 0x89, 0x38, 0x08, 0xBA, 8385b9c547cSRui Paulo 0x36, 0x0B, 0x03, 0x7C, 0xD1, 0x85, 0xE4, 0x14 8395b9c547cSRui Paulo }; 8405b9c547cSRui Paulo const u8 seed[] = { 8415b9c547cSRui Paulo 0x3F, 0xFB, 0x11, 0xC4, 0x6C, 0xBF, 0xA5, 0x7A, 8425b9c547cSRui Paulo 0x54, 0x40, 0xDA, 0xE8, 0x22, 0xD3, 0x11, 0xD3, 8435b9c547cSRui Paulo 0xF7, 0x6D, 0xE4, 0x1D, 0xD9, 0x33, 0xE5, 0x93, 8445b9c547cSRui Paulo 0x70, 0x97, 0xEB, 0xA9, 0xB3, 0x66, 0xF4, 0x2A, 8455b9c547cSRui Paulo 0x00, 0x00, 0x00, 0x02, 0x6A, 0x66, 0x43, 0x2A, 8465b9c547cSRui Paulo 0x8D, 0x14, 0x43, 0x2C, 0xEC, 0x58, 0x2D, 0x2F, 8475b9c547cSRui Paulo 0xC7, 0x9C, 0x33, 0x64, 0xBA, 0x04, 0xAD, 0x3A, 8485b9c547cSRui Paulo 0x52, 0x54, 0xD6, 0xA5, 0x79, 0xAD, 0x1E, 0x00 8495b9c547cSRui Paulo }; 8505b9c547cSRui Paulo const u8 master_secret[] = { 8515b9c547cSRui Paulo 0x4A, 0x1A, 0x51, 0x2C, 0x01, 0x60, 0xBC, 0x02, 8525b9c547cSRui Paulo 0x3C, 0xCF, 0xBC, 0x83, 0x3F, 0x03, 0xBC, 0x64, 8535b9c547cSRui Paulo 0x88, 0xC1, 0x31, 0x2F, 0x0B, 0xA9, 0xA2, 0x77, 8545b9c547cSRui Paulo 0x16, 0xA8, 0xD8, 0xE8, 0xBD, 0xC9, 0xD2, 0x29, 8555b9c547cSRui Paulo 0x38, 0x4B, 0x7A, 0x85, 0xBE, 0x16, 0x4D, 0x27, 8565b9c547cSRui Paulo 0x33, 0xD5, 0x24, 0x79, 0x87, 0xB1, 0xC5, 0xA2 8575b9c547cSRui Paulo }; 858*325151a3SRui Paulo #ifndef CONFIG_FIPS 8595b9c547cSRui Paulo const u8 key_block[] = { 8605b9c547cSRui Paulo 0x59, 0x59, 0xBE, 0x8E, 0x41, 0x3A, 0x77, 0x74, 8615b9c547cSRui Paulo 0x8B, 0xB2, 0xE5, 0xD3, 0x60, 0xAC, 0x4D, 0x35, 8625b9c547cSRui Paulo 0xDF, 0xFB, 0xC8, 0x1E, 0x9C, 0x24, 0x9C, 0x8B, 8635b9c547cSRui Paulo 0x0E, 0xC3, 0x1D, 0x72, 0xC8, 0x84, 0x9D, 0x57, 8645b9c547cSRui Paulo 0x48, 0x51, 0x2E, 0x45, 0x97, 0x6C, 0x88, 0x70, 8655b9c547cSRui Paulo 0xBE, 0x5F, 0x01, 0xD3, 0x64, 0xE7, 0x4C, 0xBB, 8665b9c547cSRui Paulo 0x11, 0x24, 0xE3, 0x49, 0xE2, 0x3B, 0xCD, 0xEF, 8675b9c547cSRui Paulo 0x7A, 0xB3, 0x05, 0x39, 0x5D, 0x64, 0x8A, 0x44, 8685b9c547cSRui Paulo 0x11, 0xB6, 0x69, 0x88, 0x34, 0x2E, 0x8E, 0x29, 8695b9c547cSRui Paulo 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05, 8705b9c547cSRui Paulo 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96, 8715b9c547cSRui Paulo 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84, 8725b9c547cSRui Paulo 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98, 8735b9c547cSRui Paulo 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71 8745b9c547cSRui Paulo }; 875*325151a3SRui Paulo #endif /* CONFIG_FIPS */ 8765b9c547cSRui Paulo const u8 sks[] = { 8775b9c547cSRui Paulo 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05, 8785b9c547cSRui Paulo 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96, 8795b9c547cSRui Paulo 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84, 8805b9c547cSRui Paulo 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98, 8815b9c547cSRui Paulo 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71 8825b9c547cSRui Paulo }; 8835b9c547cSRui Paulo const u8 isk[] = { 8845b9c547cSRui Paulo 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 8855b9c547cSRui Paulo 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 8865b9c547cSRui Paulo 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 8875b9c547cSRui Paulo 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 8885b9c547cSRui Paulo }; 8895b9c547cSRui Paulo const u8 imck[] = { 8905b9c547cSRui Paulo 0x16, 0x15, 0x3C, 0x3F, 0x21, 0x55, 0xEF, 0xD9, 8915b9c547cSRui Paulo 0x7F, 0x34, 0xAE, 0xC8, 0x1A, 0x4E, 0x66, 0x80, 8925b9c547cSRui Paulo 0x4C, 0xC3, 0x76, 0xF2, 0x8A, 0xA9, 0x6F, 0x96, 8935b9c547cSRui Paulo 0xC2, 0x54, 0x5F, 0x8C, 0xAB, 0x65, 0x02, 0xE1, 8945b9c547cSRui Paulo 0x18, 0x40, 0x7B, 0x56, 0xBE, 0xEA, 0xA7, 0xC5, 8955b9c547cSRui Paulo 0x76, 0x5D, 0x8F, 0x0B, 0xC5, 0x07, 0xC6, 0xB9, 8965b9c547cSRui Paulo 0x04, 0xD0, 0x69, 0x56, 0x72, 0x8B, 0x6B, 0xB8, 8975b9c547cSRui Paulo 0x15, 0xEC, 0x57, 0x7B 8985b9c547cSRui Paulo }; 8995b9c547cSRui Paulo const u8 msk[] = { 9005b9c547cSRui Paulo 0x4D, 0x83, 0xA9, 0xBE, 0x6F, 0x8A, 0x74, 0xED, 9015b9c547cSRui Paulo 0x6A, 0x02, 0x66, 0x0A, 0x63, 0x4D, 0x2C, 0x33, 9025b9c547cSRui Paulo 0xC2, 0xDA, 0x60, 0x15, 0xC6, 0x37, 0x04, 0x51, 9035b9c547cSRui Paulo 0x90, 0x38, 0x63, 0xDA, 0x54, 0x3E, 0x14, 0xB9, 9045b9c547cSRui Paulo 0x27, 0x99, 0x18, 0x1E, 0x07, 0xBF, 0x0F, 0x5A, 9055b9c547cSRui Paulo 0x5E, 0x3C, 0x32, 0x93, 0x80, 0x8C, 0x6C, 0x49, 9065b9c547cSRui Paulo 0x67, 0xED, 0x24, 0xFE, 0x45, 0x40, 0xA0, 0x59, 9075b9c547cSRui Paulo 0x5E, 0x37, 0xC2, 0xE9, 0xD0, 0x5D, 0x0A, 0xE3 9085b9c547cSRui Paulo }; 9095b9c547cSRui Paulo const u8 emsk[] = { 9105b9c547cSRui Paulo 0x3A, 0xD4, 0xAB, 0xDB, 0x76, 0xB2, 0x7F, 0x3B, 9115b9c547cSRui Paulo 0xEA, 0x32, 0x2C, 0x2B, 0x74, 0xF4, 0x28, 0x55, 9125b9c547cSRui Paulo 0xEF, 0x2D, 0xBA, 0x78, 0xC9, 0x57, 0x2F, 0x0D, 9135b9c547cSRui Paulo 0x06, 0xCD, 0x51, 0x7C, 0x20, 0x93, 0x98, 0xA9, 9145b9c547cSRui Paulo 0x76, 0xEA, 0x70, 0x21, 0xD7, 0x0E, 0x25, 0x54, 9155b9c547cSRui Paulo 0x97, 0xED, 0xB2, 0x8A, 0xF6, 0xED, 0xFD, 0x0A, 9165b9c547cSRui Paulo 0x2A, 0xE7, 0xA1, 0x58, 0x90, 0x10, 0x50, 0x44, 9175b9c547cSRui Paulo 0xB3, 0x82, 0x85, 0xDB, 0x06, 0x14, 0xD2, 0xF9 9185b9c547cSRui Paulo }; 9195b9c547cSRui Paulo /* RFC 4851, Appendix B.2 */ 9205b9c547cSRui Paulo u8 tlv[] = { 9215b9c547cSRui Paulo 0x80, 0x0C, 0x00, 0x38, 0x00, 0x01, 0x01, 0x00, 9225b9c547cSRui Paulo 0xD8, 0x6A, 0x8C, 0x68, 0x3C, 0x32, 0x31, 0xA8, 9235b9c547cSRui Paulo 0x56, 0x63, 0xB6, 0x40, 0x21, 0xFE, 0x21, 0x14, 9245b9c547cSRui Paulo 0x4E, 0xE7, 0x54, 0x20, 0x79, 0x2D, 0x42, 0x62, 9255b9c547cSRui Paulo 0xC9, 0xBF, 0x53, 0x7F, 0x54, 0xFD, 0xAC, 0x58, 9265b9c547cSRui Paulo 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF, 9275b9c547cSRui Paulo 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC, 9285b9c547cSRui Paulo 0x05, 0xC5, 0x5B, 0xB7 9295b9c547cSRui Paulo }; 9305b9c547cSRui Paulo const u8 compound_mac[] = { 9315b9c547cSRui Paulo 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF, 9325b9c547cSRui Paulo 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC, 9335b9c547cSRui Paulo 0x05, 0xC5, 0x5B, 0xB7 9345b9c547cSRui Paulo }; 9355b9c547cSRui Paulo u8 buf[512]; 9365b9c547cSRui Paulo const u8 *simck, *cmk; 9375b9c547cSRui Paulo int errors = 0; 9385b9c547cSRui Paulo 9395b9c547cSRui Paulo wpa_printf(MSG_INFO, "EAP-FAST test cases"); 9405b9c547cSRui Paulo 9415b9c547cSRui Paulo wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / master_secret"); 9425b9c547cSRui Paulo if (sha1_t_prf(pac_key, sizeof(pac_key), 9435b9c547cSRui Paulo "PAC to master secret label hash", 9445b9c547cSRui Paulo seed, sizeof(seed), buf, sizeof(master_secret)) < 0 || 9455b9c547cSRui Paulo os_memcmp(master_secret, buf, sizeof(master_secret)) != 0) { 9465b9c547cSRui Paulo wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 9475b9c547cSRui Paulo errors++; 9485b9c547cSRui Paulo } 9495b9c547cSRui Paulo 950*325151a3SRui Paulo #ifndef CONFIG_FIPS 9515b9c547cSRui Paulo wpa_printf(MSG_INFO, "- PRF (TLS, SHA1/MD5) test case / key_block"); 9525b9c547cSRui Paulo if (tls_prf_sha1_md5(master_secret, sizeof(master_secret), 9535b9c547cSRui Paulo "key expansion", seed, sizeof(seed), 9545b9c547cSRui Paulo buf, sizeof(key_block)) || 9555b9c547cSRui Paulo os_memcmp(key_block, buf, sizeof(key_block)) != 0) { 9565b9c547cSRui Paulo wpa_printf(MSG_INFO, "PRF test - FAILED!"); 9575b9c547cSRui Paulo errors++; 9585b9c547cSRui Paulo } 959*325151a3SRui Paulo #endif /* CONFIG_FIPS */ 9605b9c547cSRui Paulo 9615b9c547cSRui Paulo wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / IMCK"); 9625b9c547cSRui Paulo if (sha1_t_prf(sks, sizeof(sks), "Inner Methods Compound Keys", 9635b9c547cSRui Paulo isk, sizeof(isk), buf, sizeof(imck)) < 0 || 9645b9c547cSRui Paulo os_memcmp(imck, buf, sizeof(imck)) != 0) { 9655b9c547cSRui Paulo wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 9665b9c547cSRui Paulo errors++; 9675b9c547cSRui Paulo } 9685b9c547cSRui Paulo 9695b9c547cSRui Paulo simck = imck; 9705b9c547cSRui Paulo cmk = imck + 40; 9715b9c547cSRui Paulo 9725b9c547cSRui Paulo wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / MSK"); 9735b9c547cSRui Paulo if (sha1_t_prf(simck, 40, "Session Key Generating Function", 9745b9c547cSRui Paulo (u8 *) "", 0, buf, sizeof(msk)) < 0 || 9755b9c547cSRui Paulo os_memcmp(msk, buf, sizeof(msk)) != 0) { 9765b9c547cSRui Paulo wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 9775b9c547cSRui Paulo errors++; 9785b9c547cSRui Paulo } 9795b9c547cSRui Paulo 9805b9c547cSRui Paulo wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / EMSK"); 9815b9c547cSRui Paulo if (sha1_t_prf(simck, 40, "Extended Session Key Generating Function", 9825b9c547cSRui Paulo (u8 *) "", 0, buf, sizeof(msk)) < 0 || 9835b9c547cSRui Paulo os_memcmp(emsk, buf, sizeof(emsk)) != 0) { 9845b9c547cSRui Paulo wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 9855b9c547cSRui Paulo errors++; 9865b9c547cSRui Paulo } 9875b9c547cSRui Paulo 9885b9c547cSRui Paulo wpa_printf(MSG_INFO, "- Compound MAC test case"); 9895b9c547cSRui Paulo os_memset(tlv + sizeof(tlv) - 20, 0, 20); 9905b9c547cSRui Paulo if (hmac_sha1(cmk, 20, tlv, sizeof(tlv), tlv + sizeof(tlv) - 20) < 0 || 9915b9c547cSRui Paulo os_memcmp(tlv + sizeof(tlv) - 20, compound_mac, 9925b9c547cSRui Paulo sizeof(compound_mac)) != 0) { 9935b9c547cSRui Paulo wpa_printf(MSG_INFO, "Compound MAC test - FAILED!"); 9945b9c547cSRui Paulo errors++; 9955b9c547cSRui Paulo } 9965b9c547cSRui Paulo 9975b9c547cSRui Paulo return errors; 9985b9c547cSRui Paulo #else /* EAP_FAST */ 9995b9c547cSRui Paulo return 0; 10005b9c547cSRui Paulo #endif /* EAP_FAST */ 10015b9c547cSRui Paulo } 10025b9c547cSRui Paulo 10035b9c547cSRui Paulo 1004*325151a3SRui Paulo static const u8 key0[] = 10055b9c547cSRui Paulo { 10065b9c547cSRui Paulo 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 10075b9c547cSRui Paulo 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 10085b9c547cSRui Paulo 0x0b, 0x0b, 0x0b, 0x0b 10095b9c547cSRui Paulo }; 1010*325151a3SRui Paulo static const u8 data0[] = "Hi There"; 1011*325151a3SRui Paulo static const u8 prf0[] = 10125b9c547cSRui Paulo { 10135b9c547cSRui Paulo 0xbc, 0xd4, 0xc6, 0x50, 0xb3, 0x0b, 0x96, 0x84, 10145b9c547cSRui Paulo 0x95, 0x18, 0x29, 0xe0, 0xd7, 0x5f, 0x9d, 0x54, 10155b9c547cSRui Paulo 0xb8, 0x62, 0x17, 0x5e, 0xd9, 0xf0, 0x06, 0x06, 10165b9c547cSRui Paulo 0xe1, 0x7d, 0x8d, 0xa3, 0x54, 0x02, 0xff, 0xee, 10175b9c547cSRui Paulo 0x75, 0xdf, 0x78, 0xc3, 0xd3, 0x1e, 0x0f, 0x88, 10185b9c547cSRui Paulo 0x9f, 0x01, 0x21, 0x20, 0xc0, 0x86, 0x2b, 0xeb, 10195b9c547cSRui Paulo 0x67, 0x75, 0x3e, 0x74, 0x39, 0xae, 0x24, 0x2e, 10205b9c547cSRui Paulo 0xdb, 0x83, 0x73, 0x69, 0x83, 0x56, 0xcf, 0x5a 10215b9c547cSRui Paulo }; 10225b9c547cSRui Paulo 1023*325151a3SRui Paulo static const u8 key1[] = "Jefe"; 1024*325151a3SRui Paulo static const u8 data1[] = "what do ya want for nothing?"; 1025*325151a3SRui Paulo static const u8 prf1[] = 10265b9c547cSRui Paulo { 10275b9c547cSRui Paulo 0x51, 0xf4, 0xde, 0x5b, 0x33, 0xf2, 0x49, 0xad, 10285b9c547cSRui Paulo 0xf8, 0x1a, 0xeb, 0x71, 0x3a, 0x3c, 0x20, 0xf4, 10295b9c547cSRui Paulo 0xfe, 0x63, 0x14, 0x46, 0xfa, 0xbd, 0xfa, 0x58, 10305b9c547cSRui Paulo 0x24, 0x47, 0x59, 0xae, 0x58, 0xef, 0x90, 0x09, 10315b9c547cSRui Paulo 0xa9, 0x9a, 0xbf, 0x4e, 0xac, 0x2c, 0xa5, 0xfa, 10325b9c547cSRui Paulo 0x87, 0xe6, 0x92, 0xc4, 0x40, 0xeb, 0x40, 0x02, 10335b9c547cSRui Paulo 0x3e, 0x7b, 0xab, 0xb2, 0x06, 0xd6, 0x1d, 0xe7, 10345b9c547cSRui Paulo 0xb9, 0x2f, 0x41, 0x52, 0x90, 0x92, 0xb8, 0xfc 10355b9c547cSRui Paulo }; 10365b9c547cSRui Paulo 10375b9c547cSRui Paulo 1038*325151a3SRui Paulo static const u8 key2[] = 10395b9c547cSRui Paulo { 10405b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 10415b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 10425b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa 10435b9c547cSRui Paulo }; 1044*325151a3SRui Paulo static const u8 data2[] = 10455b9c547cSRui Paulo { 10465b9c547cSRui Paulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 10475b9c547cSRui Paulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 10485b9c547cSRui Paulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 10495b9c547cSRui Paulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 10505b9c547cSRui Paulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 10515b9c547cSRui Paulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 10525b9c547cSRui Paulo 0xdd, 0xdd 10535b9c547cSRui Paulo }; 1054*325151a3SRui Paulo static const u8 prf2[] = 10555b9c547cSRui Paulo { 10565b9c547cSRui Paulo 0xe1, 0xac, 0x54, 0x6e, 0xc4, 0xcb, 0x63, 0x6f, 10575b9c547cSRui Paulo 0x99, 0x76, 0x48, 0x7b, 0xe5, 0xc8, 0x6b, 0xe1, 10585b9c547cSRui Paulo 0x7a, 0x02, 0x52, 0xca, 0x5d, 0x8d, 0x8d, 0xf1, 10595b9c547cSRui Paulo 0x2c, 0xfb, 0x04, 0x73, 0x52, 0x52, 0x49, 0xce, 10605b9c547cSRui Paulo 0x9d, 0xd8, 0xd1, 0x77, 0xea, 0xd7, 0x10, 0xbc, 10615b9c547cSRui Paulo 0x9b, 0x59, 0x05, 0x47, 0x23, 0x91, 0x07, 0xae, 10625b9c547cSRui Paulo 0xf7, 0xb4, 0xab, 0xd4, 0x3d, 0x87, 0xf0, 0xa6, 10635b9c547cSRui Paulo 0x8f, 0x1c, 0xbd, 0x9e, 0x2b, 0x6f, 0x76, 0x07 10645b9c547cSRui Paulo }; 10655b9c547cSRui Paulo 10665b9c547cSRui Paulo 10675b9c547cSRui Paulo struct passphrase_test { 10685b9c547cSRui Paulo char *passphrase; 10695b9c547cSRui Paulo char *ssid; 10705b9c547cSRui Paulo char psk[32]; 10715b9c547cSRui Paulo }; 10725b9c547cSRui Paulo 1073*325151a3SRui Paulo static const struct passphrase_test passphrase_tests[] = 10745b9c547cSRui Paulo { 10755b9c547cSRui Paulo { 10765b9c547cSRui Paulo "password", 10775b9c547cSRui Paulo "IEEE", 10785b9c547cSRui Paulo { 10795b9c547cSRui Paulo 0xf4, 0x2c, 0x6f, 0xc5, 0x2d, 0xf0, 0xeb, 0xef, 10805b9c547cSRui Paulo 0x9e, 0xbb, 0x4b, 0x90, 0xb3, 0x8a, 0x5f, 0x90, 10815b9c547cSRui Paulo 0x2e, 0x83, 0xfe, 0x1b, 0x13, 0x5a, 0x70, 0xe2, 10825b9c547cSRui Paulo 0x3a, 0xed, 0x76, 0x2e, 0x97, 0x10, 0xa1, 0x2e 10835b9c547cSRui Paulo } 10845b9c547cSRui Paulo }, 10855b9c547cSRui Paulo { 10865b9c547cSRui Paulo "ThisIsAPassword", 10875b9c547cSRui Paulo "ThisIsASSID", 10885b9c547cSRui Paulo { 10895b9c547cSRui Paulo 0x0d, 0xc0, 0xd6, 0xeb, 0x90, 0x55, 0x5e, 0xd6, 10905b9c547cSRui Paulo 0x41, 0x97, 0x56, 0xb9, 0xa1, 0x5e, 0xc3, 0xe3, 10915b9c547cSRui Paulo 0x20, 0x9b, 0x63, 0xdf, 0x70, 0x7d, 0xd5, 0x08, 10925b9c547cSRui Paulo 0xd1, 0x45, 0x81, 0xf8, 0x98, 0x27, 0x21, 0xaf 10935b9c547cSRui Paulo } 10945b9c547cSRui Paulo }, 10955b9c547cSRui Paulo { 10965b9c547cSRui Paulo "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 10975b9c547cSRui Paulo "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ", 10985b9c547cSRui Paulo { 10995b9c547cSRui Paulo 0xbe, 0xcb, 0x93, 0x86, 0x6b, 0xb8, 0xc3, 0x83, 11005b9c547cSRui Paulo 0x2c, 0xb7, 0x77, 0xc2, 0xf5, 0x59, 0x80, 0x7c, 11015b9c547cSRui Paulo 0x8c, 0x59, 0xaf, 0xcb, 0x6e, 0xae, 0x73, 0x48, 11025b9c547cSRui Paulo 0x85, 0x00, 0x13, 0x00, 0xa9, 0x81, 0xcc, 0x62 11035b9c547cSRui Paulo } 11045b9c547cSRui Paulo }, 11055b9c547cSRui Paulo }; 11065b9c547cSRui Paulo 11075b9c547cSRui Paulo #define NUM_PASSPHRASE_TESTS ARRAY_SIZE(passphrase_tests) 11085b9c547cSRui Paulo 11095b9c547cSRui Paulo 11105b9c547cSRui Paulo struct rfc6070_test { 11115b9c547cSRui Paulo char *p; 11125b9c547cSRui Paulo char *s; 11135b9c547cSRui Paulo int c; 11145b9c547cSRui Paulo char dk[32]; 11155b9c547cSRui Paulo size_t dk_len; 11165b9c547cSRui Paulo }; 11175b9c547cSRui Paulo 1118*325151a3SRui Paulo static const struct rfc6070_test rfc6070_tests[] = 11195b9c547cSRui Paulo { 11205b9c547cSRui Paulo { 11215b9c547cSRui Paulo "password", 11225b9c547cSRui Paulo "salt", 11235b9c547cSRui Paulo 1, 11245b9c547cSRui Paulo { 11255b9c547cSRui Paulo 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71, 11265b9c547cSRui Paulo 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06, 11275b9c547cSRui Paulo 0x2f, 0xe0, 0x37, 0xa6 11285b9c547cSRui Paulo }, 11295b9c547cSRui Paulo 20 11305b9c547cSRui Paulo }, 11315b9c547cSRui Paulo { 11325b9c547cSRui Paulo "password", 11335b9c547cSRui Paulo "salt", 11345b9c547cSRui Paulo 2, 11355b9c547cSRui Paulo { 11365b9c547cSRui Paulo 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c, 11375b9c547cSRui Paulo 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0, 11385b9c547cSRui Paulo 0xd8, 0xde, 0x89, 0x57 11395b9c547cSRui Paulo }, 11405b9c547cSRui Paulo 20 11415b9c547cSRui Paulo }, 11425b9c547cSRui Paulo { 11435b9c547cSRui Paulo "password", 11445b9c547cSRui Paulo "salt", 11455b9c547cSRui Paulo 4096, 11465b9c547cSRui Paulo { 11475b9c547cSRui Paulo 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a, 11485b9c547cSRui Paulo 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0, 11495b9c547cSRui Paulo 0x65, 0xa4, 0x29, 0xc1 11505b9c547cSRui Paulo }, 11515b9c547cSRui Paulo 20 11525b9c547cSRui Paulo }, 11535b9c547cSRui Paulo #if 0 /* This takes quite long to derive.. */ 11545b9c547cSRui Paulo { 11555b9c547cSRui Paulo "password", 11565b9c547cSRui Paulo "salt", 11575b9c547cSRui Paulo 16777216, 11585b9c547cSRui Paulo { 11595b9c547cSRui Paulo 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4, 11605b9c547cSRui Paulo 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c, 11615b9c547cSRui Paulo 0x26, 0x34, 0xe9, 0x84 11625b9c547cSRui Paulo }, 11635b9c547cSRui Paulo 20 11645b9c547cSRui Paulo }, 11655b9c547cSRui Paulo #endif 11665b9c547cSRui Paulo { 11675b9c547cSRui Paulo "passwordPASSWORDpassword", 11685b9c547cSRui Paulo "saltSALTsaltSALTsaltSALTsaltSALTsalt", 11695b9c547cSRui Paulo 4096, 11705b9c547cSRui Paulo { 11715b9c547cSRui Paulo 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b, 11725b9c547cSRui Paulo 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a, 11735b9c547cSRui Paulo 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70, 11745b9c547cSRui Paulo 0x38 11755b9c547cSRui Paulo }, 11765b9c547cSRui Paulo 25 11775b9c547cSRui Paulo }, 11785b9c547cSRui Paulo #if 0 /* \0 not currently supported in passphrase parameters.. */ 11795b9c547cSRui Paulo { 11805b9c547cSRui Paulo "pass\0word", 11815b9c547cSRui Paulo "sa\0lt", 11825b9c547cSRui Paulo 4096, 11835b9c547cSRui Paulo { 11845b9c547cSRui Paulo 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d, 11855b9c547cSRui Paulo 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3 11865b9c547cSRui Paulo }, 11875b9c547cSRui Paulo 16 11885b9c547cSRui Paulo }, 11895b9c547cSRui Paulo #endif 11905b9c547cSRui Paulo }; 11915b9c547cSRui Paulo 11925b9c547cSRui Paulo #define NUM_RFC6070_TESTS ARRAY_SIZE(rfc6070_tests) 11935b9c547cSRui Paulo 11945b9c547cSRui Paulo 11955b9c547cSRui Paulo static int test_sha1(void) 11965b9c547cSRui Paulo { 11975b9c547cSRui Paulo u8 res[512]; 11985b9c547cSRui Paulo int ret = 0; 11995b9c547cSRui Paulo unsigned int i; 12005b9c547cSRui Paulo 12015b9c547cSRui Paulo wpa_printf(MSG_INFO, "PRF-SHA1 test cases:"); 12025b9c547cSRui Paulo 12035b9c547cSRui Paulo if (sha1_prf(key0, sizeof(key0), "prefix", data0, sizeof(data0) - 1, 12045b9c547cSRui Paulo res, sizeof(prf0)) == 0 && 12055b9c547cSRui Paulo os_memcmp(res, prf0, sizeof(prf0)) == 0) 12065b9c547cSRui Paulo wpa_printf(MSG_INFO, "Test case 0 - OK"); 12075b9c547cSRui Paulo else { 12085b9c547cSRui Paulo wpa_printf(MSG_INFO, "Test case 0 - FAILED!"); 12095b9c547cSRui Paulo ret++; 12105b9c547cSRui Paulo } 12115b9c547cSRui Paulo 12125b9c547cSRui Paulo if (sha1_prf(key1, sizeof(key1) - 1, "prefix", data1, sizeof(data1) - 1, 12135b9c547cSRui Paulo res, sizeof(prf1)) == 0 && 12145b9c547cSRui Paulo os_memcmp(res, prf1, sizeof(prf1)) == 0) 12155b9c547cSRui Paulo wpa_printf(MSG_INFO, "Test case 1 - OK"); 12165b9c547cSRui Paulo else { 12175b9c547cSRui Paulo wpa_printf(MSG_INFO, "Test case 1 - FAILED!"); 12185b9c547cSRui Paulo ret++; 12195b9c547cSRui Paulo } 12205b9c547cSRui Paulo 12215b9c547cSRui Paulo if (sha1_prf(key2, sizeof(key2), "prefix", data2, sizeof(data2), 12225b9c547cSRui Paulo res, sizeof(prf2)) == 0 && 12235b9c547cSRui Paulo os_memcmp(res, prf2, sizeof(prf2)) == 0) 12245b9c547cSRui Paulo wpa_printf(MSG_INFO, "Test case 2 - OK"); 12255b9c547cSRui Paulo else { 12265b9c547cSRui Paulo wpa_printf(MSG_INFO, "Test case 2 - FAILED!"); 12275b9c547cSRui Paulo ret++; 12285b9c547cSRui Paulo } 12295b9c547cSRui Paulo 12305b9c547cSRui Paulo ret += test_eap_fast(); 12315b9c547cSRui Paulo 12325b9c547cSRui Paulo wpa_printf(MSG_INFO, "PBKDF2-SHA1 Passphrase test cases:"); 12335b9c547cSRui Paulo for (i = 0; i < NUM_PASSPHRASE_TESTS; i++) { 12345b9c547cSRui Paulo u8 psk[32]; 1235*325151a3SRui Paulo const struct passphrase_test *test = &passphrase_tests[i]; 12365b9c547cSRui Paulo 12375b9c547cSRui Paulo if (pbkdf2_sha1(test->passphrase, 12385b9c547cSRui Paulo (const u8 *) test->ssid, strlen(test->ssid), 12395b9c547cSRui Paulo 4096, psk, 32) == 0 && 12405b9c547cSRui Paulo os_memcmp(psk, test->psk, 32) == 0) 12415b9c547cSRui Paulo wpa_printf(MSG_INFO, "Test case %d - OK", i); 12425b9c547cSRui Paulo else { 12435b9c547cSRui Paulo wpa_printf(MSG_INFO, "Test case %d - FAILED!", i); 12445b9c547cSRui Paulo ret++; 12455b9c547cSRui Paulo } 12465b9c547cSRui Paulo } 12475b9c547cSRui Paulo 12485b9c547cSRui Paulo wpa_printf(MSG_INFO, "PBKDF2-SHA1 test cases (RFC 6070):"); 12495b9c547cSRui Paulo for (i = 0; i < NUM_RFC6070_TESTS; i++) { 12505b9c547cSRui Paulo u8 dk[25]; 1251*325151a3SRui Paulo const struct rfc6070_test *test = &rfc6070_tests[i]; 12525b9c547cSRui Paulo 12535b9c547cSRui Paulo if (pbkdf2_sha1(test->p, (const u8 *) test->s, strlen(test->s), 12545b9c547cSRui Paulo test->c, dk, test->dk_len) == 0 && 12555b9c547cSRui Paulo os_memcmp(dk, test->dk, test->dk_len) == 0) 12565b9c547cSRui Paulo wpa_printf(MSG_INFO, "Test case %d - OK", i); 12575b9c547cSRui Paulo else { 12585b9c547cSRui Paulo wpa_printf(MSG_INFO, "Test case %d - FAILED!", i); 12595b9c547cSRui Paulo ret++; 12605b9c547cSRui Paulo } 12615b9c547cSRui Paulo } 12625b9c547cSRui Paulo 12635b9c547cSRui Paulo if (!ret) 12645b9c547cSRui Paulo wpa_printf(MSG_INFO, "SHA1 test cases passed"); 12655b9c547cSRui Paulo return ret; 12665b9c547cSRui Paulo } 12675b9c547cSRui Paulo 12685b9c547cSRui Paulo 1269*325151a3SRui Paulo const struct { 12705b9c547cSRui Paulo char *data; 12715b9c547cSRui Paulo u8 hash[32]; 12725b9c547cSRui Paulo } tests[] = { 12735b9c547cSRui Paulo { 12745b9c547cSRui Paulo "abc", 12755b9c547cSRui Paulo { 12765b9c547cSRui Paulo 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 12775b9c547cSRui Paulo 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, 12785b9c547cSRui Paulo 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 12795b9c547cSRui Paulo 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad 12805b9c547cSRui Paulo } 12815b9c547cSRui Paulo }, 12825b9c547cSRui Paulo { 12835b9c547cSRui Paulo "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 12845b9c547cSRui Paulo { 12855b9c547cSRui Paulo 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, 12865b9c547cSRui Paulo 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, 12875b9c547cSRui Paulo 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, 12885b9c547cSRui Paulo 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1 12895b9c547cSRui Paulo } 12905b9c547cSRui Paulo } 12915b9c547cSRui Paulo }; 12925b9c547cSRui Paulo 1293*325151a3SRui Paulo const struct hmac_test { 12945b9c547cSRui Paulo u8 key[80]; 12955b9c547cSRui Paulo size_t key_len; 12965b9c547cSRui Paulo u8 data[128]; 12975b9c547cSRui Paulo size_t data_len; 12985b9c547cSRui Paulo u8 hash[32]; 12995b9c547cSRui Paulo } hmac_tests[] = { 13005b9c547cSRui Paulo /* draft-ietf-ipsec-ciph-sha-256-01.txt */ 13015b9c547cSRui Paulo { 13025b9c547cSRui Paulo { 13035b9c547cSRui Paulo 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 13045b9c547cSRui Paulo 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 13055b9c547cSRui Paulo 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 13065b9c547cSRui Paulo 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 13075b9c547cSRui Paulo }, 13085b9c547cSRui Paulo 32, 13095b9c547cSRui Paulo "abc", 3, 13105b9c547cSRui Paulo { 13115b9c547cSRui Paulo 0xa2, 0x1b, 0x1f, 0x5d, 0x4c, 0xf4, 0xf7, 0x3a, 13125b9c547cSRui Paulo 0x4d, 0xd9, 0x39, 0x75, 0x0f, 0x7a, 0x06, 0x6a, 13135b9c547cSRui Paulo 0x7f, 0x98, 0xcc, 0x13, 0x1c, 0xb1, 0x6a, 0x66, 13145b9c547cSRui Paulo 0x92, 0x75, 0x90, 0x21, 0xcf, 0xab, 0x81, 0x81 13155b9c547cSRui Paulo } 13165b9c547cSRui Paulo }, 13175b9c547cSRui Paulo { 13185b9c547cSRui Paulo { 13195b9c547cSRui Paulo 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 13205b9c547cSRui Paulo 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 13215b9c547cSRui Paulo 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 13225b9c547cSRui Paulo 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 13235b9c547cSRui Paulo }, 13245b9c547cSRui Paulo 32, 13255b9c547cSRui Paulo "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 13265b9c547cSRui Paulo 56, 13275b9c547cSRui Paulo { 13285b9c547cSRui Paulo 0x10, 0x4f, 0xdc, 0x12, 0x57, 0x32, 0x8f, 0x08, 13295b9c547cSRui Paulo 0x18, 0x4b, 0xa7, 0x31, 0x31, 0xc5, 0x3c, 0xae, 13305b9c547cSRui Paulo 0xe6, 0x98, 0xe3, 0x61, 0x19, 0x42, 0x11, 0x49, 13315b9c547cSRui Paulo 0xea, 0x8c, 0x71, 0x24, 0x56, 0x69, 0x7d, 0x30 13325b9c547cSRui Paulo } 13335b9c547cSRui Paulo }, 13345b9c547cSRui Paulo { 13355b9c547cSRui Paulo { 13365b9c547cSRui Paulo 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 13375b9c547cSRui Paulo 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 13385b9c547cSRui Paulo 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 13395b9c547cSRui Paulo 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 13405b9c547cSRui Paulo }, 13415b9c547cSRui Paulo 32, 13425b9c547cSRui Paulo "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" 13435b9c547cSRui Paulo "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 13445b9c547cSRui Paulo 112, 13455b9c547cSRui Paulo { 13465b9c547cSRui Paulo 0x47, 0x03, 0x05, 0xfc, 0x7e, 0x40, 0xfe, 0x34, 13475b9c547cSRui Paulo 0xd3, 0xee, 0xb3, 0xe7, 0x73, 0xd9, 0x5a, 0xab, 13485b9c547cSRui Paulo 0x73, 0xac, 0xf0, 0xfd, 0x06, 0x04, 0x47, 0xa5, 13495b9c547cSRui Paulo 0xeb, 0x45, 0x95, 0xbf, 0x33, 0xa9, 0xd1, 0xa3 13505b9c547cSRui Paulo } 13515b9c547cSRui Paulo }, 13525b9c547cSRui Paulo { 13535b9c547cSRui Paulo { 13545b9c547cSRui Paulo 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 13555b9c547cSRui Paulo 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 13565b9c547cSRui Paulo 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 13575b9c547cSRui Paulo 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b 13585b9c547cSRui Paulo }, 13595b9c547cSRui Paulo 32, 13605b9c547cSRui Paulo "Hi There", 13615b9c547cSRui Paulo 8, 13625b9c547cSRui Paulo { 13635b9c547cSRui Paulo 0x19, 0x8a, 0x60, 0x7e, 0xb4, 0x4b, 0xfb, 0xc6, 13645b9c547cSRui Paulo 0x99, 0x03, 0xa0, 0xf1, 0xcf, 0x2b, 0xbd, 0xc5, 13655b9c547cSRui Paulo 0xba, 0x0a, 0xa3, 0xf3, 0xd9, 0xae, 0x3c, 0x1c, 13665b9c547cSRui Paulo 0x7a, 0x3b, 0x16, 0x96, 0xa0, 0xb6, 0x8c, 0xf7 13675b9c547cSRui Paulo } 13685b9c547cSRui Paulo }, 13695b9c547cSRui Paulo { 13705b9c547cSRui Paulo "Jefe", 13715b9c547cSRui Paulo 4, 13725b9c547cSRui Paulo "what do ya want for nothing?", 13735b9c547cSRui Paulo 28, 13745b9c547cSRui Paulo { 13755b9c547cSRui Paulo 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 13765b9c547cSRui Paulo 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7, 13775b9c547cSRui Paulo 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83, 13785b9c547cSRui Paulo 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43 13795b9c547cSRui Paulo } 13805b9c547cSRui Paulo }, 13815b9c547cSRui Paulo { 13825b9c547cSRui Paulo { 13835b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 13845b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 13855b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 13865b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa 13875b9c547cSRui Paulo }, 13885b9c547cSRui Paulo 32, 13895b9c547cSRui Paulo { 13905b9c547cSRui Paulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 13915b9c547cSRui Paulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 13925b9c547cSRui Paulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 13935b9c547cSRui Paulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 13945b9c547cSRui Paulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 13955b9c547cSRui Paulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 13965b9c547cSRui Paulo 0xdd, 0xdd 13975b9c547cSRui Paulo }, 13985b9c547cSRui Paulo 50, 13995b9c547cSRui Paulo { 14005b9c547cSRui Paulo 0xcd, 0xcb, 0x12, 0x20, 0xd1, 0xec, 0xcc, 0xea, 14015b9c547cSRui Paulo 0x91, 0xe5, 0x3a, 0xba, 0x30, 0x92, 0xf9, 0x62, 14025b9c547cSRui Paulo 0xe5, 0x49, 0xfe, 0x6c, 0xe9, 0xed, 0x7f, 0xdc, 14035b9c547cSRui Paulo 0x43, 0x19, 0x1f, 0xbd, 0xe4, 0x5c, 0x30, 0xb0 14045b9c547cSRui Paulo } 14055b9c547cSRui Paulo }, 14065b9c547cSRui Paulo { 14075b9c547cSRui Paulo { 14085b9c547cSRui Paulo 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 14095b9c547cSRui Paulo 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 14105b9c547cSRui Paulo 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 14115b9c547cSRui Paulo 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 14125b9c547cSRui Paulo 0x21, 0x22, 0x23, 0x24, 0x25 14135b9c547cSRui Paulo }, 14145b9c547cSRui Paulo 37, 14155b9c547cSRui Paulo { 14165b9c547cSRui Paulo 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 14175b9c547cSRui Paulo 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 14185b9c547cSRui Paulo 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 14195b9c547cSRui Paulo 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 14205b9c547cSRui Paulo 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 14215b9c547cSRui Paulo 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 14225b9c547cSRui Paulo 0xcd, 0xcd 14235b9c547cSRui Paulo }, 14245b9c547cSRui Paulo 50, 14255b9c547cSRui Paulo { 14265b9c547cSRui Paulo 0xd4, 0x63, 0x3c, 0x17, 0xf6, 0xfb, 0x8d, 0x74, 14275b9c547cSRui Paulo 0x4c, 0x66, 0xde, 0xe0, 0xf8, 0xf0, 0x74, 0x55, 14285b9c547cSRui Paulo 0x6e, 0xc4, 0xaf, 0x55, 0xef, 0x07, 0x99, 0x85, 14295b9c547cSRui Paulo 0x41, 0x46, 0x8e, 0xb4, 0x9b, 0xd2, 0xe9, 0x17 14305b9c547cSRui Paulo } 14315b9c547cSRui Paulo }, 14325b9c547cSRui Paulo { 14335b9c547cSRui Paulo { 14345b9c547cSRui Paulo 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 14355b9c547cSRui Paulo 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 14365b9c547cSRui Paulo 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 14375b9c547cSRui Paulo 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c 14385b9c547cSRui Paulo }, 14395b9c547cSRui Paulo 32, 14405b9c547cSRui Paulo "Test With Truncation", 14415b9c547cSRui Paulo 20, 14425b9c547cSRui Paulo { 14435b9c547cSRui Paulo 0x75, 0x46, 0xaf, 0x01, 0x84, 0x1f, 0xc0, 0x9b, 14445b9c547cSRui Paulo 0x1a, 0xb9, 0xc3, 0x74, 0x9a, 0x5f, 0x1c, 0x17, 14455b9c547cSRui Paulo 0xd4, 0xf5, 0x89, 0x66, 0x8a, 0x58, 0x7b, 0x27, 14465b9c547cSRui Paulo 0x00, 0xa9, 0xc9, 0x7c, 0x11, 0x93, 0xcf, 0x42 14475b9c547cSRui Paulo } 14485b9c547cSRui Paulo }, 14495b9c547cSRui Paulo { 14505b9c547cSRui Paulo { 14515b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 14525b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 14535b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 14545b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 14555b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 14565b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 14575b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 14585b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 14595b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 14605b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa 14615b9c547cSRui Paulo }, 14625b9c547cSRui Paulo 80, 14635b9c547cSRui Paulo "Test Using Larger Than Block-Size Key - Hash Key First", 14645b9c547cSRui Paulo 54, 14655b9c547cSRui Paulo { 14665b9c547cSRui Paulo 0x69, 0x53, 0x02, 0x5e, 0xd9, 0x6f, 0x0c, 0x09, 14675b9c547cSRui Paulo 0xf8, 0x0a, 0x96, 0xf7, 0x8e, 0x65, 0x38, 0xdb, 14685b9c547cSRui Paulo 0xe2, 0xe7, 0xb8, 0x20, 0xe3, 0xdd, 0x97, 0x0e, 14695b9c547cSRui Paulo 0x7d, 0xdd, 0x39, 0x09, 0x1b, 0x32, 0x35, 0x2f 14705b9c547cSRui Paulo } 14715b9c547cSRui Paulo }, 14725b9c547cSRui Paulo { 14735b9c547cSRui Paulo { 14745b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 14755b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 14765b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 14775b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 14785b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 14795b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 14805b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 14815b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 14825b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 14835b9c547cSRui Paulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa 14845b9c547cSRui Paulo }, 14855b9c547cSRui Paulo 80, 14865b9c547cSRui Paulo "Test Using Larger Than Block-Size Key and Larger Than One " 14875b9c547cSRui Paulo "Block-Size Data", 14885b9c547cSRui Paulo 73, 14895b9c547cSRui Paulo { 14905b9c547cSRui Paulo 0x63, 0x55, 0xac, 0x22, 0xe8, 0x90, 0xd0, 0xa3, 14915b9c547cSRui Paulo 0xc8, 0x48, 0x1a, 0x5c, 0xa4, 0x82, 0x5b, 0xc8, 14925b9c547cSRui Paulo 0x84, 0xd3, 0xe7, 0xa1, 0xff, 0x98, 0xa2, 0xfc, 14935b9c547cSRui Paulo 0x2a, 0xc7, 0xd8, 0xe0, 0x64, 0xc3, 0xb2, 0xe6 14945b9c547cSRui Paulo } 14955b9c547cSRui Paulo } 14965b9c547cSRui Paulo }; 14975b9c547cSRui Paulo 14985b9c547cSRui Paulo 14995b9c547cSRui Paulo static int test_sha256(void) 15005b9c547cSRui Paulo { 15015b9c547cSRui Paulo unsigned int i; 15025b9c547cSRui Paulo u8 hash[32]; 15035b9c547cSRui Paulo const u8 *addr[2]; 15045b9c547cSRui Paulo size_t len[2]; 15055b9c547cSRui Paulo int errors = 0; 15065b9c547cSRui Paulo 15075b9c547cSRui Paulo for (i = 0; i < ARRAY_SIZE(tests); i++) { 15085b9c547cSRui Paulo wpa_printf(MSG_INFO, "SHA256 test case %d:", i + 1); 15095b9c547cSRui Paulo 15105b9c547cSRui Paulo addr[0] = (u8 *) tests[i].data; 15115b9c547cSRui Paulo len[0] = strlen(tests[i].data); 15125b9c547cSRui Paulo sha256_vector(1, addr, len, hash); 15135b9c547cSRui Paulo if (memcmp(hash, tests[i].hash, 32) != 0) { 15145b9c547cSRui Paulo wpa_printf(MSG_INFO, " FAIL"); 15155b9c547cSRui Paulo errors++; 15165b9c547cSRui Paulo } else 15175b9c547cSRui Paulo wpa_printf(MSG_INFO, " OK"); 15185b9c547cSRui Paulo 15195b9c547cSRui Paulo if (len[0]) { 15205b9c547cSRui Paulo addr[0] = (u8 *) tests[i].data; 15215b9c547cSRui Paulo len[0] = 1; 15225b9c547cSRui Paulo addr[1] = (u8 *) tests[i].data + 1; 15235b9c547cSRui Paulo len[1] = strlen(tests[i].data) - 1; 15245b9c547cSRui Paulo sha256_vector(2, addr, len, hash); 15255b9c547cSRui Paulo if (memcmp(hash, tests[i].hash, 32) != 0) { 15265b9c547cSRui Paulo wpa_printf(MSG_INFO, " FAIL"); 15275b9c547cSRui Paulo errors++; 15285b9c547cSRui Paulo } else 15295b9c547cSRui Paulo wpa_printf(MSG_INFO, " OK"); 15305b9c547cSRui Paulo } 15315b9c547cSRui Paulo } 15325b9c547cSRui Paulo 15335b9c547cSRui Paulo for (i = 0; i < ARRAY_SIZE(hmac_tests); i++) { 1534*325151a3SRui Paulo const struct hmac_test *t = &hmac_tests[i]; 15355b9c547cSRui Paulo 15365b9c547cSRui Paulo wpa_printf(MSG_INFO, "HMAC-SHA256 test case %d:", i + 1); 15375b9c547cSRui Paulo 15385b9c547cSRui Paulo if (hmac_sha256(t->key, t->key_len, t->data, t->data_len, 15395b9c547cSRui Paulo hash) < 0 || 15405b9c547cSRui Paulo os_memcmp(hash, t->hash, 32) != 0) { 15415b9c547cSRui Paulo wpa_printf(MSG_INFO, " FAIL"); 15425b9c547cSRui Paulo errors++; 15435b9c547cSRui Paulo } else 15445b9c547cSRui Paulo wpa_printf(MSG_INFO, " OK"); 15455b9c547cSRui Paulo 15465b9c547cSRui Paulo addr[0] = t->data; 15475b9c547cSRui Paulo len[0] = t->data_len; 15485b9c547cSRui Paulo if (hmac_sha256_vector(t->key, t->key_len, 1, addr, len, 15495b9c547cSRui Paulo hash) < 0 || 15505b9c547cSRui Paulo os_memcmp(hash, t->hash, 32) != 0) { 15515b9c547cSRui Paulo wpa_printf(MSG_INFO, " FAIL"); 15525b9c547cSRui Paulo errors++; 15535b9c547cSRui Paulo } else 15545b9c547cSRui Paulo wpa_printf(MSG_INFO, " OK"); 15555b9c547cSRui Paulo 15565b9c547cSRui Paulo if (len[0]) { 15575b9c547cSRui Paulo addr[0] = t->data; 15585b9c547cSRui Paulo len[0] = 1; 15595b9c547cSRui Paulo addr[1] = t->data + 1; 15605b9c547cSRui Paulo len[1] = t->data_len - 1; 15615b9c547cSRui Paulo if (hmac_sha256_vector(t->key, t->key_len, 2, addr, len, 15625b9c547cSRui Paulo hash) < 0 || 15635b9c547cSRui Paulo os_memcmp(hash, t->hash, 32) != 0) { 15645b9c547cSRui Paulo wpa_printf(MSG_INFO, " FAIL"); 15655b9c547cSRui Paulo errors++; 15665b9c547cSRui Paulo } else 15675b9c547cSRui Paulo wpa_printf(MSG_INFO, " OK"); 15685b9c547cSRui Paulo } 15695b9c547cSRui Paulo } 15705b9c547cSRui Paulo 15715b9c547cSRui Paulo wpa_printf(MSG_INFO, "Test IEEE 802.11r KDF"); 15725b9c547cSRui Paulo sha256_prf((u8 *) "abc", 3, "KDF test", (u8 *) "data", 4, 15735b9c547cSRui Paulo hash, sizeof(hash)); 15745b9c547cSRui Paulo /* TODO: add proper test case for this */ 15755b9c547cSRui Paulo 15765b9c547cSRui Paulo if (!errors) 15775b9c547cSRui Paulo wpa_printf(MSG_INFO, "SHA256 test cases passed"); 15785b9c547cSRui Paulo return errors; 15795b9c547cSRui Paulo } 15805b9c547cSRui Paulo 15815b9c547cSRui Paulo 15825b9c547cSRui Paulo static int test_ms_funcs(void) 15835b9c547cSRui Paulo { 1584*325151a3SRui Paulo #ifndef CONFIG_FIPS 15855b9c547cSRui Paulo /* Test vector from RFC2759 example */ 15865b9c547cSRui Paulo char *username = "User"; 15875b9c547cSRui Paulo char *password = "clientPass"; 15885b9c547cSRui Paulo u8 auth_challenge[] = { 15895b9c547cSRui Paulo 0x5B, 0x5D, 0x7C, 0x7D, 0x7B, 0x3F, 0x2F, 0x3E, 15905b9c547cSRui Paulo 0x3C, 0x2C, 0x60, 0x21, 0x32, 0x26, 0x26, 0x28 15915b9c547cSRui Paulo }; 15925b9c547cSRui Paulo u8 peer_challenge[] = { 15935b9c547cSRui Paulo 0x21, 0x40, 0x23, 0x24, 0x25, 0x5E, 0x26, 0x2A, 15945b9c547cSRui Paulo 0x28, 0x29, 0x5F, 0x2B, 0x3A, 0x33, 0x7C, 0x7E 15955b9c547cSRui Paulo }; 15965b9c547cSRui Paulo u8 password_hash[] = { 15975b9c547cSRui Paulo 0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6, 15985b9c547cSRui Paulo 0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE 15995b9c547cSRui Paulo }; 16005b9c547cSRui Paulo u8 nt_response[] = { 16015b9c547cSRui Paulo 0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E, 16025b9c547cSRui Paulo 0xA0, 0x8F, 0xAA, 0x39, 0x81, 0xCD, 0x83, 0x54, 16035b9c547cSRui Paulo 0x42, 0x33, 0x11, 0x4A, 0x3D, 0x85, 0xD6, 0xDF 16045b9c547cSRui Paulo }; 16055b9c547cSRui Paulo u8 password_hash_hash[] = { 16065b9c547cSRui Paulo 0x41, 0xC0, 0x0C, 0x58, 0x4B, 0xD2, 0xD9, 0x1C, 16075b9c547cSRui Paulo 0x40, 0x17, 0xA2, 0xA1, 0x2F, 0xA5, 0x9F, 0x3F 16085b9c547cSRui Paulo }; 16095b9c547cSRui Paulo u8 authenticator_response[] = { 16105b9c547cSRui Paulo 0x40, 0x7A, 0x55, 0x89, 0x11, 0x5F, 0xD0, 0xD6, 16115b9c547cSRui Paulo 0x20, 0x9F, 0x51, 0x0F, 0xE9, 0xC0, 0x45, 0x66, 16125b9c547cSRui Paulo 0x93, 0x2C, 0xDA, 0x56 16135b9c547cSRui Paulo }; 16145b9c547cSRui Paulo u8 master_key[] = { 16155b9c547cSRui Paulo 0xFD, 0xEC, 0xE3, 0x71, 0x7A, 0x8C, 0x83, 0x8C, 16165b9c547cSRui Paulo 0xB3, 0x88, 0xE5, 0x27, 0xAE, 0x3C, 0xDD, 0x31 16175b9c547cSRui Paulo }; 16185b9c547cSRui Paulo u8 send_start_key[] = { 16195b9c547cSRui Paulo 0x8B, 0x7C, 0xDC, 0x14, 0x9B, 0x99, 0x3A, 0x1B, 16205b9c547cSRui Paulo 0xA1, 0x18, 0xCB, 0x15, 0x3F, 0x56, 0xDC, 0xCB 16215b9c547cSRui Paulo }; 16225b9c547cSRui Paulo u8 buf[32]; 16235b9c547cSRui Paulo int errors = 0; 16245b9c547cSRui Paulo 16255b9c547cSRui Paulo if (nt_password_hash((u8 *) password, os_strlen(password), buf) || 16265b9c547cSRui Paulo os_memcmp(password_hash, buf, sizeof(password_hash)) != 0) { 16275b9c547cSRui Paulo wpa_printf(MSG_ERROR, "nt_password_hash failed"); 16285b9c547cSRui Paulo errors++; 16295b9c547cSRui Paulo } 16305b9c547cSRui Paulo 16315b9c547cSRui Paulo if (generate_nt_response(auth_challenge, peer_challenge, 16325b9c547cSRui Paulo (u8 *) username, os_strlen(username), 16335b9c547cSRui Paulo (u8 *) password, os_strlen(password), buf) || 16345b9c547cSRui Paulo os_memcmp(nt_response, buf, sizeof(nt_response)) != 0) { 16355b9c547cSRui Paulo wpa_printf(MSG_ERROR, "generate_nt_response failed"); 16365b9c547cSRui Paulo errors++; 16375b9c547cSRui Paulo } 16385b9c547cSRui Paulo 16395b9c547cSRui Paulo if (hash_nt_password_hash(password_hash, buf) || 16405b9c547cSRui Paulo os_memcmp(password_hash_hash, buf, 16415b9c547cSRui Paulo sizeof(password_hash_hash)) != 0) { 16425b9c547cSRui Paulo wpa_printf(MSG_ERROR, "hash_nt_password_hash failed"); 16435b9c547cSRui Paulo errors++; 16445b9c547cSRui Paulo } 16455b9c547cSRui Paulo 16465b9c547cSRui Paulo if (generate_authenticator_response((u8 *) password, 16475b9c547cSRui Paulo os_strlen(password), 16485b9c547cSRui Paulo peer_challenge, auth_challenge, 16495b9c547cSRui Paulo (u8 *) username, 16505b9c547cSRui Paulo os_strlen(username), 16515b9c547cSRui Paulo nt_response, buf) || 16525b9c547cSRui Paulo os_memcmp(authenticator_response, buf, 16535b9c547cSRui Paulo sizeof(authenticator_response)) != 0) { 16545b9c547cSRui Paulo wpa_printf(MSG_ERROR, "generate_authenticator_response failed"); 16555b9c547cSRui Paulo errors++; 16565b9c547cSRui Paulo } 16575b9c547cSRui Paulo 16585b9c547cSRui Paulo if (get_master_key(password_hash_hash, nt_response, buf) || 16595b9c547cSRui Paulo os_memcmp(master_key, buf, sizeof(master_key)) != 0) { 16605b9c547cSRui Paulo wpa_printf(MSG_ERROR, "get_master_key failed"); 16615b9c547cSRui Paulo errors++; 16625b9c547cSRui Paulo } 16635b9c547cSRui Paulo 16645b9c547cSRui Paulo if (get_asymetric_start_key(master_key, buf, sizeof(send_start_key), 16655b9c547cSRui Paulo 1, 1) || 16665b9c547cSRui Paulo os_memcmp(send_start_key, buf, sizeof(send_start_key)) != 0) { 16675b9c547cSRui Paulo wpa_printf(MSG_ERROR, "get_asymetric_start_key failed"); 16685b9c547cSRui Paulo errors++; 16695b9c547cSRui Paulo } 16705b9c547cSRui Paulo 16715b9c547cSRui Paulo if (errors) 16725b9c547cSRui Paulo wpa_printf(MSG_ERROR, "ms_funcs: %d errors", errors); 16735b9c547cSRui Paulo else 16745b9c547cSRui Paulo wpa_printf(MSG_INFO, "ms_funcs test cases passed"); 16755b9c547cSRui Paulo 16765b9c547cSRui Paulo return errors; 1677*325151a3SRui Paulo #else /* CONFIG_FIPS */ 1678*325151a3SRui Paulo wpa_printf(MSG_INFO, "ms_funcs test cases skipped due to CONFIG_FIPS"); 1679*325151a3SRui Paulo return 0; 1680*325151a3SRui Paulo #endif /* CONFIG_FIPS */ 16815b9c547cSRui Paulo } 16825b9c547cSRui Paulo 16835b9c547cSRui Paulo 16845b9c547cSRui Paulo int crypto_module_tests(void) 16855b9c547cSRui Paulo { 16865b9c547cSRui Paulo int ret = 0; 16875b9c547cSRui Paulo 16885b9c547cSRui Paulo wpa_printf(MSG_INFO, "crypto module tests"); 16895b9c547cSRui Paulo if (test_siv() || 16905b9c547cSRui Paulo test_omac1() || 16915b9c547cSRui Paulo test_eax() || 16925b9c547cSRui Paulo test_cbc() || 16935b9c547cSRui Paulo test_ecb() || 16945b9c547cSRui Paulo test_key_wrap() || 16955b9c547cSRui Paulo test_md5() || 16965b9c547cSRui Paulo test_sha1() || 16975b9c547cSRui Paulo test_sha256() || 16985b9c547cSRui Paulo test_ms_funcs()) 16995b9c547cSRui Paulo ret = -1; 17005b9c547cSRui Paulo 17015b9c547cSRui Paulo return ret; 17025b9c547cSRui Paulo } 1703