1 /* 2 * crypto module tests 3 * Copyright (c) 2014-2015, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "utils/module_tests.h" 13 #include "crypto/aes_siv.h" 14 #include "crypto/aes_wrap.h" 15 #include "crypto/aes.h" 16 #include "crypto/ms_funcs.h" 17 #include "crypto/crypto.h" 18 #include "crypto/sha1.h" 19 #include "crypto/sha256.h" 20 21 22 static int test_siv(void) 23 { 24 #ifdef CONFIG_MESH 25 /* RFC 5297, A.1. Deterministic Authenticated Encryption Example */ 26 u8 key[] = { 27 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 28 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0, 29 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 30 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff 31 }; 32 u8 ad[] = { 33 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 34 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 35 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27 36 }; 37 u8 plaintext[] = { 38 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 39 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee 40 }; 41 u8 iv_c[] = { 42 0x85, 0x63, 0x2d, 0x07, 0xc6, 0xe8, 0xf3, 0x7f, 43 0x95, 0x0a, 0xcd, 0x32, 0x0a, 0x2e, 0xcc, 0x93, 44 0x40, 0xc0, 0x2b, 0x96, 0x90, 0xc4, 0xdc, 0x04, 45 0xda, 0xef, 0x7f, 0x6a, 0xfe, 0x5c 46 }; 47 /* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */ 48 u8 key_2[] = { 49 0x7f, 0x7e, 0x7d, 0x7c, 0x7b, 0x7a, 0x79, 0x78, 50 0x77, 0x76, 0x75, 0x74, 0x73, 0x72, 0x71, 0x70, 51 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 52 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f 53 }; 54 u8 ad1_2[] = { 55 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 56 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 57 0xde, 0xad, 0xda, 0xda, 0xde, 0xad, 0xda, 0xda, 58 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88, 59 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00 60 }; 61 u8 ad2_2[] = { 62 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80, 63 0x90, 0xa0 64 }; 65 u8 nonce_2[] = { 66 0x09, 0xf9, 0x11, 0x02, 0x9d, 0x74, 0xe3, 0x5b, 67 0xd8, 0x41, 0x56, 0xc5, 0x63, 0x56, 0x88, 0xc0 68 }; 69 u8 plaintext_2[] = { 70 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 71 0x73, 0x6f, 0x6d, 0x65, 0x20, 0x70, 0x6c, 0x61, 72 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x20, 0x74, 73 0x6f, 0x20, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 74 0x74, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x20, 75 0x53, 0x49, 0x56, 0x2d, 0x41, 0x45, 0x53 76 }; 77 u8 iv_c_2[] = { 78 0x7b, 0xdb, 0x6e, 0x3b, 0x43, 0x26, 0x67, 0xeb, 79 0x06, 0xf4, 0xd1, 0x4b, 0xff, 0x2f, 0xbd, 0x0f, 80 0xcb, 0x90, 0x0f, 0x2f, 0xdd, 0xbe, 0x40, 0x43, 81 0x26, 0x60, 0x19, 0x65, 0xc8, 0x89, 0xbf, 0x17, 82 0xdb, 0xa7, 0x7c, 0xeb, 0x09, 0x4f, 0xa6, 0x63, 83 0xb7, 0xa3, 0xf7, 0x48, 0xba, 0x8a, 0xf8, 0x29, 84 0xea, 0x64, 0xad, 0x54, 0x4a, 0x27, 0x2e, 0x9c, 85 0x48, 0x5b, 0x62, 0xa3, 0xfd, 0x5c, 0x0d 86 }; 87 u8 out[2 * AES_BLOCK_SIZE + sizeof(plaintext_2)]; 88 const u8 *addr[3]; 89 size_t len[3]; 90 91 /* RFC 5297, A.1. Deterministic Authenticated Encryption Example */ 92 addr[0] = ad; 93 len[0] = sizeof(ad); 94 95 if (aes_siv_encrypt(key, plaintext, sizeof(plaintext), 96 1, addr, len, out)) { 97 wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed"); 98 return 1; 99 } 100 if (os_memcmp(out, iv_c, sizeof(iv_c)) != 0) { 101 wpa_printf(MSG_ERROR, 102 "AES-SIV mode encryption returned invalid cipher text"); 103 return 1; 104 } 105 106 if (aes_siv_decrypt(key, iv_c, sizeof(iv_c), 1, addr, len, out)) { 107 wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed"); 108 return 1; 109 } 110 if (os_memcmp(out, plaintext, sizeof(plaintext)) != 0) { 111 wpa_printf(MSG_ERROR, 112 "AES-SIV mode decryption returned invalid plain text"); 113 return 1; 114 } 115 116 /* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */ 117 addr[0] = ad1_2; 118 len[0] = sizeof(ad1_2); 119 addr[1] = ad2_2; 120 len[1] = sizeof(ad2_2); 121 addr[2] = nonce_2; 122 len[2] = sizeof(nonce_2); 123 124 if (aes_siv_encrypt(key_2, plaintext_2, sizeof(plaintext_2), 125 3, addr, len, out)) { 126 wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed"); 127 return 1; 128 } 129 if (os_memcmp(out, iv_c_2, sizeof(iv_c_2)) != 0) { 130 wpa_printf(MSG_ERROR, 131 "AES-SIV mode encryption returned invalid cipher text"); 132 return 1; 133 } 134 135 if (aes_siv_decrypt(key_2, iv_c_2, sizeof(iv_c_2), 3, addr, len, out)) { 136 wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed"); 137 return 1; 138 } 139 if (os_memcmp(out, plaintext_2, sizeof(plaintext_2)) != 0) { 140 wpa_printf(MSG_ERROR, 141 "AES-SIV mode decryption returned invalid plain text"); 142 return 1; 143 } 144 145 wpa_printf(MSG_INFO, "AES-SIV test cases passed"); 146 #endif /* CONFIG_MESH */ 147 148 return 0; 149 } 150 151 152 /* OMAC1 AES-128 test vectors from 153 * http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/omac/omac-ad.pdf 154 * which are same as the examples from NIST SP800-38B 155 * http://csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf 156 */ 157 158 struct omac1_test_vector { 159 u8 k[16]; 160 u8 msg[64]; 161 int msg_len; 162 u8 tag[16]; 163 }; 164 165 static const struct omac1_test_vector omac1_test_vectors[] = 166 { 167 { 168 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 169 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 170 { }, 171 0, 172 { 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, 173 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 } 174 }, 175 { 176 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 177 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 178 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 179 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a}, 180 16, 181 { 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, 182 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c } 183 }, 184 { 185 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 186 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 187 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 188 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 189 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 190 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 191 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11 }, 192 40, 193 { 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, 194 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 } 195 }, 196 { 197 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 198 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 199 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 200 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 201 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 202 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 203 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 204 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, 205 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 206 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }, 207 64, 208 { 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, 209 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe } 210 }, 211 }; 212 213 214 static int test_omac1_vector(const struct omac1_test_vector *tv, 215 unsigned int i) 216 { 217 u8 key[] = { 218 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 219 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c 220 }; 221 u8 msg[] = { 0x12, 0x34, 0x56 }; 222 u8 result[24], result2[24]; 223 const u8 *addr[3]; 224 size_t len[3]; 225 226 if (omac1_aes_128(tv->k, tv->msg, tv->msg_len, result) || 227 os_memcmp(result, tv->tag, 16) != 0) { 228 wpa_printf(MSG_ERROR, "OMAC1-AES-128 test vector %u failed", i); 229 return 1; 230 } 231 232 if (tv->msg_len > 1) { 233 234 addr[0] = tv->msg; 235 len[0] = 1; 236 addr[1] = tv->msg + 1; 237 len[1] = tv->msg_len - 1; 238 239 if (omac1_aes_128_vector(tv->k, 2, addr, len, result) || 240 os_memcmp(result, tv->tag, 16) != 0) { 241 wpa_printf(MSG_ERROR, 242 "OMAC1-AES-128(vector) test vector %u failed", 243 i); 244 return 1; 245 } 246 247 addr[0] = tv->msg; 248 len[0] = tv->msg_len - 2; 249 addr[1] = tv->msg + tv->msg_len - 2; 250 len[1] = 1; 251 addr[2] = tv->msg + tv->msg_len - 1; 252 len[2] = 1; 253 254 if (omac1_aes_128_vector(tv->k, 3, addr, len, result) || 255 os_memcmp(result, tv->tag, 16) != 0) { 256 wpa_printf(MSG_ERROR, 257 "OMAC1-AES-128(vector2) test vector %u failed", 258 i); 259 return 1; 260 } 261 } 262 263 addr[0] = &msg[0]; 264 len[0] = 1; 265 addr[1] = &msg[1]; 266 len[1] = 1; 267 addr[2] = &msg[2]; 268 len[2] = 1; 269 if (omac1_aes_128(key, msg, sizeof(msg), result) || 270 omac1_aes_128_vector(key, 3, addr, len, result2) || 271 os_memcmp(result, result2, 16) != 0) { 272 wpa_printf(MSG_ERROR, "OMAC1-AES-128 short test mismatch"); 273 return 1; 274 } 275 276 return 0; 277 } 278 279 280 static int test_omac1(void) 281 { 282 unsigned int i; 283 284 for (i = 0; i < ARRAY_SIZE(omac1_test_vectors); i++) { 285 if (test_omac1_vector(&omac1_test_vectors[i], i)) 286 return 1; 287 } 288 289 wpa_printf(MSG_INFO, "OMAC1-AES-128 test cases passed"); 290 291 return 0; 292 } 293 294 295 static int test_eax(void) 296 { 297 #ifdef EAP_PSK 298 u8 msg[] = { 0xF7, 0xFB }; 299 u8 key[] = { 0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B, 300 0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4 }; 301 u8 nonce[] = { 0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84, 302 0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD }; 303 u8 hdr[] = { 0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA }; 304 u8 cipher[] = { 0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D, 305 0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79, 306 0x67, 0xE5 }; 307 u8 data[sizeof(msg)], tag[AES_BLOCK_SIZE]; 308 309 os_memcpy(data, msg, sizeof(msg)); 310 if (aes_128_eax_encrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr), 311 data, sizeof(data), tag)) { 312 wpa_printf(MSG_ERROR, "AES-128 EAX mode encryption failed"); 313 return 1; 314 } 315 if (os_memcmp(data, cipher, sizeof(data)) != 0) { 316 wpa_printf(MSG_ERROR, 317 "AES-128 EAX mode encryption returned invalid cipher text"); 318 return 1; 319 } 320 if (os_memcmp(tag, cipher + sizeof(data), AES_BLOCK_SIZE) != 0) { 321 wpa_printf(MSG_ERROR, 322 "AES-128 EAX mode encryption returned invalid tag"); 323 return 1; 324 } 325 326 if (aes_128_eax_decrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr), 327 data, sizeof(data), tag)) { 328 wpa_printf(MSG_ERROR, "AES-128 EAX mode decryption failed"); 329 return 1; 330 } 331 if (os_memcmp(data, msg, sizeof(data)) != 0) { 332 wpa_printf(MSG_ERROR, 333 "AES-128 EAX mode decryption returned invalid plain text"); 334 return 1; 335 } 336 337 wpa_printf(MSG_INFO, "AES-128 EAX mode test cases passed"); 338 #endif /* EAP_PSK */ 339 340 return 0; 341 } 342 343 344 static int test_cbc(void) 345 { 346 struct cbc_test_vector { 347 u8 key[16]; 348 u8 iv[16]; 349 u8 plain[32]; 350 u8 cipher[32]; 351 size_t len; 352 } vectors[] = { 353 { 354 { 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b, 355 0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 }, 356 { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30, 357 0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 }, 358 "Single block msg", 359 { 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8, 360 0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a }, 361 16 362 }, 363 { 364 { 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0, 365 0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a }, 366 { 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28, 367 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 }, 368 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 369 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 370 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 371 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, 372 { 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a, 373 0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a, 374 0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9, 375 0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 }, 376 32 377 } 378 }; 379 int ret = 0; 380 u8 *buf; 381 unsigned int i; 382 383 for (i = 0; i < ARRAY_SIZE(vectors); i++) { 384 struct cbc_test_vector *tv = &vectors[i]; 385 386 buf = os_malloc(tv->len); 387 if (buf == NULL) { 388 ret++; 389 break; 390 } 391 392 os_memcpy(buf, tv->plain, tv->len); 393 if (aes_128_cbc_encrypt(tv->key, tv->iv, buf, tv->len) || 394 os_memcmp(buf, tv->cipher, tv->len) != 0) { 395 wpa_printf(MSG_ERROR, "AES-CBC encrypt %d failed", i); 396 ret++; 397 } 398 399 os_memcpy(buf, tv->cipher, tv->len); 400 if (aes_128_cbc_decrypt(tv->key, tv->iv, buf, tv->len) || 401 os_memcmp(buf, tv->plain, tv->len) != 0) { 402 wpa_printf(MSG_ERROR, "AES-CBC decrypt %d failed", i); 403 ret++; 404 } 405 406 os_free(buf); 407 } 408 409 return ret; 410 } 411 412 413 static int test_ecb(void) 414 { 415 #ifdef EAP_PSK 416 struct ecb_test_vector { 417 char *key; 418 char *plaintext; 419 char *ciphertext; 420 } vectors[] = { 421 /* CAVS 11.1 - ECBGFSbox128.rsp */ 422 { 423 "00000000000000000000000000000000", 424 "f34481ec3cc627bacd5dc3fb08f273e6", 425 "0336763e966d92595a567cc9ce537f5e" 426 }, 427 { 428 "00000000000000000000000000000000", 429 "9798c4640bad75c7c3227db910174e72", 430 "a9a1631bf4996954ebc093957b234589" 431 }, 432 { 433 "00000000000000000000000000000000", 434 "96ab5c2ff612d9dfaae8c31f30c42168", 435 "ff4f8391a6a40ca5b25d23bedd44a597" 436 }, 437 { 438 "00000000000000000000000000000000", 439 "6a118a874519e64e9963798a503f1d35", 440 "dc43be40be0e53712f7e2bf5ca707209" 441 }, 442 { 443 "00000000000000000000000000000000", 444 "cb9fceec81286ca3e989bd979b0cb284", 445 "92beedab1895a94faa69b632e5cc47ce" 446 }, 447 { 448 "00000000000000000000000000000000", 449 "b26aeb1874e47ca8358ff22378f09144", 450 "459264f4798f6a78bacb89c15ed3d601" 451 }, 452 { 453 "00000000000000000000000000000000", 454 "58c8e00b2631686d54eab84b91f0aca1", 455 "08a4e2efec8a8e3312ca7460b9040bbf" 456 }, 457 /* CAVS 11.1 - ECBKeySbox128.rsp */ 458 { 459 "10a58869d74be5a374cf867cfb473859", 460 "00000000000000000000000000000000", 461 "6d251e6944b051e04eaa6fb4dbf78465" 462 }, 463 { 464 "caea65cdbb75e9169ecd22ebe6e54675", 465 "00000000000000000000000000000000", 466 "6e29201190152df4ee058139def610bb", 467 } 468 }; 469 int ret = 0; 470 unsigned int i; 471 u8 key[16], plain[16], cipher[16], out[16]; 472 473 for (i = 0; i < ARRAY_SIZE(vectors); i++) { 474 struct ecb_test_vector *tv = &vectors[i]; 475 476 if (hexstr2bin(tv->key, key, sizeof(key)) || 477 hexstr2bin(tv->plaintext, plain, sizeof(plain)) || 478 hexstr2bin(tv->ciphertext, cipher, sizeof(cipher))) { 479 wpa_printf(MSG_ERROR, "Invalid AES-ECB test vector %u", 480 i); 481 ret++; 482 continue; 483 } 484 485 if (aes_128_encrypt_block(key, plain, out) < 0 || 486 os_memcmp(out, cipher, 16) != 0) { 487 wpa_printf(MSG_ERROR, "AES-ECB encrypt %u failed", i); 488 ret++; 489 } 490 } 491 492 if (!ret) 493 wpa_printf(MSG_INFO, "AES ECB mode test cases passed"); 494 495 return ret; 496 #endif /* EAP_PSK */ 497 498 return 0; 499 } 500 501 502 static int test_key_wrap(void) 503 { 504 int ret = 0; 505 506 /* RFC 3394 - Test vector 4.1 */ 507 u8 kek41[] = { 508 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 509 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f 510 }; 511 u8 plain41[] = { 512 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 513 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff 514 }; 515 u8 crypt41[] = { 516 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47, 517 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82, 518 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5 519 }; 520 #ifndef CONFIG_BORINGSSL 521 /* RFC 3394 - Test vector 4.2 */ 522 u8 kek42[] = { 523 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 524 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 525 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 526 }; 527 u8 plain42[] = { 528 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 529 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff 530 }; 531 u8 crypt42[] = { 532 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35, 533 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2, 534 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D 535 }; 536 #endif /* CONFIG_BORINGSSL */ 537 /* RFC 3394 - Test vector 4.3 */ 538 u8 kek43[] = { 539 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 540 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 541 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 542 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F 543 }; 544 u8 plain43[] = { 545 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 546 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff 547 }; 548 u8 crypt43[] = { 549 0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2, 550 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A, 551 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7, 552 }; 553 #ifndef CONFIG_BORINGSSL 554 /* RFC 3394 - Test vector 4.4 */ 555 u8 kek44[] = { 556 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 557 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 558 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 559 }; 560 u8 plain44[] = { 561 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 562 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 563 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 564 }; 565 u8 crypt44[] = { 566 0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32, 567 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC, 568 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93, 569 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2 570 }; 571 #endif /* CONFIG_BORINGSSL */ 572 /* RFC 3394 - Test vector 4.5 */ 573 u8 kek45[] = { 574 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 575 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 576 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 577 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F 578 }; 579 u8 plain45[] = { 580 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 581 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 582 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 583 }; 584 u8 crypt45[] = { 585 0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F, 586 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4, 587 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95, 588 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1, 589 }; 590 /* RFC 3394 - Test vector 4.6 */ 591 u8 kek46[] = { 592 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 593 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 594 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 595 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F 596 }; 597 u8 plain46[] = { 598 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 599 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 600 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 601 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F 602 }; 603 u8 crypt46[] = { 604 0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4, 605 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26, 606 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26, 607 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B, 608 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21 609 }; 610 u8 result[40]; 611 612 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.1"); 613 if (aes_wrap(kek41, sizeof(kek41), sizeof(plain41) / 8, plain41, 614 result)) { 615 wpa_printf(MSG_ERROR, "AES-WRAP-128 reported failure"); 616 ret++; 617 } 618 if (os_memcmp(result, crypt41, sizeof(crypt41)) != 0) { 619 wpa_printf(MSG_ERROR, "AES-WRAP-128 failed"); 620 ret++; 621 } 622 if (aes_unwrap(kek41, sizeof(kek41), sizeof(plain41) / 8, crypt41, 623 result)) { 624 wpa_printf(MSG_ERROR, "AES-UNWRAP-128 reported failure"); 625 ret++; 626 } 627 if (os_memcmp(result, plain41, sizeof(plain41)) != 0) { 628 wpa_printf(MSG_ERROR, "AES-UNWRAP-128 failed"); 629 ret++; 630 } 631 632 #ifndef CONFIG_BORINGSSL 633 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.2"); 634 if (aes_wrap(kek42, sizeof(kek42), sizeof(plain42) / 8, plain42, 635 result)) { 636 wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure"); 637 ret++; 638 } 639 if (os_memcmp(result, crypt42, sizeof(crypt42)) != 0) { 640 wpa_printf(MSG_ERROR, "AES-WRAP-192 failed"); 641 ret++; 642 } 643 if (aes_unwrap(kek42, sizeof(kek42), sizeof(plain42) / 8, crypt42, 644 result)) { 645 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure"); 646 ret++; 647 } 648 if (os_memcmp(result, plain42, sizeof(plain42)) != 0) { 649 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed"); 650 ret++; 651 } 652 #endif /* CONFIG_BORINGSSL */ 653 654 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.3"); 655 if (aes_wrap(kek43, sizeof(kek43), sizeof(plain43) / 8, plain43, 656 result)) { 657 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure"); 658 ret++; 659 } 660 if (os_memcmp(result, crypt43, sizeof(crypt43)) != 0) { 661 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed"); 662 ret++; 663 } 664 if (aes_unwrap(kek43, sizeof(kek43), sizeof(plain43) / 8, crypt43, 665 result)) { 666 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure"); 667 ret++; 668 } 669 if (os_memcmp(result, plain43, sizeof(plain43)) != 0) { 670 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed"); 671 ret++; 672 } 673 674 #ifndef CONFIG_BORINGSSL 675 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.4"); 676 if (aes_wrap(kek44, sizeof(kek44), sizeof(plain44) / 8, plain44, 677 result)) { 678 wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure"); 679 ret++; 680 } 681 if (os_memcmp(result, crypt44, sizeof(crypt44)) != 0) { 682 wpa_printf(MSG_ERROR, "AES-WRAP-192 failed"); 683 ret++; 684 } 685 if (aes_unwrap(kek44, sizeof(kek44), sizeof(plain44) / 8, crypt44, 686 result)) { 687 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure"); 688 ret++; 689 } 690 if (os_memcmp(result, plain44, sizeof(plain44)) != 0) { 691 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed"); 692 ret++; 693 } 694 #endif /* CONFIG_BORINGSSL */ 695 696 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.5"); 697 if (aes_wrap(kek45, sizeof(kek45), sizeof(plain45) / 8, plain45, 698 result)) { 699 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure"); 700 ret++; 701 } 702 if (os_memcmp(result, crypt45, sizeof(crypt45)) != 0) { 703 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed"); 704 ret++; 705 } 706 if (aes_unwrap(kek45, sizeof(kek45), sizeof(plain45) / 8, crypt45, 707 result)) { 708 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure"); 709 ret++; 710 } 711 if (os_memcmp(result, plain45, sizeof(plain45)) != 0) { 712 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed"); 713 ret++; 714 } 715 716 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.6"); 717 if (aes_wrap(kek46, sizeof(kek46), sizeof(plain46) / 8, plain46, 718 result)) { 719 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure"); 720 ret++; 721 } 722 if (os_memcmp(result, crypt46, sizeof(crypt46)) != 0) { 723 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed"); 724 ret++; 725 } 726 if (aes_unwrap(kek46, sizeof(kek46), sizeof(plain46) / 8, crypt46, 727 result)) { 728 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure"); 729 ret++; 730 } 731 if (os_memcmp(result, plain46, sizeof(plain46)) != 0) { 732 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed"); 733 ret++; 734 } 735 736 if (!ret) 737 wpa_printf(MSG_INFO, "AES key wrap/unwrap test cases passed"); 738 739 return ret; 740 } 741 742 743 static int test_md5(void) 744 { 745 #ifndef CONFIG_FIPS 746 struct { 747 char *data; 748 char *hash; 749 } tests[] = { 750 { 751 "", 752 "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04" 753 "\xe9\x80\x09\x98\xec\xf8\x42\x7e" 754 }, 755 { 756 "a", 757 "\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8" 758 "\x31\xc3\x99\xe2\x69\x77\x26\x61" 759 }, 760 { 761 "abc", 762 "\x90\x01\x50\x98\x3c\xd2\x4f\xb0" 763 "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72" 764 }, 765 { 766 "message digest", 767 "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d" 768 "\x52\x5a\x2f\x31\xaa\xf1\x61\xd0" 769 }, 770 { 771 "abcdefghijklmnopqrstuvwxyz", 772 "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00" 773 "\x7d\xfb\x49\x6c\xca\x67\xe1\x3b" 774 }, 775 { 776 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" 777 "0123456789", 778 "\xd1\x74\xab\x98\xd2\x77\xd9\xf5" 779 "\xa5\x61\x1c\x2c\x9f\x41\x9d\x9f" 780 }, 781 { 782 "12345678901234567890123456789012345678901234567890" 783 "123456789012345678901234567890", 784 "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55" 785 "\xac\x49\xda\x2e\x21\x07\xb6\x7a" 786 } 787 }; 788 unsigned int i; 789 u8 hash[16]; 790 const u8 *addr[2]; 791 size_t len[2]; 792 int errors = 0; 793 794 for (i = 0; i < ARRAY_SIZE(tests); i++) { 795 wpa_printf(MSG_INFO, "MD5 test case %d", i); 796 797 addr[0] = (u8 *) tests[i].data; 798 len[0] = strlen(tests[i].data); 799 if (md5_vector(1, addr, len, hash) < 0 || 800 os_memcmp(hash, tests[i].hash, 16) != 0) { 801 wpa_printf(MSG_INFO, " FAIL"); 802 errors++; 803 } else 804 wpa_printf(MSG_INFO, " OK"); 805 806 if (len[0]) { 807 addr[0] = (u8 *) tests[i].data; 808 len[0] = strlen(tests[i].data); 809 addr[1] = (u8 *) tests[i].data + 1; 810 len[1] = strlen(tests[i].data) - 1; 811 if (md5_vector(1, addr, len, hash) < 0 || 812 os_memcmp(hash, tests[i].hash, 16) != 0) { 813 wpa_printf(MSG_INFO, " FAIL"); 814 errors++; 815 } else 816 wpa_printf(MSG_INFO, " OK"); 817 } 818 } 819 820 if (!errors) 821 wpa_printf(MSG_INFO, "MD5 test cases passed"); 822 823 return errors; 824 #else /* CONFIG_FIPS */ 825 wpa_printf(MSG_INFO, "MD5 test cases skipped due to CONFIG_FIPS"); 826 return 0; 827 #endif /* CONFIG_FIPS */ 828 } 829 830 831 static int test_eap_fast(void) 832 { 833 #ifdef EAP_FAST 834 /* RFC 4851, Appendix B.1 */ 835 const u8 pac_key[] = { 836 0x0B, 0x97, 0x39, 0x0F, 0x37, 0x51, 0x78, 0x09, 837 0x81, 0x1E, 0xFD, 0x9C, 0x6E, 0x65, 0x94, 0x2B, 838 0x63, 0x2C, 0xE9, 0x53, 0x89, 0x38, 0x08, 0xBA, 839 0x36, 0x0B, 0x03, 0x7C, 0xD1, 0x85, 0xE4, 0x14 840 }; 841 const u8 seed[] = { 842 0x3F, 0xFB, 0x11, 0xC4, 0x6C, 0xBF, 0xA5, 0x7A, 843 0x54, 0x40, 0xDA, 0xE8, 0x22, 0xD3, 0x11, 0xD3, 844 0xF7, 0x6D, 0xE4, 0x1D, 0xD9, 0x33, 0xE5, 0x93, 845 0x70, 0x97, 0xEB, 0xA9, 0xB3, 0x66, 0xF4, 0x2A, 846 0x00, 0x00, 0x00, 0x02, 0x6A, 0x66, 0x43, 0x2A, 847 0x8D, 0x14, 0x43, 0x2C, 0xEC, 0x58, 0x2D, 0x2F, 848 0xC7, 0x9C, 0x33, 0x64, 0xBA, 0x04, 0xAD, 0x3A, 849 0x52, 0x54, 0xD6, 0xA5, 0x79, 0xAD, 0x1E, 0x00 850 }; 851 const u8 master_secret[] = { 852 0x4A, 0x1A, 0x51, 0x2C, 0x01, 0x60, 0xBC, 0x02, 853 0x3C, 0xCF, 0xBC, 0x83, 0x3F, 0x03, 0xBC, 0x64, 854 0x88, 0xC1, 0x31, 0x2F, 0x0B, 0xA9, 0xA2, 0x77, 855 0x16, 0xA8, 0xD8, 0xE8, 0xBD, 0xC9, 0xD2, 0x29, 856 0x38, 0x4B, 0x7A, 0x85, 0xBE, 0x16, 0x4D, 0x27, 857 0x33, 0xD5, 0x24, 0x79, 0x87, 0xB1, 0xC5, 0xA2 858 }; 859 #ifndef CONFIG_FIPS 860 const u8 key_block[] = { 861 0x59, 0x59, 0xBE, 0x8E, 0x41, 0x3A, 0x77, 0x74, 862 0x8B, 0xB2, 0xE5, 0xD3, 0x60, 0xAC, 0x4D, 0x35, 863 0xDF, 0xFB, 0xC8, 0x1E, 0x9C, 0x24, 0x9C, 0x8B, 864 0x0E, 0xC3, 0x1D, 0x72, 0xC8, 0x84, 0x9D, 0x57, 865 0x48, 0x51, 0x2E, 0x45, 0x97, 0x6C, 0x88, 0x70, 866 0xBE, 0x5F, 0x01, 0xD3, 0x64, 0xE7, 0x4C, 0xBB, 867 0x11, 0x24, 0xE3, 0x49, 0xE2, 0x3B, 0xCD, 0xEF, 868 0x7A, 0xB3, 0x05, 0x39, 0x5D, 0x64, 0x8A, 0x44, 869 0x11, 0xB6, 0x69, 0x88, 0x34, 0x2E, 0x8E, 0x29, 870 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05, 871 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96, 872 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84, 873 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98, 874 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71 875 }; 876 #endif /* CONFIG_FIPS */ 877 const u8 sks[] = { 878 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05, 879 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96, 880 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84, 881 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98, 882 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71 883 }; 884 const u8 isk[] = { 885 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 886 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 887 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 888 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 889 }; 890 const u8 imck[] = { 891 0x16, 0x15, 0x3C, 0x3F, 0x21, 0x55, 0xEF, 0xD9, 892 0x7F, 0x34, 0xAE, 0xC8, 0x1A, 0x4E, 0x66, 0x80, 893 0x4C, 0xC3, 0x76, 0xF2, 0x8A, 0xA9, 0x6F, 0x96, 894 0xC2, 0x54, 0x5F, 0x8C, 0xAB, 0x65, 0x02, 0xE1, 895 0x18, 0x40, 0x7B, 0x56, 0xBE, 0xEA, 0xA7, 0xC5, 896 0x76, 0x5D, 0x8F, 0x0B, 0xC5, 0x07, 0xC6, 0xB9, 897 0x04, 0xD0, 0x69, 0x56, 0x72, 0x8B, 0x6B, 0xB8, 898 0x15, 0xEC, 0x57, 0x7B 899 }; 900 const u8 msk[] = { 901 0x4D, 0x83, 0xA9, 0xBE, 0x6F, 0x8A, 0x74, 0xED, 902 0x6A, 0x02, 0x66, 0x0A, 0x63, 0x4D, 0x2C, 0x33, 903 0xC2, 0xDA, 0x60, 0x15, 0xC6, 0x37, 0x04, 0x51, 904 0x90, 0x38, 0x63, 0xDA, 0x54, 0x3E, 0x14, 0xB9, 905 0x27, 0x99, 0x18, 0x1E, 0x07, 0xBF, 0x0F, 0x5A, 906 0x5E, 0x3C, 0x32, 0x93, 0x80, 0x8C, 0x6C, 0x49, 907 0x67, 0xED, 0x24, 0xFE, 0x45, 0x40, 0xA0, 0x59, 908 0x5E, 0x37, 0xC2, 0xE9, 0xD0, 0x5D, 0x0A, 0xE3 909 }; 910 const u8 emsk[] = { 911 0x3A, 0xD4, 0xAB, 0xDB, 0x76, 0xB2, 0x7F, 0x3B, 912 0xEA, 0x32, 0x2C, 0x2B, 0x74, 0xF4, 0x28, 0x55, 913 0xEF, 0x2D, 0xBA, 0x78, 0xC9, 0x57, 0x2F, 0x0D, 914 0x06, 0xCD, 0x51, 0x7C, 0x20, 0x93, 0x98, 0xA9, 915 0x76, 0xEA, 0x70, 0x21, 0xD7, 0x0E, 0x25, 0x54, 916 0x97, 0xED, 0xB2, 0x8A, 0xF6, 0xED, 0xFD, 0x0A, 917 0x2A, 0xE7, 0xA1, 0x58, 0x90, 0x10, 0x50, 0x44, 918 0xB3, 0x82, 0x85, 0xDB, 0x06, 0x14, 0xD2, 0xF9 919 }; 920 /* RFC 4851, Appendix B.2 */ 921 u8 tlv[] = { 922 0x80, 0x0C, 0x00, 0x38, 0x00, 0x01, 0x01, 0x00, 923 0xD8, 0x6A, 0x8C, 0x68, 0x3C, 0x32, 0x31, 0xA8, 924 0x56, 0x63, 0xB6, 0x40, 0x21, 0xFE, 0x21, 0x14, 925 0x4E, 0xE7, 0x54, 0x20, 0x79, 0x2D, 0x42, 0x62, 926 0xC9, 0xBF, 0x53, 0x7F, 0x54, 0xFD, 0xAC, 0x58, 927 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF, 928 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC, 929 0x05, 0xC5, 0x5B, 0xB7 930 }; 931 const u8 compound_mac[] = { 932 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF, 933 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC, 934 0x05, 0xC5, 0x5B, 0xB7 935 }; 936 u8 buf[512]; 937 const u8 *simck, *cmk; 938 int errors = 0; 939 940 wpa_printf(MSG_INFO, "EAP-FAST test cases"); 941 942 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / master_secret"); 943 if (sha1_t_prf(pac_key, sizeof(pac_key), 944 "PAC to master secret label hash", 945 seed, sizeof(seed), buf, sizeof(master_secret)) < 0 || 946 os_memcmp(master_secret, buf, sizeof(master_secret)) != 0) { 947 wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 948 errors++; 949 } 950 951 #ifndef CONFIG_FIPS 952 wpa_printf(MSG_INFO, "- PRF (TLS, SHA1/MD5) test case / key_block"); 953 if (tls_prf_sha1_md5(master_secret, sizeof(master_secret), 954 "key expansion", seed, sizeof(seed), 955 buf, sizeof(key_block)) || 956 os_memcmp(key_block, buf, sizeof(key_block)) != 0) { 957 wpa_printf(MSG_INFO, "PRF test - FAILED!"); 958 errors++; 959 } 960 #endif /* CONFIG_FIPS */ 961 962 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / IMCK"); 963 if (sha1_t_prf(sks, sizeof(sks), "Inner Methods Compound Keys", 964 isk, sizeof(isk), buf, sizeof(imck)) < 0 || 965 os_memcmp(imck, buf, sizeof(imck)) != 0) { 966 wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 967 errors++; 968 } 969 970 simck = imck; 971 cmk = imck + 40; 972 973 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / MSK"); 974 if (sha1_t_prf(simck, 40, "Session Key Generating Function", 975 (u8 *) "", 0, buf, sizeof(msk)) < 0 || 976 os_memcmp(msk, buf, sizeof(msk)) != 0) { 977 wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 978 errors++; 979 } 980 981 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / EMSK"); 982 if (sha1_t_prf(simck, 40, "Extended Session Key Generating Function", 983 (u8 *) "", 0, buf, sizeof(msk)) < 0 || 984 os_memcmp(emsk, buf, sizeof(emsk)) != 0) { 985 wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 986 errors++; 987 } 988 989 wpa_printf(MSG_INFO, "- Compound MAC test case"); 990 os_memset(tlv + sizeof(tlv) - 20, 0, 20); 991 if (hmac_sha1(cmk, 20, tlv, sizeof(tlv), tlv + sizeof(tlv) - 20) < 0 || 992 os_memcmp(tlv + sizeof(tlv) - 20, compound_mac, 993 sizeof(compound_mac)) != 0) { 994 wpa_printf(MSG_INFO, "Compound MAC test - FAILED!"); 995 errors++; 996 } 997 998 return errors; 999 #else /* EAP_FAST */ 1000 return 0; 1001 #endif /* EAP_FAST */ 1002 } 1003 1004 1005 static const u8 key0[] = 1006 { 1007 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1008 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1009 0x0b, 0x0b, 0x0b, 0x0b 1010 }; 1011 static const u8 data0[] = "Hi There"; 1012 static const u8 prf0[] = 1013 { 1014 0xbc, 0xd4, 0xc6, 0x50, 0xb3, 0x0b, 0x96, 0x84, 1015 0x95, 0x18, 0x29, 0xe0, 0xd7, 0x5f, 0x9d, 0x54, 1016 0xb8, 0x62, 0x17, 0x5e, 0xd9, 0xf0, 0x06, 0x06, 1017 0xe1, 0x7d, 0x8d, 0xa3, 0x54, 0x02, 0xff, 0xee, 1018 0x75, 0xdf, 0x78, 0xc3, 0xd3, 0x1e, 0x0f, 0x88, 1019 0x9f, 0x01, 0x21, 0x20, 0xc0, 0x86, 0x2b, 0xeb, 1020 0x67, 0x75, 0x3e, 0x74, 0x39, 0xae, 0x24, 0x2e, 1021 0xdb, 0x83, 0x73, 0x69, 0x83, 0x56, 0xcf, 0x5a 1022 }; 1023 1024 static const u8 key1[] = "Jefe"; 1025 static const u8 data1[] = "what do ya want for nothing?"; 1026 static const u8 prf1[] = 1027 { 1028 0x51, 0xf4, 0xde, 0x5b, 0x33, 0xf2, 0x49, 0xad, 1029 0xf8, 0x1a, 0xeb, 0x71, 0x3a, 0x3c, 0x20, 0xf4, 1030 0xfe, 0x63, 0x14, 0x46, 0xfa, 0xbd, 0xfa, 0x58, 1031 0x24, 0x47, 0x59, 0xae, 0x58, 0xef, 0x90, 0x09, 1032 0xa9, 0x9a, 0xbf, 0x4e, 0xac, 0x2c, 0xa5, 0xfa, 1033 0x87, 0xe6, 0x92, 0xc4, 0x40, 0xeb, 0x40, 0x02, 1034 0x3e, 0x7b, 0xab, 0xb2, 0x06, 0xd6, 0x1d, 0xe7, 1035 0xb9, 0x2f, 0x41, 0x52, 0x90, 0x92, 0xb8, 0xfc 1036 }; 1037 1038 1039 static const u8 key2[] = 1040 { 1041 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1042 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1043 0xaa, 0xaa, 0xaa, 0xaa 1044 }; 1045 static const u8 data2[] = 1046 { 1047 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1048 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1049 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1050 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1051 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1052 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1053 0xdd, 0xdd 1054 }; 1055 static const u8 prf2[] = 1056 { 1057 0xe1, 0xac, 0x54, 0x6e, 0xc4, 0xcb, 0x63, 0x6f, 1058 0x99, 0x76, 0x48, 0x7b, 0xe5, 0xc8, 0x6b, 0xe1, 1059 0x7a, 0x02, 0x52, 0xca, 0x5d, 0x8d, 0x8d, 0xf1, 1060 0x2c, 0xfb, 0x04, 0x73, 0x52, 0x52, 0x49, 0xce, 1061 0x9d, 0xd8, 0xd1, 0x77, 0xea, 0xd7, 0x10, 0xbc, 1062 0x9b, 0x59, 0x05, 0x47, 0x23, 0x91, 0x07, 0xae, 1063 0xf7, 0xb4, 0xab, 0xd4, 0x3d, 0x87, 0xf0, 0xa6, 1064 0x8f, 0x1c, 0xbd, 0x9e, 0x2b, 0x6f, 0x76, 0x07 1065 }; 1066 1067 1068 struct passphrase_test { 1069 char *passphrase; 1070 char *ssid; 1071 char psk[32]; 1072 }; 1073 1074 static const struct passphrase_test passphrase_tests[] = 1075 { 1076 { 1077 "password", 1078 "IEEE", 1079 { 1080 0xf4, 0x2c, 0x6f, 0xc5, 0x2d, 0xf0, 0xeb, 0xef, 1081 0x9e, 0xbb, 0x4b, 0x90, 0xb3, 0x8a, 0x5f, 0x90, 1082 0x2e, 0x83, 0xfe, 0x1b, 0x13, 0x5a, 0x70, 0xe2, 1083 0x3a, 0xed, 0x76, 0x2e, 0x97, 0x10, 0xa1, 0x2e 1084 } 1085 }, 1086 { 1087 "ThisIsAPassword", 1088 "ThisIsASSID", 1089 { 1090 0x0d, 0xc0, 0xd6, 0xeb, 0x90, 0x55, 0x5e, 0xd6, 1091 0x41, 0x97, 0x56, 0xb9, 0xa1, 0x5e, 0xc3, 0xe3, 1092 0x20, 0x9b, 0x63, 0xdf, 0x70, 0x7d, 0xd5, 0x08, 1093 0xd1, 0x45, 0x81, 0xf8, 0x98, 0x27, 0x21, 0xaf 1094 } 1095 }, 1096 { 1097 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 1098 "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ", 1099 { 1100 0xbe, 0xcb, 0x93, 0x86, 0x6b, 0xb8, 0xc3, 0x83, 1101 0x2c, 0xb7, 0x77, 0xc2, 0xf5, 0x59, 0x80, 0x7c, 1102 0x8c, 0x59, 0xaf, 0xcb, 0x6e, 0xae, 0x73, 0x48, 1103 0x85, 0x00, 0x13, 0x00, 0xa9, 0x81, 0xcc, 0x62 1104 } 1105 }, 1106 }; 1107 1108 #define NUM_PASSPHRASE_TESTS ARRAY_SIZE(passphrase_tests) 1109 1110 1111 struct rfc6070_test { 1112 char *p; 1113 char *s; 1114 int c; 1115 char dk[32]; 1116 size_t dk_len; 1117 }; 1118 1119 static const struct rfc6070_test rfc6070_tests[] = 1120 { 1121 { 1122 "password", 1123 "salt", 1124 1, 1125 { 1126 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71, 1127 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06, 1128 0x2f, 0xe0, 0x37, 0xa6 1129 }, 1130 20 1131 }, 1132 { 1133 "password", 1134 "salt", 1135 2, 1136 { 1137 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c, 1138 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0, 1139 0xd8, 0xde, 0x89, 0x57 1140 }, 1141 20 1142 }, 1143 { 1144 "password", 1145 "salt", 1146 4096, 1147 { 1148 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a, 1149 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0, 1150 0x65, 0xa4, 0x29, 0xc1 1151 }, 1152 20 1153 }, 1154 #if 0 /* This takes quite long to derive.. */ 1155 { 1156 "password", 1157 "salt", 1158 16777216, 1159 { 1160 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4, 1161 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c, 1162 0x26, 0x34, 0xe9, 0x84 1163 }, 1164 20 1165 }, 1166 #endif 1167 { 1168 "passwordPASSWORDpassword", 1169 "saltSALTsaltSALTsaltSALTsaltSALTsalt", 1170 4096, 1171 { 1172 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b, 1173 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a, 1174 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70, 1175 0x38 1176 }, 1177 25 1178 }, 1179 #if 0 /* \0 not currently supported in passphrase parameters.. */ 1180 { 1181 "pass\0word", 1182 "sa\0lt", 1183 4096, 1184 { 1185 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d, 1186 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3 1187 }, 1188 16 1189 }, 1190 #endif 1191 }; 1192 1193 #define NUM_RFC6070_TESTS ARRAY_SIZE(rfc6070_tests) 1194 1195 1196 static int test_sha1(void) 1197 { 1198 u8 res[512]; 1199 int ret = 0; 1200 unsigned int i; 1201 1202 wpa_printf(MSG_INFO, "PRF-SHA1 test cases:"); 1203 1204 if (sha1_prf(key0, sizeof(key0), "prefix", data0, sizeof(data0) - 1, 1205 res, sizeof(prf0)) == 0 && 1206 os_memcmp(res, prf0, sizeof(prf0)) == 0) 1207 wpa_printf(MSG_INFO, "Test case 0 - OK"); 1208 else { 1209 wpa_printf(MSG_INFO, "Test case 0 - FAILED!"); 1210 ret++; 1211 } 1212 1213 if (sha1_prf(key1, sizeof(key1) - 1, "prefix", data1, sizeof(data1) - 1, 1214 res, sizeof(prf1)) == 0 && 1215 os_memcmp(res, prf1, sizeof(prf1)) == 0) 1216 wpa_printf(MSG_INFO, "Test case 1 - OK"); 1217 else { 1218 wpa_printf(MSG_INFO, "Test case 1 - FAILED!"); 1219 ret++; 1220 } 1221 1222 if (sha1_prf(key2, sizeof(key2), "prefix", data2, sizeof(data2), 1223 res, sizeof(prf2)) == 0 && 1224 os_memcmp(res, prf2, sizeof(prf2)) == 0) 1225 wpa_printf(MSG_INFO, "Test case 2 - OK"); 1226 else { 1227 wpa_printf(MSG_INFO, "Test case 2 - FAILED!"); 1228 ret++; 1229 } 1230 1231 ret += test_eap_fast(); 1232 1233 wpa_printf(MSG_INFO, "PBKDF2-SHA1 Passphrase test cases:"); 1234 for (i = 0; i < NUM_PASSPHRASE_TESTS; i++) { 1235 u8 psk[32]; 1236 const struct passphrase_test *test = &passphrase_tests[i]; 1237 1238 if (pbkdf2_sha1(test->passphrase, 1239 (const u8 *) test->ssid, strlen(test->ssid), 1240 4096, psk, 32) == 0 && 1241 os_memcmp(psk, test->psk, 32) == 0) 1242 wpa_printf(MSG_INFO, "Test case %d - OK", i); 1243 else { 1244 wpa_printf(MSG_INFO, "Test case %d - FAILED!", i); 1245 ret++; 1246 } 1247 } 1248 1249 wpa_printf(MSG_INFO, "PBKDF2-SHA1 test cases (RFC 6070):"); 1250 for (i = 0; i < NUM_RFC6070_TESTS; i++) { 1251 u8 dk[25]; 1252 const struct rfc6070_test *test = &rfc6070_tests[i]; 1253 1254 if (pbkdf2_sha1(test->p, (const u8 *) test->s, strlen(test->s), 1255 test->c, dk, test->dk_len) == 0 && 1256 os_memcmp(dk, test->dk, test->dk_len) == 0) 1257 wpa_printf(MSG_INFO, "Test case %d - OK", i); 1258 else { 1259 wpa_printf(MSG_INFO, "Test case %d - FAILED!", i); 1260 ret++; 1261 } 1262 } 1263 1264 if (!ret) 1265 wpa_printf(MSG_INFO, "SHA1 test cases passed"); 1266 return ret; 1267 } 1268 1269 1270 static const struct { 1271 char *data; 1272 u8 hash[32]; 1273 } tests[] = { 1274 { 1275 "abc", 1276 { 1277 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 1278 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, 1279 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 1280 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad 1281 } 1282 }, 1283 { 1284 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1285 { 1286 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, 1287 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, 1288 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, 1289 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1 1290 } 1291 } 1292 }; 1293 1294 static const struct hmac_test { 1295 u8 key[80]; 1296 size_t key_len; 1297 u8 data[128]; 1298 size_t data_len; 1299 u8 hash[32]; 1300 } hmac_tests[] = { 1301 /* draft-ietf-ipsec-ciph-sha-256-01.txt */ 1302 { 1303 { 1304 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1305 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1306 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1307 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 1308 }, 1309 32, 1310 "abc", 3, 1311 { 1312 0xa2, 0x1b, 0x1f, 0x5d, 0x4c, 0xf4, 0xf7, 0x3a, 1313 0x4d, 0xd9, 0x39, 0x75, 0x0f, 0x7a, 0x06, 0x6a, 1314 0x7f, 0x98, 0xcc, 0x13, 0x1c, 0xb1, 0x6a, 0x66, 1315 0x92, 0x75, 0x90, 0x21, 0xcf, 0xab, 0x81, 0x81 1316 } 1317 }, 1318 { 1319 { 1320 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1321 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1322 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1323 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 1324 }, 1325 32, 1326 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1327 56, 1328 { 1329 0x10, 0x4f, 0xdc, 0x12, 0x57, 0x32, 0x8f, 0x08, 1330 0x18, 0x4b, 0xa7, 0x31, 0x31, 0xc5, 0x3c, 0xae, 1331 0xe6, 0x98, 0xe3, 0x61, 0x19, 0x42, 0x11, 0x49, 1332 0xea, 0x8c, 0x71, 0x24, 0x56, 0x69, 0x7d, 0x30 1333 } 1334 }, 1335 { 1336 { 1337 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1338 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1339 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1340 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 1341 }, 1342 32, 1343 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" 1344 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1345 112, 1346 { 1347 0x47, 0x03, 0x05, 0xfc, 0x7e, 0x40, 0xfe, 0x34, 1348 0xd3, 0xee, 0xb3, 0xe7, 0x73, 0xd9, 0x5a, 0xab, 1349 0x73, 0xac, 0xf0, 0xfd, 0x06, 0x04, 0x47, 0xa5, 1350 0xeb, 0x45, 0x95, 0xbf, 0x33, 0xa9, 0xd1, 0xa3 1351 } 1352 }, 1353 { 1354 { 1355 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1356 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1357 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1358 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b 1359 }, 1360 32, 1361 "Hi There", 1362 8, 1363 { 1364 0x19, 0x8a, 0x60, 0x7e, 0xb4, 0x4b, 0xfb, 0xc6, 1365 0x99, 0x03, 0xa0, 0xf1, 0xcf, 0x2b, 0xbd, 0xc5, 1366 0xba, 0x0a, 0xa3, 0xf3, 0xd9, 0xae, 0x3c, 0x1c, 1367 0x7a, 0x3b, 0x16, 0x96, 0xa0, 0xb6, 0x8c, 0xf7 1368 } 1369 }, 1370 { 1371 "Jefe", 1372 4, 1373 "what do ya want for nothing?", 1374 28, 1375 { 1376 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 1377 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7, 1378 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83, 1379 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43 1380 } 1381 }, 1382 { 1383 { 1384 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1385 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1386 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1387 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa 1388 }, 1389 32, 1390 { 1391 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1392 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1393 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1394 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1395 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1396 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1397 0xdd, 0xdd 1398 }, 1399 50, 1400 { 1401 0xcd, 0xcb, 0x12, 0x20, 0xd1, 0xec, 0xcc, 0xea, 1402 0x91, 0xe5, 0x3a, 0xba, 0x30, 0x92, 0xf9, 0x62, 1403 0xe5, 0x49, 0xfe, 0x6c, 0xe9, 0xed, 0x7f, 0xdc, 1404 0x43, 0x19, 0x1f, 0xbd, 0xe4, 0x5c, 0x30, 0xb0 1405 } 1406 }, 1407 { 1408 { 1409 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1410 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1411 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1412 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 1413 0x21, 0x22, 0x23, 0x24, 0x25 1414 }, 1415 37, 1416 { 1417 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1418 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1419 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1420 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1421 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1422 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1423 0xcd, 0xcd 1424 }, 1425 50, 1426 { 1427 0xd4, 0x63, 0x3c, 0x17, 0xf6, 0xfb, 0x8d, 0x74, 1428 0x4c, 0x66, 0xde, 0xe0, 0xf8, 0xf0, 0x74, 0x55, 1429 0x6e, 0xc4, 0xaf, 0x55, 0xef, 0x07, 0x99, 0x85, 1430 0x41, 0x46, 0x8e, 0xb4, 0x9b, 0xd2, 0xe9, 0x17 1431 } 1432 }, 1433 { 1434 { 1435 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 1436 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 1437 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 1438 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c 1439 }, 1440 32, 1441 "Test With Truncation", 1442 20, 1443 { 1444 0x75, 0x46, 0xaf, 0x01, 0x84, 0x1f, 0xc0, 0x9b, 1445 0x1a, 0xb9, 0xc3, 0x74, 0x9a, 0x5f, 0x1c, 0x17, 1446 0xd4, 0xf5, 0x89, 0x66, 0x8a, 0x58, 0x7b, 0x27, 1447 0x00, 0xa9, 0xc9, 0x7c, 0x11, 0x93, 0xcf, 0x42 1448 } 1449 }, 1450 { 1451 { 1452 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1453 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1454 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1455 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1456 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1457 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1458 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1459 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1460 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1461 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa 1462 }, 1463 80, 1464 "Test Using Larger Than Block-Size Key - Hash Key First", 1465 54, 1466 { 1467 0x69, 0x53, 0x02, 0x5e, 0xd9, 0x6f, 0x0c, 0x09, 1468 0xf8, 0x0a, 0x96, 0xf7, 0x8e, 0x65, 0x38, 0xdb, 1469 0xe2, 0xe7, 0xb8, 0x20, 0xe3, 0xdd, 0x97, 0x0e, 1470 0x7d, 0xdd, 0x39, 0x09, 0x1b, 0x32, 0x35, 0x2f 1471 } 1472 }, 1473 { 1474 { 1475 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1476 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1477 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1478 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1479 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1480 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1481 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1482 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1483 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1484 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa 1485 }, 1486 80, 1487 "Test Using Larger Than Block-Size Key and Larger Than One " 1488 "Block-Size Data", 1489 73, 1490 { 1491 0x63, 0x55, 0xac, 0x22, 0xe8, 0x90, 0xd0, 0xa3, 1492 0xc8, 0x48, 0x1a, 0x5c, 0xa4, 0x82, 0x5b, 0xc8, 1493 0x84, 0xd3, 0xe7, 0xa1, 0xff, 0x98, 0xa2, 0xfc, 1494 0x2a, 0xc7, 0xd8, 0xe0, 0x64, 0xc3, 0xb2, 0xe6 1495 } 1496 } 1497 }; 1498 1499 1500 static int test_sha256(void) 1501 { 1502 unsigned int i; 1503 u8 hash[32]; 1504 const u8 *addr[2]; 1505 size_t len[2]; 1506 int errors = 0; 1507 u8 *key; 1508 1509 for (i = 0; i < ARRAY_SIZE(tests); i++) { 1510 wpa_printf(MSG_INFO, "SHA256 test case %d:", i + 1); 1511 1512 addr[0] = (u8 *) tests[i].data; 1513 len[0] = strlen(tests[i].data); 1514 sha256_vector(1, addr, len, hash); 1515 if (memcmp(hash, tests[i].hash, 32) != 0) { 1516 wpa_printf(MSG_INFO, " FAIL"); 1517 errors++; 1518 } else 1519 wpa_printf(MSG_INFO, " OK"); 1520 1521 if (len[0]) { 1522 addr[0] = (u8 *) tests[i].data; 1523 len[0] = 1; 1524 addr[1] = (u8 *) tests[i].data + 1; 1525 len[1] = strlen(tests[i].data) - 1; 1526 sha256_vector(2, addr, len, hash); 1527 if (memcmp(hash, tests[i].hash, 32) != 0) { 1528 wpa_printf(MSG_INFO, " FAIL"); 1529 errors++; 1530 } else 1531 wpa_printf(MSG_INFO, " OK"); 1532 } 1533 } 1534 1535 for (i = 0; i < ARRAY_SIZE(hmac_tests); i++) { 1536 const struct hmac_test *t = &hmac_tests[i]; 1537 1538 wpa_printf(MSG_INFO, "HMAC-SHA256 test case %d:", i + 1); 1539 1540 if (hmac_sha256(t->key, t->key_len, t->data, t->data_len, 1541 hash) < 0 || 1542 os_memcmp(hash, t->hash, 32) != 0) { 1543 wpa_printf(MSG_INFO, " FAIL"); 1544 errors++; 1545 } else 1546 wpa_printf(MSG_INFO, " OK"); 1547 1548 addr[0] = t->data; 1549 len[0] = t->data_len; 1550 if (hmac_sha256_vector(t->key, t->key_len, 1, addr, len, 1551 hash) < 0 || 1552 os_memcmp(hash, t->hash, 32) != 0) { 1553 wpa_printf(MSG_INFO, " FAIL"); 1554 errors++; 1555 } else 1556 wpa_printf(MSG_INFO, " OK"); 1557 1558 if (len[0]) { 1559 addr[0] = t->data; 1560 len[0] = 1; 1561 addr[1] = t->data + 1; 1562 len[1] = t->data_len - 1; 1563 if (hmac_sha256_vector(t->key, t->key_len, 2, addr, len, 1564 hash) < 0 || 1565 os_memcmp(hash, t->hash, 32) != 0) { 1566 wpa_printf(MSG_INFO, " FAIL"); 1567 errors++; 1568 } else 1569 wpa_printf(MSG_INFO, " OK"); 1570 } 1571 } 1572 1573 wpa_printf(MSG_INFO, "Test IEEE 802.11r KDF"); 1574 sha256_prf((u8 *) "abc", 3, "KDF test", (u8 *) "data", 4, 1575 hash, sizeof(hash)); 1576 /* TODO: add proper test case for this */ 1577 1578 key = os_malloc(8161); 1579 if (key) { 1580 #ifdef CONFIG_HMAC_SHA256_KDF 1581 int res; 1582 1583 res = hmac_sha256_kdf((u8 *) "secret", 6, "label", 1584 (u8 *) "seed", 4, key, 8160); 1585 if (res) { 1586 wpa_printf(MSG_INFO, 1587 "Unexpected hmac_sha256_kdf(outlen=8160) failure"); 1588 errors++; 1589 } 1590 1591 res = hmac_sha256_kdf((u8 *) "secret", 6, "label", 1592 (u8 *) "seed", 4, key, 8161); 1593 if (res == 0) { 1594 wpa_printf(MSG_INFO, 1595 "Unexpected hmac_sha256_kdf(outlen=8161) success"); 1596 errors++; 1597 } 1598 #endif /* CONFIG_HMAC_SHA256_KDF */ 1599 1600 os_free(key); 1601 } 1602 1603 if (!errors) 1604 wpa_printf(MSG_INFO, "SHA256 test cases passed"); 1605 return errors; 1606 } 1607 1608 1609 static int test_fips186_2_prf(void) 1610 { 1611 /* http://csrc.nist.gov/encryption/dss/Examples-1024bit.pdf */ 1612 u8 xkey[] = { 1613 0xbd, 0x02, 0x9b, 0xbe, 0x7f, 0x51, 0x96, 0x0b, 1614 0xcf, 0x9e, 0xdb, 0x2b, 0x61, 0xf0, 0x6f, 0x0f, 1615 0xeb, 0x5a, 0x38, 0xb6 1616 }; 1617 u8 w[] = { 1618 0x20, 0x70, 0xb3, 0x22, 0x3d, 0xba, 0x37, 0x2f, 1619 0xde, 0x1c, 0x0f, 0xfc, 0x7b, 0x2e, 0x3b, 0x49, 1620 0x8b, 0x26, 0x06, 0x14, 0x3c, 0x6c, 0x18, 0xba, 1621 0xcb, 0x0f, 0x6c, 0x55, 0xba, 0xbb, 0x13, 0x78, 1622 0x8e, 0x20, 0xd7, 0x37, 0xa3, 0x27, 0x51, 0x16 1623 }; 1624 u8 buf[40]; 1625 1626 wpa_printf(MSG_INFO, 1627 "Testing EAP-SIM PRF (FIPS 186-2 + change notice 1)"); 1628 if (fips186_2_prf(xkey, sizeof(xkey), buf, sizeof(buf)) < 0 || 1629 os_memcmp(w, buf, sizeof(w)) != 0) { 1630 wpa_printf(MSG_INFO, "fips186_2_prf failed"); 1631 return 1; 1632 } 1633 1634 return 0; 1635 } 1636 1637 1638 static int test_ms_funcs(void) 1639 { 1640 #ifndef CONFIG_FIPS 1641 /* Test vector from RFC2759 example */ 1642 char *username = "User"; 1643 char *password = "clientPass"; 1644 u8 auth_challenge[] = { 1645 0x5B, 0x5D, 0x7C, 0x7D, 0x7B, 0x3F, 0x2F, 0x3E, 1646 0x3C, 0x2C, 0x60, 0x21, 0x32, 0x26, 0x26, 0x28 1647 }; 1648 u8 peer_challenge[] = { 1649 0x21, 0x40, 0x23, 0x24, 0x25, 0x5E, 0x26, 0x2A, 1650 0x28, 0x29, 0x5F, 0x2B, 0x3A, 0x33, 0x7C, 0x7E 1651 }; 1652 u8 password_hash[] = { 1653 0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6, 1654 0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE 1655 }; 1656 u8 nt_response[] = { 1657 0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E, 1658 0xA0, 0x8F, 0xAA, 0x39, 0x81, 0xCD, 0x83, 0x54, 1659 0x42, 0x33, 0x11, 0x4A, 0x3D, 0x85, 0xD6, 0xDF 1660 }; 1661 u8 password_hash_hash[] = { 1662 0x41, 0xC0, 0x0C, 0x58, 0x4B, 0xD2, 0xD9, 0x1C, 1663 0x40, 0x17, 0xA2, 0xA1, 0x2F, 0xA5, 0x9F, 0x3F 1664 }; 1665 u8 authenticator_response[] = { 1666 0x40, 0x7A, 0x55, 0x89, 0x11, 0x5F, 0xD0, 0xD6, 1667 0x20, 0x9F, 0x51, 0x0F, 0xE9, 0xC0, 0x45, 0x66, 1668 0x93, 0x2C, 0xDA, 0x56 1669 }; 1670 u8 master_key[] = { 1671 0xFD, 0xEC, 0xE3, 0x71, 0x7A, 0x8C, 0x83, 0x8C, 1672 0xB3, 0x88, 0xE5, 0x27, 0xAE, 0x3C, 0xDD, 0x31 1673 }; 1674 u8 send_start_key[] = { 1675 0x8B, 0x7C, 0xDC, 0x14, 0x9B, 0x99, 0x3A, 0x1B, 1676 0xA1, 0x18, 0xCB, 0x15, 0x3F, 0x56, 0xDC, 0xCB 1677 }; 1678 u8 buf[32]; 1679 int errors = 0; 1680 1681 if (nt_password_hash((u8 *) password, os_strlen(password), buf) || 1682 os_memcmp(password_hash, buf, sizeof(password_hash)) != 0) { 1683 wpa_printf(MSG_ERROR, "nt_password_hash failed"); 1684 errors++; 1685 } 1686 1687 if (generate_nt_response(auth_challenge, peer_challenge, 1688 (u8 *) username, os_strlen(username), 1689 (u8 *) password, os_strlen(password), buf) || 1690 os_memcmp(nt_response, buf, sizeof(nt_response)) != 0) { 1691 wpa_printf(MSG_ERROR, "generate_nt_response failed"); 1692 errors++; 1693 } 1694 1695 if (hash_nt_password_hash(password_hash, buf) || 1696 os_memcmp(password_hash_hash, buf, 1697 sizeof(password_hash_hash)) != 0) { 1698 wpa_printf(MSG_ERROR, "hash_nt_password_hash failed"); 1699 errors++; 1700 } 1701 1702 if (generate_authenticator_response((u8 *) password, 1703 os_strlen(password), 1704 peer_challenge, auth_challenge, 1705 (u8 *) username, 1706 os_strlen(username), 1707 nt_response, buf) || 1708 os_memcmp(authenticator_response, buf, 1709 sizeof(authenticator_response)) != 0) { 1710 wpa_printf(MSG_ERROR, "generate_authenticator_response failed"); 1711 errors++; 1712 } 1713 1714 if (get_master_key(password_hash_hash, nt_response, buf) || 1715 os_memcmp(master_key, buf, sizeof(master_key)) != 0) { 1716 wpa_printf(MSG_ERROR, "get_master_key failed"); 1717 errors++; 1718 } 1719 1720 if (get_asymetric_start_key(master_key, buf, sizeof(send_start_key), 1721 1, 1) || 1722 os_memcmp(send_start_key, buf, sizeof(send_start_key)) != 0) { 1723 wpa_printf(MSG_ERROR, "get_asymetric_start_key failed"); 1724 errors++; 1725 } 1726 1727 if (errors) 1728 wpa_printf(MSG_ERROR, "ms_funcs: %d errors", errors); 1729 else 1730 wpa_printf(MSG_INFO, "ms_funcs test cases passed"); 1731 1732 return errors; 1733 #else /* CONFIG_FIPS */ 1734 wpa_printf(MSG_INFO, "ms_funcs test cases skipped due to CONFIG_FIPS"); 1735 return 0; 1736 #endif /* CONFIG_FIPS */ 1737 } 1738 1739 1740 int crypto_module_tests(void) 1741 { 1742 int ret = 0; 1743 1744 wpa_printf(MSG_INFO, "crypto module tests"); 1745 if (test_siv() || 1746 test_omac1() || 1747 test_eax() || 1748 test_cbc() || 1749 test_ecb() || 1750 test_key_wrap() || 1751 test_md5() || 1752 test_sha1() || 1753 test_sha256() || 1754 test_fips186_2_prf() || 1755 test_ms_funcs()) 1756 ret = -1; 1757 1758 return ret; 1759 } 1760