1 /* 2 * crypto module tests 3 * Copyright (c) 2014-2015, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "utils/module_tests.h" 13 #include "crypto/aes_siv.h" 14 #include "crypto/aes_wrap.h" 15 #include "crypto/aes.h" 16 #include "crypto/ms_funcs.h" 17 #include "crypto/crypto.h" 18 #include "crypto/sha1.h" 19 #include "crypto/sha256.h" 20 #include "crypto/sha384.h" 21 22 23 static int test_siv(void) 24 { 25 #ifdef CONFIG_MESH 26 /* RFC 5297, A.1. Deterministic Authenticated Encryption Example */ 27 u8 key[] = { 28 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 29 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0, 30 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 31 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff 32 }; 33 u8 ad[] = { 34 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 35 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 36 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27 37 }; 38 u8 plaintext[] = { 39 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 40 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee 41 }; 42 u8 iv_c[] = { 43 0x85, 0x63, 0x2d, 0x07, 0xc6, 0xe8, 0xf3, 0x7f, 44 0x95, 0x0a, 0xcd, 0x32, 0x0a, 0x2e, 0xcc, 0x93, 45 0x40, 0xc0, 0x2b, 0x96, 0x90, 0xc4, 0xdc, 0x04, 46 0xda, 0xef, 0x7f, 0x6a, 0xfe, 0x5c 47 }; 48 /* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */ 49 u8 key_2[] = { 50 0x7f, 0x7e, 0x7d, 0x7c, 0x7b, 0x7a, 0x79, 0x78, 51 0x77, 0x76, 0x75, 0x74, 0x73, 0x72, 0x71, 0x70, 52 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 53 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f 54 }; 55 u8 ad1_2[] = { 56 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 57 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 58 0xde, 0xad, 0xda, 0xda, 0xde, 0xad, 0xda, 0xda, 59 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88, 60 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00 61 }; 62 u8 ad2_2[] = { 63 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80, 64 0x90, 0xa0 65 }; 66 u8 nonce_2[] = { 67 0x09, 0xf9, 0x11, 0x02, 0x9d, 0x74, 0xe3, 0x5b, 68 0xd8, 0x41, 0x56, 0xc5, 0x63, 0x56, 0x88, 0xc0 69 }; 70 u8 plaintext_2[] = { 71 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 72 0x73, 0x6f, 0x6d, 0x65, 0x20, 0x70, 0x6c, 0x61, 73 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x20, 0x74, 74 0x6f, 0x20, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 75 0x74, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x20, 76 0x53, 0x49, 0x56, 0x2d, 0x41, 0x45, 0x53 77 }; 78 u8 iv_c_2[] = { 79 0x7b, 0xdb, 0x6e, 0x3b, 0x43, 0x26, 0x67, 0xeb, 80 0x06, 0xf4, 0xd1, 0x4b, 0xff, 0x2f, 0xbd, 0x0f, 81 0xcb, 0x90, 0x0f, 0x2f, 0xdd, 0xbe, 0x40, 0x43, 82 0x26, 0x60, 0x19, 0x65, 0xc8, 0x89, 0xbf, 0x17, 83 0xdb, 0xa7, 0x7c, 0xeb, 0x09, 0x4f, 0xa6, 0x63, 84 0xb7, 0xa3, 0xf7, 0x48, 0xba, 0x8a, 0xf8, 0x29, 85 0xea, 0x64, 0xad, 0x54, 0x4a, 0x27, 0x2e, 0x9c, 86 0x48, 0x5b, 0x62, 0xa3, 0xfd, 0x5c, 0x0d 87 }; 88 u8 out[2 * AES_BLOCK_SIZE + sizeof(plaintext_2)]; 89 const u8 *addr[3]; 90 size_t len[3]; 91 92 /* RFC 5297, A.1. Deterministic Authenticated Encryption Example */ 93 addr[0] = ad; 94 len[0] = sizeof(ad); 95 96 if (aes_siv_encrypt(key, sizeof(key), plaintext, sizeof(plaintext), 97 1, addr, len, out)) { 98 wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed"); 99 return 1; 100 } 101 if (os_memcmp(out, iv_c, sizeof(iv_c)) != 0) { 102 wpa_printf(MSG_ERROR, 103 "AES-SIV mode encryption returned invalid cipher text"); 104 return 1; 105 } 106 107 if (aes_siv_decrypt(key, sizeof(key), iv_c, sizeof(iv_c), 108 1, addr, len, out)) { 109 wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed"); 110 return 1; 111 } 112 if (os_memcmp(out, plaintext, sizeof(plaintext)) != 0) { 113 wpa_printf(MSG_ERROR, 114 "AES-SIV mode decryption returned invalid plain text"); 115 return 1; 116 } 117 118 /* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */ 119 addr[0] = ad1_2; 120 len[0] = sizeof(ad1_2); 121 addr[1] = ad2_2; 122 len[1] = sizeof(ad2_2); 123 addr[2] = nonce_2; 124 len[2] = sizeof(nonce_2); 125 126 if (aes_siv_encrypt(key_2, sizeof(key_2), 127 plaintext_2, sizeof(plaintext_2), 128 3, addr, len, out)) { 129 wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed"); 130 return 1; 131 } 132 if (os_memcmp(out, iv_c_2, sizeof(iv_c_2)) != 0) { 133 wpa_printf(MSG_ERROR, 134 "AES-SIV mode encryption returned invalid cipher text"); 135 return 1; 136 } 137 138 if (aes_siv_decrypt(key_2, sizeof(key_2), iv_c_2, sizeof(iv_c_2), 139 3, addr, len, out)) { 140 wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed"); 141 return 1; 142 } 143 if (os_memcmp(out, plaintext_2, sizeof(plaintext_2)) != 0) { 144 wpa_printf(MSG_ERROR, 145 "AES-SIV mode decryption returned invalid plain text"); 146 return 1; 147 } 148 149 wpa_printf(MSG_INFO, "AES-SIV test cases passed"); 150 #endif /* CONFIG_MESH */ 151 152 return 0; 153 } 154 155 156 /* OMAC1 AES-128 test vectors from 157 * http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/omac/omac-ad.pdf 158 * which are same as the examples from NIST SP800-38B 159 * http://csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf 160 */ 161 162 struct omac1_test_vector { 163 u8 k[16]; 164 u8 msg[64]; 165 int msg_len; 166 u8 tag[16]; 167 }; 168 169 static const struct omac1_test_vector omac1_test_vectors[] = 170 { 171 { 172 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 173 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 174 { }, 175 0, 176 { 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, 177 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 } 178 }, 179 { 180 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 181 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 182 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 183 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a}, 184 16, 185 { 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, 186 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c } 187 }, 188 { 189 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 190 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 191 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 192 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 193 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 194 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 195 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11 }, 196 40, 197 { 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, 198 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 } 199 }, 200 { 201 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 202 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 203 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 204 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 205 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 206 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 207 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 208 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, 209 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 210 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }, 211 64, 212 { 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, 213 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe } 214 }, 215 }; 216 217 218 static int test_omac1_vector(const struct omac1_test_vector *tv, 219 unsigned int i) 220 { 221 u8 key[] = { 222 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 223 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c 224 }; 225 u8 msg[] = { 0x12, 0x34, 0x56 }; 226 u8 result[24], result2[24]; 227 const u8 *addr[3]; 228 size_t len[3]; 229 230 if (omac1_aes_128(tv->k, tv->msg, tv->msg_len, result) || 231 os_memcmp(result, tv->tag, 16) != 0) { 232 wpa_printf(MSG_ERROR, "OMAC1-AES-128 test vector %u failed", i); 233 return 1; 234 } 235 236 if (tv->msg_len > 1) { 237 238 addr[0] = tv->msg; 239 len[0] = 1; 240 addr[1] = tv->msg + 1; 241 len[1] = tv->msg_len - 1; 242 243 if (omac1_aes_128_vector(tv->k, 2, addr, len, result) || 244 os_memcmp(result, tv->tag, 16) != 0) { 245 wpa_printf(MSG_ERROR, 246 "OMAC1-AES-128(vector) test vector %u failed", 247 i); 248 return 1; 249 } 250 251 addr[0] = tv->msg; 252 len[0] = tv->msg_len - 2; 253 addr[1] = tv->msg + tv->msg_len - 2; 254 len[1] = 1; 255 addr[2] = tv->msg + tv->msg_len - 1; 256 len[2] = 1; 257 258 if (omac1_aes_128_vector(tv->k, 3, addr, len, result) || 259 os_memcmp(result, tv->tag, 16) != 0) { 260 wpa_printf(MSG_ERROR, 261 "OMAC1-AES-128(vector2) test vector %u failed", 262 i); 263 return 1; 264 } 265 } 266 267 addr[0] = &msg[0]; 268 len[0] = 1; 269 addr[1] = &msg[1]; 270 len[1] = 1; 271 addr[2] = &msg[2]; 272 len[2] = 1; 273 if (omac1_aes_128(key, msg, sizeof(msg), result) || 274 omac1_aes_128_vector(key, 3, addr, len, result2) || 275 os_memcmp(result, result2, 16) != 0) { 276 wpa_printf(MSG_ERROR, "OMAC1-AES-128 short test mismatch"); 277 return 1; 278 } 279 280 return 0; 281 } 282 283 284 static int test_omac1(void) 285 { 286 unsigned int i; 287 288 for (i = 0; i < ARRAY_SIZE(omac1_test_vectors); i++) { 289 if (test_omac1_vector(&omac1_test_vectors[i], i)) 290 return 1; 291 } 292 293 wpa_printf(MSG_INFO, "OMAC1-AES-128 test cases passed"); 294 295 return 0; 296 } 297 298 299 static int test_eax(void) 300 { 301 #ifdef EAP_PSK 302 u8 msg[] = { 0xF7, 0xFB }; 303 u8 key[] = { 0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B, 304 0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4 }; 305 u8 nonce[] = { 0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84, 306 0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD }; 307 u8 hdr[] = { 0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA }; 308 u8 cipher[] = { 0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D, 309 0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79, 310 0x67, 0xE5 }; 311 u8 data[sizeof(msg)], tag[AES_BLOCK_SIZE]; 312 313 os_memcpy(data, msg, sizeof(msg)); 314 if (aes_128_eax_encrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr), 315 data, sizeof(data), tag)) { 316 wpa_printf(MSG_ERROR, "AES-128 EAX mode encryption failed"); 317 return 1; 318 } 319 if (os_memcmp(data, cipher, sizeof(data)) != 0) { 320 wpa_printf(MSG_ERROR, 321 "AES-128 EAX mode encryption returned invalid cipher text"); 322 return 1; 323 } 324 if (os_memcmp(tag, cipher + sizeof(data), AES_BLOCK_SIZE) != 0) { 325 wpa_printf(MSG_ERROR, 326 "AES-128 EAX mode encryption returned invalid tag"); 327 return 1; 328 } 329 330 if (aes_128_eax_decrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr), 331 data, sizeof(data), tag)) { 332 wpa_printf(MSG_ERROR, "AES-128 EAX mode decryption failed"); 333 return 1; 334 } 335 if (os_memcmp(data, msg, sizeof(data)) != 0) { 336 wpa_printf(MSG_ERROR, 337 "AES-128 EAX mode decryption returned invalid plain text"); 338 return 1; 339 } 340 341 wpa_printf(MSG_INFO, "AES-128 EAX mode test cases passed"); 342 #endif /* EAP_PSK */ 343 344 return 0; 345 } 346 347 348 static int test_cbc(void) 349 { 350 struct cbc_test_vector { 351 u8 key[16]; 352 u8 iv[16]; 353 u8 plain[32]; 354 u8 cipher[32]; 355 size_t len; 356 } vectors[] = { 357 { 358 { 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b, 359 0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 }, 360 { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30, 361 0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 }, 362 "Single block msg", 363 { 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8, 364 0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a }, 365 16 366 }, 367 { 368 { 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0, 369 0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a }, 370 { 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28, 371 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 }, 372 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 373 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 374 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 375 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, 376 { 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a, 377 0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a, 378 0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9, 379 0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 }, 380 32 381 } 382 }; 383 int ret = 0; 384 u8 *buf; 385 unsigned int i; 386 387 for (i = 0; i < ARRAY_SIZE(vectors); i++) { 388 struct cbc_test_vector *tv = &vectors[i]; 389 390 buf = os_malloc(tv->len); 391 if (buf == NULL) { 392 ret++; 393 break; 394 } 395 396 os_memcpy(buf, tv->plain, tv->len); 397 if (aes_128_cbc_encrypt(tv->key, tv->iv, buf, tv->len) || 398 os_memcmp(buf, tv->cipher, tv->len) != 0) { 399 wpa_printf(MSG_ERROR, "AES-CBC encrypt %d failed", i); 400 ret++; 401 } 402 403 os_memcpy(buf, tv->cipher, tv->len); 404 if (aes_128_cbc_decrypt(tv->key, tv->iv, buf, tv->len) || 405 os_memcmp(buf, tv->plain, tv->len) != 0) { 406 wpa_printf(MSG_ERROR, "AES-CBC decrypt %d failed", i); 407 ret++; 408 } 409 410 os_free(buf); 411 } 412 413 return ret; 414 } 415 416 417 static int test_ecb(void) 418 { 419 #ifdef EAP_PSK 420 struct ecb_test_vector { 421 char *key; 422 char *plaintext; 423 char *ciphertext; 424 } vectors[] = { 425 /* CAVS 11.1 - ECBGFSbox128.rsp */ 426 { 427 "00000000000000000000000000000000", 428 "f34481ec3cc627bacd5dc3fb08f273e6", 429 "0336763e966d92595a567cc9ce537f5e" 430 }, 431 { 432 "00000000000000000000000000000000", 433 "9798c4640bad75c7c3227db910174e72", 434 "a9a1631bf4996954ebc093957b234589" 435 }, 436 { 437 "00000000000000000000000000000000", 438 "96ab5c2ff612d9dfaae8c31f30c42168", 439 "ff4f8391a6a40ca5b25d23bedd44a597" 440 }, 441 { 442 "00000000000000000000000000000000", 443 "6a118a874519e64e9963798a503f1d35", 444 "dc43be40be0e53712f7e2bf5ca707209" 445 }, 446 { 447 "00000000000000000000000000000000", 448 "cb9fceec81286ca3e989bd979b0cb284", 449 "92beedab1895a94faa69b632e5cc47ce" 450 }, 451 { 452 "00000000000000000000000000000000", 453 "b26aeb1874e47ca8358ff22378f09144", 454 "459264f4798f6a78bacb89c15ed3d601" 455 }, 456 { 457 "00000000000000000000000000000000", 458 "58c8e00b2631686d54eab84b91f0aca1", 459 "08a4e2efec8a8e3312ca7460b9040bbf" 460 }, 461 /* CAVS 11.1 - ECBKeySbox128.rsp */ 462 { 463 "10a58869d74be5a374cf867cfb473859", 464 "00000000000000000000000000000000", 465 "6d251e6944b051e04eaa6fb4dbf78465" 466 }, 467 { 468 "caea65cdbb75e9169ecd22ebe6e54675", 469 "00000000000000000000000000000000", 470 "6e29201190152df4ee058139def610bb", 471 } 472 }; 473 int ret = 0; 474 unsigned int i; 475 u8 key[16], plain[16], cipher[16], out[16]; 476 477 for (i = 0; i < ARRAY_SIZE(vectors); i++) { 478 struct ecb_test_vector *tv = &vectors[i]; 479 480 if (hexstr2bin(tv->key, key, sizeof(key)) || 481 hexstr2bin(tv->plaintext, plain, sizeof(plain)) || 482 hexstr2bin(tv->ciphertext, cipher, sizeof(cipher))) { 483 wpa_printf(MSG_ERROR, "Invalid AES-ECB test vector %u", 484 i); 485 ret++; 486 continue; 487 } 488 489 if (aes_128_encrypt_block(key, plain, out) < 0 || 490 os_memcmp(out, cipher, 16) != 0) { 491 wpa_printf(MSG_ERROR, "AES-ECB encrypt %u failed", i); 492 ret++; 493 } 494 } 495 496 if (!ret) 497 wpa_printf(MSG_INFO, "AES ECB mode test cases passed"); 498 499 return ret; 500 #endif /* EAP_PSK */ 501 502 return 0; 503 } 504 505 506 static int test_key_wrap(void) 507 { 508 int ret = 0; 509 510 /* RFC 3394 - Test vector 4.1 */ 511 u8 kek41[] = { 512 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 513 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f 514 }; 515 u8 plain41[] = { 516 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 517 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff 518 }; 519 u8 crypt41[] = { 520 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47, 521 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82, 522 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5 523 }; 524 #ifndef CONFIG_BORINGSSL 525 /* RFC 3394 - Test vector 4.2 */ 526 u8 kek42[] = { 527 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 528 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 529 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 530 }; 531 u8 plain42[] = { 532 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 533 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff 534 }; 535 u8 crypt42[] = { 536 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35, 537 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2, 538 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D 539 }; 540 #endif /* CONFIG_BORINGSSL */ 541 /* RFC 3394 - Test vector 4.3 */ 542 u8 kek43[] = { 543 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 544 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 545 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 546 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F 547 }; 548 u8 plain43[] = { 549 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 550 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff 551 }; 552 u8 crypt43[] = { 553 0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2, 554 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A, 555 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7, 556 }; 557 #ifndef CONFIG_BORINGSSL 558 /* RFC 3394 - Test vector 4.4 */ 559 u8 kek44[] = { 560 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 561 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 562 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 563 }; 564 u8 plain44[] = { 565 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 566 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 567 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 568 }; 569 u8 crypt44[] = { 570 0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32, 571 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC, 572 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93, 573 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2 574 }; 575 #endif /* CONFIG_BORINGSSL */ 576 /* RFC 3394 - Test vector 4.5 */ 577 u8 kek45[] = { 578 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 579 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 580 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 581 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F 582 }; 583 u8 plain45[] = { 584 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 585 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 586 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 587 }; 588 u8 crypt45[] = { 589 0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F, 590 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4, 591 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95, 592 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1, 593 }; 594 /* RFC 3394 - Test vector 4.6 */ 595 u8 kek46[] = { 596 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 597 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 598 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 599 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F 600 }; 601 u8 plain46[] = { 602 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 603 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 604 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 605 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F 606 }; 607 u8 crypt46[] = { 608 0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4, 609 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26, 610 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26, 611 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B, 612 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21 613 }; 614 u8 result[40]; 615 616 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.1"); 617 if (aes_wrap(kek41, sizeof(kek41), sizeof(plain41) / 8, plain41, 618 result)) { 619 wpa_printf(MSG_ERROR, "AES-WRAP-128 reported failure"); 620 ret++; 621 } 622 if (os_memcmp(result, crypt41, sizeof(crypt41)) != 0) { 623 wpa_printf(MSG_ERROR, "AES-WRAP-128 failed"); 624 ret++; 625 } 626 if (aes_unwrap(kek41, sizeof(kek41), sizeof(plain41) / 8, crypt41, 627 result)) { 628 wpa_printf(MSG_ERROR, "AES-UNWRAP-128 reported failure"); 629 ret++; 630 } 631 if (os_memcmp(result, plain41, sizeof(plain41)) != 0) { 632 wpa_printf(MSG_ERROR, "AES-UNWRAP-128 failed"); 633 ret++; 634 } 635 636 #ifndef CONFIG_BORINGSSL 637 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.2"); 638 if (aes_wrap(kek42, sizeof(kek42), sizeof(plain42) / 8, plain42, 639 result)) { 640 wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure"); 641 ret++; 642 } 643 if (os_memcmp(result, crypt42, sizeof(crypt42)) != 0) { 644 wpa_printf(MSG_ERROR, "AES-WRAP-192 failed"); 645 ret++; 646 } 647 if (aes_unwrap(kek42, sizeof(kek42), sizeof(plain42) / 8, crypt42, 648 result)) { 649 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure"); 650 ret++; 651 } 652 if (os_memcmp(result, plain42, sizeof(plain42)) != 0) { 653 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed"); 654 ret++; 655 } 656 #endif /* CONFIG_BORINGSSL */ 657 658 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.3"); 659 if (aes_wrap(kek43, sizeof(kek43), sizeof(plain43) / 8, plain43, 660 result)) { 661 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure"); 662 ret++; 663 } 664 if (os_memcmp(result, crypt43, sizeof(crypt43)) != 0) { 665 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed"); 666 ret++; 667 } 668 if (aes_unwrap(kek43, sizeof(kek43), sizeof(plain43) / 8, crypt43, 669 result)) { 670 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure"); 671 ret++; 672 } 673 if (os_memcmp(result, plain43, sizeof(plain43)) != 0) { 674 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed"); 675 ret++; 676 } 677 678 #ifndef CONFIG_BORINGSSL 679 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.4"); 680 if (aes_wrap(kek44, sizeof(kek44), sizeof(plain44) / 8, plain44, 681 result)) { 682 wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure"); 683 ret++; 684 } 685 if (os_memcmp(result, crypt44, sizeof(crypt44)) != 0) { 686 wpa_printf(MSG_ERROR, "AES-WRAP-192 failed"); 687 ret++; 688 } 689 if (aes_unwrap(kek44, sizeof(kek44), sizeof(plain44) / 8, crypt44, 690 result)) { 691 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure"); 692 ret++; 693 } 694 if (os_memcmp(result, plain44, sizeof(plain44)) != 0) { 695 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed"); 696 ret++; 697 } 698 #endif /* CONFIG_BORINGSSL */ 699 700 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.5"); 701 if (aes_wrap(kek45, sizeof(kek45), sizeof(plain45) / 8, plain45, 702 result)) { 703 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure"); 704 ret++; 705 } 706 if (os_memcmp(result, crypt45, sizeof(crypt45)) != 0) { 707 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed"); 708 ret++; 709 } 710 if (aes_unwrap(kek45, sizeof(kek45), sizeof(plain45) / 8, crypt45, 711 result)) { 712 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure"); 713 ret++; 714 } 715 if (os_memcmp(result, plain45, sizeof(plain45)) != 0) { 716 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed"); 717 ret++; 718 } 719 720 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.6"); 721 if (aes_wrap(kek46, sizeof(kek46), sizeof(plain46) / 8, plain46, 722 result)) { 723 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure"); 724 ret++; 725 } 726 if (os_memcmp(result, crypt46, sizeof(crypt46)) != 0) { 727 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed"); 728 ret++; 729 } 730 if (aes_unwrap(kek46, sizeof(kek46), sizeof(plain46) / 8, crypt46, 731 result)) { 732 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure"); 733 ret++; 734 } 735 if (os_memcmp(result, plain46, sizeof(plain46)) != 0) { 736 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed"); 737 ret++; 738 } 739 740 if (!ret) 741 wpa_printf(MSG_INFO, "AES key wrap/unwrap test cases passed"); 742 743 return ret; 744 } 745 746 747 static int test_aes_ctr(void) 748 { 749 int res = 0; 750 751 #if defined(CONFIG_MESH) || defined(CONFIG_PSK) 752 /* CTR-AES*.Encrypt test vectors from NIST SP 800-38a */ 753 const u8 key128[] = { 754 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 755 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c 756 }; 757 const u8 counter128[] = { 758 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 759 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff 760 }; 761 const u8 plain128[] = { 762 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 763 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 764 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 765 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 766 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 767 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, 768 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 769 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 770 }; 771 const u8 cipher128[] = { 772 0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26, 773 0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce, 774 0x98, 0x06, 0xf6, 0x6b, 0x79, 0x70, 0xfd, 0xff, 775 0x86, 0x17, 0x18, 0x7b, 0xb9, 0xff, 0xfd, 0xff, 776 0x5a, 0xe4, 0xdf, 0x3e, 0xdb, 0xd5, 0xd3, 0x5e, 777 0x5b, 0x4f, 0x09, 0x02, 0x0d, 0xb0, 0x3e, 0xab, 778 0x1e, 0x03, 0x1d, 0xda, 0x2f, 0xbe, 0x03, 0xd1, 779 0x79, 0x21, 0x70, 0xa0, 0xf3, 0x00, 0x9c, 0xee 780 }; 781 const u8 key192[] = { 782 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, 783 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, 784 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b 785 }; 786 const u8 counter192[] = { 787 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 788 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff 789 }; 790 const u8 plain192[] = { 791 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 792 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 793 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 794 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 795 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 796 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, 797 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 798 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 799 }; 800 const u8 cipher192[] = { 801 0x1a, 0xbc, 0x93, 0x24, 0x17, 0x52, 0x1c, 0xa2, 802 0x4f, 0x2b, 0x04, 0x59, 0xfe, 0x7e, 0x6e, 0x0b, 803 0x09, 0x03, 0x39, 0xec, 0x0a, 0xa6, 0xfa, 0xef, 804 0xd5, 0xcc, 0xc2, 0xc6, 0xf4, 0xce, 0x8e, 0x94, 805 0x1e, 0x36, 0xb2, 0x6b, 0xd1, 0xeb, 0xc6, 0x70, 806 0xd1, 0xbd, 0x1d, 0x66, 0x56, 0x20, 0xab, 0xf7, 807 0x4f, 0x78, 0xa7, 0xf6, 0xd2, 0x98, 0x09, 0x58, 808 0x5a, 0x97, 0xda, 0xec, 0x58, 0xc6, 0xb0, 0x50 809 }; 810 const u8 key256[] = { 811 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, 812 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, 813 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, 814 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 815 }; 816 const u8 counter256[] = { 817 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 818 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff 819 }; 820 const u8 plain256[] = { 821 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 822 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 823 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 824 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 825 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 826 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, 827 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 828 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 829 }; 830 const u8 cipher256[] = { 831 0x60, 0x1e, 0xc3, 0x13, 0x77, 0x57, 0x89, 0xa5, 832 0xb7, 0xa7, 0xf5, 0x04, 0xbb, 0xf3, 0xd2, 0x28, 833 0xf4, 0x43, 0xe3, 0xca, 0x4d, 0x62, 0xb5, 0x9a, 834 0xca, 0x84, 0xe9, 0x90, 0xca, 0xca, 0xf5, 0xc5, 835 0x2b, 0x09, 0x30, 0xda, 0xa2, 0x3d, 0xe9, 0x4c, 836 0xe8, 0x70, 0x17, 0xba, 0x2d, 0x84, 0x98, 0x8d, 837 0xdf, 0xc9, 0xc5, 0x8d, 0xb6, 0x7a, 0xad, 0xa6, 838 0x13, 0xc2, 0xdd, 0x08, 0x45, 0x79, 0x41, 0xa6 839 }; 840 size_t len; 841 u8 *tmp; 842 843 wpa_printf(MSG_DEBUG, "CTR-AES128.Encrypt"); 844 len = sizeof(plain128); 845 tmp = os_malloc(len); 846 if (!tmp) 847 return -1; 848 os_memcpy(tmp, plain128, len); 849 if (aes_ctr_encrypt(key128, sizeof(key128), counter128, tmp, len) < 0) { 850 wpa_printf(MSG_ERROR, "aes_ctr_encrypt() failed"); 851 res = -1; 852 } else if (os_memcmp(tmp, cipher128, len) != 0) { 853 wpa_printf(MSG_ERROR, 854 "CTR-AES128.Encrypt test vector did not match"); 855 res = -1; 856 } 857 os_free(tmp); 858 859 wpa_printf(MSG_DEBUG, "CTR-AES192.Encrypt"); 860 len = sizeof(plain192); 861 tmp = os_malloc(len); 862 if (!tmp) 863 return -1; 864 os_memcpy(tmp, plain192, len); 865 if (aes_ctr_encrypt(key192, sizeof(key192), counter192, tmp, len) < 0) { 866 wpa_printf(MSG_ERROR, "aes_ctr_encrypt() failed"); 867 res = -1; 868 } else if (os_memcmp(tmp, cipher192, len) != 0) { 869 wpa_printf(MSG_ERROR, 870 "CTR-AES192.Encrypt test vector did not match"); 871 res = -1; 872 } 873 os_free(tmp); 874 875 wpa_printf(MSG_DEBUG, "CTR-AES256.Encrypt"); 876 len = sizeof(plain256); 877 tmp = os_malloc(len); 878 if (!tmp) 879 return -1; 880 os_memcpy(tmp, plain256, len); 881 if (aes_ctr_encrypt(key256, sizeof(key256), counter256, tmp, len) < 0) { 882 wpa_printf(MSG_ERROR, "aes_ctr_encrypt() failed"); 883 res = -1; 884 } else if (os_memcmp(tmp, cipher256, len) != 0) { 885 wpa_printf(MSG_ERROR, 886 "CTR-AES256.Encrypt test vector did not match"); 887 res = -1; 888 } 889 os_free(tmp); 890 #endif 891 892 return res; 893 } 894 895 896 static int test_md5(void) 897 { 898 #ifndef CONFIG_FIPS 899 struct { 900 char *data; 901 char *hash; 902 } tests[] = { 903 { 904 "", 905 "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04" 906 "\xe9\x80\x09\x98\xec\xf8\x42\x7e" 907 }, 908 { 909 "a", 910 "\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8" 911 "\x31\xc3\x99\xe2\x69\x77\x26\x61" 912 }, 913 { 914 "abc", 915 "\x90\x01\x50\x98\x3c\xd2\x4f\xb0" 916 "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72" 917 }, 918 { 919 "message digest", 920 "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d" 921 "\x52\x5a\x2f\x31\xaa\xf1\x61\xd0" 922 }, 923 { 924 "abcdefghijklmnopqrstuvwxyz", 925 "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00" 926 "\x7d\xfb\x49\x6c\xca\x67\xe1\x3b" 927 }, 928 { 929 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" 930 "0123456789", 931 "\xd1\x74\xab\x98\xd2\x77\xd9\xf5" 932 "\xa5\x61\x1c\x2c\x9f\x41\x9d\x9f" 933 }, 934 { 935 "12345678901234567890123456789012345678901234567890" 936 "123456789012345678901234567890", 937 "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55" 938 "\xac\x49\xda\x2e\x21\x07\xb6\x7a" 939 } 940 }; 941 unsigned int i; 942 u8 hash[16]; 943 const u8 *addr[2]; 944 size_t len[2]; 945 int errors = 0; 946 947 for (i = 0; i < ARRAY_SIZE(tests); i++) { 948 wpa_printf(MSG_INFO, "MD5 test case %d", i); 949 950 addr[0] = (u8 *) tests[i].data; 951 len[0] = strlen(tests[i].data); 952 if (md5_vector(1, addr, len, hash) < 0 || 953 os_memcmp(hash, tests[i].hash, 16) != 0) { 954 wpa_printf(MSG_INFO, " FAIL"); 955 errors++; 956 } else 957 wpa_printf(MSG_INFO, " OK"); 958 959 if (len[0]) { 960 addr[0] = (u8 *) tests[i].data; 961 len[0] = strlen(tests[i].data); 962 addr[1] = (u8 *) tests[i].data + 1; 963 len[1] = strlen(tests[i].data) - 1; 964 if (md5_vector(1, addr, len, hash) < 0 || 965 os_memcmp(hash, tests[i].hash, 16) != 0) { 966 wpa_printf(MSG_INFO, " FAIL"); 967 errors++; 968 } else 969 wpa_printf(MSG_INFO, " OK"); 970 } 971 } 972 973 if (!errors) 974 wpa_printf(MSG_INFO, "MD5 test cases passed"); 975 976 return errors; 977 #else /* CONFIG_FIPS */ 978 wpa_printf(MSG_INFO, "MD5 test cases skipped due to CONFIG_FIPS"); 979 return 0; 980 #endif /* CONFIG_FIPS */ 981 } 982 983 984 static int test_eap_fast(void) 985 { 986 #ifdef EAP_FAST 987 /* RFC 4851, Appendix B.1 */ 988 const u8 pac_key[] = { 989 0x0B, 0x97, 0x39, 0x0F, 0x37, 0x51, 0x78, 0x09, 990 0x81, 0x1E, 0xFD, 0x9C, 0x6E, 0x65, 0x94, 0x2B, 991 0x63, 0x2C, 0xE9, 0x53, 0x89, 0x38, 0x08, 0xBA, 992 0x36, 0x0B, 0x03, 0x7C, 0xD1, 0x85, 0xE4, 0x14 993 }; 994 const u8 seed[] = { 995 0x3F, 0xFB, 0x11, 0xC4, 0x6C, 0xBF, 0xA5, 0x7A, 996 0x54, 0x40, 0xDA, 0xE8, 0x22, 0xD3, 0x11, 0xD3, 997 0xF7, 0x6D, 0xE4, 0x1D, 0xD9, 0x33, 0xE5, 0x93, 998 0x70, 0x97, 0xEB, 0xA9, 0xB3, 0x66, 0xF4, 0x2A, 999 0x00, 0x00, 0x00, 0x02, 0x6A, 0x66, 0x43, 0x2A, 1000 0x8D, 0x14, 0x43, 0x2C, 0xEC, 0x58, 0x2D, 0x2F, 1001 0xC7, 0x9C, 0x33, 0x64, 0xBA, 0x04, 0xAD, 0x3A, 1002 0x52, 0x54, 0xD6, 0xA5, 0x79, 0xAD, 0x1E, 0x00 1003 }; 1004 const u8 master_secret[] = { 1005 0x4A, 0x1A, 0x51, 0x2C, 0x01, 0x60, 0xBC, 0x02, 1006 0x3C, 0xCF, 0xBC, 0x83, 0x3F, 0x03, 0xBC, 0x64, 1007 0x88, 0xC1, 0x31, 0x2F, 0x0B, 0xA9, 0xA2, 0x77, 1008 0x16, 0xA8, 0xD8, 0xE8, 0xBD, 0xC9, 0xD2, 0x29, 1009 0x38, 0x4B, 0x7A, 0x85, 0xBE, 0x16, 0x4D, 0x27, 1010 0x33, 0xD5, 0x24, 0x79, 0x87, 0xB1, 0xC5, 0xA2 1011 }; 1012 #ifndef CONFIG_FIPS 1013 const u8 key_block[] = { 1014 0x59, 0x59, 0xBE, 0x8E, 0x41, 0x3A, 0x77, 0x74, 1015 0x8B, 0xB2, 0xE5, 0xD3, 0x60, 0xAC, 0x4D, 0x35, 1016 0xDF, 0xFB, 0xC8, 0x1E, 0x9C, 0x24, 0x9C, 0x8B, 1017 0x0E, 0xC3, 0x1D, 0x72, 0xC8, 0x84, 0x9D, 0x57, 1018 0x48, 0x51, 0x2E, 0x45, 0x97, 0x6C, 0x88, 0x70, 1019 0xBE, 0x5F, 0x01, 0xD3, 0x64, 0xE7, 0x4C, 0xBB, 1020 0x11, 0x24, 0xE3, 0x49, 0xE2, 0x3B, 0xCD, 0xEF, 1021 0x7A, 0xB3, 0x05, 0x39, 0x5D, 0x64, 0x8A, 0x44, 1022 0x11, 0xB6, 0x69, 0x88, 0x34, 0x2E, 0x8E, 0x29, 1023 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05, 1024 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96, 1025 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84, 1026 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98, 1027 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71 1028 }; 1029 #endif /* CONFIG_FIPS */ 1030 const u8 sks[] = { 1031 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05, 1032 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96, 1033 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84, 1034 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98, 1035 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71 1036 }; 1037 const u8 isk[] = { 1038 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1039 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1040 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1041 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 1042 }; 1043 const u8 imck[] = { 1044 0x16, 0x15, 0x3C, 0x3F, 0x21, 0x55, 0xEF, 0xD9, 1045 0x7F, 0x34, 0xAE, 0xC8, 0x1A, 0x4E, 0x66, 0x80, 1046 0x4C, 0xC3, 0x76, 0xF2, 0x8A, 0xA9, 0x6F, 0x96, 1047 0xC2, 0x54, 0x5F, 0x8C, 0xAB, 0x65, 0x02, 0xE1, 1048 0x18, 0x40, 0x7B, 0x56, 0xBE, 0xEA, 0xA7, 0xC5, 1049 0x76, 0x5D, 0x8F, 0x0B, 0xC5, 0x07, 0xC6, 0xB9, 1050 0x04, 0xD0, 0x69, 0x56, 0x72, 0x8B, 0x6B, 0xB8, 1051 0x15, 0xEC, 0x57, 0x7B 1052 }; 1053 const u8 msk[] = { 1054 0x4D, 0x83, 0xA9, 0xBE, 0x6F, 0x8A, 0x74, 0xED, 1055 0x6A, 0x02, 0x66, 0x0A, 0x63, 0x4D, 0x2C, 0x33, 1056 0xC2, 0xDA, 0x60, 0x15, 0xC6, 0x37, 0x04, 0x51, 1057 0x90, 0x38, 0x63, 0xDA, 0x54, 0x3E, 0x14, 0xB9, 1058 0x27, 0x99, 0x18, 0x1E, 0x07, 0xBF, 0x0F, 0x5A, 1059 0x5E, 0x3C, 0x32, 0x93, 0x80, 0x8C, 0x6C, 0x49, 1060 0x67, 0xED, 0x24, 0xFE, 0x45, 0x40, 0xA0, 0x59, 1061 0x5E, 0x37, 0xC2, 0xE9, 0xD0, 0x5D, 0x0A, 0xE3 1062 }; 1063 const u8 emsk[] = { 1064 0x3A, 0xD4, 0xAB, 0xDB, 0x76, 0xB2, 0x7F, 0x3B, 1065 0xEA, 0x32, 0x2C, 0x2B, 0x74, 0xF4, 0x28, 0x55, 1066 0xEF, 0x2D, 0xBA, 0x78, 0xC9, 0x57, 0x2F, 0x0D, 1067 0x06, 0xCD, 0x51, 0x7C, 0x20, 0x93, 0x98, 0xA9, 1068 0x76, 0xEA, 0x70, 0x21, 0xD7, 0x0E, 0x25, 0x54, 1069 0x97, 0xED, 0xB2, 0x8A, 0xF6, 0xED, 0xFD, 0x0A, 1070 0x2A, 0xE7, 0xA1, 0x58, 0x90, 0x10, 0x50, 0x44, 1071 0xB3, 0x82, 0x85, 0xDB, 0x06, 0x14, 0xD2, 0xF9 1072 }; 1073 /* RFC 4851, Appendix B.2 */ 1074 u8 tlv[] = { 1075 0x80, 0x0C, 0x00, 0x38, 0x00, 0x01, 0x01, 0x00, 1076 0xD8, 0x6A, 0x8C, 0x68, 0x3C, 0x32, 0x31, 0xA8, 1077 0x56, 0x63, 0xB6, 0x40, 0x21, 0xFE, 0x21, 0x14, 1078 0x4E, 0xE7, 0x54, 0x20, 0x79, 0x2D, 0x42, 0x62, 1079 0xC9, 0xBF, 0x53, 0x7F, 0x54, 0xFD, 0xAC, 0x58, 1080 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF, 1081 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC, 1082 0x05, 0xC5, 0x5B, 0xB7 1083 }; 1084 const u8 compound_mac[] = { 1085 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF, 1086 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC, 1087 0x05, 0xC5, 0x5B, 0xB7 1088 }; 1089 u8 buf[512]; 1090 const u8 *simck, *cmk; 1091 int errors = 0; 1092 1093 wpa_printf(MSG_INFO, "EAP-FAST test cases"); 1094 1095 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / master_secret"); 1096 if (sha1_t_prf(pac_key, sizeof(pac_key), 1097 "PAC to master secret label hash", 1098 seed, sizeof(seed), buf, sizeof(master_secret)) < 0 || 1099 os_memcmp(master_secret, buf, sizeof(master_secret)) != 0) { 1100 wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 1101 errors++; 1102 } 1103 1104 #ifndef CONFIG_FIPS 1105 wpa_printf(MSG_INFO, "- PRF (TLS, SHA1/MD5) test case / key_block"); 1106 if (tls_prf_sha1_md5(master_secret, sizeof(master_secret), 1107 "key expansion", seed, sizeof(seed), 1108 buf, sizeof(key_block)) || 1109 os_memcmp(key_block, buf, sizeof(key_block)) != 0) { 1110 wpa_printf(MSG_INFO, "PRF test - FAILED!"); 1111 errors++; 1112 } 1113 #endif /* CONFIG_FIPS */ 1114 1115 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / IMCK"); 1116 if (sha1_t_prf(sks, sizeof(sks), "Inner Methods Compound Keys", 1117 isk, sizeof(isk), buf, sizeof(imck)) < 0 || 1118 os_memcmp(imck, buf, sizeof(imck)) != 0) { 1119 wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 1120 errors++; 1121 } 1122 1123 simck = imck; 1124 cmk = imck + 40; 1125 1126 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / MSK"); 1127 if (sha1_t_prf(simck, 40, "Session Key Generating Function", 1128 (u8 *) "", 0, buf, sizeof(msk)) < 0 || 1129 os_memcmp(msk, buf, sizeof(msk)) != 0) { 1130 wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 1131 errors++; 1132 } 1133 1134 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / EMSK"); 1135 if (sha1_t_prf(simck, 40, "Extended Session Key Generating Function", 1136 (u8 *) "", 0, buf, sizeof(msk)) < 0 || 1137 os_memcmp(emsk, buf, sizeof(emsk)) != 0) { 1138 wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 1139 errors++; 1140 } 1141 1142 wpa_printf(MSG_INFO, "- Compound MAC test case"); 1143 os_memset(tlv + sizeof(tlv) - 20, 0, 20); 1144 if (hmac_sha1(cmk, 20, tlv, sizeof(tlv), tlv + sizeof(tlv) - 20) < 0 || 1145 os_memcmp(tlv + sizeof(tlv) - 20, compound_mac, 1146 sizeof(compound_mac)) != 0) { 1147 wpa_printf(MSG_INFO, "Compound MAC test - FAILED!"); 1148 errors++; 1149 } 1150 1151 return errors; 1152 #else /* EAP_FAST */ 1153 return 0; 1154 #endif /* EAP_FAST */ 1155 } 1156 1157 1158 static const u8 key0[] = 1159 { 1160 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1161 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1162 0x0b, 0x0b, 0x0b, 0x0b 1163 }; 1164 static const u8 data0[] = "Hi There"; 1165 static const u8 prf0[] = 1166 { 1167 0xbc, 0xd4, 0xc6, 0x50, 0xb3, 0x0b, 0x96, 0x84, 1168 0x95, 0x18, 0x29, 0xe0, 0xd7, 0x5f, 0x9d, 0x54, 1169 0xb8, 0x62, 0x17, 0x5e, 0xd9, 0xf0, 0x06, 0x06, 1170 0xe1, 0x7d, 0x8d, 0xa3, 0x54, 0x02, 0xff, 0xee, 1171 0x75, 0xdf, 0x78, 0xc3, 0xd3, 0x1e, 0x0f, 0x88, 1172 0x9f, 0x01, 0x21, 0x20, 0xc0, 0x86, 0x2b, 0xeb, 1173 0x67, 0x75, 0x3e, 0x74, 0x39, 0xae, 0x24, 0x2e, 1174 0xdb, 0x83, 0x73, 0x69, 0x83, 0x56, 0xcf, 0x5a 1175 }; 1176 1177 static const u8 key1[] = "Jefe"; 1178 static const u8 data1[] = "what do ya want for nothing?"; 1179 static const u8 prf1[] = 1180 { 1181 0x51, 0xf4, 0xde, 0x5b, 0x33, 0xf2, 0x49, 0xad, 1182 0xf8, 0x1a, 0xeb, 0x71, 0x3a, 0x3c, 0x20, 0xf4, 1183 0xfe, 0x63, 0x14, 0x46, 0xfa, 0xbd, 0xfa, 0x58, 1184 0x24, 0x47, 0x59, 0xae, 0x58, 0xef, 0x90, 0x09, 1185 0xa9, 0x9a, 0xbf, 0x4e, 0xac, 0x2c, 0xa5, 0xfa, 1186 0x87, 0xe6, 0x92, 0xc4, 0x40, 0xeb, 0x40, 0x02, 1187 0x3e, 0x7b, 0xab, 0xb2, 0x06, 0xd6, 0x1d, 0xe7, 1188 0xb9, 0x2f, 0x41, 0x52, 0x90, 0x92, 0xb8, 0xfc 1189 }; 1190 1191 1192 static const u8 key2[] = 1193 { 1194 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1195 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1196 0xaa, 0xaa, 0xaa, 0xaa 1197 }; 1198 static const u8 data2[] = 1199 { 1200 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1201 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1202 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1203 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1204 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1205 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1206 0xdd, 0xdd 1207 }; 1208 static const u8 prf2[] = 1209 { 1210 0xe1, 0xac, 0x54, 0x6e, 0xc4, 0xcb, 0x63, 0x6f, 1211 0x99, 0x76, 0x48, 0x7b, 0xe5, 0xc8, 0x6b, 0xe1, 1212 0x7a, 0x02, 0x52, 0xca, 0x5d, 0x8d, 0x8d, 0xf1, 1213 0x2c, 0xfb, 0x04, 0x73, 0x52, 0x52, 0x49, 0xce, 1214 0x9d, 0xd8, 0xd1, 0x77, 0xea, 0xd7, 0x10, 0xbc, 1215 0x9b, 0x59, 0x05, 0x47, 0x23, 0x91, 0x07, 0xae, 1216 0xf7, 0xb4, 0xab, 0xd4, 0x3d, 0x87, 0xf0, 0xa6, 1217 0x8f, 0x1c, 0xbd, 0x9e, 0x2b, 0x6f, 0x76, 0x07 1218 }; 1219 1220 1221 struct passphrase_test { 1222 char *passphrase; 1223 char *ssid; 1224 char psk[32]; 1225 }; 1226 1227 static const struct passphrase_test passphrase_tests[] = 1228 { 1229 { 1230 "password", 1231 "IEEE", 1232 { 1233 0xf4, 0x2c, 0x6f, 0xc5, 0x2d, 0xf0, 0xeb, 0xef, 1234 0x9e, 0xbb, 0x4b, 0x90, 0xb3, 0x8a, 0x5f, 0x90, 1235 0x2e, 0x83, 0xfe, 0x1b, 0x13, 0x5a, 0x70, 0xe2, 1236 0x3a, 0xed, 0x76, 0x2e, 0x97, 0x10, 0xa1, 0x2e 1237 } 1238 }, 1239 { 1240 "ThisIsAPassword", 1241 "ThisIsASSID", 1242 { 1243 0x0d, 0xc0, 0xd6, 0xeb, 0x90, 0x55, 0x5e, 0xd6, 1244 0x41, 0x97, 0x56, 0xb9, 0xa1, 0x5e, 0xc3, 0xe3, 1245 0x20, 0x9b, 0x63, 0xdf, 0x70, 0x7d, 0xd5, 0x08, 1246 0xd1, 0x45, 0x81, 0xf8, 0x98, 0x27, 0x21, 0xaf 1247 } 1248 }, 1249 { 1250 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 1251 "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ", 1252 { 1253 0xbe, 0xcb, 0x93, 0x86, 0x6b, 0xb8, 0xc3, 0x83, 1254 0x2c, 0xb7, 0x77, 0xc2, 0xf5, 0x59, 0x80, 0x7c, 1255 0x8c, 0x59, 0xaf, 0xcb, 0x6e, 0xae, 0x73, 0x48, 1256 0x85, 0x00, 0x13, 0x00, 0xa9, 0x81, 0xcc, 0x62 1257 } 1258 }, 1259 }; 1260 1261 #define NUM_PASSPHRASE_TESTS ARRAY_SIZE(passphrase_tests) 1262 1263 1264 struct rfc6070_test { 1265 char *p; 1266 char *s; 1267 int c; 1268 char dk[32]; 1269 size_t dk_len; 1270 }; 1271 1272 static const struct rfc6070_test rfc6070_tests[] = 1273 { 1274 { 1275 "password", 1276 "salt", 1277 1, 1278 { 1279 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71, 1280 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06, 1281 0x2f, 0xe0, 0x37, 0xa6 1282 }, 1283 20 1284 }, 1285 { 1286 "password", 1287 "salt", 1288 2, 1289 { 1290 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c, 1291 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0, 1292 0xd8, 0xde, 0x89, 0x57 1293 }, 1294 20 1295 }, 1296 { 1297 "password", 1298 "salt", 1299 4096, 1300 { 1301 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a, 1302 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0, 1303 0x65, 0xa4, 0x29, 0xc1 1304 }, 1305 20 1306 }, 1307 #if 0 /* This takes quite long to derive.. */ 1308 { 1309 "password", 1310 "salt", 1311 16777216, 1312 { 1313 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4, 1314 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c, 1315 0x26, 0x34, 0xe9, 0x84 1316 }, 1317 20 1318 }, 1319 #endif 1320 { 1321 "passwordPASSWORDpassword", 1322 "saltSALTsaltSALTsaltSALTsaltSALTsalt", 1323 4096, 1324 { 1325 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b, 1326 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a, 1327 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70, 1328 0x38 1329 }, 1330 25 1331 }, 1332 #if 0 /* \0 not currently supported in passphrase parameters.. */ 1333 { 1334 "pass\0word", 1335 "sa\0lt", 1336 4096, 1337 { 1338 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d, 1339 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3 1340 }, 1341 16 1342 }, 1343 #endif 1344 }; 1345 1346 #define NUM_RFC6070_TESTS ARRAY_SIZE(rfc6070_tests) 1347 1348 1349 static int test_sha1(void) 1350 { 1351 u8 res[512]; 1352 int ret = 0; 1353 unsigned int i; 1354 1355 wpa_printf(MSG_INFO, "PRF-SHA1 test cases:"); 1356 1357 if (sha1_prf(key0, sizeof(key0), "prefix", data0, sizeof(data0) - 1, 1358 res, sizeof(prf0)) == 0 && 1359 os_memcmp(res, prf0, sizeof(prf0)) == 0) 1360 wpa_printf(MSG_INFO, "Test case 0 - OK"); 1361 else { 1362 wpa_printf(MSG_INFO, "Test case 0 - FAILED!"); 1363 ret++; 1364 } 1365 1366 if (sha1_prf(key1, sizeof(key1) - 1, "prefix", data1, sizeof(data1) - 1, 1367 res, sizeof(prf1)) == 0 && 1368 os_memcmp(res, prf1, sizeof(prf1)) == 0) 1369 wpa_printf(MSG_INFO, "Test case 1 - OK"); 1370 else { 1371 wpa_printf(MSG_INFO, "Test case 1 - FAILED!"); 1372 ret++; 1373 } 1374 1375 if (sha1_prf(key2, sizeof(key2), "prefix", data2, sizeof(data2), 1376 res, sizeof(prf2)) == 0 && 1377 os_memcmp(res, prf2, sizeof(prf2)) == 0) 1378 wpa_printf(MSG_INFO, "Test case 2 - OK"); 1379 else { 1380 wpa_printf(MSG_INFO, "Test case 2 - FAILED!"); 1381 ret++; 1382 } 1383 1384 ret += test_eap_fast(); 1385 1386 wpa_printf(MSG_INFO, "PBKDF2-SHA1 Passphrase test cases:"); 1387 for (i = 0; i < NUM_PASSPHRASE_TESTS; i++) { 1388 u8 psk[32]; 1389 const struct passphrase_test *test = &passphrase_tests[i]; 1390 1391 if (pbkdf2_sha1(test->passphrase, 1392 (const u8 *) test->ssid, strlen(test->ssid), 1393 4096, psk, 32) == 0 && 1394 os_memcmp(psk, test->psk, 32) == 0) 1395 wpa_printf(MSG_INFO, "Test case %d - OK", i); 1396 else { 1397 wpa_printf(MSG_INFO, "Test case %d - FAILED!", i); 1398 ret++; 1399 } 1400 } 1401 1402 wpa_printf(MSG_INFO, "PBKDF2-SHA1 test cases (RFC 6070):"); 1403 for (i = 0; i < NUM_RFC6070_TESTS; i++) { 1404 u8 dk[25]; 1405 const struct rfc6070_test *test = &rfc6070_tests[i]; 1406 1407 if (pbkdf2_sha1(test->p, (const u8 *) test->s, strlen(test->s), 1408 test->c, dk, test->dk_len) == 0 && 1409 os_memcmp(dk, test->dk, test->dk_len) == 0) 1410 wpa_printf(MSG_INFO, "Test case %d - OK", i); 1411 else { 1412 wpa_printf(MSG_INFO, "Test case %d - FAILED!", i); 1413 ret++; 1414 } 1415 } 1416 1417 if (!ret) 1418 wpa_printf(MSG_INFO, "SHA1 test cases passed"); 1419 return ret; 1420 } 1421 1422 1423 static const struct { 1424 char *data; 1425 u8 hash[32]; 1426 } tests[] = { 1427 { 1428 "abc", 1429 { 1430 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 1431 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, 1432 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 1433 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad 1434 } 1435 }, 1436 { 1437 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1438 { 1439 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, 1440 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, 1441 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, 1442 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1 1443 } 1444 } 1445 }; 1446 1447 static const struct hmac_test { 1448 u8 key[150]; 1449 size_t key_len; 1450 u8 data[160]; 1451 size_t data_len; 1452 u8 hash[32]; /* HMAC-SHA-256 */ 1453 u8 hash384[48]; /* HMAC-SHA-384 */ 1454 } hmac_tests[] = { 1455 /* draft-ietf-ipsec-ciph-sha-256-01.txt; RFC 4231 */ 1456 { 1457 { 1458 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1459 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1460 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1461 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 1462 }, 1463 32, 1464 "abc", 3, 1465 { 1466 0xa2, 0x1b, 0x1f, 0x5d, 0x4c, 0xf4, 0xf7, 0x3a, 1467 0x4d, 0xd9, 0x39, 0x75, 0x0f, 0x7a, 0x06, 0x6a, 1468 0x7f, 0x98, 0xcc, 0x13, 0x1c, 0xb1, 0x6a, 0x66, 1469 0x92, 0x75, 0x90, 0x21, 0xcf, 0xab, 0x81, 0x81 1470 }, 1471 { } 1472 }, 1473 { 1474 { 1475 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1476 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1477 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1478 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 1479 }, 1480 32, 1481 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1482 56, 1483 { 1484 0x10, 0x4f, 0xdc, 0x12, 0x57, 0x32, 0x8f, 0x08, 1485 0x18, 0x4b, 0xa7, 0x31, 0x31, 0xc5, 0x3c, 0xae, 1486 0xe6, 0x98, 0xe3, 0x61, 0x19, 0x42, 0x11, 0x49, 1487 0xea, 0x8c, 0x71, 0x24, 0x56, 0x69, 0x7d, 0x30 1488 }, 1489 { } 1490 }, 1491 { 1492 { 1493 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1494 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1495 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1496 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 1497 }, 1498 32, 1499 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" 1500 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1501 112, 1502 { 1503 0x47, 0x03, 0x05, 0xfc, 0x7e, 0x40, 0xfe, 0x34, 1504 0xd3, 0xee, 0xb3, 0xe7, 0x73, 0xd9, 0x5a, 0xab, 1505 0x73, 0xac, 0xf0, 0xfd, 0x06, 0x04, 0x47, 0xa5, 1506 0xeb, 0x45, 0x95, 0xbf, 0x33, 0xa9, 0xd1, 0xa3 1507 }, 1508 { } 1509 }, 1510 { 1511 { 1512 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1513 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1514 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1515 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b 1516 }, 1517 32, 1518 "Hi There", 1519 8, 1520 { 1521 0x19, 0x8a, 0x60, 0x7e, 0xb4, 0x4b, 0xfb, 0xc6, 1522 0x99, 0x03, 0xa0, 0xf1, 0xcf, 0x2b, 0xbd, 0xc5, 1523 0xba, 0x0a, 0xa3, 0xf3, 0xd9, 0xae, 0x3c, 0x1c, 1524 0x7a, 0x3b, 0x16, 0x96, 0xa0, 0xb6, 0x8c, 0xf7 1525 }, 1526 { } 1527 }, 1528 { /* RFC 4231 - Test Case 1 */ 1529 { 1530 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1531 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1532 0x0b, 0x0b, 0x0b, 0x0b 1533 }, 1534 20, 1535 "Hi There", 1536 8, 1537 { 1538 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 1539 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 1540 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 1541 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7 1542 }, 1543 { 1544 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 1545 0x6b, 0x08, 0x25, 0xf4, 0xab, 0x46, 0x90, 0x7f, 1546 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6, 1547 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, 1548 0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f, 1549 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6 1550 } 1551 }, 1552 { /* RFC 4231 - Test Case 2 */ 1553 "Jefe", 1554 4, 1555 "what do ya want for nothing?", 1556 28, 1557 { 1558 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 1559 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7, 1560 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83, 1561 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43 1562 }, 1563 { 1564 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31, 1565 0x61, 0x7f, 0x78, 0xd2, 0xb5, 0x8a, 0x6b, 0x1b, 1566 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47, 1567 0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e, 1568 0x8e, 0x22, 0x40, 0xca, 0x5e, 0x69, 0xe2, 0xc7, 1569 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49 1570 } 1571 }, 1572 { 1573 { 1574 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1575 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1576 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1577 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa 1578 }, 1579 32, 1580 { 1581 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1582 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1583 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1584 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1585 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1586 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1587 0xdd, 0xdd 1588 }, 1589 50, 1590 { 1591 0xcd, 0xcb, 0x12, 0x20, 0xd1, 0xec, 0xcc, 0xea, 1592 0x91, 0xe5, 0x3a, 0xba, 0x30, 0x92, 0xf9, 0x62, 1593 0xe5, 0x49, 0xfe, 0x6c, 0xe9, 0xed, 0x7f, 0xdc, 1594 0x43, 0x19, 0x1f, 0xbd, 0xe4, 0x5c, 0x30, 0xb0 1595 }, 1596 { } 1597 }, 1598 { /* RFC 4231 - Test Case 3 */ 1599 { 1600 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1601 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1602 0xaa, 0xaa, 0xaa, 0xaa 1603 }, 1604 20, 1605 { 1606 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1607 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1608 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1609 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1610 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1611 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1612 0xdd, 0xdd 1613 }, 1614 50, 1615 { 1616 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 1617 0x85, 0x4d, 0xb8, 0xeb, 0xd0, 0x91, 0x81, 0xa7, 1618 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8, 0xc1, 0x22, 1619 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe 1620 }, 1621 { 1622 0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a, 1623 0x0a, 0xa2, 0xac, 0xe0, 0x14, 0xc8, 0xa8, 0x6f, 1624 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb, 1625 0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b, 1626 0x2a, 0x5a, 0xb3, 0x9d, 0xc1, 0x38, 0x14, 0xb9, 1627 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27 1628 } 1629 }, 1630 { 1631 { 1632 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1633 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1634 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1635 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 1636 0x21, 0x22, 0x23, 0x24, 0x25 1637 }, 1638 37, 1639 { 1640 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1641 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1642 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1643 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1644 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1645 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1646 0xcd, 0xcd 1647 }, 1648 50, 1649 { 1650 0xd4, 0x63, 0x3c, 0x17, 0xf6, 0xfb, 0x8d, 0x74, 1651 0x4c, 0x66, 0xde, 0xe0, 0xf8, 0xf0, 0x74, 0x55, 1652 0x6e, 0xc4, 0xaf, 0x55, 0xef, 0x07, 0x99, 0x85, 1653 0x41, 0x46, 0x8e, 0xb4, 0x9b, 0xd2, 0xe9, 0x17 1654 }, 1655 { } 1656 }, 1657 { /* RFC 4231 - Test Case 4 */ 1658 { 1659 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1660 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1661 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1662 0x19, 1663 }, 1664 25, 1665 { 1666 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1667 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1668 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1669 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1670 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1671 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1672 0xcd, 0xcd 1673 }, 1674 50, 1675 { 1676 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 1677 0xa4, 0xcc, 0x81, 0x98, 0x99, 0xf2, 0x08, 0x3a, 1678 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78, 0xf8, 0x07, 1679 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b 1680 }, 1681 { 1682 0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85, 1683 0x19, 0x33, 0xab, 0x62, 0x90, 0xaf, 0x6c, 0xa7, 1684 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c, 1685 0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e, 1686 0x68, 0x01, 0xdd, 0x23, 0xc4, 0xa7, 0xd6, 0x79, 1687 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb 1688 } 1689 }, 1690 { 1691 { 1692 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 1693 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 1694 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 1695 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c 1696 }, 1697 32, 1698 "Test With Truncation", 1699 20, 1700 { 1701 0x75, 0x46, 0xaf, 0x01, 0x84, 0x1f, 0xc0, 0x9b, 1702 0x1a, 0xb9, 0xc3, 0x74, 0x9a, 0x5f, 0x1c, 0x17, 1703 0xd4, 0xf5, 0x89, 0x66, 0x8a, 0x58, 0x7b, 0x27, 1704 0x00, 0xa9, 0xc9, 0x7c, 0x11, 0x93, 0xcf, 0x42 1705 }, 1706 { } 1707 }, 1708 { 1709 { 1710 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1711 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1712 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1713 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1714 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1715 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1716 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1717 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1718 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1719 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa 1720 }, 1721 80, 1722 "Test Using Larger Than Block-Size Key - Hash Key First", 1723 54, 1724 { 1725 0x69, 0x53, 0x02, 0x5e, 0xd9, 0x6f, 0x0c, 0x09, 1726 0xf8, 0x0a, 0x96, 0xf7, 0x8e, 0x65, 0x38, 0xdb, 1727 0xe2, 0xe7, 0xb8, 0x20, 0xe3, 0xdd, 0x97, 0x0e, 1728 0x7d, 0xdd, 0x39, 0x09, 0x1b, 0x32, 0x35, 0x2f 1729 }, 1730 { } 1731 }, 1732 { /* RFC 4231 - Test Case 6 */ 1733 { 1734 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1735 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1736 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1737 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1738 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1739 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1740 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1741 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1742 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1743 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1744 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1745 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1746 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1747 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1748 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1749 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1750 0xaa, 0xaa, 0xaa 1751 }, 1752 131, 1753 "Test Using Larger Than Block-Size Key - Hash Key First", 1754 54, 1755 { 1756 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 1757 0x0d, 0x8a, 0x26, 0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 1758 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28, 0xc5, 0x14, 1759 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54 1760 }, 1761 { 1762 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90, 1763 0x88, 0xd2, 0xc6, 0x3a, 0x04, 0x1b, 0xc5, 0xb4, 1764 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f, 1765 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6, 1766 0x0c, 0x2e, 0xf6, 0xab, 0x40, 0x30, 0xfe, 0x82, 1767 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52 1768 } 1769 }, 1770 { 1771 { 1772 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1773 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1774 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1775 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1776 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1777 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1778 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1779 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1780 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1781 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa 1782 }, 1783 80, 1784 "Test Using Larger Than Block-Size Key and Larger Than One " 1785 "Block-Size Data", 1786 73, 1787 { 1788 0x63, 0x55, 0xac, 0x22, 0xe8, 0x90, 0xd0, 0xa3, 1789 0xc8, 0x48, 0x1a, 0x5c, 0xa4, 0x82, 0x5b, 0xc8, 1790 0x84, 0xd3, 0xe7, 0xa1, 0xff, 0x98, 0xa2, 0xfc, 1791 0x2a, 0xc7, 0xd8, 0xe0, 0x64, 0xc3, 0xb2, 0xe6 1792 }, 1793 { } 1794 }, 1795 { /* RFC 4231 - Test Case 7 */ 1796 { 1797 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1798 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1799 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1800 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1801 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1802 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1803 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1804 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1805 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1806 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1807 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1808 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1809 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1810 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1811 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1812 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1813 0xaa, 0xaa, 0xaa 1814 }, 1815 131, 1816 "This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.", 1817 152, 1818 { 1819 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 1820 0x27, 0x63, 0x5f, 0xbc, 0xd5, 0xb0, 0xe9, 0x44, 1821 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07, 0x13, 0x93, 1822 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2 1823 }, 1824 { 1825 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d, 1826 0x35, 0x1e, 0x2f, 0x25, 0x4e, 0x8f, 0xd3, 0x2c, 1827 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a, 1828 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5, 1829 0xa6, 0x78, 0xcc, 0x31, 0xe7, 0x99, 0x17, 0x6d, 1830 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e 1831 } 1832 } 1833 }; 1834 1835 1836 static int test_sha256(void) 1837 { 1838 unsigned int i; 1839 u8 hash[32]; 1840 const u8 *addr[2]; 1841 size_t len[2]; 1842 int errors = 0; 1843 u8 *key; 1844 1845 for (i = 0; i < ARRAY_SIZE(tests); i++) { 1846 wpa_printf(MSG_INFO, "SHA256 test case %d:", i + 1); 1847 1848 addr[0] = (u8 *) tests[i].data; 1849 len[0] = strlen(tests[i].data); 1850 sha256_vector(1, addr, len, hash); 1851 if (memcmp(hash, tests[i].hash, 32) != 0) { 1852 wpa_printf(MSG_INFO, " FAIL"); 1853 errors++; 1854 } else 1855 wpa_printf(MSG_INFO, " OK"); 1856 1857 if (len[0]) { 1858 addr[0] = (u8 *) tests[i].data; 1859 len[0] = 1; 1860 addr[1] = (u8 *) tests[i].data + 1; 1861 len[1] = strlen(tests[i].data) - 1; 1862 sha256_vector(2, addr, len, hash); 1863 if (memcmp(hash, tests[i].hash, 32) != 0) { 1864 wpa_printf(MSG_INFO, " FAIL"); 1865 errors++; 1866 } else 1867 wpa_printf(MSG_INFO, " OK"); 1868 } 1869 } 1870 1871 for (i = 0; i < ARRAY_SIZE(hmac_tests); i++) { 1872 const struct hmac_test *t = &hmac_tests[i]; 1873 1874 wpa_printf(MSG_INFO, "HMAC-SHA256 test case %d:", i + 1); 1875 1876 if (hmac_sha256(t->key, t->key_len, t->data, t->data_len, 1877 hash) < 0 || 1878 os_memcmp(hash, t->hash, 32) != 0) { 1879 wpa_printf(MSG_INFO, " FAIL"); 1880 errors++; 1881 } else 1882 wpa_printf(MSG_INFO, " OK"); 1883 1884 addr[0] = t->data; 1885 len[0] = t->data_len; 1886 if (hmac_sha256_vector(t->key, t->key_len, 1, addr, len, 1887 hash) < 0 || 1888 os_memcmp(hash, t->hash, 32) != 0) { 1889 wpa_printf(MSG_INFO, " FAIL"); 1890 errors++; 1891 } else 1892 wpa_printf(MSG_INFO, " OK"); 1893 1894 if (len[0]) { 1895 addr[0] = t->data; 1896 len[0] = 1; 1897 addr[1] = t->data + 1; 1898 len[1] = t->data_len - 1; 1899 if (hmac_sha256_vector(t->key, t->key_len, 2, addr, len, 1900 hash) < 0 || 1901 os_memcmp(hash, t->hash, 32) != 0) { 1902 wpa_printf(MSG_INFO, " FAIL"); 1903 errors++; 1904 } else 1905 wpa_printf(MSG_INFO, " OK"); 1906 } 1907 } 1908 1909 wpa_printf(MSG_INFO, "Test IEEE 802.11r KDF"); 1910 sha256_prf((u8 *) "abc", 3, "KDF test", (u8 *) "data", 4, 1911 hash, sizeof(hash)); 1912 /* TODO: add proper test case for this */ 1913 1914 key = os_malloc(8161); 1915 if (key) { 1916 #ifdef CONFIG_HMAC_SHA256_KDF 1917 int res; 1918 1919 res = hmac_sha256_kdf((u8 *) "secret", 6, "label", 1920 (u8 *) "seed", 4, key, 8160); 1921 if (res) { 1922 wpa_printf(MSG_INFO, 1923 "Unexpected hmac_sha256_kdf(outlen=8160) failure"); 1924 errors++; 1925 } 1926 1927 res = hmac_sha256_kdf((u8 *) "secret", 6, "label", 1928 (u8 *) "seed", 4, key, 8161); 1929 if (res == 0) { 1930 wpa_printf(MSG_INFO, 1931 "Unexpected hmac_sha256_kdf(outlen=8161) success"); 1932 errors++; 1933 } 1934 #endif /* CONFIG_HMAC_SHA256_KDF */ 1935 1936 os_free(key); 1937 } 1938 1939 if (!errors) 1940 wpa_printf(MSG_INFO, "SHA256 test cases passed"); 1941 return errors; 1942 } 1943 1944 1945 static int test_sha384(void) 1946 { 1947 #ifdef CONFIG_SHA384 1948 unsigned int i; 1949 u8 hash[48]; 1950 const u8 *addr[2]; 1951 size_t len[2]; 1952 int errors = 0; 1953 const char *data = "hello"; 1954 const u8 hash_res[] = { 1955 0x59, 0xe1, 0x74, 0x87, 0x77, 0x44, 0x8c, 0x69, 1956 0xde, 0x6b, 0x80, 0x0d, 0x7a, 0x33, 0xbb, 0xfb, 1957 0x9f, 0xf1, 0xb4, 0x63, 0xe4, 0x43, 0x54, 0xc3, 1958 0x55, 0x3b, 0xcd, 0xb9, 0xc6, 0x66, 0xfa, 0x90, 1959 0x12, 0x5a, 0x3c, 0x79, 0xf9, 0x03, 0x97, 0xbd, 1960 0xf5, 0xf6, 0xa1, 0x3d, 0xe8, 0x28, 0x68, 0x4f 1961 }; 1962 1963 addr[0] = (const u8 *) data; 1964 len[0] = 5; 1965 if (sha384_vector(1, addr, len, hash) < 0 || 1966 os_memcmp(hash, hash_res, 48) != 0) { 1967 wpa_printf(MSG_INFO, "SHA384 test case 1: FAIL"); 1968 errors++; 1969 } else { 1970 wpa_printf(MSG_INFO, "SHA384 test case 1: OK"); 1971 } 1972 1973 addr[0] = (const u8 *) data; 1974 len[0] = 4; 1975 addr[1] = (const u8 *) data + 4; 1976 len[1] = 1; 1977 if (sha384_vector(2, addr, len, hash) < 0 || 1978 os_memcmp(hash, hash_res, 48) != 0) { 1979 wpa_printf(MSG_INFO, "SHA384 test case 2: FAIL"); 1980 errors++; 1981 } else { 1982 wpa_printf(MSG_INFO, "SHA384 test case 2: OK"); 1983 } 1984 1985 for (i = 0; i < ARRAY_SIZE(hmac_tests); i++) { 1986 const struct hmac_test *t = &hmac_tests[i]; 1987 1988 if (t->hash384[0] == 0 && t->hash384[1] == 0 && 1989 t->hash384[2] == 0 && t->hash384[3] == 0) 1990 continue; 1991 wpa_printf(MSG_INFO, "HMAC-SHA384 test case %d:", i + 1); 1992 1993 if (hmac_sha384(t->key, t->key_len, t->data, t->data_len, 1994 hash) < 0 || 1995 os_memcmp(hash, t->hash384, 48) != 0) { 1996 wpa_printf(MSG_INFO, " FAIL"); 1997 errors++; 1998 } else 1999 wpa_printf(MSG_INFO, " OK"); 2000 2001 addr[0] = t->data; 2002 len[0] = t->data_len; 2003 if (hmac_sha384_vector(t->key, t->key_len, 1, addr, len, 2004 hash) < 0 || 2005 os_memcmp(hash, t->hash384, 48) != 0) { 2006 wpa_printf(MSG_INFO, " FAIL"); 2007 errors++; 2008 } else 2009 wpa_printf(MSG_INFO, " OK"); 2010 2011 if (len[0]) { 2012 addr[0] = t->data; 2013 len[0] = 1; 2014 addr[1] = t->data + 1; 2015 len[1] = t->data_len - 1; 2016 if (hmac_sha384_vector(t->key, t->key_len, 2, addr, len, 2017 hash) < 0 || 2018 os_memcmp(hash, t->hash384, 48) != 0) { 2019 wpa_printf(MSG_INFO, " FAIL"); 2020 errors++; 2021 } else 2022 wpa_printf(MSG_INFO, " OK"); 2023 } 2024 } 2025 2026 if (!errors) 2027 wpa_printf(MSG_INFO, "SHA384 test cases passed"); 2028 return errors; 2029 #else /* CONFIG_SHA384 */ 2030 return 0; 2031 #endif /* CONFIG_SHA384 */ 2032 } 2033 2034 2035 static int test_fips186_2_prf(void) 2036 { 2037 /* http://csrc.nist.gov/encryption/dss/Examples-1024bit.pdf */ 2038 u8 xkey[] = { 2039 0xbd, 0x02, 0x9b, 0xbe, 0x7f, 0x51, 0x96, 0x0b, 2040 0xcf, 0x9e, 0xdb, 0x2b, 0x61, 0xf0, 0x6f, 0x0f, 2041 0xeb, 0x5a, 0x38, 0xb6 2042 }; 2043 u8 w[] = { 2044 0x20, 0x70, 0xb3, 0x22, 0x3d, 0xba, 0x37, 0x2f, 2045 0xde, 0x1c, 0x0f, 0xfc, 0x7b, 0x2e, 0x3b, 0x49, 2046 0x8b, 0x26, 0x06, 0x14, 0x3c, 0x6c, 0x18, 0xba, 2047 0xcb, 0x0f, 0x6c, 0x55, 0xba, 0xbb, 0x13, 0x78, 2048 0x8e, 0x20, 0xd7, 0x37, 0xa3, 0x27, 0x51, 0x16 2049 }; 2050 u8 buf[40]; 2051 2052 wpa_printf(MSG_INFO, 2053 "Testing EAP-SIM PRF (FIPS 186-2 + change notice 1)"); 2054 if (fips186_2_prf(xkey, sizeof(xkey), buf, sizeof(buf)) < 0 || 2055 os_memcmp(w, buf, sizeof(w)) != 0) { 2056 wpa_printf(MSG_INFO, "fips186_2_prf failed"); 2057 return 1; 2058 } 2059 2060 return 0; 2061 } 2062 2063 2064 static int test_extract_expand_hkdf(void) 2065 { 2066 u8 prk[SHA256_MAC_LEN]; 2067 u8 okm[82]; 2068 2069 /* RFC 5869, A.1 */ 2070 u8 ikm1[22] = { 2071 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 2072 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 2073 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b 2074 }; 2075 u8 salt1[13] = { 2076 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 2077 0x08, 0x09, 0x0a, 0x0b, 0x0c 2078 }; 2079 u8 info1[10] = { 2080 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 2081 0xf8, 0xf9 2082 }; 2083 u8 prk1[32] = { 2084 0x07, 0x77, 0x09, 0x36, 0x2c, 0x2e, 0x32, 0xdf, 2085 0x0d, 0xdc, 0x3f, 0x0d, 0xc4, 0x7b, 0xba, 0x63, 2086 0x90, 0xb6, 0xc7, 0x3b, 0xb5, 0x0f, 0x9c, 0x31, 2087 0x22, 0xec, 0x84, 0x4a, 0xd7, 0xc2, 0xb3, 0xe5 2088 }; 2089 u8 okm1[42] = { 2090 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 2091 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, 2092 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c, 2093 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf, 2094 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, 2095 0x58, 0x65 2096 }; 2097 2098 /* RFC 5869, A.2 */ 2099 u8 ikm2[80] = { 2100 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 2101 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 2102 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 2103 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 2104 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 2105 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 2106 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 2107 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 2108 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 2109 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f 2110 }; 2111 u8 salt2[80] = { 2112 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 2113 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 2114 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 2115 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 2116 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 2117 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 2118 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 2119 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, 2120 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 2121 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf 2122 }; 2123 u8 info2[80] = { 2124 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, 2125 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, 2126 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 2127 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, 2128 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, 2129 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 2130 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 2131 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 2132 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 2133 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff 2134 }; 2135 u8 prk2[32] = { 2136 0x06, 0xa6, 0xb8, 0x8c, 0x58, 0x53, 0x36, 0x1a, 2137 0x06, 0x10, 0x4c, 0x9c, 0xeb, 0x35, 0xb4, 0x5c, 2138 0xef, 0x76, 0x00, 0x14, 0x90, 0x46, 0x71, 0x01, 2139 0x4a, 0x19, 0x3f, 0x40, 0xc1, 0x5f, 0xc2, 0x44 2140 }; 2141 u8 okm2[82] = { 2142 0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1, 2143 0xc8, 0xe7, 0xf7, 0x8c, 0x59, 0x6a, 0x49, 0x34, 2144 0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, 0xfa, 0xd8, 2145 0xa0, 0x50, 0xcc, 0x4c, 0x19, 0xaf, 0xa9, 0x7c, 2146 0x59, 0x04, 0x5a, 0x99, 0xca, 0xc7, 0x82, 0x72, 2147 0x71, 0xcb, 0x41, 0xc6, 0x5e, 0x59, 0x0e, 0x09, 2148 0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8, 2149 0x36, 0x77, 0x93, 0xa9, 0xac, 0xa3, 0xdb, 0x71, 2150 0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, 0x3e, 0x87, 2151 0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f, 2152 0x1d, 0x87 2153 }; 2154 2155 wpa_printf(MSG_INFO, "Testing Extract-and-Expand HKDF (RFC 5869)"); 2156 2157 wpa_printf(MSG_INFO, "RFC 5869 - Test Case 1"); 2158 if (hmac_sha256(salt1, sizeof(salt1), ikm1, sizeof(ikm1), prk) < 0) 2159 return -1; 2160 if (os_memcmp(prk, prk1, SHA256_MAC_LEN) != 0) { 2161 wpa_printf(MSG_INFO, "HKDF-Extract mismatch in PRK"); 2162 return -1; 2163 } 2164 if (hmac_sha256_kdf(prk1, sizeof(prk1), NULL, info1, sizeof(info1), 2165 okm, sizeof(okm1)) < 0) 2166 return -1; 2167 if (os_memcmp(okm, okm1, sizeof(okm1)) != 0) { 2168 wpa_printf(MSG_INFO, "HKDF-Expand mismatch in OKM"); 2169 return -1; 2170 } 2171 2172 wpa_printf(MSG_INFO, "RFC 5869 - Test Case 2"); 2173 if (hmac_sha256(salt2, sizeof(salt2), ikm2, sizeof(ikm2), prk) < 0) 2174 return -1; 2175 if (os_memcmp(prk, prk2, SHA256_MAC_LEN) != 0) { 2176 wpa_printf(MSG_INFO, "HKDF-Extract mismatch in PRK"); 2177 return -1; 2178 } 2179 if (hmac_sha256_kdf(prk2, sizeof(prk2), NULL, info2, sizeof(info2), 2180 okm, sizeof(okm2)) < 0) 2181 return -1; 2182 if (os_memcmp(okm, okm2, sizeof(okm2)) != 0) { 2183 wpa_printf(MSG_INFO, "HKDF-Expand mismatch in OKM"); 2184 return -1; 2185 } 2186 2187 wpa_printf(MSG_INFO, "Extract-and-Expand HKDF test cases passed"); 2188 2189 return 0; 2190 } 2191 2192 2193 #ifdef CONFIG_DPP3 2194 2195 static const struct hpke_test { 2196 const char *name; 2197 enum hpke_mode mode; 2198 enum hpke_kem_id kem_id; 2199 enum hpke_kdf_id kdf_id; 2200 enum hpke_aead_id aead_id; 2201 const char *info; 2202 int sk_r_group; 2203 const char *pk_r; 2204 const char *sk_r; 2205 const char *enc; 2206 const char *pt; 2207 const char *aad; 2208 const char *ct; 2209 } hpke_tests[] = { 2210 { 2211 .name = "A.3. DHKEM(P-256, HKDF-SHA256), HKDF-SHA256, AES-128-GCM", 2212 .mode = HPKE_MODE_BASE, 2213 .kem_id = HPKE_DHKEM_P256_HKDF_SHA256, 2214 .kdf_id = HPKE_KDF_HKDF_SHA256, 2215 .aead_id = HPKE_AEAD_AES_128_GCM, 2216 .info = "4f6465206f6e2061204772656369616e2055726e", 2217 .sk_r_group = 19, 2218 .pk_r = "04fe8c19ce0905191ebc298a9245792531f26f0cece2460639e8bc39cb7f706a826a779b4cf969b8a0e539c7f62fb3d30ad6aa8f80e30f1d128aafd68a2ce72ea0", 2219 .sk_r = "f3ce7fdae57e1a310d87f1ebbde6f328be0a99cdbcadf4d6589cf29de4b8ffd2", 2220 .enc = "04a92719c6195d5085104f469a8b9814d5838ff72b60501e2c4466e5e67b325ac98536d7b61a1af4b78e5b7f951c0900be863c403ce65c9bfcb9382657222d18c4", 2221 .pt = "4265617574792069732074727574682c20747275746820626561757479", 2222 .aad = "436f756e742d30", 2223 .ct = "5ad590bb8baa577f8619db35a36311226a896e7342a6d836d8b7bcd2f20b6c7f9076ac232e3ab2523f39513434", 2224 }, 2225 { 2226 .name = "A.4. DHKEM(P-256, HKDF-SHA256), HKDF-SHA512, AES-128-GCM", 2227 .mode = HPKE_MODE_BASE, 2228 .kem_id = HPKE_DHKEM_P256_HKDF_SHA256, 2229 .kdf_id = HPKE_KDF_HKDF_SHA512, 2230 .aead_id = HPKE_AEAD_AES_128_GCM, 2231 .info = "4f6465206f6e2061204772656369616e2055726e", 2232 .sk_r_group = 19, 2233 .pk_r = "04085aa5b665dc3826f9650ccbcc471be268c8ada866422f739e2d531d4a8818a9466bc6b449357096232919ec4fe9070ccbac4aac30f4a1a53efcf7af90610edd", 2234 .sk_r = "3ac8530ad1b01885960fab38cf3cdc4f7aef121eaa239f222623614b4079fb38", 2235 .enc = "0493ed86735bdfb978cc055c98b45695ad7ce61ce748f4dd63c525a3b8d53a15565c6897888070070c1579db1f86aaa56deb8297e64db7e8924e72866f9a472580", 2236 .pt = "4265617574792069732074727574682c20747275746820626561757479", 2237 .aad = "436f756e742d30", 2238 .ct = "d3cf4984931484a080f74c1bb2a6782700dc1fef9abe8442e44a6f09044c88907200b332003543754eb51917ba", 2239 }, 2240 { 2241 .name = "A.6. DHKEM(P-521, HKDF-SHA512), HKDF-SHA512, AES-256-GCM", 2242 .mode = HPKE_MODE_BASE, 2243 .kem_id = HPKE_DHKEM_P521_HKDF_SHA512, 2244 .kdf_id = HPKE_KDF_HKDF_SHA512, 2245 .aead_id = HPKE_AEAD_AES_256_GCM, 2246 .info = "4f6465206f6e2061204772656369616e2055726e", 2247 .sk_r_group = 21, 2248 .pk_r = "0401b45498c1714e2dce167d3caf162e45e0642afc7ed435df7902ccae0e84ba0f7d373f646b7738bbbdca11ed91bdeae3cdcba3301f2457be452f271fa6837580e661012af49583a62e48d44bed350c7118c0d8dc861c238c72a2bda17f64704f464b57338e7f40b60959480c0e58e6559b190d81663ed816e523b6b6a418f66d2451ec64", 2249 .sk_r = "01462680369ae375e4b3791070a7458ed527842f6a98a79ff5e0d4cbde83c27196a3916956655523a6a2556a7af62c5cadabe2ef9da3760bb21e005202f7b2462847", 2250 .enc = "040138b385ca16bb0d5fa0c0665fbbd7e69e3ee29f63991d3e9b5fa740aab8900aaeed46ed73a49055758425a0ce36507c54b29cc5b85a5cee6bae0cf1c21f2731ece2013dc3fb7c8d21654bb161b463962ca19e8c654ff24c94dd2898de12051f1ed0692237fb02b2f8d1dc1c73e9b366b529eb436e98a996ee522aef863dd5739d2f29b0", 2251 .pt = "4265617574792069732074727574682c20747275746820626561757479", 2252 .aad = "436f756e742d30", 2253 .ct = "170f8beddfe949b75ef9c387e201baf4132fa7374593dfafa90768788b7b2b200aafcc6d80ea4c795a7c5b841a", 2254 }, 2255 { /* self-generated test vector for P-384 */ 2256 .name = "custom DHKEM(P-384, HKDF-SHA384), HKDF-SHA384, AES-256-GCM", 2257 .mode = HPKE_MODE_BASE, 2258 .kem_id = HPKE_DHKEM_P384_HKDF_SHA384, 2259 .kdf_id = HPKE_KDF_HKDF_SHA384, 2260 .aead_id = HPKE_AEAD_AES_256_GCM, 2261 .info = "4f6465206f6e2061204772656369616e2055726e", 2262 .sk_r_group = 20, 2263 .pk_r = "049c0e4dcbbb3c80715cafaa1839d0bc3c3adcc95eb8062f84175f9c3cec115e6b799061c65a0605907785c25b3571564706a8ba6a204452b38c7c205db17d328f2353df05d5f1c568e7503331178c36c2d37bbed48401295407face3f8dae5ed8", 2264 .sk_r = "cabffb07d20ffcfdaa043e1de49e1654659e0f0aba5de56523e8b73dc80c579a9e5c89ed3810ec21c4bafcf74ad2a245", 2265 .enc = "04b30bea96d0e51582033b02a4d676d0464a5eb2d858be86cda1c4e6f8b2aa9fb80f5365483f781b1b3a8b3b8efd50b0f7bca16f06d0435fa3da1d671ea0a318b40fe170a074923c651e5dc824966b7b98d0e36bdf932875dae7130369a793cecc", 2266 .pt = "4265617574792069732074727574682c20747275746820626561757479", 2267 .aad = "436f756e742d30", 2268 .ct = "ae7feccfea0f8fcd620d15369a28db8701cdc90d55c20efff6296bd441697b0da34671d1f3c4864183e86d27fc", 2269 }, 2270 { /* self-generated test vector for BP-256 */ 2271 .name = "custom PB-256 using DHKEM(P-256, HKDF-SHA256), HKDF-SHA256, AES-128-GCM", 2272 .mode = HPKE_MODE_BASE, 2273 .kem_id = HPKE_DHKEM_P256_HKDF_SHA256, 2274 .kdf_id = HPKE_KDF_HKDF_SHA256, 2275 .aead_id = HPKE_AEAD_AES_128_GCM, 2276 .info = "4f6465206f6e2061204772656369616e2055726e", 2277 .sk_r_group = 28, 2278 .pk_r = "04a2cb9c4cae90cdc1c27516e9f84b6b166e4b1dcc517286268239ddb0bf74cca6390fed092ac4423ab2192b8bb41a4824d908d2053b93fc813830bebac5ce19b9", 2279 .sk_r = "11d9db41c4341166ca52f5a1775595c0bdb4934350daeb7bce659c4b7a40e314", 2280 .enc = "047a25e309c7ee50ec27f13d44734a3ccd8c703e3affcc728513df416511ef9bf02f5e7750e7415de8b5f306ebd3fc88ea9b9368523eb1733a8d82c1a877e5a0f4", 2281 .pt = "4265617574792069732074727574682c20747275746820626561757479", 2282 .aad = "436f756e742d30", 2283 .ct = "17c84b3f07f6ffe08ff2be45c709ea782229504aa5b2253876725c6c39f8d8c992304fc5877994f79d6c10d462", 2284 }, 2285 { /* self-generated test vector for BP-384 */ 2286 .name = "custom PB-384 using DHKEM(P-384, HKDF-SHA384), HKDF-SHA384, AES-256-GCM", 2287 .mode = HPKE_MODE_BASE, 2288 .kem_id = HPKE_DHKEM_P384_HKDF_SHA384, 2289 .kdf_id = HPKE_KDF_HKDF_SHA384, 2290 .aead_id = HPKE_AEAD_AES_256_GCM, 2291 .info = "4f6465206f6e2061204772656369616e2055726e", 2292 .sk_r_group = 29, 2293 .pk_r = "041f4199ad28835908079c45d165d55630098be53eb4beede9921f5b2204fa396111f99ac54c56411f7cb2c43ec18d8e604d895027228cf975f5a4b598f189d8fb03e3fefe020258c40d4d1b15fd7587d209925d67a41f9659a8ed6f662fb441e4", 2294 .sk_r = "7017cf8a5a9a81ad4e0d755ccbea27a378b787561f8d5662639850805fefcbaab6b9a15729872abb7dc53d19a6cf77e4", 2295 .enc = "0415d49dedc5bc1ffe9f8de9022c266bb605ec6cd7b77b6ce68974095398856f8aefa4b7abbfbd496b99a2dda3a9c65f1a71b9d40255aa1c7c4205a8b4ef611b96ed29fd2d7b0cde4c0e82058805e6276025cc4fc606f6e5771c31bd9704e9ba0b", 2296 .pt = "4265617574792069732074727574682c20747275746820626561757479", 2297 .aad = "436f756e742d30", 2298 .ct = "5f5e9f82bedadec0e9b01a1b304cb48b05c0d6d397b1c8a95ed541218ec54f634a41cbc4066910a409e47b254e", 2299 }, 2300 { /* self-generated test vector for BP-512 */ 2301 .name = "custom PB-512 using DHKEM(P-521, HKDF-SHA512), HKDF-SHA512, AES-256-GCM", 2302 .mode = HPKE_MODE_BASE, 2303 .kem_id = HPKE_DHKEM_P521_HKDF_SHA512, 2304 .kdf_id = HPKE_KDF_HKDF_SHA512, 2305 .aead_id = HPKE_AEAD_AES_256_GCM, 2306 .info = "4f6465206f6e2061204772656369616e2055726e", 2307 .sk_r_group = 30, 2308 .pk_r = "049e81046a531365a3b5215ac37e7b38f5fa34f86c4eb2e03113b197390a26c555bb007596e131c2541f336eb24a45f44283b5b53fedddfa5642675602fdec17d34120a35efffb44952e32dee7732f2f3245c3314269996b610703a63fb8555a75ca5092690a1125ae8712c1e31fd77aee42bd052e71f9f9459814d6f4065bcea0", 2309 .sk_r = "483b6882608182b296843fa7dfffbdd61ed0372574d4aa32a035c8e33a493927aaf00d42bd9124ebe4df26010b38124668c02b35a749e74845d565734310cfe9", 2310 .enc = "04158d18473aeb3b283d3345b1a87d3de2b192ff9e41b5a98f91daacfb24be72e698cbc04c33078681e507bf346c0ea70c927083a22ca9ea027f420067ee42285b798d95fea51002d097ce28371883202bfd300fb64943669e32c6f1a348087368bb480b757892ebd199a9389978c92cbc44076626d705a771fbbd90c030a6767e", 2311 .pt = "4265617574792069732074727574682c20747275746820626561757479", 2312 .aad = "436f756e742d30", 2313 .ct = "033d91c4514857da5b833635180c1acc09f175cbf44777a7b71e177705cfd17437b1c85d671dd767bb4fe20e2e", 2314 }, 2315 }; 2316 2317 2318 static int run_hpke_test(const struct hpke_test *test) 2319 { 2320 struct wpabuf *info, *pk_r, *sk_r, *enc, *pt, *aad, *ct; 2321 struct wpabuf *res_pt = NULL, *enc_ct = NULL, *res_ct = NULL; 2322 struct crypto_ec_key *own_priv = NULL, *peer_pub = NULL; 2323 int res = -1; 2324 size_t coord_len; 2325 2326 wpa_printf(MSG_INFO, "- %s", test->name); 2327 2328 info = wpabuf_parse_bin(test->info); 2329 pk_r = wpabuf_parse_bin(test->pk_r); 2330 sk_r = wpabuf_parse_bin(test->sk_r); 2331 enc = wpabuf_parse_bin(test->enc); 2332 pt = wpabuf_parse_bin(test->pt); 2333 aad = wpabuf_parse_bin(test->aad); 2334 ct = wpabuf_parse_bin(test->ct); 2335 if (!info || !pk_r || !sk_r || !enc || !pt || !aad || !ct) { 2336 wpa_printf(MSG_ERROR, "Could not parse test data"); 2337 goto fail; 2338 } 2339 2340 /* Receiver - decryption against the test vector */ 2341 2342 enc_ct = wpabuf_concat(enc, ct); 2343 enc = NULL; 2344 ct = NULL; 2345 if (!enc_ct) 2346 goto fail; 2347 2348 own_priv = crypto_ec_key_set_priv(test->sk_r_group, wpabuf_head(sk_r), 2349 wpabuf_len(sk_r)); 2350 if (!own_priv) { 2351 wpa_printf(MSG_ERROR, 2352 "HPKE base open - failed to set private key"); 2353 goto fail; 2354 } 2355 2356 res_pt = hpke_base_open(test->kem_id, test->kdf_id, test->aead_id, 2357 own_priv, 2358 wpabuf_head(info), wpabuf_len(info), 2359 wpabuf_head(aad), wpabuf_len(aad), 2360 wpabuf_head(enc_ct), wpabuf_len(enc_ct)); 2361 if (!res_pt) { 2362 wpa_printf(MSG_ERROR, "HPKE base open - failed to decrypt"); 2363 wpa_hexdump_buf(MSG_INFO, "pt", res_pt); 2364 goto fail; 2365 } 2366 if (wpabuf_len(res_pt) != wpabuf_len(pt) || 2367 os_memcmp(wpabuf_head(res_pt), wpabuf_head(pt), 2368 wpabuf_len(pt)) != 0) { 2369 wpa_printf(MSG_ERROR, 2370 "HPKE base open - failed - decryption mismatch"); 2371 goto fail; 2372 } 2373 2374 /* Sender - encryption (randomized algorithm) */ 2375 2376 if (test->sk_r_group == 19) 2377 coord_len = 32; 2378 else if (test->sk_r_group == 20) 2379 coord_len = 48; 2380 else if (test->sk_r_group == 21) 2381 coord_len = 66; 2382 else if (test->sk_r_group == 28) 2383 coord_len = 32; 2384 else if (test->sk_r_group == 29) 2385 coord_len = 48; 2386 else if (test->sk_r_group == 30) 2387 coord_len = 64; 2388 else 2389 goto fail; 2390 if (wpabuf_len(pk_r) != 1 + 2 * coord_len) { 2391 wpa_printf(MSG_ERROR, "Unexpected pkR length (%zu != %zu)", 2392 wpabuf_len(pk_r), 1 + 2 * coord_len); 2393 goto fail; 2394 } 2395 peer_pub = crypto_ec_key_set_pub(test->sk_r_group, 2396 wpabuf_head_u8(pk_r) + 1, 2397 wpabuf_head_u8(pk_r) + 1 + coord_len, 2398 coord_len); 2399 if (!peer_pub) { 2400 wpa_printf(MSG_ERROR, 2401 "HPKE base open - failed to set public key"); 2402 goto fail; 2403 } 2404 2405 res_ct = hpke_base_seal(test->kem_id, test->kdf_id, test->aead_id, 2406 peer_pub, 2407 wpabuf_head(info), wpabuf_len(info), 2408 wpabuf_head(aad), wpabuf_len(aad), 2409 wpabuf_head(pt), wpabuf_len(pt)); 2410 if (!res_ct) { 2411 wpa_printf(MSG_ERROR, "HPKE base open - failed to encrypt"); 2412 goto fail; 2413 } 2414 2415 /* Receiver - decryption (to verify own encryption) */ 2416 2417 wpabuf_free(res_pt); 2418 res_pt = hpke_base_open(test->kem_id, test->kdf_id, test->aead_id, 2419 own_priv, 2420 wpabuf_head(info), wpabuf_len(info), 2421 wpabuf_head(aad), wpabuf_len(aad), 2422 wpabuf_head(res_ct), wpabuf_len(res_ct)); 2423 if (!res_pt) { 2424 wpa_printf(MSG_ERROR, "HPKE base open - failed to decrypt own encrypted version"); 2425 goto fail; 2426 } 2427 if (wpabuf_len(res_pt) != wpabuf_len(pt) || 2428 os_memcmp(wpabuf_head(res_pt), wpabuf_head(pt), 2429 wpabuf_len(pt)) != 0) { 2430 wpa_printf(MSG_ERROR, 2431 "HPKE base open - failed - decryption mismatch for own encrypted version"); 2432 wpa_hexdump_buf(MSG_INFO, "pt", res_pt); 2433 goto fail; 2434 } 2435 2436 res = 0; 2437 fail: 2438 wpabuf_free(info); 2439 wpabuf_free(pk_r); 2440 wpabuf_free(sk_r); 2441 wpabuf_free(enc); 2442 wpabuf_free(pt); 2443 wpabuf_free(aad); 2444 wpabuf_free(ct); 2445 wpabuf_free(enc_ct); 2446 wpabuf_free(res_pt); 2447 wpabuf_free(res_ct); 2448 crypto_ec_key_deinit(own_priv); 2449 crypto_ec_key_deinit(peer_pub); 2450 return res; 2451 } 2452 2453 #endif /* CONFIG_DPP3 */ 2454 2455 2456 static int test_hpke(void) 2457 { 2458 #ifdef CONFIG_DPP3 2459 unsigned int i; 2460 2461 wpa_printf(MSG_INFO, "RFC 9180 - HPKE"); 2462 for (i = 0; i < ARRAY_SIZE(hpke_tests); i++) { 2463 if (run_hpke_test(&hpke_tests[i]) < 0) 2464 return -1; 2465 } 2466 2467 wpa_printf(MSG_INFO, "HPKE base open test cases passed"); 2468 #endif /* CONFIG_DPP3 */ 2469 return 0; 2470 } 2471 2472 2473 static int test_ms_funcs(void) 2474 { 2475 #ifndef CONFIG_FIPS 2476 /* Test vector from RFC2759 example */ 2477 char *username = "User"; 2478 char *password = "clientPass"; 2479 u8 auth_challenge[] = { 2480 0x5B, 0x5D, 0x7C, 0x7D, 0x7B, 0x3F, 0x2F, 0x3E, 2481 0x3C, 0x2C, 0x60, 0x21, 0x32, 0x26, 0x26, 0x28 2482 }; 2483 u8 peer_challenge[] = { 2484 0x21, 0x40, 0x23, 0x24, 0x25, 0x5E, 0x26, 0x2A, 2485 0x28, 0x29, 0x5F, 0x2B, 0x3A, 0x33, 0x7C, 0x7E 2486 }; 2487 u8 password_hash[] = { 2488 0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6, 2489 0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE 2490 }; 2491 u8 nt_response[] = { 2492 0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E, 2493 0xA0, 0x8F, 0xAA, 0x39, 0x81, 0xCD, 0x83, 0x54, 2494 0x42, 0x33, 0x11, 0x4A, 0x3D, 0x85, 0xD6, 0xDF 2495 }; 2496 u8 password_hash_hash[] = { 2497 0x41, 0xC0, 0x0C, 0x58, 0x4B, 0xD2, 0xD9, 0x1C, 2498 0x40, 0x17, 0xA2, 0xA1, 0x2F, 0xA5, 0x9F, 0x3F 2499 }; 2500 u8 authenticator_response[] = { 2501 0x40, 0x7A, 0x55, 0x89, 0x11, 0x5F, 0xD0, 0xD6, 2502 0x20, 0x9F, 0x51, 0x0F, 0xE9, 0xC0, 0x45, 0x66, 2503 0x93, 0x2C, 0xDA, 0x56 2504 }; 2505 u8 master_key[] = { 2506 0xFD, 0xEC, 0xE3, 0x71, 0x7A, 0x8C, 0x83, 0x8C, 2507 0xB3, 0x88, 0xE5, 0x27, 0xAE, 0x3C, 0xDD, 0x31 2508 }; 2509 u8 send_start_key[] = { 2510 0x8B, 0x7C, 0xDC, 0x14, 0x9B, 0x99, 0x3A, 0x1B, 2511 0xA1, 0x18, 0xCB, 0x15, 0x3F, 0x56, 0xDC, 0xCB 2512 }; 2513 u8 buf[32]; 2514 int errors = 0; 2515 2516 if (nt_password_hash((u8 *) password, os_strlen(password), buf) || 2517 os_memcmp(password_hash, buf, sizeof(password_hash)) != 0) { 2518 wpa_printf(MSG_ERROR, "nt_password_hash failed"); 2519 errors++; 2520 } 2521 2522 if (generate_nt_response(auth_challenge, peer_challenge, 2523 (u8 *) username, os_strlen(username), 2524 (u8 *) password, os_strlen(password), buf) || 2525 os_memcmp(nt_response, buf, sizeof(nt_response)) != 0) { 2526 wpa_printf(MSG_ERROR, "generate_nt_response failed"); 2527 errors++; 2528 } 2529 2530 if (hash_nt_password_hash(password_hash, buf) || 2531 os_memcmp(password_hash_hash, buf, 2532 sizeof(password_hash_hash)) != 0) { 2533 wpa_printf(MSG_ERROR, "hash_nt_password_hash failed"); 2534 errors++; 2535 } 2536 2537 if (generate_authenticator_response((u8 *) password, 2538 os_strlen(password), 2539 peer_challenge, auth_challenge, 2540 (u8 *) username, 2541 os_strlen(username), 2542 nt_response, buf) || 2543 os_memcmp(authenticator_response, buf, 2544 sizeof(authenticator_response)) != 0) { 2545 wpa_printf(MSG_ERROR, "generate_authenticator_response failed"); 2546 errors++; 2547 } 2548 2549 if (get_master_key(password_hash_hash, nt_response, buf) || 2550 os_memcmp(master_key, buf, sizeof(master_key)) != 0) { 2551 wpa_printf(MSG_ERROR, "get_master_key failed"); 2552 errors++; 2553 } 2554 2555 if (get_asymetric_start_key(master_key, buf, sizeof(send_start_key), 2556 1, 1) || 2557 os_memcmp(send_start_key, buf, sizeof(send_start_key)) != 0) { 2558 wpa_printf(MSG_ERROR, "get_asymetric_start_key failed"); 2559 errors++; 2560 } 2561 2562 if (errors) 2563 wpa_printf(MSG_ERROR, "ms_funcs: %d errors", errors); 2564 else 2565 wpa_printf(MSG_INFO, "ms_funcs test cases passed"); 2566 2567 return errors; 2568 #else /* CONFIG_FIPS */ 2569 wpa_printf(MSG_INFO, "ms_funcs test cases skipped due to CONFIG_FIPS"); 2570 return 0; 2571 #endif /* CONFIG_FIPS */ 2572 } 2573 2574 2575 int crypto_module_tests(void) 2576 { 2577 int ret = 0; 2578 2579 wpa_printf(MSG_INFO, "crypto module tests"); 2580 if (test_siv() || 2581 test_omac1() || 2582 test_eax() || 2583 test_cbc() || 2584 test_ecb() || 2585 test_key_wrap() || 2586 test_aes_ctr() || 2587 test_md5() || 2588 test_sha1() || 2589 test_sha256() || 2590 test_sha384() || 2591 test_fips186_2_prf() || 2592 test_extract_expand_hkdf() || 2593 test_hpke() || 2594 test_ms_funcs()) 2595 ret = -1; 2596 2597 return ret; 2598 } 2599