1 /* 2 * crypto module tests 3 * Copyright (c) 2014-2015, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "crypto/aes_siv.h" 13 #include "crypto/aes_wrap.h" 14 #include "crypto/aes.h" 15 #include "crypto/ms_funcs.h" 16 #include "crypto/crypto.h" 17 #include "crypto/sha1.h" 18 #include "crypto/sha256.h" 19 20 21 static int test_siv(void) 22 { 23 #ifdef CONFIG_MESH 24 /* RFC 5297, A.1. Deterministic Authenticated Encryption Example */ 25 u8 key[] = { 26 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 27 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0, 28 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 29 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff 30 }; 31 u8 ad[] = { 32 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 33 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 34 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27 35 }; 36 u8 plaintext[] = { 37 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 38 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee 39 }; 40 u8 iv_c[] = { 41 0x85, 0x63, 0x2d, 0x07, 0xc6, 0xe8, 0xf3, 0x7f, 42 0x95, 0x0a, 0xcd, 0x32, 0x0a, 0x2e, 0xcc, 0x93, 43 0x40, 0xc0, 0x2b, 0x96, 0x90, 0xc4, 0xdc, 0x04, 44 0xda, 0xef, 0x7f, 0x6a, 0xfe, 0x5c 45 }; 46 /* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */ 47 u8 key_2[] = { 48 0x7f, 0x7e, 0x7d, 0x7c, 0x7b, 0x7a, 0x79, 0x78, 49 0x77, 0x76, 0x75, 0x74, 0x73, 0x72, 0x71, 0x70, 50 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 51 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f 52 }; 53 u8 ad1_2[] = { 54 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 55 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 56 0xde, 0xad, 0xda, 0xda, 0xde, 0xad, 0xda, 0xda, 57 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88, 58 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00 59 }; 60 u8 ad2_2[] = { 61 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80, 62 0x90, 0xa0 63 }; 64 u8 nonce_2[] = { 65 0x09, 0xf9, 0x11, 0x02, 0x9d, 0x74, 0xe3, 0x5b, 66 0xd8, 0x41, 0x56, 0xc5, 0x63, 0x56, 0x88, 0xc0 67 }; 68 u8 plaintext_2[] = { 69 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 70 0x73, 0x6f, 0x6d, 0x65, 0x20, 0x70, 0x6c, 0x61, 71 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x20, 0x74, 72 0x6f, 0x20, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 73 0x74, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x20, 74 0x53, 0x49, 0x56, 0x2d, 0x41, 0x45, 0x53 75 }; 76 u8 iv_c_2[] = { 77 0x7b, 0xdb, 0x6e, 0x3b, 0x43, 0x26, 0x67, 0xeb, 78 0x06, 0xf4, 0xd1, 0x4b, 0xff, 0x2f, 0xbd, 0x0f, 79 0xcb, 0x90, 0x0f, 0x2f, 0xdd, 0xbe, 0x40, 0x43, 80 0x26, 0x60, 0x19, 0x65, 0xc8, 0x89, 0xbf, 0x17, 81 0xdb, 0xa7, 0x7c, 0xeb, 0x09, 0x4f, 0xa6, 0x63, 82 0xb7, 0xa3, 0xf7, 0x48, 0xba, 0x8a, 0xf8, 0x29, 83 0xea, 0x64, 0xad, 0x54, 0x4a, 0x27, 0x2e, 0x9c, 84 0x48, 0x5b, 0x62, 0xa3, 0xfd, 0x5c, 0x0d 85 }; 86 u8 out[2 * AES_BLOCK_SIZE + sizeof(plaintext_2)]; 87 const u8 *addr[3]; 88 size_t len[3]; 89 90 /* RFC 5297, A.1. Deterministic Authenticated Encryption Example */ 91 addr[0] = ad; 92 len[0] = sizeof(ad); 93 94 if (aes_siv_encrypt(key, plaintext, sizeof(plaintext), 95 1, addr, len, out)) { 96 wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed"); 97 return 1; 98 } 99 if (os_memcmp(out, iv_c, sizeof(iv_c)) != 0) { 100 wpa_printf(MSG_ERROR, 101 "AES-SIV mode encryption returned invalid cipher text"); 102 return 1; 103 } 104 105 if (aes_siv_decrypt(key, iv_c, sizeof(iv_c), 1, addr, len, out)) { 106 wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed"); 107 return 1; 108 } 109 if (os_memcmp(out, plaintext, sizeof(plaintext)) != 0) { 110 wpa_printf(MSG_ERROR, 111 "AES-SIV mode decryption returned invalid plain text"); 112 return 1; 113 } 114 115 /* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */ 116 addr[0] = ad1_2; 117 len[0] = sizeof(ad1_2); 118 addr[1] = ad2_2; 119 len[1] = sizeof(ad2_2); 120 addr[2] = nonce_2; 121 len[2] = sizeof(nonce_2); 122 123 if (aes_siv_encrypt(key_2, plaintext_2, sizeof(plaintext_2), 124 3, addr, len, out)) { 125 wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed"); 126 return 1; 127 } 128 if (os_memcmp(out, iv_c_2, sizeof(iv_c_2)) != 0) { 129 wpa_printf(MSG_ERROR, 130 "AES-SIV mode encryption returned invalid cipher text"); 131 return 1; 132 } 133 134 if (aes_siv_decrypt(key_2, iv_c_2, sizeof(iv_c_2), 3, addr, len, out)) { 135 wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed"); 136 return 1; 137 } 138 if (os_memcmp(out, plaintext_2, sizeof(plaintext_2)) != 0) { 139 wpa_printf(MSG_ERROR, 140 "AES-SIV mode decryption returned invalid plain text"); 141 return 1; 142 } 143 144 wpa_printf(MSG_INFO, "AES-SIV test cases passed"); 145 #endif /* CONFIG_MESH */ 146 147 return 0; 148 } 149 150 151 /* OMAC1 AES-128 test vectors from 152 * http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/omac/omac-ad.pdf 153 * which are same as the examples from NIST SP800-38B 154 * http://csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf 155 */ 156 157 struct omac1_test_vector { 158 u8 k[16]; 159 u8 msg[64]; 160 int msg_len; 161 u8 tag[16]; 162 }; 163 164 static struct omac1_test_vector omac1_test_vectors[] = 165 { 166 { 167 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 168 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 169 { }, 170 0, 171 { 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, 172 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 } 173 }, 174 { 175 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 176 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 177 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 178 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a}, 179 16, 180 { 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, 181 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c } 182 }, 183 { 184 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 185 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 186 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 187 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 188 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 189 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 190 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11 }, 191 40, 192 { 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, 193 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 } 194 }, 195 { 196 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 197 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 198 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 199 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 200 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 201 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 202 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 203 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, 204 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 205 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }, 206 64, 207 { 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, 208 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe } 209 }, 210 }; 211 212 213 static int test_omac1_vector(struct omac1_test_vector *tv, unsigned int i) 214 { 215 u8 key[] = { 216 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 217 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c 218 }; 219 u8 msg[] = { 0x12, 0x34, 0x56 }; 220 u8 result[24], result2[24]; 221 const u8 *addr[3]; 222 size_t len[3]; 223 224 if (omac1_aes_128(tv->k, tv->msg, tv->msg_len, result) || 225 os_memcmp(result, tv->tag, 16) != 0) { 226 wpa_printf(MSG_ERROR, "OMAC1-AES-128 test vector %u failed", i); 227 return 1; 228 } 229 230 if (tv->msg_len > 1) { 231 232 addr[0] = tv->msg; 233 len[0] = 1; 234 addr[1] = tv->msg + 1; 235 len[1] = tv->msg_len - 1; 236 237 if (omac1_aes_128_vector(tv->k, 2, addr, len, result) || 238 os_memcmp(result, tv->tag, 16) != 0) { 239 wpa_printf(MSG_ERROR, 240 "OMAC1-AES-128(vector) test vector %u failed", 241 i); 242 return 1; 243 } 244 245 addr[0] = tv->msg; 246 len[0] = tv->msg_len - 2; 247 addr[1] = tv->msg + tv->msg_len - 2; 248 len[1] = 1; 249 addr[2] = tv->msg + tv->msg_len - 1; 250 len[2] = 1; 251 252 if (omac1_aes_128_vector(tv->k, 3, addr, len, result) || 253 os_memcmp(result, tv->tag, 16) != 0) { 254 wpa_printf(MSG_ERROR, 255 "OMAC1-AES-128(vector2) test vector %u failed", 256 i); 257 return 1; 258 } 259 } 260 261 addr[0] = &msg[0]; 262 len[0] = 1; 263 addr[1] = &msg[1]; 264 len[1] = 1; 265 addr[2] = &msg[2]; 266 len[2] = 1; 267 if (omac1_aes_128(key, msg, sizeof(msg), result) || 268 omac1_aes_128_vector(key, 3, addr, len, result2) || 269 os_memcmp(result, result2, 16) != 0) { 270 wpa_printf(MSG_ERROR, "OMAC1-AES-128 short test mismatch"); 271 return 1; 272 } 273 274 return 0; 275 } 276 277 278 static int test_omac1(void) 279 { 280 unsigned int i; 281 282 for (i = 0; i < ARRAY_SIZE(omac1_test_vectors); i++) { 283 if (test_omac1_vector(&omac1_test_vectors[i], i)) 284 return 1; 285 } 286 287 wpa_printf(MSG_INFO, "OMAC1-AES-128 test cases passed"); 288 289 return 0; 290 } 291 292 293 static int test_eax(void) 294 { 295 #ifdef EAP_PSK 296 u8 msg[] = { 0xF7, 0xFB }; 297 u8 key[] = { 0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B, 298 0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4 }; 299 u8 nonce[] = { 0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84, 300 0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD }; 301 u8 hdr[] = { 0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA }; 302 u8 cipher[] = { 0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D, 303 0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79, 304 0x67, 0xE5 }; 305 u8 data[sizeof(msg)], tag[AES_BLOCK_SIZE]; 306 307 os_memcpy(data, msg, sizeof(msg)); 308 if (aes_128_eax_encrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr), 309 data, sizeof(data), tag)) { 310 wpa_printf(MSG_ERROR, "AES-128 EAX mode encryption failed"); 311 return 1; 312 } 313 if (os_memcmp(data, cipher, sizeof(data)) != 0) { 314 wpa_printf(MSG_ERROR, 315 "AES-128 EAX mode encryption returned invalid cipher text"); 316 return 1; 317 } 318 if (os_memcmp(tag, cipher + sizeof(data), AES_BLOCK_SIZE) != 0) { 319 wpa_printf(MSG_ERROR, 320 "AES-128 EAX mode encryption returned invalid tag"); 321 return 1; 322 } 323 324 if (aes_128_eax_decrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr), 325 data, sizeof(data), tag)) { 326 wpa_printf(MSG_ERROR, "AES-128 EAX mode decryption failed"); 327 return 1; 328 } 329 if (os_memcmp(data, msg, sizeof(data)) != 0) { 330 wpa_printf(MSG_ERROR, 331 "AES-128 EAX mode decryption returned invalid plain text"); 332 return 1; 333 } 334 335 wpa_printf(MSG_INFO, "AES-128 EAX mode test cases passed"); 336 #endif /* EAP_PSK */ 337 338 return 0; 339 } 340 341 342 static int test_cbc(void) 343 { 344 struct cbc_test_vector { 345 u8 key[16]; 346 u8 iv[16]; 347 u8 plain[32]; 348 u8 cipher[32]; 349 size_t len; 350 } vectors[] = { 351 { 352 { 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b, 353 0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 }, 354 { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30, 355 0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 }, 356 "Single block msg", 357 { 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8, 358 0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a }, 359 16 360 }, 361 { 362 { 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0, 363 0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a }, 364 { 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28, 365 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 }, 366 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 367 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 368 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 369 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, 370 { 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a, 371 0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a, 372 0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9, 373 0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 }, 374 32 375 } 376 }; 377 int ret = 0; 378 u8 *buf; 379 unsigned int i; 380 381 for (i = 0; i < ARRAY_SIZE(vectors); i++) { 382 struct cbc_test_vector *tv = &vectors[i]; 383 384 buf = os_malloc(tv->len); 385 if (buf == NULL) { 386 ret++; 387 break; 388 } 389 390 os_memcpy(buf, tv->plain, tv->len); 391 if (aes_128_cbc_encrypt(tv->key, tv->iv, buf, tv->len) || 392 os_memcmp(buf, tv->cipher, tv->len) != 0) { 393 wpa_printf(MSG_ERROR, "AES-CBC encrypt %d failed", i); 394 ret++; 395 } 396 397 os_memcpy(buf, tv->cipher, tv->len); 398 if (aes_128_cbc_decrypt(tv->key, tv->iv, buf, tv->len) || 399 os_memcmp(buf, tv->plain, tv->len) != 0) { 400 wpa_printf(MSG_ERROR, "AES-CBC decrypt %d failed", i); 401 ret++; 402 } 403 404 os_free(buf); 405 } 406 407 return ret; 408 } 409 410 411 static int test_ecb(void) 412 { 413 #ifdef EAP_PSK 414 struct ecb_test_vector { 415 char *key; 416 char *plaintext; 417 char *ciphertext; 418 } vectors[] = { 419 /* CAVS 11.1 - ECBGFSbox128.rsp */ 420 { 421 "00000000000000000000000000000000", 422 "f34481ec3cc627bacd5dc3fb08f273e6", 423 "0336763e966d92595a567cc9ce537f5e" 424 }, 425 { 426 "00000000000000000000000000000000", 427 "9798c4640bad75c7c3227db910174e72", 428 "a9a1631bf4996954ebc093957b234589" 429 }, 430 { 431 "00000000000000000000000000000000", 432 "96ab5c2ff612d9dfaae8c31f30c42168", 433 "ff4f8391a6a40ca5b25d23bedd44a597" 434 }, 435 { 436 "00000000000000000000000000000000", 437 "6a118a874519e64e9963798a503f1d35", 438 "dc43be40be0e53712f7e2bf5ca707209" 439 }, 440 { 441 "00000000000000000000000000000000", 442 "cb9fceec81286ca3e989bd979b0cb284", 443 "92beedab1895a94faa69b632e5cc47ce" 444 }, 445 { 446 "00000000000000000000000000000000", 447 "b26aeb1874e47ca8358ff22378f09144", 448 "459264f4798f6a78bacb89c15ed3d601" 449 }, 450 { 451 "00000000000000000000000000000000", 452 "58c8e00b2631686d54eab84b91f0aca1", 453 "08a4e2efec8a8e3312ca7460b9040bbf" 454 }, 455 /* CAVS 11.1 - ECBKeySbox128.rsp */ 456 { 457 "10a58869d74be5a374cf867cfb473859", 458 "00000000000000000000000000000000", 459 "6d251e6944b051e04eaa6fb4dbf78465" 460 }, 461 { 462 "caea65cdbb75e9169ecd22ebe6e54675", 463 "00000000000000000000000000000000", 464 "6e29201190152df4ee058139def610bb", 465 } 466 }; 467 int ret = 0; 468 unsigned int i; 469 u8 key[16], plain[16], cipher[16], out[16]; 470 471 for (i = 0; i < ARRAY_SIZE(vectors); i++) { 472 struct ecb_test_vector *tv = &vectors[i]; 473 474 if (hexstr2bin(tv->key, key, sizeof(key)) || 475 hexstr2bin(tv->plaintext, plain, sizeof(plain)) || 476 hexstr2bin(tv->ciphertext, cipher, sizeof(cipher))) { 477 wpa_printf(MSG_ERROR, "Invalid AES-ECB test vector %u", 478 i); 479 ret++; 480 continue; 481 } 482 483 if (aes_128_encrypt_block(key, plain, out) < 0 || 484 os_memcmp(out, cipher, 16) != 0) { 485 wpa_printf(MSG_ERROR, "AES-ECB encrypt %u failed", i); 486 ret++; 487 } 488 } 489 490 if (!ret) 491 wpa_printf(MSG_INFO, "AES ECB mode test cases passed"); 492 493 return ret; 494 #endif /* EAP_PSK */ 495 496 return 0; 497 } 498 499 500 static int test_key_wrap(void) 501 { 502 int ret = 0; 503 504 /* RFC 3394 - Test vector 4.1 */ 505 u8 kek41[] = { 506 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 507 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f 508 }; 509 u8 plain41[] = { 510 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 511 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff 512 }; 513 u8 crypt41[] = { 514 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47, 515 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82, 516 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5 517 }; 518 /* RFC 3394 - Test vector 4.2 */ 519 u8 kek42[] = { 520 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 521 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 522 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 523 }; 524 u8 plain42[] = { 525 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 526 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff 527 }; 528 u8 crypt42[] = { 529 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35, 530 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2, 531 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D 532 }; 533 /* RFC 3394 - Test vector 4.3 */ 534 u8 kek43[] = { 535 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 536 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 537 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 538 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F 539 }; 540 u8 plain43[] = { 541 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 542 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff 543 }; 544 u8 crypt43[] = { 545 0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2, 546 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A, 547 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7, 548 }; 549 /* RFC 3394 - Test vector 4.4 */ 550 u8 kek44[] = { 551 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 552 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 553 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 554 }; 555 u8 plain44[] = { 556 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 557 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 558 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 559 }; 560 u8 crypt44[] = { 561 0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32, 562 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC, 563 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93, 564 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2 565 }; 566 /* RFC 3394 - Test vector 4.5 */ 567 u8 kek45[] = { 568 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 569 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 570 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 571 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F 572 }; 573 u8 plain45[] = { 574 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 575 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 576 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 577 }; 578 u8 crypt45[] = { 579 0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F, 580 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4, 581 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95, 582 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1, 583 }; 584 /* RFC 3394 - Test vector 4.6 */ 585 u8 kek46[] = { 586 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 587 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 588 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 589 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F 590 }; 591 u8 plain46[] = { 592 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 593 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 594 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 595 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F 596 }; 597 u8 crypt46[] = { 598 0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4, 599 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26, 600 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26, 601 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B, 602 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21 603 }; 604 u8 result[40]; 605 606 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.1"); 607 if (aes_wrap(kek41, sizeof(kek41), sizeof(plain41) / 8, plain41, 608 result)) { 609 wpa_printf(MSG_ERROR, "AES-WRAP-128 reported failure"); 610 ret++; 611 } 612 if (os_memcmp(result, crypt41, sizeof(crypt41)) != 0) { 613 wpa_printf(MSG_ERROR, "AES-WRAP-128 failed"); 614 ret++; 615 } 616 if (aes_unwrap(kek41, sizeof(kek41), sizeof(plain41) / 8, crypt41, 617 result)) { 618 wpa_printf(MSG_ERROR, "AES-UNWRAP-128 reported failure"); 619 ret++; 620 } 621 if (os_memcmp(result, plain41, sizeof(plain41)) != 0) { 622 wpa_printf(MSG_ERROR, "AES-UNWRAP-128 failed"); 623 ret++; 624 } 625 626 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.2"); 627 if (aes_wrap(kek42, sizeof(kek42), sizeof(plain42) / 8, plain42, 628 result)) { 629 wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure"); 630 ret++; 631 } 632 if (os_memcmp(result, crypt42, sizeof(crypt42)) != 0) { 633 wpa_printf(MSG_ERROR, "AES-WRAP-192 failed"); 634 ret++; 635 } 636 if (aes_unwrap(kek42, sizeof(kek42), sizeof(plain42) / 8, crypt42, 637 result)) { 638 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure"); 639 ret++; 640 } 641 if (os_memcmp(result, plain42, sizeof(plain42)) != 0) { 642 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed"); 643 ret++; 644 } 645 646 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.3"); 647 if (aes_wrap(kek43, sizeof(kek43), sizeof(plain43) / 8, plain43, 648 result)) { 649 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure"); 650 ret++; 651 } 652 if (os_memcmp(result, crypt43, sizeof(crypt43)) != 0) { 653 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed"); 654 ret++; 655 } 656 if (aes_unwrap(kek43, sizeof(kek43), sizeof(plain43) / 8, crypt43, 657 result)) { 658 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure"); 659 ret++; 660 } 661 if (os_memcmp(result, plain43, sizeof(plain43)) != 0) { 662 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed"); 663 ret++; 664 } 665 666 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.4"); 667 if (aes_wrap(kek44, sizeof(kek44), sizeof(plain44) / 8, plain44, 668 result)) { 669 wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure"); 670 ret++; 671 } 672 if (os_memcmp(result, crypt44, sizeof(crypt44)) != 0) { 673 wpa_printf(MSG_ERROR, "AES-WRAP-192 failed"); 674 ret++; 675 } 676 if (aes_unwrap(kek44, sizeof(kek44), sizeof(plain44) / 8, crypt44, 677 result)) { 678 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure"); 679 ret++; 680 } 681 if (os_memcmp(result, plain44, sizeof(plain44)) != 0) { 682 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed"); 683 ret++; 684 } 685 686 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.5"); 687 if (aes_wrap(kek45, sizeof(kek45), sizeof(plain45) / 8, plain45, 688 result)) { 689 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure"); 690 ret++; 691 } 692 if (os_memcmp(result, crypt45, sizeof(crypt45)) != 0) { 693 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed"); 694 ret++; 695 } 696 if (aes_unwrap(kek45, sizeof(kek45), sizeof(plain45) / 8, crypt45, 697 result)) { 698 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure"); 699 ret++; 700 } 701 if (os_memcmp(result, plain45, sizeof(plain45)) != 0) { 702 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed"); 703 ret++; 704 } 705 706 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.6"); 707 if (aes_wrap(kek46, sizeof(kek46), sizeof(plain46) / 8, plain46, 708 result)) { 709 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure"); 710 ret++; 711 } 712 if (os_memcmp(result, crypt46, sizeof(crypt46)) != 0) { 713 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed"); 714 ret++; 715 } 716 if (aes_unwrap(kek46, sizeof(kek46), sizeof(plain46) / 8, crypt46, 717 result)) { 718 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure"); 719 ret++; 720 } 721 if (os_memcmp(result, plain46, sizeof(plain46)) != 0) { 722 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed"); 723 ret++; 724 } 725 726 if (!ret) 727 wpa_printf(MSG_INFO, "AES key wrap/unwrap test cases passed"); 728 729 return ret; 730 } 731 732 733 static int test_md5(void) 734 { 735 struct { 736 char *data; 737 char *hash; 738 } tests[] = { 739 { 740 "", 741 "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04" 742 "\xe9\x80\x09\x98\xec\xf8\x42\x7e" 743 }, 744 { 745 "a", 746 "\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8" 747 "\x31\xc3\x99\xe2\x69\x77\x26\x61" 748 }, 749 { 750 "abc", 751 "\x90\x01\x50\x98\x3c\xd2\x4f\xb0" 752 "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72" 753 }, 754 { 755 "message digest", 756 "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d" 757 "\x52\x5a\x2f\x31\xaa\xf1\x61\xd0" 758 }, 759 { 760 "abcdefghijklmnopqrstuvwxyz", 761 "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00" 762 "\x7d\xfb\x49\x6c\xca\x67\xe1\x3b" 763 }, 764 { 765 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" 766 "0123456789", 767 "\xd1\x74\xab\x98\xd2\x77\xd9\xf5" 768 "\xa5\x61\x1c\x2c\x9f\x41\x9d\x9f" 769 }, 770 { 771 "12345678901234567890123456789012345678901234567890" 772 "123456789012345678901234567890", 773 "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55" 774 "\xac\x49\xda\x2e\x21\x07\xb6\x7a" 775 } 776 }; 777 unsigned int i; 778 u8 hash[16]; 779 const u8 *addr[2]; 780 size_t len[2]; 781 int errors = 0; 782 783 for (i = 0; i < ARRAY_SIZE(tests); i++) { 784 wpa_printf(MSG_INFO, "MD5 test case %d", i); 785 786 addr[0] = (u8 *) tests[i].data; 787 len[0] = strlen(tests[i].data); 788 if (md5_vector(1, addr, len, hash) < 0 || 789 os_memcmp(hash, tests[i].hash, 16) != 0) { 790 wpa_printf(MSG_INFO, " FAIL"); 791 errors++; 792 } else 793 wpa_printf(MSG_INFO, " OK"); 794 795 if (len[0]) { 796 addr[0] = (u8 *) tests[i].data; 797 len[0] = strlen(tests[i].data); 798 addr[1] = (u8 *) tests[i].data + 1; 799 len[1] = strlen(tests[i].data) - 1; 800 if (md5_vector(1, addr, len, hash) < 0 || 801 os_memcmp(hash, tests[i].hash, 16) != 0) { 802 wpa_printf(MSG_INFO, " FAIL"); 803 errors++; 804 } else 805 wpa_printf(MSG_INFO, " OK"); 806 } 807 } 808 809 if (!errors) 810 wpa_printf(MSG_INFO, "MD5 test cases passed"); 811 812 return errors; 813 } 814 815 816 static int test_eap_fast(void) 817 { 818 #ifdef EAP_FAST 819 /* RFC 4851, Appendix B.1 */ 820 const u8 pac_key[] = { 821 0x0B, 0x97, 0x39, 0x0F, 0x37, 0x51, 0x78, 0x09, 822 0x81, 0x1E, 0xFD, 0x9C, 0x6E, 0x65, 0x94, 0x2B, 823 0x63, 0x2C, 0xE9, 0x53, 0x89, 0x38, 0x08, 0xBA, 824 0x36, 0x0B, 0x03, 0x7C, 0xD1, 0x85, 0xE4, 0x14 825 }; 826 const u8 seed[] = { 827 0x3F, 0xFB, 0x11, 0xC4, 0x6C, 0xBF, 0xA5, 0x7A, 828 0x54, 0x40, 0xDA, 0xE8, 0x22, 0xD3, 0x11, 0xD3, 829 0xF7, 0x6D, 0xE4, 0x1D, 0xD9, 0x33, 0xE5, 0x93, 830 0x70, 0x97, 0xEB, 0xA9, 0xB3, 0x66, 0xF4, 0x2A, 831 0x00, 0x00, 0x00, 0x02, 0x6A, 0x66, 0x43, 0x2A, 832 0x8D, 0x14, 0x43, 0x2C, 0xEC, 0x58, 0x2D, 0x2F, 833 0xC7, 0x9C, 0x33, 0x64, 0xBA, 0x04, 0xAD, 0x3A, 834 0x52, 0x54, 0xD6, 0xA5, 0x79, 0xAD, 0x1E, 0x00 835 }; 836 const u8 master_secret[] = { 837 0x4A, 0x1A, 0x51, 0x2C, 0x01, 0x60, 0xBC, 0x02, 838 0x3C, 0xCF, 0xBC, 0x83, 0x3F, 0x03, 0xBC, 0x64, 839 0x88, 0xC1, 0x31, 0x2F, 0x0B, 0xA9, 0xA2, 0x77, 840 0x16, 0xA8, 0xD8, 0xE8, 0xBD, 0xC9, 0xD2, 0x29, 841 0x38, 0x4B, 0x7A, 0x85, 0xBE, 0x16, 0x4D, 0x27, 842 0x33, 0xD5, 0x24, 0x79, 0x87, 0xB1, 0xC5, 0xA2 843 }; 844 const u8 key_block[] = { 845 0x59, 0x59, 0xBE, 0x8E, 0x41, 0x3A, 0x77, 0x74, 846 0x8B, 0xB2, 0xE5, 0xD3, 0x60, 0xAC, 0x4D, 0x35, 847 0xDF, 0xFB, 0xC8, 0x1E, 0x9C, 0x24, 0x9C, 0x8B, 848 0x0E, 0xC3, 0x1D, 0x72, 0xC8, 0x84, 0x9D, 0x57, 849 0x48, 0x51, 0x2E, 0x45, 0x97, 0x6C, 0x88, 0x70, 850 0xBE, 0x5F, 0x01, 0xD3, 0x64, 0xE7, 0x4C, 0xBB, 851 0x11, 0x24, 0xE3, 0x49, 0xE2, 0x3B, 0xCD, 0xEF, 852 0x7A, 0xB3, 0x05, 0x39, 0x5D, 0x64, 0x8A, 0x44, 853 0x11, 0xB6, 0x69, 0x88, 0x34, 0x2E, 0x8E, 0x29, 854 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05, 855 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96, 856 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84, 857 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98, 858 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71 859 }; 860 const u8 sks[] = { 861 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05, 862 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96, 863 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84, 864 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98, 865 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71 866 }; 867 const u8 isk[] = { 868 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 869 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 870 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 871 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 872 }; 873 const u8 imck[] = { 874 0x16, 0x15, 0x3C, 0x3F, 0x21, 0x55, 0xEF, 0xD9, 875 0x7F, 0x34, 0xAE, 0xC8, 0x1A, 0x4E, 0x66, 0x80, 876 0x4C, 0xC3, 0x76, 0xF2, 0x8A, 0xA9, 0x6F, 0x96, 877 0xC2, 0x54, 0x5F, 0x8C, 0xAB, 0x65, 0x02, 0xE1, 878 0x18, 0x40, 0x7B, 0x56, 0xBE, 0xEA, 0xA7, 0xC5, 879 0x76, 0x5D, 0x8F, 0x0B, 0xC5, 0x07, 0xC6, 0xB9, 880 0x04, 0xD0, 0x69, 0x56, 0x72, 0x8B, 0x6B, 0xB8, 881 0x15, 0xEC, 0x57, 0x7B 882 }; 883 const u8 msk[] = { 884 0x4D, 0x83, 0xA9, 0xBE, 0x6F, 0x8A, 0x74, 0xED, 885 0x6A, 0x02, 0x66, 0x0A, 0x63, 0x4D, 0x2C, 0x33, 886 0xC2, 0xDA, 0x60, 0x15, 0xC6, 0x37, 0x04, 0x51, 887 0x90, 0x38, 0x63, 0xDA, 0x54, 0x3E, 0x14, 0xB9, 888 0x27, 0x99, 0x18, 0x1E, 0x07, 0xBF, 0x0F, 0x5A, 889 0x5E, 0x3C, 0x32, 0x93, 0x80, 0x8C, 0x6C, 0x49, 890 0x67, 0xED, 0x24, 0xFE, 0x45, 0x40, 0xA0, 0x59, 891 0x5E, 0x37, 0xC2, 0xE9, 0xD0, 0x5D, 0x0A, 0xE3 892 }; 893 const u8 emsk[] = { 894 0x3A, 0xD4, 0xAB, 0xDB, 0x76, 0xB2, 0x7F, 0x3B, 895 0xEA, 0x32, 0x2C, 0x2B, 0x74, 0xF4, 0x28, 0x55, 896 0xEF, 0x2D, 0xBA, 0x78, 0xC9, 0x57, 0x2F, 0x0D, 897 0x06, 0xCD, 0x51, 0x7C, 0x20, 0x93, 0x98, 0xA9, 898 0x76, 0xEA, 0x70, 0x21, 0xD7, 0x0E, 0x25, 0x54, 899 0x97, 0xED, 0xB2, 0x8A, 0xF6, 0xED, 0xFD, 0x0A, 900 0x2A, 0xE7, 0xA1, 0x58, 0x90, 0x10, 0x50, 0x44, 901 0xB3, 0x82, 0x85, 0xDB, 0x06, 0x14, 0xD2, 0xF9 902 }; 903 /* RFC 4851, Appendix B.2 */ 904 u8 tlv[] = { 905 0x80, 0x0C, 0x00, 0x38, 0x00, 0x01, 0x01, 0x00, 906 0xD8, 0x6A, 0x8C, 0x68, 0x3C, 0x32, 0x31, 0xA8, 907 0x56, 0x63, 0xB6, 0x40, 0x21, 0xFE, 0x21, 0x14, 908 0x4E, 0xE7, 0x54, 0x20, 0x79, 0x2D, 0x42, 0x62, 909 0xC9, 0xBF, 0x53, 0x7F, 0x54, 0xFD, 0xAC, 0x58, 910 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF, 911 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC, 912 0x05, 0xC5, 0x5B, 0xB7 913 }; 914 const u8 compound_mac[] = { 915 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF, 916 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC, 917 0x05, 0xC5, 0x5B, 0xB7 918 }; 919 u8 buf[512]; 920 const u8 *simck, *cmk; 921 int errors = 0; 922 923 wpa_printf(MSG_INFO, "EAP-FAST test cases"); 924 925 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / master_secret"); 926 if (sha1_t_prf(pac_key, sizeof(pac_key), 927 "PAC to master secret label hash", 928 seed, sizeof(seed), buf, sizeof(master_secret)) < 0 || 929 os_memcmp(master_secret, buf, sizeof(master_secret)) != 0) { 930 wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 931 errors++; 932 } 933 934 wpa_printf(MSG_INFO, "- PRF (TLS, SHA1/MD5) test case / key_block"); 935 if (tls_prf_sha1_md5(master_secret, sizeof(master_secret), 936 "key expansion", seed, sizeof(seed), 937 buf, sizeof(key_block)) || 938 os_memcmp(key_block, buf, sizeof(key_block)) != 0) { 939 wpa_printf(MSG_INFO, "PRF test - FAILED!"); 940 errors++; 941 } 942 943 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / IMCK"); 944 if (sha1_t_prf(sks, sizeof(sks), "Inner Methods Compound Keys", 945 isk, sizeof(isk), buf, sizeof(imck)) < 0 || 946 os_memcmp(imck, buf, sizeof(imck)) != 0) { 947 wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 948 errors++; 949 } 950 951 simck = imck; 952 cmk = imck + 40; 953 954 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / MSK"); 955 if (sha1_t_prf(simck, 40, "Session Key Generating Function", 956 (u8 *) "", 0, buf, sizeof(msk)) < 0 || 957 os_memcmp(msk, buf, sizeof(msk)) != 0) { 958 wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 959 errors++; 960 } 961 962 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / EMSK"); 963 if (sha1_t_prf(simck, 40, "Extended Session Key Generating Function", 964 (u8 *) "", 0, buf, sizeof(msk)) < 0 || 965 os_memcmp(emsk, buf, sizeof(emsk)) != 0) { 966 wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 967 errors++; 968 } 969 970 wpa_printf(MSG_INFO, "- Compound MAC test case"); 971 os_memset(tlv + sizeof(tlv) - 20, 0, 20); 972 if (hmac_sha1(cmk, 20, tlv, sizeof(tlv), tlv + sizeof(tlv) - 20) < 0 || 973 os_memcmp(tlv + sizeof(tlv) - 20, compound_mac, 974 sizeof(compound_mac)) != 0) { 975 wpa_printf(MSG_INFO, "Compound MAC test - FAILED!"); 976 errors++; 977 } 978 979 return errors; 980 #else /* EAP_FAST */ 981 return 0; 982 #endif /* EAP_FAST */ 983 } 984 985 986 static u8 key0[] = 987 { 988 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 989 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 990 0x0b, 0x0b, 0x0b, 0x0b 991 }; 992 static u8 data0[] = "Hi There"; 993 static u8 prf0[] = 994 { 995 0xbc, 0xd4, 0xc6, 0x50, 0xb3, 0x0b, 0x96, 0x84, 996 0x95, 0x18, 0x29, 0xe0, 0xd7, 0x5f, 0x9d, 0x54, 997 0xb8, 0x62, 0x17, 0x5e, 0xd9, 0xf0, 0x06, 0x06, 998 0xe1, 0x7d, 0x8d, 0xa3, 0x54, 0x02, 0xff, 0xee, 999 0x75, 0xdf, 0x78, 0xc3, 0xd3, 0x1e, 0x0f, 0x88, 1000 0x9f, 0x01, 0x21, 0x20, 0xc0, 0x86, 0x2b, 0xeb, 1001 0x67, 0x75, 0x3e, 0x74, 0x39, 0xae, 0x24, 0x2e, 1002 0xdb, 0x83, 0x73, 0x69, 0x83, 0x56, 0xcf, 0x5a 1003 }; 1004 1005 static u8 key1[] = "Jefe"; 1006 static u8 data1[] = "what do ya want for nothing?"; 1007 static u8 prf1[] = 1008 { 1009 0x51, 0xf4, 0xde, 0x5b, 0x33, 0xf2, 0x49, 0xad, 1010 0xf8, 0x1a, 0xeb, 0x71, 0x3a, 0x3c, 0x20, 0xf4, 1011 0xfe, 0x63, 0x14, 0x46, 0xfa, 0xbd, 0xfa, 0x58, 1012 0x24, 0x47, 0x59, 0xae, 0x58, 0xef, 0x90, 0x09, 1013 0xa9, 0x9a, 0xbf, 0x4e, 0xac, 0x2c, 0xa5, 0xfa, 1014 0x87, 0xe6, 0x92, 0xc4, 0x40, 0xeb, 0x40, 0x02, 1015 0x3e, 0x7b, 0xab, 0xb2, 0x06, 0xd6, 0x1d, 0xe7, 1016 0xb9, 0x2f, 0x41, 0x52, 0x90, 0x92, 0xb8, 0xfc 1017 }; 1018 1019 1020 static u8 key2[] = 1021 { 1022 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1023 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1024 0xaa, 0xaa, 0xaa, 0xaa 1025 }; 1026 static u8 data2[] = 1027 { 1028 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1029 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1030 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1031 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1032 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1033 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1034 0xdd, 0xdd 1035 }; 1036 static u8 prf2[] = 1037 { 1038 0xe1, 0xac, 0x54, 0x6e, 0xc4, 0xcb, 0x63, 0x6f, 1039 0x99, 0x76, 0x48, 0x7b, 0xe5, 0xc8, 0x6b, 0xe1, 1040 0x7a, 0x02, 0x52, 0xca, 0x5d, 0x8d, 0x8d, 0xf1, 1041 0x2c, 0xfb, 0x04, 0x73, 0x52, 0x52, 0x49, 0xce, 1042 0x9d, 0xd8, 0xd1, 0x77, 0xea, 0xd7, 0x10, 0xbc, 1043 0x9b, 0x59, 0x05, 0x47, 0x23, 0x91, 0x07, 0xae, 1044 0xf7, 0xb4, 0xab, 0xd4, 0x3d, 0x87, 0xf0, 0xa6, 1045 0x8f, 0x1c, 0xbd, 0x9e, 0x2b, 0x6f, 0x76, 0x07 1046 }; 1047 1048 1049 struct passphrase_test { 1050 char *passphrase; 1051 char *ssid; 1052 char psk[32]; 1053 }; 1054 1055 static struct passphrase_test passphrase_tests[] = 1056 { 1057 { 1058 "password", 1059 "IEEE", 1060 { 1061 0xf4, 0x2c, 0x6f, 0xc5, 0x2d, 0xf0, 0xeb, 0xef, 1062 0x9e, 0xbb, 0x4b, 0x90, 0xb3, 0x8a, 0x5f, 0x90, 1063 0x2e, 0x83, 0xfe, 0x1b, 0x13, 0x5a, 0x70, 0xe2, 1064 0x3a, 0xed, 0x76, 0x2e, 0x97, 0x10, 0xa1, 0x2e 1065 } 1066 }, 1067 { 1068 "ThisIsAPassword", 1069 "ThisIsASSID", 1070 { 1071 0x0d, 0xc0, 0xd6, 0xeb, 0x90, 0x55, 0x5e, 0xd6, 1072 0x41, 0x97, 0x56, 0xb9, 0xa1, 0x5e, 0xc3, 0xe3, 1073 0x20, 0x9b, 0x63, 0xdf, 0x70, 0x7d, 0xd5, 0x08, 1074 0xd1, 0x45, 0x81, 0xf8, 0x98, 0x27, 0x21, 0xaf 1075 } 1076 }, 1077 { 1078 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 1079 "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ", 1080 { 1081 0xbe, 0xcb, 0x93, 0x86, 0x6b, 0xb8, 0xc3, 0x83, 1082 0x2c, 0xb7, 0x77, 0xc2, 0xf5, 0x59, 0x80, 0x7c, 1083 0x8c, 0x59, 0xaf, 0xcb, 0x6e, 0xae, 0x73, 0x48, 1084 0x85, 0x00, 0x13, 0x00, 0xa9, 0x81, 0xcc, 0x62 1085 } 1086 }, 1087 }; 1088 1089 #define NUM_PASSPHRASE_TESTS ARRAY_SIZE(passphrase_tests) 1090 1091 1092 struct rfc6070_test { 1093 char *p; 1094 char *s; 1095 int c; 1096 char dk[32]; 1097 size_t dk_len; 1098 }; 1099 1100 static struct rfc6070_test rfc6070_tests[] = 1101 { 1102 { 1103 "password", 1104 "salt", 1105 1, 1106 { 1107 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71, 1108 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06, 1109 0x2f, 0xe0, 0x37, 0xa6 1110 }, 1111 20 1112 }, 1113 { 1114 "password", 1115 "salt", 1116 2, 1117 { 1118 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c, 1119 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0, 1120 0xd8, 0xde, 0x89, 0x57 1121 }, 1122 20 1123 }, 1124 { 1125 "password", 1126 "salt", 1127 4096, 1128 { 1129 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a, 1130 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0, 1131 0x65, 0xa4, 0x29, 0xc1 1132 }, 1133 20 1134 }, 1135 #if 0 /* This takes quite long to derive.. */ 1136 { 1137 "password", 1138 "salt", 1139 16777216, 1140 { 1141 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4, 1142 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c, 1143 0x26, 0x34, 0xe9, 0x84 1144 }, 1145 20 1146 }, 1147 #endif 1148 { 1149 "passwordPASSWORDpassword", 1150 "saltSALTsaltSALTsaltSALTsaltSALTsalt", 1151 4096, 1152 { 1153 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b, 1154 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a, 1155 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70, 1156 0x38 1157 }, 1158 25 1159 }, 1160 #if 0 /* \0 not currently supported in passphrase parameters.. */ 1161 { 1162 "pass\0word", 1163 "sa\0lt", 1164 4096, 1165 { 1166 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d, 1167 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3 1168 }, 1169 16 1170 }, 1171 #endif 1172 }; 1173 1174 #define NUM_RFC6070_TESTS ARRAY_SIZE(rfc6070_tests) 1175 1176 1177 static int test_sha1(void) 1178 { 1179 u8 res[512]; 1180 int ret = 0; 1181 unsigned int i; 1182 1183 wpa_printf(MSG_INFO, "PRF-SHA1 test cases:"); 1184 1185 if (sha1_prf(key0, sizeof(key0), "prefix", data0, sizeof(data0) - 1, 1186 res, sizeof(prf0)) == 0 && 1187 os_memcmp(res, prf0, sizeof(prf0)) == 0) 1188 wpa_printf(MSG_INFO, "Test case 0 - OK"); 1189 else { 1190 wpa_printf(MSG_INFO, "Test case 0 - FAILED!"); 1191 ret++; 1192 } 1193 1194 if (sha1_prf(key1, sizeof(key1) - 1, "prefix", data1, sizeof(data1) - 1, 1195 res, sizeof(prf1)) == 0 && 1196 os_memcmp(res, prf1, sizeof(prf1)) == 0) 1197 wpa_printf(MSG_INFO, "Test case 1 - OK"); 1198 else { 1199 wpa_printf(MSG_INFO, "Test case 1 - FAILED!"); 1200 ret++; 1201 } 1202 1203 if (sha1_prf(key2, sizeof(key2), "prefix", data2, sizeof(data2), 1204 res, sizeof(prf2)) == 0 && 1205 os_memcmp(res, prf2, sizeof(prf2)) == 0) 1206 wpa_printf(MSG_INFO, "Test case 2 - OK"); 1207 else { 1208 wpa_printf(MSG_INFO, "Test case 2 - FAILED!"); 1209 ret++; 1210 } 1211 1212 ret += test_eap_fast(); 1213 1214 wpa_printf(MSG_INFO, "PBKDF2-SHA1 Passphrase test cases:"); 1215 for (i = 0; i < NUM_PASSPHRASE_TESTS; i++) { 1216 u8 psk[32]; 1217 struct passphrase_test *test = &passphrase_tests[i]; 1218 1219 if (pbkdf2_sha1(test->passphrase, 1220 (const u8 *) test->ssid, strlen(test->ssid), 1221 4096, psk, 32) == 0 && 1222 os_memcmp(psk, test->psk, 32) == 0) 1223 wpa_printf(MSG_INFO, "Test case %d - OK", i); 1224 else { 1225 wpa_printf(MSG_INFO, "Test case %d - FAILED!", i); 1226 ret++; 1227 } 1228 } 1229 1230 wpa_printf(MSG_INFO, "PBKDF2-SHA1 test cases (RFC 6070):"); 1231 for (i = 0; i < NUM_RFC6070_TESTS; i++) { 1232 u8 dk[25]; 1233 struct rfc6070_test *test = &rfc6070_tests[i]; 1234 1235 if (pbkdf2_sha1(test->p, (const u8 *) test->s, strlen(test->s), 1236 test->c, dk, test->dk_len) == 0 && 1237 os_memcmp(dk, test->dk, test->dk_len) == 0) 1238 wpa_printf(MSG_INFO, "Test case %d - OK", i); 1239 else { 1240 wpa_printf(MSG_INFO, "Test case %d - FAILED!", i); 1241 ret++; 1242 } 1243 } 1244 1245 if (!ret) 1246 wpa_printf(MSG_INFO, "SHA1 test cases passed"); 1247 return ret; 1248 } 1249 1250 1251 struct { 1252 char *data; 1253 u8 hash[32]; 1254 } tests[] = { 1255 { 1256 "abc", 1257 { 1258 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 1259 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, 1260 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 1261 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad 1262 } 1263 }, 1264 { 1265 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1266 { 1267 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, 1268 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, 1269 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, 1270 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1 1271 } 1272 } 1273 }; 1274 1275 struct hmac_test { 1276 u8 key[80]; 1277 size_t key_len; 1278 u8 data[128]; 1279 size_t data_len; 1280 u8 hash[32]; 1281 } hmac_tests[] = { 1282 /* draft-ietf-ipsec-ciph-sha-256-01.txt */ 1283 { 1284 { 1285 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1286 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1287 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1288 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 1289 }, 1290 32, 1291 "abc", 3, 1292 { 1293 0xa2, 0x1b, 0x1f, 0x5d, 0x4c, 0xf4, 0xf7, 0x3a, 1294 0x4d, 0xd9, 0x39, 0x75, 0x0f, 0x7a, 0x06, 0x6a, 1295 0x7f, 0x98, 0xcc, 0x13, 0x1c, 0xb1, 0x6a, 0x66, 1296 0x92, 0x75, 0x90, 0x21, 0xcf, 0xab, 0x81, 0x81 1297 } 1298 }, 1299 { 1300 { 1301 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1302 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1303 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1304 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 1305 }, 1306 32, 1307 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1308 56, 1309 { 1310 0x10, 0x4f, 0xdc, 0x12, 0x57, 0x32, 0x8f, 0x08, 1311 0x18, 0x4b, 0xa7, 0x31, 0x31, 0xc5, 0x3c, 0xae, 1312 0xe6, 0x98, 0xe3, 0x61, 0x19, 0x42, 0x11, 0x49, 1313 0xea, 0x8c, 0x71, 0x24, 0x56, 0x69, 0x7d, 0x30 1314 } 1315 }, 1316 { 1317 { 1318 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1319 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1320 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1321 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 1322 }, 1323 32, 1324 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" 1325 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1326 112, 1327 { 1328 0x47, 0x03, 0x05, 0xfc, 0x7e, 0x40, 0xfe, 0x34, 1329 0xd3, 0xee, 0xb3, 0xe7, 0x73, 0xd9, 0x5a, 0xab, 1330 0x73, 0xac, 0xf0, 0xfd, 0x06, 0x04, 0x47, 0xa5, 1331 0xeb, 0x45, 0x95, 0xbf, 0x33, 0xa9, 0xd1, 0xa3 1332 } 1333 }, 1334 { 1335 { 1336 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1337 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1338 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1339 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b 1340 }, 1341 32, 1342 "Hi There", 1343 8, 1344 { 1345 0x19, 0x8a, 0x60, 0x7e, 0xb4, 0x4b, 0xfb, 0xc6, 1346 0x99, 0x03, 0xa0, 0xf1, 0xcf, 0x2b, 0xbd, 0xc5, 1347 0xba, 0x0a, 0xa3, 0xf3, 0xd9, 0xae, 0x3c, 0x1c, 1348 0x7a, 0x3b, 0x16, 0x96, 0xa0, 0xb6, 0x8c, 0xf7 1349 } 1350 }, 1351 { 1352 "Jefe", 1353 4, 1354 "what do ya want for nothing?", 1355 28, 1356 { 1357 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 1358 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7, 1359 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83, 1360 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43 1361 } 1362 }, 1363 { 1364 { 1365 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1366 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1367 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1368 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa 1369 }, 1370 32, 1371 { 1372 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1373 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1374 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1375 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1376 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1377 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1378 0xdd, 0xdd 1379 }, 1380 50, 1381 { 1382 0xcd, 0xcb, 0x12, 0x20, 0xd1, 0xec, 0xcc, 0xea, 1383 0x91, 0xe5, 0x3a, 0xba, 0x30, 0x92, 0xf9, 0x62, 1384 0xe5, 0x49, 0xfe, 0x6c, 0xe9, 0xed, 0x7f, 0xdc, 1385 0x43, 0x19, 0x1f, 0xbd, 0xe4, 0x5c, 0x30, 0xb0 1386 } 1387 }, 1388 { 1389 { 1390 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1391 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1392 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1393 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 1394 0x21, 0x22, 0x23, 0x24, 0x25 1395 }, 1396 37, 1397 { 1398 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1399 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1400 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1401 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1402 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1403 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1404 0xcd, 0xcd 1405 }, 1406 50, 1407 { 1408 0xd4, 0x63, 0x3c, 0x17, 0xf6, 0xfb, 0x8d, 0x74, 1409 0x4c, 0x66, 0xde, 0xe0, 0xf8, 0xf0, 0x74, 0x55, 1410 0x6e, 0xc4, 0xaf, 0x55, 0xef, 0x07, 0x99, 0x85, 1411 0x41, 0x46, 0x8e, 0xb4, 0x9b, 0xd2, 0xe9, 0x17 1412 } 1413 }, 1414 { 1415 { 1416 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 1417 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 1418 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 1419 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c 1420 }, 1421 32, 1422 "Test With Truncation", 1423 20, 1424 { 1425 0x75, 0x46, 0xaf, 0x01, 0x84, 0x1f, 0xc0, 0x9b, 1426 0x1a, 0xb9, 0xc3, 0x74, 0x9a, 0x5f, 0x1c, 0x17, 1427 0xd4, 0xf5, 0x89, 0x66, 0x8a, 0x58, 0x7b, 0x27, 1428 0x00, 0xa9, 0xc9, 0x7c, 0x11, 0x93, 0xcf, 0x42 1429 } 1430 }, 1431 { 1432 { 1433 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1434 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1435 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1436 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1437 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1438 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1439 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1440 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1441 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1442 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa 1443 }, 1444 80, 1445 "Test Using Larger Than Block-Size Key - Hash Key First", 1446 54, 1447 { 1448 0x69, 0x53, 0x02, 0x5e, 0xd9, 0x6f, 0x0c, 0x09, 1449 0xf8, 0x0a, 0x96, 0xf7, 0x8e, 0x65, 0x38, 0xdb, 1450 0xe2, 0xe7, 0xb8, 0x20, 0xe3, 0xdd, 0x97, 0x0e, 1451 0x7d, 0xdd, 0x39, 0x09, 0x1b, 0x32, 0x35, 0x2f 1452 } 1453 }, 1454 { 1455 { 1456 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1457 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1458 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1459 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1460 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1461 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1462 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1463 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1464 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1465 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa 1466 }, 1467 80, 1468 "Test Using Larger Than Block-Size Key and Larger Than One " 1469 "Block-Size Data", 1470 73, 1471 { 1472 0x63, 0x55, 0xac, 0x22, 0xe8, 0x90, 0xd0, 0xa3, 1473 0xc8, 0x48, 0x1a, 0x5c, 0xa4, 0x82, 0x5b, 0xc8, 1474 0x84, 0xd3, 0xe7, 0xa1, 0xff, 0x98, 0xa2, 0xfc, 1475 0x2a, 0xc7, 0xd8, 0xe0, 0x64, 0xc3, 0xb2, 0xe6 1476 } 1477 } 1478 }; 1479 1480 1481 static int test_sha256(void) 1482 { 1483 unsigned int i; 1484 u8 hash[32]; 1485 const u8 *addr[2]; 1486 size_t len[2]; 1487 int errors = 0; 1488 1489 for (i = 0; i < ARRAY_SIZE(tests); i++) { 1490 wpa_printf(MSG_INFO, "SHA256 test case %d:", i + 1); 1491 1492 addr[0] = (u8 *) tests[i].data; 1493 len[0] = strlen(tests[i].data); 1494 sha256_vector(1, addr, len, hash); 1495 if (memcmp(hash, tests[i].hash, 32) != 0) { 1496 wpa_printf(MSG_INFO, " FAIL"); 1497 errors++; 1498 } else 1499 wpa_printf(MSG_INFO, " OK"); 1500 1501 if (len[0]) { 1502 addr[0] = (u8 *) tests[i].data; 1503 len[0] = 1; 1504 addr[1] = (u8 *) tests[i].data + 1; 1505 len[1] = strlen(tests[i].data) - 1; 1506 sha256_vector(2, addr, len, hash); 1507 if (memcmp(hash, tests[i].hash, 32) != 0) { 1508 wpa_printf(MSG_INFO, " FAIL"); 1509 errors++; 1510 } else 1511 wpa_printf(MSG_INFO, " OK"); 1512 } 1513 } 1514 1515 for (i = 0; i < ARRAY_SIZE(hmac_tests); i++) { 1516 struct hmac_test *t = &hmac_tests[i]; 1517 1518 wpa_printf(MSG_INFO, "HMAC-SHA256 test case %d:", i + 1); 1519 1520 if (hmac_sha256(t->key, t->key_len, t->data, t->data_len, 1521 hash) < 0 || 1522 os_memcmp(hash, t->hash, 32) != 0) { 1523 wpa_printf(MSG_INFO, " FAIL"); 1524 errors++; 1525 } else 1526 wpa_printf(MSG_INFO, " OK"); 1527 1528 addr[0] = t->data; 1529 len[0] = t->data_len; 1530 if (hmac_sha256_vector(t->key, t->key_len, 1, addr, len, 1531 hash) < 0 || 1532 os_memcmp(hash, t->hash, 32) != 0) { 1533 wpa_printf(MSG_INFO, " FAIL"); 1534 errors++; 1535 } else 1536 wpa_printf(MSG_INFO, " OK"); 1537 1538 if (len[0]) { 1539 addr[0] = t->data; 1540 len[0] = 1; 1541 addr[1] = t->data + 1; 1542 len[1] = t->data_len - 1; 1543 if (hmac_sha256_vector(t->key, t->key_len, 2, addr, len, 1544 hash) < 0 || 1545 os_memcmp(hash, t->hash, 32) != 0) { 1546 wpa_printf(MSG_INFO, " FAIL"); 1547 errors++; 1548 } else 1549 wpa_printf(MSG_INFO, " OK"); 1550 } 1551 } 1552 1553 wpa_printf(MSG_INFO, "Test IEEE 802.11r KDF"); 1554 sha256_prf((u8 *) "abc", 3, "KDF test", (u8 *) "data", 4, 1555 hash, sizeof(hash)); 1556 /* TODO: add proper test case for this */ 1557 1558 if (!errors) 1559 wpa_printf(MSG_INFO, "SHA256 test cases passed"); 1560 return errors; 1561 } 1562 1563 1564 static int test_ms_funcs(void) 1565 { 1566 /* Test vector from RFC2759 example */ 1567 char *username = "User"; 1568 char *password = "clientPass"; 1569 u8 auth_challenge[] = { 1570 0x5B, 0x5D, 0x7C, 0x7D, 0x7B, 0x3F, 0x2F, 0x3E, 1571 0x3C, 0x2C, 0x60, 0x21, 0x32, 0x26, 0x26, 0x28 1572 }; 1573 u8 peer_challenge[] = { 1574 0x21, 0x40, 0x23, 0x24, 0x25, 0x5E, 0x26, 0x2A, 1575 0x28, 0x29, 0x5F, 0x2B, 0x3A, 0x33, 0x7C, 0x7E 1576 }; 1577 u8 password_hash[] = { 1578 0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6, 1579 0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE 1580 }; 1581 u8 nt_response[] = { 1582 0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E, 1583 0xA0, 0x8F, 0xAA, 0x39, 0x81, 0xCD, 0x83, 0x54, 1584 0x42, 0x33, 0x11, 0x4A, 0x3D, 0x85, 0xD6, 0xDF 1585 }; 1586 u8 password_hash_hash[] = { 1587 0x41, 0xC0, 0x0C, 0x58, 0x4B, 0xD2, 0xD9, 0x1C, 1588 0x40, 0x17, 0xA2, 0xA1, 0x2F, 0xA5, 0x9F, 0x3F 1589 }; 1590 u8 authenticator_response[] = { 1591 0x40, 0x7A, 0x55, 0x89, 0x11, 0x5F, 0xD0, 0xD6, 1592 0x20, 0x9F, 0x51, 0x0F, 0xE9, 0xC0, 0x45, 0x66, 1593 0x93, 0x2C, 0xDA, 0x56 1594 }; 1595 u8 master_key[] = { 1596 0xFD, 0xEC, 0xE3, 0x71, 0x7A, 0x8C, 0x83, 0x8C, 1597 0xB3, 0x88, 0xE5, 0x27, 0xAE, 0x3C, 0xDD, 0x31 1598 }; 1599 u8 send_start_key[] = { 1600 0x8B, 0x7C, 0xDC, 0x14, 0x9B, 0x99, 0x3A, 0x1B, 1601 0xA1, 0x18, 0xCB, 0x15, 0x3F, 0x56, 0xDC, 0xCB 1602 }; 1603 u8 buf[32]; 1604 int errors = 0; 1605 1606 if (nt_password_hash((u8 *) password, os_strlen(password), buf) || 1607 os_memcmp(password_hash, buf, sizeof(password_hash)) != 0) { 1608 wpa_printf(MSG_ERROR, "nt_password_hash failed"); 1609 errors++; 1610 } 1611 1612 if (generate_nt_response(auth_challenge, peer_challenge, 1613 (u8 *) username, os_strlen(username), 1614 (u8 *) password, os_strlen(password), buf) || 1615 os_memcmp(nt_response, buf, sizeof(nt_response)) != 0) { 1616 wpa_printf(MSG_ERROR, "generate_nt_response failed"); 1617 errors++; 1618 } 1619 1620 if (hash_nt_password_hash(password_hash, buf) || 1621 os_memcmp(password_hash_hash, buf, 1622 sizeof(password_hash_hash)) != 0) { 1623 wpa_printf(MSG_ERROR, "hash_nt_password_hash failed"); 1624 errors++; 1625 } 1626 1627 if (generate_authenticator_response((u8 *) password, 1628 os_strlen(password), 1629 peer_challenge, auth_challenge, 1630 (u8 *) username, 1631 os_strlen(username), 1632 nt_response, buf) || 1633 os_memcmp(authenticator_response, buf, 1634 sizeof(authenticator_response)) != 0) { 1635 wpa_printf(MSG_ERROR, "generate_authenticator_response failed"); 1636 errors++; 1637 } 1638 1639 if (get_master_key(password_hash_hash, nt_response, buf) || 1640 os_memcmp(master_key, buf, sizeof(master_key)) != 0) { 1641 wpa_printf(MSG_ERROR, "get_master_key failed"); 1642 errors++; 1643 } 1644 1645 if (get_asymetric_start_key(master_key, buf, sizeof(send_start_key), 1646 1, 1) || 1647 os_memcmp(send_start_key, buf, sizeof(send_start_key)) != 0) { 1648 wpa_printf(MSG_ERROR, "get_asymetric_start_key failed"); 1649 errors++; 1650 } 1651 1652 if (errors) 1653 wpa_printf(MSG_ERROR, "ms_funcs: %d errors", errors); 1654 else 1655 wpa_printf(MSG_INFO, "ms_funcs test cases passed"); 1656 1657 return errors; 1658 } 1659 1660 1661 int crypto_module_tests(void) 1662 { 1663 int ret = 0; 1664 1665 wpa_printf(MSG_INFO, "crypto module tests"); 1666 if (test_siv() || 1667 test_omac1() || 1668 test_eax() || 1669 test_cbc() || 1670 test_ecb() || 1671 test_key_wrap() || 1672 test_md5() || 1673 test_sha1() || 1674 test_sha256() || 1675 test_ms_funcs()) 1676 ret = -1; 1677 1678 return ret; 1679 } 1680