1 /*
2 * crypto module tests
3 * Copyright (c) 2014-2015, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "crypto/aes_siv.h"
13 #include "crypto/aes_wrap.h"
14 #include "crypto/aes.h"
15 #include "crypto/ms_funcs.h"
16 #include "crypto/crypto.h"
17 #include "crypto/sha1.h"
18 #include "crypto/sha256.h"
19
20
test_siv(void)21 static int test_siv(void)
22 {
23 #ifdef CONFIG_MESH
24 /* RFC 5297, A.1. Deterministic Authenticated Encryption Example */
25 u8 key[] = {
26 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
27 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
28 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
29 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
30 };
31 u8 ad[] = {
32 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
33 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
34 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27
35 };
36 u8 plaintext[] = {
37 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
38 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee
39 };
40 u8 iv_c[] = {
41 0x85, 0x63, 0x2d, 0x07, 0xc6, 0xe8, 0xf3, 0x7f,
42 0x95, 0x0a, 0xcd, 0x32, 0x0a, 0x2e, 0xcc, 0x93,
43 0x40, 0xc0, 0x2b, 0x96, 0x90, 0xc4, 0xdc, 0x04,
44 0xda, 0xef, 0x7f, 0x6a, 0xfe, 0x5c
45 };
46 /* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */
47 u8 key_2[] = {
48 0x7f, 0x7e, 0x7d, 0x7c, 0x7b, 0x7a, 0x79, 0x78,
49 0x77, 0x76, 0x75, 0x74, 0x73, 0x72, 0x71, 0x70,
50 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
51 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
52 };
53 u8 ad1_2[] = {
54 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
55 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
56 0xde, 0xad, 0xda, 0xda, 0xde, 0xad, 0xda, 0xda,
57 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
58 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00
59 };
60 u8 ad2_2[] = {
61 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80,
62 0x90, 0xa0
63 };
64 u8 nonce_2[] = {
65 0x09, 0xf9, 0x11, 0x02, 0x9d, 0x74, 0xe3, 0x5b,
66 0xd8, 0x41, 0x56, 0xc5, 0x63, 0x56, 0x88, 0xc0
67 };
68 u8 plaintext_2[] = {
69 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
70 0x73, 0x6f, 0x6d, 0x65, 0x20, 0x70, 0x6c, 0x61,
71 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x20, 0x74,
72 0x6f, 0x20, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70,
73 0x74, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x20,
74 0x53, 0x49, 0x56, 0x2d, 0x41, 0x45, 0x53
75 };
76 u8 iv_c_2[] = {
77 0x7b, 0xdb, 0x6e, 0x3b, 0x43, 0x26, 0x67, 0xeb,
78 0x06, 0xf4, 0xd1, 0x4b, 0xff, 0x2f, 0xbd, 0x0f,
79 0xcb, 0x90, 0x0f, 0x2f, 0xdd, 0xbe, 0x40, 0x43,
80 0x26, 0x60, 0x19, 0x65, 0xc8, 0x89, 0xbf, 0x17,
81 0xdb, 0xa7, 0x7c, 0xeb, 0x09, 0x4f, 0xa6, 0x63,
82 0xb7, 0xa3, 0xf7, 0x48, 0xba, 0x8a, 0xf8, 0x29,
83 0xea, 0x64, 0xad, 0x54, 0x4a, 0x27, 0x2e, 0x9c,
84 0x48, 0x5b, 0x62, 0xa3, 0xfd, 0x5c, 0x0d
85 };
86 u8 out[2 * AES_BLOCK_SIZE + sizeof(plaintext_2)];
87 const u8 *addr[3];
88 size_t len[3];
89
90 /* RFC 5297, A.1. Deterministic Authenticated Encryption Example */
91 addr[0] = ad;
92 len[0] = sizeof(ad);
93
94 if (aes_siv_encrypt(key, plaintext, sizeof(plaintext),
95 1, addr, len, out)) {
96 wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed");
97 return 1;
98 }
99 if (os_memcmp(out, iv_c, sizeof(iv_c)) != 0) {
100 wpa_printf(MSG_ERROR,
101 "AES-SIV mode encryption returned invalid cipher text");
102 return 1;
103 }
104
105 if (aes_siv_decrypt(key, iv_c, sizeof(iv_c), 1, addr, len, out)) {
106 wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed");
107 return 1;
108 }
109 if (os_memcmp(out, plaintext, sizeof(plaintext)) != 0) {
110 wpa_printf(MSG_ERROR,
111 "AES-SIV mode decryption returned invalid plain text");
112 return 1;
113 }
114
115 /* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */
116 addr[0] = ad1_2;
117 len[0] = sizeof(ad1_2);
118 addr[1] = ad2_2;
119 len[1] = sizeof(ad2_2);
120 addr[2] = nonce_2;
121 len[2] = sizeof(nonce_2);
122
123 if (aes_siv_encrypt(key_2, plaintext_2, sizeof(plaintext_2),
124 3, addr, len, out)) {
125 wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed");
126 return 1;
127 }
128 if (os_memcmp(out, iv_c_2, sizeof(iv_c_2)) != 0) {
129 wpa_printf(MSG_ERROR,
130 "AES-SIV mode encryption returned invalid cipher text");
131 return 1;
132 }
133
134 if (aes_siv_decrypt(key_2, iv_c_2, sizeof(iv_c_2), 3, addr, len, out)) {
135 wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed");
136 return 1;
137 }
138 if (os_memcmp(out, plaintext_2, sizeof(plaintext_2)) != 0) {
139 wpa_printf(MSG_ERROR,
140 "AES-SIV mode decryption returned invalid plain text");
141 return 1;
142 }
143
144 wpa_printf(MSG_INFO, "AES-SIV test cases passed");
145 #endif /* CONFIG_MESH */
146
147 return 0;
148 }
149
150
151 /* OMAC1 AES-128 test vectors from
152 * http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/omac/omac-ad.pdf
153 * which are same as the examples from NIST SP800-38B
154 * http://csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf
155 */
156
157 struct omac1_test_vector {
158 u8 k[16];
159 u8 msg[64];
160 int msg_len;
161 u8 tag[16];
162 };
163
164 static const struct omac1_test_vector omac1_test_vectors[] =
165 {
166 {
167 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
168 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
169 { },
170 0,
171 { 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
172 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 }
173 },
174 {
175 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
176 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
177 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
178 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a},
179 16,
180 { 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
181 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c }
182 },
183 {
184 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
185 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
186 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
187 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
188 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
189 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
190 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11 },
191 40,
192 { 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
193 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 }
194 },
195 {
196 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
197 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
198 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
199 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
200 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
201 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
202 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
203 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
204 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
205 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 },
206 64,
207 { 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
208 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe }
209 },
210 };
211
212
test_omac1_vector(const struct omac1_test_vector * tv,unsigned int i)213 static int test_omac1_vector(const struct omac1_test_vector *tv,
214 unsigned int i)
215 {
216 u8 key[] = {
217 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
218 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
219 };
220 u8 msg[] = { 0x12, 0x34, 0x56 };
221 u8 result[24], result2[24];
222 const u8 *addr[3];
223 size_t len[3];
224
225 if (omac1_aes_128(tv->k, tv->msg, tv->msg_len, result) ||
226 os_memcmp(result, tv->tag, 16) != 0) {
227 wpa_printf(MSG_ERROR, "OMAC1-AES-128 test vector %u failed", i);
228 return 1;
229 }
230
231 if (tv->msg_len > 1) {
232
233 addr[0] = tv->msg;
234 len[0] = 1;
235 addr[1] = tv->msg + 1;
236 len[1] = tv->msg_len - 1;
237
238 if (omac1_aes_128_vector(tv->k, 2, addr, len, result) ||
239 os_memcmp(result, tv->tag, 16) != 0) {
240 wpa_printf(MSG_ERROR,
241 "OMAC1-AES-128(vector) test vector %u failed",
242 i);
243 return 1;
244 }
245
246 addr[0] = tv->msg;
247 len[0] = tv->msg_len - 2;
248 addr[1] = tv->msg + tv->msg_len - 2;
249 len[1] = 1;
250 addr[2] = tv->msg + tv->msg_len - 1;
251 len[2] = 1;
252
253 if (omac1_aes_128_vector(tv->k, 3, addr, len, result) ||
254 os_memcmp(result, tv->tag, 16) != 0) {
255 wpa_printf(MSG_ERROR,
256 "OMAC1-AES-128(vector2) test vector %u failed",
257 i);
258 return 1;
259 }
260 }
261
262 addr[0] = &msg[0];
263 len[0] = 1;
264 addr[1] = &msg[1];
265 len[1] = 1;
266 addr[2] = &msg[2];
267 len[2] = 1;
268 if (omac1_aes_128(key, msg, sizeof(msg), result) ||
269 omac1_aes_128_vector(key, 3, addr, len, result2) ||
270 os_memcmp(result, result2, 16) != 0) {
271 wpa_printf(MSG_ERROR, "OMAC1-AES-128 short test mismatch");
272 return 1;
273 }
274
275 return 0;
276 }
277
278
test_omac1(void)279 static int test_omac1(void)
280 {
281 unsigned int i;
282
283 for (i = 0; i < ARRAY_SIZE(omac1_test_vectors); i++) {
284 if (test_omac1_vector(&omac1_test_vectors[i], i))
285 return 1;
286 }
287
288 wpa_printf(MSG_INFO, "OMAC1-AES-128 test cases passed");
289
290 return 0;
291 }
292
293
test_eax(void)294 static int test_eax(void)
295 {
296 #ifdef EAP_PSK
297 u8 msg[] = { 0xF7, 0xFB };
298 u8 key[] = { 0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B,
299 0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4 };
300 u8 nonce[] = { 0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84,
301 0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD };
302 u8 hdr[] = { 0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA };
303 u8 cipher[] = { 0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D,
304 0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79,
305 0x67, 0xE5 };
306 u8 data[sizeof(msg)], tag[AES_BLOCK_SIZE];
307
308 os_memcpy(data, msg, sizeof(msg));
309 if (aes_128_eax_encrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
310 data, sizeof(data), tag)) {
311 wpa_printf(MSG_ERROR, "AES-128 EAX mode encryption failed");
312 return 1;
313 }
314 if (os_memcmp(data, cipher, sizeof(data)) != 0) {
315 wpa_printf(MSG_ERROR,
316 "AES-128 EAX mode encryption returned invalid cipher text");
317 return 1;
318 }
319 if (os_memcmp(tag, cipher + sizeof(data), AES_BLOCK_SIZE) != 0) {
320 wpa_printf(MSG_ERROR,
321 "AES-128 EAX mode encryption returned invalid tag");
322 return 1;
323 }
324
325 if (aes_128_eax_decrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
326 data, sizeof(data), tag)) {
327 wpa_printf(MSG_ERROR, "AES-128 EAX mode decryption failed");
328 return 1;
329 }
330 if (os_memcmp(data, msg, sizeof(data)) != 0) {
331 wpa_printf(MSG_ERROR,
332 "AES-128 EAX mode decryption returned invalid plain text");
333 return 1;
334 }
335
336 wpa_printf(MSG_INFO, "AES-128 EAX mode test cases passed");
337 #endif /* EAP_PSK */
338
339 return 0;
340 }
341
342
test_cbc(void)343 static int test_cbc(void)
344 {
345 struct cbc_test_vector {
346 u8 key[16];
347 u8 iv[16];
348 u8 plain[32];
349 u8 cipher[32];
350 size_t len;
351 } vectors[] = {
352 {
353 { 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b,
354 0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 },
355 { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30,
356 0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 },
357 "Single block msg",
358 { 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8,
359 0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a },
360 16
361 },
362 {
363 { 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0,
364 0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a },
365 { 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28,
366 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 },
367 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
368 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
369 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
370 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
371 { 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a,
372 0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a,
373 0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9,
374 0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 },
375 32
376 }
377 };
378 int ret = 0;
379 u8 *buf;
380 unsigned int i;
381
382 for (i = 0; i < ARRAY_SIZE(vectors); i++) {
383 struct cbc_test_vector *tv = &vectors[i];
384
385 buf = os_malloc(tv->len);
386 if (buf == NULL) {
387 ret++;
388 break;
389 }
390
391 os_memcpy(buf, tv->plain, tv->len);
392 if (aes_128_cbc_encrypt(tv->key, tv->iv, buf, tv->len) ||
393 os_memcmp(buf, tv->cipher, tv->len) != 0) {
394 wpa_printf(MSG_ERROR, "AES-CBC encrypt %d failed", i);
395 ret++;
396 }
397
398 os_memcpy(buf, tv->cipher, tv->len);
399 if (aes_128_cbc_decrypt(tv->key, tv->iv, buf, tv->len) ||
400 os_memcmp(buf, tv->plain, tv->len) != 0) {
401 wpa_printf(MSG_ERROR, "AES-CBC decrypt %d failed", i);
402 ret++;
403 }
404
405 os_free(buf);
406 }
407
408 return ret;
409 }
410
411
test_ecb(void)412 static int test_ecb(void)
413 {
414 #ifdef EAP_PSK
415 struct ecb_test_vector {
416 char *key;
417 char *plaintext;
418 char *ciphertext;
419 } vectors[] = {
420 /* CAVS 11.1 - ECBGFSbox128.rsp */
421 {
422 "00000000000000000000000000000000",
423 "f34481ec3cc627bacd5dc3fb08f273e6",
424 "0336763e966d92595a567cc9ce537f5e"
425 },
426 {
427 "00000000000000000000000000000000",
428 "9798c4640bad75c7c3227db910174e72",
429 "a9a1631bf4996954ebc093957b234589"
430 },
431 {
432 "00000000000000000000000000000000",
433 "96ab5c2ff612d9dfaae8c31f30c42168",
434 "ff4f8391a6a40ca5b25d23bedd44a597"
435 },
436 {
437 "00000000000000000000000000000000",
438 "6a118a874519e64e9963798a503f1d35",
439 "dc43be40be0e53712f7e2bf5ca707209"
440 },
441 {
442 "00000000000000000000000000000000",
443 "cb9fceec81286ca3e989bd979b0cb284",
444 "92beedab1895a94faa69b632e5cc47ce"
445 },
446 {
447 "00000000000000000000000000000000",
448 "b26aeb1874e47ca8358ff22378f09144",
449 "459264f4798f6a78bacb89c15ed3d601"
450 },
451 {
452 "00000000000000000000000000000000",
453 "58c8e00b2631686d54eab84b91f0aca1",
454 "08a4e2efec8a8e3312ca7460b9040bbf"
455 },
456 /* CAVS 11.1 - ECBKeySbox128.rsp */
457 {
458 "10a58869d74be5a374cf867cfb473859",
459 "00000000000000000000000000000000",
460 "6d251e6944b051e04eaa6fb4dbf78465"
461 },
462 {
463 "caea65cdbb75e9169ecd22ebe6e54675",
464 "00000000000000000000000000000000",
465 "6e29201190152df4ee058139def610bb",
466 }
467 };
468 int ret = 0;
469 unsigned int i;
470 u8 key[16], plain[16], cipher[16], out[16];
471
472 for (i = 0; i < ARRAY_SIZE(vectors); i++) {
473 struct ecb_test_vector *tv = &vectors[i];
474
475 if (hexstr2bin(tv->key, key, sizeof(key)) ||
476 hexstr2bin(tv->plaintext, plain, sizeof(plain)) ||
477 hexstr2bin(tv->ciphertext, cipher, sizeof(cipher))) {
478 wpa_printf(MSG_ERROR, "Invalid AES-ECB test vector %u",
479 i);
480 ret++;
481 continue;
482 }
483
484 if (aes_128_encrypt_block(key, plain, out) < 0 ||
485 os_memcmp(out, cipher, 16) != 0) {
486 wpa_printf(MSG_ERROR, "AES-ECB encrypt %u failed", i);
487 ret++;
488 }
489 }
490
491 if (!ret)
492 wpa_printf(MSG_INFO, "AES ECB mode test cases passed");
493
494 return ret;
495 #endif /* EAP_PSK */
496
497 return 0;
498 }
499
500
test_key_wrap(void)501 static int test_key_wrap(void)
502 {
503 int ret = 0;
504
505 /* RFC 3394 - Test vector 4.1 */
506 u8 kek41[] = {
507 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
508 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
509 };
510 u8 plain41[] = {
511 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
512 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
513 };
514 u8 crypt41[] = {
515 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
516 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
517 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5
518 };
519 /* RFC 3394 - Test vector 4.2 */
520 u8 kek42[] = {
521 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
522 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
523 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
524 };
525 u8 plain42[] = {
526 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
527 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
528 };
529 u8 crypt42[] = {
530 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35,
531 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2,
532 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D
533 };
534 /* RFC 3394 - Test vector 4.3 */
535 u8 kek43[] = {
536 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
537 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
538 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
539 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
540 };
541 u8 plain43[] = {
542 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
543 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
544 };
545 u8 crypt43[] = {
546 0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2,
547 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A,
548 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7,
549 };
550 /* RFC 3394 - Test vector 4.4 */
551 u8 kek44[] = {
552 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
553 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
554 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
555 };
556 u8 plain44[] = {
557 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
558 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
559 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
560 };
561 u8 crypt44[] = {
562 0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32,
563 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC,
564 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93,
565 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2
566 };
567 /* RFC 3394 - Test vector 4.5 */
568 u8 kek45[] = {
569 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
570 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
571 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
572 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
573 };
574 u8 plain45[] = {
575 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
576 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
577 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
578 };
579 u8 crypt45[] = {
580 0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F,
581 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4,
582 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95,
583 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1,
584 };
585 /* RFC 3394 - Test vector 4.6 */
586 u8 kek46[] = {
587 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
588 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
589 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
590 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
591 };
592 u8 plain46[] = {
593 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
594 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
595 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
596 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
597 };
598 u8 crypt46[] = {
599 0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4,
600 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26,
601 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26,
602 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B,
603 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21
604 };
605 u8 result[40];
606
607 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.1");
608 if (aes_wrap(kek41, sizeof(kek41), sizeof(plain41) / 8, plain41,
609 result)) {
610 wpa_printf(MSG_ERROR, "AES-WRAP-128 reported failure");
611 ret++;
612 }
613 if (os_memcmp(result, crypt41, sizeof(crypt41)) != 0) {
614 wpa_printf(MSG_ERROR, "AES-WRAP-128 failed");
615 ret++;
616 }
617 if (aes_unwrap(kek41, sizeof(kek41), sizeof(plain41) / 8, crypt41,
618 result)) {
619 wpa_printf(MSG_ERROR, "AES-UNWRAP-128 reported failure");
620 ret++;
621 }
622 if (os_memcmp(result, plain41, sizeof(plain41)) != 0) {
623 wpa_printf(MSG_ERROR, "AES-UNWRAP-128 failed");
624 ret++;
625 }
626
627 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.2");
628 if (aes_wrap(kek42, sizeof(kek42), sizeof(plain42) / 8, plain42,
629 result)) {
630 wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure");
631 ret++;
632 }
633 if (os_memcmp(result, crypt42, sizeof(crypt42)) != 0) {
634 wpa_printf(MSG_ERROR, "AES-WRAP-192 failed");
635 ret++;
636 }
637 if (aes_unwrap(kek42, sizeof(kek42), sizeof(plain42) / 8, crypt42,
638 result)) {
639 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure");
640 ret++;
641 }
642 if (os_memcmp(result, plain42, sizeof(plain42)) != 0) {
643 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed");
644 ret++;
645 }
646
647 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.3");
648 if (aes_wrap(kek43, sizeof(kek43), sizeof(plain43) / 8, plain43,
649 result)) {
650 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure");
651 ret++;
652 }
653 if (os_memcmp(result, crypt43, sizeof(crypt43)) != 0) {
654 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed");
655 ret++;
656 }
657 if (aes_unwrap(kek43, sizeof(kek43), sizeof(plain43) / 8, crypt43,
658 result)) {
659 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure");
660 ret++;
661 }
662 if (os_memcmp(result, plain43, sizeof(plain43)) != 0) {
663 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed");
664 ret++;
665 }
666
667 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.4");
668 if (aes_wrap(kek44, sizeof(kek44), sizeof(plain44) / 8, plain44,
669 result)) {
670 wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure");
671 ret++;
672 }
673 if (os_memcmp(result, crypt44, sizeof(crypt44)) != 0) {
674 wpa_printf(MSG_ERROR, "AES-WRAP-192 failed");
675 ret++;
676 }
677 if (aes_unwrap(kek44, sizeof(kek44), sizeof(plain44) / 8, crypt44,
678 result)) {
679 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure");
680 ret++;
681 }
682 if (os_memcmp(result, plain44, sizeof(plain44)) != 0) {
683 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed");
684 ret++;
685 }
686
687 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.5");
688 if (aes_wrap(kek45, sizeof(kek45), sizeof(plain45) / 8, plain45,
689 result)) {
690 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure");
691 ret++;
692 }
693 if (os_memcmp(result, crypt45, sizeof(crypt45)) != 0) {
694 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed");
695 ret++;
696 }
697 if (aes_unwrap(kek45, sizeof(kek45), sizeof(plain45) / 8, crypt45,
698 result)) {
699 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure");
700 ret++;
701 }
702 if (os_memcmp(result, plain45, sizeof(plain45)) != 0) {
703 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed");
704 ret++;
705 }
706
707 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.6");
708 if (aes_wrap(kek46, sizeof(kek46), sizeof(plain46) / 8, plain46,
709 result)) {
710 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure");
711 ret++;
712 }
713 if (os_memcmp(result, crypt46, sizeof(crypt46)) != 0) {
714 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed");
715 ret++;
716 }
717 if (aes_unwrap(kek46, sizeof(kek46), sizeof(plain46) / 8, crypt46,
718 result)) {
719 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure");
720 ret++;
721 }
722 if (os_memcmp(result, plain46, sizeof(plain46)) != 0) {
723 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed");
724 ret++;
725 }
726
727 if (!ret)
728 wpa_printf(MSG_INFO, "AES key wrap/unwrap test cases passed");
729
730 return ret;
731 }
732
733
test_md5(void)734 static int test_md5(void)
735 {
736 struct {
737 char *data;
738 char *hash;
739 } tests[] = {
740 {
741 "",
742 "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04"
743 "\xe9\x80\x09\x98\xec\xf8\x42\x7e"
744 },
745 {
746 "a",
747 "\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8"
748 "\x31\xc3\x99\xe2\x69\x77\x26\x61"
749 },
750 {
751 "abc",
752 "\x90\x01\x50\x98\x3c\xd2\x4f\xb0"
753 "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72"
754 },
755 {
756 "message digest",
757 "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d"
758 "\x52\x5a\x2f\x31\xaa\xf1\x61\xd0"
759 },
760 {
761 "abcdefghijklmnopqrstuvwxyz",
762 "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00"
763 "\x7d\xfb\x49\x6c\xca\x67\xe1\x3b"
764 },
765 {
766 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
767 "0123456789",
768 "\xd1\x74\xab\x98\xd2\x77\xd9\xf5"
769 "\xa5\x61\x1c\x2c\x9f\x41\x9d\x9f"
770 },
771 {
772 "12345678901234567890123456789012345678901234567890"
773 "123456789012345678901234567890",
774 "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55"
775 "\xac\x49\xda\x2e\x21\x07\xb6\x7a"
776 }
777 };
778 unsigned int i;
779 u8 hash[16];
780 const u8 *addr[2];
781 size_t len[2];
782 int errors = 0;
783
784 for (i = 0; i < ARRAY_SIZE(tests); i++) {
785 wpa_printf(MSG_INFO, "MD5 test case %d", i);
786
787 addr[0] = (u8 *) tests[i].data;
788 len[0] = strlen(tests[i].data);
789 if (md5_vector(1, addr, len, hash) < 0 ||
790 os_memcmp(hash, tests[i].hash, 16) != 0) {
791 wpa_printf(MSG_INFO, " FAIL");
792 errors++;
793 } else
794 wpa_printf(MSG_INFO, " OK");
795
796 if (len[0]) {
797 addr[0] = (u8 *) tests[i].data;
798 len[0] = strlen(tests[i].data);
799 addr[1] = (u8 *) tests[i].data + 1;
800 len[1] = strlen(tests[i].data) - 1;
801 if (md5_vector(1, addr, len, hash) < 0 ||
802 os_memcmp(hash, tests[i].hash, 16) != 0) {
803 wpa_printf(MSG_INFO, " FAIL");
804 errors++;
805 } else
806 wpa_printf(MSG_INFO, " OK");
807 }
808 }
809
810 if (!errors)
811 wpa_printf(MSG_INFO, "MD5 test cases passed");
812
813 return errors;
814 }
815
816
test_eap_fast(void)817 static int test_eap_fast(void)
818 {
819 #ifdef EAP_FAST
820 /* RFC 4851, Appendix B.1 */
821 const u8 pac_key[] = {
822 0x0B, 0x97, 0x39, 0x0F, 0x37, 0x51, 0x78, 0x09,
823 0x81, 0x1E, 0xFD, 0x9C, 0x6E, 0x65, 0x94, 0x2B,
824 0x63, 0x2C, 0xE9, 0x53, 0x89, 0x38, 0x08, 0xBA,
825 0x36, 0x0B, 0x03, 0x7C, 0xD1, 0x85, 0xE4, 0x14
826 };
827 const u8 seed[] = {
828 0x3F, 0xFB, 0x11, 0xC4, 0x6C, 0xBF, 0xA5, 0x7A,
829 0x54, 0x40, 0xDA, 0xE8, 0x22, 0xD3, 0x11, 0xD3,
830 0xF7, 0x6D, 0xE4, 0x1D, 0xD9, 0x33, 0xE5, 0x93,
831 0x70, 0x97, 0xEB, 0xA9, 0xB3, 0x66, 0xF4, 0x2A,
832 0x00, 0x00, 0x00, 0x02, 0x6A, 0x66, 0x43, 0x2A,
833 0x8D, 0x14, 0x43, 0x2C, 0xEC, 0x58, 0x2D, 0x2F,
834 0xC7, 0x9C, 0x33, 0x64, 0xBA, 0x04, 0xAD, 0x3A,
835 0x52, 0x54, 0xD6, 0xA5, 0x79, 0xAD, 0x1E, 0x00
836 };
837 const u8 master_secret[] = {
838 0x4A, 0x1A, 0x51, 0x2C, 0x01, 0x60, 0xBC, 0x02,
839 0x3C, 0xCF, 0xBC, 0x83, 0x3F, 0x03, 0xBC, 0x64,
840 0x88, 0xC1, 0x31, 0x2F, 0x0B, 0xA9, 0xA2, 0x77,
841 0x16, 0xA8, 0xD8, 0xE8, 0xBD, 0xC9, 0xD2, 0x29,
842 0x38, 0x4B, 0x7A, 0x85, 0xBE, 0x16, 0x4D, 0x27,
843 0x33, 0xD5, 0x24, 0x79, 0x87, 0xB1, 0xC5, 0xA2
844 };
845 const u8 key_block[] = {
846 0x59, 0x59, 0xBE, 0x8E, 0x41, 0x3A, 0x77, 0x74,
847 0x8B, 0xB2, 0xE5, 0xD3, 0x60, 0xAC, 0x4D, 0x35,
848 0xDF, 0xFB, 0xC8, 0x1E, 0x9C, 0x24, 0x9C, 0x8B,
849 0x0E, 0xC3, 0x1D, 0x72, 0xC8, 0x84, 0x9D, 0x57,
850 0x48, 0x51, 0x2E, 0x45, 0x97, 0x6C, 0x88, 0x70,
851 0xBE, 0x5F, 0x01, 0xD3, 0x64, 0xE7, 0x4C, 0xBB,
852 0x11, 0x24, 0xE3, 0x49, 0xE2, 0x3B, 0xCD, 0xEF,
853 0x7A, 0xB3, 0x05, 0x39, 0x5D, 0x64, 0x8A, 0x44,
854 0x11, 0xB6, 0x69, 0x88, 0x34, 0x2E, 0x8E, 0x29,
855 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05,
856 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96,
857 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84,
858 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98,
859 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71
860 };
861 const u8 sks[] = {
862 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05,
863 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96,
864 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84,
865 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98,
866 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71
867 };
868 const u8 isk[] = {
869 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
870 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
871 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
872 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
873 };
874 const u8 imck[] = {
875 0x16, 0x15, 0x3C, 0x3F, 0x21, 0x55, 0xEF, 0xD9,
876 0x7F, 0x34, 0xAE, 0xC8, 0x1A, 0x4E, 0x66, 0x80,
877 0x4C, 0xC3, 0x76, 0xF2, 0x8A, 0xA9, 0x6F, 0x96,
878 0xC2, 0x54, 0x5F, 0x8C, 0xAB, 0x65, 0x02, 0xE1,
879 0x18, 0x40, 0x7B, 0x56, 0xBE, 0xEA, 0xA7, 0xC5,
880 0x76, 0x5D, 0x8F, 0x0B, 0xC5, 0x07, 0xC6, 0xB9,
881 0x04, 0xD0, 0x69, 0x56, 0x72, 0x8B, 0x6B, 0xB8,
882 0x15, 0xEC, 0x57, 0x7B
883 };
884 const u8 msk[] = {
885 0x4D, 0x83, 0xA9, 0xBE, 0x6F, 0x8A, 0x74, 0xED,
886 0x6A, 0x02, 0x66, 0x0A, 0x63, 0x4D, 0x2C, 0x33,
887 0xC2, 0xDA, 0x60, 0x15, 0xC6, 0x37, 0x04, 0x51,
888 0x90, 0x38, 0x63, 0xDA, 0x54, 0x3E, 0x14, 0xB9,
889 0x27, 0x99, 0x18, 0x1E, 0x07, 0xBF, 0x0F, 0x5A,
890 0x5E, 0x3C, 0x32, 0x93, 0x80, 0x8C, 0x6C, 0x49,
891 0x67, 0xED, 0x24, 0xFE, 0x45, 0x40, 0xA0, 0x59,
892 0x5E, 0x37, 0xC2, 0xE9, 0xD0, 0x5D, 0x0A, 0xE3
893 };
894 const u8 emsk[] = {
895 0x3A, 0xD4, 0xAB, 0xDB, 0x76, 0xB2, 0x7F, 0x3B,
896 0xEA, 0x32, 0x2C, 0x2B, 0x74, 0xF4, 0x28, 0x55,
897 0xEF, 0x2D, 0xBA, 0x78, 0xC9, 0x57, 0x2F, 0x0D,
898 0x06, 0xCD, 0x51, 0x7C, 0x20, 0x93, 0x98, 0xA9,
899 0x76, 0xEA, 0x70, 0x21, 0xD7, 0x0E, 0x25, 0x54,
900 0x97, 0xED, 0xB2, 0x8A, 0xF6, 0xED, 0xFD, 0x0A,
901 0x2A, 0xE7, 0xA1, 0x58, 0x90, 0x10, 0x50, 0x44,
902 0xB3, 0x82, 0x85, 0xDB, 0x06, 0x14, 0xD2, 0xF9
903 };
904 /* RFC 4851, Appendix B.2 */
905 u8 tlv[] = {
906 0x80, 0x0C, 0x00, 0x38, 0x00, 0x01, 0x01, 0x00,
907 0xD8, 0x6A, 0x8C, 0x68, 0x3C, 0x32, 0x31, 0xA8,
908 0x56, 0x63, 0xB6, 0x40, 0x21, 0xFE, 0x21, 0x14,
909 0x4E, 0xE7, 0x54, 0x20, 0x79, 0x2D, 0x42, 0x62,
910 0xC9, 0xBF, 0x53, 0x7F, 0x54, 0xFD, 0xAC, 0x58,
911 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF,
912 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC,
913 0x05, 0xC5, 0x5B, 0xB7
914 };
915 const u8 compound_mac[] = {
916 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF,
917 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC,
918 0x05, 0xC5, 0x5B, 0xB7
919 };
920 u8 buf[512];
921 const u8 *simck, *cmk;
922 int errors = 0;
923
924 wpa_printf(MSG_INFO, "EAP-FAST test cases");
925
926 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / master_secret");
927 if (sha1_t_prf(pac_key, sizeof(pac_key),
928 "PAC to master secret label hash",
929 seed, sizeof(seed), buf, sizeof(master_secret)) < 0 ||
930 os_memcmp(master_secret, buf, sizeof(master_secret)) != 0) {
931 wpa_printf(MSG_INFO, "T-PRF test - FAILED!");
932 errors++;
933 }
934
935 wpa_printf(MSG_INFO, "- PRF (TLS, SHA1/MD5) test case / key_block");
936 if (tls_prf_sha1_md5(master_secret, sizeof(master_secret),
937 "key expansion", seed, sizeof(seed),
938 buf, sizeof(key_block)) ||
939 os_memcmp(key_block, buf, sizeof(key_block)) != 0) {
940 wpa_printf(MSG_INFO, "PRF test - FAILED!");
941 errors++;
942 }
943
944 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / IMCK");
945 if (sha1_t_prf(sks, sizeof(sks), "Inner Methods Compound Keys",
946 isk, sizeof(isk), buf, sizeof(imck)) < 0 ||
947 os_memcmp(imck, buf, sizeof(imck)) != 0) {
948 wpa_printf(MSG_INFO, "T-PRF test - FAILED!");
949 errors++;
950 }
951
952 simck = imck;
953 cmk = imck + 40;
954
955 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / MSK");
956 if (sha1_t_prf(simck, 40, "Session Key Generating Function",
957 (u8 *) "", 0, buf, sizeof(msk)) < 0 ||
958 os_memcmp(msk, buf, sizeof(msk)) != 0) {
959 wpa_printf(MSG_INFO, "T-PRF test - FAILED!");
960 errors++;
961 }
962
963 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / EMSK");
964 if (sha1_t_prf(simck, 40, "Extended Session Key Generating Function",
965 (u8 *) "", 0, buf, sizeof(msk)) < 0 ||
966 os_memcmp(emsk, buf, sizeof(emsk)) != 0) {
967 wpa_printf(MSG_INFO, "T-PRF test - FAILED!");
968 errors++;
969 }
970
971 wpa_printf(MSG_INFO, "- Compound MAC test case");
972 os_memset(tlv + sizeof(tlv) - 20, 0, 20);
973 if (hmac_sha1(cmk, 20, tlv, sizeof(tlv), tlv + sizeof(tlv) - 20) < 0 ||
974 os_memcmp(tlv + sizeof(tlv) - 20, compound_mac,
975 sizeof(compound_mac)) != 0) {
976 wpa_printf(MSG_INFO, "Compound MAC test - FAILED!");
977 errors++;
978 }
979
980 return errors;
981 #else /* EAP_FAST */
982 return 0;
983 #endif /* EAP_FAST */
984 }
985
986
987 static const u8 key0[] =
988 {
989 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
990 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
991 0x0b, 0x0b, 0x0b, 0x0b
992 };
993 static const u8 data0[] = "Hi There";
994 static const u8 prf0[] =
995 {
996 0xbc, 0xd4, 0xc6, 0x50, 0xb3, 0x0b, 0x96, 0x84,
997 0x95, 0x18, 0x29, 0xe0, 0xd7, 0x5f, 0x9d, 0x54,
998 0xb8, 0x62, 0x17, 0x5e, 0xd9, 0xf0, 0x06, 0x06,
999 0xe1, 0x7d, 0x8d, 0xa3, 0x54, 0x02, 0xff, 0xee,
1000 0x75, 0xdf, 0x78, 0xc3, 0xd3, 0x1e, 0x0f, 0x88,
1001 0x9f, 0x01, 0x21, 0x20, 0xc0, 0x86, 0x2b, 0xeb,
1002 0x67, 0x75, 0x3e, 0x74, 0x39, 0xae, 0x24, 0x2e,
1003 0xdb, 0x83, 0x73, 0x69, 0x83, 0x56, 0xcf, 0x5a
1004 };
1005
1006 static const u8 key1[] = "Jefe";
1007 static const u8 data1[] = "what do ya want for nothing?";
1008 static const u8 prf1[] =
1009 {
1010 0x51, 0xf4, 0xde, 0x5b, 0x33, 0xf2, 0x49, 0xad,
1011 0xf8, 0x1a, 0xeb, 0x71, 0x3a, 0x3c, 0x20, 0xf4,
1012 0xfe, 0x63, 0x14, 0x46, 0xfa, 0xbd, 0xfa, 0x58,
1013 0x24, 0x47, 0x59, 0xae, 0x58, 0xef, 0x90, 0x09,
1014 0xa9, 0x9a, 0xbf, 0x4e, 0xac, 0x2c, 0xa5, 0xfa,
1015 0x87, 0xe6, 0x92, 0xc4, 0x40, 0xeb, 0x40, 0x02,
1016 0x3e, 0x7b, 0xab, 0xb2, 0x06, 0xd6, 0x1d, 0xe7,
1017 0xb9, 0x2f, 0x41, 0x52, 0x90, 0x92, 0xb8, 0xfc
1018 };
1019
1020
1021 static const u8 key2[] =
1022 {
1023 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1024 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1025 0xaa, 0xaa, 0xaa, 0xaa
1026 };
1027 static const u8 data2[] =
1028 {
1029 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1030 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1031 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1032 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1033 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1034 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1035 0xdd, 0xdd
1036 };
1037 static const u8 prf2[] =
1038 {
1039 0xe1, 0xac, 0x54, 0x6e, 0xc4, 0xcb, 0x63, 0x6f,
1040 0x99, 0x76, 0x48, 0x7b, 0xe5, 0xc8, 0x6b, 0xe1,
1041 0x7a, 0x02, 0x52, 0xca, 0x5d, 0x8d, 0x8d, 0xf1,
1042 0x2c, 0xfb, 0x04, 0x73, 0x52, 0x52, 0x49, 0xce,
1043 0x9d, 0xd8, 0xd1, 0x77, 0xea, 0xd7, 0x10, 0xbc,
1044 0x9b, 0x59, 0x05, 0x47, 0x23, 0x91, 0x07, 0xae,
1045 0xf7, 0xb4, 0xab, 0xd4, 0x3d, 0x87, 0xf0, 0xa6,
1046 0x8f, 0x1c, 0xbd, 0x9e, 0x2b, 0x6f, 0x76, 0x07
1047 };
1048
1049
1050 struct passphrase_test {
1051 char *passphrase;
1052 char *ssid;
1053 char psk[32];
1054 };
1055
1056 static const struct passphrase_test passphrase_tests[] =
1057 {
1058 {
1059 "password",
1060 "IEEE",
1061 {
1062 0xf4, 0x2c, 0x6f, 0xc5, 0x2d, 0xf0, 0xeb, 0xef,
1063 0x9e, 0xbb, 0x4b, 0x90, 0xb3, 0x8a, 0x5f, 0x90,
1064 0x2e, 0x83, 0xfe, 0x1b, 0x13, 0x5a, 0x70, 0xe2,
1065 0x3a, 0xed, 0x76, 0x2e, 0x97, 0x10, 0xa1, 0x2e
1066 }
1067 },
1068 {
1069 "ThisIsAPassword",
1070 "ThisIsASSID",
1071 {
1072 0x0d, 0xc0, 0xd6, 0xeb, 0x90, 0x55, 0x5e, 0xd6,
1073 0x41, 0x97, 0x56, 0xb9, 0xa1, 0x5e, 0xc3, 0xe3,
1074 0x20, 0x9b, 0x63, 0xdf, 0x70, 0x7d, 0xd5, 0x08,
1075 0xd1, 0x45, 0x81, 0xf8, 0x98, 0x27, 0x21, 0xaf
1076 }
1077 },
1078 {
1079 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
1080 "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ",
1081 {
1082 0xbe, 0xcb, 0x93, 0x86, 0x6b, 0xb8, 0xc3, 0x83,
1083 0x2c, 0xb7, 0x77, 0xc2, 0xf5, 0x59, 0x80, 0x7c,
1084 0x8c, 0x59, 0xaf, 0xcb, 0x6e, 0xae, 0x73, 0x48,
1085 0x85, 0x00, 0x13, 0x00, 0xa9, 0x81, 0xcc, 0x62
1086 }
1087 },
1088 };
1089
1090 #define NUM_PASSPHRASE_TESTS ARRAY_SIZE(passphrase_tests)
1091
1092
1093 struct rfc6070_test {
1094 char *p;
1095 char *s;
1096 int c;
1097 char dk[32];
1098 size_t dk_len;
1099 };
1100
1101 static const struct rfc6070_test rfc6070_tests[] =
1102 {
1103 {
1104 "password",
1105 "salt",
1106 1,
1107 {
1108 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
1109 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06,
1110 0x2f, 0xe0, 0x37, 0xa6
1111 },
1112 20
1113 },
1114 {
1115 "password",
1116 "salt",
1117 2,
1118 {
1119 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c,
1120 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0,
1121 0xd8, 0xde, 0x89, 0x57
1122 },
1123 20
1124 },
1125 {
1126 "password",
1127 "salt",
1128 4096,
1129 {
1130 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a,
1131 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0,
1132 0x65, 0xa4, 0x29, 0xc1
1133 },
1134 20
1135 },
1136 #if 0 /* This takes quite long to derive.. */
1137 {
1138 "password",
1139 "salt",
1140 16777216,
1141 {
1142 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4,
1143 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c,
1144 0x26, 0x34, 0xe9, 0x84
1145 },
1146 20
1147 },
1148 #endif
1149 {
1150 "passwordPASSWORDpassword",
1151 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
1152 4096,
1153 {
1154 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b,
1155 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a,
1156 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70,
1157 0x38
1158 },
1159 25
1160 },
1161 #if 0 /* \0 not currently supported in passphrase parameters.. */
1162 {
1163 "pass\0word",
1164 "sa\0lt",
1165 4096,
1166 {
1167 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d,
1168 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3
1169 },
1170 16
1171 },
1172 #endif
1173 };
1174
1175 #define NUM_RFC6070_TESTS ARRAY_SIZE(rfc6070_tests)
1176
1177
test_sha1(void)1178 static int test_sha1(void)
1179 {
1180 u8 res[512];
1181 int ret = 0;
1182 unsigned int i;
1183
1184 wpa_printf(MSG_INFO, "PRF-SHA1 test cases:");
1185
1186 if (sha1_prf(key0, sizeof(key0), "prefix", data0, sizeof(data0) - 1,
1187 res, sizeof(prf0)) == 0 &&
1188 os_memcmp(res, prf0, sizeof(prf0)) == 0)
1189 wpa_printf(MSG_INFO, "Test case 0 - OK");
1190 else {
1191 wpa_printf(MSG_INFO, "Test case 0 - FAILED!");
1192 ret++;
1193 }
1194
1195 if (sha1_prf(key1, sizeof(key1) - 1, "prefix", data1, sizeof(data1) - 1,
1196 res, sizeof(prf1)) == 0 &&
1197 os_memcmp(res, prf1, sizeof(prf1)) == 0)
1198 wpa_printf(MSG_INFO, "Test case 1 - OK");
1199 else {
1200 wpa_printf(MSG_INFO, "Test case 1 - FAILED!");
1201 ret++;
1202 }
1203
1204 if (sha1_prf(key2, sizeof(key2), "prefix", data2, sizeof(data2),
1205 res, sizeof(prf2)) == 0 &&
1206 os_memcmp(res, prf2, sizeof(prf2)) == 0)
1207 wpa_printf(MSG_INFO, "Test case 2 - OK");
1208 else {
1209 wpa_printf(MSG_INFO, "Test case 2 - FAILED!");
1210 ret++;
1211 }
1212
1213 ret += test_eap_fast();
1214
1215 wpa_printf(MSG_INFO, "PBKDF2-SHA1 Passphrase test cases:");
1216 for (i = 0; i < NUM_PASSPHRASE_TESTS; i++) {
1217 u8 psk[32];
1218 const struct passphrase_test *test = &passphrase_tests[i];
1219
1220 if (pbkdf2_sha1(test->passphrase,
1221 (const u8 *) test->ssid, strlen(test->ssid),
1222 4096, psk, 32) == 0 &&
1223 os_memcmp(psk, test->psk, 32) == 0)
1224 wpa_printf(MSG_INFO, "Test case %d - OK", i);
1225 else {
1226 wpa_printf(MSG_INFO, "Test case %d - FAILED!", i);
1227 ret++;
1228 }
1229 }
1230
1231 wpa_printf(MSG_INFO, "PBKDF2-SHA1 test cases (RFC 6070):");
1232 for (i = 0; i < NUM_RFC6070_TESTS; i++) {
1233 u8 dk[25];
1234 const struct rfc6070_test *test = &rfc6070_tests[i];
1235
1236 if (pbkdf2_sha1(test->p, (const u8 *) test->s, strlen(test->s),
1237 test->c, dk, test->dk_len) == 0 &&
1238 os_memcmp(dk, test->dk, test->dk_len) == 0)
1239 wpa_printf(MSG_INFO, "Test case %d - OK", i);
1240 else {
1241 wpa_printf(MSG_INFO, "Test case %d - FAILED!", i);
1242 ret++;
1243 }
1244 }
1245
1246 if (!ret)
1247 wpa_printf(MSG_INFO, "SHA1 test cases passed");
1248 return ret;
1249 }
1250
1251
1252 const struct {
1253 char *data;
1254 u8 hash[32];
1255 } tests[] = {
1256 {
1257 "abc",
1258 {
1259 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea,
1260 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
1261 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
1262 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad
1263 }
1264 },
1265 {
1266 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
1267 {
1268 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8,
1269 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39,
1270 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67,
1271 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1
1272 }
1273 }
1274 };
1275
1276 const struct hmac_test {
1277 u8 key[80];
1278 size_t key_len;
1279 u8 data[128];
1280 size_t data_len;
1281 u8 hash[32];
1282 } hmac_tests[] = {
1283 /* draft-ietf-ipsec-ciph-sha-256-01.txt */
1284 {
1285 {
1286 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
1287 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
1288 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
1289 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20
1290 },
1291 32,
1292 "abc", 3,
1293 {
1294 0xa2, 0x1b, 0x1f, 0x5d, 0x4c, 0xf4, 0xf7, 0x3a,
1295 0x4d, 0xd9, 0x39, 0x75, 0x0f, 0x7a, 0x06, 0x6a,
1296 0x7f, 0x98, 0xcc, 0x13, 0x1c, 0xb1, 0x6a, 0x66,
1297 0x92, 0x75, 0x90, 0x21, 0xcf, 0xab, 0x81, 0x81
1298 }
1299 },
1300 {
1301 {
1302 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
1303 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
1304 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
1305 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20
1306 },
1307 32,
1308 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
1309 56,
1310 {
1311 0x10, 0x4f, 0xdc, 0x12, 0x57, 0x32, 0x8f, 0x08,
1312 0x18, 0x4b, 0xa7, 0x31, 0x31, 0xc5, 0x3c, 0xae,
1313 0xe6, 0x98, 0xe3, 0x61, 0x19, 0x42, 0x11, 0x49,
1314 0xea, 0x8c, 0x71, 0x24, 0x56, 0x69, 0x7d, 0x30
1315 }
1316 },
1317 {
1318 {
1319 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
1320 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
1321 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
1322 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20
1323 },
1324 32,
1325 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
1326 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
1327 112,
1328 {
1329 0x47, 0x03, 0x05, 0xfc, 0x7e, 0x40, 0xfe, 0x34,
1330 0xd3, 0xee, 0xb3, 0xe7, 0x73, 0xd9, 0x5a, 0xab,
1331 0x73, 0xac, 0xf0, 0xfd, 0x06, 0x04, 0x47, 0xa5,
1332 0xeb, 0x45, 0x95, 0xbf, 0x33, 0xa9, 0xd1, 0xa3
1333 }
1334 },
1335 {
1336 {
1337 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1338 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1339 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1340 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b
1341 },
1342 32,
1343 "Hi There",
1344 8,
1345 {
1346 0x19, 0x8a, 0x60, 0x7e, 0xb4, 0x4b, 0xfb, 0xc6,
1347 0x99, 0x03, 0xa0, 0xf1, 0xcf, 0x2b, 0xbd, 0xc5,
1348 0xba, 0x0a, 0xa3, 0xf3, 0xd9, 0xae, 0x3c, 0x1c,
1349 0x7a, 0x3b, 0x16, 0x96, 0xa0, 0xb6, 0x8c, 0xf7
1350 }
1351 },
1352 {
1353 "Jefe",
1354 4,
1355 "what do ya want for nothing?",
1356 28,
1357 {
1358 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e,
1359 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7,
1360 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83,
1361 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43
1362 }
1363 },
1364 {
1365 {
1366 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1367 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1368 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1369 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
1370 },
1371 32,
1372 {
1373 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1374 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1375 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1376 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1377 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1378 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1379 0xdd, 0xdd
1380 },
1381 50,
1382 {
1383 0xcd, 0xcb, 0x12, 0x20, 0xd1, 0xec, 0xcc, 0xea,
1384 0x91, 0xe5, 0x3a, 0xba, 0x30, 0x92, 0xf9, 0x62,
1385 0xe5, 0x49, 0xfe, 0x6c, 0xe9, 0xed, 0x7f, 0xdc,
1386 0x43, 0x19, 0x1f, 0xbd, 0xe4, 0x5c, 0x30, 0xb0
1387 }
1388 },
1389 {
1390 {
1391 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
1392 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
1393 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
1394 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
1395 0x21, 0x22, 0x23, 0x24, 0x25
1396 },
1397 37,
1398 {
1399 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1400 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1401 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1402 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1403 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1404 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1405 0xcd, 0xcd
1406 },
1407 50,
1408 {
1409 0xd4, 0x63, 0x3c, 0x17, 0xf6, 0xfb, 0x8d, 0x74,
1410 0x4c, 0x66, 0xde, 0xe0, 0xf8, 0xf0, 0x74, 0x55,
1411 0x6e, 0xc4, 0xaf, 0x55, 0xef, 0x07, 0x99, 0x85,
1412 0x41, 0x46, 0x8e, 0xb4, 0x9b, 0xd2, 0xe9, 0x17
1413 }
1414 },
1415 {
1416 {
1417 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
1418 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
1419 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
1420 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c
1421 },
1422 32,
1423 "Test With Truncation",
1424 20,
1425 {
1426 0x75, 0x46, 0xaf, 0x01, 0x84, 0x1f, 0xc0, 0x9b,
1427 0x1a, 0xb9, 0xc3, 0x74, 0x9a, 0x5f, 0x1c, 0x17,
1428 0xd4, 0xf5, 0x89, 0x66, 0x8a, 0x58, 0x7b, 0x27,
1429 0x00, 0xa9, 0xc9, 0x7c, 0x11, 0x93, 0xcf, 0x42
1430 }
1431 },
1432 {
1433 {
1434 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1435 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1436 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1437 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1438 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1439 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1440 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1441 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1442 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1443 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
1444 },
1445 80,
1446 "Test Using Larger Than Block-Size Key - Hash Key First",
1447 54,
1448 {
1449 0x69, 0x53, 0x02, 0x5e, 0xd9, 0x6f, 0x0c, 0x09,
1450 0xf8, 0x0a, 0x96, 0xf7, 0x8e, 0x65, 0x38, 0xdb,
1451 0xe2, 0xe7, 0xb8, 0x20, 0xe3, 0xdd, 0x97, 0x0e,
1452 0x7d, 0xdd, 0x39, 0x09, 0x1b, 0x32, 0x35, 0x2f
1453 }
1454 },
1455 {
1456 {
1457 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1458 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1459 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1460 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1461 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1462 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1463 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1464 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1465 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1466 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
1467 },
1468 80,
1469 "Test Using Larger Than Block-Size Key and Larger Than One "
1470 "Block-Size Data",
1471 73,
1472 {
1473 0x63, 0x55, 0xac, 0x22, 0xe8, 0x90, 0xd0, 0xa3,
1474 0xc8, 0x48, 0x1a, 0x5c, 0xa4, 0x82, 0x5b, 0xc8,
1475 0x84, 0xd3, 0xe7, 0xa1, 0xff, 0x98, 0xa2, 0xfc,
1476 0x2a, 0xc7, 0xd8, 0xe0, 0x64, 0xc3, 0xb2, 0xe6
1477 }
1478 }
1479 };
1480
1481
test_sha256(void)1482 static int test_sha256(void)
1483 {
1484 unsigned int i;
1485 u8 hash[32];
1486 const u8 *addr[2];
1487 size_t len[2];
1488 int errors = 0;
1489
1490 for (i = 0; i < ARRAY_SIZE(tests); i++) {
1491 wpa_printf(MSG_INFO, "SHA256 test case %d:", i + 1);
1492
1493 addr[0] = (u8 *) tests[i].data;
1494 len[0] = strlen(tests[i].data);
1495 sha256_vector(1, addr, len, hash);
1496 if (memcmp(hash, tests[i].hash, 32) != 0) {
1497 wpa_printf(MSG_INFO, " FAIL");
1498 errors++;
1499 } else
1500 wpa_printf(MSG_INFO, " OK");
1501
1502 if (len[0]) {
1503 addr[0] = (u8 *) tests[i].data;
1504 len[0] = 1;
1505 addr[1] = (u8 *) tests[i].data + 1;
1506 len[1] = strlen(tests[i].data) - 1;
1507 sha256_vector(2, addr, len, hash);
1508 if (memcmp(hash, tests[i].hash, 32) != 0) {
1509 wpa_printf(MSG_INFO, " FAIL");
1510 errors++;
1511 } else
1512 wpa_printf(MSG_INFO, " OK");
1513 }
1514 }
1515
1516 for (i = 0; i < ARRAY_SIZE(hmac_tests); i++) {
1517 const struct hmac_test *t = &hmac_tests[i];
1518
1519 wpa_printf(MSG_INFO, "HMAC-SHA256 test case %d:", i + 1);
1520
1521 if (hmac_sha256(t->key, t->key_len, t->data, t->data_len,
1522 hash) < 0 ||
1523 os_memcmp(hash, t->hash, 32) != 0) {
1524 wpa_printf(MSG_INFO, " FAIL");
1525 errors++;
1526 } else
1527 wpa_printf(MSG_INFO, " OK");
1528
1529 addr[0] = t->data;
1530 len[0] = t->data_len;
1531 if (hmac_sha256_vector(t->key, t->key_len, 1, addr, len,
1532 hash) < 0 ||
1533 os_memcmp(hash, t->hash, 32) != 0) {
1534 wpa_printf(MSG_INFO, " FAIL");
1535 errors++;
1536 } else
1537 wpa_printf(MSG_INFO, " OK");
1538
1539 if (len[0]) {
1540 addr[0] = t->data;
1541 len[0] = 1;
1542 addr[1] = t->data + 1;
1543 len[1] = t->data_len - 1;
1544 if (hmac_sha256_vector(t->key, t->key_len, 2, addr, len,
1545 hash) < 0 ||
1546 os_memcmp(hash, t->hash, 32) != 0) {
1547 wpa_printf(MSG_INFO, " FAIL");
1548 errors++;
1549 } else
1550 wpa_printf(MSG_INFO, " OK");
1551 }
1552 }
1553
1554 wpa_printf(MSG_INFO, "Test IEEE 802.11r KDF");
1555 sha256_prf((u8 *) "abc", 3, "KDF test", (u8 *) "data", 4,
1556 hash, sizeof(hash));
1557 /* TODO: add proper test case for this */
1558
1559 if (!errors)
1560 wpa_printf(MSG_INFO, "SHA256 test cases passed");
1561 return errors;
1562 }
1563
1564
test_ms_funcs(void)1565 static int test_ms_funcs(void)
1566 {
1567 /* Test vector from RFC2759 example */
1568 char *username = "User";
1569 char *password = "clientPass";
1570 u8 auth_challenge[] = {
1571 0x5B, 0x5D, 0x7C, 0x7D, 0x7B, 0x3F, 0x2F, 0x3E,
1572 0x3C, 0x2C, 0x60, 0x21, 0x32, 0x26, 0x26, 0x28
1573 };
1574 u8 peer_challenge[] = {
1575 0x21, 0x40, 0x23, 0x24, 0x25, 0x5E, 0x26, 0x2A,
1576 0x28, 0x29, 0x5F, 0x2B, 0x3A, 0x33, 0x7C, 0x7E
1577 };
1578 u8 password_hash[] = {
1579 0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6,
1580 0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE
1581 };
1582 u8 nt_response[] = {
1583 0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E,
1584 0xA0, 0x8F, 0xAA, 0x39, 0x81, 0xCD, 0x83, 0x54,
1585 0x42, 0x33, 0x11, 0x4A, 0x3D, 0x85, 0xD6, 0xDF
1586 };
1587 u8 password_hash_hash[] = {
1588 0x41, 0xC0, 0x0C, 0x58, 0x4B, 0xD2, 0xD9, 0x1C,
1589 0x40, 0x17, 0xA2, 0xA1, 0x2F, 0xA5, 0x9F, 0x3F
1590 };
1591 u8 authenticator_response[] = {
1592 0x40, 0x7A, 0x55, 0x89, 0x11, 0x5F, 0xD0, 0xD6,
1593 0x20, 0x9F, 0x51, 0x0F, 0xE9, 0xC0, 0x45, 0x66,
1594 0x93, 0x2C, 0xDA, 0x56
1595 };
1596 u8 master_key[] = {
1597 0xFD, 0xEC, 0xE3, 0x71, 0x7A, 0x8C, 0x83, 0x8C,
1598 0xB3, 0x88, 0xE5, 0x27, 0xAE, 0x3C, 0xDD, 0x31
1599 };
1600 u8 send_start_key[] = {
1601 0x8B, 0x7C, 0xDC, 0x14, 0x9B, 0x99, 0x3A, 0x1B,
1602 0xA1, 0x18, 0xCB, 0x15, 0x3F, 0x56, 0xDC, 0xCB
1603 };
1604 u8 buf[32];
1605 int errors = 0;
1606
1607 if (nt_password_hash((u8 *) password, os_strlen(password), buf) ||
1608 os_memcmp(password_hash, buf, sizeof(password_hash)) != 0) {
1609 wpa_printf(MSG_ERROR, "nt_password_hash failed");
1610 errors++;
1611 }
1612
1613 if (generate_nt_response(auth_challenge, peer_challenge,
1614 (u8 *) username, os_strlen(username),
1615 (u8 *) password, os_strlen(password), buf) ||
1616 os_memcmp(nt_response, buf, sizeof(nt_response)) != 0) {
1617 wpa_printf(MSG_ERROR, "generate_nt_response failed");
1618 errors++;
1619 }
1620
1621 if (hash_nt_password_hash(password_hash, buf) ||
1622 os_memcmp(password_hash_hash, buf,
1623 sizeof(password_hash_hash)) != 0) {
1624 wpa_printf(MSG_ERROR, "hash_nt_password_hash failed");
1625 errors++;
1626 }
1627
1628 if (generate_authenticator_response((u8 *) password,
1629 os_strlen(password),
1630 peer_challenge, auth_challenge,
1631 (u8 *) username,
1632 os_strlen(username),
1633 nt_response, buf) ||
1634 os_memcmp(authenticator_response, buf,
1635 sizeof(authenticator_response)) != 0) {
1636 wpa_printf(MSG_ERROR, "generate_authenticator_response failed");
1637 errors++;
1638 }
1639
1640 if (get_master_key(password_hash_hash, nt_response, buf) ||
1641 os_memcmp(master_key, buf, sizeof(master_key)) != 0) {
1642 wpa_printf(MSG_ERROR, "get_master_key failed");
1643 errors++;
1644 }
1645
1646 if (get_asymetric_start_key(master_key, buf, sizeof(send_start_key),
1647 1, 1) ||
1648 os_memcmp(send_start_key, buf, sizeof(send_start_key)) != 0) {
1649 wpa_printf(MSG_ERROR, "get_asymetric_start_key failed");
1650 errors++;
1651 }
1652
1653 if (errors)
1654 wpa_printf(MSG_ERROR, "ms_funcs: %d errors", errors);
1655 else
1656 wpa_printf(MSG_INFO, "ms_funcs test cases passed");
1657
1658 return errors;
1659 }
1660
1661
crypto_module_tests(void)1662 int crypto_module_tests(void)
1663 {
1664 int ret = 0;
1665
1666 wpa_printf(MSG_INFO, "crypto module tests");
1667 if (test_siv() ||
1668 test_omac1() ||
1669 test_eax() ||
1670 test_cbc() ||
1671 test_ecb() ||
1672 test_key_wrap() ||
1673 test_md5() ||
1674 test_sha1() ||
1675 test_sha256() ||
1676 test_ms_funcs())
1677 ret = -1;
1678
1679 return ret;
1680 }
1681