1 /*
2 * crypto module tests
3 * Copyright (c) 2014-2015, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "crypto/aes_siv.h"
13 #include "crypto/aes_wrap.h"
14 #include "crypto/aes.h"
15 #include "crypto/ms_funcs.h"
16 #include "crypto/crypto.h"
17 #include "crypto/sha1.h"
18 #include "crypto/sha256.h"
19
20
test_siv(void)21 static int test_siv(void)
22 {
23 #ifdef CONFIG_MESH
24 /* RFC 5297, A.1. Deterministic Authenticated Encryption Example */
25 u8 key[] = {
26 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
27 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
28 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
29 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
30 };
31 u8 ad[] = {
32 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
33 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
34 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27
35 };
36 u8 plaintext[] = {
37 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
38 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee
39 };
40 u8 iv_c[] = {
41 0x85, 0x63, 0x2d, 0x07, 0xc6, 0xe8, 0xf3, 0x7f,
42 0x95, 0x0a, 0xcd, 0x32, 0x0a, 0x2e, 0xcc, 0x93,
43 0x40, 0xc0, 0x2b, 0x96, 0x90, 0xc4, 0xdc, 0x04,
44 0xda, 0xef, 0x7f, 0x6a, 0xfe, 0x5c
45 };
46 /* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */
47 u8 key_2[] = {
48 0x7f, 0x7e, 0x7d, 0x7c, 0x7b, 0x7a, 0x79, 0x78,
49 0x77, 0x76, 0x75, 0x74, 0x73, 0x72, 0x71, 0x70,
50 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
51 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
52 };
53 u8 ad1_2[] = {
54 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
55 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
56 0xde, 0xad, 0xda, 0xda, 0xde, 0xad, 0xda, 0xda,
57 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
58 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00
59 };
60 u8 ad2_2[] = {
61 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80,
62 0x90, 0xa0
63 };
64 u8 nonce_2[] = {
65 0x09, 0xf9, 0x11, 0x02, 0x9d, 0x74, 0xe3, 0x5b,
66 0xd8, 0x41, 0x56, 0xc5, 0x63, 0x56, 0x88, 0xc0
67 };
68 u8 plaintext_2[] = {
69 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
70 0x73, 0x6f, 0x6d, 0x65, 0x20, 0x70, 0x6c, 0x61,
71 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x20, 0x74,
72 0x6f, 0x20, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70,
73 0x74, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x20,
74 0x53, 0x49, 0x56, 0x2d, 0x41, 0x45, 0x53
75 };
76 u8 iv_c_2[] = {
77 0x7b, 0xdb, 0x6e, 0x3b, 0x43, 0x26, 0x67, 0xeb,
78 0x06, 0xf4, 0xd1, 0x4b, 0xff, 0x2f, 0xbd, 0x0f,
79 0xcb, 0x90, 0x0f, 0x2f, 0xdd, 0xbe, 0x40, 0x43,
80 0x26, 0x60, 0x19, 0x65, 0xc8, 0x89, 0xbf, 0x17,
81 0xdb, 0xa7, 0x7c, 0xeb, 0x09, 0x4f, 0xa6, 0x63,
82 0xb7, 0xa3, 0xf7, 0x48, 0xba, 0x8a, 0xf8, 0x29,
83 0xea, 0x64, 0xad, 0x54, 0x4a, 0x27, 0x2e, 0x9c,
84 0x48, 0x5b, 0x62, 0xa3, 0xfd, 0x5c, 0x0d
85 };
86 u8 out[2 * AES_BLOCK_SIZE + sizeof(plaintext_2)];
87 const u8 *addr[3];
88 size_t len[3];
89
90 /* RFC 5297, A.1. Deterministic Authenticated Encryption Example */
91 addr[0] = ad;
92 len[0] = sizeof(ad);
93
94 if (aes_siv_encrypt(key, plaintext, sizeof(plaintext),
95 1, addr, len, out)) {
96 wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed");
97 return 1;
98 }
99 if (os_memcmp(out, iv_c, sizeof(iv_c)) != 0) {
100 wpa_printf(MSG_ERROR,
101 "AES-SIV mode encryption returned invalid cipher text");
102 return 1;
103 }
104
105 if (aes_siv_decrypt(key, iv_c, sizeof(iv_c), 1, addr, len, out)) {
106 wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed");
107 return 1;
108 }
109 if (os_memcmp(out, plaintext, sizeof(plaintext)) != 0) {
110 wpa_printf(MSG_ERROR,
111 "AES-SIV mode decryption returned invalid plain text");
112 return 1;
113 }
114
115 /* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */
116 addr[0] = ad1_2;
117 len[0] = sizeof(ad1_2);
118 addr[1] = ad2_2;
119 len[1] = sizeof(ad2_2);
120 addr[2] = nonce_2;
121 len[2] = sizeof(nonce_2);
122
123 if (aes_siv_encrypt(key_2, plaintext_2, sizeof(plaintext_2),
124 3, addr, len, out)) {
125 wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed");
126 return 1;
127 }
128 if (os_memcmp(out, iv_c_2, sizeof(iv_c_2)) != 0) {
129 wpa_printf(MSG_ERROR,
130 "AES-SIV mode encryption returned invalid cipher text");
131 return 1;
132 }
133
134 if (aes_siv_decrypt(key_2, iv_c_2, sizeof(iv_c_2), 3, addr, len, out)) {
135 wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed");
136 return 1;
137 }
138 if (os_memcmp(out, plaintext_2, sizeof(plaintext_2)) != 0) {
139 wpa_printf(MSG_ERROR,
140 "AES-SIV mode decryption returned invalid plain text");
141 return 1;
142 }
143
144 wpa_printf(MSG_INFO, "AES-SIV test cases passed");
145 #endif /* CONFIG_MESH */
146
147 return 0;
148 }
149
150
151 /* OMAC1 AES-128 test vectors from
152 * http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/omac/omac-ad.pdf
153 * which are same as the examples from NIST SP800-38B
154 * http://csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf
155 */
156
157 struct omac1_test_vector {
158 u8 k[16];
159 u8 msg[64];
160 int msg_len;
161 u8 tag[16];
162 };
163
164 static const struct omac1_test_vector omac1_test_vectors[] =
165 {
166 {
167 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
168 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
169 { },
170 0,
171 { 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
172 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 }
173 },
174 {
175 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
176 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
177 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
178 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a},
179 16,
180 { 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
181 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c }
182 },
183 {
184 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
185 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
186 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
187 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
188 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
189 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
190 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11 },
191 40,
192 { 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
193 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 }
194 },
195 {
196 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
197 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
198 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
199 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
200 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
201 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
202 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
203 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
204 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
205 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 },
206 64,
207 { 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
208 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe }
209 },
210 };
211
212
test_omac1_vector(const struct omac1_test_vector * tv,unsigned int i)213 static int test_omac1_vector(const struct omac1_test_vector *tv,
214 unsigned int i)
215 {
216 u8 key[] = {
217 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
218 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
219 };
220 u8 msg[] = { 0x12, 0x34, 0x56 };
221 u8 result[24], result2[24];
222 const u8 *addr[3];
223 size_t len[3];
224
225 if (omac1_aes_128(tv->k, tv->msg, tv->msg_len, result) ||
226 os_memcmp(result, tv->tag, 16) != 0) {
227 wpa_printf(MSG_ERROR, "OMAC1-AES-128 test vector %u failed", i);
228 return 1;
229 }
230
231 if (tv->msg_len > 1) {
232
233 addr[0] = tv->msg;
234 len[0] = 1;
235 addr[1] = tv->msg + 1;
236 len[1] = tv->msg_len - 1;
237
238 if (omac1_aes_128_vector(tv->k, 2, addr, len, result) ||
239 os_memcmp(result, tv->tag, 16) != 0) {
240 wpa_printf(MSG_ERROR,
241 "OMAC1-AES-128(vector) test vector %u failed",
242 i);
243 return 1;
244 }
245
246 addr[0] = tv->msg;
247 len[0] = tv->msg_len - 2;
248 addr[1] = tv->msg + tv->msg_len - 2;
249 len[1] = 1;
250 addr[2] = tv->msg + tv->msg_len - 1;
251 len[2] = 1;
252
253 if (omac1_aes_128_vector(tv->k, 3, addr, len, result) ||
254 os_memcmp(result, tv->tag, 16) != 0) {
255 wpa_printf(MSG_ERROR,
256 "OMAC1-AES-128(vector2) test vector %u failed",
257 i);
258 return 1;
259 }
260 }
261
262 addr[0] = &msg[0];
263 len[0] = 1;
264 addr[1] = &msg[1];
265 len[1] = 1;
266 addr[2] = &msg[2];
267 len[2] = 1;
268 if (omac1_aes_128(key, msg, sizeof(msg), result) ||
269 omac1_aes_128_vector(key, 3, addr, len, result2) ||
270 os_memcmp(result, result2, 16) != 0) {
271 wpa_printf(MSG_ERROR, "OMAC1-AES-128 short test mismatch");
272 return 1;
273 }
274
275 return 0;
276 }
277
278
test_omac1(void)279 static int test_omac1(void)
280 {
281 unsigned int i;
282
283 for (i = 0; i < ARRAY_SIZE(omac1_test_vectors); i++) {
284 if (test_omac1_vector(&omac1_test_vectors[i], i))
285 return 1;
286 }
287
288 wpa_printf(MSG_INFO, "OMAC1-AES-128 test cases passed");
289
290 return 0;
291 }
292
293
test_eax(void)294 static int test_eax(void)
295 {
296 #ifdef EAP_PSK
297 u8 msg[] = { 0xF7, 0xFB };
298 u8 key[] = { 0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B,
299 0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4 };
300 u8 nonce[] = { 0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84,
301 0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD };
302 u8 hdr[] = { 0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA };
303 u8 cipher[] = { 0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D,
304 0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79,
305 0x67, 0xE5 };
306 u8 data[sizeof(msg)], tag[AES_BLOCK_SIZE];
307
308 os_memcpy(data, msg, sizeof(msg));
309 if (aes_128_eax_encrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
310 data, sizeof(data), tag)) {
311 wpa_printf(MSG_ERROR, "AES-128 EAX mode encryption failed");
312 return 1;
313 }
314 if (os_memcmp(data, cipher, sizeof(data)) != 0) {
315 wpa_printf(MSG_ERROR,
316 "AES-128 EAX mode encryption returned invalid cipher text");
317 return 1;
318 }
319 if (os_memcmp(tag, cipher + sizeof(data), AES_BLOCK_SIZE) != 0) {
320 wpa_printf(MSG_ERROR,
321 "AES-128 EAX mode encryption returned invalid tag");
322 return 1;
323 }
324
325 if (aes_128_eax_decrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
326 data, sizeof(data), tag)) {
327 wpa_printf(MSG_ERROR, "AES-128 EAX mode decryption failed");
328 return 1;
329 }
330 if (os_memcmp(data, msg, sizeof(data)) != 0) {
331 wpa_printf(MSG_ERROR,
332 "AES-128 EAX mode decryption returned invalid plain text");
333 return 1;
334 }
335
336 wpa_printf(MSG_INFO, "AES-128 EAX mode test cases passed");
337 #endif /* EAP_PSK */
338
339 return 0;
340 }
341
342
test_cbc(void)343 static int test_cbc(void)
344 {
345 struct cbc_test_vector {
346 u8 key[16];
347 u8 iv[16];
348 u8 plain[32];
349 u8 cipher[32];
350 size_t len;
351 } vectors[] = {
352 {
353 { 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b,
354 0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 },
355 { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30,
356 0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 },
357 "Single block msg",
358 { 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8,
359 0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a },
360 16
361 },
362 {
363 { 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0,
364 0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a },
365 { 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28,
366 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 },
367 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
368 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
369 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
370 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
371 { 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a,
372 0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a,
373 0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9,
374 0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 },
375 32
376 }
377 };
378 int ret = 0;
379 u8 *buf;
380 unsigned int i;
381
382 for (i = 0; i < ARRAY_SIZE(vectors); i++) {
383 struct cbc_test_vector *tv = &vectors[i];
384
385 buf = os_malloc(tv->len);
386 if (buf == NULL) {
387 ret++;
388 break;
389 }
390
391 os_memcpy(buf, tv->plain, tv->len);
392 if (aes_128_cbc_encrypt(tv->key, tv->iv, buf, tv->len) ||
393 os_memcmp(buf, tv->cipher, tv->len) != 0) {
394 wpa_printf(MSG_ERROR, "AES-CBC encrypt %d failed", i);
395 ret++;
396 }
397
398 os_memcpy(buf, tv->cipher, tv->len);
399 if (aes_128_cbc_decrypt(tv->key, tv->iv, buf, tv->len) ||
400 os_memcmp(buf, tv->plain, tv->len) != 0) {
401 wpa_printf(MSG_ERROR, "AES-CBC decrypt %d failed", i);
402 ret++;
403 }
404
405 os_free(buf);
406 }
407
408 return ret;
409 }
410
411
test_ecb(void)412 static int test_ecb(void)
413 {
414 #ifdef EAP_PSK
415 struct ecb_test_vector {
416 char *key;
417 char *plaintext;
418 char *ciphertext;
419 } vectors[] = {
420 /* CAVS 11.1 - ECBGFSbox128.rsp */
421 {
422 "00000000000000000000000000000000",
423 "f34481ec3cc627bacd5dc3fb08f273e6",
424 "0336763e966d92595a567cc9ce537f5e"
425 },
426 {
427 "00000000000000000000000000000000",
428 "9798c4640bad75c7c3227db910174e72",
429 "a9a1631bf4996954ebc093957b234589"
430 },
431 {
432 "00000000000000000000000000000000",
433 "96ab5c2ff612d9dfaae8c31f30c42168",
434 "ff4f8391a6a40ca5b25d23bedd44a597"
435 },
436 {
437 "00000000000000000000000000000000",
438 "6a118a874519e64e9963798a503f1d35",
439 "dc43be40be0e53712f7e2bf5ca707209"
440 },
441 {
442 "00000000000000000000000000000000",
443 "cb9fceec81286ca3e989bd979b0cb284",
444 "92beedab1895a94faa69b632e5cc47ce"
445 },
446 {
447 "00000000000000000000000000000000",
448 "b26aeb1874e47ca8358ff22378f09144",
449 "459264f4798f6a78bacb89c15ed3d601"
450 },
451 {
452 "00000000000000000000000000000000",
453 "58c8e00b2631686d54eab84b91f0aca1",
454 "08a4e2efec8a8e3312ca7460b9040bbf"
455 },
456 /* CAVS 11.1 - ECBKeySbox128.rsp */
457 {
458 "10a58869d74be5a374cf867cfb473859",
459 "00000000000000000000000000000000",
460 "6d251e6944b051e04eaa6fb4dbf78465"
461 },
462 {
463 "caea65cdbb75e9169ecd22ebe6e54675",
464 "00000000000000000000000000000000",
465 "6e29201190152df4ee058139def610bb",
466 }
467 };
468 int ret = 0;
469 unsigned int i;
470 u8 key[16], plain[16], cipher[16], out[16];
471
472 for (i = 0; i < ARRAY_SIZE(vectors); i++) {
473 struct ecb_test_vector *tv = &vectors[i];
474
475 if (hexstr2bin(tv->key, key, sizeof(key)) ||
476 hexstr2bin(tv->plaintext, plain, sizeof(plain)) ||
477 hexstr2bin(tv->ciphertext, cipher, sizeof(cipher))) {
478 wpa_printf(MSG_ERROR, "Invalid AES-ECB test vector %u",
479 i);
480 ret++;
481 continue;
482 }
483
484 if (aes_128_encrypt_block(key, plain, out) < 0 ||
485 os_memcmp(out, cipher, 16) != 0) {
486 wpa_printf(MSG_ERROR, "AES-ECB encrypt %u failed", i);
487 ret++;
488 }
489 }
490
491 if (!ret)
492 wpa_printf(MSG_INFO, "AES ECB mode test cases passed");
493
494 return ret;
495 #endif /* EAP_PSK */
496
497 return 0;
498 }
499
500
test_key_wrap(void)501 static int test_key_wrap(void)
502 {
503 int ret = 0;
504
505 /* RFC 3394 - Test vector 4.1 */
506 u8 kek41[] = {
507 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
508 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
509 };
510 u8 plain41[] = {
511 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
512 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
513 };
514 u8 crypt41[] = {
515 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
516 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
517 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5
518 };
519 #ifndef CONFIG_BORINGSSL
520 /* RFC 3394 - Test vector 4.2 */
521 u8 kek42[] = {
522 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
523 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
524 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
525 };
526 u8 plain42[] = {
527 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
528 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
529 };
530 u8 crypt42[] = {
531 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35,
532 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2,
533 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D
534 };
535 #endif /* CONFIG_BORINGSSL */
536 /* RFC 3394 - Test vector 4.3 */
537 u8 kek43[] = {
538 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
539 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
540 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
541 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
542 };
543 u8 plain43[] = {
544 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
545 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
546 };
547 u8 crypt43[] = {
548 0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2,
549 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A,
550 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7,
551 };
552 #ifndef CONFIG_BORINGSSL
553 /* RFC 3394 - Test vector 4.4 */
554 u8 kek44[] = {
555 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
556 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
557 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
558 };
559 u8 plain44[] = {
560 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
561 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
562 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
563 };
564 u8 crypt44[] = {
565 0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32,
566 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC,
567 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93,
568 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2
569 };
570 #endif /* CONFIG_BORINGSSL */
571 /* RFC 3394 - Test vector 4.5 */
572 u8 kek45[] = {
573 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
574 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
575 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
576 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
577 };
578 u8 plain45[] = {
579 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
580 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
581 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
582 };
583 u8 crypt45[] = {
584 0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F,
585 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4,
586 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95,
587 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1,
588 };
589 /* RFC 3394 - Test vector 4.6 */
590 u8 kek46[] = {
591 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
592 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
593 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
594 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
595 };
596 u8 plain46[] = {
597 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
598 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
599 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
600 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
601 };
602 u8 crypt46[] = {
603 0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4,
604 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26,
605 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26,
606 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B,
607 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21
608 };
609 u8 result[40];
610
611 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.1");
612 if (aes_wrap(kek41, sizeof(kek41), sizeof(plain41) / 8, plain41,
613 result)) {
614 wpa_printf(MSG_ERROR, "AES-WRAP-128 reported failure");
615 ret++;
616 }
617 if (os_memcmp(result, crypt41, sizeof(crypt41)) != 0) {
618 wpa_printf(MSG_ERROR, "AES-WRAP-128 failed");
619 ret++;
620 }
621 if (aes_unwrap(kek41, sizeof(kek41), sizeof(plain41) / 8, crypt41,
622 result)) {
623 wpa_printf(MSG_ERROR, "AES-UNWRAP-128 reported failure");
624 ret++;
625 }
626 if (os_memcmp(result, plain41, sizeof(plain41)) != 0) {
627 wpa_printf(MSG_ERROR, "AES-UNWRAP-128 failed");
628 ret++;
629 }
630
631 #ifndef CONFIG_BORINGSSL
632 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.2");
633 if (aes_wrap(kek42, sizeof(kek42), sizeof(plain42) / 8, plain42,
634 result)) {
635 wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure");
636 ret++;
637 }
638 if (os_memcmp(result, crypt42, sizeof(crypt42)) != 0) {
639 wpa_printf(MSG_ERROR, "AES-WRAP-192 failed");
640 ret++;
641 }
642 if (aes_unwrap(kek42, sizeof(kek42), sizeof(plain42) / 8, crypt42,
643 result)) {
644 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure");
645 ret++;
646 }
647 if (os_memcmp(result, plain42, sizeof(plain42)) != 0) {
648 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed");
649 ret++;
650 }
651 #endif /* CONFIG_BORINGSSL */
652
653 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.3");
654 if (aes_wrap(kek43, sizeof(kek43), sizeof(plain43) / 8, plain43,
655 result)) {
656 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure");
657 ret++;
658 }
659 if (os_memcmp(result, crypt43, sizeof(crypt43)) != 0) {
660 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed");
661 ret++;
662 }
663 if (aes_unwrap(kek43, sizeof(kek43), sizeof(plain43) / 8, crypt43,
664 result)) {
665 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure");
666 ret++;
667 }
668 if (os_memcmp(result, plain43, sizeof(plain43)) != 0) {
669 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed");
670 ret++;
671 }
672
673 #ifndef CONFIG_BORINGSSL
674 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.4");
675 if (aes_wrap(kek44, sizeof(kek44), sizeof(plain44) / 8, plain44,
676 result)) {
677 wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure");
678 ret++;
679 }
680 if (os_memcmp(result, crypt44, sizeof(crypt44)) != 0) {
681 wpa_printf(MSG_ERROR, "AES-WRAP-192 failed");
682 ret++;
683 }
684 if (aes_unwrap(kek44, sizeof(kek44), sizeof(plain44) / 8, crypt44,
685 result)) {
686 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure");
687 ret++;
688 }
689 if (os_memcmp(result, plain44, sizeof(plain44)) != 0) {
690 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed");
691 ret++;
692 }
693 #endif /* CONFIG_BORINGSSL */
694
695 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.5");
696 if (aes_wrap(kek45, sizeof(kek45), sizeof(plain45) / 8, plain45,
697 result)) {
698 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure");
699 ret++;
700 }
701 if (os_memcmp(result, crypt45, sizeof(crypt45)) != 0) {
702 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed");
703 ret++;
704 }
705 if (aes_unwrap(kek45, sizeof(kek45), sizeof(plain45) / 8, crypt45,
706 result)) {
707 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure");
708 ret++;
709 }
710 if (os_memcmp(result, plain45, sizeof(plain45)) != 0) {
711 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed");
712 ret++;
713 }
714
715 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.6");
716 if (aes_wrap(kek46, sizeof(kek46), sizeof(plain46) / 8, plain46,
717 result)) {
718 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure");
719 ret++;
720 }
721 if (os_memcmp(result, crypt46, sizeof(crypt46)) != 0) {
722 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed");
723 ret++;
724 }
725 if (aes_unwrap(kek46, sizeof(kek46), sizeof(plain46) / 8, crypt46,
726 result)) {
727 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure");
728 ret++;
729 }
730 if (os_memcmp(result, plain46, sizeof(plain46)) != 0) {
731 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed");
732 ret++;
733 }
734
735 if (!ret)
736 wpa_printf(MSG_INFO, "AES key wrap/unwrap test cases passed");
737
738 return ret;
739 }
740
741
test_md5(void)742 static int test_md5(void)
743 {
744 #ifndef CONFIG_FIPS
745 struct {
746 char *data;
747 char *hash;
748 } tests[] = {
749 {
750 "",
751 "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04"
752 "\xe9\x80\x09\x98\xec\xf8\x42\x7e"
753 },
754 {
755 "a",
756 "\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8"
757 "\x31\xc3\x99\xe2\x69\x77\x26\x61"
758 },
759 {
760 "abc",
761 "\x90\x01\x50\x98\x3c\xd2\x4f\xb0"
762 "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72"
763 },
764 {
765 "message digest",
766 "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d"
767 "\x52\x5a\x2f\x31\xaa\xf1\x61\xd0"
768 },
769 {
770 "abcdefghijklmnopqrstuvwxyz",
771 "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00"
772 "\x7d\xfb\x49\x6c\xca\x67\xe1\x3b"
773 },
774 {
775 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
776 "0123456789",
777 "\xd1\x74\xab\x98\xd2\x77\xd9\xf5"
778 "\xa5\x61\x1c\x2c\x9f\x41\x9d\x9f"
779 },
780 {
781 "12345678901234567890123456789012345678901234567890"
782 "123456789012345678901234567890",
783 "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55"
784 "\xac\x49\xda\x2e\x21\x07\xb6\x7a"
785 }
786 };
787 unsigned int i;
788 u8 hash[16];
789 const u8 *addr[2];
790 size_t len[2];
791 int errors = 0;
792
793 for (i = 0; i < ARRAY_SIZE(tests); i++) {
794 wpa_printf(MSG_INFO, "MD5 test case %d", i);
795
796 addr[0] = (u8 *) tests[i].data;
797 len[0] = strlen(tests[i].data);
798 if (md5_vector(1, addr, len, hash) < 0 ||
799 os_memcmp(hash, tests[i].hash, 16) != 0) {
800 wpa_printf(MSG_INFO, " FAIL");
801 errors++;
802 } else
803 wpa_printf(MSG_INFO, " OK");
804
805 if (len[0]) {
806 addr[0] = (u8 *) tests[i].data;
807 len[0] = strlen(tests[i].data);
808 addr[1] = (u8 *) tests[i].data + 1;
809 len[1] = strlen(tests[i].data) - 1;
810 if (md5_vector(1, addr, len, hash) < 0 ||
811 os_memcmp(hash, tests[i].hash, 16) != 0) {
812 wpa_printf(MSG_INFO, " FAIL");
813 errors++;
814 } else
815 wpa_printf(MSG_INFO, " OK");
816 }
817 }
818
819 if (!errors)
820 wpa_printf(MSG_INFO, "MD5 test cases passed");
821
822 return errors;
823 #else /* CONFIG_FIPS */
824 wpa_printf(MSG_INFO, "MD5 test cases skipped due to CONFIG_FIPS");
825 return 0;
826 #endif /* CONFIG_FIPS */
827 }
828
829
test_eap_fast(void)830 static int test_eap_fast(void)
831 {
832 #ifdef EAP_FAST
833 /* RFC 4851, Appendix B.1 */
834 const u8 pac_key[] = {
835 0x0B, 0x97, 0x39, 0x0F, 0x37, 0x51, 0x78, 0x09,
836 0x81, 0x1E, 0xFD, 0x9C, 0x6E, 0x65, 0x94, 0x2B,
837 0x63, 0x2C, 0xE9, 0x53, 0x89, 0x38, 0x08, 0xBA,
838 0x36, 0x0B, 0x03, 0x7C, 0xD1, 0x85, 0xE4, 0x14
839 };
840 const u8 seed[] = {
841 0x3F, 0xFB, 0x11, 0xC4, 0x6C, 0xBF, 0xA5, 0x7A,
842 0x54, 0x40, 0xDA, 0xE8, 0x22, 0xD3, 0x11, 0xD3,
843 0xF7, 0x6D, 0xE4, 0x1D, 0xD9, 0x33, 0xE5, 0x93,
844 0x70, 0x97, 0xEB, 0xA9, 0xB3, 0x66, 0xF4, 0x2A,
845 0x00, 0x00, 0x00, 0x02, 0x6A, 0x66, 0x43, 0x2A,
846 0x8D, 0x14, 0x43, 0x2C, 0xEC, 0x58, 0x2D, 0x2F,
847 0xC7, 0x9C, 0x33, 0x64, 0xBA, 0x04, 0xAD, 0x3A,
848 0x52, 0x54, 0xD6, 0xA5, 0x79, 0xAD, 0x1E, 0x00
849 };
850 const u8 master_secret[] = {
851 0x4A, 0x1A, 0x51, 0x2C, 0x01, 0x60, 0xBC, 0x02,
852 0x3C, 0xCF, 0xBC, 0x83, 0x3F, 0x03, 0xBC, 0x64,
853 0x88, 0xC1, 0x31, 0x2F, 0x0B, 0xA9, 0xA2, 0x77,
854 0x16, 0xA8, 0xD8, 0xE8, 0xBD, 0xC9, 0xD2, 0x29,
855 0x38, 0x4B, 0x7A, 0x85, 0xBE, 0x16, 0x4D, 0x27,
856 0x33, 0xD5, 0x24, 0x79, 0x87, 0xB1, 0xC5, 0xA2
857 };
858 #ifndef CONFIG_FIPS
859 const u8 key_block[] = {
860 0x59, 0x59, 0xBE, 0x8E, 0x41, 0x3A, 0x77, 0x74,
861 0x8B, 0xB2, 0xE5, 0xD3, 0x60, 0xAC, 0x4D, 0x35,
862 0xDF, 0xFB, 0xC8, 0x1E, 0x9C, 0x24, 0x9C, 0x8B,
863 0x0E, 0xC3, 0x1D, 0x72, 0xC8, 0x84, 0x9D, 0x57,
864 0x48, 0x51, 0x2E, 0x45, 0x97, 0x6C, 0x88, 0x70,
865 0xBE, 0x5F, 0x01, 0xD3, 0x64, 0xE7, 0x4C, 0xBB,
866 0x11, 0x24, 0xE3, 0x49, 0xE2, 0x3B, 0xCD, 0xEF,
867 0x7A, 0xB3, 0x05, 0x39, 0x5D, 0x64, 0x8A, 0x44,
868 0x11, 0xB6, 0x69, 0x88, 0x34, 0x2E, 0x8E, 0x29,
869 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05,
870 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96,
871 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84,
872 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98,
873 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71
874 };
875 #endif /* CONFIG_FIPS */
876 const u8 sks[] = {
877 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05,
878 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96,
879 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84,
880 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98,
881 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71
882 };
883 const u8 isk[] = {
884 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
885 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
886 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
887 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
888 };
889 const u8 imck[] = {
890 0x16, 0x15, 0x3C, 0x3F, 0x21, 0x55, 0xEF, 0xD9,
891 0x7F, 0x34, 0xAE, 0xC8, 0x1A, 0x4E, 0x66, 0x80,
892 0x4C, 0xC3, 0x76, 0xF2, 0x8A, 0xA9, 0x6F, 0x96,
893 0xC2, 0x54, 0x5F, 0x8C, 0xAB, 0x65, 0x02, 0xE1,
894 0x18, 0x40, 0x7B, 0x56, 0xBE, 0xEA, 0xA7, 0xC5,
895 0x76, 0x5D, 0x8F, 0x0B, 0xC5, 0x07, 0xC6, 0xB9,
896 0x04, 0xD0, 0x69, 0x56, 0x72, 0x8B, 0x6B, 0xB8,
897 0x15, 0xEC, 0x57, 0x7B
898 };
899 const u8 msk[] = {
900 0x4D, 0x83, 0xA9, 0xBE, 0x6F, 0x8A, 0x74, 0xED,
901 0x6A, 0x02, 0x66, 0x0A, 0x63, 0x4D, 0x2C, 0x33,
902 0xC2, 0xDA, 0x60, 0x15, 0xC6, 0x37, 0x04, 0x51,
903 0x90, 0x38, 0x63, 0xDA, 0x54, 0x3E, 0x14, 0xB9,
904 0x27, 0x99, 0x18, 0x1E, 0x07, 0xBF, 0x0F, 0x5A,
905 0x5E, 0x3C, 0x32, 0x93, 0x80, 0x8C, 0x6C, 0x49,
906 0x67, 0xED, 0x24, 0xFE, 0x45, 0x40, 0xA0, 0x59,
907 0x5E, 0x37, 0xC2, 0xE9, 0xD0, 0x5D, 0x0A, 0xE3
908 };
909 const u8 emsk[] = {
910 0x3A, 0xD4, 0xAB, 0xDB, 0x76, 0xB2, 0x7F, 0x3B,
911 0xEA, 0x32, 0x2C, 0x2B, 0x74, 0xF4, 0x28, 0x55,
912 0xEF, 0x2D, 0xBA, 0x78, 0xC9, 0x57, 0x2F, 0x0D,
913 0x06, 0xCD, 0x51, 0x7C, 0x20, 0x93, 0x98, 0xA9,
914 0x76, 0xEA, 0x70, 0x21, 0xD7, 0x0E, 0x25, 0x54,
915 0x97, 0xED, 0xB2, 0x8A, 0xF6, 0xED, 0xFD, 0x0A,
916 0x2A, 0xE7, 0xA1, 0x58, 0x90, 0x10, 0x50, 0x44,
917 0xB3, 0x82, 0x85, 0xDB, 0x06, 0x14, 0xD2, 0xF9
918 };
919 /* RFC 4851, Appendix B.2 */
920 u8 tlv[] = {
921 0x80, 0x0C, 0x00, 0x38, 0x00, 0x01, 0x01, 0x00,
922 0xD8, 0x6A, 0x8C, 0x68, 0x3C, 0x32, 0x31, 0xA8,
923 0x56, 0x63, 0xB6, 0x40, 0x21, 0xFE, 0x21, 0x14,
924 0x4E, 0xE7, 0x54, 0x20, 0x79, 0x2D, 0x42, 0x62,
925 0xC9, 0xBF, 0x53, 0x7F, 0x54, 0xFD, 0xAC, 0x58,
926 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF,
927 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC,
928 0x05, 0xC5, 0x5B, 0xB7
929 };
930 const u8 compound_mac[] = {
931 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF,
932 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC,
933 0x05, 0xC5, 0x5B, 0xB7
934 };
935 u8 buf[512];
936 const u8 *simck, *cmk;
937 int errors = 0;
938
939 wpa_printf(MSG_INFO, "EAP-FAST test cases");
940
941 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / master_secret");
942 if (sha1_t_prf(pac_key, sizeof(pac_key),
943 "PAC to master secret label hash",
944 seed, sizeof(seed), buf, sizeof(master_secret)) < 0 ||
945 os_memcmp(master_secret, buf, sizeof(master_secret)) != 0) {
946 wpa_printf(MSG_INFO, "T-PRF test - FAILED!");
947 errors++;
948 }
949
950 #ifndef CONFIG_FIPS
951 wpa_printf(MSG_INFO, "- PRF (TLS, SHA1/MD5) test case / key_block");
952 if (tls_prf_sha1_md5(master_secret, sizeof(master_secret),
953 "key expansion", seed, sizeof(seed),
954 buf, sizeof(key_block)) ||
955 os_memcmp(key_block, buf, sizeof(key_block)) != 0) {
956 wpa_printf(MSG_INFO, "PRF test - FAILED!");
957 errors++;
958 }
959 #endif /* CONFIG_FIPS */
960
961 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / IMCK");
962 if (sha1_t_prf(sks, sizeof(sks), "Inner Methods Compound Keys",
963 isk, sizeof(isk), buf, sizeof(imck)) < 0 ||
964 os_memcmp(imck, buf, sizeof(imck)) != 0) {
965 wpa_printf(MSG_INFO, "T-PRF test - FAILED!");
966 errors++;
967 }
968
969 simck = imck;
970 cmk = imck + 40;
971
972 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / MSK");
973 if (sha1_t_prf(simck, 40, "Session Key Generating Function",
974 (u8 *) "", 0, buf, sizeof(msk)) < 0 ||
975 os_memcmp(msk, buf, sizeof(msk)) != 0) {
976 wpa_printf(MSG_INFO, "T-PRF test - FAILED!");
977 errors++;
978 }
979
980 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / EMSK");
981 if (sha1_t_prf(simck, 40, "Extended Session Key Generating Function",
982 (u8 *) "", 0, buf, sizeof(msk)) < 0 ||
983 os_memcmp(emsk, buf, sizeof(emsk)) != 0) {
984 wpa_printf(MSG_INFO, "T-PRF test - FAILED!");
985 errors++;
986 }
987
988 wpa_printf(MSG_INFO, "- Compound MAC test case");
989 os_memset(tlv + sizeof(tlv) - 20, 0, 20);
990 if (hmac_sha1(cmk, 20, tlv, sizeof(tlv), tlv + sizeof(tlv) - 20) < 0 ||
991 os_memcmp(tlv + sizeof(tlv) - 20, compound_mac,
992 sizeof(compound_mac)) != 0) {
993 wpa_printf(MSG_INFO, "Compound MAC test - FAILED!");
994 errors++;
995 }
996
997 return errors;
998 #else /* EAP_FAST */
999 return 0;
1000 #endif /* EAP_FAST */
1001 }
1002
1003
1004 static const u8 key0[] =
1005 {
1006 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1007 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1008 0x0b, 0x0b, 0x0b, 0x0b
1009 };
1010 static const u8 data0[] = "Hi There";
1011 static const u8 prf0[] =
1012 {
1013 0xbc, 0xd4, 0xc6, 0x50, 0xb3, 0x0b, 0x96, 0x84,
1014 0x95, 0x18, 0x29, 0xe0, 0xd7, 0x5f, 0x9d, 0x54,
1015 0xb8, 0x62, 0x17, 0x5e, 0xd9, 0xf0, 0x06, 0x06,
1016 0xe1, 0x7d, 0x8d, 0xa3, 0x54, 0x02, 0xff, 0xee,
1017 0x75, 0xdf, 0x78, 0xc3, 0xd3, 0x1e, 0x0f, 0x88,
1018 0x9f, 0x01, 0x21, 0x20, 0xc0, 0x86, 0x2b, 0xeb,
1019 0x67, 0x75, 0x3e, 0x74, 0x39, 0xae, 0x24, 0x2e,
1020 0xdb, 0x83, 0x73, 0x69, 0x83, 0x56, 0xcf, 0x5a
1021 };
1022
1023 static const u8 key1[] = "Jefe";
1024 static const u8 data1[] = "what do ya want for nothing?";
1025 static const u8 prf1[] =
1026 {
1027 0x51, 0xf4, 0xde, 0x5b, 0x33, 0xf2, 0x49, 0xad,
1028 0xf8, 0x1a, 0xeb, 0x71, 0x3a, 0x3c, 0x20, 0xf4,
1029 0xfe, 0x63, 0x14, 0x46, 0xfa, 0xbd, 0xfa, 0x58,
1030 0x24, 0x47, 0x59, 0xae, 0x58, 0xef, 0x90, 0x09,
1031 0xa9, 0x9a, 0xbf, 0x4e, 0xac, 0x2c, 0xa5, 0xfa,
1032 0x87, 0xe6, 0x92, 0xc4, 0x40, 0xeb, 0x40, 0x02,
1033 0x3e, 0x7b, 0xab, 0xb2, 0x06, 0xd6, 0x1d, 0xe7,
1034 0xb9, 0x2f, 0x41, 0x52, 0x90, 0x92, 0xb8, 0xfc
1035 };
1036
1037
1038 static const u8 key2[] =
1039 {
1040 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1041 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1042 0xaa, 0xaa, 0xaa, 0xaa
1043 };
1044 static const u8 data2[] =
1045 {
1046 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1047 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1048 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1049 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1050 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1051 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1052 0xdd, 0xdd
1053 };
1054 static const u8 prf2[] =
1055 {
1056 0xe1, 0xac, 0x54, 0x6e, 0xc4, 0xcb, 0x63, 0x6f,
1057 0x99, 0x76, 0x48, 0x7b, 0xe5, 0xc8, 0x6b, 0xe1,
1058 0x7a, 0x02, 0x52, 0xca, 0x5d, 0x8d, 0x8d, 0xf1,
1059 0x2c, 0xfb, 0x04, 0x73, 0x52, 0x52, 0x49, 0xce,
1060 0x9d, 0xd8, 0xd1, 0x77, 0xea, 0xd7, 0x10, 0xbc,
1061 0x9b, 0x59, 0x05, 0x47, 0x23, 0x91, 0x07, 0xae,
1062 0xf7, 0xb4, 0xab, 0xd4, 0x3d, 0x87, 0xf0, 0xa6,
1063 0x8f, 0x1c, 0xbd, 0x9e, 0x2b, 0x6f, 0x76, 0x07
1064 };
1065
1066
1067 struct passphrase_test {
1068 char *passphrase;
1069 char *ssid;
1070 char psk[32];
1071 };
1072
1073 static const struct passphrase_test passphrase_tests[] =
1074 {
1075 {
1076 "password",
1077 "IEEE",
1078 {
1079 0xf4, 0x2c, 0x6f, 0xc5, 0x2d, 0xf0, 0xeb, 0xef,
1080 0x9e, 0xbb, 0x4b, 0x90, 0xb3, 0x8a, 0x5f, 0x90,
1081 0x2e, 0x83, 0xfe, 0x1b, 0x13, 0x5a, 0x70, 0xe2,
1082 0x3a, 0xed, 0x76, 0x2e, 0x97, 0x10, 0xa1, 0x2e
1083 }
1084 },
1085 {
1086 "ThisIsAPassword",
1087 "ThisIsASSID",
1088 {
1089 0x0d, 0xc0, 0xd6, 0xeb, 0x90, 0x55, 0x5e, 0xd6,
1090 0x41, 0x97, 0x56, 0xb9, 0xa1, 0x5e, 0xc3, 0xe3,
1091 0x20, 0x9b, 0x63, 0xdf, 0x70, 0x7d, 0xd5, 0x08,
1092 0xd1, 0x45, 0x81, 0xf8, 0x98, 0x27, 0x21, 0xaf
1093 }
1094 },
1095 {
1096 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
1097 "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ",
1098 {
1099 0xbe, 0xcb, 0x93, 0x86, 0x6b, 0xb8, 0xc3, 0x83,
1100 0x2c, 0xb7, 0x77, 0xc2, 0xf5, 0x59, 0x80, 0x7c,
1101 0x8c, 0x59, 0xaf, 0xcb, 0x6e, 0xae, 0x73, 0x48,
1102 0x85, 0x00, 0x13, 0x00, 0xa9, 0x81, 0xcc, 0x62
1103 }
1104 },
1105 };
1106
1107 #define NUM_PASSPHRASE_TESTS ARRAY_SIZE(passphrase_tests)
1108
1109
1110 struct rfc6070_test {
1111 char *p;
1112 char *s;
1113 int c;
1114 char dk[32];
1115 size_t dk_len;
1116 };
1117
1118 static const struct rfc6070_test rfc6070_tests[] =
1119 {
1120 {
1121 "password",
1122 "salt",
1123 1,
1124 {
1125 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
1126 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06,
1127 0x2f, 0xe0, 0x37, 0xa6
1128 },
1129 20
1130 },
1131 {
1132 "password",
1133 "salt",
1134 2,
1135 {
1136 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c,
1137 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0,
1138 0xd8, 0xde, 0x89, 0x57
1139 },
1140 20
1141 },
1142 {
1143 "password",
1144 "salt",
1145 4096,
1146 {
1147 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a,
1148 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0,
1149 0x65, 0xa4, 0x29, 0xc1
1150 },
1151 20
1152 },
1153 #if 0 /* This takes quite long to derive.. */
1154 {
1155 "password",
1156 "salt",
1157 16777216,
1158 {
1159 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4,
1160 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c,
1161 0x26, 0x34, 0xe9, 0x84
1162 },
1163 20
1164 },
1165 #endif
1166 {
1167 "passwordPASSWORDpassword",
1168 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
1169 4096,
1170 {
1171 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b,
1172 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a,
1173 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70,
1174 0x38
1175 },
1176 25
1177 },
1178 #if 0 /* \0 not currently supported in passphrase parameters.. */
1179 {
1180 "pass\0word",
1181 "sa\0lt",
1182 4096,
1183 {
1184 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d,
1185 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3
1186 },
1187 16
1188 },
1189 #endif
1190 };
1191
1192 #define NUM_RFC6070_TESTS ARRAY_SIZE(rfc6070_tests)
1193
1194
test_sha1(void)1195 static int test_sha1(void)
1196 {
1197 u8 res[512];
1198 int ret = 0;
1199 unsigned int i;
1200
1201 wpa_printf(MSG_INFO, "PRF-SHA1 test cases:");
1202
1203 if (sha1_prf(key0, sizeof(key0), "prefix", data0, sizeof(data0) - 1,
1204 res, sizeof(prf0)) == 0 &&
1205 os_memcmp(res, prf0, sizeof(prf0)) == 0)
1206 wpa_printf(MSG_INFO, "Test case 0 - OK");
1207 else {
1208 wpa_printf(MSG_INFO, "Test case 0 - FAILED!");
1209 ret++;
1210 }
1211
1212 if (sha1_prf(key1, sizeof(key1) - 1, "prefix", data1, sizeof(data1) - 1,
1213 res, sizeof(prf1)) == 0 &&
1214 os_memcmp(res, prf1, sizeof(prf1)) == 0)
1215 wpa_printf(MSG_INFO, "Test case 1 - OK");
1216 else {
1217 wpa_printf(MSG_INFO, "Test case 1 - FAILED!");
1218 ret++;
1219 }
1220
1221 if (sha1_prf(key2, sizeof(key2), "prefix", data2, sizeof(data2),
1222 res, sizeof(prf2)) == 0 &&
1223 os_memcmp(res, prf2, sizeof(prf2)) == 0)
1224 wpa_printf(MSG_INFO, "Test case 2 - OK");
1225 else {
1226 wpa_printf(MSG_INFO, "Test case 2 - FAILED!");
1227 ret++;
1228 }
1229
1230 ret += test_eap_fast();
1231
1232 wpa_printf(MSG_INFO, "PBKDF2-SHA1 Passphrase test cases:");
1233 for (i = 0; i < NUM_PASSPHRASE_TESTS; i++) {
1234 u8 psk[32];
1235 const struct passphrase_test *test = &passphrase_tests[i];
1236
1237 if (pbkdf2_sha1(test->passphrase,
1238 (const u8 *) test->ssid, strlen(test->ssid),
1239 4096, psk, 32) == 0 &&
1240 os_memcmp(psk, test->psk, 32) == 0)
1241 wpa_printf(MSG_INFO, "Test case %d - OK", i);
1242 else {
1243 wpa_printf(MSG_INFO, "Test case %d - FAILED!", i);
1244 ret++;
1245 }
1246 }
1247
1248 wpa_printf(MSG_INFO, "PBKDF2-SHA1 test cases (RFC 6070):");
1249 for (i = 0; i < NUM_RFC6070_TESTS; i++) {
1250 u8 dk[25];
1251 const struct rfc6070_test *test = &rfc6070_tests[i];
1252
1253 if (pbkdf2_sha1(test->p, (const u8 *) test->s, strlen(test->s),
1254 test->c, dk, test->dk_len) == 0 &&
1255 os_memcmp(dk, test->dk, test->dk_len) == 0)
1256 wpa_printf(MSG_INFO, "Test case %d - OK", i);
1257 else {
1258 wpa_printf(MSG_INFO, "Test case %d - FAILED!", i);
1259 ret++;
1260 }
1261 }
1262
1263 if (!ret)
1264 wpa_printf(MSG_INFO, "SHA1 test cases passed");
1265 return ret;
1266 }
1267
1268
1269 const struct {
1270 char *data;
1271 u8 hash[32];
1272 } tests[] = {
1273 {
1274 "abc",
1275 {
1276 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea,
1277 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
1278 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
1279 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad
1280 }
1281 },
1282 {
1283 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
1284 {
1285 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8,
1286 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39,
1287 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67,
1288 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1
1289 }
1290 }
1291 };
1292
1293 const struct hmac_test {
1294 u8 key[80];
1295 size_t key_len;
1296 u8 data[128];
1297 size_t data_len;
1298 u8 hash[32];
1299 } hmac_tests[] = {
1300 /* draft-ietf-ipsec-ciph-sha-256-01.txt */
1301 {
1302 {
1303 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
1304 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
1305 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
1306 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20
1307 },
1308 32,
1309 "abc", 3,
1310 {
1311 0xa2, 0x1b, 0x1f, 0x5d, 0x4c, 0xf4, 0xf7, 0x3a,
1312 0x4d, 0xd9, 0x39, 0x75, 0x0f, 0x7a, 0x06, 0x6a,
1313 0x7f, 0x98, 0xcc, 0x13, 0x1c, 0xb1, 0x6a, 0x66,
1314 0x92, 0x75, 0x90, 0x21, 0xcf, 0xab, 0x81, 0x81
1315 }
1316 },
1317 {
1318 {
1319 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
1320 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
1321 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
1322 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20
1323 },
1324 32,
1325 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
1326 56,
1327 {
1328 0x10, 0x4f, 0xdc, 0x12, 0x57, 0x32, 0x8f, 0x08,
1329 0x18, 0x4b, 0xa7, 0x31, 0x31, 0xc5, 0x3c, 0xae,
1330 0xe6, 0x98, 0xe3, 0x61, 0x19, 0x42, 0x11, 0x49,
1331 0xea, 0x8c, 0x71, 0x24, 0x56, 0x69, 0x7d, 0x30
1332 }
1333 },
1334 {
1335 {
1336 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
1337 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
1338 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
1339 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20
1340 },
1341 32,
1342 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
1343 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
1344 112,
1345 {
1346 0x47, 0x03, 0x05, 0xfc, 0x7e, 0x40, 0xfe, 0x34,
1347 0xd3, 0xee, 0xb3, 0xe7, 0x73, 0xd9, 0x5a, 0xab,
1348 0x73, 0xac, 0xf0, 0xfd, 0x06, 0x04, 0x47, 0xa5,
1349 0xeb, 0x45, 0x95, 0xbf, 0x33, 0xa9, 0xd1, 0xa3
1350 }
1351 },
1352 {
1353 {
1354 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1355 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1356 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1357 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b
1358 },
1359 32,
1360 "Hi There",
1361 8,
1362 {
1363 0x19, 0x8a, 0x60, 0x7e, 0xb4, 0x4b, 0xfb, 0xc6,
1364 0x99, 0x03, 0xa0, 0xf1, 0xcf, 0x2b, 0xbd, 0xc5,
1365 0xba, 0x0a, 0xa3, 0xf3, 0xd9, 0xae, 0x3c, 0x1c,
1366 0x7a, 0x3b, 0x16, 0x96, 0xa0, 0xb6, 0x8c, 0xf7
1367 }
1368 },
1369 {
1370 "Jefe",
1371 4,
1372 "what do ya want for nothing?",
1373 28,
1374 {
1375 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e,
1376 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7,
1377 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83,
1378 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43
1379 }
1380 },
1381 {
1382 {
1383 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1384 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1385 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1386 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
1387 },
1388 32,
1389 {
1390 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1391 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1392 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1393 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1394 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1395 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1396 0xdd, 0xdd
1397 },
1398 50,
1399 {
1400 0xcd, 0xcb, 0x12, 0x20, 0xd1, 0xec, 0xcc, 0xea,
1401 0x91, 0xe5, 0x3a, 0xba, 0x30, 0x92, 0xf9, 0x62,
1402 0xe5, 0x49, 0xfe, 0x6c, 0xe9, 0xed, 0x7f, 0xdc,
1403 0x43, 0x19, 0x1f, 0xbd, 0xe4, 0x5c, 0x30, 0xb0
1404 }
1405 },
1406 {
1407 {
1408 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
1409 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
1410 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
1411 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
1412 0x21, 0x22, 0x23, 0x24, 0x25
1413 },
1414 37,
1415 {
1416 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1417 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1418 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1419 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1420 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1421 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1422 0xcd, 0xcd
1423 },
1424 50,
1425 {
1426 0xd4, 0x63, 0x3c, 0x17, 0xf6, 0xfb, 0x8d, 0x74,
1427 0x4c, 0x66, 0xde, 0xe0, 0xf8, 0xf0, 0x74, 0x55,
1428 0x6e, 0xc4, 0xaf, 0x55, 0xef, 0x07, 0x99, 0x85,
1429 0x41, 0x46, 0x8e, 0xb4, 0x9b, 0xd2, 0xe9, 0x17
1430 }
1431 },
1432 {
1433 {
1434 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
1435 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
1436 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
1437 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c
1438 },
1439 32,
1440 "Test With Truncation",
1441 20,
1442 {
1443 0x75, 0x46, 0xaf, 0x01, 0x84, 0x1f, 0xc0, 0x9b,
1444 0x1a, 0xb9, 0xc3, 0x74, 0x9a, 0x5f, 0x1c, 0x17,
1445 0xd4, 0xf5, 0x89, 0x66, 0x8a, 0x58, 0x7b, 0x27,
1446 0x00, 0xa9, 0xc9, 0x7c, 0x11, 0x93, 0xcf, 0x42
1447 }
1448 },
1449 {
1450 {
1451 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1452 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1453 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1454 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1455 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1456 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1457 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1458 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1459 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1460 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
1461 },
1462 80,
1463 "Test Using Larger Than Block-Size Key - Hash Key First",
1464 54,
1465 {
1466 0x69, 0x53, 0x02, 0x5e, 0xd9, 0x6f, 0x0c, 0x09,
1467 0xf8, 0x0a, 0x96, 0xf7, 0x8e, 0x65, 0x38, 0xdb,
1468 0xe2, 0xe7, 0xb8, 0x20, 0xe3, 0xdd, 0x97, 0x0e,
1469 0x7d, 0xdd, 0x39, 0x09, 0x1b, 0x32, 0x35, 0x2f
1470 }
1471 },
1472 {
1473 {
1474 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1475 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1476 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1477 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1478 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1479 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1480 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1481 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1482 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1483 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
1484 },
1485 80,
1486 "Test Using Larger Than Block-Size Key and Larger Than One "
1487 "Block-Size Data",
1488 73,
1489 {
1490 0x63, 0x55, 0xac, 0x22, 0xe8, 0x90, 0xd0, 0xa3,
1491 0xc8, 0x48, 0x1a, 0x5c, 0xa4, 0x82, 0x5b, 0xc8,
1492 0x84, 0xd3, 0xe7, 0xa1, 0xff, 0x98, 0xa2, 0xfc,
1493 0x2a, 0xc7, 0xd8, 0xe0, 0x64, 0xc3, 0xb2, 0xe6
1494 }
1495 }
1496 };
1497
1498
test_sha256(void)1499 static int test_sha256(void)
1500 {
1501 unsigned int i;
1502 u8 hash[32];
1503 const u8 *addr[2];
1504 size_t len[2];
1505 int errors = 0;
1506 u8 *key;
1507
1508 for (i = 0; i < ARRAY_SIZE(tests); i++) {
1509 wpa_printf(MSG_INFO, "SHA256 test case %d:", i + 1);
1510
1511 addr[0] = (u8 *) tests[i].data;
1512 len[0] = strlen(tests[i].data);
1513 sha256_vector(1, addr, len, hash);
1514 if (memcmp(hash, tests[i].hash, 32) != 0) {
1515 wpa_printf(MSG_INFO, " FAIL");
1516 errors++;
1517 } else
1518 wpa_printf(MSG_INFO, " OK");
1519
1520 if (len[0]) {
1521 addr[0] = (u8 *) tests[i].data;
1522 len[0] = 1;
1523 addr[1] = (u8 *) tests[i].data + 1;
1524 len[1] = strlen(tests[i].data) - 1;
1525 sha256_vector(2, addr, len, hash);
1526 if (memcmp(hash, tests[i].hash, 32) != 0) {
1527 wpa_printf(MSG_INFO, " FAIL");
1528 errors++;
1529 } else
1530 wpa_printf(MSG_INFO, " OK");
1531 }
1532 }
1533
1534 for (i = 0; i < ARRAY_SIZE(hmac_tests); i++) {
1535 const struct hmac_test *t = &hmac_tests[i];
1536
1537 wpa_printf(MSG_INFO, "HMAC-SHA256 test case %d:", i + 1);
1538
1539 if (hmac_sha256(t->key, t->key_len, t->data, t->data_len,
1540 hash) < 0 ||
1541 os_memcmp(hash, t->hash, 32) != 0) {
1542 wpa_printf(MSG_INFO, " FAIL");
1543 errors++;
1544 } else
1545 wpa_printf(MSG_INFO, " OK");
1546
1547 addr[0] = t->data;
1548 len[0] = t->data_len;
1549 if (hmac_sha256_vector(t->key, t->key_len, 1, addr, len,
1550 hash) < 0 ||
1551 os_memcmp(hash, t->hash, 32) != 0) {
1552 wpa_printf(MSG_INFO, " FAIL");
1553 errors++;
1554 } else
1555 wpa_printf(MSG_INFO, " OK");
1556
1557 if (len[0]) {
1558 addr[0] = t->data;
1559 len[0] = 1;
1560 addr[1] = t->data + 1;
1561 len[1] = t->data_len - 1;
1562 if (hmac_sha256_vector(t->key, t->key_len, 2, addr, len,
1563 hash) < 0 ||
1564 os_memcmp(hash, t->hash, 32) != 0) {
1565 wpa_printf(MSG_INFO, " FAIL");
1566 errors++;
1567 } else
1568 wpa_printf(MSG_INFO, " OK");
1569 }
1570 }
1571
1572 wpa_printf(MSG_INFO, "Test IEEE 802.11r KDF");
1573 sha256_prf((u8 *) "abc", 3, "KDF test", (u8 *) "data", 4,
1574 hash, sizeof(hash));
1575 /* TODO: add proper test case for this */
1576
1577 key = os_malloc(8161);
1578 if (key) {
1579 #ifdef CONFIG_HMAC_SHA256_KDF
1580 int res;
1581
1582 res = hmac_sha256_kdf((u8 *) "secret", 6, "label",
1583 (u8 *) "seed", 4, key, 8160);
1584 if (res) {
1585 wpa_printf(MSG_INFO,
1586 "Unexpected hmac_sha256_kdf(outlen=8160) failure");
1587 errors++;
1588 }
1589
1590 res = hmac_sha256_kdf((u8 *) "secret", 6, "label",
1591 (u8 *) "seed", 4, key, 8161);
1592 if (res == 0) {
1593 wpa_printf(MSG_INFO,
1594 "Unexpected hmac_sha256_kdf(outlen=8161) success");
1595 errors++;
1596 }
1597 #endif /* CONFIG_HMAC_SHA256_KDF */
1598
1599 os_free(key);
1600 }
1601
1602 if (!errors)
1603 wpa_printf(MSG_INFO, "SHA256 test cases passed");
1604 return errors;
1605 }
1606
1607
test_fips186_2_prf(void)1608 static int test_fips186_2_prf(void)
1609 {
1610 /* http://csrc.nist.gov/encryption/dss/Examples-1024bit.pdf */
1611 u8 xkey[] = {
1612 0xbd, 0x02, 0x9b, 0xbe, 0x7f, 0x51, 0x96, 0x0b,
1613 0xcf, 0x9e, 0xdb, 0x2b, 0x61, 0xf0, 0x6f, 0x0f,
1614 0xeb, 0x5a, 0x38, 0xb6
1615 };
1616 u8 w[] = {
1617 0x20, 0x70, 0xb3, 0x22, 0x3d, 0xba, 0x37, 0x2f,
1618 0xde, 0x1c, 0x0f, 0xfc, 0x7b, 0x2e, 0x3b, 0x49,
1619 0x8b, 0x26, 0x06, 0x14, 0x3c, 0x6c, 0x18, 0xba,
1620 0xcb, 0x0f, 0x6c, 0x55, 0xba, 0xbb, 0x13, 0x78,
1621 0x8e, 0x20, 0xd7, 0x37, 0xa3, 0x27, 0x51, 0x16
1622 };
1623 u8 buf[40];
1624
1625 wpa_printf(MSG_INFO,
1626 "Testing EAP-SIM PRF (FIPS 186-2 + change notice 1)");
1627 if (fips186_2_prf(xkey, sizeof(xkey), buf, sizeof(buf)) < 0 ||
1628 os_memcmp(w, buf, sizeof(w)) != 0) {
1629 wpa_printf(MSG_INFO, "fips186_2_prf failed");
1630 return 1;
1631 }
1632
1633 return 0;
1634 }
1635
1636
test_ms_funcs(void)1637 static int test_ms_funcs(void)
1638 {
1639 #ifndef CONFIG_FIPS
1640 /* Test vector from RFC2759 example */
1641 char *username = "User";
1642 char *password = "clientPass";
1643 u8 auth_challenge[] = {
1644 0x5B, 0x5D, 0x7C, 0x7D, 0x7B, 0x3F, 0x2F, 0x3E,
1645 0x3C, 0x2C, 0x60, 0x21, 0x32, 0x26, 0x26, 0x28
1646 };
1647 u8 peer_challenge[] = {
1648 0x21, 0x40, 0x23, 0x24, 0x25, 0x5E, 0x26, 0x2A,
1649 0x28, 0x29, 0x5F, 0x2B, 0x3A, 0x33, 0x7C, 0x7E
1650 };
1651 u8 password_hash[] = {
1652 0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6,
1653 0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE
1654 };
1655 u8 nt_response[] = {
1656 0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E,
1657 0xA0, 0x8F, 0xAA, 0x39, 0x81, 0xCD, 0x83, 0x54,
1658 0x42, 0x33, 0x11, 0x4A, 0x3D, 0x85, 0xD6, 0xDF
1659 };
1660 u8 password_hash_hash[] = {
1661 0x41, 0xC0, 0x0C, 0x58, 0x4B, 0xD2, 0xD9, 0x1C,
1662 0x40, 0x17, 0xA2, 0xA1, 0x2F, 0xA5, 0x9F, 0x3F
1663 };
1664 u8 authenticator_response[] = {
1665 0x40, 0x7A, 0x55, 0x89, 0x11, 0x5F, 0xD0, 0xD6,
1666 0x20, 0x9F, 0x51, 0x0F, 0xE9, 0xC0, 0x45, 0x66,
1667 0x93, 0x2C, 0xDA, 0x56
1668 };
1669 u8 master_key[] = {
1670 0xFD, 0xEC, 0xE3, 0x71, 0x7A, 0x8C, 0x83, 0x8C,
1671 0xB3, 0x88, 0xE5, 0x27, 0xAE, 0x3C, 0xDD, 0x31
1672 };
1673 u8 send_start_key[] = {
1674 0x8B, 0x7C, 0xDC, 0x14, 0x9B, 0x99, 0x3A, 0x1B,
1675 0xA1, 0x18, 0xCB, 0x15, 0x3F, 0x56, 0xDC, 0xCB
1676 };
1677 u8 buf[32];
1678 int errors = 0;
1679
1680 if (nt_password_hash((u8 *) password, os_strlen(password), buf) ||
1681 os_memcmp(password_hash, buf, sizeof(password_hash)) != 0) {
1682 wpa_printf(MSG_ERROR, "nt_password_hash failed");
1683 errors++;
1684 }
1685
1686 if (generate_nt_response(auth_challenge, peer_challenge,
1687 (u8 *) username, os_strlen(username),
1688 (u8 *) password, os_strlen(password), buf) ||
1689 os_memcmp(nt_response, buf, sizeof(nt_response)) != 0) {
1690 wpa_printf(MSG_ERROR, "generate_nt_response failed");
1691 errors++;
1692 }
1693
1694 if (hash_nt_password_hash(password_hash, buf) ||
1695 os_memcmp(password_hash_hash, buf,
1696 sizeof(password_hash_hash)) != 0) {
1697 wpa_printf(MSG_ERROR, "hash_nt_password_hash failed");
1698 errors++;
1699 }
1700
1701 if (generate_authenticator_response((u8 *) password,
1702 os_strlen(password),
1703 peer_challenge, auth_challenge,
1704 (u8 *) username,
1705 os_strlen(username),
1706 nt_response, buf) ||
1707 os_memcmp(authenticator_response, buf,
1708 sizeof(authenticator_response)) != 0) {
1709 wpa_printf(MSG_ERROR, "generate_authenticator_response failed");
1710 errors++;
1711 }
1712
1713 if (get_master_key(password_hash_hash, nt_response, buf) ||
1714 os_memcmp(master_key, buf, sizeof(master_key)) != 0) {
1715 wpa_printf(MSG_ERROR, "get_master_key failed");
1716 errors++;
1717 }
1718
1719 if (get_asymetric_start_key(master_key, buf, sizeof(send_start_key),
1720 1, 1) ||
1721 os_memcmp(send_start_key, buf, sizeof(send_start_key)) != 0) {
1722 wpa_printf(MSG_ERROR, "get_asymetric_start_key failed");
1723 errors++;
1724 }
1725
1726 if (errors)
1727 wpa_printf(MSG_ERROR, "ms_funcs: %d errors", errors);
1728 else
1729 wpa_printf(MSG_INFO, "ms_funcs test cases passed");
1730
1731 return errors;
1732 #else /* CONFIG_FIPS */
1733 wpa_printf(MSG_INFO, "ms_funcs test cases skipped due to CONFIG_FIPS");
1734 return 0;
1735 #endif /* CONFIG_FIPS */
1736 }
1737
1738
crypto_module_tests(void)1739 int crypto_module_tests(void)
1740 {
1741 int ret = 0;
1742
1743 wpa_printf(MSG_INFO, "crypto module tests");
1744 if (test_siv() ||
1745 test_omac1() ||
1746 test_eax() ||
1747 test_cbc() ||
1748 test_ecb() ||
1749 test_key_wrap() ||
1750 test_md5() ||
1751 test_sha1() ||
1752 test_sha256() ||
1753 test_fips186_2_prf() ||
1754 test_ms_funcs())
1755 ret = -1;
1756
1757 return ret;
1758 }
1759