1 /*
2  * crypto module tests
3  * Copyright (c) 2014-2015, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "utils/includes.h"
10 
11 #include "utils/common.h"
12 #include "utils/module_tests.h"
13 #include "crypto/aes_siv.h"
14 #include "crypto/aes_wrap.h"
15 #include "crypto/aes.h"
16 #include "crypto/ms_funcs.h"
17 #include "crypto/crypto.h"
18 #include "crypto/sha1.h"
19 #include "crypto/sha256.h"
20 #include "crypto/sha384.h"
21 
22 
test_siv(void)23 static int test_siv(void)
24 {
25 #ifdef CONFIG_MESH
26 	/* RFC 5297, A.1. Deterministic Authenticated Encryption Example */
27 	u8 key[] = {
28 		0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
29 		0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
30 		0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
31 		0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
32 	};
33 	u8 ad[] = {
34 		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
35 		0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
36 		0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27
37 	};
38 	u8 plaintext[] = {
39 		0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
40 		0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee
41 	};
42 	u8 iv_c[] = {
43 		0x85, 0x63, 0x2d, 0x07, 0xc6, 0xe8, 0xf3, 0x7f,
44 		0x95, 0x0a, 0xcd, 0x32, 0x0a, 0x2e, 0xcc, 0x93,
45 		0x40, 0xc0, 0x2b, 0x96, 0x90, 0xc4, 0xdc, 0x04,
46 		0xda, 0xef, 0x7f, 0x6a, 0xfe, 0x5c
47 	};
48 	/* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */
49 	u8 key_2[] = {
50 		0x7f, 0x7e, 0x7d, 0x7c, 0x7b, 0x7a, 0x79, 0x78,
51 		0x77, 0x76, 0x75, 0x74, 0x73, 0x72, 0x71, 0x70,
52 		0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
53 		0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
54 	};
55 	u8 ad1_2[] = {
56 		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
57 		0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
58 		0xde, 0xad, 0xda, 0xda, 0xde, 0xad, 0xda, 0xda,
59 		0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
60 		0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00
61 	};
62 	u8 ad2_2[] = {
63 		0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80,
64 		0x90, 0xa0
65 	};
66 	u8 nonce_2[] = {
67 		0x09, 0xf9, 0x11, 0x02, 0x9d, 0x74, 0xe3, 0x5b,
68 		0xd8, 0x41, 0x56, 0xc5, 0x63, 0x56, 0x88, 0xc0
69 	};
70 	u8 plaintext_2[] = {
71 		0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
72 		0x73, 0x6f, 0x6d, 0x65, 0x20, 0x70, 0x6c, 0x61,
73 		0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x20, 0x74,
74 		0x6f, 0x20, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70,
75 		0x74, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x20,
76 		0x53, 0x49, 0x56, 0x2d, 0x41, 0x45, 0x53
77 	};
78 	u8 iv_c_2[] = {
79 		0x7b, 0xdb, 0x6e, 0x3b, 0x43, 0x26, 0x67, 0xeb,
80 		0x06, 0xf4, 0xd1, 0x4b, 0xff, 0x2f, 0xbd, 0x0f,
81 		0xcb, 0x90, 0x0f, 0x2f, 0xdd, 0xbe, 0x40, 0x43,
82 		0x26, 0x60, 0x19, 0x65, 0xc8, 0x89, 0xbf, 0x17,
83 		0xdb, 0xa7, 0x7c, 0xeb, 0x09, 0x4f, 0xa6, 0x63,
84 		0xb7, 0xa3, 0xf7, 0x48, 0xba, 0x8a, 0xf8, 0x29,
85 		0xea, 0x64, 0xad, 0x54, 0x4a, 0x27, 0x2e, 0x9c,
86 		0x48, 0x5b, 0x62, 0xa3, 0xfd, 0x5c, 0x0d
87 	};
88 	u8 out[2 * AES_BLOCK_SIZE + sizeof(plaintext_2)];
89 	const u8 *addr[3];
90 	size_t len[3];
91 
92 	/* RFC 5297, A.1. Deterministic Authenticated Encryption Example */
93 	addr[0] = ad;
94 	len[0] = sizeof(ad);
95 
96 	if (aes_siv_encrypt(key, sizeof(key), plaintext, sizeof(plaintext),
97 			    1, addr, len, out)) {
98 		wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed");
99 		return 1;
100 	}
101 	if (os_memcmp(out, iv_c, sizeof(iv_c)) != 0) {
102 		wpa_printf(MSG_ERROR,
103 			   "AES-SIV mode encryption returned invalid cipher text");
104 		return 1;
105 	}
106 
107 	if (aes_siv_decrypt(key, sizeof(key), iv_c, sizeof(iv_c),
108 			    1, addr, len, out)) {
109 		wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed");
110 		return 1;
111 	}
112 	if (os_memcmp(out, plaintext, sizeof(plaintext)) != 0) {
113 		wpa_printf(MSG_ERROR,
114 			   "AES-SIV mode decryption returned invalid plain text");
115 		return 1;
116 	}
117 
118 	/* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */
119 	addr[0] = ad1_2;
120 	len[0] = sizeof(ad1_2);
121 	addr[1] = ad2_2;
122 	len[1] = sizeof(ad2_2);
123 	addr[2] = nonce_2;
124 	len[2] = sizeof(nonce_2);
125 
126 	if (aes_siv_encrypt(key_2, sizeof(key_2),
127 			    plaintext_2, sizeof(plaintext_2),
128 			    3, addr, len, out)) {
129 		wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed");
130 		return 1;
131 	}
132 	if (os_memcmp(out, iv_c_2, sizeof(iv_c_2)) != 0) {
133 		wpa_printf(MSG_ERROR,
134 			   "AES-SIV mode encryption returned invalid cipher text");
135 		return 1;
136 	}
137 
138 	if (aes_siv_decrypt(key_2, sizeof(key_2), iv_c_2, sizeof(iv_c_2),
139 			    3, addr, len, out)) {
140 		wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed");
141 		return 1;
142 	}
143 	if (os_memcmp(out, plaintext_2, sizeof(plaintext_2)) != 0) {
144 		wpa_printf(MSG_ERROR,
145 			   "AES-SIV mode decryption returned invalid plain text");
146 		return 1;
147 	}
148 
149 	wpa_printf(MSG_INFO, "AES-SIV test cases passed");
150 #endif /* CONFIG_MESH */
151 
152 	return 0;
153 }
154 
155 
156 /* OMAC1 AES-128 test vectors from
157  * http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/omac/omac-ad.pdf
158  * which are same as the examples from NIST SP800-38B
159  * http://csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf
160  */
161 
162 struct omac1_test_vector {
163 	u8 k[16];
164 	u8 msg[64];
165 	int msg_len;
166 	u8 tag[16];
167 };
168 
169 static const struct omac1_test_vector omac1_test_vectors[] =
170 {
171 	{
172 		{ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
173 		  0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
174 		{ },
175 		0,
176 		{ 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
177 		  0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 }
178 	},
179 	{
180 		{ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
181 		  0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
182 		{ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
183 		  0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a},
184 		16,
185 		{ 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
186 		  0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c }
187 	},
188 	{
189 		{ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
190 		  0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
191 		{ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
192 		  0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
193 		  0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
194 		  0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
195 		  0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11 },
196 		40,
197 		{ 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
198 		  0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 }
199 	},
200 	{
201 		{ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
202 		  0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
203 		{ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
204 		  0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
205 		  0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
206 		  0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
207 		  0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
208 		  0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
209 		  0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
210 		  0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 },
211 		64,
212 		{ 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
213 		  0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe }
214 	},
215 };
216 
217 
test_omac1_vector(const struct omac1_test_vector * tv,unsigned int i)218 static int test_omac1_vector(const struct omac1_test_vector *tv,
219 			     unsigned int i)
220 {
221 	u8 key[] = {
222 		0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
223 		0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
224 	};
225 	u8 msg[] = { 0x12, 0x34, 0x56 };
226 	u8 result[24], result2[24];
227 	const u8 *addr[3];
228 	size_t len[3];
229 
230 	if (omac1_aes_128(tv->k, tv->msg, tv->msg_len, result) ||
231 	    os_memcmp(result, tv->tag, 16) != 0) {
232 		wpa_printf(MSG_ERROR, "OMAC1-AES-128 test vector %u failed", i);
233 		return 1;
234 	}
235 
236 	if (tv->msg_len > 1) {
237 
238 		addr[0] = tv->msg;
239 		len[0] = 1;
240 		addr[1] = tv->msg + 1;
241 		len[1] = tv->msg_len - 1;
242 
243 		if (omac1_aes_128_vector(tv->k, 2, addr, len, result) ||
244 		    os_memcmp(result, tv->tag, 16) != 0) {
245 			wpa_printf(MSG_ERROR,
246 				   "OMAC1-AES-128(vector) test vector %u failed",
247 				   i);
248 			return 1;
249 		}
250 
251 		addr[0] = tv->msg;
252 		len[0] = tv->msg_len - 2;
253 		addr[1] = tv->msg + tv->msg_len - 2;
254 		len[1] = 1;
255 		addr[2] = tv->msg + tv->msg_len - 1;
256 		len[2] = 1;
257 
258 		if (omac1_aes_128_vector(tv->k, 3, addr, len, result) ||
259 		    os_memcmp(result, tv->tag, 16) != 0) {
260 			wpa_printf(MSG_ERROR,
261 				   "OMAC1-AES-128(vector2) test vector %u failed",
262 				   i);
263 			return 1;
264 		}
265 	}
266 
267 	addr[0] = &msg[0];
268 	len[0] = 1;
269 	addr[1] = &msg[1];
270 	len[1] = 1;
271 	addr[2] = &msg[2];
272 	len[2] = 1;
273 	if (omac1_aes_128(key, msg, sizeof(msg), result) ||
274 	    omac1_aes_128_vector(key, 3, addr, len, result2) ||
275 	    os_memcmp(result, result2, 16) != 0) {
276 		wpa_printf(MSG_ERROR, "OMAC1-AES-128 short test mismatch");
277 		return 1;
278 	}
279 
280 	return 0;
281 }
282 
283 
test_omac1(void)284 static int test_omac1(void)
285 {
286 	unsigned int i;
287 
288 	for (i = 0; i < ARRAY_SIZE(omac1_test_vectors); i++) {
289 		if (test_omac1_vector(&omac1_test_vectors[i], i))
290 			return 1;
291 	}
292 
293 	wpa_printf(MSG_INFO, "OMAC1-AES-128 test cases passed");
294 
295 	return 0;
296 }
297 
298 
test_eax(void)299 static int test_eax(void)
300 {
301 #ifdef EAP_PSK
302 	u8 msg[] = { 0xF7, 0xFB };
303 	u8 key[] = { 0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B,
304 		     0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4 };
305 	u8 nonce[] = { 0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84,
306 		       0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD };
307 	u8 hdr[] = { 0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA };
308 	u8 cipher[] = { 0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D,
309 			0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79,
310 			0x67, 0xE5 };
311 	u8 data[sizeof(msg)], tag[AES_BLOCK_SIZE];
312 
313 	os_memcpy(data, msg, sizeof(msg));
314 	if (aes_128_eax_encrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
315 				data, sizeof(data), tag)) {
316 		wpa_printf(MSG_ERROR, "AES-128 EAX mode encryption failed");
317 		return 1;
318 	}
319 	if (os_memcmp(data, cipher, sizeof(data)) != 0) {
320 		wpa_printf(MSG_ERROR,
321 			   "AES-128 EAX mode encryption returned invalid cipher text");
322 		return 1;
323 	}
324 	if (os_memcmp(tag, cipher + sizeof(data), AES_BLOCK_SIZE) != 0) {
325 		wpa_printf(MSG_ERROR,
326 			   "AES-128 EAX mode encryption returned invalid tag");
327 		return 1;
328 	}
329 
330 	if (aes_128_eax_decrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
331 				data, sizeof(data), tag)) {
332 		wpa_printf(MSG_ERROR, "AES-128 EAX mode decryption failed");
333 		return 1;
334 	}
335 	if (os_memcmp(data, msg, sizeof(data)) != 0) {
336 		wpa_printf(MSG_ERROR,
337 			   "AES-128 EAX mode decryption returned invalid plain text");
338 		return 1;
339 	}
340 
341 	wpa_printf(MSG_INFO, "AES-128 EAX mode test cases passed");
342 #endif /* EAP_PSK */
343 
344 	return 0;
345 }
346 
347 
test_cbc(void)348 static int test_cbc(void)
349 {
350 	struct cbc_test_vector {
351 		u8 key[16];
352 		u8 iv[16];
353 		u8 plain[32];
354 		u8 cipher[32];
355 		size_t len;
356 	} vectors[] = {
357 		{
358 			{ 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b,
359 			  0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 },
360 			{ 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30,
361 			  0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 },
362 			"Single block msg",
363 			{ 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8,
364 			  0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a },
365 			16
366 		},
367 		{
368 			{ 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0,
369 			  0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a },
370 			{ 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28,
371 			  0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 },
372 			{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
373 			  0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
374 			  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
375 			  0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
376 			{ 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a,
377 			  0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a,
378 			  0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9,
379 			  0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 },
380 			32
381 		}
382 	};
383 	int ret = 0;
384 	u8 *buf;
385 	unsigned int i;
386 
387 	for (i = 0; i < ARRAY_SIZE(vectors); i++) {
388 		struct cbc_test_vector *tv = &vectors[i];
389 
390 		buf = os_malloc(tv->len);
391 		if (buf == NULL) {
392 			ret++;
393 			break;
394 		}
395 
396 		os_memcpy(buf, tv->plain, tv->len);
397 		if (aes_128_cbc_encrypt(tv->key, tv->iv, buf, tv->len) ||
398 		    os_memcmp(buf, tv->cipher, tv->len) != 0) {
399 			wpa_printf(MSG_ERROR, "AES-CBC encrypt %d failed", i);
400 			ret++;
401 		}
402 
403 		os_memcpy(buf, tv->cipher, tv->len);
404 		if (aes_128_cbc_decrypt(tv->key, tv->iv, buf, tv->len) ||
405 		    os_memcmp(buf, tv->plain, tv->len) != 0) {
406 			wpa_printf(MSG_ERROR, "AES-CBC decrypt %d failed", i);
407 			ret++;
408 		}
409 
410 		os_free(buf);
411 	}
412 
413 	return ret;
414 }
415 
416 
test_ecb(void)417 static int test_ecb(void)
418 {
419 #ifdef EAP_PSK
420 	struct ecb_test_vector {
421 		char *key;
422 		char *plaintext;
423 		char *ciphertext;
424 	} vectors[] = {
425 		/* CAVS 11.1 - ECBGFSbox128.rsp */
426 		{
427 			"00000000000000000000000000000000",
428 			"f34481ec3cc627bacd5dc3fb08f273e6",
429 			"0336763e966d92595a567cc9ce537f5e"
430 		},
431 		{
432 			"00000000000000000000000000000000",
433 			"9798c4640bad75c7c3227db910174e72",
434 			"a9a1631bf4996954ebc093957b234589"
435 		},
436 		{
437 			"00000000000000000000000000000000",
438 			"96ab5c2ff612d9dfaae8c31f30c42168",
439 			"ff4f8391a6a40ca5b25d23bedd44a597"
440 		},
441 		{
442 			"00000000000000000000000000000000",
443 			"6a118a874519e64e9963798a503f1d35",
444 			"dc43be40be0e53712f7e2bf5ca707209"
445 		},
446 		{
447 			"00000000000000000000000000000000",
448 			"cb9fceec81286ca3e989bd979b0cb284",
449 			"92beedab1895a94faa69b632e5cc47ce"
450 		},
451 		{
452 			"00000000000000000000000000000000",
453 			"b26aeb1874e47ca8358ff22378f09144",
454 			"459264f4798f6a78bacb89c15ed3d601"
455 		},
456 		{
457 			"00000000000000000000000000000000",
458 			"58c8e00b2631686d54eab84b91f0aca1",
459 			"08a4e2efec8a8e3312ca7460b9040bbf"
460 		},
461 		/* CAVS 11.1 - ECBKeySbox128.rsp */
462 		{
463 			"10a58869d74be5a374cf867cfb473859",
464 			"00000000000000000000000000000000",
465 			"6d251e6944b051e04eaa6fb4dbf78465"
466 		},
467 		{
468 			"caea65cdbb75e9169ecd22ebe6e54675",
469 			"00000000000000000000000000000000",
470 			"6e29201190152df4ee058139def610bb",
471 		}
472 	};
473 	int ret = 0;
474 	unsigned int i;
475 	u8 key[16], plain[16], cipher[16], out[16];
476 
477 	for (i = 0; i < ARRAY_SIZE(vectors); i++) {
478 		struct ecb_test_vector *tv = &vectors[i];
479 
480 		if (hexstr2bin(tv->key, key, sizeof(key)) ||
481 		    hexstr2bin(tv->plaintext, plain, sizeof(plain)) ||
482 		    hexstr2bin(tv->ciphertext, cipher, sizeof(cipher))) {
483 			wpa_printf(MSG_ERROR, "Invalid AES-ECB test vector %u",
484 				   i);
485 			ret++;
486 			continue;
487 		}
488 
489 		if (aes_128_encrypt_block(key, plain, out) < 0 ||
490 		    os_memcmp(out, cipher, 16) != 0) {
491 			wpa_printf(MSG_ERROR, "AES-ECB encrypt %u failed", i);
492 			ret++;
493 		}
494 	}
495 
496 	if (!ret)
497 		wpa_printf(MSG_INFO, "AES ECB mode test cases passed");
498 
499 	return ret;
500 #endif /* EAP_PSK */
501 
502 	return 0;
503 }
504 
505 
test_key_wrap(void)506 static int test_key_wrap(void)
507 {
508 	int ret = 0;
509 
510 	/* RFC 3394 - Test vector 4.1 */
511 	u8 kek41[] = {
512 		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
513 		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
514 	};
515 	u8 plain41[] = {
516 		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
517 		0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
518 	};
519 	u8 crypt41[] = {
520 		0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
521 		0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
522 		0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5
523 	};
524 #ifndef CONFIG_BORINGSSL
525 	/* RFC 3394 - Test vector 4.2 */
526 	u8 kek42[] = {
527 		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
528 		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
529 		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
530 	};
531 	u8 plain42[] = {
532 		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
533 		0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
534 	};
535 	u8 crypt42[] = {
536 		0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35,
537 		0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2,
538 		0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D
539 	};
540 #endif /* CONFIG_BORINGSSL */
541 	/* RFC 3394 - Test vector 4.3 */
542 	u8 kek43[] = {
543 		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
544 		0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
545 		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
546 		0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
547 	};
548 	u8 plain43[] = {
549 		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
550 		0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
551 	};
552 	u8 crypt43[] = {
553 		0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2,
554 		0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A,
555 		0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7,
556 	};
557 #ifndef CONFIG_BORINGSSL
558 	/* RFC 3394 - Test vector 4.4 */
559 	u8 kek44[] = {
560 		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
561 		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
562 		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
563 	};
564 	u8 plain44[] = {
565 		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
566 		0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
567 		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
568 	};
569 	u8 crypt44[] = {
570 		0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32,
571 		0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC,
572 		0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93,
573 		0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2
574 	};
575 #endif /* CONFIG_BORINGSSL */
576 	/* RFC 3394 - Test vector 4.5 */
577 	u8 kek45[] = {
578 		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
579 		0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
580 		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
581 		0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
582 	};
583 	u8 plain45[] = {
584 		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
585 		0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
586 		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
587 	};
588 	u8 crypt45[] = {
589 		0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F,
590 		0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4,
591 		0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95,
592 		0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1,
593 	};
594 	/* RFC 3394 - Test vector 4.6 */
595 	u8 kek46[] = {
596 		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
597 		0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
598 		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
599 		0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
600 	};
601 	u8 plain46[] = {
602 		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
603 		0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
604 		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
605 		0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
606 	};
607 	u8 crypt46[] = {
608 		0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4,
609 		0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26,
610 		0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26,
611 		0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B,
612 		0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21
613 	};
614 	u8 result[40];
615 
616 	wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.1");
617 	if (aes_wrap(kek41, sizeof(kek41), sizeof(plain41) / 8, plain41,
618 		     result)) {
619 		wpa_printf(MSG_ERROR, "AES-WRAP-128 reported failure");
620 		ret++;
621 	}
622 	if (os_memcmp(result, crypt41, sizeof(crypt41)) != 0) {
623 		wpa_printf(MSG_ERROR, "AES-WRAP-128 failed");
624 		ret++;
625 	}
626 	if (aes_unwrap(kek41, sizeof(kek41), sizeof(plain41) / 8, crypt41,
627 		       result)) {
628 		wpa_printf(MSG_ERROR, "AES-UNWRAP-128 reported failure");
629 		ret++;
630 	}
631 	if (os_memcmp(result, plain41, sizeof(plain41)) != 0) {
632 		wpa_printf(MSG_ERROR, "AES-UNWRAP-128 failed");
633 		ret++;
634 	}
635 
636 #ifndef CONFIG_BORINGSSL
637 	wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.2");
638 	if (aes_wrap(kek42, sizeof(kek42), sizeof(plain42) / 8, plain42,
639 		     result)) {
640 		wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure");
641 		ret++;
642 	}
643 	if (os_memcmp(result, crypt42, sizeof(crypt42)) != 0) {
644 		wpa_printf(MSG_ERROR, "AES-WRAP-192 failed");
645 		ret++;
646 	}
647 	if (aes_unwrap(kek42, sizeof(kek42), sizeof(plain42) / 8, crypt42,
648 		       result)) {
649 		wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure");
650 		ret++;
651 	}
652 	if (os_memcmp(result, plain42, sizeof(plain42)) != 0) {
653 		wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed");
654 		ret++;
655 	}
656 #endif /* CONFIG_BORINGSSL */
657 
658 	wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.3");
659 	if (aes_wrap(kek43, sizeof(kek43), sizeof(plain43) / 8, plain43,
660 		     result)) {
661 		wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure");
662 		ret++;
663 	}
664 	if (os_memcmp(result, crypt43, sizeof(crypt43)) != 0) {
665 		wpa_printf(MSG_ERROR, "AES-WRAP-256 failed");
666 		ret++;
667 	}
668 	if (aes_unwrap(kek43, sizeof(kek43), sizeof(plain43) / 8, crypt43,
669 		       result)) {
670 		wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure");
671 		ret++;
672 	}
673 	if (os_memcmp(result, plain43, sizeof(plain43)) != 0) {
674 		wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed");
675 		ret++;
676 	}
677 
678 #ifndef CONFIG_BORINGSSL
679 	wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.4");
680 	if (aes_wrap(kek44, sizeof(kek44), sizeof(plain44) / 8, plain44,
681 		     result)) {
682 		wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure");
683 		ret++;
684 	}
685 	if (os_memcmp(result, crypt44, sizeof(crypt44)) != 0) {
686 		wpa_printf(MSG_ERROR, "AES-WRAP-192 failed");
687 		ret++;
688 	}
689 	if (aes_unwrap(kek44, sizeof(kek44), sizeof(plain44) / 8, crypt44,
690 		       result)) {
691 		wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure");
692 		ret++;
693 	}
694 	if (os_memcmp(result, plain44, sizeof(plain44)) != 0) {
695 		wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed");
696 		ret++;
697 	}
698 #endif /* CONFIG_BORINGSSL */
699 
700 	wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.5");
701 	if (aes_wrap(kek45, sizeof(kek45), sizeof(plain45) / 8, plain45,
702 		     result)) {
703 		wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure");
704 		ret++;
705 	}
706 	if (os_memcmp(result, crypt45, sizeof(crypt45)) != 0) {
707 		wpa_printf(MSG_ERROR, "AES-WRAP-256 failed");
708 		ret++;
709 	}
710 	if (aes_unwrap(kek45, sizeof(kek45), sizeof(plain45) / 8, crypt45,
711 		       result)) {
712 		wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure");
713 		ret++;
714 	}
715 	if (os_memcmp(result, plain45, sizeof(plain45)) != 0) {
716 		wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed");
717 		ret++;
718 	}
719 
720 	wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.6");
721 	if (aes_wrap(kek46, sizeof(kek46), sizeof(plain46) / 8, plain46,
722 		     result)) {
723 		wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure");
724 		ret++;
725 	}
726 	if (os_memcmp(result, crypt46, sizeof(crypt46)) != 0) {
727 		wpa_printf(MSG_ERROR, "AES-WRAP-256 failed");
728 		ret++;
729 	}
730 	if (aes_unwrap(kek46, sizeof(kek46), sizeof(plain46) / 8, crypt46,
731 		       result)) {
732 		wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure");
733 		ret++;
734 	}
735 	if (os_memcmp(result, plain46, sizeof(plain46)) != 0) {
736 		wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed");
737 		ret++;
738 	}
739 
740 	if (!ret)
741 		wpa_printf(MSG_INFO, "AES key wrap/unwrap test cases passed");
742 
743 	return ret;
744 }
745 
746 
test_md5(void)747 static int test_md5(void)
748 {
749 #ifndef CONFIG_FIPS
750 	struct {
751 		char *data;
752 		char *hash;
753 	} tests[] = {
754 		{
755 			"",
756 			"\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04"
757 			"\xe9\x80\x09\x98\xec\xf8\x42\x7e"
758 		},
759 		{
760 			"a",
761 			"\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8"
762 			"\x31\xc3\x99\xe2\x69\x77\x26\x61"
763 		},
764 		{
765 			"abc",
766 			"\x90\x01\x50\x98\x3c\xd2\x4f\xb0"
767 			"\xd6\x96\x3f\x7d\x28\xe1\x7f\x72"
768 		},
769 		{
770 			"message digest",
771 			"\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d"
772 			"\x52\x5a\x2f\x31\xaa\xf1\x61\xd0"
773 		},
774 		{
775 			"abcdefghijklmnopqrstuvwxyz",
776 			"\xc3\xfc\xd3\xd7\x61\x92\xe4\x00"
777 			"\x7d\xfb\x49\x6c\xca\x67\xe1\x3b"
778 		},
779 		{
780 			"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
781 			"0123456789",
782 			"\xd1\x74\xab\x98\xd2\x77\xd9\xf5"
783 			"\xa5\x61\x1c\x2c\x9f\x41\x9d\x9f"
784 		},
785 		{
786 			"12345678901234567890123456789012345678901234567890"
787 			"123456789012345678901234567890",
788 			"\x57\xed\xf4\xa2\x2b\xe3\xc9\x55"
789 			"\xac\x49\xda\x2e\x21\x07\xb6\x7a"
790 		}
791 	};
792 	unsigned int i;
793 	u8 hash[16];
794 	const u8 *addr[2];
795 	size_t len[2];
796 	int errors = 0;
797 
798 	for (i = 0; i < ARRAY_SIZE(tests); i++) {
799 		wpa_printf(MSG_INFO, "MD5 test case %d", i);
800 
801 		addr[0] = (u8 *) tests[i].data;
802 		len[0] = strlen(tests[i].data);
803 		if (md5_vector(1, addr, len, hash) < 0 ||
804 		    os_memcmp(hash, tests[i].hash, 16) != 0) {
805 			wpa_printf(MSG_INFO, " FAIL");
806 			errors++;
807 		} else
808 			wpa_printf(MSG_INFO, " OK");
809 
810 		if (len[0]) {
811 			addr[0] = (u8 *) tests[i].data;
812 			len[0] = strlen(tests[i].data);
813 			addr[1] = (u8 *) tests[i].data + 1;
814 			len[1] = strlen(tests[i].data) - 1;
815 			if (md5_vector(1, addr, len, hash) < 0 ||
816 			    os_memcmp(hash, tests[i].hash, 16) != 0) {
817 				wpa_printf(MSG_INFO, " FAIL");
818 				errors++;
819 			} else
820 				wpa_printf(MSG_INFO, " OK");
821 		}
822 	}
823 
824 	if (!errors)
825 		wpa_printf(MSG_INFO, "MD5 test cases passed");
826 
827 	return errors;
828 #else /* CONFIG_FIPS */
829 	wpa_printf(MSG_INFO, "MD5 test cases skipped due to CONFIG_FIPS");
830 	return 0;
831 #endif /* CONFIG_FIPS */
832 }
833 
834 
test_eap_fast(void)835 static int test_eap_fast(void)
836 {
837 #ifdef EAP_FAST
838 	/* RFC 4851, Appendix B.1 */
839 	const u8 pac_key[] = {
840 		0x0B, 0x97, 0x39, 0x0F, 0x37, 0x51, 0x78, 0x09,
841 		0x81, 0x1E, 0xFD, 0x9C, 0x6E, 0x65, 0x94, 0x2B,
842 		0x63, 0x2C, 0xE9, 0x53, 0x89, 0x38, 0x08, 0xBA,
843 		0x36, 0x0B, 0x03, 0x7C, 0xD1, 0x85, 0xE4, 0x14
844 	};
845 	const u8 seed[] = {
846 		0x3F, 0xFB, 0x11, 0xC4, 0x6C, 0xBF, 0xA5, 0x7A,
847 		0x54, 0x40, 0xDA, 0xE8, 0x22, 0xD3, 0x11, 0xD3,
848 		0xF7, 0x6D, 0xE4, 0x1D, 0xD9, 0x33, 0xE5, 0x93,
849 		0x70, 0x97, 0xEB, 0xA9, 0xB3, 0x66, 0xF4, 0x2A,
850 		0x00, 0x00, 0x00, 0x02, 0x6A, 0x66, 0x43, 0x2A,
851 		0x8D, 0x14, 0x43, 0x2C, 0xEC, 0x58, 0x2D, 0x2F,
852 		0xC7, 0x9C, 0x33, 0x64, 0xBA, 0x04, 0xAD, 0x3A,
853 		0x52, 0x54, 0xD6, 0xA5, 0x79, 0xAD, 0x1E, 0x00
854 	};
855 	const u8 master_secret[] = {
856 		0x4A, 0x1A, 0x51, 0x2C, 0x01, 0x60, 0xBC, 0x02,
857 		0x3C, 0xCF, 0xBC, 0x83, 0x3F, 0x03, 0xBC, 0x64,
858 		0x88, 0xC1, 0x31, 0x2F, 0x0B, 0xA9, 0xA2, 0x77,
859 		0x16, 0xA8, 0xD8, 0xE8, 0xBD, 0xC9, 0xD2, 0x29,
860 		0x38, 0x4B, 0x7A, 0x85, 0xBE, 0x16, 0x4D, 0x27,
861 		0x33, 0xD5, 0x24, 0x79, 0x87, 0xB1, 0xC5, 0xA2
862 	};
863 #ifndef CONFIG_FIPS
864 	const u8 key_block[] = {
865 		0x59, 0x59, 0xBE, 0x8E, 0x41, 0x3A, 0x77, 0x74,
866 		0x8B, 0xB2, 0xE5, 0xD3, 0x60, 0xAC, 0x4D, 0x35,
867 		0xDF, 0xFB, 0xC8, 0x1E, 0x9C, 0x24, 0x9C, 0x8B,
868 		0x0E, 0xC3, 0x1D, 0x72, 0xC8, 0x84, 0x9D, 0x57,
869 		0x48, 0x51, 0x2E, 0x45, 0x97, 0x6C, 0x88, 0x70,
870 		0xBE, 0x5F, 0x01, 0xD3, 0x64, 0xE7, 0x4C, 0xBB,
871 		0x11, 0x24, 0xE3, 0x49, 0xE2, 0x3B, 0xCD, 0xEF,
872 		0x7A, 0xB3, 0x05, 0x39, 0x5D, 0x64, 0x8A, 0x44,
873 		0x11, 0xB6, 0x69, 0x88, 0x34, 0x2E, 0x8E, 0x29,
874 		0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05,
875 		0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96,
876 		0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84,
877 		0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98,
878 		0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71
879 	};
880 #endif /* CONFIG_FIPS */
881 	const u8 sks[] = {
882 		0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05,
883 		0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96,
884 		0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84,
885 		0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98,
886 		0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71
887 	};
888 	const u8 isk[] = {
889 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
890 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
891 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
892 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
893 	};
894 	const u8 imck[] = {
895 		0x16, 0x15, 0x3C, 0x3F, 0x21, 0x55, 0xEF, 0xD9,
896 		0x7F, 0x34, 0xAE, 0xC8, 0x1A, 0x4E, 0x66, 0x80,
897 		0x4C, 0xC3, 0x76, 0xF2, 0x8A, 0xA9, 0x6F, 0x96,
898 		0xC2, 0x54, 0x5F, 0x8C, 0xAB, 0x65, 0x02, 0xE1,
899 		0x18, 0x40, 0x7B, 0x56, 0xBE, 0xEA, 0xA7, 0xC5,
900 		0x76, 0x5D, 0x8F, 0x0B, 0xC5, 0x07, 0xC6, 0xB9,
901 		0x04, 0xD0, 0x69, 0x56, 0x72, 0x8B, 0x6B, 0xB8,
902 		0x15, 0xEC, 0x57, 0x7B
903 	};
904 	const u8 msk[] = {
905 		0x4D, 0x83, 0xA9, 0xBE, 0x6F, 0x8A, 0x74, 0xED,
906 		0x6A, 0x02, 0x66, 0x0A, 0x63, 0x4D, 0x2C, 0x33,
907 		0xC2, 0xDA, 0x60, 0x15, 0xC6, 0x37, 0x04, 0x51,
908 		0x90, 0x38, 0x63, 0xDA, 0x54, 0x3E, 0x14, 0xB9,
909 		0x27, 0x99, 0x18, 0x1E, 0x07, 0xBF, 0x0F, 0x5A,
910 		0x5E, 0x3C, 0x32, 0x93, 0x80, 0x8C, 0x6C, 0x49,
911 		0x67, 0xED, 0x24, 0xFE, 0x45, 0x40, 0xA0, 0x59,
912 		0x5E, 0x37, 0xC2, 0xE9, 0xD0, 0x5D, 0x0A, 0xE3
913 	};
914 	const u8 emsk[] = {
915 		0x3A, 0xD4, 0xAB, 0xDB, 0x76, 0xB2, 0x7F, 0x3B,
916 		0xEA, 0x32, 0x2C, 0x2B, 0x74, 0xF4, 0x28, 0x55,
917 		0xEF, 0x2D, 0xBA, 0x78, 0xC9, 0x57, 0x2F, 0x0D,
918 		0x06, 0xCD, 0x51, 0x7C, 0x20, 0x93, 0x98, 0xA9,
919 		0x76, 0xEA, 0x70, 0x21, 0xD7, 0x0E, 0x25, 0x54,
920 		0x97, 0xED, 0xB2, 0x8A, 0xF6, 0xED, 0xFD, 0x0A,
921 		0x2A, 0xE7, 0xA1, 0x58, 0x90, 0x10, 0x50, 0x44,
922 		0xB3, 0x82, 0x85, 0xDB, 0x06, 0x14, 0xD2, 0xF9
923 	};
924 	/* RFC 4851, Appendix B.2 */
925 	u8 tlv[] = {
926 		0x80, 0x0C, 0x00, 0x38, 0x00, 0x01, 0x01, 0x00,
927 		0xD8, 0x6A, 0x8C, 0x68, 0x3C, 0x32, 0x31, 0xA8,
928 		0x56, 0x63, 0xB6, 0x40, 0x21, 0xFE, 0x21, 0x14,
929 		0x4E, 0xE7, 0x54, 0x20, 0x79, 0x2D, 0x42, 0x62,
930 		0xC9, 0xBF, 0x53, 0x7F, 0x54, 0xFD, 0xAC, 0x58,
931 		0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF,
932 		0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC,
933 		0x05, 0xC5, 0x5B, 0xB7
934 	};
935 	const u8 compound_mac[] = {
936 		0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF,
937 		0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC,
938 		0x05, 0xC5, 0x5B, 0xB7
939 	};
940 	u8 buf[512];
941 	const u8 *simck, *cmk;
942 	int errors = 0;
943 
944 	wpa_printf(MSG_INFO, "EAP-FAST test cases");
945 
946 	wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / master_secret");
947 	if (sha1_t_prf(pac_key, sizeof(pac_key),
948 		       "PAC to master secret label hash",
949 		       seed, sizeof(seed), buf, sizeof(master_secret)) < 0 ||
950 	    os_memcmp(master_secret, buf, sizeof(master_secret)) != 0) {
951 		wpa_printf(MSG_INFO, "T-PRF test - FAILED!");
952 		errors++;
953 	}
954 
955 #ifndef CONFIG_FIPS
956 	wpa_printf(MSG_INFO, "- PRF (TLS, SHA1/MD5) test case / key_block");
957 	if (tls_prf_sha1_md5(master_secret, sizeof(master_secret),
958 			     "key expansion", seed, sizeof(seed),
959 			     buf, sizeof(key_block)) ||
960 	    os_memcmp(key_block, buf, sizeof(key_block)) != 0) {
961 		wpa_printf(MSG_INFO, "PRF test - FAILED!");
962 		errors++;
963 	}
964 #endif /* CONFIG_FIPS */
965 
966 	wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / IMCK");
967 	if (sha1_t_prf(sks, sizeof(sks), "Inner Methods Compound Keys",
968 		       isk, sizeof(isk), buf, sizeof(imck)) < 0 ||
969 	    os_memcmp(imck, buf, sizeof(imck)) != 0) {
970 		wpa_printf(MSG_INFO, "T-PRF test - FAILED!");
971 		errors++;
972 	}
973 
974 	simck = imck;
975 	cmk = imck + 40;
976 
977 	wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / MSK");
978 	if (sha1_t_prf(simck, 40, "Session Key Generating Function",
979 		       (u8 *) "", 0, buf, sizeof(msk)) < 0 ||
980 	    os_memcmp(msk, buf, sizeof(msk)) != 0) {
981 		wpa_printf(MSG_INFO, "T-PRF test - FAILED!");
982 		errors++;
983 	}
984 
985 	wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / EMSK");
986 	if (sha1_t_prf(simck, 40, "Extended Session Key Generating Function",
987 		       (u8 *) "", 0, buf, sizeof(msk)) < 0 ||
988 	    os_memcmp(emsk, buf, sizeof(emsk)) != 0) {
989 		wpa_printf(MSG_INFO, "T-PRF test - FAILED!");
990 		errors++;
991 	}
992 
993 	wpa_printf(MSG_INFO, "- Compound MAC test case");
994 	os_memset(tlv + sizeof(tlv) - 20, 0, 20);
995 	if (hmac_sha1(cmk, 20, tlv, sizeof(tlv), tlv + sizeof(tlv) - 20) < 0 ||
996 	    os_memcmp(tlv + sizeof(tlv) - 20, compound_mac,
997 		      sizeof(compound_mac)) != 0) {
998 		wpa_printf(MSG_INFO, "Compound MAC test - FAILED!");
999 		errors++;
1000 	}
1001 
1002 	return errors;
1003 #else /* EAP_FAST */
1004 	return 0;
1005 #endif /* EAP_FAST */
1006 }
1007 
1008 
1009 static const u8 key0[] =
1010 {
1011 	0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1012 	0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1013 	0x0b, 0x0b, 0x0b, 0x0b
1014 };
1015 static const u8 data0[] = "Hi There";
1016 static const u8 prf0[] =
1017 {
1018 	0xbc, 0xd4, 0xc6, 0x50, 0xb3, 0x0b, 0x96, 0x84,
1019 	0x95, 0x18, 0x29, 0xe0, 0xd7, 0x5f, 0x9d, 0x54,
1020 	0xb8, 0x62, 0x17, 0x5e, 0xd9, 0xf0, 0x06, 0x06,
1021 	0xe1, 0x7d, 0x8d, 0xa3, 0x54, 0x02, 0xff, 0xee,
1022 	0x75, 0xdf, 0x78, 0xc3, 0xd3, 0x1e, 0x0f, 0x88,
1023 	0x9f, 0x01, 0x21, 0x20, 0xc0, 0x86, 0x2b, 0xeb,
1024 	0x67, 0x75, 0x3e, 0x74, 0x39, 0xae, 0x24, 0x2e,
1025 	0xdb, 0x83, 0x73, 0x69, 0x83, 0x56, 0xcf, 0x5a
1026 };
1027 
1028 static const u8 key1[] = "Jefe";
1029 static const u8 data1[] = "what do ya want for nothing?";
1030 static const u8 prf1[] =
1031 {
1032 	0x51, 0xf4, 0xde, 0x5b, 0x33, 0xf2, 0x49, 0xad,
1033 	0xf8, 0x1a, 0xeb, 0x71, 0x3a, 0x3c, 0x20, 0xf4,
1034 	0xfe, 0x63, 0x14, 0x46, 0xfa, 0xbd, 0xfa, 0x58,
1035 	0x24, 0x47, 0x59, 0xae, 0x58, 0xef, 0x90, 0x09,
1036 	0xa9, 0x9a, 0xbf, 0x4e, 0xac, 0x2c, 0xa5, 0xfa,
1037 	0x87, 0xe6, 0x92, 0xc4, 0x40, 0xeb, 0x40, 0x02,
1038 	0x3e, 0x7b, 0xab, 0xb2, 0x06, 0xd6, 0x1d, 0xe7,
1039 	0xb9, 0x2f, 0x41, 0x52, 0x90, 0x92, 0xb8, 0xfc
1040 };
1041 
1042 
1043 static const u8 key2[] =
1044 {
1045 	0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1046 	0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1047 	0xaa, 0xaa, 0xaa, 0xaa
1048 };
1049 static const u8 data2[] =
1050 {
1051 	0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1052 	0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1053 	0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1054 	0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1055 	0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1056 	0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1057 	0xdd, 0xdd
1058 };
1059 static const u8 prf2[] =
1060 {
1061 	0xe1, 0xac, 0x54, 0x6e, 0xc4, 0xcb, 0x63, 0x6f,
1062 	0x99, 0x76, 0x48, 0x7b, 0xe5, 0xc8, 0x6b, 0xe1,
1063 	0x7a, 0x02, 0x52, 0xca, 0x5d, 0x8d, 0x8d, 0xf1,
1064 	0x2c, 0xfb, 0x04, 0x73, 0x52, 0x52, 0x49, 0xce,
1065 	0x9d, 0xd8, 0xd1, 0x77, 0xea, 0xd7, 0x10, 0xbc,
1066 	0x9b, 0x59, 0x05, 0x47, 0x23, 0x91, 0x07, 0xae,
1067 	0xf7, 0xb4, 0xab, 0xd4, 0x3d, 0x87, 0xf0, 0xa6,
1068 	0x8f, 0x1c, 0xbd, 0x9e, 0x2b, 0x6f, 0x76, 0x07
1069 };
1070 
1071 
1072 struct passphrase_test {
1073 	char *passphrase;
1074 	char *ssid;
1075 	char psk[32];
1076 };
1077 
1078 static const struct passphrase_test passphrase_tests[] =
1079 {
1080 	{
1081 		"password",
1082 		"IEEE",
1083 		{
1084 			0xf4, 0x2c, 0x6f, 0xc5, 0x2d, 0xf0, 0xeb, 0xef,
1085 			0x9e, 0xbb, 0x4b, 0x90, 0xb3, 0x8a, 0x5f, 0x90,
1086 			0x2e, 0x83, 0xfe, 0x1b, 0x13, 0x5a, 0x70, 0xe2,
1087 			0x3a, 0xed, 0x76, 0x2e, 0x97, 0x10, 0xa1, 0x2e
1088 		}
1089 	},
1090 	{
1091 		"ThisIsAPassword",
1092 		"ThisIsASSID",
1093 		{
1094 			0x0d, 0xc0, 0xd6, 0xeb, 0x90, 0x55, 0x5e, 0xd6,
1095 			0x41, 0x97, 0x56, 0xb9, 0xa1, 0x5e, 0xc3, 0xe3,
1096 			0x20, 0x9b, 0x63, 0xdf, 0x70, 0x7d, 0xd5, 0x08,
1097 			0xd1, 0x45, 0x81, 0xf8, 0x98, 0x27, 0x21, 0xaf
1098 		}
1099 	},
1100 	{
1101 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
1102 		"ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ",
1103 		{
1104 			0xbe, 0xcb, 0x93, 0x86, 0x6b, 0xb8, 0xc3, 0x83,
1105 			0x2c, 0xb7, 0x77, 0xc2, 0xf5, 0x59, 0x80, 0x7c,
1106 			0x8c, 0x59, 0xaf, 0xcb, 0x6e, 0xae, 0x73, 0x48,
1107 			0x85, 0x00, 0x13, 0x00, 0xa9, 0x81, 0xcc, 0x62
1108 		}
1109 	},
1110 };
1111 
1112 #define NUM_PASSPHRASE_TESTS ARRAY_SIZE(passphrase_tests)
1113 
1114 
1115 struct rfc6070_test {
1116 	char *p;
1117 	char *s;
1118 	int c;
1119 	char dk[32];
1120 	size_t dk_len;
1121 };
1122 
1123 static const struct rfc6070_test rfc6070_tests[] =
1124 {
1125 	{
1126 		"password",
1127 		"salt",
1128 		1,
1129 		{
1130 			0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
1131 			0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06,
1132 			0x2f, 0xe0, 0x37, 0xa6
1133 		},
1134 		20
1135 	},
1136 	{
1137 		"password",
1138 		"salt",
1139 		2,
1140 		{
1141 			0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c,
1142 			0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0,
1143 			0xd8, 0xde, 0x89, 0x57
1144 		},
1145 		20
1146 	},
1147 	{
1148 		"password",
1149 		"salt",
1150 		4096,
1151 		{
1152 			0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a,
1153 			0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0,
1154 			0x65, 0xa4, 0x29, 0xc1
1155 		},
1156 		20
1157 	},
1158 #if 0 /* This takes quite long to derive.. */
1159 	{
1160 		"password",
1161 		"salt",
1162 		16777216,
1163 		{
1164 			0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4,
1165 			0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c,
1166 			0x26, 0x34, 0xe9, 0x84
1167 		},
1168 		20
1169 	},
1170 #endif
1171 	{
1172 		"passwordPASSWORDpassword",
1173 		"saltSALTsaltSALTsaltSALTsaltSALTsalt",
1174 		4096,
1175 		{
1176 			0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b,
1177 			0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a,
1178 			0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70,
1179 			0x38
1180 		},
1181 		25
1182 	},
1183 #if 0 /* \0 not currently supported in passphrase parameters.. */
1184 	{
1185 		"pass\0word",
1186 		"sa\0lt",
1187 		4096,
1188 		{
1189 			0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d,
1190 			0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3
1191 		},
1192 		16
1193 	},
1194 #endif
1195 };
1196 
1197 #define NUM_RFC6070_TESTS ARRAY_SIZE(rfc6070_tests)
1198 
1199 
test_sha1(void)1200 static int test_sha1(void)
1201 {
1202 	u8 res[512];
1203 	int ret = 0;
1204 	unsigned int i;
1205 
1206 	wpa_printf(MSG_INFO, "PRF-SHA1 test cases:");
1207 
1208 	if (sha1_prf(key0, sizeof(key0), "prefix", data0, sizeof(data0) - 1,
1209 		     res, sizeof(prf0)) == 0 &&
1210 	    os_memcmp(res, prf0, sizeof(prf0)) == 0)
1211 		wpa_printf(MSG_INFO, "Test case 0 - OK");
1212 	else {
1213 		wpa_printf(MSG_INFO, "Test case 0 - FAILED!");
1214 		ret++;
1215 	}
1216 
1217 	if (sha1_prf(key1, sizeof(key1) - 1, "prefix", data1, sizeof(data1) - 1,
1218 		     res, sizeof(prf1)) == 0 &&
1219 	    os_memcmp(res, prf1, sizeof(prf1)) == 0)
1220 		wpa_printf(MSG_INFO, "Test case 1 - OK");
1221 	else {
1222 		wpa_printf(MSG_INFO, "Test case 1 - FAILED!");
1223 		ret++;
1224 	}
1225 
1226 	if (sha1_prf(key2, sizeof(key2), "prefix", data2, sizeof(data2),
1227 		     res, sizeof(prf2)) == 0 &&
1228 	    os_memcmp(res, prf2, sizeof(prf2)) == 0)
1229 		wpa_printf(MSG_INFO, "Test case 2 - OK");
1230 	else {
1231 		wpa_printf(MSG_INFO, "Test case 2 - FAILED!");
1232 		ret++;
1233 	}
1234 
1235 	ret += test_eap_fast();
1236 
1237 	wpa_printf(MSG_INFO, "PBKDF2-SHA1 Passphrase test cases:");
1238 	for (i = 0; i < NUM_PASSPHRASE_TESTS; i++) {
1239 		u8 psk[32];
1240 		const struct passphrase_test *test = &passphrase_tests[i];
1241 
1242 		if (pbkdf2_sha1(test->passphrase,
1243 				(const u8 *) test->ssid, strlen(test->ssid),
1244 				4096, psk, 32) == 0 &&
1245 		    os_memcmp(psk, test->psk, 32) == 0)
1246 			wpa_printf(MSG_INFO, "Test case %d - OK", i);
1247 		else {
1248 			wpa_printf(MSG_INFO, "Test case %d - FAILED!", i);
1249 			ret++;
1250 		}
1251 	}
1252 
1253 	wpa_printf(MSG_INFO, "PBKDF2-SHA1 test cases (RFC 6070):");
1254 	for (i = 0; i < NUM_RFC6070_TESTS; i++) {
1255 		u8 dk[25];
1256 		const struct rfc6070_test *test = &rfc6070_tests[i];
1257 
1258 		if (pbkdf2_sha1(test->p, (const u8 *) test->s, strlen(test->s),
1259 				test->c, dk, test->dk_len) == 0 &&
1260 		    os_memcmp(dk, test->dk, test->dk_len) == 0)
1261 			wpa_printf(MSG_INFO, "Test case %d - OK", i);
1262 		else {
1263 			wpa_printf(MSG_INFO, "Test case %d - FAILED!", i);
1264 			ret++;
1265 		}
1266 	}
1267 
1268 	if (!ret)
1269 		wpa_printf(MSG_INFO, "SHA1 test cases passed");
1270 	return ret;
1271 }
1272 
1273 
1274 static const struct {
1275 	char *data;
1276 	u8 hash[32];
1277 } tests[] = {
1278 	{
1279 		"abc",
1280 		{
1281 			0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea,
1282 			0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
1283 			0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
1284 			0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad
1285 		}
1286 	},
1287 	{
1288 		"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
1289 		{
1290 			0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8,
1291 			0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39,
1292 			0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67,
1293 			0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1
1294 		}
1295 	}
1296 };
1297 
1298 static const struct hmac_test {
1299 	u8 key[150];
1300 	size_t key_len;
1301 	u8 data[160];
1302 	size_t data_len;
1303 	u8 hash[32]; /* HMAC-SHA-256 */
1304 	u8 hash384[48]; /* HMAC-SHA-384 */
1305 } hmac_tests[] = {
1306 	/* draft-ietf-ipsec-ciph-sha-256-01.txt; RFC 4231 */
1307 	{
1308 		{
1309 			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
1310 			0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
1311 			0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
1312 			0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20
1313 		},
1314 		32,
1315 		"abc", 3,
1316 		{
1317 			0xa2, 0x1b, 0x1f, 0x5d, 0x4c, 0xf4, 0xf7, 0x3a,
1318 			0x4d, 0xd9, 0x39, 0x75, 0x0f, 0x7a, 0x06, 0x6a,
1319 			0x7f, 0x98, 0xcc, 0x13, 0x1c, 0xb1, 0x6a, 0x66,
1320 			0x92, 0x75, 0x90, 0x21, 0xcf, 0xab, 0x81, 0x81
1321 		},
1322 		{ }
1323 	},
1324 	{
1325 		{
1326 			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
1327 			0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
1328 			0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
1329 			0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20
1330 		},
1331 		32,
1332 		"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
1333 		56,
1334 		{
1335 			0x10, 0x4f, 0xdc, 0x12, 0x57, 0x32, 0x8f, 0x08,
1336 			0x18, 0x4b, 0xa7, 0x31, 0x31, 0xc5, 0x3c, 0xae,
1337 			0xe6, 0x98, 0xe3, 0x61, 0x19, 0x42, 0x11, 0x49,
1338 			0xea, 0x8c, 0x71, 0x24, 0x56, 0x69, 0x7d, 0x30
1339 		},
1340 		{ }
1341 	},
1342 	{
1343 		{
1344 			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
1345 			0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
1346 			0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
1347 			0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20
1348 		},
1349 		32,
1350 		"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
1351 		"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
1352 		112,
1353 		{
1354 			0x47, 0x03, 0x05, 0xfc, 0x7e, 0x40, 0xfe, 0x34,
1355 			0xd3, 0xee, 0xb3, 0xe7, 0x73, 0xd9, 0x5a, 0xab,
1356 			0x73, 0xac, 0xf0, 0xfd, 0x06, 0x04, 0x47, 0xa5,
1357 			0xeb, 0x45, 0x95, 0xbf, 0x33, 0xa9, 0xd1, 0xa3
1358 		},
1359 		{ }
1360 	},
1361 	{
1362 		{
1363 			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1364 			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1365 			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1366 			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b
1367 		},
1368 		32,
1369 		"Hi There",
1370 		8,
1371 		{
1372 			0x19, 0x8a, 0x60, 0x7e, 0xb4, 0x4b, 0xfb, 0xc6,
1373 			0x99, 0x03, 0xa0, 0xf1, 0xcf, 0x2b, 0xbd, 0xc5,
1374 			0xba, 0x0a, 0xa3, 0xf3, 0xd9, 0xae, 0x3c, 0x1c,
1375 			0x7a, 0x3b, 0x16, 0x96, 0xa0, 0xb6, 0x8c, 0xf7
1376 		},
1377 		{ }
1378 	},
1379 	{ /* RFC 4231 - Test Case 1 */
1380 		{
1381 			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1382 			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1383 			0x0b, 0x0b, 0x0b, 0x0b
1384 		},
1385 		20,
1386 		"Hi There",
1387 		8,
1388 		{
1389 			0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53,
1390 			0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b,
1391 			0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7,
1392 			0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7
1393 		},
1394 		{
1395 			0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62,
1396 			0x6b, 0x08, 0x25, 0xf4, 0xab, 0x46, 0x90, 0x7f,
1397 			0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,
1398 			0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c,
1399 			0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f,
1400 			0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6
1401 		}
1402 	},
1403 	{ /* RFC 4231 - Test Case 2 */
1404 		"Jefe",
1405 		4,
1406 		"what do ya want for nothing?",
1407 		28,
1408 		{
1409 			0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e,
1410 			0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7,
1411 			0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83,
1412 			0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43
1413 		},
1414 		{
1415 			0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31,
1416 			0x61, 0x7f, 0x78, 0xd2, 0xb5, 0x8a, 0x6b, 0x1b,
1417 			0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47,
1418 			0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e,
1419 			0x8e, 0x22, 0x40, 0xca, 0x5e, 0x69, 0xe2, 0xc7,
1420 			0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49
1421 		}
1422 	},
1423 	{
1424 		{
1425 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1426 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1427 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1428 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
1429 		},
1430 		32,
1431 		{
1432 			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1433 			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1434 			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1435 			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1436 			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1437 			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1438 			0xdd, 0xdd
1439 		},
1440 		50,
1441 		{
1442 			0xcd, 0xcb, 0x12, 0x20, 0xd1, 0xec, 0xcc, 0xea,
1443 			0x91, 0xe5, 0x3a, 0xba, 0x30, 0x92, 0xf9, 0x62,
1444 			0xe5, 0x49, 0xfe, 0x6c, 0xe9, 0xed, 0x7f, 0xdc,
1445 			0x43, 0x19, 0x1f, 0xbd, 0xe4, 0x5c, 0x30, 0xb0
1446 		},
1447 		{ }
1448 	},
1449 	{ /* RFC 4231 - Test Case 3 */
1450 		{
1451 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1452 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1453 			0xaa, 0xaa, 0xaa, 0xaa
1454 		},
1455 		20,
1456 		{
1457 			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1458 			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1459 			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1460 			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1461 			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1462 			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1463 			0xdd, 0xdd
1464 		},
1465 		50,
1466 		{
1467 			0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46,
1468 			0x85, 0x4d, 0xb8, 0xeb, 0xd0, 0x91, 0x81, 0xa7,
1469 			0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8, 0xc1, 0x22,
1470 			0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe
1471 		},
1472 		{
1473 			0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a,
1474 			0x0a, 0xa2, 0xac, 0xe0, 0x14, 0xc8, 0xa8, 0x6f,
1475 			0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb,
1476 			0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b,
1477 			0x2a, 0x5a, 0xb3, 0x9d, 0xc1, 0x38, 0x14, 0xb9,
1478 			0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27
1479 		}
1480 	},
1481 	{
1482 		{
1483 			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
1484 			0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
1485 			0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
1486 			0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
1487 			0x21, 0x22, 0x23, 0x24, 0x25
1488 		},
1489 		37,
1490 		{
1491 			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1492 			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1493 			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1494 			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1495 			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1496 			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1497 			0xcd, 0xcd
1498 		},
1499 		50,
1500 		{
1501 			0xd4, 0x63, 0x3c, 0x17, 0xf6, 0xfb, 0x8d, 0x74,
1502 			0x4c, 0x66, 0xde, 0xe0, 0xf8, 0xf0, 0x74, 0x55,
1503 			0x6e, 0xc4, 0xaf, 0x55, 0xef, 0x07, 0x99, 0x85,
1504 			0x41, 0x46, 0x8e, 0xb4, 0x9b, 0xd2, 0xe9, 0x17
1505 		},
1506 		{ }
1507 	},
1508 	{ /* RFC 4231 - Test Case 4 */
1509 		{
1510 			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
1511 			0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
1512 			0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
1513 			0x19,
1514 		},
1515 		25,
1516 		{
1517 			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1518 			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1519 			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1520 			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1521 			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1522 			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1523 			0xcd, 0xcd
1524 		},
1525 		50,
1526 		{
1527 			0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e,
1528 			0xa4, 0xcc, 0x81, 0x98, 0x99, 0xf2, 0x08, 0x3a,
1529 			0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78, 0xf8, 0x07,
1530 			0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b
1531 		},
1532 		{
1533 			0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85,
1534 			0x19, 0x33, 0xab, 0x62, 0x90, 0xaf, 0x6c, 0xa7,
1535 			0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c,
1536 			0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e,
1537 			0x68, 0x01, 0xdd, 0x23, 0xc4, 0xa7, 0xd6, 0x79,
1538 			0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb
1539 		}
1540 	},
1541 	{
1542 		{
1543 			0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
1544 			0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
1545 			0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
1546 			0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c
1547 		},
1548 		32,
1549 		"Test With Truncation",
1550 		20,
1551 		{
1552 			0x75, 0x46, 0xaf, 0x01, 0x84, 0x1f, 0xc0, 0x9b,
1553 			0x1a, 0xb9, 0xc3, 0x74, 0x9a, 0x5f, 0x1c, 0x17,
1554 			0xd4, 0xf5, 0x89, 0x66, 0x8a, 0x58, 0x7b, 0x27,
1555 			0x00, 0xa9, 0xc9, 0x7c, 0x11, 0x93, 0xcf, 0x42
1556 		},
1557 		{ }
1558 	},
1559 	{
1560 		{
1561 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1562 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1563 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1564 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1565 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1566 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1567 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1568 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1569 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1570 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
1571 		},
1572 		80,
1573 		"Test Using Larger Than Block-Size Key - Hash Key First",
1574 		54,
1575 		{
1576 			0x69, 0x53, 0x02, 0x5e, 0xd9, 0x6f, 0x0c, 0x09,
1577 			0xf8, 0x0a, 0x96, 0xf7, 0x8e, 0x65, 0x38, 0xdb,
1578 			0xe2, 0xe7, 0xb8, 0x20, 0xe3, 0xdd, 0x97, 0x0e,
1579 			0x7d, 0xdd, 0x39, 0x09, 0x1b, 0x32, 0x35, 0x2f
1580 		},
1581 		{ }
1582 	},
1583 	{ /* RFC 4231 - Test Case 6 */
1584 		{
1585 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1586 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1587 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1588 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1589 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1590 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1591 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1592 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1593 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1594 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1595 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1596 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1597 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1598 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1599 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1600 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1601 			0xaa, 0xaa, 0xaa
1602 		},
1603 		131,
1604 		"Test Using Larger Than Block-Size Key - Hash Key First",
1605 		54,
1606 		{
1607 			0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f,
1608 			0x0d, 0x8a, 0x26, 0xaa, 0xcb, 0xf5, 0xb7, 0x7f,
1609 			0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28, 0xc5, 0x14,
1610 			0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54
1611 		},
1612 		{
1613 			0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90,
1614 			0x88, 0xd2, 0xc6, 0x3a, 0x04, 0x1b, 0xc5, 0xb4,
1615 			0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f,
1616 			0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6,
1617 			0x0c, 0x2e, 0xf6, 0xab, 0x40, 0x30, 0xfe, 0x82,
1618 			0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52
1619 		}
1620 	},
1621 	{
1622 		{
1623 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1624 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1625 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1626 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1627 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1628 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1629 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1630 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1631 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1632 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
1633 		},
1634 		80,
1635 		"Test Using Larger Than Block-Size Key and Larger Than One "
1636 		"Block-Size Data",
1637 		73,
1638 		{
1639 			0x63, 0x55, 0xac, 0x22, 0xe8, 0x90, 0xd0, 0xa3,
1640 			0xc8, 0x48, 0x1a, 0x5c, 0xa4, 0x82, 0x5b, 0xc8,
1641 			0x84, 0xd3, 0xe7, 0xa1, 0xff, 0x98, 0xa2, 0xfc,
1642 			0x2a, 0xc7, 0xd8, 0xe0, 0x64, 0xc3, 0xb2, 0xe6
1643 		},
1644 		{ }
1645 	},
1646 	{ /* RFC 4231 - Test Case 7 */
1647 		{
1648 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1649 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1650 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1651 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1652 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1653 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1654 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1655 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1656 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1657 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1658 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1659 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1660 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1661 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1662 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1663 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1664 			0xaa, 0xaa, 0xaa
1665 		},
1666 		131,
1667 		"This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.",
1668 		152,
1669 		{
1670 			0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb,
1671 			0x27, 0x63, 0x5f, 0xbc, 0xd5, 0xb0, 0xe9, 0x44,
1672 			0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07, 0x13, 0x93,
1673 			0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2
1674 		},
1675 		{
1676 			0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d,
1677 			0x35, 0x1e, 0x2f, 0x25, 0x4e, 0x8f, 0xd3, 0x2c,
1678 			0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a,
1679 			0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5,
1680 			0xa6, 0x78, 0xcc, 0x31, 0xe7, 0x99, 0x17, 0x6d,
1681 			0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e
1682 		}
1683 	}
1684 };
1685 
1686 
test_sha256(void)1687 static int test_sha256(void)
1688 {
1689 	unsigned int i;
1690 	u8 hash[32];
1691 	const u8 *addr[2];
1692 	size_t len[2];
1693 	int errors = 0;
1694 	u8 *key;
1695 
1696 	for (i = 0; i < ARRAY_SIZE(tests); i++) {
1697 		wpa_printf(MSG_INFO, "SHA256 test case %d:", i + 1);
1698 
1699 		addr[0] = (u8 *) tests[i].data;
1700 		len[0] = strlen(tests[i].data);
1701 		sha256_vector(1, addr, len, hash);
1702 		if (memcmp(hash, tests[i].hash, 32) != 0) {
1703 			wpa_printf(MSG_INFO, " FAIL");
1704 			errors++;
1705 		} else
1706 			wpa_printf(MSG_INFO, " OK");
1707 
1708 		if (len[0]) {
1709 			addr[0] = (u8 *) tests[i].data;
1710 			len[0] = 1;
1711 			addr[1] = (u8 *) tests[i].data + 1;
1712 			len[1] = strlen(tests[i].data) - 1;
1713 			sha256_vector(2, addr, len, hash);
1714 			if (memcmp(hash, tests[i].hash, 32) != 0) {
1715 				wpa_printf(MSG_INFO, " FAIL");
1716 				errors++;
1717 			} else
1718 				wpa_printf(MSG_INFO, " OK");
1719 		}
1720 	}
1721 
1722 	for (i = 0; i < ARRAY_SIZE(hmac_tests); i++) {
1723 		const struct hmac_test *t = &hmac_tests[i];
1724 
1725 		wpa_printf(MSG_INFO, "HMAC-SHA256 test case %d:", i + 1);
1726 
1727 		if (hmac_sha256(t->key, t->key_len, t->data, t->data_len,
1728 				hash) < 0 ||
1729 		    os_memcmp(hash, t->hash, 32) != 0) {
1730 			wpa_printf(MSG_INFO, " FAIL");
1731 			errors++;
1732 		} else
1733 			wpa_printf(MSG_INFO, " OK");
1734 
1735 		addr[0] = t->data;
1736 		len[0] = t->data_len;
1737 		if (hmac_sha256_vector(t->key, t->key_len, 1, addr, len,
1738 				       hash) < 0 ||
1739 		    os_memcmp(hash, t->hash, 32) != 0) {
1740 			wpa_printf(MSG_INFO, " FAIL");
1741 			errors++;
1742 		} else
1743 			wpa_printf(MSG_INFO, " OK");
1744 
1745 		if (len[0]) {
1746 			addr[0] = t->data;
1747 			len[0] = 1;
1748 			addr[1] = t->data + 1;
1749 			len[1] = t->data_len - 1;
1750 			if (hmac_sha256_vector(t->key, t->key_len, 2, addr, len,
1751 					       hash) < 0 ||
1752 			    os_memcmp(hash, t->hash, 32) != 0) {
1753 				wpa_printf(MSG_INFO, " FAIL");
1754 				errors++;
1755 			} else
1756 				wpa_printf(MSG_INFO, " OK");
1757 		}
1758 	}
1759 
1760 	wpa_printf(MSG_INFO, "Test IEEE 802.11r KDF");
1761 	sha256_prf((u8 *) "abc", 3, "KDF test", (u8 *) "data", 4,
1762 		   hash, sizeof(hash));
1763 	/* TODO: add proper test case for this */
1764 
1765 	key = os_malloc(8161);
1766 	if (key) {
1767 #ifdef CONFIG_HMAC_SHA256_KDF
1768 		int res;
1769 
1770 		res = hmac_sha256_kdf((u8 *) "secret", 6, "label",
1771 				      (u8 *) "seed", 4, key, 8160);
1772 		if (res) {
1773 			wpa_printf(MSG_INFO,
1774 				   "Unexpected hmac_sha256_kdf(outlen=8160) failure");
1775 			errors++;
1776 		}
1777 
1778 		res = hmac_sha256_kdf((u8 *) "secret", 6, "label",
1779 				      (u8 *) "seed", 4, key, 8161);
1780 		if (res == 0) {
1781 			wpa_printf(MSG_INFO,
1782 				   "Unexpected hmac_sha256_kdf(outlen=8161) success");
1783 			errors++;
1784 		}
1785 #endif /* CONFIG_HMAC_SHA256_KDF */
1786 
1787 		os_free(key);
1788 	}
1789 
1790 	if (!errors)
1791 		wpa_printf(MSG_INFO, "SHA256 test cases passed");
1792 	return errors;
1793 }
1794 
1795 
test_sha384(void)1796 static int test_sha384(void)
1797 {
1798 #ifdef CONFIG_SHA384
1799 	unsigned int i;
1800 	u8 hash[48];
1801 	const u8 *addr[2];
1802 	size_t len[2];
1803 	int errors = 0;
1804 	const char *data = "hello";
1805 	const u8 hash_res[] = {
1806 		0x59, 0xe1, 0x74, 0x87, 0x77, 0x44, 0x8c, 0x69,
1807 		0xde, 0x6b, 0x80, 0x0d, 0x7a, 0x33, 0xbb, 0xfb,
1808 		0x9f, 0xf1, 0xb4, 0x63, 0xe4, 0x43, 0x54, 0xc3,
1809 		0x55, 0x3b, 0xcd, 0xb9, 0xc6, 0x66, 0xfa, 0x90,
1810 		0x12, 0x5a, 0x3c, 0x79, 0xf9, 0x03, 0x97, 0xbd,
1811 		0xf5, 0xf6, 0xa1, 0x3d, 0xe8, 0x28, 0x68, 0x4f
1812 	};
1813 
1814 	addr[0] = (const u8 *) data;
1815 	len[0] = 5;
1816 	if (sha384_vector(1, addr, len, hash) < 0 ||
1817 	    os_memcmp(hash, hash_res, 48) != 0) {
1818 		wpa_printf(MSG_INFO, "SHA384 test case 1: FAIL");
1819 		errors++;
1820 	} else {
1821 		wpa_printf(MSG_INFO, "SHA384 test case 1: OK");
1822 	}
1823 
1824 	addr[0] = (const u8 *) data;
1825 	len[0] = 4;
1826 	addr[1] = (const u8 *) data + 4;
1827 	len[1] = 1;
1828 	if (sha384_vector(2, addr, len, hash) < 0 ||
1829 	    os_memcmp(hash, hash_res, 48) != 0) {
1830 		wpa_printf(MSG_INFO, "SHA384 test case 2: FAIL");
1831 		errors++;
1832 	} else {
1833 		wpa_printf(MSG_INFO, "SHA384 test case 2: OK");
1834 	}
1835 
1836 	for (i = 0; i < ARRAY_SIZE(hmac_tests); i++) {
1837 		const struct hmac_test *t = &hmac_tests[i];
1838 
1839 		if (t->hash384[0] == 0 && t->hash384[1] == 0 &&
1840 		    t->hash384[2] == 0 && t->hash384[3] == 0)
1841 			continue;
1842 		wpa_printf(MSG_INFO, "HMAC-SHA384 test case %d:", i + 1);
1843 
1844 		if (hmac_sha384(t->key, t->key_len, t->data, t->data_len,
1845 				hash) < 0 ||
1846 		    os_memcmp(hash, t->hash384, 48) != 0) {
1847 			wpa_printf(MSG_INFO, " FAIL");
1848 			errors++;
1849 		} else
1850 			wpa_printf(MSG_INFO, " OK");
1851 
1852 		addr[0] = t->data;
1853 		len[0] = t->data_len;
1854 		if (hmac_sha384_vector(t->key, t->key_len, 1, addr, len,
1855 				       hash) < 0 ||
1856 		    os_memcmp(hash, t->hash384, 48) != 0) {
1857 			wpa_printf(MSG_INFO, " FAIL");
1858 			errors++;
1859 		} else
1860 			wpa_printf(MSG_INFO, " OK");
1861 
1862 		if (len[0]) {
1863 			addr[0] = t->data;
1864 			len[0] = 1;
1865 			addr[1] = t->data + 1;
1866 			len[1] = t->data_len - 1;
1867 			if (hmac_sha384_vector(t->key, t->key_len, 2, addr, len,
1868 					       hash) < 0 ||
1869 			    os_memcmp(hash, t->hash384, 48) != 0) {
1870 				wpa_printf(MSG_INFO, " FAIL");
1871 				errors++;
1872 			} else
1873 				wpa_printf(MSG_INFO, " OK");
1874 		}
1875 	}
1876 
1877 	if (!errors)
1878 		wpa_printf(MSG_INFO, "SHA384 test cases passed");
1879 	return errors;
1880 #else /* CONFIG_SHA384 */
1881 	return 0;
1882 #endif /* CONFIG_SHA384 */
1883 }
1884 
1885 
test_fips186_2_prf(void)1886 static int test_fips186_2_prf(void)
1887 {
1888 	/* http://csrc.nist.gov/encryption/dss/Examples-1024bit.pdf */
1889 	u8 xkey[] = {
1890 		0xbd, 0x02, 0x9b, 0xbe, 0x7f, 0x51, 0x96, 0x0b,
1891 		0xcf, 0x9e, 0xdb, 0x2b, 0x61, 0xf0, 0x6f, 0x0f,
1892 		0xeb, 0x5a, 0x38, 0xb6
1893 	};
1894 	u8 w[] = {
1895 		0x20, 0x70, 0xb3, 0x22, 0x3d, 0xba, 0x37, 0x2f,
1896 		0xde, 0x1c, 0x0f, 0xfc, 0x7b, 0x2e, 0x3b, 0x49,
1897 		0x8b, 0x26, 0x06, 0x14, 0x3c, 0x6c, 0x18, 0xba,
1898 		0xcb, 0x0f, 0x6c, 0x55, 0xba, 0xbb, 0x13, 0x78,
1899 		0x8e, 0x20, 0xd7, 0x37, 0xa3, 0x27, 0x51, 0x16
1900 	};
1901 	u8 buf[40];
1902 
1903 	wpa_printf(MSG_INFO,
1904 		   "Testing EAP-SIM PRF (FIPS 186-2 + change notice 1)");
1905 	if (fips186_2_prf(xkey, sizeof(xkey), buf, sizeof(buf)) < 0 ||
1906 	    os_memcmp(w, buf, sizeof(w)) != 0) {
1907 		wpa_printf(MSG_INFO, "fips186_2_prf failed");
1908 		return 1;
1909 	}
1910 
1911 	return 0;
1912 }
1913 
1914 
test_ms_funcs(void)1915 static int test_ms_funcs(void)
1916 {
1917 #ifndef CONFIG_FIPS
1918 	/* Test vector from RFC2759 example */
1919 	char *username = "User";
1920 	char *password = "clientPass";
1921 	u8 auth_challenge[] = {
1922 		0x5B, 0x5D, 0x7C, 0x7D, 0x7B, 0x3F, 0x2F, 0x3E,
1923 		0x3C, 0x2C, 0x60, 0x21, 0x32, 0x26, 0x26, 0x28
1924 	};
1925 	u8 peer_challenge[] = {
1926 		0x21, 0x40, 0x23, 0x24, 0x25, 0x5E, 0x26, 0x2A,
1927 		0x28, 0x29, 0x5F, 0x2B, 0x3A, 0x33, 0x7C, 0x7E
1928 	};
1929 	u8 password_hash[] = {
1930 		0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6,
1931 		0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE
1932 	};
1933 	u8 nt_response[] = {
1934 		0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E,
1935 		0xA0, 0x8F, 0xAA, 0x39, 0x81, 0xCD, 0x83, 0x54,
1936 		0x42, 0x33, 0x11, 0x4A, 0x3D, 0x85, 0xD6, 0xDF
1937 	};
1938 	u8 password_hash_hash[] = {
1939 		0x41, 0xC0, 0x0C, 0x58, 0x4B, 0xD2, 0xD9, 0x1C,
1940 		0x40, 0x17, 0xA2, 0xA1, 0x2F, 0xA5, 0x9F, 0x3F
1941 	};
1942 	u8 authenticator_response[] = {
1943 		0x40, 0x7A, 0x55, 0x89, 0x11, 0x5F, 0xD0, 0xD6,
1944 		0x20, 0x9F, 0x51, 0x0F, 0xE9, 0xC0, 0x45, 0x66,
1945 		0x93, 0x2C, 0xDA, 0x56
1946 	};
1947 	u8 master_key[] = {
1948 		0xFD, 0xEC, 0xE3, 0x71, 0x7A, 0x8C, 0x83, 0x8C,
1949 		0xB3, 0x88, 0xE5, 0x27, 0xAE, 0x3C, 0xDD, 0x31
1950 	};
1951 	u8 send_start_key[] = {
1952 		0x8B, 0x7C, 0xDC, 0x14, 0x9B, 0x99, 0x3A, 0x1B,
1953 		0xA1, 0x18, 0xCB, 0x15, 0x3F, 0x56, 0xDC, 0xCB
1954 	};
1955 	u8 buf[32];
1956 	int errors = 0;
1957 
1958 	if (nt_password_hash((u8 *) password, os_strlen(password), buf) ||
1959 	    os_memcmp(password_hash, buf, sizeof(password_hash)) != 0) {
1960 		wpa_printf(MSG_ERROR, "nt_password_hash failed");
1961 		errors++;
1962 	}
1963 
1964 	if (generate_nt_response(auth_challenge, peer_challenge,
1965 				 (u8 *) username, os_strlen(username),
1966 				 (u8 *) password, os_strlen(password), buf) ||
1967 	    os_memcmp(nt_response, buf, sizeof(nt_response)) != 0) {
1968 		wpa_printf(MSG_ERROR, "generate_nt_response failed");
1969 		errors++;
1970 	}
1971 
1972 	if (hash_nt_password_hash(password_hash, buf) ||
1973 	    os_memcmp(password_hash_hash, buf,
1974 		      sizeof(password_hash_hash)) != 0) {
1975 		wpa_printf(MSG_ERROR, "hash_nt_password_hash failed");
1976 		errors++;
1977 	}
1978 
1979 	if (generate_authenticator_response((u8 *) password,
1980 					    os_strlen(password),
1981 					    peer_challenge, auth_challenge,
1982 					    (u8 *) username,
1983 					    os_strlen(username),
1984 					    nt_response, buf) ||
1985 	    os_memcmp(authenticator_response, buf,
1986 		      sizeof(authenticator_response)) != 0) {
1987 		wpa_printf(MSG_ERROR, "generate_authenticator_response failed");
1988 		errors++;
1989 	}
1990 
1991 	if (get_master_key(password_hash_hash, nt_response, buf) ||
1992 	    os_memcmp(master_key, buf, sizeof(master_key)) != 0) {
1993 		wpa_printf(MSG_ERROR, "get_master_key failed");
1994 		errors++;
1995 	}
1996 
1997 	if (get_asymetric_start_key(master_key, buf, sizeof(send_start_key),
1998 				    1, 1) ||
1999 	    os_memcmp(send_start_key, buf, sizeof(send_start_key)) != 0) {
2000 		wpa_printf(MSG_ERROR, "get_asymetric_start_key failed");
2001 		errors++;
2002 	}
2003 
2004 	if (errors)
2005 		wpa_printf(MSG_ERROR, "ms_funcs: %d errors", errors);
2006 	else
2007 		wpa_printf(MSG_INFO, "ms_funcs test cases passed");
2008 
2009 	return errors;
2010 #else /* CONFIG_FIPS */
2011 	wpa_printf(MSG_INFO, "ms_funcs test cases skipped due to CONFIG_FIPS");
2012 	return 0;
2013 #endif /* CONFIG_FIPS */
2014 }
2015 
2016 
crypto_module_tests(void)2017 int crypto_module_tests(void)
2018 {
2019 	int ret = 0;
2020 
2021 	wpa_printf(MSG_INFO, "crypto module tests");
2022 	if (test_siv() ||
2023 	    test_omac1() ||
2024 	    test_eax() ||
2025 	    test_cbc() ||
2026 	    test_ecb() ||
2027 	    test_key_wrap() ||
2028 	    test_md5() ||
2029 	    test_sha1() ||
2030 	    test_sha256() ||
2031 	    test_sha384() ||
2032 	    test_fips186_2_prf() ||
2033 	    test_ms_funcs())
2034 		ret = -1;
2035 
2036 	return ret;
2037 }
2038