]>
Commit | Line | Data |
---|---|---|
942b7546 JM |
1 | /* |
2 | * crypto module tests | |
3 | * Copyright (c) 2014-2015, Jouni Malinen <j@w1.fi> | |
4 | * | |
5 | * This software may be distributed under the terms of the BSD license. | |
6 | * See README for more details. | |
7 | */ | |
8 | ||
9 | #include "utils/includes.h" | |
10 | ||
11 | #include "utils/common.h" | |
50a17a76 | 12 | #include "utils/module_tests.h" |
942b7546 | 13 | #include "crypto/aes_siv.h" |
304d40e9 | 14 | #include "crypto/aes_wrap.h" |
942b7546 | 15 | #include "crypto/aes.h" |
88fc0dca | 16 | #include "crypto/ms_funcs.h" |
896e1b83 | 17 | #include "crypto/crypto.h" |
4b462a02 | 18 | #include "crypto/sha1.h" |
59be78ef | 19 | #include "crypto/sha256.h" |
2e555f9c | 20 | #include "crypto/sha384.h" |
942b7546 JM |
21 | |
22 | ||
23 | static int test_siv(void) | |
24 | { | |
25 | #ifdef CONFIG_MESH | |
26 | /* RFC 5297, A.1. Deterministic Authenticated Encryption Example */ | |
27 | u8 key[] = { | |
28 | 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, | |
29 | 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0, | |
30 | 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, | |
31 | 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff | |
32 | }; | |
33 | u8 ad[] = { | |
34 | 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, | |
35 | 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, | |
36 | 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27 | |
37 | }; | |
38 | u8 plaintext[] = { | |
39 | 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, | |
40 | 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee | |
41 | }; | |
42 | u8 iv_c[] = { | |
43 | 0x85, 0x63, 0x2d, 0x07, 0xc6, 0xe8, 0xf3, 0x7f, | |
44 | 0x95, 0x0a, 0xcd, 0x32, 0x0a, 0x2e, 0xcc, 0x93, | |
45 | 0x40, 0xc0, 0x2b, 0x96, 0x90, 0xc4, 0xdc, 0x04, | |
46 | 0xda, 0xef, 0x7f, 0x6a, 0xfe, 0x5c | |
47 | }; | |
48 | /* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */ | |
49 | u8 key_2[] = { | |
50 | 0x7f, 0x7e, 0x7d, 0x7c, 0x7b, 0x7a, 0x79, 0x78, | |
51 | 0x77, 0x76, 0x75, 0x74, 0x73, 0x72, 0x71, 0x70, | |
52 | 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, | |
53 | 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f | |
54 | }; | |
55 | u8 ad1_2[] = { | |
56 | 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, | |
57 | 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, | |
58 | 0xde, 0xad, 0xda, 0xda, 0xde, 0xad, 0xda, 0xda, | |
59 | 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88, | |
60 | 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00 | |
61 | }; | |
62 | u8 ad2_2[] = { | |
63 | 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80, | |
64 | 0x90, 0xa0 | |
65 | }; | |
66 | u8 nonce_2[] = { | |
67 | 0x09, 0xf9, 0x11, 0x02, 0x9d, 0x74, 0xe3, 0x5b, | |
68 | 0xd8, 0x41, 0x56, 0xc5, 0x63, 0x56, 0x88, 0xc0 | |
69 | }; | |
70 | u8 plaintext_2[] = { | |
71 | 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, | |
72 | 0x73, 0x6f, 0x6d, 0x65, 0x20, 0x70, 0x6c, 0x61, | |
73 | 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x20, 0x74, | |
74 | 0x6f, 0x20, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, | |
75 | 0x74, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x20, | |
76 | 0x53, 0x49, 0x56, 0x2d, 0x41, 0x45, 0x53 | |
77 | }; | |
78 | u8 iv_c_2[] = { | |
79 | 0x7b, 0xdb, 0x6e, 0x3b, 0x43, 0x26, 0x67, 0xeb, | |
80 | 0x06, 0xf4, 0xd1, 0x4b, 0xff, 0x2f, 0xbd, 0x0f, | |
81 | 0xcb, 0x90, 0x0f, 0x2f, 0xdd, 0xbe, 0x40, 0x43, | |
82 | 0x26, 0x60, 0x19, 0x65, 0xc8, 0x89, 0xbf, 0x17, | |
83 | 0xdb, 0xa7, 0x7c, 0xeb, 0x09, 0x4f, 0xa6, 0x63, | |
84 | 0xb7, 0xa3, 0xf7, 0x48, 0xba, 0x8a, 0xf8, 0x29, | |
85 | 0xea, 0x64, 0xad, 0x54, 0x4a, 0x27, 0x2e, 0x9c, | |
86 | 0x48, 0x5b, 0x62, 0xa3, 0xfd, 0x5c, 0x0d | |
87 | }; | |
88 | u8 out[2 * AES_BLOCK_SIZE + sizeof(plaintext_2)]; | |
89 | const u8 *addr[3]; | |
90 | size_t len[3]; | |
91 | ||
92 | /* RFC 5297, A.1. Deterministic Authenticated Encryption Example */ | |
93 | addr[0] = ad; | |
94 | len[0] = sizeof(ad); | |
95 | ||
325a85be | 96 | if (aes_siv_encrypt(key, sizeof(key), plaintext, sizeof(plaintext), |
942b7546 JM |
97 | 1, addr, len, out)) { |
98 | wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed"); | |
99 | return 1; | |
100 | } | |
101 | if (os_memcmp(out, iv_c, sizeof(iv_c)) != 0) { | |
102 | wpa_printf(MSG_ERROR, | |
103 | "AES-SIV mode encryption returned invalid cipher text"); | |
104 | return 1; | |
105 | } | |
106 | ||
325a85be JM |
107 | if (aes_siv_decrypt(key, sizeof(key), iv_c, sizeof(iv_c), |
108 | 1, addr, len, out)) { | |
942b7546 JM |
109 | wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed"); |
110 | return 1; | |
111 | } | |
112 | if (os_memcmp(out, plaintext, sizeof(plaintext)) != 0) { | |
113 | wpa_printf(MSG_ERROR, | |
114 | "AES-SIV mode decryption returned invalid plain text"); | |
115 | return 1; | |
116 | } | |
117 | ||
118 | /* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */ | |
119 | addr[0] = ad1_2; | |
120 | len[0] = sizeof(ad1_2); | |
121 | addr[1] = ad2_2; | |
122 | len[1] = sizeof(ad2_2); | |
123 | addr[2] = nonce_2; | |
124 | len[2] = sizeof(nonce_2); | |
125 | ||
325a85be JM |
126 | if (aes_siv_encrypt(key_2, sizeof(key_2), |
127 | plaintext_2, sizeof(plaintext_2), | |
942b7546 JM |
128 | 3, addr, len, out)) { |
129 | wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed"); | |
130 | return 1; | |
131 | } | |
132 | if (os_memcmp(out, iv_c_2, sizeof(iv_c_2)) != 0) { | |
133 | wpa_printf(MSG_ERROR, | |
134 | "AES-SIV mode encryption returned invalid cipher text"); | |
135 | return 1; | |
136 | } | |
137 | ||
325a85be JM |
138 | if (aes_siv_decrypt(key_2, sizeof(key_2), iv_c_2, sizeof(iv_c_2), |
139 | 3, addr, len, out)) { | |
942b7546 JM |
140 | wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed"); |
141 | return 1; | |
142 | } | |
143 | if (os_memcmp(out, plaintext_2, sizeof(plaintext_2)) != 0) { | |
144 | wpa_printf(MSG_ERROR, | |
145 | "AES-SIV mode decryption returned invalid plain text"); | |
146 | return 1; | |
147 | } | |
148 | ||
149 | wpa_printf(MSG_INFO, "AES-SIV test cases passed"); | |
150 | #endif /* CONFIG_MESH */ | |
151 | ||
152 | return 0; | |
153 | } | |
154 | ||
155 | ||
304d40e9 JM |
156 | /* OMAC1 AES-128 test vectors from |
157 | * http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/omac/omac-ad.pdf | |
158 | * which are same as the examples from NIST SP800-38B | |
159 | * http://csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf | |
160 | */ | |
161 | ||
162 | struct omac1_test_vector { | |
163 | u8 k[16]; | |
164 | u8 msg[64]; | |
165 | int msg_len; | |
166 | u8 tag[16]; | |
167 | }; | |
168 | ||
8b423edb | 169 | static const struct omac1_test_vector omac1_test_vectors[] = |
304d40e9 JM |
170 | { |
171 | { | |
172 | { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, | |
173 | 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, | |
174 | { }, | |
175 | 0, | |
176 | { 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, | |
177 | 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 } | |
178 | }, | |
179 | { | |
180 | { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, | |
181 | 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, | |
182 | { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, | |
183 | 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a}, | |
184 | 16, | |
185 | { 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, | |
186 | 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c } | |
187 | }, | |
188 | { | |
189 | { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, | |
190 | 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, | |
191 | { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, | |
192 | 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, | |
193 | 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, | |
194 | 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, | |
195 | 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11 }, | |
196 | 40, | |
197 | { 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, | |
198 | 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 } | |
199 | }, | |
200 | { | |
201 | { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, | |
202 | 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, | |
203 | { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, | |
204 | 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, | |
205 | 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, | |
206 | 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, | |
207 | 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, | |
208 | 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, | |
209 | 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, | |
210 | 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }, | |
211 | 64, | |
212 | { 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, | |
213 | 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe } | |
214 | }, | |
215 | }; | |
216 | ||
217 | ||
8b423edb MK |
218 | static int test_omac1_vector(const struct omac1_test_vector *tv, |
219 | unsigned int i) | |
304d40e9 | 220 | { |
6c33962d JM |
221 | u8 key[] = { |
222 | 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, | |
223 | 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c | |
224 | }; | |
225 | u8 msg[] = { 0x12, 0x34, 0x56 }; | |
226 | u8 result[24], result2[24]; | |
227 | const u8 *addr[3]; | |
228 | size_t len[3]; | |
304d40e9 JM |
229 | |
230 | if (omac1_aes_128(tv->k, tv->msg, tv->msg_len, result) || | |
231 | os_memcmp(result, tv->tag, 16) != 0) { | |
232 | wpa_printf(MSG_ERROR, "OMAC1-AES-128 test vector %u failed", i); | |
233 | return 1; | |
234 | } | |
235 | ||
236 | if (tv->msg_len > 1) { | |
304d40e9 JM |
237 | |
238 | addr[0] = tv->msg; | |
239 | len[0] = 1; | |
240 | addr[1] = tv->msg + 1; | |
241 | len[1] = tv->msg_len - 1; | |
242 | ||
243 | if (omac1_aes_128_vector(tv->k, 2, addr, len, result) || | |
244 | os_memcmp(result, tv->tag, 16) != 0) { | |
245 | wpa_printf(MSG_ERROR, | |
246 | "OMAC1-AES-128(vector) test vector %u failed", | |
247 | i); | |
248 | return 1; | |
249 | } | |
6c33962d JM |
250 | |
251 | addr[0] = tv->msg; | |
252 | len[0] = tv->msg_len - 2; | |
253 | addr[1] = tv->msg + tv->msg_len - 2; | |
254 | len[1] = 1; | |
255 | addr[2] = tv->msg + tv->msg_len - 1; | |
256 | len[2] = 1; | |
257 | ||
258 | if (omac1_aes_128_vector(tv->k, 3, addr, len, result) || | |
259 | os_memcmp(result, tv->tag, 16) != 0) { | |
260 | wpa_printf(MSG_ERROR, | |
261 | "OMAC1-AES-128(vector2) test vector %u failed", | |
262 | i); | |
263 | return 1; | |
264 | } | |
265 | } | |
266 | ||
267 | addr[0] = &msg[0]; | |
268 | len[0] = 1; | |
269 | addr[1] = &msg[1]; | |
270 | len[1] = 1; | |
271 | addr[2] = &msg[2]; | |
272 | len[2] = 1; | |
273 | if (omac1_aes_128(key, msg, sizeof(msg), result) || | |
274 | omac1_aes_128_vector(key, 3, addr, len, result2) || | |
275 | os_memcmp(result, result2, 16) != 0) { | |
276 | wpa_printf(MSG_ERROR, "OMAC1-AES-128 short test mismatch"); | |
277 | return 1; | |
304d40e9 JM |
278 | } |
279 | ||
280 | return 0; | |
281 | } | |
282 | ||
283 | ||
284 | static int test_omac1(void) | |
285 | { | |
286 | unsigned int i; | |
287 | ||
288 | for (i = 0; i < ARRAY_SIZE(omac1_test_vectors); i++) { | |
289 | if (test_omac1_vector(&omac1_test_vectors[i], i)) | |
290 | return 1; | |
291 | } | |
292 | ||
293 | wpa_printf(MSG_INFO, "OMAC1-AES-128 test cases passed"); | |
294 | ||
295 | return 0; | |
296 | } | |
297 | ||
298 | ||
e438fb0d JM |
299 | static int test_eax(void) |
300 | { | |
301 | #ifdef EAP_PSK | |
302 | u8 msg[] = { 0xF7, 0xFB }; | |
303 | u8 key[] = { 0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B, | |
304 | 0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4 }; | |
305 | u8 nonce[] = { 0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84, | |
306 | 0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD }; | |
307 | u8 hdr[] = { 0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA }; | |
308 | u8 cipher[] = { 0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D, | |
309 | 0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79, | |
310 | 0x67, 0xE5 }; | |
311 | u8 data[sizeof(msg)], tag[AES_BLOCK_SIZE]; | |
312 | ||
313 | os_memcpy(data, msg, sizeof(msg)); | |
314 | if (aes_128_eax_encrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr), | |
315 | data, sizeof(data), tag)) { | |
316 | wpa_printf(MSG_ERROR, "AES-128 EAX mode encryption failed"); | |
317 | return 1; | |
318 | } | |
319 | if (os_memcmp(data, cipher, sizeof(data)) != 0) { | |
320 | wpa_printf(MSG_ERROR, | |
321 | "AES-128 EAX mode encryption returned invalid cipher text"); | |
322 | return 1; | |
323 | } | |
324 | if (os_memcmp(tag, cipher + sizeof(data), AES_BLOCK_SIZE) != 0) { | |
325 | wpa_printf(MSG_ERROR, | |
326 | "AES-128 EAX mode encryption returned invalid tag"); | |
327 | return 1; | |
328 | } | |
329 | ||
330 | if (aes_128_eax_decrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr), | |
331 | data, sizeof(data), tag)) { | |
332 | wpa_printf(MSG_ERROR, "AES-128 EAX mode decryption failed"); | |
333 | return 1; | |
334 | } | |
335 | if (os_memcmp(data, msg, sizeof(data)) != 0) { | |
336 | wpa_printf(MSG_ERROR, | |
337 | "AES-128 EAX mode decryption returned invalid plain text"); | |
338 | return 1; | |
339 | } | |
340 | ||
341 | wpa_printf(MSG_INFO, "AES-128 EAX mode test cases passed"); | |
342 | #endif /* EAP_PSK */ | |
343 | ||
344 | return 0; | |
345 | } | |
346 | ||
347 | ||
477f8313 JM |
348 | static int test_cbc(void) |
349 | { | |
350 | struct cbc_test_vector { | |
351 | u8 key[16]; | |
352 | u8 iv[16]; | |
353 | u8 plain[32]; | |
354 | u8 cipher[32]; | |
355 | size_t len; | |
356 | } vectors[] = { | |
357 | { | |
358 | { 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b, | |
359 | 0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 }, | |
360 | { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30, | |
361 | 0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 }, | |
362 | "Single block msg", | |
363 | { 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8, | |
364 | 0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a }, | |
365 | 16 | |
366 | }, | |
367 | { | |
368 | { 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0, | |
369 | 0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a }, | |
370 | { 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28, | |
371 | 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 }, | |
372 | { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
373 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | |
374 | 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, | |
375 | 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, | |
376 | { 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a, | |
377 | 0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a, | |
378 | 0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9, | |
379 | 0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 }, | |
380 | 32 | |
381 | } | |
382 | }; | |
383 | int ret = 0; | |
384 | u8 *buf; | |
385 | unsigned int i; | |
386 | ||
387 | for (i = 0; i < ARRAY_SIZE(vectors); i++) { | |
388 | struct cbc_test_vector *tv = &vectors[i]; | |
389 | ||
390 | buf = os_malloc(tv->len); | |
391 | if (buf == NULL) { | |
392 | ret++; | |
393 | break; | |
394 | } | |
395 | ||
396 | os_memcpy(buf, tv->plain, tv->len); | |
397 | if (aes_128_cbc_encrypt(tv->key, tv->iv, buf, tv->len) || | |
398 | os_memcmp(buf, tv->cipher, tv->len) != 0) { | |
399 | wpa_printf(MSG_ERROR, "AES-CBC encrypt %d failed", i); | |
400 | ret++; | |
401 | } | |
402 | ||
403 | os_memcpy(buf, tv->cipher, tv->len); | |
404 | if (aes_128_cbc_decrypt(tv->key, tv->iv, buf, tv->len) || | |
405 | os_memcmp(buf, tv->plain, tv->len) != 0) { | |
406 | wpa_printf(MSG_ERROR, "AES-CBC decrypt %d failed", i); | |
407 | ret++; | |
408 | } | |
409 | ||
410 | os_free(buf); | |
411 | } | |
412 | ||
413 | return ret; | |
414 | } | |
415 | ||
416 | ||
5c0ff9f9 JM |
417 | static int test_ecb(void) |
418 | { | |
419 | #ifdef EAP_PSK | |
420 | struct ecb_test_vector { | |
421 | char *key; | |
422 | char *plaintext; | |
423 | char *ciphertext; | |
424 | } vectors[] = { | |
425 | /* CAVS 11.1 - ECBGFSbox128.rsp */ | |
426 | { | |
427 | "00000000000000000000000000000000", | |
428 | "f34481ec3cc627bacd5dc3fb08f273e6", | |
429 | "0336763e966d92595a567cc9ce537f5e" | |
430 | }, | |
431 | { | |
432 | "00000000000000000000000000000000", | |
433 | "9798c4640bad75c7c3227db910174e72", | |
434 | "a9a1631bf4996954ebc093957b234589" | |
435 | }, | |
436 | { | |
437 | "00000000000000000000000000000000", | |
438 | "96ab5c2ff612d9dfaae8c31f30c42168", | |
439 | "ff4f8391a6a40ca5b25d23bedd44a597" | |
440 | }, | |
441 | { | |
442 | "00000000000000000000000000000000", | |
443 | "6a118a874519e64e9963798a503f1d35", | |
444 | "dc43be40be0e53712f7e2bf5ca707209" | |
445 | }, | |
446 | { | |
447 | "00000000000000000000000000000000", | |
448 | "cb9fceec81286ca3e989bd979b0cb284", | |
449 | "92beedab1895a94faa69b632e5cc47ce" | |
450 | }, | |
451 | { | |
452 | "00000000000000000000000000000000", | |
453 | "b26aeb1874e47ca8358ff22378f09144", | |
454 | "459264f4798f6a78bacb89c15ed3d601" | |
455 | }, | |
456 | { | |
457 | "00000000000000000000000000000000", | |
458 | "58c8e00b2631686d54eab84b91f0aca1", | |
459 | "08a4e2efec8a8e3312ca7460b9040bbf" | |
460 | }, | |
461 | /* CAVS 11.1 - ECBKeySbox128.rsp */ | |
462 | { | |
463 | "10a58869d74be5a374cf867cfb473859", | |
464 | "00000000000000000000000000000000", | |
465 | "6d251e6944b051e04eaa6fb4dbf78465" | |
466 | }, | |
467 | { | |
468 | "caea65cdbb75e9169ecd22ebe6e54675", | |
469 | "00000000000000000000000000000000", | |
470 | "6e29201190152df4ee058139def610bb", | |
471 | } | |
472 | }; | |
473 | int ret = 0; | |
474 | unsigned int i; | |
475 | u8 key[16], plain[16], cipher[16], out[16]; | |
476 | ||
477 | for (i = 0; i < ARRAY_SIZE(vectors); i++) { | |
478 | struct ecb_test_vector *tv = &vectors[i]; | |
479 | ||
480 | if (hexstr2bin(tv->key, key, sizeof(key)) || | |
481 | hexstr2bin(tv->plaintext, plain, sizeof(plain)) || | |
482 | hexstr2bin(tv->ciphertext, cipher, sizeof(cipher))) { | |
483 | wpa_printf(MSG_ERROR, "Invalid AES-ECB test vector %u", | |
484 | i); | |
485 | ret++; | |
486 | continue; | |
487 | } | |
488 | ||
489 | if (aes_128_encrypt_block(key, plain, out) < 0 || | |
490 | os_memcmp(out, cipher, 16) != 0) { | |
491 | wpa_printf(MSG_ERROR, "AES-ECB encrypt %u failed", i); | |
492 | ret++; | |
493 | } | |
494 | } | |
495 | ||
496 | if (!ret) | |
497 | wpa_printf(MSG_INFO, "AES ECB mode test cases passed"); | |
498 | ||
499 | return ret; | |
500 | #endif /* EAP_PSK */ | |
501 | ||
502 | return 0; | |
503 | } | |
504 | ||
505 | ||
12444084 JM |
506 | static int test_key_wrap(void) |
507 | { | |
508 | int ret = 0; | |
509 | ||
510 | /* RFC 3394 - Test vector 4.1 */ | |
511 | u8 kek41[] = { | |
512 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
513 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f | |
514 | }; | |
515 | u8 plain41[] = { | |
516 | 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, | |
517 | 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff | |
518 | }; | |
519 | u8 crypt41[] = { | |
520 | 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47, | |
521 | 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82, | |
522 | 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5 | |
523 | }; | |
87c59a1e | 524 | #ifndef CONFIG_BORINGSSL |
12444084 JM |
525 | /* RFC 3394 - Test vector 4.2 */ |
526 | u8 kek42[] = { | |
527 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
528 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | |
529 | 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 | |
530 | }; | |
531 | u8 plain42[] = { | |
532 | 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, | |
533 | 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff | |
534 | }; | |
535 | u8 crypt42[] = { | |
536 | 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35, | |
537 | 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2, | |
538 | 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D | |
539 | }; | |
87c59a1e | 540 | #endif /* CONFIG_BORINGSSL */ |
12444084 JM |
541 | /* RFC 3394 - Test vector 4.3 */ |
542 | u8 kek43[] = { | |
543 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
544 | 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, | |
545 | 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, | |
546 | 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F | |
547 | }; | |
548 | u8 plain43[] = { | |
549 | 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, | |
550 | 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff | |
551 | }; | |
552 | u8 crypt43[] = { | |
553 | 0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2, | |
554 | 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A, | |
555 | 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7, | |
556 | }; | |
87c59a1e | 557 | #ifndef CONFIG_BORINGSSL |
12444084 JM |
558 | /* RFC 3394 - Test vector 4.4 */ |
559 | u8 kek44[] = { | |
560 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
561 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | |
562 | 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 | |
563 | }; | |
564 | u8 plain44[] = { | |
565 | 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, | |
566 | 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, | |
567 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 | |
568 | }; | |
569 | u8 crypt44[] = { | |
570 | 0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32, | |
571 | 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC, | |
572 | 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93, | |
573 | 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2 | |
574 | }; | |
87c59a1e | 575 | #endif /* CONFIG_BORINGSSL */ |
12444084 JM |
576 | /* RFC 3394 - Test vector 4.5 */ |
577 | u8 kek45[] = { | |
578 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
579 | 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, | |
580 | 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, | |
581 | 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F | |
582 | }; | |
583 | u8 plain45[] = { | |
584 | 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, | |
585 | 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, | |
586 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 | |
587 | }; | |
588 | u8 crypt45[] = { | |
589 | 0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F, | |
590 | 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4, | |
591 | 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95, | |
592 | 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1, | |
593 | }; | |
594 | /* RFC 3394 - Test vector 4.6 */ | |
595 | u8 kek46[] = { | |
596 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
597 | 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, | |
598 | 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, | |
599 | 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F | |
600 | }; | |
601 | u8 plain46[] = { | |
602 | 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, | |
603 | 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, | |
604 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
605 | 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F | |
606 | }; | |
607 | u8 crypt46[] = { | |
608 | 0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4, | |
609 | 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26, | |
610 | 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26, | |
611 | 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B, | |
612 | 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21 | |
613 | }; | |
614 | u8 result[40]; | |
615 | ||
616 | wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.1"); | |
617 | if (aes_wrap(kek41, sizeof(kek41), sizeof(plain41) / 8, plain41, | |
618 | result)) { | |
619 | wpa_printf(MSG_ERROR, "AES-WRAP-128 reported failure"); | |
620 | ret++; | |
621 | } | |
622 | if (os_memcmp(result, crypt41, sizeof(crypt41)) != 0) { | |
623 | wpa_printf(MSG_ERROR, "AES-WRAP-128 failed"); | |
624 | ret++; | |
625 | } | |
626 | if (aes_unwrap(kek41, sizeof(kek41), sizeof(plain41) / 8, crypt41, | |
627 | result)) { | |
628 | wpa_printf(MSG_ERROR, "AES-UNWRAP-128 reported failure"); | |
629 | ret++; | |
630 | } | |
631 | if (os_memcmp(result, plain41, sizeof(plain41)) != 0) { | |
632 | wpa_printf(MSG_ERROR, "AES-UNWRAP-128 failed"); | |
633 | ret++; | |
634 | } | |
635 | ||
87c59a1e | 636 | #ifndef CONFIG_BORINGSSL |
12444084 JM |
637 | wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.2"); |
638 | if (aes_wrap(kek42, sizeof(kek42), sizeof(plain42) / 8, plain42, | |
639 | result)) { | |
640 | wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure"); | |
641 | ret++; | |
642 | } | |
643 | if (os_memcmp(result, crypt42, sizeof(crypt42)) != 0) { | |
644 | wpa_printf(MSG_ERROR, "AES-WRAP-192 failed"); | |
645 | ret++; | |
646 | } | |
647 | if (aes_unwrap(kek42, sizeof(kek42), sizeof(plain42) / 8, crypt42, | |
648 | result)) { | |
649 | wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure"); | |
650 | ret++; | |
651 | } | |
652 | if (os_memcmp(result, plain42, sizeof(plain42)) != 0) { | |
653 | wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed"); | |
654 | ret++; | |
655 | } | |
87c59a1e | 656 | #endif /* CONFIG_BORINGSSL */ |
12444084 JM |
657 | |
658 | wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.3"); | |
659 | if (aes_wrap(kek43, sizeof(kek43), sizeof(plain43) / 8, plain43, | |
660 | result)) { | |
661 | wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure"); | |
662 | ret++; | |
663 | } | |
664 | if (os_memcmp(result, crypt43, sizeof(crypt43)) != 0) { | |
665 | wpa_printf(MSG_ERROR, "AES-WRAP-256 failed"); | |
666 | ret++; | |
667 | } | |
668 | if (aes_unwrap(kek43, sizeof(kek43), sizeof(plain43) / 8, crypt43, | |
669 | result)) { | |
670 | wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure"); | |
671 | ret++; | |
672 | } | |
673 | if (os_memcmp(result, plain43, sizeof(plain43)) != 0) { | |
674 | wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed"); | |
675 | ret++; | |
676 | } | |
677 | ||
87c59a1e | 678 | #ifndef CONFIG_BORINGSSL |
12444084 JM |
679 | wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.4"); |
680 | if (aes_wrap(kek44, sizeof(kek44), sizeof(plain44) / 8, plain44, | |
681 | result)) { | |
682 | wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure"); | |
683 | ret++; | |
684 | } | |
685 | if (os_memcmp(result, crypt44, sizeof(crypt44)) != 0) { | |
686 | wpa_printf(MSG_ERROR, "AES-WRAP-192 failed"); | |
687 | ret++; | |
688 | } | |
689 | if (aes_unwrap(kek44, sizeof(kek44), sizeof(plain44) / 8, crypt44, | |
690 | result)) { | |
691 | wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure"); | |
692 | ret++; | |
693 | } | |
694 | if (os_memcmp(result, plain44, sizeof(plain44)) != 0) { | |
695 | wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed"); | |
696 | ret++; | |
697 | } | |
87c59a1e | 698 | #endif /* CONFIG_BORINGSSL */ |
12444084 JM |
699 | |
700 | wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.5"); | |
701 | if (aes_wrap(kek45, sizeof(kek45), sizeof(plain45) / 8, plain45, | |
702 | result)) { | |
703 | wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure"); | |
704 | ret++; | |
705 | } | |
706 | if (os_memcmp(result, crypt45, sizeof(crypt45)) != 0) { | |
707 | wpa_printf(MSG_ERROR, "AES-WRAP-256 failed"); | |
708 | ret++; | |
709 | } | |
710 | if (aes_unwrap(kek45, sizeof(kek45), sizeof(plain45) / 8, crypt45, | |
711 | result)) { | |
712 | wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure"); | |
713 | ret++; | |
714 | } | |
715 | if (os_memcmp(result, plain45, sizeof(plain45)) != 0) { | |
716 | wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed"); | |
717 | ret++; | |
718 | } | |
719 | ||
720 | wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.6"); | |
721 | if (aes_wrap(kek46, sizeof(kek46), sizeof(plain46) / 8, plain46, | |
722 | result)) { | |
723 | wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure"); | |
724 | ret++; | |
725 | } | |
726 | if (os_memcmp(result, crypt46, sizeof(crypt46)) != 0) { | |
727 | wpa_printf(MSG_ERROR, "AES-WRAP-256 failed"); | |
728 | ret++; | |
729 | } | |
730 | if (aes_unwrap(kek46, sizeof(kek46), sizeof(plain46) / 8, crypt46, | |
731 | result)) { | |
732 | wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure"); | |
733 | ret++; | |
734 | } | |
735 | if (os_memcmp(result, plain46, sizeof(plain46)) != 0) { | |
736 | wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed"); | |
737 | ret++; | |
738 | } | |
739 | ||
740 | if (!ret) | |
741 | wpa_printf(MSG_INFO, "AES key wrap/unwrap test cases passed"); | |
742 | ||
743 | return ret; | |
744 | } | |
745 | ||
746 | ||
896e1b83 JM |
747 | static int test_md5(void) |
748 | { | |
97e986cd | 749 | #ifndef CONFIG_FIPS |
896e1b83 JM |
750 | struct { |
751 | char *data; | |
752 | char *hash; | |
753 | } tests[] = { | |
754 | { | |
755 | "", | |
756 | "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04" | |
757 | "\xe9\x80\x09\x98\xec\xf8\x42\x7e" | |
758 | }, | |
759 | { | |
760 | "a", | |
761 | "\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8" | |
762 | "\x31\xc3\x99\xe2\x69\x77\x26\x61" | |
763 | }, | |
764 | { | |
765 | "abc", | |
766 | "\x90\x01\x50\x98\x3c\xd2\x4f\xb0" | |
767 | "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72" | |
768 | }, | |
769 | { | |
770 | "message digest", | |
771 | "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d" | |
772 | "\x52\x5a\x2f\x31\xaa\xf1\x61\xd0" | |
773 | }, | |
774 | { | |
775 | "abcdefghijklmnopqrstuvwxyz", | |
776 | "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00" | |
777 | "\x7d\xfb\x49\x6c\xca\x67\xe1\x3b" | |
778 | }, | |
779 | { | |
780 | "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" | |
781 | "0123456789", | |
782 | "\xd1\x74\xab\x98\xd2\x77\xd9\xf5" | |
783 | "\xa5\x61\x1c\x2c\x9f\x41\x9d\x9f" | |
784 | }, | |
785 | { | |
786 | "12345678901234567890123456789012345678901234567890" | |
787 | "123456789012345678901234567890", | |
788 | "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55" | |
789 | "\xac\x49\xda\x2e\x21\x07\xb6\x7a" | |
790 | } | |
791 | }; | |
792 | unsigned int i; | |
793 | u8 hash[16]; | |
794 | const u8 *addr[2]; | |
795 | size_t len[2]; | |
796 | int errors = 0; | |
797 | ||
798 | for (i = 0; i < ARRAY_SIZE(tests); i++) { | |
799 | wpa_printf(MSG_INFO, "MD5 test case %d", i); | |
800 | ||
801 | addr[0] = (u8 *) tests[i].data; | |
802 | len[0] = strlen(tests[i].data); | |
803 | if (md5_vector(1, addr, len, hash) < 0 || | |
804 | os_memcmp(hash, tests[i].hash, 16) != 0) { | |
805 | wpa_printf(MSG_INFO, " FAIL"); | |
806 | errors++; | |
807 | } else | |
808 | wpa_printf(MSG_INFO, " OK"); | |
809 | ||
810 | if (len[0]) { | |
811 | addr[0] = (u8 *) tests[i].data; | |
812 | len[0] = strlen(tests[i].data); | |
813 | addr[1] = (u8 *) tests[i].data + 1; | |
814 | len[1] = strlen(tests[i].data) - 1; | |
815 | if (md5_vector(1, addr, len, hash) < 0 || | |
816 | os_memcmp(hash, tests[i].hash, 16) != 0) { | |
817 | wpa_printf(MSG_INFO, " FAIL"); | |
818 | errors++; | |
819 | } else | |
820 | wpa_printf(MSG_INFO, " OK"); | |
821 | } | |
822 | } | |
823 | ||
824 | if (!errors) | |
825 | wpa_printf(MSG_INFO, "MD5 test cases passed"); | |
826 | ||
827 | return errors; | |
97e986cd JM |
828 | #else /* CONFIG_FIPS */ |
829 | wpa_printf(MSG_INFO, "MD5 test cases skipped due to CONFIG_FIPS"); | |
830 | return 0; | |
831 | #endif /* CONFIG_FIPS */ | |
896e1b83 JM |
832 | } |
833 | ||
834 | ||
4b462a02 JM |
835 | static int test_eap_fast(void) |
836 | { | |
1068bdb9 | 837 | #ifdef EAP_FAST |
4b462a02 JM |
838 | /* RFC 4851, Appendix B.1 */ |
839 | const u8 pac_key[] = { | |
840 | 0x0B, 0x97, 0x39, 0x0F, 0x37, 0x51, 0x78, 0x09, | |
841 | 0x81, 0x1E, 0xFD, 0x9C, 0x6E, 0x65, 0x94, 0x2B, | |
842 | 0x63, 0x2C, 0xE9, 0x53, 0x89, 0x38, 0x08, 0xBA, | |
843 | 0x36, 0x0B, 0x03, 0x7C, 0xD1, 0x85, 0xE4, 0x14 | |
844 | }; | |
845 | const u8 seed[] = { | |
846 | 0x3F, 0xFB, 0x11, 0xC4, 0x6C, 0xBF, 0xA5, 0x7A, | |
847 | 0x54, 0x40, 0xDA, 0xE8, 0x22, 0xD3, 0x11, 0xD3, | |
848 | 0xF7, 0x6D, 0xE4, 0x1D, 0xD9, 0x33, 0xE5, 0x93, | |
849 | 0x70, 0x97, 0xEB, 0xA9, 0xB3, 0x66, 0xF4, 0x2A, | |
850 | 0x00, 0x00, 0x00, 0x02, 0x6A, 0x66, 0x43, 0x2A, | |
851 | 0x8D, 0x14, 0x43, 0x2C, 0xEC, 0x58, 0x2D, 0x2F, | |
852 | 0xC7, 0x9C, 0x33, 0x64, 0xBA, 0x04, 0xAD, 0x3A, | |
853 | 0x52, 0x54, 0xD6, 0xA5, 0x79, 0xAD, 0x1E, 0x00 | |
854 | }; | |
855 | const u8 master_secret[] = { | |
856 | 0x4A, 0x1A, 0x51, 0x2C, 0x01, 0x60, 0xBC, 0x02, | |
857 | 0x3C, 0xCF, 0xBC, 0x83, 0x3F, 0x03, 0xBC, 0x64, | |
858 | 0x88, 0xC1, 0x31, 0x2F, 0x0B, 0xA9, 0xA2, 0x77, | |
859 | 0x16, 0xA8, 0xD8, 0xE8, 0xBD, 0xC9, 0xD2, 0x29, | |
860 | 0x38, 0x4B, 0x7A, 0x85, 0xBE, 0x16, 0x4D, 0x27, | |
861 | 0x33, 0xD5, 0x24, 0x79, 0x87, 0xB1, 0xC5, 0xA2 | |
862 | }; | |
5bbc1c25 | 863 | #ifndef CONFIG_FIPS |
4b462a02 JM |
864 | const u8 key_block[] = { |
865 | 0x59, 0x59, 0xBE, 0x8E, 0x41, 0x3A, 0x77, 0x74, | |
866 | 0x8B, 0xB2, 0xE5, 0xD3, 0x60, 0xAC, 0x4D, 0x35, | |
867 | 0xDF, 0xFB, 0xC8, 0x1E, 0x9C, 0x24, 0x9C, 0x8B, | |
868 | 0x0E, 0xC3, 0x1D, 0x72, 0xC8, 0x84, 0x9D, 0x57, | |
869 | 0x48, 0x51, 0x2E, 0x45, 0x97, 0x6C, 0x88, 0x70, | |
870 | 0xBE, 0x5F, 0x01, 0xD3, 0x64, 0xE7, 0x4C, 0xBB, | |
871 | 0x11, 0x24, 0xE3, 0x49, 0xE2, 0x3B, 0xCD, 0xEF, | |
872 | 0x7A, 0xB3, 0x05, 0x39, 0x5D, 0x64, 0x8A, 0x44, | |
873 | 0x11, 0xB6, 0x69, 0x88, 0x34, 0x2E, 0x8E, 0x29, | |
874 | 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05, | |
875 | 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96, | |
876 | 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84, | |
877 | 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98, | |
878 | 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71 | |
879 | }; | |
5bbc1c25 | 880 | #endif /* CONFIG_FIPS */ |
4b462a02 JM |
881 | const u8 sks[] = { |
882 | 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05, | |
883 | 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96, | |
884 | 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84, | |
885 | 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98, | |
886 | 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71 | |
887 | }; | |
888 | const u8 isk[] = { | |
889 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
890 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
891 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
892 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 | |
893 | }; | |
894 | const u8 imck[] = { | |
895 | 0x16, 0x15, 0x3C, 0x3F, 0x21, 0x55, 0xEF, 0xD9, | |
896 | 0x7F, 0x34, 0xAE, 0xC8, 0x1A, 0x4E, 0x66, 0x80, | |
897 | 0x4C, 0xC3, 0x76, 0xF2, 0x8A, 0xA9, 0x6F, 0x96, | |
898 | 0xC2, 0x54, 0x5F, 0x8C, 0xAB, 0x65, 0x02, 0xE1, | |
899 | 0x18, 0x40, 0x7B, 0x56, 0xBE, 0xEA, 0xA7, 0xC5, | |
900 | 0x76, 0x5D, 0x8F, 0x0B, 0xC5, 0x07, 0xC6, 0xB9, | |
901 | 0x04, 0xD0, 0x69, 0x56, 0x72, 0x8B, 0x6B, 0xB8, | |
902 | 0x15, 0xEC, 0x57, 0x7B | |
903 | }; | |
904 | const u8 msk[] = { | |
905 | 0x4D, 0x83, 0xA9, 0xBE, 0x6F, 0x8A, 0x74, 0xED, | |
906 | 0x6A, 0x02, 0x66, 0x0A, 0x63, 0x4D, 0x2C, 0x33, | |
907 | 0xC2, 0xDA, 0x60, 0x15, 0xC6, 0x37, 0x04, 0x51, | |
908 | 0x90, 0x38, 0x63, 0xDA, 0x54, 0x3E, 0x14, 0xB9, | |
909 | 0x27, 0x99, 0x18, 0x1E, 0x07, 0xBF, 0x0F, 0x5A, | |
910 | 0x5E, 0x3C, 0x32, 0x93, 0x80, 0x8C, 0x6C, 0x49, | |
911 | 0x67, 0xED, 0x24, 0xFE, 0x45, 0x40, 0xA0, 0x59, | |
912 | 0x5E, 0x37, 0xC2, 0xE9, 0xD0, 0x5D, 0x0A, 0xE3 | |
913 | }; | |
914 | const u8 emsk[] = { | |
915 | 0x3A, 0xD4, 0xAB, 0xDB, 0x76, 0xB2, 0x7F, 0x3B, | |
916 | 0xEA, 0x32, 0x2C, 0x2B, 0x74, 0xF4, 0x28, 0x55, | |
917 | 0xEF, 0x2D, 0xBA, 0x78, 0xC9, 0x57, 0x2F, 0x0D, | |
918 | 0x06, 0xCD, 0x51, 0x7C, 0x20, 0x93, 0x98, 0xA9, | |
919 | 0x76, 0xEA, 0x70, 0x21, 0xD7, 0x0E, 0x25, 0x54, | |
920 | 0x97, 0xED, 0xB2, 0x8A, 0xF6, 0xED, 0xFD, 0x0A, | |
921 | 0x2A, 0xE7, 0xA1, 0x58, 0x90, 0x10, 0x50, 0x44, | |
922 | 0xB3, 0x82, 0x85, 0xDB, 0x06, 0x14, 0xD2, 0xF9 | |
923 | }; | |
924 | /* RFC 4851, Appendix B.2 */ | |
925 | u8 tlv[] = { | |
926 | 0x80, 0x0C, 0x00, 0x38, 0x00, 0x01, 0x01, 0x00, | |
927 | 0xD8, 0x6A, 0x8C, 0x68, 0x3C, 0x32, 0x31, 0xA8, | |
928 | 0x56, 0x63, 0xB6, 0x40, 0x21, 0xFE, 0x21, 0x14, | |
929 | 0x4E, 0xE7, 0x54, 0x20, 0x79, 0x2D, 0x42, 0x62, | |
930 | 0xC9, 0xBF, 0x53, 0x7F, 0x54, 0xFD, 0xAC, 0x58, | |
931 | 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF, | |
932 | 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC, | |
933 | 0x05, 0xC5, 0x5B, 0xB7 | |
934 | }; | |
935 | const u8 compound_mac[] = { | |
936 | 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF, | |
937 | 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC, | |
938 | 0x05, 0xC5, 0x5B, 0xB7 | |
939 | }; | |
940 | u8 buf[512]; | |
941 | const u8 *simck, *cmk; | |
942 | int errors = 0; | |
943 | ||
944 | wpa_printf(MSG_INFO, "EAP-FAST test cases"); | |
945 | ||
946 | wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / master_secret"); | |
947 | if (sha1_t_prf(pac_key, sizeof(pac_key), | |
948 | "PAC to master secret label hash", | |
949 | seed, sizeof(seed), buf, sizeof(master_secret)) < 0 || | |
950 | os_memcmp(master_secret, buf, sizeof(master_secret)) != 0) { | |
951 | wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); | |
952 | errors++; | |
953 | } | |
954 | ||
5bbc1c25 | 955 | #ifndef CONFIG_FIPS |
4b462a02 JM |
956 | wpa_printf(MSG_INFO, "- PRF (TLS, SHA1/MD5) test case / key_block"); |
957 | if (tls_prf_sha1_md5(master_secret, sizeof(master_secret), | |
958 | "key expansion", seed, sizeof(seed), | |
959 | buf, sizeof(key_block)) || | |
960 | os_memcmp(key_block, buf, sizeof(key_block)) != 0) { | |
961 | wpa_printf(MSG_INFO, "PRF test - FAILED!"); | |
962 | errors++; | |
963 | } | |
5bbc1c25 | 964 | #endif /* CONFIG_FIPS */ |
4b462a02 JM |
965 | |
966 | wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / IMCK"); | |
967 | if (sha1_t_prf(sks, sizeof(sks), "Inner Methods Compound Keys", | |
968 | isk, sizeof(isk), buf, sizeof(imck)) < 0 || | |
969 | os_memcmp(imck, buf, sizeof(imck)) != 0) { | |
970 | wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); | |
971 | errors++; | |
972 | } | |
973 | ||
974 | simck = imck; | |
975 | cmk = imck + 40; | |
976 | ||
977 | wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / MSK"); | |
978 | if (sha1_t_prf(simck, 40, "Session Key Generating Function", | |
979 | (u8 *) "", 0, buf, sizeof(msk)) < 0 || | |
980 | os_memcmp(msk, buf, sizeof(msk)) != 0) { | |
981 | wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); | |
982 | errors++; | |
983 | } | |
984 | ||
985 | wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / EMSK"); | |
986 | if (sha1_t_prf(simck, 40, "Extended Session Key Generating Function", | |
987 | (u8 *) "", 0, buf, sizeof(msk)) < 0 || | |
988 | os_memcmp(emsk, buf, sizeof(emsk)) != 0) { | |
989 | wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); | |
990 | errors++; | |
991 | } | |
992 | ||
993 | wpa_printf(MSG_INFO, "- Compound MAC test case"); | |
994 | os_memset(tlv + sizeof(tlv) - 20, 0, 20); | |
995 | if (hmac_sha1(cmk, 20, tlv, sizeof(tlv), tlv + sizeof(tlv) - 20) < 0 || | |
996 | os_memcmp(tlv + sizeof(tlv) - 20, compound_mac, | |
997 | sizeof(compound_mac)) != 0) { | |
998 | wpa_printf(MSG_INFO, "Compound MAC test - FAILED!"); | |
999 | errors++; | |
1000 | } | |
1001 | ||
1002 | return errors; | |
1068bdb9 JM |
1003 | #else /* EAP_FAST */ |
1004 | return 0; | |
1005 | #endif /* EAP_FAST */ | |
4b462a02 JM |
1006 | } |
1007 | ||
1008 | ||
8b423edb | 1009 | static const u8 key0[] = |
4b462a02 JM |
1010 | { |
1011 | 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, | |
1012 | 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, | |
1013 | 0x0b, 0x0b, 0x0b, 0x0b | |
1014 | }; | |
8b423edb MK |
1015 | static const u8 data0[] = "Hi There"; |
1016 | static const u8 prf0[] = | |
4b462a02 JM |
1017 | { |
1018 | 0xbc, 0xd4, 0xc6, 0x50, 0xb3, 0x0b, 0x96, 0x84, | |
1019 | 0x95, 0x18, 0x29, 0xe0, 0xd7, 0x5f, 0x9d, 0x54, | |
1020 | 0xb8, 0x62, 0x17, 0x5e, 0xd9, 0xf0, 0x06, 0x06, | |
1021 | 0xe1, 0x7d, 0x8d, 0xa3, 0x54, 0x02, 0xff, 0xee, | |
1022 | 0x75, 0xdf, 0x78, 0xc3, 0xd3, 0x1e, 0x0f, 0x88, | |
1023 | 0x9f, 0x01, 0x21, 0x20, 0xc0, 0x86, 0x2b, 0xeb, | |
1024 | 0x67, 0x75, 0x3e, 0x74, 0x39, 0xae, 0x24, 0x2e, | |
1025 | 0xdb, 0x83, 0x73, 0x69, 0x83, 0x56, 0xcf, 0x5a | |
1026 | }; | |
1027 | ||
8b423edb MK |
1028 | static const u8 key1[] = "Jefe"; |
1029 | static const u8 data1[] = "what do ya want for nothing?"; | |
1030 | static const u8 prf1[] = | |
4b462a02 JM |
1031 | { |
1032 | 0x51, 0xf4, 0xde, 0x5b, 0x33, 0xf2, 0x49, 0xad, | |
1033 | 0xf8, 0x1a, 0xeb, 0x71, 0x3a, 0x3c, 0x20, 0xf4, | |
1034 | 0xfe, 0x63, 0x14, 0x46, 0xfa, 0xbd, 0xfa, 0x58, | |
1035 | 0x24, 0x47, 0x59, 0xae, 0x58, 0xef, 0x90, 0x09, | |
1036 | 0xa9, 0x9a, 0xbf, 0x4e, 0xac, 0x2c, 0xa5, 0xfa, | |
1037 | 0x87, 0xe6, 0x92, 0xc4, 0x40, 0xeb, 0x40, 0x02, | |
1038 | 0x3e, 0x7b, 0xab, 0xb2, 0x06, 0xd6, 0x1d, 0xe7, | |
1039 | 0xb9, 0x2f, 0x41, 0x52, 0x90, 0x92, 0xb8, 0xfc | |
1040 | }; | |
1041 | ||
1042 | ||
8b423edb | 1043 | static const u8 key2[] = |
4b462a02 JM |
1044 | { |
1045 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1046 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1047 | 0xaa, 0xaa, 0xaa, 0xaa | |
1048 | }; | |
8b423edb | 1049 | static const u8 data2[] = |
4b462a02 JM |
1050 | { |
1051 | 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, | |
1052 | 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, | |
1053 | 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, | |
1054 | 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, | |
1055 | 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, | |
1056 | 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, | |
1057 | 0xdd, 0xdd | |
1058 | }; | |
8b423edb | 1059 | static const u8 prf2[] = |
4b462a02 JM |
1060 | { |
1061 | 0xe1, 0xac, 0x54, 0x6e, 0xc4, 0xcb, 0x63, 0x6f, | |
1062 | 0x99, 0x76, 0x48, 0x7b, 0xe5, 0xc8, 0x6b, 0xe1, | |
1063 | 0x7a, 0x02, 0x52, 0xca, 0x5d, 0x8d, 0x8d, 0xf1, | |
1064 | 0x2c, 0xfb, 0x04, 0x73, 0x52, 0x52, 0x49, 0xce, | |
1065 | 0x9d, 0xd8, 0xd1, 0x77, 0xea, 0xd7, 0x10, 0xbc, | |
1066 | 0x9b, 0x59, 0x05, 0x47, 0x23, 0x91, 0x07, 0xae, | |
1067 | 0xf7, 0xb4, 0xab, 0xd4, 0x3d, 0x87, 0xf0, 0xa6, | |
1068 | 0x8f, 0x1c, 0xbd, 0x9e, 0x2b, 0x6f, 0x76, 0x07 | |
1069 | }; | |
1070 | ||
1071 | ||
1072 | struct passphrase_test { | |
1073 | char *passphrase; | |
1074 | char *ssid; | |
1075 | char psk[32]; | |
1076 | }; | |
1077 | ||
8b423edb | 1078 | static const struct passphrase_test passphrase_tests[] = |
4b462a02 JM |
1079 | { |
1080 | { | |
1081 | "password", | |
1082 | "IEEE", | |
1083 | { | |
1084 | 0xf4, 0x2c, 0x6f, 0xc5, 0x2d, 0xf0, 0xeb, 0xef, | |
1085 | 0x9e, 0xbb, 0x4b, 0x90, 0xb3, 0x8a, 0x5f, 0x90, | |
1086 | 0x2e, 0x83, 0xfe, 0x1b, 0x13, 0x5a, 0x70, 0xe2, | |
1087 | 0x3a, 0xed, 0x76, 0x2e, 0x97, 0x10, 0xa1, 0x2e | |
1088 | } | |
1089 | }, | |
1090 | { | |
1091 | "ThisIsAPassword", | |
1092 | "ThisIsASSID", | |
1093 | { | |
1094 | 0x0d, 0xc0, 0xd6, 0xeb, 0x90, 0x55, 0x5e, 0xd6, | |
1095 | 0x41, 0x97, 0x56, 0xb9, 0xa1, 0x5e, 0xc3, 0xe3, | |
1096 | 0x20, 0x9b, 0x63, 0xdf, 0x70, 0x7d, 0xd5, 0x08, | |
1097 | 0xd1, 0x45, 0x81, 0xf8, 0x98, 0x27, 0x21, 0xaf | |
1098 | } | |
1099 | }, | |
1100 | { | |
1101 | "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", | |
1102 | "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ", | |
1103 | { | |
1104 | 0xbe, 0xcb, 0x93, 0x86, 0x6b, 0xb8, 0xc3, 0x83, | |
1105 | 0x2c, 0xb7, 0x77, 0xc2, 0xf5, 0x59, 0x80, 0x7c, | |
1106 | 0x8c, 0x59, 0xaf, 0xcb, 0x6e, 0xae, 0x73, 0x48, | |
1107 | 0x85, 0x00, 0x13, 0x00, 0xa9, 0x81, 0xcc, 0x62 | |
1108 | } | |
1109 | }, | |
1110 | }; | |
1111 | ||
1112 | #define NUM_PASSPHRASE_TESTS ARRAY_SIZE(passphrase_tests) | |
1113 | ||
1114 | ||
1115 | struct rfc6070_test { | |
1116 | char *p; | |
1117 | char *s; | |
1118 | int c; | |
1119 | char dk[32]; | |
1120 | size_t dk_len; | |
1121 | }; | |
1122 | ||
8b423edb | 1123 | static const struct rfc6070_test rfc6070_tests[] = |
4b462a02 JM |
1124 | { |
1125 | { | |
1126 | "password", | |
1127 | "salt", | |
1128 | 1, | |
1129 | { | |
1130 | 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71, | |
1131 | 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06, | |
1132 | 0x2f, 0xe0, 0x37, 0xa6 | |
1133 | }, | |
1134 | 20 | |
1135 | }, | |
1136 | { | |
1137 | "password", | |
1138 | "salt", | |
1139 | 2, | |
1140 | { | |
1141 | 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c, | |
1142 | 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0, | |
1143 | 0xd8, 0xde, 0x89, 0x57 | |
1144 | }, | |
1145 | 20 | |
1146 | }, | |
1147 | { | |
1148 | "password", | |
1149 | "salt", | |
1150 | 4096, | |
1151 | { | |
1152 | 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a, | |
1153 | 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0, | |
1154 | 0x65, 0xa4, 0x29, 0xc1 | |
1155 | }, | |
1156 | 20 | |
1157 | }, | |
1158 | #if 0 /* This takes quite long to derive.. */ | |
1159 | { | |
1160 | "password", | |
1161 | "salt", | |
1162 | 16777216, | |
1163 | { | |
1164 | 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4, | |
1165 | 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c, | |
1166 | 0x26, 0x34, 0xe9, 0x84 | |
1167 | }, | |
1168 | 20 | |
1169 | }, | |
1170 | #endif | |
1171 | { | |
1172 | "passwordPASSWORDpassword", | |
1173 | "saltSALTsaltSALTsaltSALTsaltSALTsalt", | |
1174 | 4096, | |
1175 | { | |
1176 | 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b, | |
1177 | 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a, | |
1178 | 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70, | |
1179 | 0x38 | |
1180 | }, | |
1181 | 25 | |
1182 | }, | |
1183 | #if 0 /* \0 not currently supported in passphrase parameters.. */ | |
1184 | { | |
1185 | "pass\0word", | |
1186 | "sa\0lt", | |
1187 | 4096, | |
1188 | { | |
1189 | 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d, | |
1190 | 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3 | |
1191 | }, | |
1192 | 16 | |
1193 | }, | |
1194 | #endif | |
1195 | }; | |
1196 | ||
1197 | #define NUM_RFC6070_TESTS ARRAY_SIZE(rfc6070_tests) | |
1198 | ||
1199 | ||
1200 | static int test_sha1(void) | |
1201 | { | |
1202 | u8 res[512]; | |
1203 | int ret = 0; | |
1204 | unsigned int i; | |
1205 | ||
1206 | wpa_printf(MSG_INFO, "PRF-SHA1 test cases:"); | |
1207 | ||
1208 | if (sha1_prf(key0, sizeof(key0), "prefix", data0, sizeof(data0) - 1, | |
1209 | res, sizeof(prf0)) == 0 && | |
1210 | os_memcmp(res, prf0, sizeof(prf0)) == 0) | |
1211 | wpa_printf(MSG_INFO, "Test case 0 - OK"); | |
1212 | else { | |
1213 | wpa_printf(MSG_INFO, "Test case 0 - FAILED!"); | |
1214 | ret++; | |
1215 | } | |
1216 | ||
1217 | if (sha1_prf(key1, sizeof(key1) - 1, "prefix", data1, sizeof(data1) - 1, | |
1218 | res, sizeof(prf1)) == 0 && | |
1219 | os_memcmp(res, prf1, sizeof(prf1)) == 0) | |
1220 | wpa_printf(MSG_INFO, "Test case 1 - OK"); | |
1221 | else { | |
1222 | wpa_printf(MSG_INFO, "Test case 1 - FAILED!"); | |
1223 | ret++; | |
1224 | } | |
1225 | ||
1226 | if (sha1_prf(key2, sizeof(key2), "prefix", data2, sizeof(data2), | |
1227 | res, sizeof(prf2)) == 0 && | |
1228 | os_memcmp(res, prf2, sizeof(prf2)) == 0) | |
1229 | wpa_printf(MSG_INFO, "Test case 2 - OK"); | |
1230 | else { | |
1231 | wpa_printf(MSG_INFO, "Test case 2 - FAILED!"); | |
1232 | ret++; | |
1233 | } | |
1234 | ||
1235 | ret += test_eap_fast(); | |
1236 | ||
1237 | wpa_printf(MSG_INFO, "PBKDF2-SHA1 Passphrase test cases:"); | |
1238 | for (i = 0; i < NUM_PASSPHRASE_TESTS; i++) { | |
1239 | u8 psk[32]; | |
8b423edb | 1240 | const struct passphrase_test *test = &passphrase_tests[i]; |
4b462a02 JM |
1241 | |
1242 | if (pbkdf2_sha1(test->passphrase, | |
1243 | (const u8 *) test->ssid, strlen(test->ssid), | |
1244 | 4096, psk, 32) == 0 && | |
1245 | os_memcmp(psk, test->psk, 32) == 0) | |
1246 | wpa_printf(MSG_INFO, "Test case %d - OK", i); | |
1247 | else { | |
1248 | wpa_printf(MSG_INFO, "Test case %d - FAILED!", i); | |
1249 | ret++; | |
1250 | } | |
1251 | } | |
1252 | ||
1253 | wpa_printf(MSG_INFO, "PBKDF2-SHA1 test cases (RFC 6070):"); | |
1254 | for (i = 0; i < NUM_RFC6070_TESTS; i++) { | |
1255 | u8 dk[25]; | |
8b423edb | 1256 | const struct rfc6070_test *test = &rfc6070_tests[i]; |
4b462a02 JM |
1257 | |
1258 | if (pbkdf2_sha1(test->p, (const u8 *) test->s, strlen(test->s), | |
1259 | test->c, dk, test->dk_len) == 0 && | |
1260 | os_memcmp(dk, test->dk, test->dk_len) == 0) | |
1261 | wpa_printf(MSG_INFO, "Test case %d - OK", i); | |
1262 | else { | |
1263 | wpa_printf(MSG_INFO, "Test case %d - FAILED!", i); | |
1264 | ret++; | |
1265 | } | |
1266 | } | |
1267 | ||
1268 | if (!ret) | |
1269 | wpa_printf(MSG_INFO, "SHA1 test cases passed"); | |
1270 | return ret; | |
1271 | } | |
1272 | ||
1273 | ||
3e624369 | 1274 | static const struct { |
59be78ef JM |
1275 | char *data; |
1276 | u8 hash[32]; | |
1277 | } tests[] = { | |
1278 | { | |
1279 | "abc", | |
1280 | { | |
1281 | 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, | |
1282 | 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, | |
1283 | 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, | |
1284 | 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad | |
1285 | } | |
1286 | }, | |
1287 | { | |
1288 | "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", | |
1289 | { | |
1290 | 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, | |
1291 | 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, | |
1292 | 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, | |
1293 | 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1 | |
1294 | } | |
1295 | } | |
1296 | }; | |
1297 | ||
3e624369 | 1298 | static const struct hmac_test { |
2e555f9c | 1299 | u8 key[150]; |
59be78ef | 1300 | size_t key_len; |
2e555f9c | 1301 | u8 data[160]; |
59be78ef | 1302 | size_t data_len; |
2e555f9c JM |
1303 | u8 hash[32]; /* HMAC-SHA-256 */ |
1304 | u8 hash384[48]; /* HMAC-SHA-384 */ | |
59be78ef | 1305 | } hmac_tests[] = { |
2e555f9c | 1306 | /* draft-ietf-ipsec-ciph-sha-256-01.txt; RFC 4231 */ |
59be78ef JM |
1307 | { |
1308 | { | |
1309 | 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, | |
1310 | 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, | |
1311 | 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, | |
1312 | 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 | |
1313 | }, | |
1314 | 32, | |
1315 | "abc", 3, | |
1316 | { | |
1317 | 0xa2, 0x1b, 0x1f, 0x5d, 0x4c, 0xf4, 0xf7, 0x3a, | |
1318 | 0x4d, 0xd9, 0x39, 0x75, 0x0f, 0x7a, 0x06, 0x6a, | |
1319 | 0x7f, 0x98, 0xcc, 0x13, 0x1c, 0xb1, 0x6a, 0x66, | |
1320 | 0x92, 0x75, 0x90, 0x21, 0xcf, 0xab, 0x81, 0x81 | |
2e555f9c JM |
1321 | }, |
1322 | { } | |
59be78ef JM |
1323 | }, |
1324 | { | |
1325 | { | |
1326 | 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, | |
1327 | 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, | |
1328 | 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, | |
1329 | 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 | |
1330 | }, | |
1331 | 32, | |
1332 | "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", | |
1333 | 56, | |
1334 | { | |
1335 | 0x10, 0x4f, 0xdc, 0x12, 0x57, 0x32, 0x8f, 0x08, | |
1336 | 0x18, 0x4b, 0xa7, 0x31, 0x31, 0xc5, 0x3c, 0xae, | |
1337 | 0xe6, 0x98, 0xe3, 0x61, 0x19, 0x42, 0x11, 0x49, | |
1338 | 0xea, 0x8c, 0x71, 0x24, 0x56, 0x69, 0x7d, 0x30 | |
2e555f9c JM |
1339 | }, |
1340 | { } | |
59be78ef JM |
1341 | }, |
1342 | { | |
1343 | { | |
1344 | 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, | |
1345 | 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, | |
1346 | 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, | |
1347 | 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 | |
1348 | }, | |
1349 | 32, | |
1350 | "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" | |
1351 | "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", | |
1352 | 112, | |
1353 | { | |
1354 | 0x47, 0x03, 0x05, 0xfc, 0x7e, 0x40, 0xfe, 0x34, | |
1355 | 0xd3, 0xee, 0xb3, 0xe7, 0x73, 0xd9, 0x5a, 0xab, | |
1356 | 0x73, 0xac, 0xf0, 0xfd, 0x06, 0x04, 0x47, 0xa5, | |
1357 | 0xeb, 0x45, 0x95, 0xbf, 0x33, 0xa9, 0xd1, 0xa3 | |
2e555f9c JM |
1358 | }, |
1359 | { } | |
59be78ef JM |
1360 | }, |
1361 | { | |
1362 | { | |
1363 | 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, | |
1364 | 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, | |
1365 | 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, | |
1366 | 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b | |
1367 | }, | |
1368 | 32, | |
1369 | "Hi There", | |
1370 | 8, | |
1371 | { | |
1372 | 0x19, 0x8a, 0x60, 0x7e, 0xb4, 0x4b, 0xfb, 0xc6, | |
1373 | 0x99, 0x03, 0xa0, 0xf1, 0xcf, 0x2b, 0xbd, 0xc5, | |
1374 | 0xba, 0x0a, 0xa3, 0xf3, 0xd9, 0xae, 0x3c, 0x1c, | |
1375 | 0x7a, 0x3b, 0x16, 0x96, 0xa0, 0xb6, 0x8c, 0xf7 | |
2e555f9c JM |
1376 | }, |
1377 | { } | |
1378 | }, | |
1379 | { /* RFC 4231 - Test Case 1 */ | |
1380 | { | |
1381 | 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, | |
1382 | 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, | |
1383 | 0x0b, 0x0b, 0x0b, 0x0b | |
1384 | }, | |
1385 | 20, | |
1386 | "Hi There", | |
1387 | 8, | |
1388 | { | |
1389 | 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, | |
1390 | 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b, | |
1391 | 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, | |
1392 | 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7 | |
1393 | }, | |
1394 | { | |
1395 | 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, | |
1396 | 0x6b, 0x08, 0x25, 0xf4, 0xab, 0x46, 0x90, 0x7f, | |
1397 | 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6, | |
1398 | 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, | |
1399 | 0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f, | |
1400 | 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6 | |
59be78ef JM |
1401 | } |
1402 | }, | |
2e555f9c | 1403 | { /* RFC 4231 - Test Case 2 */ |
59be78ef JM |
1404 | "Jefe", |
1405 | 4, | |
1406 | "what do ya want for nothing?", | |
1407 | 28, | |
1408 | { | |
1409 | 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, | |
1410 | 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7, | |
1411 | 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83, | |
1412 | 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43 | |
2e555f9c JM |
1413 | }, |
1414 | { | |
1415 | 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31, | |
1416 | 0x61, 0x7f, 0x78, 0xd2, 0xb5, 0x8a, 0x6b, 0x1b, | |
1417 | 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47, | |
1418 | 0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e, | |
1419 | 0x8e, 0x22, 0x40, 0xca, 0x5e, 0x69, 0xe2, 0xc7, | |
1420 | 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49 | |
59be78ef JM |
1421 | } |
1422 | }, | |
1423 | { | |
1424 | { | |
1425 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1426 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1427 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1428 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa | |
1429 | }, | |
1430 | 32, | |
1431 | { | |
1432 | 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, | |
1433 | 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, | |
1434 | 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, | |
1435 | 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, | |
1436 | 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, | |
1437 | 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, | |
1438 | 0xdd, 0xdd | |
1439 | }, | |
1440 | 50, | |
1441 | { | |
1442 | 0xcd, 0xcb, 0x12, 0x20, 0xd1, 0xec, 0xcc, 0xea, | |
1443 | 0x91, 0xe5, 0x3a, 0xba, 0x30, 0x92, 0xf9, 0x62, | |
1444 | 0xe5, 0x49, 0xfe, 0x6c, 0xe9, 0xed, 0x7f, 0xdc, | |
1445 | 0x43, 0x19, 0x1f, 0xbd, 0xe4, 0x5c, 0x30, 0xb0 | |
2e555f9c JM |
1446 | }, |
1447 | { } | |
1448 | }, | |
1449 | { /* RFC 4231 - Test Case 3 */ | |
1450 | { | |
1451 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1452 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1453 | 0xaa, 0xaa, 0xaa, 0xaa | |
1454 | }, | |
1455 | 20, | |
1456 | { | |
1457 | 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, | |
1458 | 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, | |
1459 | 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, | |
1460 | 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, | |
1461 | 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, | |
1462 | 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, | |
1463 | 0xdd, 0xdd | |
1464 | }, | |
1465 | 50, | |
1466 | { | |
1467 | 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, | |
1468 | 0x85, 0x4d, 0xb8, 0xeb, 0xd0, 0x91, 0x81, 0xa7, | |
1469 | 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8, 0xc1, 0x22, | |
1470 | 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe | |
1471 | }, | |
1472 | { | |
1473 | 0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a, | |
1474 | 0x0a, 0xa2, 0xac, 0xe0, 0x14, 0xc8, 0xa8, 0x6f, | |
1475 | 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb, | |
1476 | 0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b, | |
1477 | 0x2a, 0x5a, 0xb3, 0x9d, 0xc1, 0x38, 0x14, 0xb9, | |
1478 | 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27 | |
59be78ef JM |
1479 | } |
1480 | }, | |
1481 | { | |
1482 | { | |
1483 | 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, | |
1484 | 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, | |
1485 | 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, | |
1486 | 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, | |
1487 | 0x21, 0x22, 0x23, 0x24, 0x25 | |
1488 | }, | |
1489 | 37, | |
1490 | { | |
1491 | 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, | |
1492 | 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, | |
1493 | 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, | |
1494 | 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, | |
1495 | 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, | |
1496 | 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, | |
1497 | 0xcd, 0xcd | |
1498 | }, | |
1499 | 50, | |
1500 | { | |
1501 | 0xd4, 0x63, 0x3c, 0x17, 0xf6, 0xfb, 0x8d, 0x74, | |
1502 | 0x4c, 0x66, 0xde, 0xe0, 0xf8, 0xf0, 0x74, 0x55, | |
1503 | 0x6e, 0xc4, 0xaf, 0x55, 0xef, 0x07, 0x99, 0x85, | |
1504 | 0x41, 0x46, 0x8e, 0xb4, 0x9b, 0xd2, 0xe9, 0x17 | |
2e555f9c JM |
1505 | }, |
1506 | { } | |
1507 | }, | |
1508 | { /* RFC 4231 - Test Case 4 */ | |
1509 | { | |
1510 | 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, | |
1511 | 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, | |
1512 | 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, | |
1513 | 0x19, | |
1514 | }, | |
1515 | 25, | |
1516 | { | |
1517 | 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, | |
1518 | 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, | |
1519 | 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, | |
1520 | 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, | |
1521 | 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, | |
1522 | 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, | |
1523 | 0xcd, 0xcd | |
1524 | }, | |
1525 | 50, | |
1526 | { | |
1527 | 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, | |
1528 | 0xa4, 0xcc, 0x81, 0x98, 0x99, 0xf2, 0x08, 0x3a, | |
1529 | 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78, 0xf8, 0x07, | |
1530 | 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b | |
1531 | }, | |
1532 | { | |
1533 | 0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85, | |
1534 | 0x19, 0x33, 0xab, 0x62, 0x90, 0xaf, 0x6c, 0xa7, | |
1535 | 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c, | |
1536 | 0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e, | |
1537 | 0x68, 0x01, 0xdd, 0x23, 0xc4, 0xa7, 0xd6, 0x79, | |
1538 | 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb | |
59be78ef JM |
1539 | } |
1540 | }, | |
1541 | { | |
1542 | { | |
1543 | 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, | |
1544 | 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, | |
1545 | 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, | |
1546 | 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c | |
1547 | }, | |
1548 | 32, | |
1549 | "Test With Truncation", | |
1550 | 20, | |
1551 | { | |
1552 | 0x75, 0x46, 0xaf, 0x01, 0x84, 0x1f, 0xc0, 0x9b, | |
1553 | 0x1a, 0xb9, 0xc3, 0x74, 0x9a, 0x5f, 0x1c, 0x17, | |
1554 | 0xd4, 0xf5, 0x89, 0x66, 0x8a, 0x58, 0x7b, 0x27, | |
1555 | 0x00, 0xa9, 0xc9, 0x7c, 0x11, 0x93, 0xcf, 0x42 | |
2e555f9c JM |
1556 | }, |
1557 | { } | |
59be78ef JM |
1558 | }, |
1559 | { | |
1560 | { | |
1561 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1562 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1563 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1564 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1565 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1566 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1567 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1568 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1569 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1570 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa | |
1571 | }, | |
1572 | 80, | |
1573 | "Test Using Larger Than Block-Size Key - Hash Key First", | |
1574 | 54, | |
1575 | { | |
1576 | 0x69, 0x53, 0x02, 0x5e, 0xd9, 0x6f, 0x0c, 0x09, | |
1577 | 0xf8, 0x0a, 0x96, 0xf7, 0x8e, 0x65, 0x38, 0xdb, | |
1578 | 0xe2, 0xe7, 0xb8, 0x20, 0xe3, 0xdd, 0x97, 0x0e, | |
1579 | 0x7d, 0xdd, 0x39, 0x09, 0x1b, 0x32, 0x35, 0x2f | |
2e555f9c JM |
1580 | }, |
1581 | { } | |
1582 | }, | |
1583 | { /* RFC 4231 - Test Case 6 */ | |
1584 | { | |
1585 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1586 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1587 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1588 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1589 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1590 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1591 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1592 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1593 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1594 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1595 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1596 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1597 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1598 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1599 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1600 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1601 | 0xaa, 0xaa, 0xaa | |
1602 | }, | |
1603 | 131, | |
1604 | "Test Using Larger Than Block-Size Key - Hash Key First", | |
1605 | 54, | |
1606 | { | |
1607 | 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, | |
1608 | 0x0d, 0x8a, 0x26, 0xaa, 0xcb, 0xf5, 0xb7, 0x7f, | |
1609 | 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28, 0xc5, 0x14, | |
1610 | 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54 | |
1611 | }, | |
1612 | { | |
1613 | 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90, | |
1614 | 0x88, 0xd2, 0xc6, 0x3a, 0x04, 0x1b, 0xc5, 0xb4, | |
1615 | 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f, | |
1616 | 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6, | |
1617 | 0x0c, 0x2e, 0xf6, 0xab, 0x40, 0x30, 0xfe, 0x82, | |
1618 | 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52 | |
59be78ef JM |
1619 | } |
1620 | }, | |
1621 | { | |
1622 | { | |
1623 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1624 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1625 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1626 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1627 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1628 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1629 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1630 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1631 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1632 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa | |
1633 | }, | |
1634 | 80, | |
1635 | "Test Using Larger Than Block-Size Key and Larger Than One " | |
1636 | "Block-Size Data", | |
1637 | 73, | |
1638 | { | |
1639 | 0x63, 0x55, 0xac, 0x22, 0xe8, 0x90, 0xd0, 0xa3, | |
1640 | 0xc8, 0x48, 0x1a, 0x5c, 0xa4, 0x82, 0x5b, 0xc8, | |
1641 | 0x84, 0xd3, 0xe7, 0xa1, 0xff, 0x98, 0xa2, 0xfc, | |
1642 | 0x2a, 0xc7, 0xd8, 0xe0, 0x64, 0xc3, 0xb2, 0xe6 | |
2e555f9c JM |
1643 | }, |
1644 | { } | |
1645 | }, | |
1646 | { /* RFC 4231 - Test Case 7 */ | |
1647 | { | |
1648 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1649 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1650 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1651 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1652 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1653 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1654 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1655 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1656 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1657 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1658 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1659 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1660 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1661 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1662 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1663 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | |
1664 | 0xaa, 0xaa, 0xaa | |
1665 | }, | |
1666 | 131, | |
1667 | "This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.", | |
1668 | 152, | |
1669 | { | |
1670 | 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, | |
1671 | 0x27, 0x63, 0x5f, 0xbc, 0xd5, 0xb0, 0xe9, 0x44, | |
1672 | 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07, 0x13, 0x93, | |
1673 | 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2 | |
1674 | }, | |
1675 | { | |
1676 | 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d, | |
1677 | 0x35, 0x1e, 0x2f, 0x25, 0x4e, 0x8f, 0xd3, 0x2c, | |
1678 | 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a, | |
1679 | 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5, | |
1680 | 0xa6, 0x78, 0xcc, 0x31, 0xe7, 0x99, 0x17, 0x6d, | |
1681 | 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e | |
59be78ef JM |
1682 | } |
1683 | } | |
1684 | }; | |
1685 | ||
1686 | ||
1687 | static int test_sha256(void) | |
1688 | { | |
1689 | unsigned int i; | |
1690 | u8 hash[32]; | |
1691 | const u8 *addr[2]; | |
1692 | size_t len[2]; | |
1693 | int errors = 0; | |
6f5b284b | 1694 | u8 *key; |
59be78ef JM |
1695 | |
1696 | for (i = 0; i < ARRAY_SIZE(tests); i++) { | |
1697 | wpa_printf(MSG_INFO, "SHA256 test case %d:", i + 1); | |
1698 | ||
1699 | addr[0] = (u8 *) tests[i].data; | |
1700 | len[0] = strlen(tests[i].data); | |
1701 | sha256_vector(1, addr, len, hash); | |
1702 | if (memcmp(hash, tests[i].hash, 32) != 0) { | |
1703 | wpa_printf(MSG_INFO, " FAIL"); | |
1704 | errors++; | |
1705 | } else | |
1706 | wpa_printf(MSG_INFO, " OK"); | |
1707 | ||
1708 | if (len[0]) { | |
1709 | addr[0] = (u8 *) tests[i].data; | |
1710 | len[0] = 1; | |
1711 | addr[1] = (u8 *) tests[i].data + 1; | |
1712 | len[1] = strlen(tests[i].data) - 1; | |
1713 | sha256_vector(2, addr, len, hash); | |
1714 | if (memcmp(hash, tests[i].hash, 32) != 0) { | |
1715 | wpa_printf(MSG_INFO, " FAIL"); | |
1716 | errors++; | |
1717 | } else | |
1718 | wpa_printf(MSG_INFO, " OK"); | |
1719 | } | |
1720 | } | |
1721 | ||
1722 | for (i = 0; i < ARRAY_SIZE(hmac_tests); i++) { | |
8b423edb | 1723 | const struct hmac_test *t = &hmac_tests[i]; |
59be78ef JM |
1724 | |
1725 | wpa_printf(MSG_INFO, "HMAC-SHA256 test case %d:", i + 1); | |
1726 | ||
1727 | if (hmac_sha256(t->key, t->key_len, t->data, t->data_len, | |
1728 | hash) < 0 || | |
1729 | os_memcmp(hash, t->hash, 32) != 0) { | |
1730 | wpa_printf(MSG_INFO, " FAIL"); | |
1731 | errors++; | |
1732 | } else | |
1733 | wpa_printf(MSG_INFO, " OK"); | |
1734 | ||
1735 | addr[0] = t->data; | |
1736 | len[0] = t->data_len; | |
1737 | if (hmac_sha256_vector(t->key, t->key_len, 1, addr, len, | |
1738 | hash) < 0 || | |
1739 | os_memcmp(hash, t->hash, 32) != 0) { | |
1740 | wpa_printf(MSG_INFO, " FAIL"); | |
1741 | errors++; | |
1742 | } else | |
1743 | wpa_printf(MSG_INFO, " OK"); | |
1744 | ||
1745 | if (len[0]) { | |
1746 | addr[0] = t->data; | |
1747 | len[0] = 1; | |
1748 | addr[1] = t->data + 1; | |
1749 | len[1] = t->data_len - 1; | |
1750 | if (hmac_sha256_vector(t->key, t->key_len, 2, addr, len, | |
1751 | hash) < 0 || | |
1752 | os_memcmp(hash, t->hash, 32) != 0) { | |
1753 | wpa_printf(MSG_INFO, " FAIL"); | |
1754 | errors++; | |
1755 | } else | |
1756 | wpa_printf(MSG_INFO, " OK"); | |
1757 | } | |
1758 | } | |
1759 | ||
1760 | wpa_printf(MSG_INFO, "Test IEEE 802.11r KDF"); | |
1761 | sha256_prf((u8 *) "abc", 3, "KDF test", (u8 *) "data", 4, | |
1762 | hash, sizeof(hash)); | |
1763 | /* TODO: add proper test case for this */ | |
1764 | ||
6f5b284b JM |
1765 | key = os_malloc(8161); |
1766 | if (key) { | |
8f3ea317 | 1767 | #ifdef CONFIG_HMAC_SHA256_KDF |
6f5b284b JM |
1768 | int res; |
1769 | ||
1770 | res = hmac_sha256_kdf((u8 *) "secret", 6, "label", | |
1771 | (u8 *) "seed", 4, key, 8160); | |
1772 | if (res) { | |
1773 | wpa_printf(MSG_INFO, | |
1774 | "Unexpected hmac_sha256_kdf(outlen=8160) failure"); | |
1775 | errors++; | |
1776 | } | |
1777 | ||
1778 | res = hmac_sha256_kdf((u8 *) "secret", 6, "label", | |
1779 | (u8 *) "seed", 4, key, 8161); | |
1780 | if (res == 0) { | |
1781 | wpa_printf(MSG_INFO, | |
1782 | "Unexpected hmac_sha256_kdf(outlen=8161) success"); | |
1783 | errors++; | |
1784 | } | |
8f3ea317 | 1785 | #endif /* CONFIG_HMAC_SHA256_KDF */ |
6f5b284b JM |
1786 | |
1787 | os_free(key); | |
1788 | } | |
1789 | ||
59be78ef JM |
1790 | if (!errors) |
1791 | wpa_printf(MSG_INFO, "SHA256 test cases passed"); | |
1792 | return errors; | |
1793 | } | |
1794 | ||
1795 | ||
2e555f9c JM |
1796 | static int test_sha384(void) |
1797 | { | |
1798 | #ifdef CONFIG_SHA384 | |
1799 | unsigned int i; | |
1800 | u8 hash[48]; | |
1801 | const u8 *addr[2]; | |
1802 | size_t len[2]; | |
1803 | int errors = 0; | |
1804 | const char *data = "hello"; | |
1805 | const u8 hash_res[] = { | |
1806 | 0x59, 0xe1, 0x74, 0x87, 0x77, 0x44, 0x8c, 0x69, | |
1807 | 0xde, 0x6b, 0x80, 0x0d, 0x7a, 0x33, 0xbb, 0xfb, | |
1808 | 0x9f, 0xf1, 0xb4, 0x63, 0xe4, 0x43, 0x54, 0xc3, | |
1809 | 0x55, 0x3b, 0xcd, 0xb9, 0xc6, 0x66, 0xfa, 0x90, | |
1810 | 0x12, 0x5a, 0x3c, 0x79, 0xf9, 0x03, 0x97, 0xbd, | |
1811 | 0xf5, 0xf6, 0xa1, 0x3d, 0xe8, 0x28, 0x68, 0x4f | |
1812 | }; | |
1813 | ||
1814 | addr[0] = (const u8 *) data; | |
1815 | len[0] = 5; | |
1816 | if (sha384_vector(1, addr, len, hash) < 0 || | |
1817 | os_memcmp(hash, hash_res, 48) != 0) { | |
1818 | wpa_printf(MSG_INFO, "SHA384 test case 1: FAIL"); | |
1819 | errors++; | |
1820 | } else { | |
1821 | wpa_printf(MSG_INFO, "SHA384 test case 1: OK"); | |
1822 | } | |
1823 | ||
1824 | addr[0] = (const u8 *) data; | |
1825 | len[0] = 4; | |
1826 | addr[1] = (const u8 *) data + 4; | |
1827 | len[1] = 1; | |
1828 | if (sha384_vector(2, addr, len, hash) < 0 || | |
1829 | os_memcmp(hash, hash_res, 48) != 0) { | |
1830 | wpa_printf(MSG_INFO, "SHA384 test case 2: FAIL"); | |
1831 | errors++; | |
1832 | } else { | |
1833 | wpa_printf(MSG_INFO, "SHA384 test case 2: OK"); | |
1834 | } | |
1835 | ||
1836 | for (i = 0; i < ARRAY_SIZE(hmac_tests); i++) { | |
1837 | const struct hmac_test *t = &hmac_tests[i]; | |
1838 | ||
1839 | if (t->hash384[0] == 0 && t->hash384[1] == 0 && | |
1840 | t->hash384[2] == 0 && t->hash384[3] == 0) | |
1841 | continue; | |
1842 | wpa_printf(MSG_INFO, "HMAC-SHA384 test case %d:", i + 1); | |
1843 | ||
1844 | if (hmac_sha384(t->key, t->key_len, t->data, t->data_len, | |
1845 | hash) < 0 || | |
1846 | os_memcmp(hash, t->hash384, 48) != 0) { | |
1847 | wpa_printf(MSG_INFO, " FAIL"); | |
1848 | errors++; | |
1849 | } else | |
1850 | wpa_printf(MSG_INFO, " OK"); | |
1851 | ||
1852 | addr[0] = t->data; | |
1853 | len[0] = t->data_len; | |
1854 | if (hmac_sha384_vector(t->key, t->key_len, 1, addr, len, | |
1855 | hash) < 0 || | |
1856 | os_memcmp(hash, t->hash384, 48) != 0) { | |
1857 | wpa_printf(MSG_INFO, " FAIL"); | |
1858 | errors++; | |
1859 | } else | |
1860 | wpa_printf(MSG_INFO, " OK"); | |
1861 | ||
1862 | if (len[0]) { | |
1863 | addr[0] = t->data; | |
1864 | len[0] = 1; | |
1865 | addr[1] = t->data + 1; | |
1866 | len[1] = t->data_len - 1; | |
1867 | if (hmac_sha384_vector(t->key, t->key_len, 2, addr, len, | |
1868 | hash) < 0 || | |
1869 | os_memcmp(hash, t->hash384, 48) != 0) { | |
1870 | wpa_printf(MSG_INFO, " FAIL"); | |
1871 | errors++; | |
1872 | } else | |
1873 | wpa_printf(MSG_INFO, " OK"); | |
1874 | } | |
1875 | } | |
1876 | ||
1877 | if (!errors) | |
1878 | wpa_printf(MSG_INFO, "SHA384 test cases passed"); | |
1879 | return errors; | |
1880 | #else /* CONFIG_SHA384 */ | |
1881 | return 0; | |
1882 | #endif /* CONFIG_SHA384 */ | |
1883 | } | |
1884 | ||
1885 | ||
1fff13a9 JM |
1886 | static int test_fips186_2_prf(void) |
1887 | { | |
1888 | /* http://csrc.nist.gov/encryption/dss/Examples-1024bit.pdf */ | |
1889 | u8 xkey[] = { | |
1890 | 0xbd, 0x02, 0x9b, 0xbe, 0x7f, 0x51, 0x96, 0x0b, | |
1891 | 0xcf, 0x9e, 0xdb, 0x2b, 0x61, 0xf0, 0x6f, 0x0f, | |
1892 | 0xeb, 0x5a, 0x38, 0xb6 | |
1893 | }; | |
1894 | u8 w[] = { | |
1895 | 0x20, 0x70, 0xb3, 0x22, 0x3d, 0xba, 0x37, 0x2f, | |
1896 | 0xde, 0x1c, 0x0f, 0xfc, 0x7b, 0x2e, 0x3b, 0x49, | |
1897 | 0x8b, 0x26, 0x06, 0x14, 0x3c, 0x6c, 0x18, 0xba, | |
1898 | 0xcb, 0x0f, 0x6c, 0x55, 0xba, 0xbb, 0x13, 0x78, | |
1899 | 0x8e, 0x20, 0xd7, 0x37, 0xa3, 0x27, 0x51, 0x16 | |
1900 | }; | |
1901 | u8 buf[40]; | |
1902 | ||
1903 | wpa_printf(MSG_INFO, | |
1904 | "Testing EAP-SIM PRF (FIPS 186-2 + change notice 1)"); | |
1905 | if (fips186_2_prf(xkey, sizeof(xkey), buf, sizeof(buf)) < 0 || | |
1906 | os_memcmp(w, buf, sizeof(w)) != 0) { | |
1907 | wpa_printf(MSG_INFO, "fips186_2_prf failed"); | |
1908 | return 1; | |
1909 | } | |
1910 | ||
1911 | return 0; | |
1912 | } | |
1913 | ||
1914 | ||
e73244c2 JM |
1915 | static int test_extract_expand_hkdf(void) |
1916 | { | |
1917 | u8 prk[SHA256_MAC_LEN]; | |
1918 | u8 okm[82]; | |
1919 | ||
1920 | /* RFC 5869, A.1 */ | |
1921 | u8 ikm1[22] = { | |
1922 | 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, | |
1923 | 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, | |
1924 | 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b | |
1925 | }; | |
1926 | u8 salt1[13] = { | |
1927 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
1928 | 0x08, 0x09, 0x0a, 0x0b, 0x0c | |
1929 | }; | |
1930 | u8 info1[10] = { | |
1931 | 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, | |
1932 | 0xf8, 0xf9 | |
1933 | }; | |
1934 | u8 prk1[32] = { | |
1935 | 0x07, 0x77, 0x09, 0x36, 0x2c, 0x2e, 0x32, 0xdf, | |
1936 | 0x0d, 0xdc, 0x3f, 0x0d, 0xc4, 0x7b, 0xba, 0x63, | |
1937 | 0x90, 0xb6, 0xc7, 0x3b, 0xb5, 0x0f, 0x9c, 0x31, | |
1938 | 0x22, 0xec, 0x84, 0x4a, 0xd7, 0xc2, 0xb3, 0xe5 | |
1939 | }; | |
1940 | u8 okm1[42] = { | |
1941 | 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, | |
1942 | 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, | |
1943 | 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c, | |
1944 | 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf, | |
1945 | 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, | |
1946 | 0x58, 0x65 | |
1947 | }; | |
1948 | ||
1949 | /* RFC 5869, A.2 */ | |
1950 | u8 ikm2[80] = { | |
1951 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
1952 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | |
1953 | 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, | |
1954 | 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, | |
1955 | 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, | |
1956 | 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, | |
1957 | 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, | |
1958 | 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, | |
1959 | 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, | |
1960 | 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f | |
1961 | }; | |
1962 | u8 salt2[80] = { | |
1963 | 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, | |
1964 | 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, | |
1965 | 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, | |
1966 | 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, | |
1967 | 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, | |
1968 | 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, | |
1969 | 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, | |
1970 | 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, | |
1971 | 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, | |
1972 | 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf | |
1973 | }; | |
1974 | u8 info2[80] = { | |
1975 | 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, | |
1976 | 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, | |
1977 | 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, | |
1978 | 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, | |
1979 | 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, | |
1980 | 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, | |
1981 | 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, | |
1982 | 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, | |
1983 | 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, | |
1984 | 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff | |
1985 | }; | |
1986 | u8 prk2[32] = { | |
1987 | 0x06, 0xa6, 0xb8, 0x8c, 0x58, 0x53, 0x36, 0x1a, | |
1988 | 0x06, 0x10, 0x4c, 0x9c, 0xeb, 0x35, 0xb4, 0x5c, | |
1989 | 0xef, 0x76, 0x00, 0x14, 0x90, 0x46, 0x71, 0x01, | |
1990 | 0x4a, 0x19, 0x3f, 0x40, 0xc1, 0x5f, 0xc2, 0x44 | |
1991 | }; | |
1992 | u8 okm2[82] = { | |
1993 | 0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1, | |
1994 | 0xc8, 0xe7, 0xf7, 0x8c, 0x59, 0x6a, 0x49, 0x34, | |
1995 | 0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, 0xfa, 0xd8, | |
1996 | 0xa0, 0x50, 0xcc, 0x4c, 0x19, 0xaf, 0xa9, 0x7c, | |
1997 | 0x59, 0x04, 0x5a, 0x99, 0xca, 0xc7, 0x82, 0x72, | |
1998 | 0x71, 0xcb, 0x41, 0xc6, 0x5e, 0x59, 0x0e, 0x09, | |
1999 | 0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8, | |
2000 | 0x36, 0x77, 0x93, 0xa9, 0xac, 0xa3, 0xdb, 0x71, | |
2001 | 0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, 0x3e, 0x87, | |
2002 | 0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f, | |
2003 | 0x1d, 0x87 | |
2004 | }; | |
2005 | ||
2006 | wpa_printf(MSG_INFO, "Testing Extract-and-Expand HKDF (RFC 5869)"); | |
2007 | ||
2008 | wpa_printf(MSG_INFO, "RFC 5869 - Test Case 1"); | |
2009 | if (hmac_sha256(salt1, sizeof(salt1), ikm1, sizeof(ikm1), prk) < 0) | |
2010 | return -1; | |
2011 | if (os_memcmp(prk, prk1, SHA256_MAC_LEN) != 0) { | |
2012 | wpa_printf(MSG_INFO, "HKDF-Extract mismatch in PRK"); | |
2013 | return -1; | |
2014 | } | |
2015 | if (hmac_sha256_kdf(prk1, sizeof(prk1), NULL, info1, sizeof(info1), | |
2016 | okm, sizeof(okm1)) < 0) | |
2017 | return -1; | |
2018 | if (os_memcmp(okm, okm1, sizeof(okm1)) != 0) { | |
2019 | wpa_printf(MSG_INFO, "HKDF-Expand mismatch in OKM"); | |
2020 | return -1; | |
2021 | } | |
2022 | ||
2023 | wpa_printf(MSG_INFO, "RFC 5869 - Test Case 2"); | |
2024 | if (hmac_sha256(salt2, sizeof(salt2), ikm2, sizeof(ikm2), prk) < 0) | |
2025 | return -1; | |
2026 | if (os_memcmp(prk, prk2, SHA256_MAC_LEN) != 0) { | |
2027 | wpa_printf(MSG_INFO, "HKDF-Extract mismatch in PRK"); | |
2028 | return -1; | |
2029 | } | |
2030 | if (hmac_sha256_kdf(prk2, sizeof(prk2), NULL, info2, sizeof(info2), | |
2031 | okm, sizeof(okm2)) < 0) | |
2032 | return -1; | |
2033 | if (os_memcmp(okm, okm2, sizeof(okm2)) != 0) { | |
2034 | wpa_printf(MSG_INFO, "HKDF-Expand mismatch in OKM"); | |
2035 | return -1; | |
2036 | } | |
2037 | ||
2038 | wpa_printf(MSG_INFO, "Extract-and-Expand HKDF test cases passed"); | |
2039 | ||
2040 | return 0; | |
2041 | } | |
2042 | ||
2043 | ||
88fc0dca JM |
2044 | static int test_ms_funcs(void) |
2045 | { | |
cd94f0d1 | 2046 | #ifndef CONFIG_FIPS |
88fc0dca JM |
2047 | /* Test vector from RFC2759 example */ |
2048 | char *username = "User"; | |
2049 | char *password = "clientPass"; | |
2050 | u8 auth_challenge[] = { | |
2051 | 0x5B, 0x5D, 0x7C, 0x7D, 0x7B, 0x3F, 0x2F, 0x3E, | |
2052 | 0x3C, 0x2C, 0x60, 0x21, 0x32, 0x26, 0x26, 0x28 | |
2053 | }; | |
2054 | u8 peer_challenge[] = { | |
2055 | 0x21, 0x40, 0x23, 0x24, 0x25, 0x5E, 0x26, 0x2A, | |
2056 | 0x28, 0x29, 0x5F, 0x2B, 0x3A, 0x33, 0x7C, 0x7E | |
2057 | }; | |
2058 | u8 password_hash[] = { | |
2059 | 0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6, | |
2060 | 0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE | |
2061 | }; | |
2062 | u8 nt_response[] = { | |
2063 | 0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E, | |
2064 | 0xA0, 0x8F, 0xAA, 0x39, 0x81, 0xCD, 0x83, 0x54, | |
2065 | 0x42, 0x33, 0x11, 0x4A, 0x3D, 0x85, 0xD6, 0xDF | |
2066 | }; | |
2067 | u8 password_hash_hash[] = { | |
2068 | 0x41, 0xC0, 0x0C, 0x58, 0x4B, 0xD2, 0xD9, 0x1C, | |
2069 | 0x40, 0x17, 0xA2, 0xA1, 0x2F, 0xA5, 0x9F, 0x3F | |
2070 | }; | |
2071 | u8 authenticator_response[] = { | |
2072 | 0x40, 0x7A, 0x55, 0x89, 0x11, 0x5F, 0xD0, 0xD6, | |
2073 | 0x20, 0x9F, 0x51, 0x0F, 0xE9, 0xC0, 0x45, 0x66, | |
2074 | 0x93, 0x2C, 0xDA, 0x56 | |
2075 | }; | |
2076 | u8 master_key[] = { | |
2077 | 0xFD, 0xEC, 0xE3, 0x71, 0x7A, 0x8C, 0x83, 0x8C, | |
2078 | 0xB3, 0x88, 0xE5, 0x27, 0xAE, 0x3C, 0xDD, 0x31 | |
2079 | }; | |
2080 | u8 send_start_key[] = { | |
2081 | 0x8B, 0x7C, 0xDC, 0x14, 0x9B, 0x99, 0x3A, 0x1B, | |
2082 | 0xA1, 0x18, 0xCB, 0x15, 0x3F, 0x56, 0xDC, 0xCB | |
2083 | }; | |
2084 | u8 buf[32]; | |
2085 | int errors = 0; | |
2086 | ||
2087 | if (nt_password_hash((u8 *) password, os_strlen(password), buf) || | |
2088 | os_memcmp(password_hash, buf, sizeof(password_hash)) != 0) { | |
2089 | wpa_printf(MSG_ERROR, "nt_password_hash failed"); | |
2090 | errors++; | |
2091 | } | |
2092 | ||
2093 | if (generate_nt_response(auth_challenge, peer_challenge, | |
2094 | (u8 *) username, os_strlen(username), | |
2095 | (u8 *) password, os_strlen(password), buf) || | |
2096 | os_memcmp(nt_response, buf, sizeof(nt_response)) != 0) { | |
2097 | wpa_printf(MSG_ERROR, "generate_nt_response failed"); | |
2098 | errors++; | |
2099 | } | |
2100 | ||
2101 | if (hash_nt_password_hash(password_hash, buf) || | |
2102 | os_memcmp(password_hash_hash, buf, | |
2103 | sizeof(password_hash_hash)) != 0) { | |
2104 | wpa_printf(MSG_ERROR, "hash_nt_password_hash failed"); | |
2105 | errors++; | |
2106 | } | |
2107 | ||
2108 | if (generate_authenticator_response((u8 *) password, | |
2109 | os_strlen(password), | |
2110 | peer_challenge, auth_challenge, | |
2111 | (u8 *) username, | |
2112 | os_strlen(username), | |
2113 | nt_response, buf) || | |
2114 | os_memcmp(authenticator_response, buf, | |
2115 | sizeof(authenticator_response)) != 0) { | |
2116 | wpa_printf(MSG_ERROR, "generate_authenticator_response failed"); | |
2117 | errors++; | |
2118 | } | |
2119 | ||
2120 | if (get_master_key(password_hash_hash, nt_response, buf) || | |
2121 | os_memcmp(master_key, buf, sizeof(master_key)) != 0) { | |
2122 | wpa_printf(MSG_ERROR, "get_master_key failed"); | |
2123 | errors++; | |
2124 | } | |
2125 | ||
2126 | if (get_asymetric_start_key(master_key, buf, sizeof(send_start_key), | |
2127 | 1, 1) || | |
2128 | os_memcmp(send_start_key, buf, sizeof(send_start_key)) != 0) { | |
2129 | wpa_printf(MSG_ERROR, "get_asymetric_start_key failed"); | |
2130 | errors++; | |
2131 | } | |
2132 | ||
2133 | if (errors) | |
2134 | wpa_printf(MSG_ERROR, "ms_funcs: %d errors", errors); | |
2135 | else | |
2136 | wpa_printf(MSG_INFO, "ms_funcs test cases passed"); | |
2137 | ||
2138 | return errors; | |
cd94f0d1 JM |
2139 | #else /* CONFIG_FIPS */ |
2140 | wpa_printf(MSG_INFO, "ms_funcs test cases skipped due to CONFIG_FIPS"); | |
2141 | return 0; | |
2142 | #endif /* CONFIG_FIPS */ | |
88fc0dca JM |
2143 | } |
2144 | ||
2145 | ||
942b7546 JM |
2146 | int crypto_module_tests(void) |
2147 | { | |
2148 | int ret = 0; | |
2149 | ||
2150 | wpa_printf(MSG_INFO, "crypto module tests"); | |
304d40e9 | 2151 | if (test_siv() || |
e438fb0d | 2152 | test_omac1() || |
477f8313 | 2153 | test_eax() || |
12444084 | 2154 | test_cbc() || |
5c0ff9f9 | 2155 | test_ecb() || |
88fc0dca | 2156 | test_key_wrap() || |
896e1b83 | 2157 | test_md5() || |
4b462a02 | 2158 | test_sha1() || |
59be78ef | 2159 | test_sha256() || |
2e555f9c | 2160 | test_sha384() || |
1fff13a9 | 2161 | test_fips186_2_prf() || |
e73244c2 | 2162 | test_extract_expand_hkdf() || |
88fc0dca | 2163 | test_ms_funcs()) |
942b7546 JM |
2164 | ret = -1; |
2165 | ||
2166 | return ret; | |
2167 | } |