2 * Test program for SHA1 and MD5
3 * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 #include "crypto/crypto.h"
13 #include "crypto/md5.h"
14 #include "crypto/sha1.h"
17 static int test_eap_fast(void)
19 /* RFC 4851, Appendix B.1 */
20 const u8 pac_key[] = {
21 0x0B, 0x97, 0x39, 0x0F, 0x37, 0x51, 0x78, 0x09,
22 0x81, 0x1E, 0xFD, 0x9C, 0x6E, 0x65, 0x94, 0x2B,
23 0x63, 0x2C, 0xE9, 0x53, 0x89, 0x38, 0x08, 0xBA,
24 0x36, 0x0B, 0x03, 0x7C, 0xD1, 0x85, 0xE4, 0x14
27 0x3F, 0xFB, 0x11, 0xC4, 0x6C, 0xBF, 0xA5, 0x7A,
28 0x54, 0x40, 0xDA, 0xE8, 0x22, 0xD3, 0x11, 0xD3,
29 0xF7, 0x6D, 0xE4, 0x1D, 0xD9, 0x33, 0xE5, 0x93,
30 0x70, 0x97, 0xEB, 0xA9, 0xB3, 0x66, 0xF4, 0x2A,
31 0x00, 0x00, 0x00, 0x02, 0x6A, 0x66, 0x43, 0x2A,
32 0x8D, 0x14, 0x43, 0x2C, 0xEC, 0x58, 0x2D, 0x2F,
33 0xC7, 0x9C, 0x33, 0x64, 0xBA, 0x04, 0xAD, 0x3A,
34 0x52, 0x54, 0xD6, 0xA5, 0x79, 0xAD, 0x1E, 0x00
36 const u8 master_secret[] = {
37 0x4A, 0x1A, 0x51, 0x2C, 0x01, 0x60, 0xBC, 0x02,
38 0x3C, 0xCF, 0xBC, 0x83, 0x3F, 0x03, 0xBC, 0x64,
39 0x88, 0xC1, 0x31, 0x2F, 0x0B, 0xA9, 0xA2, 0x77,
40 0x16, 0xA8, 0xD8, 0xE8, 0xBD, 0xC9, 0xD2, 0x29,
41 0x38, 0x4B, 0x7A, 0x85, 0xBE, 0x16, 0x4D, 0x27,
42 0x33, 0xD5, 0x24, 0x79, 0x87, 0xB1, 0xC5, 0xA2
44 const u8 key_block[] = {
45 0x59, 0x59, 0xBE, 0x8E, 0x41, 0x3A, 0x77, 0x74,
46 0x8B, 0xB2, 0xE5, 0xD3, 0x60, 0xAC, 0x4D, 0x35,
47 0xDF, 0xFB, 0xC8, 0x1E, 0x9C, 0x24, 0x9C, 0x8B,
48 0x0E, 0xC3, 0x1D, 0x72, 0xC8, 0x84, 0x9D, 0x57,
49 0x48, 0x51, 0x2E, 0x45, 0x97, 0x6C, 0x88, 0x70,
50 0xBE, 0x5F, 0x01, 0xD3, 0x64, 0xE7, 0x4C, 0xBB,
51 0x11, 0x24, 0xE3, 0x49, 0xE2, 0x3B, 0xCD, 0xEF,
52 0x7A, 0xB3, 0x05, 0x39, 0x5D, 0x64, 0x8A, 0x44,
53 0x11, 0xB6, 0x69, 0x88, 0x34, 0x2E, 0x8E, 0x29,
54 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05,
55 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96,
56 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84,
57 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98,
58 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71
61 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05,
62 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96,
63 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84,
64 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98,
65 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71
68 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
69 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
70 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
71 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
74 0x16, 0x15, 0x3C, 0x3F, 0x21, 0x55, 0xEF, 0xD9,
75 0x7F, 0x34, 0xAE, 0xC8, 0x1A, 0x4E, 0x66, 0x80,
76 0x4C, 0xC3, 0x76, 0xF2, 0x8A, 0xA9, 0x6F, 0x96,
77 0xC2, 0x54, 0x5F, 0x8C, 0xAB, 0x65, 0x02, 0xE1,
78 0x18, 0x40, 0x7B, 0x56, 0xBE, 0xEA, 0xA7, 0xC5,
79 0x76, 0x5D, 0x8F, 0x0B, 0xC5, 0x07, 0xC6, 0xB9,
80 0x04, 0xD0, 0x69, 0x56, 0x72, 0x8B, 0x6B, 0xB8,
81 0x15, 0xEC, 0x57, 0x7B
84 0x4D, 0x83, 0xA9, 0xBE, 0x6F, 0x8A, 0x74, 0xED,
85 0x6A, 0x02, 0x66, 0x0A, 0x63, 0x4D, 0x2C, 0x33,
86 0xC2, 0xDA, 0x60, 0x15, 0xC6, 0x37, 0x04, 0x51,
87 0x90, 0x38, 0x63, 0xDA, 0x54, 0x3E, 0x14, 0xB9,
88 0x27, 0x99, 0x18, 0x1E, 0x07, 0xBF, 0x0F, 0x5A,
89 0x5E, 0x3C, 0x32, 0x93, 0x80, 0x8C, 0x6C, 0x49,
90 0x67, 0xED, 0x24, 0xFE, 0x45, 0x40, 0xA0, 0x59,
91 0x5E, 0x37, 0xC2, 0xE9, 0xD0, 0x5D, 0x0A, 0xE3
94 0x3A, 0xD4, 0xAB, 0xDB, 0x76, 0xB2, 0x7F, 0x3B,
95 0xEA, 0x32, 0x2C, 0x2B, 0x74, 0xF4, 0x28, 0x55,
96 0xEF, 0x2D, 0xBA, 0x78, 0xC9, 0x57, 0x2F, 0x0D,
97 0x06, 0xCD, 0x51, 0x7C, 0x20, 0x93, 0x98, 0xA9,
98 0x76, 0xEA, 0x70, 0x21, 0xD7, 0x0E, 0x25, 0x54,
99 0x97, 0xED, 0xB2, 0x8A, 0xF6, 0xED, 0xFD, 0x0A,
100 0x2A, 0xE7, 0xA1, 0x58, 0x90, 0x10, 0x50, 0x44,
101 0xB3, 0x82, 0x85, 0xDB, 0x06, 0x14, 0xD2, 0xF9
103 /* RFC 4851, Appendix B.2 */
105 0x80, 0x0C, 0x00, 0x38, 0x00, 0x01, 0x01, 0x00,
106 0xD8, 0x6A, 0x8C, 0x68, 0x3C, 0x32, 0x31, 0xA8,
107 0x56, 0x63, 0xB6, 0x40, 0x21, 0xFE, 0x21, 0x14,
108 0x4E, 0xE7, 0x54, 0x20, 0x79, 0x2D, 0x42, 0x62,
109 0xC9, 0xBF, 0x53, 0x7F, 0x54, 0xFD, 0xAC, 0x58,
110 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF,
111 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC,
112 0x05, 0xC5, 0x5B, 0xB7
114 const u8 compound_mac[] = {
115 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF,
116 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC,
117 0x05, 0xC5, 0x5B, 0xB7
120 const u8 *simck, *cmk;
123 printf("EAP-FAST test cases\n");
125 printf("- T-PRF (SHA1) test case / master_secret\n");
126 sha1_t_prf(pac_key, sizeof(pac_key), "PAC to master secret label hash",
127 seed, sizeof(seed), buf, sizeof(master_secret));
128 if (memcmp(master_secret, buf, sizeof(master_secret)) != 0) {
129 printf("T-PRF test - FAILED!\n");
133 printf("- PRF (TLS, SHA1/MD5) test case / key_block\n");
134 if (tls_prf_sha1_md5(master_secret, sizeof(master_secret),
135 "key expansion", seed, sizeof(seed),
136 buf, sizeof(key_block)) ||
137 memcmp(key_block, buf, sizeof(key_block)) != 0) {
138 printf("PRF test - FAILED!\n");
142 printf("- T-PRF (SHA1) test case / IMCK\n");
143 sha1_t_prf(sks, sizeof(sks), "Inner Methods Compound Keys",
144 isk, sizeof(isk), buf, sizeof(imck));
145 if (memcmp(imck, buf, sizeof(imck)) != 0) {
146 printf("T-PRF test - FAILED!\n");
153 printf("- T-PRF (SHA1) test case / MSK\n");
154 sha1_t_prf(simck, 40, "Session Key Generating Function",
155 (u8 *) "", 0, buf, sizeof(msk));
156 if (memcmp(msk, buf, sizeof(msk)) != 0) {
157 printf("T-PRF test - FAILED!\n");
161 printf("- T-PRF (SHA1) test case / EMSK\n");
162 sha1_t_prf(simck, 40, "Extended Session Key Generating Function",
163 (u8 *) "", 0, buf, sizeof(msk));
164 if (memcmp(emsk, buf, sizeof(emsk)) != 0) {
165 printf("T-PRF test - FAILED!\n");
169 printf("- Compound MAC test case\n");
170 memset(tlv + sizeof(tlv) - 20, 0, 20);
171 hmac_sha1(cmk, 20, tlv, sizeof(tlv), tlv + sizeof(tlv) - 20);
172 if (memcmp(tlv + sizeof(tlv) - 20, compound_mac, sizeof(compound_mac))
174 printf("Compound MAC test - FAILED!\n");
184 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
185 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
186 0x0b, 0x0b, 0x0b, 0x0b
188 static u8 data0[] = "Hi There";
191 0xbc, 0xd4, 0xc6, 0x50, 0xb3, 0x0b, 0x96, 0x84,
192 0x95, 0x18, 0x29, 0xe0, 0xd7, 0x5f, 0x9d, 0x54,
193 0xb8, 0x62, 0x17, 0x5e, 0xd9, 0xf0, 0x06, 0x06,
194 0xe1, 0x7d, 0x8d, 0xa3, 0x54, 0x02, 0xff, 0xee,
195 0x75, 0xdf, 0x78, 0xc3, 0xd3, 0x1e, 0x0f, 0x88,
196 0x9f, 0x01, 0x21, 0x20, 0xc0, 0x86, 0x2b, 0xeb,
197 0x67, 0x75, 0x3e, 0x74, 0x39, 0xae, 0x24, 0x2e,
198 0xdb, 0x83, 0x73, 0x69, 0x83, 0x56, 0xcf, 0x5a
201 static u8 key1[] = "Jefe";
202 static u8 data1[] = "what do ya want for nothing?";
205 0x51, 0xf4, 0xde, 0x5b, 0x33, 0xf2, 0x49, 0xad,
206 0xf8, 0x1a, 0xeb, 0x71, 0x3a, 0x3c, 0x20, 0xf4,
207 0xfe, 0x63, 0x14, 0x46, 0xfa, 0xbd, 0xfa, 0x58,
208 0x24, 0x47, 0x59, 0xae, 0x58, 0xef, 0x90, 0x09,
209 0xa9, 0x9a, 0xbf, 0x4e, 0xac, 0x2c, 0xa5, 0xfa,
210 0x87, 0xe6, 0x92, 0xc4, 0x40, 0xeb, 0x40, 0x02,
211 0x3e, 0x7b, 0xab, 0xb2, 0x06, 0xd6, 0x1d, 0xe7,
212 0xb9, 0x2f, 0x41, 0x52, 0x90, 0x92, 0xb8, 0xfc
218 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
219 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
220 0xaa, 0xaa, 0xaa, 0xaa
224 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
225 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
226 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
227 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
228 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
229 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
234 0xe1, 0xac, 0x54, 0x6e, 0xc4, 0xcb, 0x63, 0x6f,
235 0x99, 0x76, 0x48, 0x7b, 0xe5, 0xc8, 0x6b, 0xe1,
236 0x7a, 0x02, 0x52, 0xca, 0x5d, 0x8d, 0x8d, 0xf1,
237 0x2c, 0xfb, 0x04, 0x73, 0x52, 0x52, 0x49, 0xce,
238 0x9d, 0xd8, 0xd1, 0x77, 0xea, 0xd7, 0x10, 0xbc,
239 0x9b, 0x59, 0x05, 0x47, 0x23, 0x91, 0x07, 0xae,
240 0xf7, 0xb4, 0xab, 0xd4, 0x3d, 0x87, 0xf0, 0xa6,
241 0x8f, 0x1c, 0xbd, 0x9e, 0x2b, 0x6f, 0x76, 0x07
245 struct passphrase_test {
251 static struct passphrase_test passphrase_tests[] =
257 0xf4, 0x2c, 0x6f, 0xc5, 0x2d, 0xf0, 0xeb, 0xef,
258 0x9e, 0xbb, 0x4b, 0x90, 0xb3, 0x8a, 0x5f, 0x90,
259 0x2e, 0x83, 0xfe, 0x1b, 0x13, 0x5a, 0x70, 0xe2,
260 0x3a, 0xed, 0x76, 0x2e, 0x97, 0x10, 0xa1, 0x2e
267 0x0d, 0xc0, 0xd6, 0xeb, 0x90, 0x55, 0x5e, 0xd6,
268 0x41, 0x97, 0x56, 0xb9, 0xa1, 0x5e, 0xc3, 0xe3,
269 0x20, 0x9b, 0x63, 0xdf, 0x70, 0x7d, 0xd5, 0x08,
270 0xd1, 0x45, 0x81, 0xf8, 0x98, 0x27, 0x21, 0xaf
274 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
275 "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ",
277 0xbe, 0xcb, 0x93, 0x86, 0x6b, 0xb8, 0xc3, 0x83,
278 0x2c, 0xb7, 0x77, 0xc2, 0xf5, 0x59, 0x80, 0x7c,
279 0x8c, 0x59, 0xaf, 0xcb, 0x6e, 0xae, 0x73, 0x48,
280 0x85, 0x00, 0x13, 0x00, 0xa9, 0x81, 0xcc, 0x62
285 #define NUM_PASSPHRASE_TESTS ARRAY_SIZE(passphrase_tests)
288 struct rfc6070_test {
296 static struct rfc6070_test rfc6070_tests[] =
303 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
304 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06,
305 0x2f, 0xe0, 0x37, 0xa6
314 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c,
315 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0,
316 0xd8, 0xde, 0x89, 0x57
325 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a,
326 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0,
327 0x65, 0xa4, 0x29, 0xc1
331 #if 0 /* This takes quite long to derive.. */
337 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4,
338 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c,
339 0x26, 0x34, 0xe9, 0x84
345 "passwordPASSWORDpassword",
346 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
349 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b,
350 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a,
351 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70,
356 #if 0 /* \0 not currently supported in passphrase parameters.. */
362 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d,
363 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3
370 #define NUM_RFC6070_TESTS ARRAY_SIZE(rfc6070_tests)
373 static int cavp_shavs(const char *fname)
377 char buf[15000], *pos, *pos2;
379 int msg_len = 0, tmp_len;
383 printf("CAVP SHAVS test vectors from %s\n", fname);
385 f = fopen(fname, "r");
387 printf("%s does not exist - cannot validate CAVP SHAVS test vectors\n",
392 while (fgets(buf, sizeof(buf), f)) {
393 pos = os_strchr(buf, '=');
397 while (pos2 >= buf && *pos2 == ' ')
402 pos2 = os_strchr(pos, '\r');
404 pos2 = os_strchr(pos, '\n');
408 pos2 = pos + os_strlen(pos);
410 if (os_strcmp(buf, "Len") == 0) {
412 } else if (os_strcmp(buf, "Msg") == 0) {
413 tmp_len = os_strlen(pos);
414 if (msg_len == 0 && tmp_len == 2)
416 if (msg_len != tmp_len * 4) {
417 printf("Unexpected Msg length (msg_len=%u tmp_len=%u, Msg='%s'\n",
418 msg_len, tmp_len, pos);
423 if (hexstr2bin(pos, msg, msg_len / 8) < 0) {
424 printf("Invalid hex string '%s'\n", pos);
428 } else if (os_strcmp(buf, "MD") == 0) {
432 tmp_len = os_strlen(pos);
433 if (tmp_len != 2 * 20) {
434 printf("Unexpected MD length (MD='%s'\n",
440 if (hexstr2bin(pos, md, 20) < 0) {
441 printf("Invalid hex string '%s'\n", pos);
447 len[0] = msg_len / 8;
448 if (sha1_vector(1, addr, len, hash) < 0 ||
449 os_memcmp(hash, md, 20) != 0)
459 printf("Test case failed\n");
461 printf("%d test vectors OK\n", ok);
467 int main(int argc, char *argv[])
473 printf("PRF-SHA1 test cases:\n");
475 sha1_prf(key0, sizeof(key0), "prefix", data0, sizeof(data0) - 1,
477 if (memcmp(res, prf0, sizeof(prf0)) == 0)
478 printf("Test case 0 - OK\n");
480 printf("Test case 0 - FAILED!\n");
484 sha1_prf(key1, sizeof(key1) - 1, "prefix", data1, sizeof(data1) - 1,
486 if (memcmp(res, prf1, sizeof(prf1)) == 0)
487 printf("Test case 1 - OK\n");
489 printf("Test case 1 - FAILED!\n");
493 sha1_prf(key2, sizeof(key2), "prefix", data2, sizeof(data2),
495 if (memcmp(res, prf2, sizeof(prf2)) == 0)
496 printf("Test case 2 - OK\n");
498 printf("Test case 2 - FAILED!\n");
502 ret += test_eap_fast();
504 printf("PBKDF2-SHA1 Passphrase test cases:\n");
505 for (i = 0; i < NUM_PASSPHRASE_TESTS; i++) {
507 struct passphrase_test *test = &passphrase_tests[i];
508 pbkdf2_sha1(test->passphrase,
509 (const u8 *) test->ssid, strlen(test->ssid),
511 if (memcmp(psk, test->psk, 32) == 0)
512 printf("Test case %d - OK\n", i);
514 printf("Test case %d - FAILED!\n", i);
519 printf("PBKDF2-SHA1 test cases (RFC 6070):\n");
520 for (i = 0; i < NUM_RFC6070_TESTS; i++) {
522 struct rfc6070_test *test = &rfc6070_tests[i];
523 pbkdf2_sha1(test->p, (const u8 *) test->s, strlen(test->s),
524 test->c, dk, test->dk_len);
525 if (memcmp(dk, test->dk, test->dk_len) == 0)
526 printf("Test case %d - OK\n", i);
528 printf("Test case %d - FAILED!\n", i);
533 if (cavp_shavs("CAVP/SHA1ShortMsg.rsp"))
535 if (cavp_shavs("CAVP/SHA1LongMsg.rsp"))