2 * Test program for SHA1 and MD5
3 * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 #include "crypto/crypto.h"
13 #include "crypto/md5.h"
14 #include "crypto/sha1.h"
17 static int test_eap_fast(void)
19 /* RFC 4851, Appendix B.1 */
20 const u8 pac_key[] = {
21 0x0B, 0x97, 0x39, 0x0F, 0x37, 0x51, 0x78, 0x09,
22 0x81, 0x1E, 0xFD, 0x9C, 0x6E, 0x65, 0x94, 0x2B,
23 0x63, 0x2C, 0xE9, 0x53, 0x89, 0x38, 0x08, 0xBA,
24 0x36, 0x0B, 0x03, 0x7C, 0xD1, 0x85, 0xE4, 0x14
27 0x3F, 0xFB, 0x11, 0xC4, 0x6C, 0xBF, 0xA5, 0x7A,
28 0x54, 0x40, 0xDA, 0xE8, 0x22, 0xD3, 0x11, 0xD3,
29 0xF7, 0x6D, 0xE4, 0x1D, 0xD9, 0x33, 0xE5, 0x93,
30 0x70, 0x97, 0xEB, 0xA9, 0xB3, 0x66, 0xF4, 0x2A,
31 0x00, 0x00, 0x00, 0x02, 0x6A, 0x66, 0x43, 0x2A,
32 0x8D, 0x14, 0x43, 0x2C, 0xEC, 0x58, 0x2D, 0x2F,
33 0xC7, 0x9C, 0x33, 0x64, 0xBA, 0x04, 0xAD, 0x3A,
34 0x52, 0x54, 0xD6, 0xA5, 0x79, 0xAD, 0x1E, 0x00
36 const u8 master_secret[] = {
37 0x4A, 0x1A, 0x51, 0x2C, 0x01, 0x60, 0xBC, 0x02,
38 0x3C, 0xCF, 0xBC, 0x83, 0x3F, 0x03, 0xBC, 0x64,
39 0x88, 0xC1, 0x31, 0x2F, 0x0B, 0xA9, 0xA2, 0x77,
40 0x16, 0xA8, 0xD8, 0xE8, 0xBD, 0xC9, 0xD2, 0x29,
41 0x38, 0x4B, 0x7A, 0x85, 0xBE, 0x16, 0x4D, 0x27,
42 0x33, 0xD5, 0x24, 0x79, 0x87, 0xB1, 0xC5, 0xA2
44 const u8 key_block[] = {
45 0x59, 0x59, 0xBE, 0x8E, 0x41, 0x3A, 0x77, 0x74,
46 0x8B, 0xB2, 0xE5, 0xD3, 0x60, 0xAC, 0x4D, 0x35,
47 0xDF, 0xFB, 0xC8, 0x1E, 0x9C, 0x24, 0x9C, 0x8B,
48 0x0E, 0xC3, 0x1D, 0x72, 0xC8, 0x84, 0x9D, 0x57,
49 0x48, 0x51, 0x2E, 0x45, 0x97, 0x6C, 0x88, 0x70,
50 0xBE, 0x5F, 0x01, 0xD3, 0x64, 0xE7, 0x4C, 0xBB,
51 0x11, 0x24, 0xE3, 0x49, 0xE2, 0x3B, 0xCD, 0xEF,
52 0x7A, 0xB3, 0x05, 0x39, 0x5D, 0x64, 0x8A, 0x44,
53 0x11, 0xB6, 0x69, 0x88, 0x34, 0x2E, 0x8E, 0x29,
54 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05,
55 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96,
56 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84,
57 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98,
58 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71
61 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05,
62 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96,
63 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84,
64 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98,
65 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71
68 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
69 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
70 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
71 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
74 0x16, 0x15, 0x3C, 0x3F, 0x21, 0x55, 0xEF, 0xD9,
75 0x7F, 0x34, 0xAE, 0xC8, 0x1A, 0x4E, 0x66, 0x80,
76 0x4C, 0xC3, 0x76, 0xF2, 0x8A, 0xA9, 0x6F, 0x96,
77 0xC2, 0x54, 0x5F, 0x8C, 0xAB, 0x65, 0x02, 0xE1,
78 0x18, 0x40, 0x7B, 0x56, 0xBE, 0xEA, 0xA7, 0xC5,
79 0x76, 0x5D, 0x8F, 0x0B, 0xC5, 0x07, 0xC6, 0xB9,
80 0x04, 0xD0, 0x69, 0x56, 0x72, 0x8B, 0x6B, 0xB8,
81 0x15, 0xEC, 0x57, 0x7B
84 0x4D, 0x83, 0xA9, 0xBE, 0x6F, 0x8A, 0x74, 0xED,
85 0x6A, 0x02, 0x66, 0x0A, 0x63, 0x4D, 0x2C, 0x33,
86 0xC2, 0xDA, 0x60, 0x15, 0xC6, 0x37, 0x04, 0x51,
87 0x90, 0x38, 0x63, 0xDA, 0x54, 0x3E, 0x14, 0xB9,
88 0x27, 0x99, 0x18, 0x1E, 0x07, 0xBF, 0x0F, 0x5A,
89 0x5E, 0x3C, 0x32, 0x93, 0x80, 0x8C, 0x6C, 0x49,
90 0x67, 0xED, 0x24, 0xFE, 0x45, 0x40, 0xA0, 0x59,
91 0x5E, 0x37, 0xC2, 0xE9, 0xD0, 0x5D, 0x0A, 0xE3
94 0x3A, 0xD4, 0xAB, 0xDB, 0x76, 0xB2, 0x7F, 0x3B,
95 0xEA, 0x32, 0x2C, 0x2B, 0x74, 0xF4, 0x28, 0x55,
96 0xEF, 0x2D, 0xBA, 0x78, 0xC9, 0x57, 0x2F, 0x0D,
97 0x06, 0xCD, 0x51, 0x7C, 0x20, 0x93, 0x98, 0xA9,
98 0x76, 0xEA, 0x70, 0x21, 0xD7, 0x0E, 0x25, 0x54,
99 0x97, 0xED, 0xB2, 0x8A, 0xF6, 0xED, 0xFD, 0x0A,
100 0x2A, 0xE7, 0xA1, 0x58, 0x90, 0x10, 0x50, 0x44,
101 0xB3, 0x82, 0x85, 0xDB, 0x06, 0x14, 0xD2, 0xF9
103 /* RFC 4851, Appendix B.2 */
105 0x80, 0x0C, 0x00, 0x38, 0x00, 0x01, 0x01, 0x00,
106 0xD8, 0x6A, 0x8C, 0x68, 0x3C, 0x32, 0x31, 0xA8,
107 0x56, 0x63, 0xB6, 0x40, 0x21, 0xFE, 0x21, 0x14,
108 0x4E, 0xE7, 0x54, 0x20, 0x79, 0x2D, 0x42, 0x62,
109 0xC9, 0xBF, 0x53, 0x7F, 0x54, 0xFD, 0xAC, 0x58,
110 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF,
111 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC,
112 0x05, 0xC5, 0x5B, 0xB7
114 const u8 compound_mac[] = {
115 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF,
116 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC,
117 0x05, 0xC5, 0x5B, 0xB7
120 const u8 *simck, *cmk;
123 printf("EAP-FAST test cases\n");
125 printf("- T-PRF (SHA1) test case / master_secret\n");
126 sha1_t_prf(pac_key, sizeof(pac_key), "PAC to master secret label hash",
127 seed, sizeof(seed), buf, sizeof(master_secret));
128 if (memcmp(master_secret, buf, sizeof(master_secret)) != 0) {
129 printf("T-PRF test - FAILED!\n");
133 printf("- PRF (TLS, SHA1/MD5) test case / key_block\n");
134 if (tls_prf_sha1_md5(master_secret, sizeof(master_secret),
135 "key expansion", seed, sizeof(seed),
136 buf, sizeof(key_block)) ||
137 memcmp(key_block, buf, sizeof(key_block)) != 0) {
138 printf("PRF test - FAILED!\n");
142 printf("- T-PRF (SHA1) test case / IMCK\n");
143 sha1_t_prf(sks, sizeof(sks), "Inner Methods Compound Keys",
144 isk, sizeof(isk), buf, sizeof(imck));
145 if (memcmp(imck, buf, sizeof(imck)) != 0) {
146 printf("T-PRF test - FAILED!\n");
153 printf("- T-PRF (SHA1) test case / MSK\n");
154 sha1_t_prf(simck, 40, "Session Key Generating Function",
155 (u8 *) "", 0, buf, sizeof(msk));
156 if (memcmp(msk, buf, sizeof(msk)) != 0) {
157 printf("T-PRF test - FAILED!\n");
161 printf("- T-PRF (SHA1) test case / EMSK\n");
162 sha1_t_prf(simck, 40, "Extended Session Key Generating Function",
163 (u8 *) "", 0, buf, sizeof(msk));
164 if (memcmp(emsk, buf, sizeof(emsk)) != 0) {
165 printf("T-PRF test - FAILED!\n");
169 printf("- Compound MAC test case\n");
170 memset(tlv + sizeof(tlv) - 20, 0, 20);
171 hmac_sha1(cmk, 20, tlv, sizeof(tlv), tlv + sizeof(tlv) - 20);
172 if (memcmp(tlv + sizeof(tlv) - 20, compound_mac, sizeof(compound_mac))
174 printf("Compound MAC test - FAILED!\n");
184 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
185 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
186 0x0b, 0x0b, 0x0b, 0x0b
188 static u8 data0[] = "Hi There";
191 0xbc, 0xd4, 0xc6, 0x50, 0xb3, 0x0b, 0x96, 0x84,
192 0x95, 0x18, 0x29, 0xe0, 0xd7, 0x5f, 0x9d, 0x54,
193 0xb8, 0x62, 0x17, 0x5e, 0xd9, 0xf0, 0x06, 0x06,
194 0xe1, 0x7d, 0x8d, 0xa3, 0x54, 0x02, 0xff, 0xee,
195 0x75, 0xdf, 0x78, 0xc3, 0xd3, 0x1e, 0x0f, 0x88,
196 0x9f, 0x01, 0x21, 0x20, 0xc0, 0x86, 0x2b, 0xeb,
197 0x67, 0x75, 0x3e, 0x74, 0x39, 0xae, 0x24, 0x2e,
198 0xdb, 0x83, 0x73, 0x69, 0x83, 0x56, 0xcf, 0x5a
201 static u8 key1[] = "Jefe";
202 static u8 data1[] = "what do ya want for nothing?";
205 0x51, 0xf4, 0xde, 0x5b, 0x33, 0xf2, 0x49, 0xad,
206 0xf8, 0x1a, 0xeb, 0x71, 0x3a, 0x3c, 0x20, 0xf4,
207 0xfe, 0x63, 0x14, 0x46, 0xfa, 0xbd, 0xfa, 0x58,
208 0x24, 0x47, 0x59, 0xae, 0x58, 0xef, 0x90, 0x09,
209 0xa9, 0x9a, 0xbf, 0x4e, 0xac, 0x2c, 0xa5, 0xfa,
210 0x87, 0xe6, 0x92, 0xc4, 0x40, 0xeb, 0x40, 0x02,
211 0x3e, 0x7b, 0xab, 0xb2, 0x06, 0xd6, 0x1d, 0xe7,
212 0xb9, 0x2f, 0x41, 0x52, 0x90, 0x92, 0xb8, 0xfc
218 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
219 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
220 0xaa, 0xaa, 0xaa, 0xaa
224 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
225 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
226 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
227 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
228 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
229 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
234 0xe1, 0xac, 0x54, 0x6e, 0xc4, 0xcb, 0x63, 0x6f,
235 0x99, 0x76, 0x48, 0x7b, 0xe5, 0xc8, 0x6b, 0xe1,
236 0x7a, 0x02, 0x52, 0xca, 0x5d, 0x8d, 0x8d, 0xf1,
237 0x2c, 0xfb, 0x04, 0x73, 0x52, 0x52, 0x49, 0xce,
238 0x9d, 0xd8, 0xd1, 0x77, 0xea, 0xd7, 0x10, 0xbc,
239 0x9b, 0x59, 0x05, 0x47, 0x23, 0x91, 0x07, 0xae,
240 0xf7, 0xb4, 0xab, 0xd4, 0x3d, 0x87, 0xf0, 0xa6,
241 0x8f, 0x1c, 0xbd, 0x9e, 0x2b, 0x6f, 0x76, 0x07
245 struct passphrase_test {
251 static struct passphrase_test passphrase_tests[] =
257 0xf4, 0x2c, 0x6f, 0xc5, 0x2d, 0xf0, 0xeb, 0xef,
258 0x9e, 0xbb, 0x4b, 0x90, 0xb3, 0x8a, 0x5f, 0x90,
259 0x2e, 0x83, 0xfe, 0x1b, 0x13, 0x5a, 0x70, 0xe2,
260 0x3a, 0xed, 0x76, 0x2e, 0x97, 0x10, 0xa1, 0x2e
267 0x0d, 0xc0, 0xd6, 0xeb, 0x90, 0x55, 0x5e, 0xd6,
268 0x41, 0x97, 0x56, 0xb9, 0xa1, 0x5e, 0xc3, 0xe3,
269 0x20, 0x9b, 0x63, 0xdf, 0x70, 0x7d, 0xd5, 0x08,
270 0xd1, 0x45, 0x81, 0xf8, 0x98, 0x27, 0x21, 0xaf
274 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
275 "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ",
277 0xbe, 0xcb, 0x93, 0x86, 0x6b, 0xb8, 0xc3, 0x83,
278 0x2c, 0xb7, 0x77, 0xc2, 0xf5, 0x59, 0x80, 0x7c,
279 0x8c, 0x59, 0xaf, 0xcb, 0x6e, 0xae, 0x73, 0x48,
280 0x85, 0x00, 0x13, 0x00, 0xa9, 0x81, 0xcc, 0x62
285 #define NUM_PASSPHRASE_TESTS ARRAY_SIZE(passphrase_tests)
288 struct rfc6070_test {
296 static struct rfc6070_test rfc6070_tests[] =
303 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
304 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06,
305 0x2f, 0xe0, 0x37, 0xa6
314 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c,
315 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0,
316 0xd8, 0xde, 0x89, 0x57
325 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a,
326 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0,
327 0x65, 0xa4, 0x29, 0xc1
331 #if 0 /* This takes quite long to derive.. */
337 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4,
338 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c,
339 0x26, 0x34, 0xe9, 0x84
345 "passwordPASSWORDpassword",
346 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
349 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b,
350 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a,
351 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70,
356 #if 0 /* \0 not currently supported in passphrase parameters.. */
362 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d,
363 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3
370 #define NUM_RFC6070_TESTS ARRAY_SIZE(rfc6070_tests)
373 int main(int argc, char *argv[])
379 printf("PRF-SHA1 test cases:\n");
381 sha1_prf(key0, sizeof(key0), "prefix", data0, sizeof(data0) - 1,
383 if (memcmp(res, prf0, sizeof(prf0)) == 0)
384 printf("Test case 0 - OK\n");
386 printf("Test case 0 - FAILED!\n");
390 sha1_prf(key1, sizeof(key1) - 1, "prefix", data1, sizeof(data1) - 1,
392 if (memcmp(res, prf1, sizeof(prf1)) == 0)
393 printf("Test case 1 - OK\n");
395 printf("Test case 1 - FAILED!\n");
399 sha1_prf(key2, sizeof(key2), "prefix", data2, sizeof(data2),
401 if (memcmp(res, prf2, sizeof(prf2)) == 0)
402 printf("Test case 2 - OK\n");
404 printf("Test case 2 - FAILED!\n");
408 ret += test_eap_fast();
410 printf("PBKDF2-SHA1 Passphrase test cases:\n");
411 for (i = 0; i < NUM_PASSPHRASE_TESTS; i++) {
413 struct passphrase_test *test = &passphrase_tests[i];
414 pbkdf2_sha1(test->passphrase,
415 test->ssid, strlen(test->ssid),
417 if (memcmp(psk, test->psk, 32) == 0)
418 printf("Test case %d - OK\n", i);
420 printf("Test case %d - FAILED!\n", i);
425 printf("PBKDF2-SHA1 test cases (RFC 6070):\n");
426 for (i = 0; i < NUM_RFC6070_TESTS; i++) {
428 struct rfc6070_test *test = &rfc6070_tests[i];
429 pbkdf2_sha1(test->p, test->s, strlen(test->s), test->c,
431 if (memcmp(dk, test->dk, test->dk_len) == 0)
432 printf("Test case %d - OK\n", i);
434 printf("Test case %d - FAILED!\n", i);