3 * Copyright (c) 2014-2015, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
9 #include "utils/includes.h"
11 #include "utils/common.h"
12 #include "utils/module_tests.h"
13 #include "crypto/aes_siv.h"
14 #include "crypto/aes_wrap.h"
15 #include "crypto/aes.h"
16 #include "crypto/ms_funcs.h"
17 #include "crypto/crypto.h"
18 #include "crypto/sha1.h"
19 #include "crypto/sha256.h"
22 static int test_siv(void)
25 /* RFC 5297, A.1. Deterministic Authenticated Encryption Example */
27 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
28 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
29 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
30 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
33 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
34 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
35 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27
38 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
39 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee
42 0x85, 0x63, 0x2d, 0x07, 0xc6, 0xe8, 0xf3, 0x7f,
43 0x95, 0x0a, 0xcd, 0x32, 0x0a, 0x2e, 0xcc, 0x93,
44 0x40, 0xc0, 0x2b, 0x96, 0x90, 0xc4, 0xdc, 0x04,
45 0xda, 0xef, 0x7f, 0x6a, 0xfe, 0x5c
47 /* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */
49 0x7f, 0x7e, 0x7d, 0x7c, 0x7b, 0x7a, 0x79, 0x78,
50 0x77, 0x76, 0x75, 0x74, 0x73, 0x72, 0x71, 0x70,
51 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
52 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
55 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
56 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
57 0xde, 0xad, 0xda, 0xda, 0xde, 0xad, 0xda, 0xda,
58 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
59 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00
62 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80,
66 0x09, 0xf9, 0x11, 0x02, 0x9d, 0x74, 0xe3, 0x5b,
67 0xd8, 0x41, 0x56, 0xc5, 0x63, 0x56, 0x88, 0xc0
70 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
71 0x73, 0x6f, 0x6d, 0x65, 0x20, 0x70, 0x6c, 0x61,
72 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x20, 0x74,
73 0x6f, 0x20, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70,
74 0x74, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x20,
75 0x53, 0x49, 0x56, 0x2d, 0x41, 0x45, 0x53
78 0x7b, 0xdb, 0x6e, 0x3b, 0x43, 0x26, 0x67, 0xeb,
79 0x06, 0xf4, 0xd1, 0x4b, 0xff, 0x2f, 0xbd, 0x0f,
80 0xcb, 0x90, 0x0f, 0x2f, 0xdd, 0xbe, 0x40, 0x43,
81 0x26, 0x60, 0x19, 0x65, 0xc8, 0x89, 0xbf, 0x17,
82 0xdb, 0xa7, 0x7c, 0xeb, 0x09, 0x4f, 0xa6, 0x63,
83 0xb7, 0xa3, 0xf7, 0x48, 0xba, 0x8a, 0xf8, 0x29,
84 0xea, 0x64, 0xad, 0x54, 0x4a, 0x27, 0x2e, 0x9c,
85 0x48, 0x5b, 0x62, 0xa3, 0xfd, 0x5c, 0x0d
87 u8 out[2 * AES_BLOCK_SIZE + sizeof(plaintext_2)];
91 /* RFC 5297, A.1. Deterministic Authenticated Encryption Example */
95 if (aes_siv_encrypt(key, plaintext, sizeof(plaintext),
97 wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed");
100 if (os_memcmp(out, iv_c, sizeof(iv_c)) != 0) {
101 wpa_printf(MSG_ERROR,
102 "AES-SIV mode encryption returned invalid cipher text");
106 if (aes_siv_decrypt(key, iv_c, sizeof(iv_c), 1, addr, len, out)) {
107 wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed");
110 if (os_memcmp(out, plaintext, sizeof(plaintext)) != 0) {
111 wpa_printf(MSG_ERROR,
112 "AES-SIV mode decryption returned invalid plain text");
116 /* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */
118 len[0] = sizeof(ad1_2);
120 len[1] = sizeof(ad2_2);
122 len[2] = sizeof(nonce_2);
124 if (aes_siv_encrypt(key_2, plaintext_2, sizeof(plaintext_2),
125 3, addr, len, out)) {
126 wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed");
129 if (os_memcmp(out, iv_c_2, sizeof(iv_c_2)) != 0) {
130 wpa_printf(MSG_ERROR,
131 "AES-SIV mode encryption returned invalid cipher text");
135 if (aes_siv_decrypt(key_2, iv_c_2, sizeof(iv_c_2), 3, addr, len, out)) {
136 wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed");
139 if (os_memcmp(out, plaintext_2, sizeof(plaintext_2)) != 0) {
140 wpa_printf(MSG_ERROR,
141 "AES-SIV mode decryption returned invalid plain text");
145 wpa_printf(MSG_INFO, "AES-SIV test cases passed");
146 #endif /* CONFIG_MESH */
152 /* OMAC1 AES-128 test vectors from
153 * http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/omac/omac-ad.pdf
154 * which are same as the examples from NIST SP800-38B
155 * http://csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf
158 struct omac1_test_vector {
165 static const struct omac1_test_vector omac1_test_vectors[] =
168 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
169 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
172 { 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
173 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 }
176 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
177 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
178 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
179 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a},
181 { 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
182 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c }
185 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
186 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
187 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
188 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
189 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
190 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
191 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11 },
193 { 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
194 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 }
197 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
198 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
199 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
200 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
201 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
202 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
203 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
204 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
205 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
206 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 },
208 { 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
209 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe }
214 static int test_omac1_vector(const struct omac1_test_vector *tv,
218 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
219 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
221 u8 msg[] = { 0x12, 0x34, 0x56 };
222 u8 result[24], result2[24];
226 if (omac1_aes_128(tv->k, tv->msg, tv->msg_len, result) ||
227 os_memcmp(result, tv->tag, 16) != 0) {
228 wpa_printf(MSG_ERROR, "OMAC1-AES-128 test vector %u failed", i);
232 if (tv->msg_len > 1) {
236 addr[1] = tv->msg + 1;
237 len[1] = tv->msg_len - 1;
239 if (omac1_aes_128_vector(tv->k, 2, addr, len, result) ||
240 os_memcmp(result, tv->tag, 16) != 0) {
241 wpa_printf(MSG_ERROR,
242 "OMAC1-AES-128(vector) test vector %u failed",
248 len[0] = tv->msg_len - 2;
249 addr[1] = tv->msg + tv->msg_len - 2;
251 addr[2] = tv->msg + tv->msg_len - 1;
254 if (omac1_aes_128_vector(tv->k, 3, addr, len, result) ||
255 os_memcmp(result, tv->tag, 16) != 0) {
256 wpa_printf(MSG_ERROR,
257 "OMAC1-AES-128(vector2) test vector %u failed",
269 if (omac1_aes_128(key, msg, sizeof(msg), result) ||
270 omac1_aes_128_vector(key, 3, addr, len, result2) ||
271 os_memcmp(result, result2, 16) != 0) {
272 wpa_printf(MSG_ERROR, "OMAC1-AES-128 short test mismatch");
280 static int test_omac1(void)
284 for (i = 0; i < ARRAY_SIZE(omac1_test_vectors); i++) {
285 if (test_omac1_vector(&omac1_test_vectors[i], i))
289 wpa_printf(MSG_INFO, "OMAC1-AES-128 test cases passed");
295 static int test_eax(void)
298 u8 msg[] = { 0xF7, 0xFB };
299 u8 key[] = { 0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B,
300 0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4 };
301 u8 nonce[] = { 0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84,
302 0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD };
303 u8 hdr[] = { 0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA };
304 u8 cipher[] = { 0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D,
305 0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79,
307 u8 data[sizeof(msg)], tag[AES_BLOCK_SIZE];
309 os_memcpy(data, msg, sizeof(msg));
310 if (aes_128_eax_encrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
311 data, sizeof(data), tag)) {
312 wpa_printf(MSG_ERROR, "AES-128 EAX mode encryption failed");
315 if (os_memcmp(data, cipher, sizeof(data)) != 0) {
316 wpa_printf(MSG_ERROR,
317 "AES-128 EAX mode encryption returned invalid cipher text");
320 if (os_memcmp(tag, cipher + sizeof(data), AES_BLOCK_SIZE) != 0) {
321 wpa_printf(MSG_ERROR,
322 "AES-128 EAX mode encryption returned invalid tag");
326 if (aes_128_eax_decrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
327 data, sizeof(data), tag)) {
328 wpa_printf(MSG_ERROR, "AES-128 EAX mode decryption failed");
331 if (os_memcmp(data, msg, sizeof(data)) != 0) {
332 wpa_printf(MSG_ERROR,
333 "AES-128 EAX mode decryption returned invalid plain text");
337 wpa_printf(MSG_INFO, "AES-128 EAX mode test cases passed");
344 static int test_cbc(void)
346 struct cbc_test_vector {
354 { 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b,
355 0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 },
356 { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30,
357 0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 },
359 { 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8,
360 0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a },
364 { 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0,
365 0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a },
366 { 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28,
367 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 },
368 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
369 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
370 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
371 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
372 { 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a,
373 0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a,
374 0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9,
375 0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 },
383 for (i = 0; i < ARRAY_SIZE(vectors); i++) {
384 struct cbc_test_vector *tv = &vectors[i];
386 buf = os_malloc(tv->len);
392 os_memcpy(buf, tv->plain, tv->len);
393 if (aes_128_cbc_encrypt(tv->key, tv->iv, buf, tv->len) ||
394 os_memcmp(buf, tv->cipher, tv->len) != 0) {
395 wpa_printf(MSG_ERROR, "AES-CBC encrypt %d failed", i);
399 os_memcpy(buf, tv->cipher, tv->len);
400 if (aes_128_cbc_decrypt(tv->key, tv->iv, buf, tv->len) ||
401 os_memcmp(buf, tv->plain, tv->len) != 0) {
402 wpa_printf(MSG_ERROR, "AES-CBC decrypt %d failed", i);
413 static int test_ecb(void)
416 struct ecb_test_vector {
421 /* CAVS 11.1 - ECBGFSbox128.rsp */
423 "00000000000000000000000000000000",
424 "f34481ec3cc627bacd5dc3fb08f273e6",
425 "0336763e966d92595a567cc9ce537f5e"
428 "00000000000000000000000000000000",
429 "9798c4640bad75c7c3227db910174e72",
430 "a9a1631bf4996954ebc093957b234589"
433 "00000000000000000000000000000000",
434 "96ab5c2ff612d9dfaae8c31f30c42168",
435 "ff4f8391a6a40ca5b25d23bedd44a597"
438 "00000000000000000000000000000000",
439 "6a118a874519e64e9963798a503f1d35",
440 "dc43be40be0e53712f7e2bf5ca707209"
443 "00000000000000000000000000000000",
444 "cb9fceec81286ca3e989bd979b0cb284",
445 "92beedab1895a94faa69b632e5cc47ce"
448 "00000000000000000000000000000000",
449 "b26aeb1874e47ca8358ff22378f09144",
450 "459264f4798f6a78bacb89c15ed3d601"
453 "00000000000000000000000000000000",
454 "58c8e00b2631686d54eab84b91f0aca1",
455 "08a4e2efec8a8e3312ca7460b9040bbf"
457 /* CAVS 11.1 - ECBKeySbox128.rsp */
459 "10a58869d74be5a374cf867cfb473859",
460 "00000000000000000000000000000000",
461 "6d251e6944b051e04eaa6fb4dbf78465"
464 "caea65cdbb75e9169ecd22ebe6e54675",
465 "00000000000000000000000000000000",
466 "6e29201190152df4ee058139def610bb",
471 u8 key[16], plain[16], cipher[16], out[16];
473 for (i = 0; i < ARRAY_SIZE(vectors); i++) {
474 struct ecb_test_vector *tv = &vectors[i];
476 if (hexstr2bin(tv->key, key, sizeof(key)) ||
477 hexstr2bin(tv->plaintext, plain, sizeof(plain)) ||
478 hexstr2bin(tv->ciphertext, cipher, sizeof(cipher))) {
479 wpa_printf(MSG_ERROR, "Invalid AES-ECB test vector %u",
485 if (aes_128_encrypt_block(key, plain, out) < 0 ||
486 os_memcmp(out, cipher, 16) != 0) {
487 wpa_printf(MSG_ERROR, "AES-ECB encrypt %u failed", i);
493 wpa_printf(MSG_INFO, "AES ECB mode test cases passed");
502 static int test_key_wrap(void)
506 /* RFC 3394 - Test vector 4.1 */
508 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
509 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
512 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
513 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
516 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
517 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
518 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5
520 #ifndef CONFIG_BORINGSSL
521 /* RFC 3394 - Test vector 4.2 */
523 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
524 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
525 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
528 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
529 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
532 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35,
533 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2,
534 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D
536 #endif /* CONFIG_BORINGSSL */
537 /* RFC 3394 - Test vector 4.3 */
539 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
540 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
541 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
542 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
545 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
546 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
549 0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2,
550 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A,
551 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7,
553 #ifndef CONFIG_BORINGSSL
554 /* RFC 3394 - Test vector 4.4 */
556 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
557 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
558 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
561 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
562 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
563 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
566 0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32,
567 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC,
568 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93,
569 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2
571 #endif /* CONFIG_BORINGSSL */
572 /* RFC 3394 - Test vector 4.5 */
574 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
575 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
576 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
577 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
580 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
581 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
582 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
585 0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F,
586 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4,
587 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95,
588 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1,
590 /* RFC 3394 - Test vector 4.6 */
592 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
593 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
594 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
595 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
598 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
599 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
600 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
601 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
604 0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4,
605 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26,
606 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26,
607 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B,
608 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21
612 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.1");
613 if (aes_wrap(kek41, sizeof(kek41), sizeof(plain41) / 8, plain41,
615 wpa_printf(MSG_ERROR, "AES-WRAP-128 reported failure");
618 if (os_memcmp(result, crypt41, sizeof(crypt41)) != 0) {
619 wpa_printf(MSG_ERROR, "AES-WRAP-128 failed");
622 if (aes_unwrap(kek41, sizeof(kek41), sizeof(plain41) / 8, crypt41,
624 wpa_printf(MSG_ERROR, "AES-UNWRAP-128 reported failure");
627 if (os_memcmp(result, plain41, sizeof(plain41)) != 0) {
628 wpa_printf(MSG_ERROR, "AES-UNWRAP-128 failed");
632 #ifndef CONFIG_BORINGSSL
633 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.2");
634 if (aes_wrap(kek42, sizeof(kek42), sizeof(plain42) / 8, plain42,
636 wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure");
639 if (os_memcmp(result, crypt42, sizeof(crypt42)) != 0) {
640 wpa_printf(MSG_ERROR, "AES-WRAP-192 failed");
643 if (aes_unwrap(kek42, sizeof(kek42), sizeof(plain42) / 8, crypt42,
645 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure");
648 if (os_memcmp(result, plain42, sizeof(plain42)) != 0) {
649 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed");
652 #endif /* CONFIG_BORINGSSL */
654 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.3");
655 if (aes_wrap(kek43, sizeof(kek43), sizeof(plain43) / 8, plain43,
657 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure");
660 if (os_memcmp(result, crypt43, sizeof(crypt43)) != 0) {
661 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed");
664 if (aes_unwrap(kek43, sizeof(kek43), sizeof(plain43) / 8, crypt43,
666 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure");
669 if (os_memcmp(result, plain43, sizeof(plain43)) != 0) {
670 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed");
674 #ifndef CONFIG_BORINGSSL
675 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.4");
676 if (aes_wrap(kek44, sizeof(kek44), sizeof(plain44) / 8, plain44,
678 wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure");
681 if (os_memcmp(result, crypt44, sizeof(crypt44)) != 0) {
682 wpa_printf(MSG_ERROR, "AES-WRAP-192 failed");
685 if (aes_unwrap(kek44, sizeof(kek44), sizeof(plain44) / 8, crypt44,
687 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure");
690 if (os_memcmp(result, plain44, sizeof(plain44)) != 0) {
691 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed");
694 #endif /* CONFIG_BORINGSSL */
696 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.5");
697 if (aes_wrap(kek45, sizeof(kek45), sizeof(plain45) / 8, plain45,
699 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure");
702 if (os_memcmp(result, crypt45, sizeof(crypt45)) != 0) {
703 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed");
706 if (aes_unwrap(kek45, sizeof(kek45), sizeof(plain45) / 8, crypt45,
708 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure");
711 if (os_memcmp(result, plain45, sizeof(plain45)) != 0) {
712 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed");
716 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.6");
717 if (aes_wrap(kek46, sizeof(kek46), sizeof(plain46) / 8, plain46,
719 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure");
722 if (os_memcmp(result, crypt46, sizeof(crypt46)) != 0) {
723 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed");
726 if (aes_unwrap(kek46, sizeof(kek46), sizeof(plain46) / 8, crypt46,
728 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure");
731 if (os_memcmp(result, plain46, sizeof(plain46)) != 0) {
732 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed");
737 wpa_printf(MSG_INFO, "AES key wrap/unwrap test cases passed");
743 static int test_md5(void)
752 "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04"
753 "\xe9\x80\x09\x98\xec\xf8\x42\x7e"
757 "\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8"
758 "\x31\xc3\x99\xe2\x69\x77\x26\x61"
762 "\x90\x01\x50\x98\x3c\xd2\x4f\xb0"
763 "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72"
767 "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d"
768 "\x52\x5a\x2f\x31\xaa\xf1\x61\xd0"
771 "abcdefghijklmnopqrstuvwxyz",
772 "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00"
773 "\x7d\xfb\x49\x6c\xca\x67\xe1\x3b"
776 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
778 "\xd1\x74\xab\x98\xd2\x77\xd9\xf5"
779 "\xa5\x61\x1c\x2c\x9f\x41\x9d\x9f"
782 "12345678901234567890123456789012345678901234567890"
783 "123456789012345678901234567890",
784 "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55"
785 "\xac\x49\xda\x2e\x21\x07\xb6\x7a"
794 for (i = 0; i < ARRAY_SIZE(tests); i++) {
795 wpa_printf(MSG_INFO, "MD5 test case %d", i);
797 addr[0] = (u8 *) tests[i].data;
798 len[0] = strlen(tests[i].data);
799 if (md5_vector(1, addr, len, hash) < 0 ||
800 os_memcmp(hash, tests[i].hash, 16) != 0) {
801 wpa_printf(MSG_INFO, " FAIL");
804 wpa_printf(MSG_INFO, " OK");
807 addr[0] = (u8 *) tests[i].data;
808 len[0] = strlen(tests[i].data);
809 addr[1] = (u8 *) tests[i].data + 1;
810 len[1] = strlen(tests[i].data) - 1;
811 if (md5_vector(1, addr, len, hash) < 0 ||
812 os_memcmp(hash, tests[i].hash, 16) != 0) {
813 wpa_printf(MSG_INFO, " FAIL");
816 wpa_printf(MSG_INFO, " OK");
821 wpa_printf(MSG_INFO, "MD5 test cases passed");
824 #else /* CONFIG_FIPS */
825 wpa_printf(MSG_INFO, "MD5 test cases skipped due to CONFIG_FIPS");
827 #endif /* CONFIG_FIPS */
831 static int test_eap_fast(void)
834 /* RFC 4851, Appendix B.1 */
835 const u8 pac_key[] = {
836 0x0B, 0x97, 0x39, 0x0F, 0x37, 0x51, 0x78, 0x09,
837 0x81, 0x1E, 0xFD, 0x9C, 0x6E, 0x65, 0x94, 0x2B,
838 0x63, 0x2C, 0xE9, 0x53, 0x89, 0x38, 0x08, 0xBA,
839 0x36, 0x0B, 0x03, 0x7C, 0xD1, 0x85, 0xE4, 0x14
842 0x3F, 0xFB, 0x11, 0xC4, 0x6C, 0xBF, 0xA5, 0x7A,
843 0x54, 0x40, 0xDA, 0xE8, 0x22, 0xD3, 0x11, 0xD3,
844 0xF7, 0x6D, 0xE4, 0x1D, 0xD9, 0x33, 0xE5, 0x93,
845 0x70, 0x97, 0xEB, 0xA9, 0xB3, 0x66, 0xF4, 0x2A,
846 0x00, 0x00, 0x00, 0x02, 0x6A, 0x66, 0x43, 0x2A,
847 0x8D, 0x14, 0x43, 0x2C, 0xEC, 0x58, 0x2D, 0x2F,
848 0xC7, 0x9C, 0x33, 0x64, 0xBA, 0x04, 0xAD, 0x3A,
849 0x52, 0x54, 0xD6, 0xA5, 0x79, 0xAD, 0x1E, 0x00
851 const u8 master_secret[] = {
852 0x4A, 0x1A, 0x51, 0x2C, 0x01, 0x60, 0xBC, 0x02,
853 0x3C, 0xCF, 0xBC, 0x83, 0x3F, 0x03, 0xBC, 0x64,
854 0x88, 0xC1, 0x31, 0x2F, 0x0B, 0xA9, 0xA2, 0x77,
855 0x16, 0xA8, 0xD8, 0xE8, 0xBD, 0xC9, 0xD2, 0x29,
856 0x38, 0x4B, 0x7A, 0x85, 0xBE, 0x16, 0x4D, 0x27,
857 0x33, 0xD5, 0x24, 0x79, 0x87, 0xB1, 0xC5, 0xA2
860 const u8 key_block[] = {
861 0x59, 0x59, 0xBE, 0x8E, 0x41, 0x3A, 0x77, 0x74,
862 0x8B, 0xB2, 0xE5, 0xD3, 0x60, 0xAC, 0x4D, 0x35,
863 0xDF, 0xFB, 0xC8, 0x1E, 0x9C, 0x24, 0x9C, 0x8B,
864 0x0E, 0xC3, 0x1D, 0x72, 0xC8, 0x84, 0x9D, 0x57,
865 0x48, 0x51, 0x2E, 0x45, 0x97, 0x6C, 0x88, 0x70,
866 0xBE, 0x5F, 0x01, 0xD3, 0x64, 0xE7, 0x4C, 0xBB,
867 0x11, 0x24, 0xE3, 0x49, 0xE2, 0x3B, 0xCD, 0xEF,
868 0x7A, 0xB3, 0x05, 0x39, 0x5D, 0x64, 0x8A, 0x44,
869 0x11, 0xB6, 0x69, 0x88, 0x34, 0x2E, 0x8E, 0x29,
870 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05,
871 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96,
872 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84,
873 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98,
874 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71
876 #endif /* CONFIG_FIPS */
878 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05,
879 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96,
880 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84,
881 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98,
882 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71
885 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
886 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
887 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
888 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
891 0x16, 0x15, 0x3C, 0x3F, 0x21, 0x55, 0xEF, 0xD9,
892 0x7F, 0x34, 0xAE, 0xC8, 0x1A, 0x4E, 0x66, 0x80,
893 0x4C, 0xC3, 0x76, 0xF2, 0x8A, 0xA9, 0x6F, 0x96,
894 0xC2, 0x54, 0x5F, 0x8C, 0xAB, 0x65, 0x02, 0xE1,
895 0x18, 0x40, 0x7B, 0x56, 0xBE, 0xEA, 0xA7, 0xC5,
896 0x76, 0x5D, 0x8F, 0x0B, 0xC5, 0x07, 0xC6, 0xB9,
897 0x04, 0xD0, 0x69, 0x56, 0x72, 0x8B, 0x6B, 0xB8,
898 0x15, 0xEC, 0x57, 0x7B
901 0x4D, 0x83, 0xA9, 0xBE, 0x6F, 0x8A, 0x74, 0xED,
902 0x6A, 0x02, 0x66, 0x0A, 0x63, 0x4D, 0x2C, 0x33,
903 0xC2, 0xDA, 0x60, 0x15, 0xC6, 0x37, 0x04, 0x51,
904 0x90, 0x38, 0x63, 0xDA, 0x54, 0x3E, 0x14, 0xB9,
905 0x27, 0x99, 0x18, 0x1E, 0x07, 0xBF, 0x0F, 0x5A,
906 0x5E, 0x3C, 0x32, 0x93, 0x80, 0x8C, 0x6C, 0x49,
907 0x67, 0xED, 0x24, 0xFE, 0x45, 0x40, 0xA0, 0x59,
908 0x5E, 0x37, 0xC2, 0xE9, 0xD0, 0x5D, 0x0A, 0xE3
911 0x3A, 0xD4, 0xAB, 0xDB, 0x76, 0xB2, 0x7F, 0x3B,
912 0xEA, 0x32, 0x2C, 0x2B, 0x74, 0xF4, 0x28, 0x55,
913 0xEF, 0x2D, 0xBA, 0x78, 0xC9, 0x57, 0x2F, 0x0D,
914 0x06, 0xCD, 0x51, 0x7C, 0x20, 0x93, 0x98, 0xA9,
915 0x76, 0xEA, 0x70, 0x21, 0xD7, 0x0E, 0x25, 0x54,
916 0x97, 0xED, 0xB2, 0x8A, 0xF6, 0xED, 0xFD, 0x0A,
917 0x2A, 0xE7, 0xA1, 0x58, 0x90, 0x10, 0x50, 0x44,
918 0xB3, 0x82, 0x85, 0xDB, 0x06, 0x14, 0xD2, 0xF9
920 /* RFC 4851, Appendix B.2 */
922 0x80, 0x0C, 0x00, 0x38, 0x00, 0x01, 0x01, 0x00,
923 0xD8, 0x6A, 0x8C, 0x68, 0x3C, 0x32, 0x31, 0xA8,
924 0x56, 0x63, 0xB6, 0x40, 0x21, 0xFE, 0x21, 0x14,
925 0x4E, 0xE7, 0x54, 0x20, 0x79, 0x2D, 0x42, 0x62,
926 0xC9, 0xBF, 0x53, 0x7F, 0x54, 0xFD, 0xAC, 0x58,
927 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF,
928 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC,
929 0x05, 0xC5, 0x5B, 0xB7
931 const u8 compound_mac[] = {
932 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF,
933 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC,
934 0x05, 0xC5, 0x5B, 0xB7
937 const u8 *simck, *cmk;
940 wpa_printf(MSG_INFO, "EAP-FAST test cases");
942 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / master_secret");
943 if (sha1_t_prf(pac_key, sizeof(pac_key),
944 "PAC to master secret label hash",
945 seed, sizeof(seed), buf, sizeof(master_secret)) < 0 ||
946 os_memcmp(master_secret, buf, sizeof(master_secret)) != 0) {
947 wpa_printf(MSG_INFO, "T-PRF test - FAILED!");
952 wpa_printf(MSG_INFO, "- PRF (TLS, SHA1/MD5) test case / key_block");
953 if (tls_prf_sha1_md5(master_secret, sizeof(master_secret),
954 "key expansion", seed, sizeof(seed),
955 buf, sizeof(key_block)) ||
956 os_memcmp(key_block, buf, sizeof(key_block)) != 0) {
957 wpa_printf(MSG_INFO, "PRF test - FAILED!");
960 #endif /* CONFIG_FIPS */
962 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / IMCK");
963 if (sha1_t_prf(sks, sizeof(sks), "Inner Methods Compound Keys",
964 isk, sizeof(isk), buf, sizeof(imck)) < 0 ||
965 os_memcmp(imck, buf, sizeof(imck)) != 0) {
966 wpa_printf(MSG_INFO, "T-PRF test - FAILED!");
973 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / MSK");
974 if (sha1_t_prf(simck, 40, "Session Key Generating Function",
975 (u8 *) "", 0, buf, sizeof(msk)) < 0 ||
976 os_memcmp(msk, buf, sizeof(msk)) != 0) {
977 wpa_printf(MSG_INFO, "T-PRF test - FAILED!");
981 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / EMSK");
982 if (sha1_t_prf(simck, 40, "Extended Session Key Generating Function",
983 (u8 *) "", 0, buf, sizeof(msk)) < 0 ||
984 os_memcmp(emsk, buf, sizeof(emsk)) != 0) {
985 wpa_printf(MSG_INFO, "T-PRF test - FAILED!");
989 wpa_printf(MSG_INFO, "- Compound MAC test case");
990 os_memset(tlv + sizeof(tlv) - 20, 0, 20);
991 if (hmac_sha1(cmk, 20, tlv, sizeof(tlv), tlv + sizeof(tlv) - 20) < 0 ||
992 os_memcmp(tlv + sizeof(tlv) - 20, compound_mac,
993 sizeof(compound_mac)) != 0) {
994 wpa_printf(MSG_INFO, "Compound MAC test - FAILED!");
1001 #endif /* EAP_FAST */
1005 static const u8 key0[] =
1007 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1008 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1009 0x0b, 0x0b, 0x0b, 0x0b
1011 static const u8 data0[] = "Hi There";
1012 static const u8 prf0[] =
1014 0xbc, 0xd4, 0xc6, 0x50, 0xb3, 0x0b, 0x96, 0x84,
1015 0x95, 0x18, 0x29, 0xe0, 0xd7, 0x5f, 0x9d, 0x54,
1016 0xb8, 0x62, 0x17, 0x5e, 0xd9, 0xf0, 0x06, 0x06,
1017 0xe1, 0x7d, 0x8d, 0xa3, 0x54, 0x02, 0xff, 0xee,
1018 0x75, 0xdf, 0x78, 0xc3, 0xd3, 0x1e, 0x0f, 0x88,
1019 0x9f, 0x01, 0x21, 0x20, 0xc0, 0x86, 0x2b, 0xeb,
1020 0x67, 0x75, 0x3e, 0x74, 0x39, 0xae, 0x24, 0x2e,
1021 0xdb, 0x83, 0x73, 0x69, 0x83, 0x56, 0xcf, 0x5a
1024 static const u8 key1[] = "Jefe";
1025 static const u8 data1[] = "what do ya want for nothing?";
1026 static const u8 prf1[] =
1028 0x51, 0xf4, 0xde, 0x5b, 0x33, 0xf2, 0x49, 0xad,
1029 0xf8, 0x1a, 0xeb, 0x71, 0x3a, 0x3c, 0x20, 0xf4,
1030 0xfe, 0x63, 0x14, 0x46, 0xfa, 0xbd, 0xfa, 0x58,
1031 0x24, 0x47, 0x59, 0xae, 0x58, 0xef, 0x90, 0x09,
1032 0xa9, 0x9a, 0xbf, 0x4e, 0xac, 0x2c, 0xa5, 0xfa,
1033 0x87, 0xe6, 0x92, 0xc4, 0x40, 0xeb, 0x40, 0x02,
1034 0x3e, 0x7b, 0xab, 0xb2, 0x06, 0xd6, 0x1d, 0xe7,
1035 0xb9, 0x2f, 0x41, 0x52, 0x90, 0x92, 0xb8, 0xfc
1039 static const u8 key2[] =
1041 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1042 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1043 0xaa, 0xaa, 0xaa, 0xaa
1045 static const u8 data2[] =
1047 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1048 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1049 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1050 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1051 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1052 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1055 static const u8 prf2[] =
1057 0xe1, 0xac, 0x54, 0x6e, 0xc4, 0xcb, 0x63, 0x6f,
1058 0x99, 0x76, 0x48, 0x7b, 0xe5, 0xc8, 0x6b, 0xe1,
1059 0x7a, 0x02, 0x52, 0xca, 0x5d, 0x8d, 0x8d, 0xf1,
1060 0x2c, 0xfb, 0x04, 0x73, 0x52, 0x52, 0x49, 0xce,
1061 0x9d, 0xd8, 0xd1, 0x77, 0xea, 0xd7, 0x10, 0xbc,
1062 0x9b, 0x59, 0x05, 0x47, 0x23, 0x91, 0x07, 0xae,
1063 0xf7, 0xb4, 0xab, 0xd4, 0x3d, 0x87, 0xf0, 0xa6,
1064 0x8f, 0x1c, 0xbd, 0x9e, 0x2b, 0x6f, 0x76, 0x07
1068 struct passphrase_test {
1074 static const struct passphrase_test passphrase_tests[] =
1080 0xf4, 0x2c, 0x6f, 0xc5, 0x2d, 0xf0, 0xeb, 0xef,
1081 0x9e, 0xbb, 0x4b, 0x90, 0xb3, 0x8a, 0x5f, 0x90,
1082 0x2e, 0x83, 0xfe, 0x1b, 0x13, 0x5a, 0x70, 0xe2,
1083 0x3a, 0xed, 0x76, 0x2e, 0x97, 0x10, 0xa1, 0x2e
1090 0x0d, 0xc0, 0xd6, 0xeb, 0x90, 0x55, 0x5e, 0xd6,
1091 0x41, 0x97, 0x56, 0xb9, 0xa1, 0x5e, 0xc3, 0xe3,
1092 0x20, 0x9b, 0x63, 0xdf, 0x70, 0x7d, 0xd5, 0x08,
1093 0xd1, 0x45, 0x81, 0xf8, 0x98, 0x27, 0x21, 0xaf
1097 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
1098 "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ",
1100 0xbe, 0xcb, 0x93, 0x86, 0x6b, 0xb8, 0xc3, 0x83,
1101 0x2c, 0xb7, 0x77, 0xc2, 0xf5, 0x59, 0x80, 0x7c,
1102 0x8c, 0x59, 0xaf, 0xcb, 0x6e, 0xae, 0x73, 0x48,
1103 0x85, 0x00, 0x13, 0x00, 0xa9, 0x81, 0xcc, 0x62
1108 #define NUM_PASSPHRASE_TESTS ARRAY_SIZE(passphrase_tests)
1111 struct rfc6070_test {
1119 static const struct rfc6070_test rfc6070_tests[] =
1126 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
1127 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06,
1128 0x2f, 0xe0, 0x37, 0xa6
1137 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c,
1138 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0,
1139 0xd8, 0xde, 0x89, 0x57
1148 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a,
1149 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0,
1150 0x65, 0xa4, 0x29, 0xc1
1154 #if 0 /* This takes quite long to derive.. */
1160 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4,
1161 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c,
1162 0x26, 0x34, 0xe9, 0x84
1168 "passwordPASSWORDpassword",
1169 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
1172 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b,
1173 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a,
1174 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70,
1179 #if 0 /* \0 not currently supported in passphrase parameters.. */
1185 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d,
1186 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3
1193 #define NUM_RFC6070_TESTS ARRAY_SIZE(rfc6070_tests)
1196 static int test_sha1(void)
1202 wpa_printf(MSG_INFO, "PRF-SHA1 test cases:");
1204 if (sha1_prf(key0, sizeof(key0), "prefix", data0, sizeof(data0) - 1,
1205 res, sizeof(prf0)) == 0 &&
1206 os_memcmp(res, prf0, sizeof(prf0)) == 0)
1207 wpa_printf(MSG_INFO, "Test case 0 - OK");
1209 wpa_printf(MSG_INFO, "Test case 0 - FAILED!");
1213 if (sha1_prf(key1, sizeof(key1) - 1, "prefix", data1, sizeof(data1) - 1,
1214 res, sizeof(prf1)) == 0 &&
1215 os_memcmp(res, prf1, sizeof(prf1)) == 0)
1216 wpa_printf(MSG_INFO, "Test case 1 - OK");
1218 wpa_printf(MSG_INFO, "Test case 1 - FAILED!");
1222 if (sha1_prf(key2, sizeof(key2), "prefix", data2, sizeof(data2),
1223 res, sizeof(prf2)) == 0 &&
1224 os_memcmp(res, prf2, sizeof(prf2)) == 0)
1225 wpa_printf(MSG_INFO, "Test case 2 - OK");
1227 wpa_printf(MSG_INFO, "Test case 2 - FAILED!");
1231 ret += test_eap_fast();
1233 wpa_printf(MSG_INFO, "PBKDF2-SHA1 Passphrase test cases:");
1234 for (i = 0; i < NUM_PASSPHRASE_TESTS; i++) {
1236 const struct passphrase_test *test = &passphrase_tests[i];
1238 if (pbkdf2_sha1(test->passphrase,
1239 (const u8 *) test->ssid, strlen(test->ssid),
1240 4096, psk, 32) == 0 &&
1241 os_memcmp(psk, test->psk, 32) == 0)
1242 wpa_printf(MSG_INFO, "Test case %d - OK", i);
1244 wpa_printf(MSG_INFO, "Test case %d - FAILED!", i);
1249 wpa_printf(MSG_INFO, "PBKDF2-SHA1 test cases (RFC 6070):");
1250 for (i = 0; i < NUM_RFC6070_TESTS; i++) {
1252 const struct rfc6070_test *test = &rfc6070_tests[i];
1254 if (pbkdf2_sha1(test->p, (const u8 *) test->s, strlen(test->s),
1255 test->c, dk, test->dk_len) == 0 &&
1256 os_memcmp(dk, test->dk, test->dk_len) == 0)
1257 wpa_printf(MSG_INFO, "Test case %d - OK", i);
1259 wpa_printf(MSG_INFO, "Test case %d - FAILED!", i);
1265 wpa_printf(MSG_INFO, "SHA1 test cases passed");
1270 static const struct {
1277 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea,
1278 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
1279 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
1280 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad
1284 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
1286 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8,
1287 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39,
1288 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67,
1289 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1
1294 static const struct hmac_test {
1301 /* draft-ietf-ipsec-ciph-sha-256-01.txt */
1304 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
1305 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
1306 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
1307 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20
1312 0xa2, 0x1b, 0x1f, 0x5d, 0x4c, 0xf4, 0xf7, 0x3a,
1313 0x4d, 0xd9, 0x39, 0x75, 0x0f, 0x7a, 0x06, 0x6a,
1314 0x7f, 0x98, 0xcc, 0x13, 0x1c, 0xb1, 0x6a, 0x66,
1315 0x92, 0x75, 0x90, 0x21, 0xcf, 0xab, 0x81, 0x81
1320 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
1321 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
1322 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
1323 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20
1326 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
1329 0x10, 0x4f, 0xdc, 0x12, 0x57, 0x32, 0x8f, 0x08,
1330 0x18, 0x4b, 0xa7, 0x31, 0x31, 0xc5, 0x3c, 0xae,
1331 0xe6, 0x98, 0xe3, 0x61, 0x19, 0x42, 0x11, 0x49,
1332 0xea, 0x8c, 0x71, 0x24, 0x56, 0x69, 0x7d, 0x30
1337 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
1338 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
1339 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
1340 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20
1343 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
1344 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
1347 0x47, 0x03, 0x05, 0xfc, 0x7e, 0x40, 0xfe, 0x34,
1348 0xd3, 0xee, 0xb3, 0xe7, 0x73, 0xd9, 0x5a, 0xab,
1349 0x73, 0xac, 0xf0, 0xfd, 0x06, 0x04, 0x47, 0xa5,
1350 0xeb, 0x45, 0x95, 0xbf, 0x33, 0xa9, 0xd1, 0xa3
1355 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1356 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1357 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1358 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b
1364 0x19, 0x8a, 0x60, 0x7e, 0xb4, 0x4b, 0xfb, 0xc6,
1365 0x99, 0x03, 0xa0, 0xf1, 0xcf, 0x2b, 0xbd, 0xc5,
1366 0xba, 0x0a, 0xa3, 0xf3, 0xd9, 0xae, 0x3c, 0x1c,
1367 0x7a, 0x3b, 0x16, 0x96, 0xa0, 0xb6, 0x8c, 0xf7
1373 "what do ya want for nothing?",
1376 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e,
1377 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7,
1378 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83,
1379 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43
1384 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1385 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1386 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1387 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
1391 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1392 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1393 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1394 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1395 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1396 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1401 0xcd, 0xcb, 0x12, 0x20, 0xd1, 0xec, 0xcc, 0xea,
1402 0x91, 0xe5, 0x3a, 0xba, 0x30, 0x92, 0xf9, 0x62,
1403 0xe5, 0x49, 0xfe, 0x6c, 0xe9, 0xed, 0x7f, 0xdc,
1404 0x43, 0x19, 0x1f, 0xbd, 0xe4, 0x5c, 0x30, 0xb0
1409 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
1410 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
1411 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
1412 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
1413 0x21, 0x22, 0x23, 0x24, 0x25
1417 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1418 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1419 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1420 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1421 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1422 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1427 0xd4, 0x63, 0x3c, 0x17, 0xf6, 0xfb, 0x8d, 0x74,
1428 0x4c, 0x66, 0xde, 0xe0, 0xf8, 0xf0, 0x74, 0x55,
1429 0x6e, 0xc4, 0xaf, 0x55, 0xef, 0x07, 0x99, 0x85,
1430 0x41, 0x46, 0x8e, 0xb4, 0x9b, 0xd2, 0xe9, 0x17
1435 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
1436 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
1437 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
1438 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c
1441 "Test With Truncation",
1444 0x75, 0x46, 0xaf, 0x01, 0x84, 0x1f, 0xc0, 0x9b,
1445 0x1a, 0xb9, 0xc3, 0x74, 0x9a, 0x5f, 0x1c, 0x17,
1446 0xd4, 0xf5, 0x89, 0x66, 0x8a, 0x58, 0x7b, 0x27,
1447 0x00, 0xa9, 0xc9, 0x7c, 0x11, 0x93, 0xcf, 0x42
1452 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1453 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1454 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1455 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1456 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1457 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1458 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1459 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1460 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1461 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
1464 "Test Using Larger Than Block-Size Key - Hash Key First",
1467 0x69, 0x53, 0x02, 0x5e, 0xd9, 0x6f, 0x0c, 0x09,
1468 0xf8, 0x0a, 0x96, 0xf7, 0x8e, 0x65, 0x38, 0xdb,
1469 0xe2, 0xe7, 0xb8, 0x20, 0xe3, 0xdd, 0x97, 0x0e,
1470 0x7d, 0xdd, 0x39, 0x09, 0x1b, 0x32, 0x35, 0x2f
1475 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1476 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1477 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1478 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1479 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1480 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1481 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1482 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1483 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1484 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
1487 "Test Using Larger Than Block-Size Key and Larger Than One "
1491 0x63, 0x55, 0xac, 0x22, 0xe8, 0x90, 0xd0, 0xa3,
1492 0xc8, 0x48, 0x1a, 0x5c, 0xa4, 0x82, 0x5b, 0xc8,
1493 0x84, 0xd3, 0xe7, 0xa1, 0xff, 0x98, 0xa2, 0xfc,
1494 0x2a, 0xc7, 0xd8, 0xe0, 0x64, 0xc3, 0xb2, 0xe6
1500 static int test_sha256(void)
1509 for (i = 0; i < ARRAY_SIZE(tests); i++) {
1510 wpa_printf(MSG_INFO, "SHA256 test case %d:", i + 1);
1512 addr[0] = (u8 *) tests[i].data;
1513 len[0] = strlen(tests[i].data);
1514 sha256_vector(1, addr, len, hash);
1515 if (memcmp(hash, tests[i].hash, 32) != 0) {
1516 wpa_printf(MSG_INFO, " FAIL");
1519 wpa_printf(MSG_INFO, " OK");
1522 addr[0] = (u8 *) tests[i].data;
1524 addr[1] = (u8 *) tests[i].data + 1;
1525 len[1] = strlen(tests[i].data) - 1;
1526 sha256_vector(2, addr, len, hash);
1527 if (memcmp(hash, tests[i].hash, 32) != 0) {
1528 wpa_printf(MSG_INFO, " FAIL");
1531 wpa_printf(MSG_INFO, " OK");
1535 for (i = 0; i < ARRAY_SIZE(hmac_tests); i++) {
1536 const struct hmac_test *t = &hmac_tests[i];
1538 wpa_printf(MSG_INFO, "HMAC-SHA256 test case %d:", i + 1);
1540 if (hmac_sha256(t->key, t->key_len, t->data, t->data_len,
1542 os_memcmp(hash, t->hash, 32) != 0) {
1543 wpa_printf(MSG_INFO, " FAIL");
1546 wpa_printf(MSG_INFO, " OK");
1549 len[0] = t->data_len;
1550 if (hmac_sha256_vector(t->key, t->key_len, 1, addr, len,
1552 os_memcmp(hash, t->hash, 32) != 0) {
1553 wpa_printf(MSG_INFO, " FAIL");
1556 wpa_printf(MSG_INFO, " OK");
1561 addr[1] = t->data + 1;
1562 len[1] = t->data_len - 1;
1563 if (hmac_sha256_vector(t->key, t->key_len, 2, addr, len,
1565 os_memcmp(hash, t->hash, 32) != 0) {
1566 wpa_printf(MSG_INFO, " FAIL");
1569 wpa_printf(MSG_INFO, " OK");
1573 wpa_printf(MSG_INFO, "Test IEEE 802.11r KDF");
1574 sha256_prf((u8 *) "abc", 3, "KDF test", (u8 *) "data", 4,
1575 hash, sizeof(hash));
1576 /* TODO: add proper test case for this */
1578 key = os_malloc(8161);
1580 #ifdef CONFIG_HMAC_SHA256_KDF
1583 res = hmac_sha256_kdf((u8 *) "secret", 6, "label",
1584 (u8 *) "seed", 4, key, 8160);
1586 wpa_printf(MSG_INFO,
1587 "Unexpected hmac_sha256_kdf(outlen=8160) failure");
1591 res = hmac_sha256_kdf((u8 *) "secret", 6, "label",
1592 (u8 *) "seed", 4, key, 8161);
1594 wpa_printf(MSG_INFO,
1595 "Unexpected hmac_sha256_kdf(outlen=8161) success");
1598 #endif /* CONFIG_HMAC_SHA256_KDF */
1604 wpa_printf(MSG_INFO, "SHA256 test cases passed");
1609 static int test_fips186_2_prf(void)
1611 /* http://csrc.nist.gov/encryption/dss/Examples-1024bit.pdf */
1613 0xbd, 0x02, 0x9b, 0xbe, 0x7f, 0x51, 0x96, 0x0b,
1614 0xcf, 0x9e, 0xdb, 0x2b, 0x61, 0xf0, 0x6f, 0x0f,
1615 0xeb, 0x5a, 0x38, 0xb6
1618 0x20, 0x70, 0xb3, 0x22, 0x3d, 0xba, 0x37, 0x2f,
1619 0xde, 0x1c, 0x0f, 0xfc, 0x7b, 0x2e, 0x3b, 0x49,
1620 0x8b, 0x26, 0x06, 0x14, 0x3c, 0x6c, 0x18, 0xba,
1621 0xcb, 0x0f, 0x6c, 0x55, 0xba, 0xbb, 0x13, 0x78,
1622 0x8e, 0x20, 0xd7, 0x37, 0xa3, 0x27, 0x51, 0x16
1626 wpa_printf(MSG_INFO,
1627 "Testing EAP-SIM PRF (FIPS 186-2 + change notice 1)");
1628 if (fips186_2_prf(xkey, sizeof(xkey), buf, sizeof(buf)) < 0 ||
1629 os_memcmp(w, buf, sizeof(w)) != 0) {
1630 wpa_printf(MSG_INFO, "fips186_2_prf failed");
1638 static int test_ms_funcs(void)
1641 /* Test vector from RFC2759 example */
1642 char *username = "User";
1643 char *password = "clientPass";
1644 u8 auth_challenge[] = {
1645 0x5B, 0x5D, 0x7C, 0x7D, 0x7B, 0x3F, 0x2F, 0x3E,
1646 0x3C, 0x2C, 0x60, 0x21, 0x32, 0x26, 0x26, 0x28
1648 u8 peer_challenge[] = {
1649 0x21, 0x40, 0x23, 0x24, 0x25, 0x5E, 0x26, 0x2A,
1650 0x28, 0x29, 0x5F, 0x2B, 0x3A, 0x33, 0x7C, 0x7E
1652 u8 password_hash[] = {
1653 0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6,
1654 0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE
1656 u8 nt_response[] = {
1657 0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E,
1658 0xA0, 0x8F, 0xAA, 0x39, 0x81, 0xCD, 0x83, 0x54,
1659 0x42, 0x33, 0x11, 0x4A, 0x3D, 0x85, 0xD6, 0xDF
1661 u8 password_hash_hash[] = {
1662 0x41, 0xC0, 0x0C, 0x58, 0x4B, 0xD2, 0xD9, 0x1C,
1663 0x40, 0x17, 0xA2, 0xA1, 0x2F, 0xA5, 0x9F, 0x3F
1665 u8 authenticator_response[] = {
1666 0x40, 0x7A, 0x55, 0x89, 0x11, 0x5F, 0xD0, 0xD6,
1667 0x20, 0x9F, 0x51, 0x0F, 0xE9, 0xC0, 0x45, 0x66,
1668 0x93, 0x2C, 0xDA, 0x56
1671 0xFD, 0xEC, 0xE3, 0x71, 0x7A, 0x8C, 0x83, 0x8C,
1672 0xB3, 0x88, 0xE5, 0x27, 0xAE, 0x3C, 0xDD, 0x31
1674 u8 send_start_key[] = {
1675 0x8B, 0x7C, 0xDC, 0x14, 0x9B, 0x99, 0x3A, 0x1B,
1676 0xA1, 0x18, 0xCB, 0x15, 0x3F, 0x56, 0xDC, 0xCB
1681 if (nt_password_hash((u8 *) password, os_strlen(password), buf) ||
1682 os_memcmp(password_hash, buf, sizeof(password_hash)) != 0) {
1683 wpa_printf(MSG_ERROR, "nt_password_hash failed");
1687 if (generate_nt_response(auth_challenge, peer_challenge,
1688 (u8 *) username, os_strlen(username),
1689 (u8 *) password, os_strlen(password), buf) ||
1690 os_memcmp(nt_response, buf, sizeof(nt_response)) != 0) {
1691 wpa_printf(MSG_ERROR, "generate_nt_response failed");
1695 if (hash_nt_password_hash(password_hash, buf) ||
1696 os_memcmp(password_hash_hash, buf,
1697 sizeof(password_hash_hash)) != 0) {
1698 wpa_printf(MSG_ERROR, "hash_nt_password_hash failed");
1702 if (generate_authenticator_response((u8 *) password,
1703 os_strlen(password),
1704 peer_challenge, auth_challenge,
1706 os_strlen(username),
1707 nt_response, buf) ||
1708 os_memcmp(authenticator_response, buf,
1709 sizeof(authenticator_response)) != 0) {
1710 wpa_printf(MSG_ERROR, "generate_authenticator_response failed");
1714 if (get_master_key(password_hash_hash, nt_response, buf) ||
1715 os_memcmp(master_key, buf, sizeof(master_key)) != 0) {
1716 wpa_printf(MSG_ERROR, "get_master_key failed");
1720 if (get_asymetric_start_key(master_key, buf, sizeof(send_start_key),
1722 os_memcmp(send_start_key, buf, sizeof(send_start_key)) != 0) {
1723 wpa_printf(MSG_ERROR, "get_asymetric_start_key failed");
1728 wpa_printf(MSG_ERROR, "ms_funcs: %d errors", errors);
1730 wpa_printf(MSG_INFO, "ms_funcs test cases passed");
1733 #else /* CONFIG_FIPS */
1734 wpa_printf(MSG_INFO, "ms_funcs test cases skipped due to CONFIG_FIPS");
1736 #endif /* CONFIG_FIPS */
1740 int crypto_module_tests(void)
1744 wpa_printf(MSG_INFO, "crypto module tests");
1754 test_fips186_2_prf() ||