2 * Copyright (c) 2004 Sam Leffler, Errno Consulting
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. The name of the author may not be used to endorse or promote products
14 * derived from this software without specific prior written permission.
16 * Alternatively, this software may be distributed under the terms of the
17 * GNU General Public License ("GPL") version 2 as published by the Free
18 * Software Foundation.
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
21 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
22 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
23 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
24 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
25 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37 * Test vectors come from section I.7.2 of P802.11i/D7.0, October 2003.
39 * To use this tester load the net80211 layer (either as a module or
40 * by statically configuring it into your kernel), then insmod this
41 * module. It should automatically run all test cases and print
42 * information for each. To run one or more tests you can specify a
43 * tests parameter to the module that is a bit mask of the set of tests
44 * you want; e.g. insmod wep_test tests=7 will run only test mpdu's
47 #include <sys/param.h>
48 #include <sys/kernel.h>
49 #include <sys/systm.h>
51 #include <sys/module.h>
53 #include <sys/socket.h>
56 #include <net/if_var.h>
57 #include <net/if_media.h>
59 #include <net80211/ieee80211_var.h>
63 aa aa 03 00 00 00 08 00 45 00 00 4e 66 1a 00 00 80 11 be 64 0a 00 01 22
64 0a ff ff ff 00 89 00 89 00 3a 00 00 80 a6 01 10 00 01 00 00 00 00 00 00
65 20 45 43 45 4a 45 48 45 43 46 43 45 50 46 45 45 49 45 46 46 43 43 41 43
66 41 43 41 43 41 43 41 41 41 00 00 20 00 01
68 RC4 encryption is performed as follows:
70 18 Key fb 02 9e 30 31 32 33 34
72 aa aa 03 00 00 00 08 00 45 00 00 4e 66 1a 00 00 80 11 be 64 0a 00 01
73 22 0a ff ff ff 00 89 00 89 00 3a 00 00 80 a6 01 10 00 01 00 00 00 00
74 00 00 20 45 43 45 4a 45 48 45 43 46 43 45 50 46 45 45 49 45 46 46 43
75 43 41 43 41 43 41 43 41 43 41 41 41 00 00 20 00 01 1b d0 b6 04
77 f6 9c 58 06 bd 6c e8 46 26 bc be fb 94 74 65 0a ad 1f 79 09 b0 f6 4d
78 5f 58 a5 03 a2 58 b7 ed 22 eb 0e a6 49 30 d3 a0 56 a5 57 42 fc ce 14
79 1d 48 5f 8a a8 36 de a1 8d f4 2c 53 80 80 5a d0 c6 1a 5d 6f 58 f4 10
80 40 b2 4b 7d 1a 69 38 56 ed 0d 43 98 e7 ae e3 bf 0e 2a 2c a8 f7
81 The plaintext consists of the MPDU data, followed by a 4-octet CRC-32
82 calculated over the MPDU data.
83 19 The expanded MPDU, after WEP encapsulation, is as follows:
87 f6 9c 58 06 bd 6c e8 46 26 bc be fb 94 74 65 0a ad 1f 79 09 b0 f6 4d 5f 58 a5
88 03 a2 58 b7 ed 22 eb 0e a6 49 30 d3 a0 56 a5 57 42 fc ce 14 1d 48 5f 8a a8 36
89 de a1 8d f4 2c 53 80 80 5a d0 c6 1a 5d 6f 58 f4 10 40 b2 4b 7d 1a 69 38 56 ed
90 0d 43 98 e7 ae e3 bf 0e
93 static const u_int8_t test1_key[] = { /* TK (w/o IV) */
94 0x30, 0x31, 0x32, 0x33, 0x34,
96 static const u_int8_t test1_plaintext[] = { /* Plaintext MPDU */
97 0x08, 0x48, 0xc3, 0x2c, 0x0f, 0xd2, 0xe1, 0x28, /* 802.11 Header */
98 0xa5, 0x7c, 0x50, 0x30, 0xf1, 0x84, 0x44, 0x08,
99 0xab, 0xae, 0xa5, 0xb8, 0xfc, 0xba, 0x80, 0x33,
100 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00, 0x08, 0x00, /* Plaintext data */
101 0x45, 0x00, 0x00, 0x4e, 0x66, 0x1a, 0x00, 0x00,
102 0x80, 0x11, 0xbe, 0x64, 0x0a, 0x00, 0x01, 0x22,
103 0x0a, 0xff, 0xff, 0xff, 0x00, 0x89, 0x00, 0x89,
104 0x00, 0x3a, 0x00, 0x00, 0x80, 0xa6, 0x01, 0x10,
105 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
106 0x20, 0x45, 0x43, 0x45, 0x4a, 0x45, 0x48, 0x45,
107 0x43, 0x46, 0x43, 0x45, 0x50, 0x46, 0x45, 0x45,
108 0x49, 0x45, 0x46, 0x46, 0x43, 0x43, 0x41, 0x43,
109 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x41,
110 0x41, 0x00, 0x00, 0x20, 0x00, 0x01,
112 static const u_int8_t test1_encrypted[] = { /* Encrypted MPDU */
113 0x08, 0x48, 0xc3, 0x2c, 0x0f, 0xd2, 0xe1, 0x28,
114 0xa5, 0x7c, 0x50, 0x30, 0xf1, 0x84, 0x44, 0x08,
115 0xab, 0xae, 0xa5, 0xb8, 0xfc, 0xba, 0x80, 0x33,
116 0xfb, 0x02, 0x9e, 0x80, 0xf6, 0x9c, 0x58, 0x06,
117 0xbd, 0x6c, 0xe8, 0x46, 0x26, 0xbc, 0xbe, 0xfb,
118 0x94, 0x74, 0x65, 0x0a, 0xad, 0x1f, 0x79, 0x09,
119 0xb0, 0xf6, 0x4d, 0x5f, 0x58, 0xa5, 0x03, 0xa2,
120 0x58, 0xb7, 0xed, 0x22, 0xeb, 0x0e, 0xa6, 0x49,
121 0x30, 0xd3, 0xa0, 0x56, 0xa5, 0x57, 0x42, 0xfc,
122 0xce, 0x14, 0x1d, 0x48, 0x5f, 0x8a, 0xa8, 0x36,
123 0xde, 0xa1, 0x8d, 0xf4, 0x2c, 0x53, 0x80, 0x80,
124 0x5a, 0xd0, 0xc6, 0x1a, 0x5d, 0x6f, 0x58, 0xf4,
125 0x10, 0x40, 0xb2, 0x4b, 0x7d, 0x1a, 0x69, 0x38,
126 0x56, 0xed, 0x0d, 0x43, 0x98, 0xe7, 0xae, 0xe3,
127 0xbf, 0x0e, 0x2a, 0x2c, 0xa8, 0xf7,
130 /* XXX fix byte order of iv */
131 #define TEST(n,name,cipher,keyix,iv0,iv1,iv2,iv3) { \
132 name, IEEE80211_CIPHER_##cipher,keyix, { iv2,iv1,iv0,iv3 }, \
133 test##n##_key, sizeof(test##n##_key), \
134 test##n##_plaintext, sizeof(test##n##_plaintext), \
135 test##n##_encrypted, sizeof(test##n##_encrypted) \
145 const u_int8_t *plaintext;
146 size_t plaintext_len;
147 const u_int8_t *encrypted;
148 size_t encrypted_len;
150 TEST(1, "WEP test mpdu 1", WEP, 2, 0xfb, 0x02, 0x9e, 0x80),
154 dumpdata(const char *tag, const void *p, size_t len)
158 printf("%s: 0x%p len %u", tag, p, len);
159 for (i = 0; i < len; i++) {
161 printf("\n%03d:", i);
162 printf(" %02x", ((const u_int8_t *)p)[i]);
168 cmpfail(const void *gen, size_t genlen, const void *ref, size_t reflen)
172 for (i = 0; i < genlen; i++)
173 if (((const u_int8_t *)gen)[i] != ((const u_int8_t *)ref)[i]) {
174 printf("first difference at byte %u\n", i);
177 dumpdata("Generated", gen, genlen);
178 dumpdata("Reference", ref, reflen);
181 struct wep_ctx_hw { /* for use with h/w support */
182 struct ieee80211vap *wc_vap; /* for diagnostics+statistics */
183 struct ieee80211com *wc_ic;
184 uint32_t wc_iv; /* initial vector for crypto */
188 runtest(struct ieee80211vap *vap, struct ciphertest *t)
190 struct ieee80211_key *key = &vap->iv_nw_keys[t->keyix];
191 struct mbuf *m = NULL;
192 const struct ieee80211_cipher *cip;
193 struct wep_ctx_hw *ctx;
196 printf("%s: ", t->name);
201 memset(key, 0, sizeof(*key));
202 key->wk_flags = IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV;
203 key->wk_cipher = &ieee80211_cipher_none;
204 if (!ieee80211_crypto_newkey(vap, t->cipher,
205 IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV, key)) {
206 printf("FAIL: ieee80211_crypto_newkey failed\n");
210 memcpy(key->wk_key, t->key, t->key_len);
211 key->wk_keylen = t->key_len;
212 if (!ieee80211_crypto_setkey(vap, key)) {
213 printf("FAIL: ieee80211_crypto_setkey failed\n");
218 * Craft frame from plaintext data.
220 cip = key->wk_cipher;
221 m = m_getcl(M_NOWAIT, MT_HEADER, M_PKTHDR);
222 memcpy(mtod(m, void *), t->encrypted, t->encrypted_len);
223 m->m_len = t->encrypted_len;
224 m->m_pkthdr.len = m->m_len;
225 hdrlen = ieee80211_anyhdrsize(mtod(m, void *));
230 if (!cip->ic_decap(key, m, hdrlen)) {
231 printf("FAIL: wep decap failed\n");
232 cmpfail(mtod(m, const void *), m->m_pkthdr.len,
233 t->plaintext, t->plaintext_len);
237 * Verify: frame length, frame contents.
239 if (m->m_pkthdr.len != t->plaintext_len) {
240 printf("FAIL: decap botch; length mismatch\n");
241 cmpfail(mtod(m, const void *), m->m_pkthdr.len,
242 t->plaintext, t->plaintext_len);
244 } else if (memcmp(mtod(m, const void *), t->plaintext, t->plaintext_len)) {
245 printf("FAIL: decap botch; data does not compare\n");
246 cmpfail(mtod(m, const void *), m->m_pkthdr.len,
247 t->plaintext, t->plaintext_len);
254 ctx = (struct wep_ctx_hw *) key->wk_private;
256 ctx->wc_ic = vap->iv_ic;
257 memcpy(&ctx->wc_iv, t->iv, sizeof(t->iv)); /* for encap/encrypt */
258 if (!cip->ic_encap(key, m)) {
259 printf("FAIL: wep encap failed\n");
263 * Verify: frame length, frame contents.
265 if (m->m_pkthdr.len != t->encrypted_len) {
266 printf("FAIL: encap data length mismatch\n");
267 cmpfail(mtod(m, const void *), m->m_pkthdr.len,
268 t->encrypted, t->encrypted_len);
270 } else if (memcmp(mtod(m, const void *), t->encrypted, m->m_pkthdr.len)) {
271 printf("FAIL: encrypt data does not compare\n");
272 cmpfail(mtod(m, const void *), m->m_pkthdr.len,
273 t->encrypted, t->encrypted_len);
274 dumpdata("Plaintext", t->plaintext, t->plaintext_len);
278 ieee80211_crypto_delkey(vap, key);
284 ieee80211_crypto_delkey(vap, key);
292 static int tests = -1;
293 static int debug = 0;
296 init_crypto_wep_test(void)
298 struct ieee80211com ic;
299 struct ieee80211vap vap;
303 memset(&ic, 0, sizeof(ic));
304 memset(&vap, 0, sizeof(vap));
305 memset(&ifp, 0, sizeof(ifp));
307 ieee80211_crypto_attach(&ic);
309 /* some minimal initialization */
310 strncpy(ifp.if_xname, "test_ccmp", sizeof(ifp.if_xname));
314 vap.iv_debug = IEEE80211_MSG_CRYPTO;
315 ieee80211_crypto_vattach(&vap);
319 for (i = 0; i < nitems(weptests); i++)
320 if (tests & (1<<i)) {
322 pass += runtest(&vap, &weptests[i]);
324 printf("%u of %u 802.11i WEP test vectors passed\n", pass, total);
326 ieee80211_crypto_vdetach(&vap);
327 ieee80211_crypto_detach(&ic);
329 return (pass == total ? 0 : -1);
333 test_wep_modevent(module_t mod, int type, void *unused)
337 (void) init_crypto_wep_test();
345 static moduledata_t test_wep_mod = {
350 DECLARE_MODULE(test_wep, test_wep_mod, SI_SUB_DRIVERS, SI_ORDER_FIRST);
351 MODULE_VERSION(test_wep, 1);
352 MODULE_DEPEND(test_wep, wlan, 1, 1, 1);