3 * Copyright (c) 2014-2015, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
9 #include "utils/includes.h"
11 #include "utils/common.h"
12 #include "utils/module_tests.h"
13 #include "crypto/aes_siv.h"
14 #include "crypto/aes_wrap.h"
15 #include "crypto/aes.h"
16 #include "crypto/ms_funcs.h"
17 #include "crypto/crypto.h"
18 #include "crypto/sha1.h"
19 #include "crypto/sha256.h"
20 #include "crypto/sha384.h"
23 static int test_siv(void)
26 /* RFC 5297, A.1. Deterministic Authenticated Encryption Example */
28 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
29 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
30 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
31 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
34 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
35 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
36 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27
39 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
40 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee
43 0x85, 0x63, 0x2d, 0x07, 0xc6, 0xe8, 0xf3, 0x7f,
44 0x95, 0x0a, 0xcd, 0x32, 0x0a, 0x2e, 0xcc, 0x93,
45 0x40, 0xc0, 0x2b, 0x96, 0x90, 0xc4, 0xdc, 0x04,
46 0xda, 0xef, 0x7f, 0x6a, 0xfe, 0x5c
48 /* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */
50 0x7f, 0x7e, 0x7d, 0x7c, 0x7b, 0x7a, 0x79, 0x78,
51 0x77, 0x76, 0x75, 0x74, 0x73, 0x72, 0x71, 0x70,
52 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
53 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
56 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
57 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
58 0xde, 0xad, 0xda, 0xda, 0xde, 0xad, 0xda, 0xda,
59 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
60 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00
63 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80,
67 0x09, 0xf9, 0x11, 0x02, 0x9d, 0x74, 0xe3, 0x5b,
68 0xd8, 0x41, 0x56, 0xc5, 0x63, 0x56, 0x88, 0xc0
71 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
72 0x73, 0x6f, 0x6d, 0x65, 0x20, 0x70, 0x6c, 0x61,
73 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x20, 0x74,
74 0x6f, 0x20, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70,
75 0x74, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x20,
76 0x53, 0x49, 0x56, 0x2d, 0x41, 0x45, 0x53
79 0x7b, 0xdb, 0x6e, 0x3b, 0x43, 0x26, 0x67, 0xeb,
80 0x06, 0xf4, 0xd1, 0x4b, 0xff, 0x2f, 0xbd, 0x0f,
81 0xcb, 0x90, 0x0f, 0x2f, 0xdd, 0xbe, 0x40, 0x43,
82 0x26, 0x60, 0x19, 0x65, 0xc8, 0x89, 0xbf, 0x17,
83 0xdb, 0xa7, 0x7c, 0xeb, 0x09, 0x4f, 0xa6, 0x63,
84 0xb7, 0xa3, 0xf7, 0x48, 0xba, 0x8a, 0xf8, 0x29,
85 0xea, 0x64, 0xad, 0x54, 0x4a, 0x27, 0x2e, 0x9c,
86 0x48, 0x5b, 0x62, 0xa3, 0xfd, 0x5c, 0x0d
88 u8 out[2 * AES_BLOCK_SIZE + sizeof(plaintext_2)];
92 /* RFC 5297, A.1. Deterministic Authenticated Encryption Example */
96 if (aes_siv_encrypt(key, sizeof(key), plaintext, sizeof(plaintext),
98 wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed");
101 if (os_memcmp(out, iv_c, sizeof(iv_c)) != 0) {
102 wpa_printf(MSG_ERROR,
103 "AES-SIV mode encryption returned invalid cipher text");
107 if (aes_siv_decrypt(key, sizeof(key), iv_c, sizeof(iv_c),
108 1, addr, len, out)) {
109 wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed");
112 if (os_memcmp(out, plaintext, sizeof(plaintext)) != 0) {
113 wpa_printf(MSG_ERROR,
114 "AES-SIV mode decryption returned invalid plain text");
118 /* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */
120 len[0] = sizeof(ad1_2);
122 len[1] = sizeof(ad2_2);
124 len[2] = sizeof(nonce_2);
126 if (aes_siv_encrypt(key_2, sizeof(key_2),
127 plaintext_2, sizeof(plaintext_2),
128 3, addr, len, out)) {
129 wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed");
132 if (os_memcmp(out, iv_c_2, sizeof(iv_c_2)) != 0) {
133 wpa_printf(MSG_ERROR,
134 "AES-SIV mode encryption returned invalid cipher text");
138 if (aes_siv_decrypt(key_2, sizeof(key_2), iv_c_2, sizeof(iv_c_2),
139 3, addr, len, out)) {
140 wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed");
143 if (os_memcmp(out, plaintext_2, sizeof(plaintext_2)) != 0) {
144 wpa_printf(MSG_ERROR,
145 "AES-SIV mode decryption returned invalid plain text");
149 wpa_printf(MSG_INFO, "AES-SIV test cases passed");
150 #endif /* CONFIG_MESH */
156 /* OMAC1 AES-128 test vectors from
157 * http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/omac/omac-ad.pdf
158 * which are same as the examples from NIST SP800-38B
159 * http://csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf
162 struct omac1_test_vector {
169 static const struct omac1_test_vector omac1_test_vectors[] =
172 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
173 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
176 { 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
177 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 }
180 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
181 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
182 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
183 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a},
185 { 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
186 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c }
189 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
190 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
191 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
192 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
193 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
194 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
195 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11 },
197 { 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
198 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 }
201 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
202 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
203 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
204 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
205 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
206 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
207 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
208 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
209 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
210 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 },
212 { 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
213 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe }
218 static int test_omac1_vector(const struct omac1_test_vector *tv,
222 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
223 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
225 u8 msg[] = { 0x12, 0x34, 0x56 };
226 u8 result[24], result2[24];
230 if (omac1_aes_128(tv->k, tv->msg, tv->msg_len, result) ||
231 os_memcmp(result, tv->tag, 16) != 0) {
232 wpa_printf(MSG_ERROR, "OMAC1-AES-128 test vector %u failed", i);
236 if (tv->msg_len > 1) {
240 addr[1] = tv->msg + 1;
241 len[1] = tv->msg_len - 1;
243 if (omac1_aes_128_vector(tv->k, 2, addr, len, result) ||
244 os_memcmp(result, tv->tag, 16) != 0) {
245 wpa_printf(MSG_ERROR,
246 "OMAC1-AES-128(vector) test vector %u failed",
252 len[0] = tv->msg_len - 2;
253 addr[1] = tv->msg + tv->msg_len - 2;
255 addr[2] = tv->msg + tv->msg_len - 1;
258 if (omac1_aes_128_vector(tv->k, 3, addr, len, result) ||
259 os_memcmp(result, tv->tag, 16) != 0) {
260 wpa_printf(MSG_ERROR,
261 "OMAC1-AES-128(vector2) test vector %u failed",
273 if (omac1_aes_128(key, msg, sizeof(msg), result) ||
274 omac1_aes_128_vector(key, 3, addr, len, result2) ||
275 os_memcmp(result, result2, 16) != 0) {
276 wpa_printf(MSG_ERROR, "OMAC1-AES-128 short test mismatch");
284 static int test_omac1(void)
288 for (i = 0; i < ARRAY_SIZE(omac1_test_vectors); i++) {
289 if (test_omac1_vector(&omac1_test_vectors[i], i))
293 wpa_printf(MSG_INFO, "OMAC1-AES-128 test cases passed");
299 static int test_eax(void)
302 u8 msg[] = { 0xF7, 0xFB };
303 u8 key[] = { 0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B,
304 0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4 };
305 u8 nonce[] = { 0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84,
306 0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD };
307 u8 hdr[] = { 0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA };
308 u8 cipher[] = { 0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D,
309 0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79,
311 u8 data[sizeof(msg)], tag[AES_BLOCK_SIZE];
313 os_memcpy(data, msg, sizeof(msg));
314 if (aes_128_eax_encrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
315 data, sizeof(data), tag)) {
316 wpa_printf(MSG_ERROR, "AES-128 EAX mode encryption failed");
319 if (os_memcmp(data, cipher, sizeof(data)) != 0) {
320 wpa_printf(MSG_ERROR,
321 "AES-128 EAX mode encryption returned invalid cipher text");
324 if (os_memcmp(tag, cipher + sizeof(data), AES_BLOCK_SIZE) != 0) {
325 wpa_printf(MSG_ERROR,
326 "AES-128 EAX mode encryption returned invalid tag");
330 if (aes_128_eax_decrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
331 data, sizeof(data), tag)) {
332 wpa_printf(MSG_ERROR, "AES-128 EAX mode decryption failed");
335 if (os_memcmp(data, msg, sizeof(data)) != 0) {
336 wpa_printf(MSG_ERROR,
337 "AES-128 EAX mode decryption returned invalid plain text");
341 wpa_printf(MSG_INFO, "AES-128 EAX mode test cases passed");
348 static int test_cbc(void)
350 struct cbc_test_vector {
358 { 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b,
359 0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 },
360 { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30,
361 0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 },
363 { 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8,
364 0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a },
368 { 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0,
369 0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a },
370 { 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28,
371 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 },
372 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
373 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
374 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
375 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
376 { 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a,
377 0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a,
378 0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9,
379 0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 },
387 for (i = 0; i < ARRAY_SIZE(vectors); i++) {
388 struct cbc_test_vector *tv = &vectors[i];
390 buf = os_malloc(tv->len);
396 os_memcpy(buf, tv->plain, tv->len);
397 if (aes_128_cbc_encrypt(tv->key, tv->iv, buf, tv->len) ||
398 os_memcmp(buf, tv->cipher, tv->len) != 0) {
399 wpa_printf(MSG_ERROR, "AES-CBC encrypt %d failed", i);
403 os_memcpy(buf, tv->cipher, tv->len);
404 if (aes_128_cbc_decrypt(tv->key, tv->iv, buf, tv->len) ||
405 os_memcmp(buf, tv->plain, tv->len) != 0) {
406 wpa_printf(MSG_ERROR, "AES-CBC decrypt %d failed", i);
417 static int test_ecb(void)
420 struct ecb_test_vector {
425 /* CAVS 11.1 - ECBGFSbox128.rsp */
427 "00000000000000000000000000000000",
428 "f34481ec3cc627bacd5dc3fb08f273e6",
429 "0336763e966d92595a567cc9ce537f5e"
432 "00000000000000000000000000000000",
433 "9798c4640bad75c7c3227db910174e72",
434 "a9a1631bf4996954ebc093957b234589"
437 "00000000000000000000000000000000",
438 "96ab5c2ff612d9dfaae8c31f30c42168",
439 "ff4f8391a6a40ca5b25d23bedd44a597"
442 "00000000000000000000000000000000",
443 "6a118a874519e64e9963798a503f1d35",
444 "dc43be40be0e53712f7e2bf5ca707209"
447 "00000000000000000000000000000000",
448 "cb9fceec81286ca3e989bd979b0cb284",
449 "92beedab1895a94faa69b632e5cc47ce"
452 "00000000000000000000000000000000",
453 "b26aeb1874e47ca8358ff22378f09144",
454 "459264f4798f6a78bacb89c15ed3d601"
457 "00000000000000000000000000000000",
458 "58c8e00b2631686d54eab84b91f0aca1",
459 "08a4e2efec8a8e3312ca7460b9040bbf"
461 /* CAVS 11.1 - ECBKeySbox128.rsp */
463 "10a58869d74be5a374cf867cfb473859",
464 "00000000000000000000000000000000",
465 "6d251e6944b051e04eaa6fb4dbf78465"
468 "caea65cdbb75e9169ecd22ebe6e54675",
469 "00000000000000000000000000000000",
470 "6e29201190152df4ee058139def610bb",
475 u8 key[16], plain[16], cipher[16], out[16];
477 for (i = 0; i < ARRAY_SIZE(vectors); i++) {
478 struct ecb_test_vector *tv = &vectors[i];
480 if (hexstr2bin(tv->key, key, sizeof(key)) ||
481 hexstr2bin(tv->plaintext, plain, sizeof(plain)) ||
482 hexstr2bin(tv->ciphertext, cipher, sizeof(cipher))) {
483 wpa_printf(MSG_ERROR, "Invalid AES-ECB test vector %u",
489 if (aes_128_encrypt_block(key, plain, out) < 0 ||
490 os_memcmp(out, cipher, 16) != 0) {
491 wpa_printf(MSG_ERROR, "AES-ECB encrypt %u failed", i);
497 wpa_printf(MSG_INFO, "AES ECB mode test cases passed");
506 static int test_key_wrap(void)
510 /* RFC 3394 - Test vector 4.1 */
512 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
513 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
516 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
517 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
520 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
521 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
522 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5
524 #ifndef CONFIG_BORINGSSL
525 /* RFC 3394 - Test vector 4.2 */
527 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
528 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
529 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
532 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
533 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
536 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35,
537 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2,
538 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D
540 #endif /* CONFIG_BORINGSSL */
541 /* RFC 3394 - Test vector 4.3 */
543 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
544 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
545 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
546 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
549 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
550 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
553 0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2,
554 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A,
555 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7,
557 #ifndef CONFIG_BORINGSSL
558 /* RFC 3394 - Test vector 4.4 */
560 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
561 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
562 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
565 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
566 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
567 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
570 0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32,
571 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC,
572 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93,
573 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2
575 #endif /* CONFIG_BORINGSSL */
576 /* RFC 3394 - Test vector 4.5 */
578 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
579 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
580 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
581 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
584 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
585 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
586 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
589 0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F,
590 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4,
591 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95,
592 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1,
594 /* RFC 3394 - Test vector 4.6 */
596 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
597 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
598 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
599 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
602 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
603 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
604 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
605 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
608 0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4,
609 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26,
610 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26,
611 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B,
612 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21
616 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.1");
617 if (aes_wrap(kek41, sizeof(kek41), sizeof(plain41) / 8, plain41,
619 wpa_printf(MSG_ERROR, "AES-WRAP-128 reported failure");
622 if (os_memcmp(result, crypt41, sizeof(crypt41)) != 0) {
623 wpa_printf(MSG_ERROR, "AES-WRAP-128 failed");
626 if (aes_unwrap(kek41, sizeof(kek41), sizeof(plain41) / 8, crypt41,
628 wpa_printf(MSG_ERROR, "AES-UNWRAP-128 reported failure");
631 if (os_memcmp(result, plain41, sizeof(plain41)) != 0) {
632 wpa_printf(MSG_ERROR, "AES-UNWRAP-128 failed");
636 #ifndef CONFIG_BORINGSSL
637 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.2");
638 if (aes_wrap(kek42, sizeof(kek42), sizeof(plain42) / 8, plain42,
640 wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure");
643 if (os_memcmp(result, crypt42, sizeof(crypt42)) != 0) {
644 wpa_printf(MSG_ERROR, "AES-WRAP-192 failed");
647 if (aes_unwrap(kek42, sizeof(kek42), sizeof(plain42) / 8, crypt42,
649 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure");
652 if (os_memcmp(result, plain42, sizeof(plain42)) != 0) {
653 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed");
656 #endif /* CONFIG_BORINGSSL */
658 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.3");
659 if (aes_wrap(kek43, sizeof(kek43), sizeof(plain43) / 8, plain43,
661 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure");
664 if (os_memcmp(result, crypt43, sizeof(crypt43)) != 0) {
665 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed");
668 if (aes_unwrap(kek43, sizeof(kek43), sizeof(plain43) / 8, crypt43,
670 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure");
673 if (os_memcmp(result, plain43, sizeof(plain43)) != 0) {
674 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed");
678 #ifndef CONFIG_BORINGSSL
679 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.4");
680 if (aes_wrap(kek44, sizeof(kek44), sizeof(plain44) / 8, plain44,
682 wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure");
685 if (os_memcmp(result, crypt44, sizeof(crypt44)) != 0) {
686 wpa_printf(MSG_ERROR, "AES-WRAP-192 failed");
689 if (aes_unwrap(kek44, sizeof(kek44), sizeof(plain44) / 8, crypt44,
691 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure");
694 if (os_memcmp(result, plain44, sizeof(plain44)) != 0) {
695 wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed");
698 #endif /* CONFIG_BORINGSSL */
700 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.5");
701 if (aes_wrap(kek45, sizeof(kek45), sizeof(plain45) / 8, plain45,
703 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure");
706 if (os_memcmp(result, crypt45, sizeof(crypt45)) != 0) {
707 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed");
710 if (aes_unwrap(kek45, sizeof(kek45), sizeof(plain45) / 8, crypt45,
712 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure");
715 if (os_memcmp(result, plain45, sizeof(plain45)) != 0) {
716 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed");
720 wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.6");
721 if (aes_wrap(kek46, sizeof(kek46), sizeof(plain46) / 8, plain46,
723 wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure");
726 if (os_memcmp(result, crypt46, sizeof(crypt46)) != 0) {
727 wpa_printf(MSG_ERROR, "AES-WRAP-256 failed");
730 if (aes_unwrap(kek46, sizeof(kek46), sizeof(plain46) / 8, crypt46,
732 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure");
735 if (os_memcmp(result, plain46, sizeof(plain46)) != 0) {
736 wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed");
741 wpa_printf(MSG_INFO, "AES key wrap/unwrap test cases passed");
747 static int test_md5(void)
756 "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04"
757 "\xe9\x80\x09\x98\xec\xf8\x42\x7e"
761 "\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8"
762 "\x31\xc3\x99\xe2\x69\x77\x26\x61"
766 "\x90\x01\x50\x98\x3c\xd2\x4f\xb0"
767 "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72"
771 "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d"
772 "\x52\x5a\x2f\x31\xaa\xf1\x61\xd0"
775 "abcdefghijklmnopqrstuvwxyz",
776 "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00"
777 "\x7d\xfb\x49\x6c\xca\x67\xe1\x3b"
780 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
782 "\xd1\x74\xab\x98\xd2\x77\xd9\xf5"
783 "\xa5\x61\x1c\x2c\x9f\x41\x9d\x9f"
786 "12345678901234567890123456789012345678901234567890"
787 "123456789012345678901234567890",
788 "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55"
789 "\xac\x49\xda\x2e\x21\x07\xb6\x7a"
798 for (i = 0; i < ARRAY_SIZE(tests); i++) {
799 wpa_printf(MSG_INFO, "MD5 test case %d", i);
801 addr[0] = (u8 *) tests[i].data;
802 len[0] = strlen(tests[i].data);
803 if (md5_vector(1, addr, len, hash) < 0 ||
804 os_memcmp(hash, tests[i].hash, 16) != 0) {
805 wpa_printf(MSG_INFO, " FAIL");
808 wpa_printf(MSG_INFO, " OK");
811 addr[0] = (u8 *) tests[i].data;
812 len[0] = strlen(tests[i].data);
813 addr[1] = (u8 *) tests[i].data + 1;
814 len[1] = strlen(tests[i].data) - 1;
815 if (md5_vector(1, addr, len, hash) < 0 ||
816 os_memcmp(hash, tests[i].hash, 16) != 0) {
817 wpa_printf(MSG_INFO, " FAIL");
820 wpa_printf(MSG_INFO, " OK");
825 wpa_printf(MSG_INFO, "MD5 test cases passed");
828 #else /* CONFIG_FIPS */
829 wpa_printf(MSG_INFO, "MD5 test cases skipped due to CONFIG_FIPS");
831 #endif /* CONFIG_FIPS */
835 static int test_eap_fast(void)
838 /* RFC 4851, Appendix B.1 */
839 const u8 pac_key[] = {
840 0x0B, 0x97, 0x39, 0x0F, 0x37, 0x51, 0x78, 0x09,
841 0x81, 0x1E, 0xFD, 0x9C, 0x6E, 0x65, 0x94, 0x2B,
842 0x63, 0x2C, 0xE9, 0x53, 0x89, 0x38, 0x08, 0xBA,
843 0x36, 0x0B, 0x03, 0x7C, 0xD1, 0x85, 0xE4, 0x14
846 0x3F, 0xFB, 0x11, 0xC4, 0x6C, 0xBF, 0xA5, 0x7A,
847 0x54, 0x40, 0xDA, 0xE8, 0x22, 0xD3, 0x11, 0xD3,
848 0xF7, 0x6D, 0xE4, 0x1D, 0xD9, 0x33, 0xE5, 0x93,
849 0x70, 0x97, 0xEB, 0xA9, 0xB3, 0x66, 0xF4, 0x2A,
850 0x00, 0x00, 0x00, 0x02, 0x6A, 0x66, 0x43, 0x2A,
851 0x8D, 0x14, 0x43, 0x2C, 0xEC, 0x58, 0x2D, 0x2F,
852 0xC7, 0x9C, 0x33, 0x64, 0xBA, 0x04, 0xAD, 0x3A,
853 0x52, 0x54, 0xD6, 0xA5, 0x79, 0xAD, 0x1E, 0x00
855 const u8 master_secret[] = {
856 0x4A, 0x1A, 0x51, 0x2C, 0x01, 0x60, 0xBC, 0x02,
857 0x3C, 0xCF, 0xBC, 0x83, 0x3F, 0x03, 0xBC, 0x64,
858 0x88, 0xC1, 0x31, 0x2F, 0x0B, 0xA9, 0xA2, 0x77,
859 0x16, 0xA8, 0xD8, 0xE8, 0xBD, 0xC9, 0xD2, 0x29,
860 0x38, 0x4B, 0x7A, 0x85, 0xBE, 0x16, 0x4D, 0x27,
861 0x33, 0xD5, 0x24, 0x79, 0x87, 0xB1, 0xC5, 0xA2
864 const u8 key_block[] = {
865 0x59, 0x59, 0xBE, 0x8E, 0x41, 0x3A, 0x77, 0x74,
866 0x8B, 0xB2, 0xE5, 0xD3, 0x60, 0xAC, 0x4D, 0x35,
867 0xDF, 0xFB, 0xC8, 0x1E, 0x9C, 0x24, 0x9C, 0x8B,
868 0x0E, 0xC3, 0x1D, 0x72, 0xC8, 0x84, 0x9D, 0x57,
869 0x48, 0x51, 0x2E, 0x45, 0x97, 0x6C, 0x88, 0x70,
870 0xBE, 0x5F, 0x01, 0xD3, 0x64, 0xE7, 0x4C, 0xBB,
871 0x11, 0x24, 0xE3, 0x49, 0xE2, 0x3B, 0xCD, 0xEF,
872 0x7A, 0xB3, 0x05, 0x39, 0x5D, 0x64, 0x8A, 0x44,
873 0x11, 0xB6, 0x69, 0x88, 0x34, 0x2E, 0x8E, 0x29,
874 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05,
875 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96,
876 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84,
877 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98,
878 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71
880 #endif /* CONFIG_FIPS */
882 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05,
883 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96,
884 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84,
885 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98,
886 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71
889 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
890 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
891 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
892 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
895 0x16, 0x15, 0x3C, 0x3F, 0x21, 0x55, 0xEF, 0xD9,
896 0x7F, 0x34, 0xAE, 0xC8, 0x1A, 0x4E, 0x66, 0x80,
897 0x4C, 0xC3, 0x76, 0xF2, 0x8A, 0xA9, 0x6F, 0x96,
898 0xC2, 0x54, 0x5F, 0x8C, 0xAB, 0x65, 0x02, 0xE1,
899 0x18, 0x40, 0x7B, 0x56, 0xBE, 0xEA, 0xA7, 0xC5,
900 0x76, 0x5D, 0x8F, 0x0B, 0xC5, 0x07, 0xC6, 0xB9,
901 0x04, 0xD0, 0x69, 0x56, 0x72, 0x8B, 0x6B, 0xB8,
902 0x15, 0xEC, 0x57, 0x7B
905 0x4D, 0x83, 0xA9, 0xBE, 0x6F, 0x8A, 0x74, 0xED,
906 0x6A, 0x02, 0x66, 0x0A, 0x63, 0x4D, 0x2C, 0x33,
907 0xC2, 0xDA, 0x60, 0x15, 0xC6, 0x37, 0x04, 0x51,
908 0x90, 0x38, 0x63, 0xDA, 0x54, 0x3E, 0x14, 0xB9,
909 0x27, 0x99, 0x18, 0x1E, 0x07, 0xBF, 0x0F, 0x5A,
910 0x5E, 0x3C, 0x32, 0x93, 0x80, 0x8C, 0x6C, 0x49,
911 0x67, 0xED, 0x24, 0xFE, 0x45, 0x40, 0xA0, 0x59,
912 0x5E, 0x37, 0xC2, 0xE9, 0xD0, 0x5D, 0x0A, 0xE3
915 0x3A, 0xD4, 0xAB, 0xDB, 0x76, 0xB2, 0x7F, 0x3B,
916 0xEA, 0x32, 0x2C, 0x2B, 0x74, 0xF4, 0x28, 0x55,
917 0xEF, 0x2D, 0xBA, 0x78, 0xC9, 0x57, 0x2F, 0x0D,
918 0x06, 0xCD, 0x51, 0x7C, 0x20, 0x93, 0x98, 0xA9,
919 0x76, 0xEA, 0x70, 0x21, 0xD7, 0x0E, 0x25, 0x54,
920 0x97, 0xED, 0xB2, 0x8A, 0xF6, 0xED, 0xFD, 0x0A,
921 0x2A, 0xE7, 0xA1, 0x58, 0x90, 0x10, 0x50, 0x44,
922 0xB3, 0x82, 0x85, 0xDB, 0x06, 0x14, 0xD2, 0xF9
924 /* RFC 4851, Appendix B.2 */
926 0x80, 0x0C, 0x00, 0x38, 0x00, 0x01, 0x01, 0x00,
927 0xD8, 0x6A, 0x8C, 0x68, 0x3C, 0x32, 0x31, 0xA8,
928 0x56, 0x63, 0xB6, 0x40, 0x21, 0xFE, 0x21, 0x14,
929 0x4E, 0xE7, 0x54, 0x20, 0x79, 0x2D, 0x42, 0x62,
930 0xC9, 0xBF, 0x53, 0x7F, 0x54, 0xFD, 0xAC, 0x58,
931 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF,
932 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC,
933 0x05, 0xC5, 0x5B, 0xB7
935 const u8 compound_mac[] = {
936 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF,
937 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC,
938 0x05, 0xC5, 0x5B, 0xB7
941 const u8 *simck, *cmk;
944 wpa_printf(MSG_INFO, "EAP-FAST test cases");
946 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / master_secret");
947 if (sha1_t_prf(pac_key, sizeof(pac_key),
948 "PAC to master secret label hash",
949 seed, sizeof(seed), buf, sizeof(master_secret)) < 0 ||
950 os_memcmp(master_secret, buf, sizeof(master_secret)) != 0) {
951 wpa_printf(MSG_INFO, "T-PRF test - FAILED!");
956 wpa_printf(MSG_INFO, "- PRF (TLS, SHA1/MD5) test case / key_block");
957 if (tls_prf_sha1_md5(master_secret, sizeof(master_secret),
958 "key expansion", seed, sizeof(seed),
959 buf, sizeof(key_block)) ||
960 os_memcmp(key_block, buf, sizeof(key_block)) != 0) {
961 wpa_printf(MSG_INFO, "PRF test - FAILED!");
964 #endif /* CONFIG_FIPS */
966 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / IMCK");
967 if (sha1_t_prf(sks, sizeof(sks), "Inner Methods Compound Keys",
968 isk, sizeof(isk), buf, sizeof(imck)) < 0 ||
969 os_memcmp(imck, buf, sizeof(imck)) != 0) {
970 wpa_printf(MSG_INFO, "T-PRF test - FAILED!");
977 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / MSK");
978 if (sha1_t_prf(simck, 40, "Session Key Generating Function",
979 (u8 *) "", 0, buf, sizeof(msk)) < 0 ||
980 os_memcmp(msk, buf, sizeof(msk)) != 0) {
981 wpa_printf(MSG_INFO, "T-PRF test - FAILED!");
985 wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / EMSK");
986 if (sha1_t_prf(simck, 40, "Extended Session Key Generating Function",
987 (u8 *) "", 0, buf, sizeof(msk)) < 0 ||
988 os_memcmp(emsk, buf, sizeof(emsk)) != 0) {
989 wpa_printf(MSG_INFO, "T-PRF test - FAILED!");
993 wpa_printf(MSG_INFO, "- Compound MAC test case");
994 os_memset(tlv + sizeof(tlv) - 20, 0, 20);
995 if (hmac_sha1(cmk, 20, tlv, sizeof(tlv), tlv + sizeof(tlv) - 20) < 0 ||
996 os_memcmp(tlv + sizeof(tlv) - 20, compound_mac,
997 sizeof(compound_mac)) != 0) {
998 wpa_printf(MSG_INFO, "Compound MAC test - FAILED!");
1003 #else /* EAP_FAST */
1005 #endif /* EAP_FAST */
1009 static const u8 key0[] =
1011 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1012 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1013 0x0b, 0x0b, 0x0b, 0x0b
1015 static const u8 data0[] = "Hi There";
1016 static const u8 prf0[] =
1018 0xbc, 0xd4, 0xc6, 0x50, 0xb3, 0x0b, 0x96, 0x84,
1019 0x95, 0x18, 0x29, 0xe0, 0xd7, 0x5f, 0x9d, 0x54,
1020 0xb8, 0x62, 0x17, 0x5e, 0xd9, 0xf0, 0x06, 0x06,
1021 0xe1, 0x7d, 0x8d, 0xa3, 0x54, 0x02, 0xff, 0xee,
1022 0x75, 0xdf, 0x78, 0xc3, 0xd3, 0x1e, 0x0f, 0x88,
1023 0x9f, 0x01, 0x21, 0x20, 0xc0, 0x86, 0x2b, 0xeb,
1024 0x67, 0x75, 0x3e, 0x74, 0x39, 0xae, 0x24, 0x2e,
1025 0xdb, 0x83, 0x73, 0x69, 0x83, 0x56, 0xcf, 0x5a
1028 static const u8 key1[] = "Jefe";
1029 static const u8 data1[] = "what do ya want for nothing?";
1030 static const u8 prf1[] =
1032 0x51, 0xf4, 0xde, 0x5b, 0x33, 0xf2, 0x49, 0xad,
1033 0xf8, 0x1a, 0xeb, 0x71, 0x3a, 0x3c, 0x20, 0xf4,
1034 0xfe, 0x63, 0x14, 0x46, 0xfa, 0xbd, 0xfa, 0x58,
1035 0x24, 0x47, 0x59, 0xae, 0x58, 0xef, 0x90, 0x09,
1036 0xa9, 0x9a, 0xbf, 0x4e, 0xac, 0x2c, 0xa5, 0xfa,
1037 0x87, 0xe6, 0x92, 0xc4, 0x40, 0xeb, 0x40, 0x02,
1038 0x3e, 0x7b, 0xab, 0xb2, 0x06, 0xd6, 0x1d, 0xe7,
1039 0xb9, 0x2f, 0x41, 0x52, 0x90, 0x92, 0xb8, 0xfc
1043 static const u8 key2[] =
1045 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1046 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1047 0xaa, 0xaa, 0xaa, 0xaa
1049 static const u8 data2[] =
1051 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1052 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1053 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1054 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1055 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1056 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1059 static const u8 prf2[] =
1061 0xe1, 0xac, 0x54, 0x6e, 0xc4, 0xcb, 0x63, 0x6f,
1062 0x99, 0x76, 0x48, 0x7b, 0xe5, 0xc8, 0x6b, 0xe1,
1063 0x7a, 0x02, 0x52, 0xca, 0x5d, 0x8d, 0x8d, 0xf1,
1064 0x2c, 0xfb, 0x04, 0x73, 0x52, 0x52, 0x49, 0xce,
1065 0x9d, 0xd8, 0xd1, 0x77, 0xea, 0xd7, 0x10, 0xbc,
1066 0x9b, 0x59, 0x05, 0x47, 0x23, 0x91, 0x07, 0xae,
1067 0xf7, 0xb4, 0xab, 0xd4, 0x3d, 0x87, 0xf0, 0xa6,
1068 0x8f, 0x1c, 0xbd, 0x9e, 0x2b, 0x6f, 0x76, 0x07
1072 struct passphrase_test {
1078 static const struct passphrase_test passphrase_tests[] =
1084 0xf4, 0x2c, 0x6f, 0xc5, 0x2d, 0xf0, 0xeb, 0xef,
1085 0x9e, 0xbb, 0x4b, 0x90, 0xb3, 0x8a, 0x5f, 0x90,
1086 0x2e, 0x83, 0xfe, 0x1b, 0x13, 0x5a, 0x70, 0xe2,
1087 0x3a, 0xed, 0x76, 0x2e, 0x97, 0x10, 0xa1, 0x2e
1094 0x0d, 0xc0, 0xd6, 0xeb, 0x90, 0x55, 0x5e, 0xd6,
1095 0x41, 0x97, 0x56, 0xb9, 0xa1, 0x5e, 0xc3, 0xe3,
1096 0x20, 0x9b, 0x63, 0xdf, 0x70, 0x7d, 0xd5, 0x08,
1097 0xd1, 0x45, 0x81, 0xf8, 0x98, 0x27, 0x21, 0xaf
1101 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
1102 "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ",
1104 0xbe, 0xcb, 0x93, 0x86, 0x6b, 0xb8, 0xc3, 0x83,
1105 0x2c, 0xb7, 0x77, 0xc2, 0xf5, 0x59, 0x80, 0x7c,
1106 0x8c, 0x59, 0xaf, 0xcb, 0x6e, 0xae, 0x73, 0x48,
1107 0x85, 0x00, 0x13, 0x00, 0xa9, 0x81, 0xcc, 0x62
1112 #define NUM_PASSPHRASE_TESTS ARRAY_SIZE(passphrase_tests)
1115 struct rfc6070_test {
1123 static const struct rfc6070_test rfc6070_tests[] =
1130 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
1131 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06,
1132 0x2f, 0xe0, 0x37, 0xa6
1141 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c,
1142 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0,
1143 0xd8, 0xde, 0x89, 0x57
1152 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a,
1153 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0,
1154 0x65, 0xa4, 0x29, 0xc1
1158 #if 0 /* This takes quite long to derive.. */
1164 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4,
1165 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c,
1166 0x26, 0x34, 0xe9, 0x84
1172 "passwordPASSWORDpassword",
1173 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
1176 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b,
1177 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a,
1178 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70,
1183 #if 0 /* \0 not currently supported in passphrase parameters.. */
1189 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d,
1190 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3
1197 #define NUM_RFC6070_TESTS ARRAY_SIZE(rfc6070_tests)
1200 static int test_sha1(void)
1206 wpa_printf(MSG_INFO, "PRF-SHA1 test cases:");
1208 if (sha1_prf(key0, sizeof(key0), "prefix", data0, sizeof(data0) - 1,
1209 res, sizeof(prf0)) == 0 &&
1210 os_memcmp(res, prf0, sizeof(prf0)) == 0)
1211 wpa_printf(MSG_INFO, "Test case 0 - OK");
1213 wpa_printf(MSG_INFO, "Test case 0 - FAILED!");
1217 if (sha1_prf(key1, sizeof(key1) - 1, "prefix", data1, sizeof(data1) - 1,
1218 res, sizeof(prf1)) == 0 &&
1219 os_memcmp(res, prf1, sizeof(prf1)) == 0)
1220 wpa_printf(MSG_INFO, "Test case 1 - OK");
1222 wpa_printf(MSG_INFO, "Test case 1 - FAILED!");
1226 if (sha1_prf(key2, sizeof(key2), "prefix", data2, sizeof(data2),
1227 res, sizeof(prf2)) == 0 &&
1228 os_memcmp(res, prf2, sizeof(prf2)) == 0)
1229 wpa_printf(MSG_INFO, "Test case 2 - OK");
1231 wpa_printf(MSG_INFO, "Test case 2 - FAILED!");
1235 ret += test_eap_fast();
1237 wpa_printf(MSG_INFO, "PBKDF2-SHA1 Passphrase test cases:");
1238 for (i = 0; i < NUM_PASSPHRASE_TESTS; i++) {
1240 const struct passphrase_test *test = &passphrase_tests[i];
1242 if (pbkdf2_sha1(test->passphrase,
1243 (const u8 *) test->ssid, strlen(test->ssid),
1244 4096, psk, 32) == 0 &&
1245 os_memcmp(psk, test->psk, 32) == 0)
1246 wpa_printf(MSG_INFO, "Test case %d - OK", i);
1248 wpa_printf(MSG_INFO, "Test case %d - FAILED!", i);
1253 wpa_printf(MSG_INFO, "PBKDF2-SHA1 test cases (RFC 6070):");
1254 for (i = 0; i < NUM_RFC6070_TESTS; i++) {
1256 const struct rfc6070_test *test = &rfc6070_tests[i];
1258 if (pbkdf2_sha1(test->p, (const u8 *) test->s, strlen(test->s),
1259 test->c, dk, test->dk_len) == 0 &&
1260 os_memcmp(dk, test->dk, test->dk_len) == 0)
1261 wpa_printf(MSG_INFO, "Test case %d - OK", i);
1263 wpa_printf(MSG_INFO, "Test case %d - FAILED!", i);
1269 wpa_printf(MSG_INFO, "SHA1 test cases passed");
1274 static const struct {
1281 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea,
1282 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
1283 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
1284 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad
1288 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
1290 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8,
1291 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39,
1292 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67,
1293 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1
1298 static const struct hmac_test {
1303 u8 hash[32]; /* HMAC-SHA-256 */
1304 u8 hash384[48]; /* HMAC-SHA-384 */
1306 /* draft-ietf-ipsec-ciph-sha-256-01.txt; RFC 4231 */
1309 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
1310 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
1311 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
1312 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20
1317 0xa2, 0x1b, 0x1f, 0x5d, 0x4c, 0xf4, 0xf7, 0x3a,
1318 0x4d, 0xd9, 0x39, 0x75, 0x0f, 0x7a, 0x06, 0x6a,
1319 0x7f, 0x98, 0xcc, 0x13, 0x1c, 0xb1, 0x6a, 0x66,
1320 0x92, 0x75, 0x90, 0x21, 0xcf, 0xab, 0x81, 0x81
1326 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
1327 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
1328 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
1329 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20
1332 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
1335 0x10, 0x4f, 0xdc, 0x12, 0x57, 0x32, 0x8f, 0x08,
1336 0x18, 0x4b, 0xa7, 0x31, 0x31, 0xc5, 0x3c, 0xae,
1337 0xe6, 0x98, 0xe3, 0x61, 0x19, 0x42, 0x11, 0x49,
1338 0xea, 0x8c, 0x71, 0x24, 0x56, 0x69, 0x7d, 0x30
1344 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
1345 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
1346 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
1347 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20
1350 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
1351 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
1354 0x47, 0x03, 0x05, 0xfc, 0x7e, 0x40, 0xfe, 0x34,
1355 0xd3, 0xee, 0xb3, 0xe7, 0x73, 0xd9, 0x5a, 0xab,
1356 0x73, 0xac, 0xf0, 0xfd, 0x06, 0x04, 0x47, 0xa5,
1357 0xeb, 0x45, 0x95, 0xbf, 0x33, 0xa9, 0xd1, 0xa3
1363 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1364 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1365 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1366 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b
1372 0x19, 0x8a, 0x60, 0x7e, 0xb4, 0x4b, 0xfb, 0xc6,
1373 0x99, 0x03, 0xa0, 0xf1, 0xcf, 0x2b, 0xbd, 0xc5,
1374 0xba, 0x0a, 0xa3, 0xf3, 0xd9, 0xae, 0x3c, 0x1c,
1375 0x7a, 0x3b, 0x16, 0x96, 0xa0, 0xb6, 0x8c, 0xf7
1379 { /* RFC 4231 - Test Case 1 */
1381 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1382 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1383 0x0b, 0x0b, 0x0b, 0x0b
1389 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53,
1390 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b,
1391 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7,
1392 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7
1395 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62,
1396 0x6b, 0x08, 0x25, 0xf4, 0xab, 0x46, 0x90, 0x7f,
1397 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,
1398 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c,
1399 0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f,
1400 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6
1403 { /* RFC 4231 - Test Case 2 */
1406 "what do ya want for nothing?",
1409 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e,
1410 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7,
1411 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83,
1412 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43
1415 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31,
1416 0x61, 0x7f, 0x78, 0xd2, 0xb5, 0x8a, 0x6b, 0x1b,
1417 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47,
1418 0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e,
1419 0x8e, 0x22, 0x40, 0xca, 0x5e, 0x69, 0xe2, 0xc7,
1420 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49
1425 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1426 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1427 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1428 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
1432 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1433 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1434 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1435 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1436 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1437 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1442 0xcd, 0xcb, 0x12, 0x20, 0xd1, 0xec, 0xcc, 0xea,
1443 0x91, 0xe5, 0x3a, 0xba, 0x30, 0x92, 0xf9, 0x62,
1444 0xe5, 0x49, 0xfe, 0x6c, 0xe9, 0xed, 0x7f, 0xdc,
1445 0x43, 0x19, 0x1f, 0xbd, 0xe4, 0x5c, 0x30, 0xb0
1449 { /* RFC 4231 - Test Case 3 */
1451 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1452 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1453 0xaa, 0xaa, 0xaa, 0xaa
1457 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1458 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1459 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1460 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1461 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1462 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1467 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46,
1468 0x85, 0x4d, 0xb8, 0xeb, 0xd0, 0x91, 0x81, 0xa7,
1469 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8, 0xc1, 0x22,
1470 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe
1473 0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a,
1474 0x0a, 0xa2, 0xac, 0xe0, 0x14, 0xc8, 0xa8, 0x6f,
1475 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb,
1476 0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b,
1477 0x2a, 0x5a, 0xb3, 0x9d, 0xc1, 0x38, 0x14, 0xb9,
1478 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27
1483 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
1484 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
1485 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
1486 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
1487 0x21, 0x22, 0x23, 0x24, 0x25
1491 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1492 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1493 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1494 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1495 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1496 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1501 0xd4, 0x63, 0x3c, 0x17, 0xf6, 0xfb, 0x8d, 0x74,
1502 0x4c, 0x66, 0xde, 0xe0, 0xf8, 0xf0, 0x74, 0x55,
1503 0x6e, 0xc4, 0xaf, 0x55, 0xef, 0x07, 0x99, 0x85,
1504 0x41, 0x46, 0x8e, 0xb4, 0x9b, 0xd2, 0xe9, 0x17
1508 { /* RFC 4231 - Test Case 4 */
1510 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
1511 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
1512 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
1517 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1518 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1519 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1520 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1521 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1522 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1527 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e,
1528 0xa4, 0xcc, 0x81, 0x98, 0x99, 0xf2, 0x08, 0x3a,
1529 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78, 0xf8, 0x07,
1530 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b
1533 0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85,
1534 0x19, 0x33, 0xab, 0x62, 0x90, 0xaf, 0x6c, 0xa7,
1535 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c,
1536 0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e,
1537 0x68, 0x01, 0xdd, 0x23, 0xc4, 0xa7, 0xd6, 0x79,
1538 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb
1543 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
1544 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
1545 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
1546 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c
1549 "Test With Truncation",
1552 0x75, 0x46, 0xaf, 0x01, 0x84, 0x1f, 0xc0, 0x9b,
1553 0x1a, 0xb9, 0xc3, 0x74, 0x9a, 0x5f, 0x1c, 0x17,
1554 0xd4, 0xf5, 0x89, 0x66, 0x8a, 0x58, 0x7b, 0x27,
1555 0x00, 0xa9, 0xc9, 0x7c, 0x11, 0x93, 0xcf, 0x42
1561 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1562 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1563 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1564 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1565 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1566 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1567 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1568 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1569 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1570 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
1573 "Test Using Larger Than Block-Size Key - Hash Key First",
1576 0x69, 0x53, 0x02, 0x5e, 0xd9, 0x6f, 0x0c, 0x09,
1577 0xf8, 0x0a, 0x96, 0xf7, 0x8e, 0x65, 0x38, 0xdb,
1578 0xe2, 0xe7, 0xb8, 0x20, 0xe3, 0xdd, 0x97, 0x0e,
1579 0x7d, 0xdd, 0x39, 0x09, 0x1b, 0x32, 0x35, 0x2f
1583 { /* RFC 4231 - Test Case 6 */
1585 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1586 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1587 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1588 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1589 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1590 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1591 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1592 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1593 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1594 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1595 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1596 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1597 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1598 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1599 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1600 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1604 "Test Using Larger Than Block-Size Key - Hash Key First",
1607 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f,
1608 0x0d, 0x8a, 0x26, 0xaa, 0xcb, 0xf5, 0xb7, 0x7f,
1609 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28, 0xc5, 0x14,
1610 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54
1613 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90,
1614 0x88, 0xd2, 0xc6, 0x3a, 0x04, 0x1b, 0xc5, 0xb4,
1615 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f,
1616 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6,
1617 0x0c, 0x2e, 0xf6, 0xab, 0x40, 0x30, 0xfe, 0x82,
1618 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52
1623 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1624 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1625 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1626 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1627 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1628 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1629 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1630 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1631 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1632 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
1635 "Test Using Larger Than Block-Size Key and Larger Than One "
1639 0x63, 0x55, 0xac, 0x22, 0xe8, 0x90, 0xd0, 0xa3,
1640 0xc8, 0x48, 0x1a, 0x5c, 0xa4, 0x82, 0x5b, 0xc8,
1641 0x84, 0xd3, 0xe7, 0xa1, 0xff, 0x98, 0xa2, 0xfc,
1642 0x2a, 0xc7, 0xd8, 0xe0, 0x64, 0xc3, 0xb2, 0xe6
1646 { /* RFC 4231 - Test Case 7 */
1648 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1649 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1650 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1651 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1652 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1653 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1654 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1655 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1656 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1657 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1658 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1659 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1660 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1661 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1662 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1663 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1667 "This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.",
1670 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb,
1671 0x27, 0x63, 0x5f, 0xbc, 0xd5, 0xb0, 0xe9, 0x44,
1672 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07, 0x13, 0x93,
1673 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2
1676 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d,
1677 0x35, 0x1e, 0x2f, 0x25, 0x4e, 0x8f, 0xd3, 0x2c,
1678 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a,
1679 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5,
1680 0xa6, 0x78, 0xcc, 0x31, 0xe7, 0x99, 0x17, 0x6d,
1681 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e
1687 static int test_sha256(void)
1696 for (i = 0; i < ARRAY_SIZE(tests); i++) {
1697 wpa_printf(MSG_INFO, "SHA256 test case %d:", i + 1);
1699 addr[0] = (u8 *) tests[i].data;
1700 len[0] = strlen(tests[i].data);
1701 sha256_vector(1, addr, len, hash);
1702 if (memcmp(hash, tests[i].hash, 32) != 0) {
1703 wpa_printf(MSG_INFO, " FAIL");
1706 wpa_printf(MSG_INFO, " OK");
1709 addr[0] = (u8 *) tests[i].data;
1711 addr[1] = (u8 *) tests[i].data + 1;
1712 len[1] = strlen(tests[i].data) - 1;
1713 sha256_vector(2, addr, len, hash);
1714 if (memcmp(hash, tests[i].hash, 32) != 0) {
1715 wpa_printf(MSG_INFO, " FAIL");
1718 wpa_printf(MSG_INFO, " OK");
1722 for (i = 0; i < ARRAY_SIZE(hmac_tests); i++) {
1723 const struct hmac_test *t = &hmac_tests[i];
1725 wpa_printf(MSG_INFO, "HMAC-SHA256 test case %d:", i + 1);
1727 if (hmac_sha256(t->key, t->key_len, t->data, t->data_len,
1729 os_memcmp(hash, t->hash, 32) != 0) {
1730 wpa_printf(MSG_INFO, " FAIL");
1733 wpa_printf(MSG_INFO, " OK");
1736 len[0] = t->data_len;
1737 if (hmac_sha256_vector(t->key, t->key_len, 1, addr, len,
1739 os_memcmp(hash, t->hash, 32) != 0) {
1740 wpa_printf(MSG_INFO, " FAIL");
1743 wpa_printf(MSG_INFO, " OK");
1748 addr[1] = t->data + 1;
1749 len[1] = t->data_len - 1;
1750 if (hmac_sha256_vector(t->key, t->key_len, 2, addr, len,
1752 os_memcmp(hash, t->hash, 32) != 0) {
1753 wpa_printf(MSG_INFO, " FAIL");
1756 wpa_printf(MSG_INFO, " OK");
1760 wpa_printf(MSG_INFO, "Test IEEE 802.11r KDF");
1761 sha256_prf((u8 *) "abc", 3, "KDF test", (u8 *) "data", 4,
1762 hash, sizeof(hash));
1763 /* TODO: add proper test case for this */
1765 key = os_malloc(8161);
1767 #ifdef CONFIG_HMAC_SHA256_KDF
1770 res = hmac_sha256_kdf((u8 *) "secret", 6, "label",
1771 (u8 *) "seed", 4, key, 8160);
1773 wpa_printf(MSG_INFO,
1774 "Unexpected hmac_sha256_kdf(outlen=8160) failure");
1778 res = hmac_sha256_kdf((u8 *) "secret", 6, "label",
1779 (u8 *) "seed", 4, key, 8161);
1781 wpa_printf(MSG_INFO,
1782 "Unexpected hmac_sha256_kdf(outlen=8161) success");
1785 #endif /* CONFIG_HMAC_SHA256_KDF */
1791 wpa_printf(MSG_INFO, "SHA256 test cases passed");
1796 static int test_sha384(void)
1798 #ifdef CONFIG_SHA384
1804 const char *data = "hello";
1805 const u8 hash_res[] = {
1806 0x59, 0xe1, 0x74, 0x87, 0x77, 0x44, 0x8c, 0x69,
1807 0xde, 0x6b, 0x80, 0x0d, 0x7a, 0x33, 0xbb, 0xfb,
1808 0x9f, 0xf1, 0xb4, 0x63, 0xe4, 0x43, 0x54, 0xc3,
1809 0x55, 0x3b, 0xcd, 0xb9, 0xc6, 0x66, 0xfa, 0x90,
1810 0x12, 0x5a, 0x3c, 0x79, 0xf9, 0x03, 0x97, 0xbd,
1811 0xf5, 0xf6, 0xa1, 0x3d, 0xe8, 0x28, 0x68, 0x4f
1814 addr[0] = (const u8 *) data;
1816 if (sha384_vector(1, addr, len, hash) < 0 ||
1817 os_memcmp(hash, hash_res, 48) != 0) {
1818 wpa_printf(MSG_INFO, "SHA384 test case 1: FAIL");
1821 wpa_printf(MSG_INFO, "SHA384 test case 1: OK");
1824 addr[0] = (const u8 *) data;
1826 addr[1] = (const u8 *) data + 4;
1828 if (sha384_vector(2, addr, len, hash) < 0 ||
1829 os_memcmp(hash, hash_res, 48) != 0) {
1830 wpa_printf(MSG_INFO, "SHA384 test case 2: FAIL");
1833 wpa_printf(MSG_INFO, "SHA384 test case 2: OK");
1836 for (i = 0; i < ARRAY_SIZE(hmac_tests); i++) {
1837 const struct hmac_test *t = &hmac_tests[i];
1839 if (t->hash384[0] == 0 && t->hash384[1] == 0 &&
1840 t->hash384[2] == 0 && t->hash384[3] == 0)
1842 wpa_printf(MSG_INFO, "HMAC-SHA384 test case %d:", i + 1);
1844 if (hmac_sha384(t->key, t->key_len, t->data, t->data_len,
1846 os_memcmp(hash, t->hash384, 48) != 0) {
1847 wpa_printf(MSG_INFO, " FAIL");
1850 wpa_printf(MSG_INFO, " OK");
1853 len[0] = t->data_len;
1854 if (hmac_sha384_vector(t->key, t->key_len, 1, addr, len,
1856 os_memcmp(hash, t->hash384, 48) != 0) {
1857 wpa_printf(MSG_INFO, " FAIL");
1860 wpa_printf(MSG_INFO, " OK");
1865 addr[1] = t->data + 1;
1866 len[1] = t->data_len - 1;
1867 if (hmac_sha384_vector(t->key, t->key_len, 2, addr, len,
1869 os_memcmp(hash, t->hash384, 48) != 0) {
1870 wpa_printf(MSG_INFO, " FAIL");
1873 wpa_printf(MSG_INFO, " OK");
1878 wpa_printf(MSG_INFO, "SHA384 test cases passed");
1880 #else /* CONFIG_SHA384 */
1882 #endif /* CONFIG_SHA384 */
1886 static int test_fips186_2_prf(void)
1888 /* http://csrc.nist.gov/encryption/dss/Examples-1024bit.pdf */
1890 0xbd, 0x02, 0x9b, 0xbe, 0x7f, 0x51, 0x96, 0x0b,
1891 0xcf, 0x9e, 0xdb, 0x2b, 0x61, 0xf0, 0x6f, 0x0f,
1892 0xeb, 0x5a, 0x38, 0xb6
1895 0x20, 0x70, 0xb3, 0x22, 0x3d, 0xba, 0x37, 0x2f,
1896 0xde, 0x1c, 0x0f, 0xfc, 0x7b, 0x2e, 0x3b, 0x49,
1897 0x8b, 0x26, 0x06, 0x14, 0x3c, 0x6c, 0x18, 0xba,
1898 0xcb, 0x0f, 0x6c, 0x55, 0xba, 0xbb, 0x13, 0x78,
1899 0x8e, 0x20, 0xd7, 0x37, 0xa3, 0x27, 0x51, 0x16
1903 wpa_printf(MSG_INFO,
1904 "Testing EAP-SIM PRF (FIPS 186-2 + change notice 1)");
1905 if (fips186_2_prf(xkey, sizeof(xkey), buf, sizeof(buf)) < 0 ||
1906 os_memcmp(w, buf, sizeof(w)) != 0) {
1907 wpa_printf(MSG_INFO, "fips186_2_prf failed");
1915 static int test_extract_expand_hkdf(void)
1917 u8 prk[SHA256_MAC_LEN];
1922 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1923 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1924 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b
1927 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1928 0x08, 0x09, 0x0a, 0x0b, 0x0c
1931 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
1935 0x07, 0x77, 0x09, 0x36, 0x2c, 0x2e, 0x32, 0xdf,
1936 0x0d, 0xdc, 0x3f, 0x0d, 0xc4, 0x7b, 0xba, 0x63,
1937 0x90, 0xb6, 0xc7, 0x3b, 0xb5, 0x0f, 0x9c, 0x31,
1938 0x22, 0xec, 0x84, 0x4a, 0xd7, 0xc2, 0xb3, 0xe5
1941 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
1942 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
1943 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
1944 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
1945 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
1951 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1952 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1953 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1954 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
1955 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
1956 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
1957 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
1958 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
1959 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
1960 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
1963 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
1964 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
1965 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
1966 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
1967 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
1968 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
1969 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
1970 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
1971 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
1972 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf
1975 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
1976 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
1977 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
1978 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
1979 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
1980 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
1981 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
1982 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
1983 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
1984 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
1987 0x06, 0xa6, 0xb8, 0x8c, 0x58, 0x53, 0x36, 0x1a,
1988 0x06, 0x10, 0x4c, 0x9c, 0xeb, 0x35, 0xb4, 0x5c,
1989 0xef, 0x76, 0x00, 0x14, 0x90, 0x46, 0x71, 0x01,
1990 0x4a, 0x19, 0x3f, 0x40, 0xc1, 0x5f, 0xc2, 0x44
1993 0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1,
1994 0xc8, 0xe7, 0xf7, 0x8c, 0x59, 0x6a, 0x49, 0x34,
1995 0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, 0xfa, 0xd8,
1996 0xa0, 0x50, 0xcc, 0x4c, 0x19, 0xaf, 0xa9, 0x7c,
1997 0x59, 0x04, 0x5a, 0x99, 0xca, 0xc7, 0x82, 0x72,
1998 0x71, 0xcb, 0x41, 0xc6, 0x5e, 0x59, 0x0e, 0x09,
1999 0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8,
2000 0x36, 0x77, 0x93, 0xa9, 0xac, 0xa3, 0xdb, 0x71,
2001 0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, 0x3e, 0x87,
2002 0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f,
2006 wpa_printf(MSG_INFO, "Testing Extract-and-Expand HKDF (RFC 5869)");
2008 wpa_printf(MSG_INFO, "RFC 5869 - Test Case 1");
2009 if (hmac_sha256(salt1, sizeof(salt1), ikm1, sizeof(ikm1), prk) < 0)
2011 if (os_memcmp(prk, prk1, SHA256_MAC_LEN) != 0) {
2012 wpa_printf(MSG_INFO, "HKDF-Extract mismatch in PRK");
2015 if (hmac_sha256_kdf(prk1, sizeof(prk1), NULL, info1, sizeof(info1),
2016 okm, sizeof(okm1)) < 0)
2018 if (os_memcmp(okm, okm1, sizeof(okm1)) != 0) {
2019 wpa_printf(MSG_INFO, "HKDF-Expand mismatch in OKM");
2023 wpa_printf(MSG_INFO, "RFC 5869 - Test Case 2");
2024 if (hmac_sha256(salt2, sizeof(salt2), ikm2, sizeof(ikm2), prk) < 0)
2026 if (os_memcmp(prk, prk2, SHA256_MAC_LEN) != 0) {
2027 wpa_printf(MSG_INFO, "HKDF-Extract mismatch in PRK");
2030 if (hmac_sha256_kdf(prk2, sizeof(prk2), NULL, info2, sizeof(info2),
2031 okm, sizeof(okm2)) < 0)
2033 if (os_memcmp(okm, okm2, sizeof(okm2)) != 0) {
2034 wpa_printf(MSG_INFO, "HKDF-Expand mismatch in OKM");
2038 wpa_printf(MSG_INFO, "Extract-and-Expand HKDF test cases passed");
2044 static int test_ms_funcs(void)
2047 /* Test vector from RFC2759 example */
2048 char *username = "User";
2049 char *password = "clientPass";
2050 u8 auth_challenge[] = {
2051 0x5B, 0x5D, 0x7C, 0x7D, 0x7B, 0x3F, 0x2F, 0x3E,
2052 0x3C, 0x2C, 0x60, 0x21, 0x32, 0x26, 0x26, 0x28
2054 u8 peer_challenge[] = {
2055 0x21, 0x40, 0x23, 0x24, 0x25, 0x5E, 0x26, 0x2A,
2056 0x28, 0x29, 0x5F, 0x2B, 0x3A, 0x33, 0x7C, 0x7E
2058 u8 password_hash[] = {
2059 0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6,
2060 0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE
2062 u8 nt_response[] = {
2063 0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E,
2064 0xA0, 0x8F, 0xAA, 0x39, 0x81, 0xCD, 0x83, 0x54,
2065 0x42, 0x33, 0x11, 0x4A, 0x3D, 0x85, 0xD6, 0xDF
2067 u8 password_hash_hash[] = {
2068 0x41, 0xC0, 0x0C, 0x58, 0x4B, 0xD2, 0xD9, 0x1C,
2069 0x40, 0x17, 0xA2, 0xA1, 0x2F, 0xA5, 0x9F, 0x3F
2071 u8 authenticator_response[] = {
2072 0x40, 0x7A, 0x55, 0x89, 0x11, 0x5F, 0xD0, 0xD6,
2073 0x20, 0x9F, 0x51, 0x0F, 0xE9, 0xC0, 0x45, 0x66,
2074 0x93, 0x2C, 0xDA, 0x56
2077 0xFD, 0xEC, 0xE3, 0x71, 0x7A, 0x8C, 0x83, 0x8C,
2078 0xB3, 0x88, 0xE5, 0x27, 0xAE, 0x3C, 0xDD, 0x31
2080 u8 send_start_key[] = {
2081 0x8B, 0x7C, 0xDC, 0x14, 0x9B, 0x99, 0x3A, 0x1B,
2082 0xA1, 0x18, 0xCB, 0x15, 0x3F, 0x56, 0xDC, 0xCB
2087 if (nt_password_hash((u8 *) password, os_strlen(password), buf) ||
2088 os_memcmp(password_hash, buf, sizeof(password_hash)) != 0) {
2089 wpa_printf(MSG_ERROR, "nt_password_hash failed");
2093 if (generate_nt_response(auth_challenge, peer_challenge,
2094 (u8 *) username, os_strlen(username),
2095 (u8 *) password, os_strlen(password), buf) ||
2096 os_memcmp(nt_response, buf, sizeof(nt_response)) != 0) {
2097 wpa_printf(MSG_ERROR, "generate_nt_response failed");
2101 if (hash_nt_password_hash(password_hash, buf) ||
2102 os_memcmp(password_hash_hash, buf,
2103 sizeof(password_hash_hash)) != 0) {
2104 wpa_printf(MSG_ERROR, "hash_nt_password_hash failed");
2108 if (generate_authenticator_response((u8 *) password,
2109 os_strlen(password),
2110 peer_challenge, auth_challenge,
2112 os_strlen(username),
2113 nt_response, buf) ||
2114 os_memcmp(authenticator_response, buf,
2115 sizeof(authenticator_response)) != 0) {
2116 wpa_printf(MSG_ERROR, "generate_authenticator_response failed");
2120 if (get_master_key(password_hash_hash, nt_response, buf) ||
2121 os_memcmp(master_key, buf, sizeof(master_key)) != 0) {
2122 wpa_printf(MSG_ERROR, "get_master_key failed");
2126 if (get_asymetric_start_key(master_key, buf, sizeof(send_start_key),
2128 os_memcmp(send_start_key, buf, sizeof(send_start_key)) != 0) {
2129 wpa_printf(MSG_ERROR, "get_asymetric_start_key failed");
2134 wpa_printf(MSG_ERROR, "ms_funcs: %d errors", errors);
2136 wpa_printf(MSG_INFO, "ms_funcs test cases passed");
2139 #else /* CONFIG_FIPS */
2140 wpa_printf(MSG_INFO, "ms_funcs test cases skipped due to CONFIG_FIPS");
2142 #endif /* CONFIG_FIPS */
2146 int crypto_module_tests(void)
2150 wpa_printf(MSG_INFO, "crypto module tests");
2161 test_fips186_2_prf() ||
2162 test_extract_expand_hkdf() ||