test_ccmp.c revision 269738 
1/*-
2 * Copyright (c) 2004 Sam Leffler, Errno Consulting
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 * 3. The name of the author may not be used to endorse or promote products
14 *    derived from this software without specific prior written permission.
15 *
16 * Alternatively, this software may be distributed under the terms of the
17 * GNU General Public License ("GPL") version 2 as published by the Free
18 * Software Foundation.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
21 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
22 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
23 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
24 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
25 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 *
31 * $FreeBSD: stable/10/tools/regression/net80211/ccmp/test_ccmp.c 269738 2014-08-08 19:39:40Z delphij $
32 */
33
34/*
35 * CCMP test module.
36 *
37 * Test vectors come from section I.7.4 of P802.11i/D7.0, October 2003.
38 *
39 * To use this tester load the net80211 layer (either as a module or
40 * by statically configuring it into your kernel), then kldload this
41 * module.  It should automatically run all test cases and print
42 * information for each.  To run one or more tests you can specify a
43 * tests parameter to the module that is a bit mask of the set of tests
44 * you want; e.g. insmod ccmp_test tests=7 will run only test mpdu's
45 * 1, 2, and 3.
46 */
47#include <sys/param.h>
48#include <sys/kernel.h>
49#include <sys/systm.h>
50#include <sys/mbuf.h>
51#include <sys/module.h>
52
53#include <sys/socket.h>
54
55#include <net/if.h>
56#include <net/if_media.h>
57
58#include <net80211/ieee80211_var.h>
59
60/*
61==== CCMP test mpdu   1 ====
62
63-- MPDU Fields
64
657  Version  = 0
668  Type     = 2   SubType  = 0  Data
679  ToDS     = 0   FromDS   = 0
6810  MoreFrag = 0   Retry    = 1
6911  PwrMgt   = 0   moreData = 0
7012  Encrypt  = 1
7113  Order    = 0
7214  Duration = 11459
7315  A1 = 0f-d2-e1-28-a5-7c    DA
7416  A2 = 50-30-f1-84-44-08    SA
7517  A3 = ab-ae-a5-b8-fc-ba    BSSID
7618  SC = 0x3380
7719  seqNum = 824 (0x0338)  fraqNum = 0 (0x00)
7820  Algorithm = AES_CCM
7921  Key ID = 0
8022  TK = c9 7c 1f 67 ce 37 11 85  51 4a 8a 19 f2 bd d5 2f
8123  PN = 199027030681356  (0xB5039776E70C)
8224  802.11 Header =  08 48 c3 2c 0f d2 e1 28 a5 7c 50 30 f1 84 44 08
8325  	ab ae a5 b8 fc ba 80 33
8426  Muted 802.11 Header =  08 40 0f d2 e1 28 a5 7c 50 30 f1 84 44 08
8527  	ab ae a5 b8 fc ba 00 00
8628  CCMP Header =  0c e7 00 20 76 97 03 b5
8729  CCM Nonce = 00 50 30 f1 84 44 08 b5  03 97 76 e7 0c
8830 Plaintext Data = f8 ba 1a 55 d0 2f 85 ae 96 7b b6 2f b6 cd a8 eb
891	7e 78 a0 50
902  CCM MIC =  78 45 ce 0b 16 f9 76 23
913  -- Encrypted MPDU with FCS
924  08 48 c3 2c 0f d2 e1 28 a5 7c 50 30 f1 84 44 08 ab ae a5 b8 fc ba
935  80 33 0c e7 00 20 76 97 03 b5 f3 d0 a2 fe 9a 3d bf 23 42 a6 43 e4
946  32 46 e8 0c 3c 04 d0 19 78 45 ce 0b 16 f9 76 23 1d 99 f0 66
95*/
96static const u_int8_t test1_key[] = {		/* TK */
97	0xc9, 0x7c, 0x1f, 0x67, 0xce, 0x37, 0x11, 0x85,  0x51, 0x4a, 0x8a,
98	0x19, 0xf2, 0xbd, 0xd5, 0x2f
99};
100static const u_int8_t test1_plaintext[] = {	/* Plaintext MPDU w/o MIC */
101	0x08, 0x48, 0xc3, 0x2c, 0x0f, 0xd2, 0xe1, 0x28,	/* 802.11 Header */
102	0xa5, 0x7c, 0x50, 0x30, 0xf1, 0x84, 0x44, 0x08,
103	0xab, 0xae, 0xa5, 0xb8, 0xfc, 0xba, 0x80, 0x33,
104	0xf8, 0xba, 0x1a, 0x55, 0xd0, 0x2f, 0x85, 0xae,	/* Plaintext Data */
105	0x96, 0x7b, 0xb6, 0x2f, 0xb6, 0xcd, 0xa8, 0xeb,
106	0x7e, 0x78, 0xa0, 0x50,
107};
108static const u_int8_t test1_encrypted[] = {	/* Encrypted MPDU with MIC */
109	0x08, 0x48, 0xc3, 0x2c, 0x0f, 0xd2, 0xe1, 0x28,
110	0xa5, 0x7c, 0x50, 0x30, 0xf1, 0x84, 0x44, 0x08,
111	0xab, 0xae, 0xa5, 0xb8, 0xfc, 0xba, 0x80, 0x33,
112	0x0c, 0xe7, 0x00, 0x20, 0x76, 0x97, 0x03, 0xb5,
113	0xf3, 0xd0, 0xa2, 0xfe, 0x9a, 0x3d, 0xbf, 0x23,
114	0x42, 0xa6, 0x43, 0xe4, 0x32, 0x46, 0xe8, 0x0c,
115	0x3c, 0x04, 0xd0, 0x19, 0x78, 0x45, 0xce, 0x0b,
116	0x16, 0xf9, 0x76, 0x23,
117};
118
119/*
120==== CCMP test mpdu   2 ====
121
122-- MPDU Fields
123
124 9  Version  = 0
12510  Type     = 2   SubType  = 3  Data+CF-Ack+CF-Poll
12611  ToDS     = 0   FromDS   = 0
12712  MoreFrag = 0   Retry    = 0
12813  PwrMgt   = 0   moreData = 0
12914  Encrypt  = 1
13015  Order    = 1
13116  Duration = 20842
13217  A1 = ea-10-0c-84-68-50    DA
13318  A2 = ee-c1-76-2c-88-de    SA
13419  A3 = af-2e-e9-f4-6a-07    BSSID
13520  SC = 0xCCE0
13621  seqNum = 3278 (0x0CCE)  fraqNum = 0 (0x00)
13722  Algorithm = AES_CCM
13823  Key ID = 2
13924  TK = 8f 7a 05 3f a5 77 a5 59  75 29 27 20 97 a6 03 d5
14025  PN = 54923164817386  (0x31F3CBBA97EA)
14126  802.11 Header =  38 c0 6a 51 ea 10 0c 84 68 50 ee c1 76 2c 88 de
14227  	af 2e e9 f4 6a 07 e0 cc
14328  Muted 802.11 Header =  08 c0 ea 10 0c 84 68 50 ee c1 76 2c 88 de
14429  	af 2e e9 f4 6a 07 00 00
14530  CCMP Header =  ea 97 00 a0 ba cb f3 31
14631  CCM Nonce = 00 ee c1 76 2c 88 de 31  f3 cb ba 97 ea
14732  Plaintext Data = 83 a0 63 4b 5e d7 62 7e b9 df 22 5e 05 74 03 42
14833  	de 19 41 17
14934  CCM MIC =  54 2f bf 8d a0 6a a4 ae
15035  -- Encrypted MPDU with FCS
15136  38 c0 6a 51 ea 10 0c 84 68 50 ee c1 76 2c 88 de af 2e e9 f4 6a 07
15237  e0 cc ea 97 00 a0 ba cb f3 31 81 4b 69 65 d0 5b f2 b2 ed 38 d4 be
15338  b0 69 fe 82 71 4a 61 0b 54 2f bf 8d a0 6a a4 ae 25 3c 47 38
154*/
155static const u_int8_t test2_key[] = {		/* TK */
156	0x8f, 0x7a, 0x05, 0x3f, 0xa5, 0x77, 0xa5, 0x59,  0x75, 0x29, 0x27,
157	0x20, 0x97, 0xa6, 0x03, 0xd5
158};
159static const u_int8_t test2_plaintext[] = {	/* Plaintext MPDU w/o MIC */
160	0x38, 0xc0, 0x6a, 0x51, 0xea, 0x10, 0x0c, 0x84, 0x68, 0x50, 0xee,
161	0xc1, 0x76, 0x2c, 0x88, 0xde, 0xaf, 0x2e, 0xe9, 0xf4, 0x6a, 0x07,
162	0xe0, 0xcc,
163	0x83, 0xa0, 0x63, 0x4b, 0x5e, 0xd7, 0x62, 0x7e, 0xb9, 0xdf, 0x22,
164	0x5e, 0x05, 0x74, 0x03, 0x42, 0xde, 0x19, 0x41, 0x17
165};
166static const u_int8_t test2_encrypted[] = {	/* Encrypted MPDU with MIC */
167	0x38, 0xc0, 0x6a, 0x51, 0xea, 0x10, 0x0c, 0x84, 0x68, 0x50, 0xee,
168	0xc1, 0x76, 0x2c, 0x88, 0xde, 0xaf, 0x2e, 0xe9, 0xf4, 0x6a, 0x07,
169	0xe0, 0xcc, 0xea, 0x97, 0x00, 0xa0, 0xba, 0xcb, 0xf3, 0x31, 0x81,
170	0x4b, 0x69, 0x65, 0xd0, 0x5b, 0xf2, 0xb2, 0xed, 0x38, 0xd4, 0xbe,
171	0xb0, 0x69, 0xfe, 0x82, 0x71, 0x4a, 0x61, 0x0b, 0x54, 0x2f, 0xbf,
172	0x8d, 0xa0, 0x6a, 0xa4, 0xae,
173};
174
175/*
176==== CCMP test mpdu   3 ====
177
178-- MPDU Fields
179
18041  Version  = 0
18142  Type     = 2   SubType  = 11
18243  ToDS     = 0   FromDS   = 0
18344  MoreFrag = 0   Retry    = 1
18445  PwrMgt   = 0   moreData = 0
18546  Encrypt  = 1
18647  Order    = 1
18748  Duration = 25052
18849  A1 = d9-57-7d-f7-63-c8    DA
18950 A2 = b6-a8-8a-df-36-91    SA
1901  A3 = dc-4a-8b-ca-94-dd    BSSID
1912  SC = 0x8260
1923  seqNum = 2086 (0x0826)  fraqNum = 0 (0x00)
1934  QC = 0x0000
1945  MSDU Priority = 0 (0x0)
1956  Algorithm = AES_CCM
1967  Key ID = 2
1978  TK = 40 cf b7 a6 2e 88 01 3b  d6 d3 af fc c1 91 04 1e
1989  PN = 52624639632814  (0x2FDCA0F3A5AE)
19910  802.11 Header =  b8 c8 dc 61 d9 57 7d f7 63 c8 b6 a8 8a df 36 91
20011  	dc 4a 8b ca 94 dd 60 82 20 85
20112  Muted 802.11 Header =  88 c0 d9 57 7d f7 63 c8 b6 a8 8a df 36 91
20213  	dc 4a 8b ca 94 dd 00 00 00 00
20314  CCMP Header =  ae a5 00 a0 f3 a0 dc 2f
20415  CCM Nonce = 00 b6 a8 8a df 36 91 2f dc a0 f3 a5 ae
20516  Plaintext Data  = 2c 1b d0 36 83 1c 95 49 6c 5f 4d bf 3d 55 9e 72
20617  	de 80 2a 18
20718  CCM MIC =  fd 1f 1f 61 a9 fb 4b b3
20819  -- Encrypted MPDU with FCS
20920  b8 c8 dc 61 d9 57 7d f7 63 c8 b6 a8 8a df 36 91 dc 4a 8b ca 94 dd
21021  60 82 20 85 ae a5 00 a0 f3 a0 dc 2f 89 d8 58 03 40 b6 26 a0 b6 d4
21122  d0 13 bf 18 f2 91 b8 96 46 c8 fd 1f 1f 61 a9 fb 4b b3 60 3f 5a ad
212*/
213static const u_int8_t test3_key[] = {		/* TK */
214	0x40, 0xcf, 0xb7, 0xa6, 0x2e, 0x88, 0x01, 0x3b,  0xd6, 0xd3,
215	0xaf, 0xfc, 0xc1, 0x91, 0x04, 0x1e
216};
217static const u_int8_t test3_plaintext[] = {	/* Plaintext MPDU w/o MIC */
218	0xb8, 0xc8, 0xdc, 0x61, 0xd9, 0x57, 0x7d, 0xf7, 0x63, 0xc8,
219	0xb6, 0xa8, 0x8a, 0xdf, 0x36, 0x91, 0xdc, 0x4a, 0x8b, 0xca,
220	0x94, 0xdd, 0x60, 0x82, 0x20, 0x85,
221	0x2c, 0x1b, 0xd0, 0x36, 0x83, 0x1c, 0x95, 0x49, 0x6c, 0x5f,
222	0x4d, 0xbf, 0x3d, 0x55, 0x9e, 0x72, 0xde, 0x80, 0x2a, 0x18
223};
224static const u_int8_t test3_encrypted[] = {	/* Encrypted MPDU with MIC */
225	0xb8, 0xc8, 0xdc, 0x61, 0xd9, 0x57, 0x7d, 0xf7, 0x63, 0xc8,
226	0xb6, 0xa8, 0x8a, 0xdf, 0x36, 0x91, 0xdc, 0x4a, 0x8b, 0xca,
227	0x94, 0xdd, 0x60, 0x82, 0x20, 0x85, 0xae, 0xa5, 0x00, 0xa0,
228	0xf3, 0xa0, 0xdc, 0x2f, 0x89, 0xd8, 0x58, 0x03, 0x40, 0xb6,
229	0x26, 0xa0, 0xb6, 0xd4, 0xd0, 0x13, 0xbf, 0x18, 0xf2, 0x91,
230	0xb8, 0x96, 0x46, 0xc8, 0xfd, 0x1f, 0x1f, 0x61, 0xa9, 0xfb,
231	0x4b, 0xb3,
232};
233
234/*
235==== CCMP test mpdu  4 ====
236
237-- MPDU Fields
23825  Version  = 0
23926  Type     = 2   SubType  = 10
24027  ToDS     = 0   FromDS   = 1
24128  MoreFrag = 0   Retry    = 1
24229  PwrMgt   = 0   moreData = 0
24330  Encrypt  = 1
24431  Order    = 1
24532  Duration = 4410
24633  A1 = 71-2a-9d-df-11-db    DA
24734  A2 = 8e-f8-22-73-47-01    BSSID
24835  A3 = 59-14-0d-d6-46-a2    SA
24936  SC = 0x2FC0
25037  seqNum = 764 (0x02FC)  fraqNum = 0 (0x00)
25138  QC = 0x0007
25239  MSDU Priority = 7 (0x0)
25340  Algorithm = AES_CCM
25441  Key ID = 0
25542  TK = 8c 89 a2 eb c9 6c 76 02  70 7f cf 24 b3 2d 38 33
25643  PN = 270963670912995  (0xF670A55A0FE3)
25744  802.11 Header =  a8 ca 3a 11 71 2a 9d df 11 db 8e f8 22 73 47 01
25845  	59 14 0d d6 46 a2 c0 2f 67 a5
25946  Muted 802.11 Header =  88 c2 71 2a 9d df 11 db 8e f8 22 73 47 01
26047  	59 14 0d d6 46 a2 00 00 07 00
26148  CCMP Header =  e3 0f 00 20 5a a5 70 f6
26249  CCM Nonce = 07 8e f8 22 73 47 01 f6  70 a5 5a 0f e3
26350  Plaintext Data = 4f ad 2b 1c 29 0f a5 eb d8 72 fb c3 f3 a0 74 89
26451  	8f 8b 2f bb
26552  CCM MIC =  31 fc 88 00 4f 35 ee 3d
266-- Encrypted MPDU with FCS
2672  a8 ca 3a 11 71 2a 9d df 11 db 8e f8 22 73 47 01 59 14 0d d6 46 a2
2683  c0 2f 67 a5 e3 0f 00 20 5a a5 70 f6 9d 59 b1 5f 37 14 48 c2 30 f4
2694  d7 39 05 2e 13 ab 3b 1a 7b 10 31 fc 88 00 4f 35 ee 3d 45 a7 4a 30
270*/
271static const u_int8_t test4_key[] = {		/* TK */
272	0x8c, 0x89, 0xa2, 0xeb, 0xc9, 0x6c, 0x76, 0x02,
273	0x70, 0x7f, 0xcf, 0x24, 0xb3, 0x2d, 0x38, 0x33,
274};
275static const u_int8_t test4_plaintext[] = {	/* Plaintext MPDU w/o MIC */
276	0xa8, 0xca, 0x3a, 0x11, 0x71, 0x2a, 0x9d, 0xdf, 0x11, 0xdb,
277	0x8e, 0xf8, 0x22, 0x73, 0x47, 0x01, 0x59, 0x14, 0x0d, 0xd6,
278	0x46, 0xa2, 0xc0, 0x2f, 0x67, 0xa5,
279	0x4f, 0xad, 0x2b, 0x1c, 0x29, 0x0f, 0xa5, 0xeb, 0xd8, 0x72,
280	0xfb, 0xc3, 0xf3, 0xa0, 0x74, 0x89, 0x8f, 0x8b, 0x2f, 0xbb,
281};
282static const u_int8_t test4_encrypted[] = {	/* Encrypted MPDU with MIC */
283	0xa8, 0xca, 0x3a, 0x11, 0x71, 0x2a, 0x9d, 0xdf, 0x11, 0xdb,
284	0x8e, 0xf8, 0x22, 0x73, 0x47, 0x01, 0x59, 0x14, 0x0d, 0xd6,
285	0x46, 0xa2, 0xc0, 0x2f, 0x67, 0xa5, 0xe3, 0x0f, 0x00, 0x20,
286	0x5a, 0xa5, 0x70, 0xf6, 0x9d, 0x59, 0xb1, 0x5f, 0x37, 0x14,
287	0x48, 0xc2, 0x30, 0xf4, 0xd7, 0x39, 0x05, 0x2e, 0x13, 0xab,
288	0x3b, 0x1a, 0x7b, 0x10, 0x31, 0xfc, 0x88, 0x00, 0x4f, 0x35,
289	0xee, 0x3d,
290};
291
292/*
293==== CCMP test mpdu   5 ====
294
295-- MPDU Fields
296
2977  Version  = 0
2988  Type     = 2   SubType  = 8
2999  ToDS     = 0   FromDS   = 1
30010  MoreFrag = 0   Retry    = 1
30111  PwrMgt   = 1   moreData = 0
30212  Encrypt  = 1
30313  Order    = 1
30414  Duration = 16664
30515  A1 = 45-de-c6-9a-74-80    DA
30616  A2 = f3-51-94-6b-c9-6b    BSSID
30717  A3 = e2-76-fb-e6-c1-27    SA
30818  SC = 0xF280
30919  seqNum = 3880 (0x0F28)  fraqNum = 0 (0x00)
31020  QC = 0x000b
31121  MSDU Priority = 0 (0x0)
31222  Algorithm = AES_CCM
31323  Key ID = 2
31424  TK = a5 74 d5 14 3b b2 5e fd  de ff 30 12 2f df d0 66
31525  PN = 184717420531255  (0xA7FFE03C0E37)
31626  802.11 Header =  88 da 18 41 45 de c6 9a 74 80 f3 51 94 6b c9 6b
31727  	e2 76 fb e6 c1 27 80 f2 4b 19
31828  Muted 802.11 Header =  88 c2 45 de c6 9a 74 80 f3 51 94 6b c9 6b
31929  	e2 76 fb e6 c1 27 00 00 0b 00
32030  CCMP Header =  37 0e 00 a0 3c e0 ff a7
32131  CCM Nonce = 0b f3 51 94 6b c9 6b a7 ff e0 3c 0e 37
32232  Plaintext Data = 28 96 9b 95 4f 26 3a 80 18 a9 ef 70 a8 b0 51 46
32333  	24 81 92 2e
32434  CCM MIC =  ce 0c 3b e1 97 d3 05 eb
32535  -- Encrypted MPDU with FCS
32636  88 da 18 41 45 de c6 9a 74 80 f3 51 94 6b c9 6b e2 76 fb e6 c1 27
32737  80 f2 4b 19 37 0e 00 a0 3c e0 ff a7 eb 4a e4 95 6a 80 1d a9 62 4b
32838  7e 0c 18 b2 3e 61 5e c0 3a f6 ce 0c 3b e1 97 d3 05 eb c8 9e a1 b5
329*/
330static const u_int8_t test5_key[] = {		/* TK */
331	0xa5, 0x74, 0xd5, 0x14, 0x3b, 0xb2, 0x5e, 0xfd,
332	0xde, 0xff, 0x30, 0x12, 0x2f, 0xdf, 0xd0, 0x66,
333};
334static const u_int8_t test5_plaintext[] = {	/* Plaintext MPDU w/o MIC */
335	0x88, 0xda, 0x18, 0x41, 0x45, 0xde, 0xc6, 0x9a, 0x74, 0x80,
336	0xf3, 0x51, 0x94, 0x6b, 0xc9, 0x6b, 0xe2, 0x76, 0xfb, 0xe6,
337	0xc1, 0x27, 0x80, 0xf2, 0x4b, 0x19,
338	0x28, 0x96, 0x9b, 0x95, 0x4f, 0x26, 0x3a, 0x80, 0x18, 0xa9,
339	0xef, 0x70, 0xa8, 0xb0, 0x51, 0x46, 0x24, 0x81, 0x92, 0x2e,
340};
341static const u_int8_t test5_encrypted[] = {	/* Encrypted MPDU with MIC */
342	0x88, 0xda, 0x18, 0x41, 0x45, 0xde, 0xc6, 0x9a, 0x74, 0x80,
343	0xf3, 0x51, 0x94, 0x6b, 0xc9, 0x6b, 0xe2, 0x76, 0xfb, 0xe6,
344	0xc1, 0x27, 0x80, 0xf2, 0x4b, 0x19, 0x37, 0x0e, 0x00, 0xa0,
345	0x3c, 0xe0, 0xff, 0xa7, 0xeb, 0x4a, 0xe4, 0x95, 0x6a, 0x80,
346	0x1d, 0xa9, 0x62, 0x4b, 0x7e, 0x0c, 0x18, 0xb2, 0x3e, 0x61,
347	0x5e, 0xc0, 0x3a, 0xf6, 0xce, 0x0c, 0x3b, 0xe1, 0x97, 0xd3,
348	0x05, 0xeb,
349};
350
351/*
352==== CCMP test mpdu   6 ====
353
354-- MPDU Fields
355
35641  Version  = 0
35742  Type     = 2   SubType  = 8
35843  ToDS     = 0   FromDS   = 1
35944  MoreFrag = 0   Retry    = 0
36045  PwrMgt   = 1   moreData = 0
36146  Encrypt  = 1
36247  Order    = 0
36348  Duration = 8161
36449  A1 = 5a-f2-84-30-fd-ab    DA
36550  A2 = bf-f9-43-b9-f9-a6    BSSID
3661   A3 = ab-1d-98-c7-fe-73    SA
3672  SC = 0x7150
3683  seqNum = 1813 (0x0715)  fraqNum = 0 (0x00)
3694  QC = 0x000d
3705  PSDU Priority = 13 (0xd)
3716  Algorithm = AES_CCM
3727  Key ID = 1
3738  TK = f7 1e ea 4e 1f 58 80 4b 97 17 23 0a d0 61 46 41
3749  PN    = 118205765159305  (0x6B81ECA48989)
37510  802.11 Header =  88 52 e1 1f 5a f2 84 30 fd ab bf f9 43 b9 f9 a6
37611  	ab 1d 98 c7 fe 73 50 71  3d 6a
37712  Muted 802.11 Header =  88 42 5a f2 84 30 fd ab bf f9 43 b9 f9 a6
37813  	ab 1d 98 c7 fe 73 00 00 0d 00
37914  CCMP Header =  89 89 00 60 a4 ec 81 6b
38015  CCM Nonce = 0d bf f9 43 b9 f9 a6 6b  81 ec a4 89 89
38116  Plaintext Data = ab fd a2 2d 3a 0b fc 9c c1 fc 07 93 63 c2 fc a1
38217  	43 e6 eb 1d
38318  CCM MIC =  30 9a 8d 5c 46 6b bb 71
38419  -- Encrypted MPDU with FCS
38520  88 52 e1 1f 5a f2 84 30 fd ab bf f9 43 b9 f9 a6 ab 1d 98 c7 fe 73
38621  50 71 3d 6a 89 89 00 60 a4 ec 81 6b 9a 70 9b 60 a3 9d 40 b1 df b6
38722  12 e1 8b 5f 11 4b ad b6 cc 86 30 9a 8d 5c 46 6b bb 71 86 c0 4e 97
388*/
389static const u_int8_t test6_key[] = {		/* TK */
390	0xf7, 0x1e, 0xea, 0x4e, 0x1f, 0x58, 0x80, 0x4b,
391	0x97, 0x17, 0x23, 0x0a, 0xd0, 0x61, 0x46, 0x41,
392};
393static const u_int8_t test6_plaintext[] = {	/* Plaintext MPDU w/o MIC */
394	0x88, 0x52, 0xe1, 0x1f, 0x5a, 0xf2, 0x84, 0x30, 0xfd, 0xab,
395	0xbf, 0xf9, 0x43, 0xb9, 0xf9, 0xa6, 0xab, 0x1d, 0x98, 0xc7,
396	0xfe, 0x73, 0x50, 0x71, 0x3d, 0x6a,
397	0xab, 0xfd, 0xa2, 0x2d, 0x3a, 0x0b, 0xfc, 0x9c, 0xc1, 0xfc,
398	0x07, 0x93, 0x63, 0xc2, 0xfc, 0xa1, 0x43, 0xe6, 0xeb, 0x1d,
399};
400static const u_int8_t test6_encrypted[] = {	/* Encrypted MPDU with MIC */
401	0x88, 0x52, 0xe1, 0x1f, 0x5a, 0xf2, 0x84, 0x30, 0xfd, 0xab,
402	0xbf, 0xf9, 0x43, 0xb9, 0xf9, 0xa6, 0xab, 0x1d, 0x98, 0xc7,
403	0xfe, 0x73, 0x50, 0x71, 0x3d, 0x6a, 0x89, 0x89, 0x00, 0x60,
404	0xa4, 0xec, 0x81, 0x6b, 0x9a, 0x70, 0x9b, 0x60, 0xa3, 0x9d,
405	0x40, 0xb1, 0xdf, 0xb6, 0x12, 0xe1, 0x8b, 0x5f, 0x11, 0x4b,
406	0xad, 0xb6, 0xcc, 0x86, 0x30, 0x9a, 0x8d, 0x5c, 0x46, 0x6b,
407	0xbb, 0x71,
408};
409
410/*
411==== CCMP test mpdu   7 ====
412
413-- MPDU Fields
414
41525  Version  = 0
41626  Type     = 2   SubType  = 1  Data+CF-Ack
41727  ToDS     = 1   FromDS   = 0
41828  MoreFrag = 0   Retry    = 1
41929  PwrMgt   = 1   moreData = 1
42030  Encrypt  = 1
42131  Order    = 0
42232  Duration = 18049
42333  A1 = 9b-50-f4-fd-56-f6    BSSID
42434  A2 = ef-ec-95-20-16-91    SA
42535  A3 = 83-57-0c-4c-cd-ee    DA
42636  SC = 0xA020
42737  seqNum = 2562 (0x0A02)  fraqNum = 0 (0x00)
42838  Algorithm = AES_CCM
42939  Key ID = 3
43040  TK = 1b db 34 98 0e 03 81 24 a1 db 1a 89 2b ec 36 6a
43141  PN = 104368786630435  (0x5EEC4073E723)
43242  Header =  18 79 81 46 9b 50 f4 fd 56 f6 ef ec 95 20 16 91 83 57
43343  	0c 4c cd ee 20 a0
43444  Muted MAC Header =  08 41 9b 50 f4 fd 56 f6 ef ec 95 20 16 91
43545  	83 57 0c 4c cd ee 00 00
43646  CCMP Header =  23 e7 00 e0 73 40 ec 5e
43747  CCM Nonce = 00 ef ec 95 20 16 91 5e ec 40 73 e7 23
43848  Plaintext Data = 98 be ca 86 f4 b3 8d a2 0c fd f2 47 24 c5 8e b8
43949  	35 66 53 39
44050  CCM MIC =  2d 09 57 ec fa be 95 b9
441-- Encrypted MPDU with FCS
4421  18 79 81 46 9b 50 f4 fd 56 f6 ef ec 95 20 16 91 83 57 0c 4c cd ee
4432  20 a0 23 e7 00 e0 73 40 ec 5e 12 c5 37 eb f3 ab 58 4e f1 fe f9 a1
4443  f3 54 7a 8c 13 b3 22 5a 2d 09 57 ec fa be 95 b9 aa fa 0c c8
445*/
446static const u_int8_t test7_key[] = {		/* TK */
447	0x1b, 0xdb, 0x34, 0x98, 0x0e, 0x03, 0x81, 0x24,
448	0xa1, 0xdb, 0x1a, 0x89, 0x2b, 0xec, 0x36, 0x6a,
449};
450static const u_int8_t test7_plaintext[] = {	/* Plaintext MPDU w/o MIC */
451	0x18, 0x79, 0x81, 0x46, 0x9b, 0x50, 0xf4, 0xfd, 0x56, 0xf6,
452	0xef, 0xec, 0x95, 0x20, 0x16, 0x91, 0x83, 0x57, 0x0c, 0x4c,
453	0xcd, 0xee, 0x20, 0xa0,
454	0x98, 0xbe, 0xca, 0x86, 0xf4, 0xb3, 0x8d, 0xa2, 0x0c, 0xfd,
455	0xf2, 0x47, 0x24, 0xc5, 0x8e, 0xb8, 0x35, 0x66, 0x53, 0x39,
456};
457static const u_int8_t test7_encrypted[] = {	/* Encrypted MPDU with MIC */
458	0x18, 0x79, 0x81, 0x46, 0x9b, 0x50, 0xf4, 0xfd, 0x56, 0xf6,
459	0xef, 0xec, 0x95, 0x20, 0x16, 0x91, 0x83, 0x57, 0x0c, 0x4c,
460	0xcd, 0xee, 0x20, 0xa0, 0x23, 0xe7, 0x00, 0xe0, 0x73, 0x40,
461	0xec, 0x5e, 0x12, 0xc5, 0x37, 0xeb, 0xf3, 0xab, 0x58, 0x4e,
462	0xf1, 0xfe, 0xf9, 0xa1, 0xf3, 0x54, 0x7a, 0x8c, 0x13, 0xb3,
463	0x22, 0x5a, 0x2d, 0x09, 0x57, 0xec, 0xfa, 0xbe, 0x95, 0xb9,
464};
465
466/*
467==== CCMP test mpdu   8 ====
468
469-- MPDU Fields
470
4716  Version  = 0
4727  Type     = 2   SubType  = 11
4738  ToDS     = 1   FromDS   = 0
4749  MoreFrag = 0   Retry    = 1
47510  PwrMgt   = 1   moreData = 0
47611  Encrypt  = 1
47712  Order    = 1
47813  Duration = 29260
47914  A1 = 55-2d-5f-72-bb-70    BSSID
48015  A2 = ca-3f-3a-ae-60-c4    SA
48116  A3 = 8b-a9-b5-f8-2c-2f    DA
48217  SC = 0xEB50
48318  seqNum = 3765 (0x0EB5)  fraqNum = 0 (0x00)
48419  QC = 0x000a
48520  MSDU Priority = 10 (0xa)
48621  Algorithm = AES_CCM
48722  Key ID = 2
48823  TK = 6e ac 1b f5 4b d5 4e db 23 21 75 43 03 02 4c 71
48924  PN    = 227588596223197  (0xCEFD996ECCDD)
49025  802.11 Header =  b8 d9 4c 72 55 2d 5f 72 bb 70 ca 3f 3a ae 60 c4
49126  	8b a9 b5 f8 2c 2f 50 eb 2a 55
49227  Muted 802.11 Header =  88 c1 55 2d 5f 72 bb 70 ca 3f 3a ae 60 c4
49328  	8b a9 b5 f8 2c 2f 00 00 0a 00
49429  CCMP Header =  dd cc 00 a0 6e 99 fd ce
49530  CCM Nonce = 0a ca 3f 3a ae 60 c4 ce fd 99 6e cc dd
49631  Plaintext Data = 57 cb 5c 0e 5f cd 88 5e 9a 42 39 e9 b9 ca d6 0d
49732  	64 37 59 79
49833  CCM MIC =  6d ba 8e f7 f0 80 87 dd
499-- Encrypted MPDU with FCS
50035  b8 d9 4c 72 55 2d 5f 72 bb 70 ca 3f 3a ae 60 c4 8b a9 b5 f8 2c 2f
50136  50 eb 2a 55 dd cc 00 a0 6e 99 fd ce 4b f2 81 ef 8e c7 73 9f 91 59
50237  1b 97 a8 7d c1 4b 3f a1 74 62 6d ba 8e f7 f0 80 87 dd 0c 65 74 3f
503*/
504static const u_int8_t test8_key[] = {		/* TK */
505	0x6e, 0xac, 0x1b, 0xf5, 0x4b, 0xd5, 0x4e, 0xdb,
506	0x23, 0x21, 0x75, 0x43, 0x03, 0x02, 0x4c, 0x71,
507};
508static const u_int8_t test8_plaintext[] = {	/* Plaintext MPDU w/o MIC */
509	0xb8, 0xd9, 0x4c, 0x72, 0x55, 0x2d, 0x5f, 0x72, 0xbb, 0x70,
510	0xca, 0x3f, 0x3a, 0xae, 0x60, 0xc4, 0x8b, 0xa9, 0xb5, 0xf8,
511	0x2c, 0x2f, 0x50, 0xeb, 0x2a, 0x55,
512	0x57, 0xcb, 0x5c, 0x0e, 0x5f, 0xcd, 0x88, 0x5e, 0x9a, 0x42,
513	0x39, 0xe9, 0xb9, 0xca, 0xd6, 0x0d, 0x64, 0x37, 0x59, 0x79,
514};
515static const u_int8_t test8_encrypted[] = {	/* Encrypted MPDU with MIC */
516	0xb8, 0xd9, 0x4c, 0x72, 0x55, 0x2d, 0x5f, 0x72, 0xbb, 0x70,
517	0xca, 0x3f, 0x3a, 0xae, 0x60, 0xc4, 0x8b, 0xa9, 0xb5, 0xf8,
518	0x2c, 0x2f, 0x50, 0xeb, 0x2a, 0x55, 0xdd, 0xcc, 0x00, 0xa0,
519	0x6e, 0x99, 0xfd, 0xce, 0x4b, 0xf2, 0x81, 0xef, 0x8e, 0xc7,
520	0x73, 0x9f, 0x91, 0x59, 0x1b, 0x97, 0xa8, 0x7d, 0xc1, 0x4b,
521	0x3f, 0xa1, 0x74, 0x62, 0x6d, 0xba, 0x8e, 0xf7, 0xf0, 0x80,
522	0x87, 0xdd,
523};
524
525#define	TEST(n,name,cipher,keyix,pn) { \
526	name, IEEE80211_CIPHER_##cipher,keyix, pn##LL, \
527	test##n##_key,   sizeof(test##n##_key), \
528	test##n##_plaintext, sizeof(test##n##_plaintext), \
529	test##n##_encrypted, sizeof(test##n##_encrypted) \
530}
531
532struct ciphertest {
533	const char	*name;
534	int		cipher;
535	int		keyix;
536	u_int64_t	pn;
537	const u_int8_t	*key;
538	size_t		key_len;
539	const u_int8_t	*plaintext;
540	size_t		plaintext_len;
541	const u_int8_t	*encrypted;
542	size_t		encrypted_len;
543} ccmptests[] = {
544	TEST(1, "CCMP test mpdu 1", AES_CCM, 0, 199027030681356),
545	TEST(2, "CCMP test mpdu 2", AES_CCM, 2, 54923164817386),
546	TEST(3, "CCMP test mpdu 3", AES_CCM, 2, 52624639632814),
547	TEST(4, "CCMP test mpdu 4", AES_CCM, 0, 270963670912995),
548	TEST(5, "CCMP test mpdu 5", AES_CCM, 2, 184717420531255),
549	TEST(6, "CCMP test mpdu 6", AES_CCM, 1, 118205765159305),
550	TEST(7, "CCMP test mpdu 7", AES_CCM, 3, 104368786630435),
551	TEST(8, "CCMP test mpdu 8", AES_CCM, 2, 227588596223197),
552};
553
554static void
555dumpdata(const char *tag, const void *p, size_t len)
556{
557	int i;
558
559	printf("%s: 0x%p len %u", tag, p, len);
560	for (i = 0; i < len; i++) {
561		if ((i % 16) == 0)
562			printf("\n%03d:", i);
563		printf(" %02x", ((const u_int8_t *)p)[i]);
564	}
565	printf("\n");
566}
567
568static void
569cmpfail(const void *gen, size_t genlen, const void *ref, size_t reflen)
570{
571	int i;
572
573	for (i = 0; i < genlen; i++)
574		if (((const u_int8_t *)gen)[i] != ((const u_int8_t *)ref)[i]) {
575			printf("first difference at byte %u\n", i);
576			break;
577		}
578	dumpdata("Generated", gen, genlen);
579	dumpdata("Reference", ref, reflen);
580}
581
582static void
583printtest(const struct ciphertest *t)
584{
585	printf("keyix %u pn %llu key_len %u plaintext_len %u\n"
586		, t->keyix
587		, t->pn
588		, t->key_len
589		, t->plaintext_len
590	);
591}
592
593static int
594runtest(struct ieee80211com *ic, struct ciphertest *t)
595{
596	struct ieee80211_key key;
597	struct mbuf *m = NULL;
598	const struct ieee80211_cipher *cip;
599	u_int8_t mac[IEEE80211_ADDR_LEN];
600
601	printf("%s: ", t->name);
602
603	/*
604	 * Setup key.
605	 */
606	memset(&key, 0, sizeof(key));
607	key.wk_flags = IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV;
608	key.wk_cipher = &ieee80211_cipher_none;
609	if (!ieee80211_crypto_newkey(ic, t->cipher,
610	    IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV, &key)) {
611		printf("FAIL: ieee80211_crypto_newkey failed\n");
612		goto bad;
613	}
614
615	memcpy(key.wk_key, t->key, t->key_len);
616	key.wk_keylen = t->key_len;
617	key.wk_keyrsc = 0;
618	key.wk_keytsc = t->pn-1;	/* PN-1 since we do encap */
619	if (!ieee80211_crypto_setkey(ic, &key, mac)) {
620		printf("FAIL: ieee80211_crypto_setkey failed\n");
621		goto bad;
622	}
623
624	/*
625	 * Craft frame from plaintext data.
626	 */
627	cip = key.wk_cipher;
628	m = m_getcl(M_NOWAIT, MT_HEADER, M_PKTHDR);
629	m->m_data += cip->ic_header;
630	memcpy(mtod(m, void *), t->plaintext, t->plaintext_len);
631	m->m_len = t->plaintext_len;
632	m->m_pkthdr.len = m->m_len;
633
634	/*
635	 * Encrypt frame w/ MIC.
636	 */
637	if (!cip->ic_encap(&key, m, t->keyix<<6)) {
638		printtest(t);
639		printf("FAIL: ccmp encap failed\n");
640		goto bad;
641	}
642	/*
643	 * Verify: frame length, frame contents.
644	 */
645	if (m->m_pkthdr.len != t->encrypted_len) {
646		printf("FAIL: encap data length mismatch\n");
647		printtest(t);
648		cmpfail(mtod(m, const void *), m->m_pkthdr.len,
649			t->encrypted, t->encrypted_len);
650		goto bad;
651	} else if (memcmp(mtod(m, const void *), t->encrypted, t->encrypted_len)) {
652		printf("FAIL: encrypt data does not compare\n");
653		printtest(t);
654		cmpfail(mtod(m, const void *), m->m_pkthdr.len,
655			t->encrypted, t->encrypted_len);
656		dumpdata("Plaintext", t->plaintext, t->plaintext_len);
657		goto bad;
658	}
659
660	/*
661	 * Decrypt frame; strip MIC.
662	 */
663	if (!cip->ic_decap(&key, m)) {
664		printf("FAIL: ccmp decap failed\n");
665		printtest(t);
666		cmpfail(mtod(m, const void *), m->m_len,
667			t->plaintext, t->plaintext_len);
668		goto bad;
669	}
670	/*
671	 * Verify: frame length, frame contents.
672	 */
673	if (m->m_pkthdr.len != t->plaintext_len) {
674		printf("FAIL: decap botch; length mismatch\n");
675		printtest(t);
676		cmpfail(mtod(m, const void *), m->m_pkthdr.len,
677			t->plaintext, t->plaintext_len);
678		goto bad;
679	} else if (memcmp(mtod(m, const void *), t->plaintext, t->plaintext_len)) {
680		printf("FAIL: decap botch; data does not compare\n");
681		printtest(t);
682		cmpfail(mtod(m, const void *), m->m_pkthdr.len,
683			t->plaintext, t_plaintext_len);
684		goto bad;
685	}
686	m_freem(m);
687	ieee80211_crypto_delkey(ic, &key);
688	printf("PASS\n");
689	return 1;
690bad:
691	if (m != NULL)
692		m_freem(m);
693	ieee80211_crypto_delkey(ic, &key);
694	return 0;
695}
696
697/*
698 * Module glue.
699 */
700
701static	int tests = -1;
702static	int debug = 0;
703
704static int
705init_crypto_ccmp_test(void)
706{
707#define	N(a)	(sizeof(a)/sizeof(a[0]))
708	struct ieee80211com ic;
709	int i, pass, total;
710
711	memset(&ic, 0, sizeof(ic));
712	if (debug)
713		ic.ic_debug = IEEE80211_MSG_CRYPTO;
714	ieee80211_crypto_attach(&ic);
715
716	pass = 0;
717	total = 0;
718	for (i = 0; i < N(ccmptests); i++)
719		if (tests & (1<<i)) {
720			total++;
721			pass += runtest(&ic, &ccmptests[i]);
722		}
723	printf("%u of %u 802.11i AES-CCMP test vectors passed\n", pass, total);
724	ieee80211_crypto_detach(&ic);
725	return (pass == total ? 0 : -1);
726#undef N
727}
728
729static int
730test_ccmp_modevent(module_t mod, int type, void *unused)
731{
732	switch (type) {
733	case MOD_LOAD:
734		(void) init_crypto_ccmp_test();
735		return 0;
736	case MOD_UNLOAD:
737		return 0;
738	}
739	return EINVAL;
740}
741
742static moduledata_t test_ccmp_mod = {
743	"test_ccmp",
744	test_ccmp_modevent,
745	0
746};
747DECLARE_MODULE(test_ccmp, test_ccmp_mod, SI_SUB_DRIVERS, SI_ORDER_FIRST);
748MODULE_VERSION(test_ccmp, 1);
749MODULE_DEPEND(test_ccmp, wlan, 1, 1, 1);
750