1281681Srpaulo/* 2281681Srpaulo * crypto module tests 3281681Srpaulo * Copyright (c) 2014-2015, Jouni Malinen <j@w1.fi> 4281681Srpaulo * 5281681Srpaulo * This software may be distributed under the terms of the BSD license. 6281681Srpaulo * See README for more details. 7281681Srpaulo */ 8281681Srpaulo 9281681Srpaulo#include "utils/includes.h" 10281681Srpaulo 11281681Srpaulo#include "utils/common.h" 12337817Scy#include "utils/module_tests.h" 13281681Srpaulo#include "crypto/aes_siv.h" 14281681Srpaulo#include "crypto/aes_wrap.h" 15281681Srpaulo#include "crypto/aes.h" 16281681Srpaulo#include "crypto/ms_funcs.h" 17281681Srpaulo#include "crypto/crypto.h" 18281681Srpaulo#include "crypto/sha1.h" 19281681Srpaulo#include "crypto/sha256.h" 20346981Scy#include "crypto/sha384.h" 21281681Srpaulo 22281681Srpaulo 23281681Srpaulostatic int test_siv(void) 24281681Srpaulo{ 25281681Srpaulo#ifdef CONFIG_MESH 26281681Srpaulo /* RFC 5297, A.1. Deterministic Authenticated Encryption Example */ 27281681Srpaulo u8 key[] = { 28281681Srpaulo 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 29281681Srpaulo 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0, 30281681Srpaulo 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 31281681Srpaulo 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff 32281681Srpaulo }; 33281681Srpaulo u8 ad[] = { 34281681Srpaulo 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 35281681Srpaulo 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 36281681Srpaulo 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27 37281681Srpaulo }; 38281681Srpaulo u8 plaintext[] = { 39281681Srpaulo 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 40281681Srpaulo 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee 41281681Srpaulo }; 42281681Srpaulo u8 iv_c[] = { 43281681Srpaulo 0x85, 0x63, 0x2d, 0x07, 0xc6, 0xe8, 0xf3, 0x7f, 44281681Srpaulo 0x95, 0x0a, 0xcd, 0x32, 0x0a, 0x2e, 0xcc, 0x93, 45281681Srpaulo 0x40, 0xc0, 0x2b, 0x96, 0x90, 0xc4, 0xdc, 0x04, 46281681Srpaulo 0xda, 0xef, 0x7f, 0x6a, 0xfe, 0x5c 47281681Srpaulo }; 48281681Srpaulo /* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */ 49281681Srpaulo u8 key_2[] = { 50281681Srpaulo 0x7f, 0x7e, 0x7d, 0x7c, 0x7b, 0x7a, 0x79, 0x78, 51281681Srpaulo 0x77, 0x76, 0x75, 0x74, 0x73, 0x72, 0x71, 0x70, 52281681Srpaulo 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 53281681Srpaulo 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f 54281681Srpaulo }; 55281681Srpaulo u8 ad1_2[] = { 56281681Srpaulo 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 57281681Srpaulo 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 58281681Srpaulo 0xde, 0xad, 0xda, 0xda, 0xde, 0xad, 0xda, 0xda, 59281681Srpaulo 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88, 60281681Srpaulo 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00 61281681Srpaulo }; 62281681Srpaulo u8 ad2_2[] = { 63281681Srpaulo 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80, 64281681Srpaulo 0x90, 0xa0 65281681Srpaulo }; 66281681Srpaulo u8 nonce_2[] = { 67281681Srpaulo 0x09, 0xf9, 0x11, 0x02, 0x9d, 0x74, 0xe3, 0x5b, 68281681Srpaulo 0xd8, 0x41, 0x56, 0xc5, 0x63, 0x56, 0x88, 0xc0 69281681Srpaulo }; 70281681Srpaulo u8 plaintext_2[] = { 71281681Srpaulo 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 72281681Srpaulo 0x73, 0x6f, 0x6d, 0x65, 0x20, 0x70, 0x6c, 0x61, 73281681Srpaulo 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x20, 0x74, 74281681Srpaulo 0x6f, 0x20, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 75281681Srpaulo 0x74, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x20, 76281681Srpaulo 0x53, 0x49, 0x56, 0x2d, 0x41, 0x45, 0x53 77281681Srpaulo }; 78281681Srpaulo u8 iv_c_2[] = { 79281681Srpaulo 0x7b, 0xdb, 0x6e, 0x3b, 0x43, 0x26, 0x67, 0xeb, 80281681Srpaulo 0x06, 0xf4, 0xd1, 0x4b, 0xff, 0x2f, 0xbd, 0x0f, 81281681Srpaulo 0xcb, 0x90, 0x0f, 0x2f, 0xdd, 0xbe, 0x40, 0x43, 82281681Srpaulo 0x26, 0x60, 0x19, 0x65, 0xc8, 0x89, 0xbf, 0x17, 83281681Srpaulo 0xdb, 0xa7, 0x7c, 0xeb, 0x09, 0x4f, 0xa6, 0x63, 84281681Srpaulo 0xb7, 0xa3, 0xf7, 0x48, 0xba, 0x8a, 0xf8, 0x29, 85281681Srpaulo 0xea, 0x64, 0xad, 0x54, 0x4a, 0x27, 0x2e, 0x9c, 86281681Srpaulo 0x48, 0x5b, 0x62, 0xa3, 0xfd, 0x5c, 0x0d 87281681Srpaulo }; 88281681Srpaulo u8 out[2 * AES_BLOCK_SIZE + sizeof(plaintext_2)]; 89281681Srpaulo const u8 *addr[3]; 90281681Srpaulo size_t len[3]; 91281681Srpaulo 92281681Srpaulo /* RFC 5297, A.1. Deterministic Authenticated Encryption Example */ 93281681Srpaulo addr[0] = ad; 94281681Srpaulo len[0] = sizeof(ad); 95281681Srpaulo 96346981Scy if (aes_siv_encrypt(key, sizeof(key), plaintext, sizeof(plaintext), 97281681Srpaulo 1, addr, len, out)) { 98281681Srpaulo wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed"); 99281681Srpaulo return 1; 100281681Srpaulo } 101281681Srpaulo if (os_memcmp(out, iv_c, sizeof(iv_c)) != 0) { 102281681Srpaulo wpa_printf(MSG_ERROR, 103281681Srpaulo "AES-SIV mode encryption returned invalid cipher text"); 104281681Srpaulo return 1; 105281681Srpaulo } 106281681Srpaulo 107346981Scy if (aes_siv_decrypt(key, sizeof(key), iv_c, sizeof(iv_c), 108346981Scy 1, addr, len, out)) { 109281681Srpaulo wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed"); 110281681Srpaulo return 1; 111281681Srpaulo } 112281681Srpaulo if (os_memcmp(out, plaintext, sizeof(plaintext)) != 0) { 113281681Srpaulo wpa_printf(MSG_ERROR, 114281681Srpaulo "AES-SIV mode decryption returned invalid plain text"); 115281681Srpaulo return 1; 116281681Srpaulo } 117281681Srpaulo 118281681Srpaulo /* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */ 119281681Srpaulo addr[0] = ad1_2; 120281681Srpaulo len[0] = sizeof(ad1_2); 121281681Srpaulo addr[1] = ad2_2; 122281681Srpaulo len[1] = sizeof(ad2_2); 123281681Srpaulo addr[2] = nonce_2; 124281681Srpaulo len[2] = sizeof(nonce_2); 125281681Srpaulo 126346981Scy if (aes_siv_encrypt(key_2, sizeof(key_2), 127346981Scy plaintext_2, sizeof(plaintext_2), 128281681Srpaulo 3, addr, len, out)) { 129281681Srpaulo wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed"); 130281681Srpaulo return 1; 131281681Srpaulo } 132281681Srpaulo if (os_memcmp(out, iv_c_2, sizeof(iv_c_2)) != 0) { 133281681Srpaulo wpa_printf(MSG_ERROR, 134281681Srpaulo "AES-SIV mode encryption returned invalid cipher text"); 135281681Srpaulo return 1; 136281681Srpaulo } 137281681Srpaulo 138346981Scy if (aes_siv_decrypt(key_2, sizeof(key_2), iv_c_2, sizeof(iv_c_2), 139346981Scy 3, addr, len, out)) { 140281681Srpaulo wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed"); 141281681Srpaulo return 1; 142281681Srpaulo } 143281681Srpaulo if (os_memcmp(out, plaintext_2, sizeof(plaintext_2)) != 0) { 144281681Srpaulo wpa_printf(MSG_ERROR, 145281681Srpaulo "AES-SIV mode decryption returned invalid plain text"); 146281681Srpaulo return 1; 147281681Srpaulo } 148281681Srpaulo 149281681Srpaulo wpa_printf(MSG_INFO, "AES-SIV test cases passed"); 150281681Srpaulo#endif /* CONFIG_MESH */ 151281681Srpaulo 152281681Srpaulo return 0; 153281681Srpaulo} 154281681Srpaulo 155281681Srpaulo 156281681Srpaulo/* OMAC1 AES-128 test vectors from 157281681Srpaulo * http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/omac/omac-ad.pdf 158281681Srpaulo * which are same as the examples from NIST SP800-38B 159281681Srpaulo * http://csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf 160281681Srpaulo */ 161281681Srpaulo 162281681Srpaulostruct omac1_test_vector { 163281681Srpaulo u8 k[16]; 164281681Srpaulo u8 msg[64]; 165281681Srpaulo int msg_len; 166281681Srpaulo u8 tag[16]; 167281681Srpaulo}; 168281681Srpaulo 169289549Srpaulostatic const struct omac1_test_vector omac1_test_vectors[] = 170281681Srpaulo{ 171281681Srpaulo { 172281681Srpaulo { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 173281681Srpaulo 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 174281681Srpaulo { }, 175281681Srpaulo 0, 176281681Srpaulo { 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, 177281681Srpaulo 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 } 178281681Srpaulo }, 179281681Srpaulo { 180281681Srpaulo { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 181281681Srpaulo 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 182281681Srpaulo { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 183281681Srpaulo 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a}, 184281681Srpaulo 16, 185281681Srpaulo { 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, 186281681Srpaulo 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c } 187281681Srpaulo }, 188281681Srpaulo { 189281681Srpaulo { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 190281681Srpaulo 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 191281681Srpaulo { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 192281681Srpaulo 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 193281681Srpaulo 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 194281681Srpaulo 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 195281681Srpaulo 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11 }, 196281681Srpaulo 40, 197281681Srpaulo { 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, 198281681Srpaulo 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 } 199281681Srpaulo }, 200281681Srpaulo { 201281681Srpaulo { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 202281681Srpaulo 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, 203281681Srpaulo { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 204281681Srpaulo 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 205281681Srpaulo 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 206281681Srpaulo 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 207281681Srpaulo 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 208281681Srpaulo 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, 209281681Srpaulo 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 210281681Srpaulo 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }, 211281681Srpaulo 64, 212281681Srpaulo { 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, 213281681Srpaulo 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe } 214281681Srpaulo }, 215281681Srpaulo}; 216281681Srpaulo 217281681Srpaulo 218289549Srpaulostatic int test_omac1_vector(const struct omac1_test_vector *tv, 219289549Srpaulo unsigned int i) 220281681Srpaulo{ 221281681Srpaulo u8 key[] = { 222281681Srpaulo 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 223281681Srpaulo 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c 224281681Srpaulo }; 225281681Srpaulo u8 msg[] = { 0x12, 0x34, 0x56 }; 226281681Srpaulo u8 result[24], result2[24]; 227281681Srpaulo const u8 *addr[3]; 228281681Srpaulo size_t len[3]; 229281681Srpaulo 230281681Srpaulo if (omac1_aes_128(tv->k, tv->msg, tv->msg_len, result) || 231281681Srpaulo os_memcmp(result, tv->tag, 16) != 0) { 232281681Srpaulo wpa_printf(MSG_ERROR, "OMAC1-AES-128 test vector %u failed", i); 233281681Srpaulo return 1; 234281681Srpaulo } 235281681Srpaulo 236281681Srpaulo if (tv->msg_len > 1) { 237281681Srpaulo 238281681Srpaulo addr[0] = tv->msg; 239281681Srpaulo len[0] = 1; 240281681Srpaulo addr[1] = tv->msg + 1; 241281681Srpaulo len[1] = tv->msg_len - 1; 242281681Srpaulo 243281681Srpaulo if (omac1_aes_128_vector(tv->k, 2, addr, len, result) || 244281681Srpaulo os_memcmp(result, tv->tag, 16) != 0) { 245281681Srpaulo wpa_printf(MSG_ERROR, 246281681Srpaulo "OMAC1-AES-128(vector) test vector %u failed", 247281681Srpaulo i); 248281681Srpaulo return 1; 249281681Srpaulo } 250281681Srpaulo 251281681Srpaulo addr[0] = tv->msg; 252281681Srpaulo len[0] = tv->msg_len - 2; 253281681Srpaulo addr[1] = tv->msg + tv->msg_len - 2; 254281681Srpaulo len[1] = 1; 255281681Srpaulo addr[2] = tv->msg + tv->msg_len - 1; 256281681Srpaulo len[2] = 1; 257281681Srpaulo 258281681Srpaulo if (omac1_aes_128_vector(tv->k, 3, addr, len, result) || 259281681Srpaulo os_memcmp(result, tv->tag, 16) != 0) { 260281681Srpaulo wpa_printf(MSG_ERROR, 261281681Srpaulo "OMAC1-AES-128(vector2) test vector %u failed", 262281681Srpaulo i); 263281681Srpaulo return 1; 264281681Srpaulo } 265281681Srpaulo } 266281681Srpaulo 267281681Srpaulo addr[0] = &msg[0]; 268281681Srpaulo len[0] = 1; 269281681Srpaulo addr[1] = &msg[1]; 270281681Srpaulo len[1] = 1; 271281681Srpaulo addr[2] = &msg[2]; 272281681Srpaulo len[2] = 1; 273281681Srpaulo if (omac1_aes_128(key, msg, sizeof(msg), result) || 274281681Srpaulo omac1_aes_128_vector(key, 3, addr, len, result2) || 275281681Srpaulo os_memcmp(result, result2, 16) != 0) { 276281681Srpaulo wpa_printf(MSG_ERROR, "OMAC1-AES-128 short test mismatch"); 277281681Srpaulo return 1; 278281681Srpaulo } 279281681Srpaulo 280281681Srpaulo return 0; 281281681Srpaulo} 282281681Srpaulo 283281681Srpaulo 284281681Srpaulostatic int test_omac1(void) 285281681Srpaulo{ 286281681Srpaulo unsigned int i; 287281681Srpaulo 288281681Srpaulo for (i = 0; i < ARRAY_SIZE(omac1_test_vectors); i++) { 289281681Srpaulo if (test_omac1_vector(&omac1_test_vectors[i], i)) 290281681Srpaulo return 1; 291281681Srpaulo } 292281681Srpaulo 293281681Srpaulo wpa_printf(MSG_INFO, "OMAC1-AES-128 test cases passed"); 294281681Srpaulo 295281681Srpaulo return 0; 296281681Srpaulo} 297281681Srpaulo 298281681Srpaulo 299281681Srpaulostatic int test_eax(void) 300281681Srpaulo{ 301281681Srpaulo#ifdef EAP_PSK 302281681Srpaulo u8 msg[] = { 0xF7, 0xFB }; 303281681Srpaulo u8 key[] = { 0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B, 304281681Srpaulo 0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4 }; 305281681Srpaulo u8 nonce[] = { 0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84, 306281681Srpaulo 0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD }; 307281681Srpaulo u8 hdr[] = { 0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA }; 308281681Srpaulo u8 cipher[] = { 0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D, 309281681Srpaulo 0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79, 310281681Srpaulo 0x67, 0xE5 }; 311281681Srpaulo u8 data[sizeof(msg)], tag[AES_BLOCK_SIZE]; 312281681Srpaulo 313281681Srpaulo os_memcpy(data, msg, sizeof(msg)); 314281681Srpaulo if (aes_128_eax_encrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr), 315281681Srpaulo data, sizeof(data), tag)) { 316281681Srpaulo wpa_printf(MSG_ERROR, "AES-128 EAX mode encryption failed"); 317281681Srpaulo return 1; 318281681Srpaulo } 319281681Srpaulo if (os_memcmp(data, cipher, sizeof(data)) != 0) { 320281681Srpaulo wpa_printf(MSG_ERROR, 321281681Srpaulo "AES-128 EAX mode encryption returned invalid cipher text"); 322281681Srpaulo return 1; 323281681Srpaulo } 324281681Srpaulo if (os_memcmp(tag, cipher + sizeof(data), AES_BLOCK_SIZE) != 0) { 325281681Srpaulo wpa_printf(MSG_ERROR, 326281681Srpaulo "AES-128 EAX mode encryption returned invalid tag"); 327281681Srpaulo return 1; 328281681Srpaulo } 329281681Srpaulo 330281681Srpaulo if (aes_128_eax_decrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr), 331281681Srpaulo data, sizeof(data), tag)) { 332281681Srpaulo wpa_printf(MSG_ERROR, "AES-128 EAX mode decryption failed"); 333281681Srpaulo return 1; 334281681Srpaulo } 335281681Srpaulo if (os_memcmp(data, msg, sizeof(data)) != 0) { 336281681Srpaulo wpa_printf(MSG_ERROR, 337281681Srpaulo "AES-128 EAX mode decryption returned invalid plain text"); 338281681Srpaulo return 1; 339281681Srpaulo } 340281681Srpaulo 341281681Srpaulo wpa_printf(MSG_INFO, "AES-128 EAX mode test cases passed"); 342281681Srpaulo#endif /* EAP_PSK */ 343281681Srpaulo 344281681Srpaulo return 0; 345281681Srpaulo} 346281681Srpaulo 347281681Srpaulo 348281681Srpaulostatic int test_cbc(void) 349281681Srpaulo{ 350281681Srpaulo struct cbc_test_vector { 351281681Srpaulo u8 key[16]; 352281681Srpaulo u8 iv[16]; 353281681Srpaulo u8 plain[32]; 354281681Srpaulo u8 cipher[32]; 355281681Srpaulo size_t len; 356281681Srpaulo } vectors[] = { 357281681Srpaulo { 358281681Srpaulo { 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b, 359281681Srpaulo 0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 }, 360281681Srpaulo { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30, 361281681Srpaulo 0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 }, 362281681Srpaulo "Single block msg", 363281681Srpaulo { 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8, 364281681Srpaulo 0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a }, 365281681Srpaulo 16 366281681Srpaulo }, 367281681Srpaulo { 368281681Srpaulo { 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0, 369281681Srpaulo 0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a }, 370281681Srpaulo { 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28, 371281681Srpaulo 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 }, 372281681Srpaulo { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 373281681Srpaulo 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 374281681Srpaulo 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 375281681Srpaulo 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, 376281681Srpaulo { 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a, 377281681Srpaulo 0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a, 378281681Srpaulo 0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9, 379281681Srpaulo 0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 }, 380281681Srpaulo 32 381281681Srpaulo } 382281681Srpaulo }; 383281681Srpaulo int ret = 0; 384281681Srpaulo u8 *buf; 385281681Srpaulo unsigned int i; 386281681Srpaulo 387281681Srpaulo for (i = 0; i < ARRAY_SIZE(vectors); i++) { 388281681Srpaulo struct cbc_test_vector *tv = &vectors[i]; 389281681Srpaulo 390281681Srpaulo buf = os_malloc(tv->len); 391281681Srpaulo if (buf == NULL) { 392281681Srpaulo ret++; 393281681Srpaulo break; 394281681Srpaulo } 395281681Srpaulo 396281681Srpaulo os_memcpy(buf, tv->plain, tv->len); 397281681Srpaulo if (aes_128_cbc_encrypt(tv->key, tv->iv, buf, tv->len) || 398281681Srpaulo os_memcmp(buf, tv->cipher, tv->len) != 0) { 399281681Srpaulo wpa_printf(MSG_ERROR, "AES-CBC encrypt %d failed", i); 400281681Srpaulo ret++; 401281681Srpaulo } 402281681Srpaulo 403281681Srpaulo os_memcpy(buf, tv->cipher, tv->len); 404281681Srpaulo if (aes_128_cbc_decrypt(tv->key, tv->iv, buf, tv->len) || 405281681Srpaulo os_memcmp(buf, tv->plain, tv->len) != 0) { 406281681Srpaulo wpa_printf(MSG_ERROR, "AES-CBC decrypt %d failed", i); 407281681Srpaulo ret++; 408281681Srpaulo } 409281681Srpaulo 410281681Srpaulo os_free(buf); 411281681Srpaulo } 412281681Srpaulo 413281681Srpaulo return ret; 414281681Srpaulo} 415281681Srpaulo 416281681Srpaulo 417281681Srpaulostatic int test_ecb(void) 418281681Srpaulo{ 419281681Srpaulo#ifdef EAP_PSK 420281681Srpaulo struct ecb_test_vector { 421281681Srpaulo char *key; 422281681Srpaulo char *plaintext; 423281681Srpaulo char *ciphertext; 424281681Srpaulo } vectors[] = { 425281681Srpaulo /* CAVS 11.1 - ECBGFSbox128.rsp */ 426281681Srpaulo { 427281681Srpaulo "00000000000000000000000000000000", 428281681Srpaulo "f34481ec3cc627bacd5dc3fb08f273e6", 429281681Srpaulo "0336763e966d92595a567cc9ce537f5e" 430281681Srpaulo }, 431281681Srpaulo { 432281681Srpaulo "00000000000000000000000000000000", 433281681Srpaulo "9798c4640bad75c7c3227db910174e72", 434281681Srpaulo "a9a1631bf4996954ebc093957b234589" 435281681Srpaulo }, 436281681Srpaulo { 437281681Srpaulo "00000000000000000000000000000000", 438281681Srpaulo "96ab5c2ff612d9dfaae8c31f30c42168", 439281681Srpaulo "ff4f8391a6a40ca5b25d23bedd44a597" 440281681Srpaulo }, 441281681Srpaulo { 442281681Srpaulo "00000000000000000000000000000000", 443281681Srpaulo "6a118a874519e64e9963798a503f1d35", 444281681Srpaulo "dc43be40be0e53712f7e2bf5ca707209" 445281681Srpaulo }, 446281681Srpaulo { 447281681Srpaulo "00000000000000000000000000000000", 448281681Srpaulo "cb9fceec81286ca3e989bd979b0cb284", 449281681Srpaulo "92beedab1895a94faa69b632e5cc47ce" 450281681Srpaulo }, 451281681Srpaulo { 452281681Srpaulo "00000000000000000000000000000000", 453281681Srpaulo "b26aeb1874e47ca8358ff22378f09144", 454281681Srpaulo "459264f4798f6a78bacb89c15ed3d601" 455281681Srpaulo }, 456281681Srpaulo { 457281681Srpaulo "00000000000000000000000000000000", 458281681Srpaulo "58c8e00b2631686d54eab84b91f0aca1", 459281681Srpaulo "08a4e2efec8a8e3312ca7460b9040bbf" 460281681Srpaulo }, 461281681Srpaulo /* CAVS 11.1 - ECBKeySbox128.rsp */ 462281681Srpaulo { 463281681Srpaulo "10a58869d74be5a374cf867cfb473859", 464281681Srpaulo "00000000000000000000000000000000", 465281681Srpaulo "6d251e6944b051e04eaa6fb4dbf78465" 466281681Srpaulo }, 467281681Srpaulo { 468281681Srpaulo "caea65cdbb75e9169ecd22ebe6e54675", 469281681Srpaulo "00000000000000000000000000000000", 470281681Srpaulo "6e29201190152df4ee058139def610bb", 471281681Srpaulo } 472281681Srpaulo }; 473281681Srpaulo int ret = 0; 474281681Srpaulo unsigned int i; 475281681Srpaulo u8 key[16], plain[16], cipher[16], out[16]; 476281681Srpaulo 477281681Srpaulo for (i = 0; i < ARRAY_SIZE(vectors); i++) { 478281681Srpaulo struct ecb_test_vector *tv = &vectors[i]; 479281681Srpaulo 480281681Srpaulo if (hexstr2bin(tv->key, key, sizeof(key)) || 481281681Srpaulo hexstr2bin(tv->plaintext, plain, sizeof(plain)) || 482281681Srpaulo hexstr2bin(tv->ciphertext, cipher, sizeof(cipher))) { 483281681Srpaulo wpa_printf(MSG_ERROR, "Invalid AES-ECB test vector %u", 484281681Srpaulo i); 485281681Srpaulo ret++; 486281681Srpaulo continue; 487281681Srpaulo } 488281681Srpaulo 489281681Srpaulo if (aes_128_encrypt_block(key, plain, out) < 0 || 490281681Srpaulo os_memcmp(out, cipher, 16) != 0) { 491281681Srpaulo wpa_printf(MSG_ERROR, "AES-ECB encrypt %u failed", i); 492281681Srpaulo ret++; 493281681Srpaulo } 494281681Srpaulo } 495281681Srpaulo 496281681Srpaulo if (!ret) 497281681Srpaulo wpa_printf(MSG_INFO, "AES ECB mode test cases passed"); 498281681Srpaulo 499281681Srpaulo return ret; 500281681Srpaulo#endif /* EAP_PSK */ 501281681Srpaulo 502281681Srpaulo return 0; 503281681Srpaulo} 504281681Srpaulo 505281681Srpaulo 506281681Srpaulostatic int test_key_wrap(void) 507281681Srpaulo{ 508281681Srpaulo int ret = 0; 509281681Srpaulo 510281681Srpaulo /* RFC 3394 - Test vector 4.1 */ 511281681Srpaulo u8 kek41[] = { 512281681Srpaulo 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 513281681Srpaulo 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f 514281681Srpaulo }; 515281681Srpaulo u8 plain41[] = { 516281681Srpaulo 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 517281681Srpaulo 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff 518281681Srpaulo }; 519281681Srpaulo u8 crypt41[] = { 520281681Srpaulo 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47, 521281681Srpaulo 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82, 522281681Srpaulo 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5 523281681Srpaulo }; 524289549Srpaulo#ifndef CONFIG_BORINGSSL 525281681Srpaulo /* RFC 3394 - Test vector 4.2 */ 526281681Srpaulo u8 kek42[] = { 527281681Srpaulo 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 528281681Srpaulo 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 529281681Srpaulo 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 530281681Srpaulo }; 531281681Srpaulo u8 plain42[] = { 532281681Srpaulo 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 533281681Srpaulo 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff 534281681Srpaulo }; 535281681Srpaulo u8 crypt42[] = { 536281681Srpaulo 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35, 537281681Srpaulo 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2, 538281681Srpaulo 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D 539281681Srpaulo }; 540289549Srpaulo#endif /* CONFIG_BORINGSSL */ 541281681Srpaulo /* RFC 3394 - Test vector 4.3 */ 542281681Srpaulo u8 kek43[] = { 543281681Srpaulo 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 544281681Srpaulo 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 545281681Srpaulo 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 546281681Srpaulo 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F 547281681Srpaulo }; 548281681Srpaulo u8 plain43[] = { 549281681Srpaulo 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 550281681Srpaulo 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff 551281681Srpaulo }; 552281681Srpaulo u8 crypt43[] = { 553281681Srpaulo 0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2, 554281681Srpaulo 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A, 555281681Srpaulo 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7, 556281681Srpaulo }; 557289549Srpaulo#ifndef CONFIG_BORINGSSL 558281681Srpaulo /* RFC 3394 - Test vector 4.4 */ 559281681Srpaulo u8 kek44[] = { 560281681Srpaulo 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 561281681Srpaulo 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 562281681Srpaulo 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 563281681Srpaulo }; 564281681Srpaulo u8 plain44[] = { 565281681Srpaulo 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 566281681Srpaulo 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 567281681Srpaulo 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 568281681Srpaulo }; 569281681Srpaulo u8 crypt44[] = { 570281681Srpaulo 0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32, 571281681Srpaulo 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC, 572281681Srpaulo 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93, 573281681Srpaulo 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2 574281681Srpaulo }; 575289549Srpaulo#endif /* CONFIG_BORINGSSL */ 576281681Srpaulo /* RFC 3394 - Test vector 4.5 */ 577281681Srpaulo u8 kek45[] = { 578281681Srpaulo 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 579281681Srpaulo 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 580281681Srpaulo 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 581281681Srpaulo 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F 582281681Srpaulo }; 583281681Srpaulo u8 plain45[] = { 584281681Srpaulo 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 585281681Srpaulo 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 586281681Srpaulo 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 587281681Srpaulo }; 588281681Srpaulo u8 crypt45[] = { 589281681Srpaulo 0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F, 590281681Srpaulo 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4, 591281681Srpaulo 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95, 592281681Srpaulo 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1, 593281681Srpaulo }; 594281681Srpaulo /* RFC 3394 - Test vector 4.6 */ 595281681Srpaulo u8 kek46[] = { 596281681Srpaulo 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 597281681Srpaulo 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 598281681Srpaulo 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 599281681Srpaulo 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F 600281681Srpaulo }; 601281681Srpaulo u8 plain46[] = { 602281681Srpaulo 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 603281681Srpaulo 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 604281681Srpaulo 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 605281681Srpaulo 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F 606281681Srpaulo }; 607281681Srpaulo u8 crypt46[] = { 608281681Srpaulo 0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4, 609281681Srpaulo 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26, 610281681Srpaulo 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26, 611281681Srpaulo 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B, 612281681Srpaulo 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21 613281681Srpaulo }; 614281681Srpaulo u8 result[40]; 615281681Srpaulo 616281681Srpaulo wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.1"); 617281681Srpaulo if (aes_wrap(kek41, sizeof(kek41), sizeof(plain41) / 8, plain41, 618281681Srpaulo result)) { 619281681Srpaulo wpa_printf(MSG_ERROR, "AES-WRAP-128 reported failure"); 620281681Srpaulo ret++; 621281681Srpaulo } 622281681Srpaulo if (os_memcmp(result, crypt41, sizeof(crypt41)) != 0) { 623281681Srpaulo wpa_printf(MSG_ERROR, "AES-WRAP-128 failed"); 624281681Srpaulo ret++; 625281681Srpaulo } 626281681Srpaulo if (aes_unwrap(kek41, sizeof(kek41), sizeof(plain41) / 8, crypt41, 627281681Srpaulo result)) { 628281681Srpaulo wpa_printf(MSG_ERROR, "AES-UNWRAP-128 reported failure"); 629281681Srpaulo ret++; 630281681Srpaulo } 631281681Srpaulo if (os_memcmp(result, plain41, sizeof(plain41)) != 0) { 632281681Srpaulo wpa_printf(MSG_ERROR, "AES-UNWRAP-128 failed"); 633281681Srpaulo ret++; 634281681Srpaulo } 635281681Srpaulo 636289549Srpaulo#ifndef CONFIG_BORINGSSL 637281681Srpaulo wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.2"); 638281681Srpaulo if (aes_wrap(kek42, sizeof(kek42), sizeof(plain42) / 8, plain42, 639281681Srpaulo result)) { 640281681Srpaulo wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure"); 641281681Srpaulo ret++; 642281681Srpaulo } 643281681Srpaulo if (os_memcmp(result, crypt42, sizeof(crypt42)) != 0) { 644281681Srpaulo wpa_printf(MSG_ERROR, "AES-WRAP-192 failed"); 645281681Srpaulo ret++; 646281681Srpaulo } 647281681Srpaulo if (aes_unwrap(kek42, sizeof(kek42), sizeof(plain42) / 8, crypt42, 648281681Srpaulo result)) { 649281681Srpaulo wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure"); 650281681Srpaulo ret++; 651281681Srpaulo } 652281681Srpaulo if (os_memcmp(result, plain42, sizeof(plain42)) != 0) { 653281681Srpaulo wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed"); 654281681Srpaulo ret++; 655281681Srpaulo } 656289549Srpaulo#endif /* CONFIG_BORINGSSL */ 657281681Srpaulo 658281681Srpaulo wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.3"); 659281681Srpaulo if (aes_wrap(kek43, sizeof(kek43), sizeof(plain43) / 8, plain43, 660281681Srpaulo result)) { 661281681Srpaulo wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure"); 662281681Srpaulo ret++; 663281681Srpaulo } 664281681Srpaulo if (os_memcmp(result, crypt43, sizeof(crypt43)) != 0) { 665281681Srpaulo wpa_printf(MSG_ERROR, "AES-WRAP-256 failed"); 666281681Srpaulo ret++; 667281681Srpaulo } 668281681Srpaulo if (aes_unwrap(kek43, sizeof(kek43), sizeof(plain43) / 8, crypt43, 669281681Srpaulo result)) { 670281681Srpaulo wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure"); 671281681Srpaulo ret++; 672281681Srpaulo } 673281681Srpaulo if (os_memcmp(result, plain43, sizeof(plain43)) != 0) { 674281681Srpaulo wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed"); 675281681Srpaulo ret++; 676281681Srpaulo } 677281681Srpaulo 678289549Srpaulo#ifndef CONFIG_BORINGSSL 679281681Srpaulo wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.4"); 680281681Srpaulo if (aes_wrap(kek44, sizeof(kek44), sizeof(plain44) / 8, plain44, 681281681Srpaulo result)) { 682281681Srpaulo wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure"); 683281681Srpaulo ret++; 684281681Srpaulo } 685281681Srpaulo if (os_memcmp(result, crypt44, sizeof(crypt44)) != 0) { 686281681Srpaulo wpa_printf(MSG_ERROR, "AES-WRAP-192 failed"); 687281681Srpaulo ret++; 688281681Srpaulo } 689281681Srpaulo if (aes_unwrap(kek44, sizeof(kek44), sizeof(plain44) / 8, crypt44, 690281681Srpaulo result)) { 691281681Srpaulo wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure"); 692281681Srpaulo ret++; 693281681Srpaulo } 694281681Srpaulo if (os_memcmp(result, plain44, sizeof(plain44)) != 0) { 695281681Srpaulo wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed"); 696281681Srpaulo ret++; 697281681Srpaulo } 698289549Srpaulo#endif /* CONFIG_BORINGSSL */ 699281681Srpaulo 700281681Srpaulo wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.5"); 701281681Srpaulo if (aes_wrap(kek45, sizeof(kek45), sizeof(plain45) / 8, plain45, 702281681Srpaulo result)) { 703281681Srpaulo wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure"); 704281681Srpaulo ret++; 705281681Srpaulo } 706281681Srpaulo if (os_memcmp(result, crypt45, sizeof(crypt45)) != 0) { 707281681Srpaulo wpa_printf(MSG_ERROR, "AES-WRAP-256 failed"); 708281681Srpaulo ret++; 709281681Srpaulo } 710281681Srpaulo if (aes_unwrap(kek45, sizeof(kek45), sizeof(plain45) / 8, crypt45, 711281681Srpaulo result)) { 712281681Srpaulo wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure"); 713281681Srpaulo ret++; 714281681Srpaulo } 715281681Srpaulo if (os_memcmp(result, plain45, sizeof(plain45)) != 0) { 716281681Srpaulo wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed"); 717281681Srpaulo ret++; 718281681Srpaulo } 719281681Srpaulo 720281681Srpaulo wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.6"); 721281681Srpaulo if (aes_wrap(kek46, sizeof(kek46), sizeof(plain46) / 8, plain46, 722281681Srpaulo result)) { 723281681Srpaulo wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure"); 724281681Srpaulo ret++; 725281681Srpaulo } 726281681Srpaulo if (os_memcmp(result, crypt46, sizeof(crypt46)) != 0) { 727281681Srpaulo wpa_printf(MSG_ERROR, "AES-WRAP-256 failed"); 728281681Srpaulo ret++; 729281681Srpaulo } 730281681Srpaulo if (aes_unwrap(kek46, sizeof(kek46), sizeof(plain46) / 8, crypt46, 731281681Srpaulo result)) { 732281681Srpaulo wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure"); 733281681Srpaulo ret++; 734281681Srpaulo } 735281681Srpaulo if (os_memcmp(result, plain46, sizeof(plain46)) != 0) { 736281681Srpaulo wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed"); 737281681Srpaulo ret++; 738281681Srpaulo } 739281681Srpaulo 740281681Srpaulo if (!ret) 741281681Srpaulo wpa_printf(MSG_INFO, "AES key wrap/unwrap test cases passed"); 742281681Srpaulo 743281681Srpaulo return ret; 744281681Srpaulo} 745281681Srpaulo 746281681Srpaulo 747281681Srpaulostatic int test_md5(void) 748281681Srpaulo{ 749289549Srpaulo#ifndef CONFIG_FIPS 750281681Srpaulo struct { 751281681Srpaulo char *data; 752281681Srpaulo char *hash; 753281681Srpaulo } tests[] = { 754281681Srpaulo { 755281681Srpaulo "", 756281681Srpaulo "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04" 757281681Srpaulo "\xe9\x80\x09\x98\xec\xf8\x42\x7e" 758281681Srpaulo }, 759281681Srpaulo { 760281681Srpaulo "a", 761281681Srpaulo "\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8" 762281681Srpaulo "\x31\xc3\x99\xe2\x69\x77\x26\x61" 763281681Srpaulo }, 764281681Srpaulo { 765281681Srpaulo "abc", 766281681Srpaulo "\x90\x01\x50\x98\x3c\xd2\x4f\xb0" 767281681Srpaulo "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72" 768281681Srpaulo }, 769281681Srpaulo { 770281681Srpaulo "message digest", 771281681Srpaulo "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d" 772281681Srpaulo "\x52\x5a\x2f\x31\xaa\xf1\x61\xd0" 773281681Srpaulo }, 774281681Srpaulo { 775281681Srpaulo "abcdefghijklmnopqrstuvwxyz", 776281681Srpaulo "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00" 777281681Srpaulo "\x7d\xfb\x49\x6c\xca\x67\xe1\x3b" 778281681Srpaulo }, 779281681Srpaulo { 780281681Srpaulo "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" 781281681Srpaulo "0123456789", 782281681Srpaulo "\xd1\x74\xab\x98\xd2\x77\xd9\xf5" 783281681Srpaulo "\xa5\x61\x1c\x2c\x9f\x41\x9d\x9f" 784281681Srpaulo }, 785281681Srpaulo { 786281681Srpaulo "12345678901234567890123456789012345678901234567890" 787281681Srpaulo "123456789012345678901234567890", 788281681Srpaulo "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55" 789281681Srpaulo "\xac\x49\xda\x2e\x21\x07\xb6\x7a" 790281681Srpaulo } 791281681Srpaulo }; 792281681Srpaulo unsigned int i; 793281681Srpaulo u8 hash[16]; 794281681Srpaulo const u8 *addr[2]; 795281681Srpaulo size_t len[2]; 796281681Srpaulo int errors = 0; 797281681Srpaulo 798281681Srpaulo for (i = 0; i < ARRAY_SIZE(tests); i++) { 799281681Srpaulo wpa_printf(MSG_INFO, "MD5 test case %d", i); 800281681Srpaulo 801281681Srpaulo addr[0] = (u8 *) tests[i].data; 802281681Srpaulo len[0] = strlen(tests[i].data); 803281681Srpaulo if (md5_vector(1, addr, len, hash) < 0 || 804281681Srpaulo os_memcmp(hash, tests[i].hash, 16) != 0) { 805281681Srpaulo wpa_printf(MSG_INFO, " FAIL"); 806281681Srpaulo errors++; 807281681Srpaulo } else 808281681Srpaulo wpa_printf(MSG_INFO, " OK"); 809281681Srpaulo 810281681Srpaulo if (len[0]) { 811281681Srpaulo addr[0] = (u8 *) tests[i].data; 812281681Srpaulo len[0] = strlen(tests[i].data); 813281681Srpaulo addr[1] = (u8 *) tests[i].data + 1; 814281681Srpaulo len[1] = strlen(tests[i].data) - 1; 815281681Srpaulo if (md5_vector(1, addr, len, hash) < 0 || 816281681Srpaulo os_memcmp(hash, tests[i].hash, 16) != 0) { 817281681Srpaulo wpa_printf(MSG_INFO, " FAIL"); 818281681Srpaulo errors++; 819281681Srpaulo } else 820281681Srpaulo wpa_printf(MSG_INFO, " OK"); 821281681Srpaulo } 822281681Srpaulo } 823281681Srpaulo 824281681Srpaulo if (!errors) 825281681Srpaulo wpa_printf(MSG_INFO, "MD5 test cases passed"); 826281681Srpaulo 827281681Srpaulo return errors; 828289549Srpaulo#else /* CONFIG_FIPS */ 829289549Srpaulo wpa_printf(MSG_INFO, "MD5 test cases skipped due to CONFIG_FIPS"); 830289549Srpaulo return 0; 831289549Srpaulo#endif /* CONFIG_FIPS */ 832281681Srpaulo} 833281681Srpaulo 834281681Srpaulo 835281681Srpaulostatic int test_eap_fast(void) 836281681Srpaulo{ 837281681Srpaulo#ifdef EAP_FAST 838281681Srpaulo /* RFC 4851, Appendix B.1 */ 839281681Srpaulo const u8 pac_key[] = { 840281681Srpaulo 0x0B, 0x97, 0x39, 0x0F, 0x37, 0x51, 0x78, 0x09, 841281681Srpaulo 0x81, 0x1E, 0xFD, 0x9C, 0x6E, 0x65, 0x94, 0x2B, 842281681Srpaulo 0x63, 0x2C, 0xE9, 0x53, 0x89, 0x38, 0x08, 0xBA, 843281681Srpaulo 0x36, 0x0B, 0x03, 0x7C, 0xD1, 0x85, 0xE4, 0x14 844281681Srpaulo }; 845281681Srpaulo const u8 seed[] = { 846281681Srpaulo 0x3F, 0xFB, 0x11, 0xC4, 0x6C, 0xBF, 0xA5, 0x7A, 847281681Srpaulo 0x54, 0x40, 0xDA, 0xE8, 0x22, 0xD3, 0x11, 0xD3, 848281681Srpaulo 0xF7, 0x6D, 0xE4, 0x1D, 0xD9, 0x33, 0xE5, 0x93, 849281681Srpaulo 0x70, 0x97, 0xEB, 0xA9, 0xB3, 0x66, 0xF4, 0x2A, 850281681Srpaulo 0x00, 0x00, 0x00, 0x02, 0x6A, 0x66, 0x43, 0x2A, 851281681Srpaulo 0x8D, 0x14, 0x43, 0x2C, 0xEC, 0x58, 0x2D, 0x2F, 852281681Srpaulo 0xC7, 0x9C, 0x33, 0x64, 0xBA, 0x04, 0xAD, 0x3A, 853281681Srpaulo 0x52, 0x54, 0xD6, 0xA5, 0x79, 0xAD, 0x1E, 0x00 854281681Srpaulo }; 855281681Srpaulo const u8 master_secret[] = { 856281681Srpaulo 0x4A, 0x1A, 0x51, 0x2C, 0x01, 0x60, 0xBC, 0x02, 857281681Srpaulo 0x3C, 0xCF, 0xBC, 0x83, 0x3F, 0x03, 0xBC, 0x64, 858281681Srpaulo 0x88, 0xC1, 0x31, 0x2F, 0x0B, 0xA9, 0xA2, 0x77, 859281681Srpaulo 0x16, 0xA8, 0xD8, 0xE8, 0xBD, 0xC9, 0xD2, 0x29, 860281681Srpaulo 0x38, 0x4B, 0x7A, 0x85, 0xBE, 0x16, 0x4D, 0x27, 861281681Srpaulo 0x33, 0xD5, 0x24, 0x79, 0x87, 0xB1, 0xC5, 0xA2 862281681Srpaulo }; 863289549Srpaulo#ifndef CONFIG_FIPS 864281681Srpaulo const u8 key_block[] = { 865281681Srpaulo 0x59, 0x59, 0xBE, 0x8E, 0x41, 0x3A, 0x77, 0x74, 866281681Srpaulo 0x8B, 0xB2, 0xE5, 0xD3, 0x60, 0xAC, 0x4D, 0x35, 867281681Srpaulo 0xDF, 0xFB, 0xC8, 0x1E, 0x9C, 0x24, 0x9C, 0x8B, 868281681Srpaulo 0x0E, 0xC3, 0x1D, 0x72, 0xC8, 0x84, 0x9D, 0x57, 869281681Srpaulo 0x48, 0x51, 0x2E, 0x45, 0x97, 0x6C, 0x88, 0x70, 870281681Srpaulo 0xBE, 0x5F, 0x01, 0xD3, 0x64, 0xE7, 0x4C, 0xBB, 871281681Srpaulo 0x11, 0x24, 0xE3, 0x49, 0xE2, 0x3B, 0xCD, 0xEF, 872281681Srpaulo 0x7A, 0xB3, 0x05, 0x39, 0x5D, 0x64, 0x8A, 0x44, 873281681Srpaulo 0x11, 0xB6, 0x69, 0x88, 0x34, 0x2E, 0x8E, 0x29, 874281681Srpaulo 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05, 875281681Srpaulo 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96, 876281681Srpaulo 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84, 877281681Srpaulo 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98, 878281681Srpaulo 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71 879281681Srpaulo }; 880289549Srpaulo#endif /* CONFIG_FIPS */ 881281681Srpaulo const u8 sks[] = { 882281681Srpaulo 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05, 883281681Srpaulo 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96, 884281681Srpaulo 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84, 885281681Srpaulo 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98, 886281681Srpaulo 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71 887281681Srpaulo }; 888281681Srpaulo const u8 isk[] = { 889281681Srpaulo 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 890281681Srpaulo 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 891281681Srpaulo 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 892281681Srpaulo 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 893281681Srpaulo }; 894281681Srpaulo const u8 imck[] = { 895281681Srpaulo 0x16, 0x15, 0x3C, 0x3F, 0x21, 0x55, 0xEF, 0xD9, 896281681Srpaulo 0x7F, 0x34, 0xAE, 0xC8, 0x1A, 0x4E, 0x66, 0x80, 897281681Srpaulo 0x4C, 0xC3, 0x76, 0xF2, 0x8A, 0xA9, 0x6F, 0x96, 898281681Srpaulo 0xC2, 0x54, 0x5F, 0x8C, 0xAB, 0x65, 0x02, 0xE1, 899281681Srpaulo 0x18, 0x40, 0x7B, 0x56, 0xBE, 0xEA, 0xA7, 0xC5, 900281681Srpaulo 0x76, 0x5D, 0x8F, 0x0B, 0xC5, 0x07, 0xC6, 0xB9, 901281681Srpaulo 0x04, 0xD0, 0x69, 0x56, 0x72, 0x8B, 0x6B, 0xB8, 902281681Srpaulo 0x15, 0xEC, 0x57, 0x7B 903281681Srpaulo }; 904281681Srpaulo const u8 msk[] = { 905281681Srpaulo 0x4D, 0x83, 0xA9, 0xBE, 0x6F, 0x8A, 0x74, 0xED, 906281681Srpaulo 0x6A, 0x02, 0x66, 0x0A, 0x63, 0x4D, 0x2C, 0x33, 907281681Srpaulo 0xC2, 0xDA, 0x60, 0x15, 0xC6, 0x37, 0x04, 0x51, 908281681Srpaulo 0x90, 0x38, 0x63, 0xDA, 0x54, 0x3E, 0x14, 0xB9, 909281681Srpaulo 0x27, 0x99, 0x18, 0x1E, 0x07, 0xBF, 0x0F, 0x5A, 910281681Srpaulo 0x5E, 0x3C, 0x32, 0x93, 0x80, 0x8C, 0x6C, 0x49, 911281681Srpaulo 0x67, 0xED, 0x24, 0xFE, 0x45, 0x40, 0xA0, 0x59, 912281681Srpaulo 0x5E, 0x37, 0xC2, 0xE9, 0xD0, 0x5D, 0x0A, 0xE3 913281681Srpaulo }; 914281681Srpaulo const u8 emsk[] = { 915281681Srpaulo 0x3A, 0xD4, 0xAB, 0xDB, 0x76, 0xB2, 0x7F, 0x3B, 916281681Srpaulo 0xEA, 0x32, 0x2C, 0x2B, 0x74, 0xF4, 0x28, 0x55, 917281681Srpaulo 0xEF, 0x2D, 0xBA, 0x78, 0xC9, 0x57, 0x2F, 0x0D, 918281681Srpaulo 0x06, 0xCD, 0x51, 0x7C, 0x20, 0x93, 0x98, 0xA9, 919281681Srpaulo 0x76, 0xEA, 0x70, 0x21, 0xD7, 0x0E, 0x25, 0x54, 920281681Srpaulo 0x97, 0xED, 0xB2, 0x8A, 0xF6, 0xED, 0xFD, 0x0A, 921281681Srpaulo 0x2A, 0xE7, 0xA1, 0x58, 0x90, 0x10, 0x50, 0x44, 922281681Srpaulo 0xB3, 0x82, 0x85, 0xDB, 0x06, 0x14, 0xD2, 0xF9 923281681Srpaulo }; 924281681Srpaulo /* RFC 4851, Appendix B.2 */ 925281681Srpaulo u8 tlv[] = { 926281681Srpaulo 0x80, 0x0C, 0x00, 0x38, 0x00, 0x01, 0x01, 0x00, 927281681Srpaulo 0xD8, 0x6A, 0x8C, 0x68, 0x3C, 0x32, 0x31, 0xA8, 928281681Srpaulo 0x56, 0x63, 0xB6, 0x40, 0x21, 0xFE, 0x21, 0x14, 929281681Srpaulo 0x4E, 0xE7, 0x54, 0x20, 0x79, 0x2D, 0x42, 0x62, 930281681Srpaulo 0xC9, 0xBF, 0x53, 0x7F, 0x54, 0xFD, 0xAC, 0x58, 931281681Srpaulo 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF, 932281681Srpaulo 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC, 933281681Srpaulo 0x05, 0xC5, 0x5B, 0xB7 934281681Srpaulo }; 935281681Srpaulo const u8 compound_mac[] = { 936281681Srpaulo 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF, 937281681Srpaulo 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC, 938281681Srpaulo 0x05, 0xC5, 0x5B, 0xB7 939281681Srpaulo }; 940281681Srpaulo u8 buf[512]; 941281681Srpaulo const u8 *simck, *cmk; 942281681Srpaulo int errors = 0; 943281681Srpaulo 944281681Srpaulo wpa_printf(MSG_INFO, "EAP-FAST test cases"); 945281681Srpaulo 946281681Srpaulo wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / master_secret"); 947281681Srpaulo if (sha1_t_prf(pac_key, sizeof(pac_key), 948281681Srpaulo "PAC to master secret label hash", 949281681Srpaulo seed, sizeof(seed), buf, sizeof(master_secret)) < 0 || 950281681Srpaulo os_memcmp(master_secret, buf, sizeof(master_secret)) != 0) { 951281681Srpaulo wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 952281681Srpaulo errors++; 953281681Srpaulo } 954281681Srpaulo 955289549Srpaulo#ifndef CONFIG_FIPS 956281681Srpaulo wpa_printf(MSG_INFO, "- PRF (TLS, SHA1/MD5) test case / key_block"); 957281681Srpaulo if (tls_prf_sha1_md5(master_secret, sizeof(master_secret), 958281681Srpaulo "key expansion", seed, sizeof(seed), 959281681Srpaulo buf, sizeof(key_block)) || 960281681Srpaulo os_memcmp(key_block, buf, sizeof(key_block)) != 0) { 961281681Srpaulo wpa_printf(MSG_INFO, "PRF test - FAILED!"); 962281681Srpaulo errors++; 963281681Srpaulo } 964289549Srpaulo#endif /* CONFIG_FIPS */ 965281681Srpaulo 966281681Srpaulo wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / IMCK"); 967281681Srpaulo if (sha1_t_prf(sks, sizeof(sks), "Inner Methods Compound Keys", 968281681Srpaulo isk, sizeof(isk), buf, sizeof(imck)) < 0 || 969281681Srpaulo os_memcmp(imck, buf, sizeof(imck)) != 0) { 970281681Srpaulo wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 971281681Srpaulo errors++; 972281681Srpaulo } 973281681Srpaulo 974281681Srpaulo simck = imck; 975281681Srpaulo cmk = imck + 40; 976281681Srpaulo 977281681Srpaulo wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / MSK"); 978281681Srpaulo if (sha1_t_prf(simck, 40, "Session Key Generating Function", 979281681Srpaulo (u8 *) "", 0, buf, sizeof(msk)) < 0 || 980281681Srpaulo os_memcmp(msk, buf, sizeof(msk)) != 0) { 981281681Srpaulo wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 982281681Srpaulo errors++; 983281681Srpaulo } 984281681Srpaulo 985281681Srpaulo wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / EMSK"); 986281681Srpaulo if (sha1_t_prf(simck, 40, "Extended Session Key Generating Function", 987281681Srpaulo (u8 *) "", 0, buf, sizeof(msk)) < 0 || 988281681Srpaulo os_memcmp(emsk, buf, sizeof(emsk)) != 0) { 989281681Srpaulo wpa_printf(MSG_INFO, "T-PRF test - FAILED!"); 990281681Srpaulo errors++; 991281681Srpaulo } 992281681Srpaulo 993281681Srpaulo wpa_printf(MSG_INFO, "- Compound MAC test case"); 994281681Srpaulo os_memset(tlv + sizeof(tlv) - 20, 0, 20); 995281681Srpaulo if (hmac_sha1(cmk, 20, tlv, sizeof(tlv), tlv + sizeof(tlv) - 20) < 0 || 996281681Srpaulo os_memcmp(tlv + sizeof(tlv) - 20, compound_mac, 997281681Srpaulo sizeof(compound_mac)) != 0) { 998281681Srpaulo wpa_printf(MSG_INFO, "Compound MAC test - FAILED!"); 999281681Srpaulo errors++; 1000281681Srpaulo } 1001281681Srpaulo 1002281681Srpaulo return errors; 1003281681Srpaulo#else /* EAP_FAST */ 1004281681Srpaulo return 0; 1005281681Srpaulo#endif /* EAP_FAST */ 1006281681Srpaulo} 1007281681Srpaulo 1008281681Srpaulo 1009289549Srpaulostatic const u8 key0[] = 1010281681Srpaulo{ 1011281681Srpaulo 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1012281681Srpaulo 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1013281681Srpaulo 0x0b, 0x0b, 0x0b, 0x0b 1014281681Srpaulo}; 1015289549Srpaulostatic const u8 data0[] = "Hi There"; 1016289549Srpaulostatic const u8 prf0[] = 1017281681Srpaulo{ 1018281681Srpaulo 0xbc, 0xd4, 0xc6, 0x50, 0xb3, 0x0b, 0x96, 0x84, 1019281681Srpaulo 0x95, 0x18, 0x29, 0xe0, 0xd7, 0x5f, 0x9d, 0x54, 1020281681Srpaulo 0xb8, 0x62, 0x17, 0x5e, 0xd9, 0xf0, 0x06, 0x06, 1021281681Srpaulo 0xe1, 0x7d, 0x8d, 0xa3, 0x54, 0x02, 0xff, 0xee, 1022281681Srpaulo 0x75, 0xdf, 0x78, 0xc3, 0xd3, 0x1e, 0x0f, 0x88, 1023281681Srpaulo 0x9f, 0x01, 0x21, 0x20, 0xc0, 0x86, 0x2b, 0xeb, 1024281681Srpaulo 0x67, 0x75, 0x3e, 0x74, 0x39, 0xae, 0x24, 0x2e, 1025281681Srpaulo 0xdb, 0x83, 0x73, 0x69, 0x83, 0x56, 0xcf, 0x5a 1026281681Srpaulo}; 1027281681Srpaulo 1028289549Srpaulostatic const u8 key1[] = "Jefe"; 1029289549Srpaulostatic const u8 data1[] = "what do ya want for nothing?"; 1030289549Srpaulostatic const u8 prf1[] = 1031281681Srpaulo{ 1032281681Srpaulo 0x51, 0xf4, 0xde, 0x5b, 0x33, 0xf2, 0x49, 0xad, 1033281681Srpaulo 0xf8, 0x1a, 0xeb, 0x71, 0x3a, 0x3c, 0x20, 0xf4, 1034281681Srpaulo 0xfe, 0x63, 0x14, 0x46, 0xfa, 0xbd, 0xfa, 0x58, 1035281681Srpaulo 0x24, 0x47, 0x59, 0xae, 0x58, 0xef, 0x90, 0x09, 1036281681Srpaulo 0xa9, 0x9a, 0xbf, 0x4e, 0xac, 0x2c, 0xa5, 0xfa, 1037281681Srpaulo 0x87, 0xe6, 0x92, 0xc4, 0x40, 0xeb, 0x40, 0x02, 1038281681Srpaulo 0x3e, 0x7b, 0xab, 0xb2, 0x06, 0xd6, 0x1d, 0xe7, 1039281681Srpaulo 0xb9, 0x2f, 0x41, 0x52, 0x90, 0x92, 0xb8, 0xfc 1040281681Srpaulo}; 1041281681Srpaulo 1042281681Srpaulo 1043289549Srpaulostatic const u8 key2[] = 1044281681Srpaulo{ 1045281681Srpaulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1046281681Srpaulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1047281681Srpaulo 0xaa, 0xaa, 0xaa, 0xaa 1048281681Srpaulo}; 1049289549Srpaulostatic const u8 data2[] = 1050281681Srpaulo{ 1051281681Srpaulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1052281681Srpaulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1053281681Srpaulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1054281681Srpaulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1055281681Srpaulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1056281681Srpaulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1057281681Srpaulo 0xdd, 0xdd 1058281681Srpaulo}; 1059289549Srpaulostatic const u8 prf2[] = 1060281681Srpaulo{ 1061281681Srpaulo 0xe1, 0xac, 0x54, 0x6e, 0xc4, 0xcb, 0x63, 0x6f, 1062281681Srpaulo 0x99, 0x76, 0x48, 0x7b, 0xe5, 0xc8, 0x6b, 0xe1, 1063281681Srpaulo 0x7a, 0x02, 0x52, 0xca, 0x5d, 0x8d, 0x8d, 0xf1, 1064281681Srpaulo 0x2c, 0xfb, 0x04, 0x73, 0x52, 0x52, 0x49, 0xce, 1065281681Srpaulo 0x9d, 0xd8, 0xd1, 0x77, 0xea, 0xd7, 0x10, 0xbc, 1066281681Srpaulo 0x9b, 0x59, 0x05, 0x47, 0x23, 0x91, 0x07, 0xae, 1067281681Srpaulo 0xf7, 0xb4, 0xab, 0xd4, 0x3d, 0x87, 0xf0, 0xa6, 1068281681Srpaulo 0x8f, 0x1c, 0xbd, 0x9e, 0x2b, 0x6f, 0x76, 0x07 1069281681Srpaulo}; 1070281681Srpaulo 1071281681Srpaulo 1072281681Srpaulostruct passphrase_test { 1073281681Srpaulo char *passphrase; 1074281681Srpaulo char *ssid; 1075281681Srpaulo char psk[32]; 1076281681Srpaulo}; 1077281681Srpaulo 1078289549Srpaulostatic const struct passphrase_test passphrase_tests[] = 1079281681Srpaulo{ 1080281681Srpaulo { 1081281681Srpaulo "password", 1082281681Srpaulo "IEEE", 1083281681Srpaulo { 1084281681Srpaulo 0xf4, 0x2c, 0x6f, 0xc5, 0x2d, 0xf0, 0xeb, 0xef, 1085281681Srpaulo 0x9e, 0xbb, 0x4b, 0x90, 0xb3, 0x8a, 0x5f, 0x90, 1086281681Srpaulo 0x2e, 0x83, 0xfe, 0x1b, 0x13, 0x5a, 0x70, 0xe2, 1087281681Srpaulo 0x3a, 0xed, 0x76, 0x2e, 0x97, 0x10, 0xa1, 0x2e 1088281681Srpaulo } 1089281681Srpaulo }, 1090281681Srpaulo { 1091281681Srpaulo "ThisIsAPassword", 1092281681Srpaulo "ThisIsASSID", 1093281681Srpaulo { 1094281681Srpaulo 0x0d, 0xc0, 0xd6, 0xeb, 0x90, 0x55, 0x5e, 0xd6, 1095281681Srpaulo 0x41, 0x97, 0x56, 0xb9, 0xa1, 0x5e, 0xc3, 0xe3, 1096281681Srpaulo 0x20, 0x9b, 0x63, 0xdf, 0x70, 0x7d, 0xd5, 0x08, 1097281681Srpaulo 0xd1, 0x45, 0x81, 0xf8, 0x98, 0x27, 0x21, 0xaf 1098281681Srpaulo } 1099281681Srpaulo }, 1100281681Srpaulo { 1101281681Srpaulo "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 1102281681Srpaulo "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ", 1103281681Srpaulo { 1104281681Srpaulo 0xbe, 0xcb, 0x93, 0x86, 0x6b, 0xb8, 0xc3, 0x83, 1105281681Srpaulo 0x2c, 0xb7, 0x77, 0xc2, 0xf5, 0x59, 0x80, 0x7c, 1106281681Srpaulo 0x8c, 0x59, 0xaf, 0xcb, 0x6e, 0xae, 0x73, 0x48, 1107281681Srpaulo 0x85, 0x00, 0x13, 0x00, 0xa9, 0x81, 0xcc, 0x62 1108281681Srpaulo } 1109281681Srpaulo }, 1110281681Srpaulo}; 1111281681Srpaulo 1112281681Srpaulo#define NUM_PASSPHRASE_TESTS ARRAY_SIZE(passphrase_tests) 1113281681Srpaulo 1114281681Srpaulo 1115281681Srpaulostruct rfc6070_test { 1116281681Srpaulo char *p; 1117281681Srpaulo char *s; 1118281681Srpaulo int c; 1119281681Srpaulo char dk[32]; 1120281681Srpaulo size_t dk_len; 1121281681Srpaulo}; 1122281681Srpaulo 1123289549Srpaulostatic const struct rfc6070_test rfc6070_tests[] = 1124281681Srpaulo{ 1125281681Srpaulo { 1126281681Srpaulo "password", 1127281681Srpaulo "salt", 1128281681Srpaulo 1, 1129281681Srpaulo { 1130281681Srpaulo 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71, 1131281681Srpaulo 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06, 1132281681Srpaulo 0x2f, 0xe0, 0x37, 0xa6 1133281681Srpaulo }, 1134281681Srpaulo 20 1135281681Srpaulo }, 1136281681Srpaulo { 1137281681Srpaulo "password", 1138281681Srpaulo "salt", 1139281681Srpaulo 2, 1140281681Srpaulo { 1141281681Srpaulo 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c, 1142281681Srpaulo 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0, 1143281681Srpaulo 0xd8, 0xde, 0x89, 0x57 1144281681Srpaulo }, 1145281681Srpaulo 20 1146281681Srpaulo }, 1147281681Srpaulo { 1148281681Srpaulo "password", 1149281681Srpaulo "salt", 1150281681Srpaulo 4096, 1151281681Srpaulo { 1152281681Srpaulo 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a, 1153281681Srpaulo 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0, 1154281681Srpaulo 0x65, 0xa4, 0x29, 0xc1 1155281681Srpaulo }, 1156281681Srpaulo 20 1157281681Srpaulo }, 1158281681Srpaulo#if 0 /* This takes quite long to derive.. */ 1159281681Srpaulo { 1160281681Srpaulo "password", 1161281681Srpaulo "salt", 1162281681Srpaulo 16777216, 1163281681Srpaulo { 1164281681Srpaulo 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4, 1165281681Srpaulo 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c, 1166281681Srpaulo 0x26, 0x34, 0xe9, 0x84 1167281681Srpaulo }, 1168281681Srpaulo 20 1169281681Srpaulo }, 1170281681Srpaulo#endif 1171281681Srpaulo { 1172281681Srpaulo "passwordPASSWORDpassword", 1173281681Srpaulo "saltSALTsaltSALTsaltSALTsaltSALTsalt", 1174281681Srpaulo 4096, 1175281681Srpaulo { 1176281681Srpaulo 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b, 1177281681Srpaulo 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a, 1178281681Srpaulo 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70, 1179281681Srpaulo 0x38 1180281681Srpaulo }, 1181281681Srpaulo 25 1182281681Srpaulo }, 1183281681Srpaulo#if 0 /* \0 not currently supported in passphrase parameters.. */ 1184281681Srpaulo { 1185281681Srpaulo "pass\0word", 1186281681Srpaulo "sa\0lt", 1187281681Srpaulo 4096, 1188281681Srpaulo { 1189281681Srpaulo 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d, 1190281681Srpaulo 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3 1191281681Srpaulo }, 1192281681Srpaulo 16 1193281681Srpaulo }, 1194281681Srpaulo#endif 1195281681Srpaulo}; 1196281681Srpaulo 1197281681Srpaulo#define NUM_RFC6070_TESTS ARRAY_SIZE(rfc6070_tests) 1198281681Srpaulo 1199281681Srpaulo 1200281681Srpaulostatic int test_sha1(void) 1201281681Srpaulo{ 1202281681Srpaulo u8 res[512]; 1203281681Srpaulo int ret = 0; 1204281681Srpaulo unsigned int i; 1205281681Srpaulo 1206281681Srpaulo wpa_printf(MSG_INFO, "PRF-SHA1 test cases:"); 1207281681Srpaulo 1208281681Srpaulo if (sha1_prf(key0, sizeof(key0), "prefix", data0, sizeof(data0) - 1, 1209281681Srpaulo res, sizeof(prf0)) == 0 && 1210281681Srpaulo os_memcmp(res, prf0, sizeof(prf0)) == 0) 1211281681Srpaulo wpa_printf(MSG_INFO, "Test case 0 - OK"); 1212281681Srpaulo else { 1213281681Srpaulo wpa_printf(MSG_INFO, "Test case 0 - FAILED!"); 1214281681Srpaulo ret++; 1215281681Srpaulo } 1216281681Srpaulo 1217281681Srpaulo if (sha1_prf(key1, sizeof(key1) - 1, "prefix", data1, sizeof(data1) - 1, 1218281681Srpaulo res, sizeof(prf1)) == 0 && 1219281681Srpaulo os_memcmp(res, prf1, sizeof(prf1)) == 0) 1220281681Srpaulo wpa_printf(MSG_INFO, "Test case 1 - OK"); 1221281681Srpaulo else { 1222281681Srpaulo wpa_printf(MSG_INFO, "Test case 1 - FAILED!"); 1223281681Srpaulo ret++; 1224281681Srpaulo } 1225281681Srpaulo 1226281681Srpaulo if (sha1_prf(key2, sizeof(key2), "prefix", data2, sizeof(data2), 1227281681Srpaulo res, sizeof(prf2)) == 0 && 1228281681Srpaulo os_memcmp(res, prf2, sizeof(prf2)) == 0) 1229281681Srpaulo wpa_printf(MSG_INFO, "Test case 2 - OK"); 1230281681Srpaulo else { 1231281681Srpaulo wpa_printf(MSG_INFO, "Test case 2 - FAILED!"); 1232281681Srpaulo ret++; 1233281681Srpaulo } 1234281681Srpaulo 1235281681Srpaulo ret += test_eap_fast(); 1236281681Srpaulo 1237281681Srpaulo wpa_printf(MSG_INFO, "PBKDF2-SHA1 Passphrase test cases:"); 1238281681Srpaulo for (i = 0; i < NUM_PASSPHRASE_TESTS; i++) { 1239281681Srpaulo u8 psk[32]; 1240289549Srpaulo const struct passphrase_test *test = &passphrase_tests[i]; 1241281681Srpaulo 1242281681Srpaulo if (pbkdf2_sha1(test->passphrase, 1243281681Srpaulo (const u8 *) test->ssid, strlen(test->ssid), 1244281681Srpaulo 4096, psk, 32) == 0 && 1245281681Srpaulo os_memcmp(psk, test->psk, 32) == 0) 1246281681Srpaulo wpa_printf(MSG_INFO, "Test case %d - OK", i); 1247281681Srpaulo else { 1248281681Srpaulo wpa_printf(MSG_INFO, "Test case %d - FAILED!", i); 1249281681Srpaulo ret++; 1250281681Srpaulo } 1251281681Srpaulo } 1252281681Srpaulo 1253281681Srpaulo wpa_printf(MSG_INFO, "PBKDF2-SHA1 test cases (RFC 6070):"); 1254281681Srpaulo for (i = 0; i < NUM_RFC6070_TESTS; i++) { 1255281681Srpaulo u8 dk[25]; 1256289549Srpaulo const struct rfc6070_test *test = &rfc6070_tests[i]; 1257281681Srpaulo 1258281681Srpaulo if (pbkdf2_sha1(test->p, (const u8 *) test->s, strlen(test->s), 1259281681Srpaulo test->c, dk, test->dk_len) == 0 && 1260281681Srpaulo os_memcmp(dk, test->dk, test->dk_len) == 0) 1261281681Srpaulo wpa_printf(MSG_INFO, "Test case %d - OK", i); 1262281681Srpaulo else { 1263281681Srpaulo wpa_printf(MSG_INFO, "Test case %d - FAILED!", i); 1264281681Srpaulo ret++; 1265281681Srpaulo } 1266281681Srpaulo } 1267281681Srpaulo 1268281681Srpaulo if (!ret) 1269281681Srpaulo wpa_printf(MSG_INFO, "SHA1 test cases passed"); 1270281681Srpaulo return ret; 1271281681Srpaulo} 1272281681Srpaulo 1273281681Srpaulo 1274337817Scystatic const struct { 1275281681Srpaulo char *data; 1276281681Srpaulo u8 hash[32]; 1277281681Srpaulo} tests[] = { 1278281681Srpaulo { 1279281681Srpaulo "abc", 1280281681Srpaulo { 1281281681Srpaulo 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 1282281681Srpaulo 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, 1283281681Srpaulo 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 1284281681Srpaulo 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad 1285281681Srpaulo } 1286281681Srpaulo }, 1287281681Srpaulo { 1288281681Srpaulo "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1289281681Srpaulo { 1290281681Srpaulo 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, 1291281681Srpaulo 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, 1292281681Srpaulo 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, 1293281681Srpaulo 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1 1294281681Srpaulo } 1295281681Srpaulo } 1296281681Srpaulo}; 1297281681Srpaulo 1298337817Scystatic const struct hmac_test { 1299346981Scy u8 key[150]; 1300281681Srpaulo size_t key_len; 1301346981Scy u8 data[160]; 1302281681Srpaulo size_t data_len; 1303346981Scy u8 hash[32]; /* HMAC-SHA-256 */ 1304346981Scy u8 hash384[48]; /* HMAC-SHA-384 */ 1305281681Srpaulo} hmac_tests[] = { 1306346981Scy /* draft-ietf-ipsec-ciph-sha-256-01.txt; RFC 4231 */ 1307281681Srpaulo { 1308281681Srpaulo { 1309281681Srpaulo 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1310281681Srpaulo 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1311281681Srpaulo 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1312281681Srpaulo 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 1313281681Srpaulo }, 1314281681Srpaulo 32, 1315281681Srpaulo "abc", 3, 1316281681Srpaulo { 1317281681Srpaulo 0xa2, 0x1b, 0x1f, 0x5d, 0x4c, 0xf4, 0xf7, 0x3a, 1318281681Srpaulo 0x4d, 0xd9, 0x39, 0x75, 0x0f, 0x7a, 0x06, 0x6a, 1319281681Srpaulo 0x7f, 0x98, 0xcc, 0x13, 0x1c, 0xb1, 0x6a, 0x66, 1320281681Srpaulo 0x92, 0x75, 0x90, 0x21, 0xcf, 0xab, 0x81, 0x81 1321346981Scy }, 1322346981Scy { } 1323281681Srpaulo }, 1324281681Srpaulo { 1325281681Srpaulo { 1326281681Srpaulo 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1327281681Srpaulo 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1328281681Srpaulo 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1329281681Srpaulo 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 1330281681Srpaulo }, 1331281681Srpaulo 32, 1332281681Srpaulo "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1333281681Srpaulo 56, 1334281681Srpaulo { 1335281681Srpaulo 0x10, 0x4f, 0xdc, 0x12, 0x57, 0x32, 0x8f, 0x08, 1336281681Srpaulo 0x18, 0x4b, 0xa7, 0x31, 0x31, 0xc5, 0x3c, 0xae, 1337281681Srpaulo 0xe6, 0x98, 0xe3, 0x61, 0x19, 0x42, 0x11, 0x49, 1338281681Srpaulo 0xea, 0x8c, 0x71, 0x24, 0x56, 0x69, 0x7d, 0x30 1339346981Scy }, 1340346981Scy { } 1341281681Srpaulo }, 1342281681Srpaulo { 1343281681Srpaulo { 1344281681Srpaulo 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1345281681Srpaulo 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1346281681Srpaulo 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1347281681Srpaulo 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 1348281681Srpaulo }, 1349281681Srpaulo 32, 1350281681Srpaulo "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" 1351281681Srpaulo "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1352281681Srpaulo 112, 1353281681Srpaulo { 1354281681Srpaulo 0x47, 0x03, 0x05, 0xfc, 0x7e, 0x40, 0xfe, 0x34, 1355281681Srpaulo 0xd3, 0xee, 0xb3, 0xe7, 0x73, 0xd9, 0x5a, 0xab, 1356281681Srpaulo 0x73, 0xac, 0xf0, 0xfd, 0x06, 0x04, 0x47, 0xa5, 1357281681Srpaulo 0xeb, 0x45, 0x95, 0xbf, 0x33, 0xa9, 0xd1, 0xa3 1358346981Scy }, 1359346981Scy { } 1360281681Srpaulo }, 1361281681Srpaulo { 1362281681Srpaulo { 1363281681Srpaulo 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1364281681Srpaulo 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1365281681Srpaulo 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1366281681Srpaulo 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b 1367281681Srpaulo }, 1368281681Srpaulo 32, 1369281681Srpaulo "Hi There", 1370281681Srpaulo 8, 1371281681Srpaulo { 1372281681Srpaulo 0x19, 0x8a, 0x60, 0x7e, 0xb4, 0x4b, 0xfb, 0xc6, 1373281681Srpaulo 0x99, 0x03, 0xa0, 0xf1, 0xcf, 0x2b, 0xbd, 0xc5, 1374281681Srpaulo 0xba, 0x0a, 0xa3, 0xf3, 0xd9, 0xae, 0x3c, 0x1c, 1375281681Srpaulo 0x7a, 0x3b, 0x16, 0x96, 0xa0, 0xb6, 0x8c, 0xf7 1376346981Scy }, 1377346981Scy { } 1378346981Scy }, 1379346981Scy { /* RFC 4231 - Test Case 1 */ 1380346981Scy { 1381346981Scy 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1382346981Scy 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1383346981Scy 0x0b, 0x0b, 0x0b, 0x0b 1384346981Scy }, 1385346981Scy 20, 1386346981Scy "Hi There", 1387346981Scy 8, 1388346981Scy { 1389346981Scy 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 1390346981Scy 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 1391346981Scy 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 1392346981Scy 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7 1393346981Scy }, 1394346981Scy { 1395346981Scy 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 1396346981Scy 0x6b, 0x08, 0x25, 0xf4, 0xab, 0x46, 0x90, 0x7f, 1397346981Scy 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6, 1398346981Scy 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, 1399346981Scy 0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f, 1400346981Scy 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6 1401281681Srpaulo } 1402281681Srpaulo }, 1403346981Scy { /* RFC 4231 - Test Case 2 */ 1404281681Srpaulo "Jefe", 1405281681Srpaulo 4, 1406281681Srpaulo "what do ya want for nothing?", 1407281681Srpaulo 28, 1408281681Srpaulo { 1409281681Srpaulo 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 1410281681Srpaulo 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7, 1411281681Srpaulo 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83, 1412281681Srpaulo 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43 1413346981Scy }, 1414346981Scy { 1415346981Scy 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31, 1416346981Scy 0x61, 0x7f, 0x78, 0xd2, 0xb5, 0x8a, 0x6b, 0x1b, 1417346981Scy 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47, 1418346981Scy 0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e, 1419346981Scy 0x8e, 0x22, 0x40, 0xca, 0x5e, 0x69, 0xe2, 0xc7, 1420346981Scy 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49 1421281681Srpaulo } 1422281681Srpaulo }, 1423281681Srpaulo { 1424281681Srpaulo { 1425281681Srpaulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1426281681Srpaulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1427281681Srpaulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1428281681Srpaulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa 1429281681Srpaulo }, 1430281681Srpaulo 32, 1431281681Srpaulo { 1432281681Srpaulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1433281681Srpaulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1434281681Srpaulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1435281681Srpaulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1436281681Srpaulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1437281681Srpaulo 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1438281681Srpaulo 0xdd, 0xdd 1439281681Srpaulo }, 1440281681Srpaulo 50, 1441281681Srpaulo { 1442281681Srpaulo 0xcd, 0xcb, 0x12, 0x20, 0xd1, 0xec, 0xcc, 0xea, 1443281681Srpaulo 0x91, 0xe5, 0x3a, 0xba, 0x30, 0x92, 0xf9, 0x62, 1444281681Srpaulo 0xe5, 0x49, 0xfe, 0x6c, 0xe9, 0xed, 0x7f, 0xdc, 1445281681Srpaulo 0x43, 0x19, 0x1f, 0xbd, 0xe4, 0x5c, 0x30, 0xb0 1446346981Scy }, 1447346981Scy { } 1448346981Scy }, 1449346981Scy { /* RFC 4231 - Test Case 3 */ 1450346981Scy { 1451346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1452346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1453346981Scy 0xaa, 0xaa, 0xaa, 0xaa 1454346981Scy }, 1455346981Scy 20, 1456346981Scy { 1457346981Scy 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1458346981Scy 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1459346981Scy 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1460346981Scy 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1461346981Scy 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1462346981Scy 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 1463346981Scy 0xdd, 0xdd 1464346981Scy }, 1465346981Scy 50, 1466346981Scy { 1467346981Scy 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 1468346981Scy 0x85, 0x4d, 0xb8, 0xeb, 0xd0, 0x91, 0x81, 0xa7, 1469346981Scy 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8, 0xc1, 0x22, 1470346981Scy 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe 1471346981Scy }, 1472346981Scy { 1473346981Scy 0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a, 1474346981Scy 0x0a, 0xa2, 0xac, 0xe0, 0x14, 0xc8, 0xa8, 0x6f, 1475346981Scy 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb, 1476346981Scy 0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b, 1477346981Scy 0x2a, 0x5a, 0xb3, 0x9d, 0xc1, 0x38, 0x14, 0xb9, 1478346981Scy 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27 1479281681Srpaulo } 1480281681Srpaulo }, 1481281681Srpaulo { 1482281681Srpaulo { 1483281681Srpaulo 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1484281681Srpaulo 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1485281681Srpaulo 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1486281681Srpaulo 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 1487281681Srpaulo 0x21, 0x22, 0x23, 0x24, 0x25 1488281681Srpaulo }, 1489281681Srpaulo 37, 1490281681Srpaulo { 1491281681Srpaulo 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1492281681Srpaulo 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1493281681Srpaulo 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1494281681Srpaulo 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1495281681Srpaulo 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1496281681Srpaulo 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1497281681Srpaulo 0xcd, 0xcd 1498281681Srpaulo }, 1499281681Srpaulo 50, 1500281681Srpaulo { 1501281681Srpaulo 0xd4, 0x63, 0x3c, 0x17, 0xf6, 0xfb, 0x8d, 0x74, 1502281681Srpaulo 0x4c, 0x66, 0xde, 0xe0, 0xf8, 0xf0, 0x74, 0x55, 1503281681Srpaulo 0x6e, 0xc4, 0xaf, 0x55, 0xef, 0x07, 0x99, 0x85, 1504281681Srpaulo 0x41, 0x46, 0x8e, 0xb4, 0x9b, 0xd2, 0xe9, 0x17 1505346981Scy }, 1506346981Scy { } 1507346981Scy }, 1508346981Scy { /* RFC 4231 - Test Case 4 */ 1509346981Scy { 1510346981Scy 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1511346981Scy 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1512346981Scy 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1513346981Scy 0x19, 1514346981Scy }, 1515346981Scy 25, 1516346981Scy { 1517346981Scy 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1518346981Scy 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1519346981Scy 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1520346981Scy 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1521346981Scy 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1522346981Scy 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 1523346981Scy 0xcd, 0xcd 1524346981Scy }, 1525346981Scy 50, 1526346981Scy { 1527346981Scy 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 1528346981Scy 0xa4, 0xcc, 0x81, 0x98, 0x99, 0xf2, 0x08, 0x3a, 1529346981Scy 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78, 0xf8, 0x07, 1530346981Scy 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b 1531346981Scy }, 1532346981Scy { 1533346981Scy 0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85, 1534346981Scy 0x19, 0x33, 0xab, 0x62, 0x90, 0xaf, 0x6c, 0xa7, 1535346981Scy 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c, 1536346981Scy 0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e, 1537346981Scy 0x68, 0x01, 0xdd, 0x23, 0xc4, 0xa7, 0xd6, 0x79, 1538346981Scy 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb 1539281681Srpaulo } 1540281681Srpaulo }, 1541281681Srpaulo { 1542281681Srpaulo { 1543281681Srpaulo 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 1544281681Srpaulo 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 1545281681Srpaulo 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 1546281681Srpaulo 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c 1547281681Srpaulo }, 1548281681Srpaulo 32, 1549281681Srpaulo "Test With Truncation", 1550281681Srpaulo 20, 1551281681Srpaulo { 1552281681Srpaulo 0x75, 0x46, 0xaf, 0x01, 0x84, 0x1f, 0xc0, 0x9b, 1553281681Srpaulo 0x1a, 0xb9, 0xc3, 0x74, 0x9a, 0x5f, 0x1c, 0x17, 1554281681Srpaulo 0xd4, 0xf5, 0x89, 0x66, 0x8a, 0x58, 0x7b, 0x27, 1555281681Srpaulo 0x00, 0xa9, 0xc9, 0x7c, 0x11, 0x93, 0xcf, 0x42 1556346981Scy }, 1557346981Scy { } 1558281681Srpaulo }, 1559281681Srpaulo { 1560281681Srpaulo { 1561281681Srpaulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1562281681Srpaulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1563281681Srpaulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1564281681Srpaulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1565281681Srpaulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1566281681Srpaulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1567281681Srpaulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1568281681Srpaulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1569281681Srpaulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1570281681Srpaulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa 1571281681Srpaulo }, 1572281681Srpaulo 80, 1573281681Srpaulo "Test Using Larger Than Block-Size Key - Hash Key First", 1574281681Srpaulo 54, 1575281681Srpaulo { 1576281681Srpaulo 0x69, 0x53, 0x02, 0x5e, 0xd9, 0x6f, 0x0c, 0x09, 1577281681Srpaulo 0xf8, 0x0a, 0x96, 0xf7, 0x8e, 0x65, 0x38, 0xdb, 1578281681Srpaulo 0xe2, 0xe7, 0xb8, 0x20, 0xe3, 0xdd, 0x97, 0x0e, 1579281681Srpaulo 0x7d, 0xdd, 0x39, 0x09, 0x1b, 0x32, 0x35, 0x2f 1580346981Scy }, 1581346981Scy { } 1582346981Scy }, 1583346981Scy { /* RFC 4231 - Test Case 6 */ 1584346981Scy { 1585346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1586346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1587346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1588346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1589346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1590346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1591346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1592346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1593346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1594346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1595346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1596346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1597346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1598346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1599346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1600346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1601346981Scy 0xaa, 0xaa, 0xaa 1602346981Scy }, 1603346981Scy 131, 1604346981Scy "Test Using Larger Than Block-Size Key - Hash Key First", 1605346981Scy 54, 1606346981Scy { 1607346981Scy 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 1608346981Scy 0x0d, 0x8a, 0x26, 0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 1609346981Scy 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28, 0xc5, 0x14, 1610346981Scy 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54 1611346981Scy }, 1612346981Scy { 1613346981Scy 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90, 1614346981Scy 0x88, 0xd2, 0xc6, 0x3a, 0x04, 0x1b, 0xc5, 0xb4, 1615346981Scy 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f, 1616346981Scy 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6, 1617346981Scy 0x0c, 0x2e, 0xf6, 0xab, 0x40, 0x30, 0xfe, 0x82, 1618346981Scy 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52 1619281681Srpaulo } 1620281681Srpaulo }, 1621281681Srpaulo { 1622281681Srpaulo { 1623281681Srpaulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1624281681Srpaulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1625281681Srpaulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1626281681Srpaulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1627281681Srpaulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1628281681Srpaulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1629281681Srpaulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1630281681Srpaulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1631281681Srpaulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1632281681Srpaulo 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa 1633281681Srpaulo }, 1634281681Srpaulo 80, 1635281681Srpaulo "Test Using Larger Than Block-Size Key and Larger Than One " 1636281681Srpaulo "Block-Size Data", 1637281681Srpaulo 73, 1638281681Srpaulo { 1639281681Srpaulo 0x63, 0x55, 0xac, 0x22, 0xe8, 0x90, 0xd0, 0xa3, 1640281681Srpaulo 0xc8, 0x48, 0x1a, 0x5c, 0xa4, 0x82, 0x5b, 0xc8, 1641281681Srpaulo 0x84, 0xd3, 0xe7, 0xa1, 0xff, 0x98, 0xa2, 0xfc, 1642281681Srpaulo 0x2a, 0xc7, 0xd8, 0xe0, 0x64, 0xc3, 0xb2, 0xe6 1643346981Scy }, 1644346981Scy { } 1645346981Scy }, 1646346981Scy { /* RFC 4231 - Test Case 7 */ 1647346981Scy { 1648346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1649346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1650346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1651346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1652346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1653346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1654346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1655346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1656346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1657346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1658346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1659346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1660346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1661346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1662346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1663346981Scy 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1664346981Scy 0xaa, 0xaa, 0xaa 1665346981Scy }, 1666346981Scy 131, 1667346981Scy "This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.", 1668346981Scy 152, 1669346981Scy { 1670346981Scy 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 1671346981Scy 0x27, 0x63, 0x5f, 0xbc, 0xd5, 0xb0, 0xe9, 0x44, 1672346981Scy 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07, 0x13, 0x93, 1673346981Scy 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2 1674346981Scy }, 1675346981Scy { 1676346981Scy 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d, 1677346981Scy 0x35, 0x1e, 0x2f, 0x25, 0x4e, 0x8f, 0xd3, 0x2c, 1678346981Scy 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a, 1679346981Scy 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5, 1680346981Scy 0xa6, 0x78, 0xcc, 0x31, 0xe7, 0x99, 0x17, 0x6d, 1681346981Scy 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e 1682281681Srpaulo } 1683281681Srpaulo } 1684281681Srpaulo}; 1685281681Srpaulo 1686281681Srpaulo 1687281681Srpaulostatic int test_sha256(void) 1688281681Srpaulo{ 1689281681Srpaulo unsigned int i; 1690281681Srpaulo u8 hash[32]; 1691281681Srpaulo const u8 *addr[2]; 1692281681Srpaulo size_t len[2]; 1693281681Srpaulo int errors = 0; 1694337817Scy u8 *key; 1695281681Srpaulo 1696281681Srpaulo for (i = 0; i < ARRAY_SIZE(tests); i++) { 1697281681Srpaulo wpa_printf(MSG_INFO, "SHA256 test case %d:", i + 1); 1698281681Srpaulo 1699281681Srpaulo addr[0] = (u8 *) tests[i].data; 1700281681Srpaulo len[0] = strlen(tests[i].data); 1701281681Srpaulo sha256_vector(1, addr, len, hash); 1702281681Srpaulo if (memcmp(hash, tests[i].hash, 32) != 0) { 1703281681Srpaulo wpa_printf(MSG_INFO, " FAIL"); 1704281681Srpaulo errors++; 1705281681Srpaulo } else 1706281681Srpaulo wpa_printf(MSG_INFO, " OK"); 1707281681Srpaulo 1708281681Srpaulo if (len[0]) { 1709281681Srpaulo addr[0] = (u8 *) tests[i].data; 1710281681Srpaulo len[0] = 1; 1711281681Srpaulo addr[1] = (u8 *) tests[i].data + 1; 1712281681Srpaulo len[1] = strlen(tests[i].data) - 1; 1713281681Srpaulo sha256_vector(2, addr, len, hash); 1714281681Srpaulo if (memcmp(hash, tests[i].hash, 32) != 0) { 1715281681Srpaulo wpa_printf(MSG_INFO, " FAIL"); 1716281681Srpaulo errors++; 1717281681Srpaulo } else 1718281681Srpaulo wpa_printf(MSG_INFO, " OK"); 1719281681Srpaulo } 1720281681Srpaulo } 1721281681Srpaulo 1722281681Srpaulo for (i = 0; i < ARRAY_SIZE(hmac_tests); i++) { 1723289549Srpaulo const struct hmac_test *t = &hmac_tests[i]; 1724281681Srpaulo 1725281681Srpaulo wpa_printf(MSG_INFO, "HMAC-SHA256 test case %d:", i + 1); 1726281681Srpaulo 1727281681Srpaulo if (hmac_sha256(t->key, t->key_len, t->data, t->data_len, 1728281681Srpaulo hash) < 0 || 1729281681Srpaulo os_memcmp(hash, t->hash, 32) != 0) { 1730281681Srpaulo wpa_printf(MSG_INFO, " FAIL"); 1731281681Srpaulo errors++; 1732281681Srpaulo } else 1733281681Srpaulo wpa_printf(MSG_INFO, " OK"); 1734281681Srpaulo 1735281681Srpaulo addr[0] = t->data; 1736281681Srpaulo len[0] = t->data_len; 1737281681Srpaulo if (hmac_sha256_vector(t->key, t->key_len, 1, addr, len, 1738281681Srpaulo hash) < 0 || 1739281681Srpaulo os_memcmp(hash, t->hash, 32) != 0) { 1740281681Srpaulo wpa_printf(MSG_INFO, " FAIL"); 1741281681Srpaulo errors++; 1742281681Srpaulo } else 1743281681Srpaulo wpa_printf(MSG_INFO, " OK"); 1744281681Srpaulo 1745281681Srpaulo if (len[0]) { 1746281681Srpaulo addr[0] = t->data; 1747281681Srpaulo len[0] = 1; 1748281681Srpaulo addr[1] = t->data + 1; 1749281681Srpaulo len[1] = t->data_len - 1; 1750281681Srpaulo if (hmac_sha256_vector(t->key, t->key_len, 2, addr, len, 1751281681Srpaulo hash) < 0 || 1752281681Srpaulo os_memcmp(hash, t->hash, 32) != 0) { 1753281681Srpaulo wpa_printf(MSG_INFO, " FAIL"); 1754281681Srpaulo errors++; 1755281681Srpaulo } else 1756281681Srpaulo wpa_printf(MSG_INFO, " OK"); 1757281681Srpaulo } 1758281681Srpaulo } 1759281681Srpaulo 1760281681Srpaulo wpa_printf(MSG_INFO, "Test IEEE 802.11r KDF"); 1761281681Srpaulo sha256_prf((u8 *) "abc", 3, "KDF test", (u8 *) "data", 4, 1762281681Srpaulo hash, sizeof(hash)); 1763281681Srpaulo /* TODO: add proper test case for this */ 1764281681Srpaulo 1765337817Scy key = os_malloc(8161); 1766337817Scy if (key) { 1767337817Scy#ifdef CONFIG_HMAC_SHA256_KDF 1768337817Scy int res; 1769337817Scy 1770337817Scy res = hmac_sha256_kdf((u8 *) "secret", 6, "label", 1771337817Scy (u8 *) "seed", 4, key, 8160); 1772337817Scy if (res) { 1773337817Scy wpa_printf(MSG_INFO, 1774337817Scy "Unexpected hmac_sha256_kdf(outlen=8160) failure"); 1775337817Scy errors++; 1776337817Scy } 1777337817Scy 1778337817Scy res = hmac_sha256_kdf((u8 *) "secret", 6, "label", 1779337817Scy (u8 *) "seed", 4, key, 8161); 1780337817Scy if (res == 0) { 1781337817Scy wpa_printf(MSG_INFO, 1782337817Scy "Unexpected hmac_sha256_kdf(outlen=8161) success"); 1783337817Scy errors++; 1784337817Scy } 1785337817Scy#endif /* CONFIG_HMAC_SHA256_KDF */ 1786337817Scy 1787337817Scy os_free(key); 1788337817Scy } 1789337817Scy 1790281681Srpaulo if (!errors) 1791281681Srpaulo wpa_printf(MSG_INFO, "SHA256 test cases passed"); 1792281681Srpaulo return errors; 1793281681Srpaulo} 1794281681Srpaulo 1795281681Srpaulo 1796346981Scystatic int test_sha384(void) 1797346981Scy{ 1798346981Scy#ifdef CONFIG_SHA384 1799346981Scy unsigned int i; 1800346981Scy u8 hash[48]; 1801346981Scy const u8 *addr[2]; 1802346981Scy size_t len[2]; 1803346981Scy int errors = 0; 1804346981Scy const char *data = "hello"; 1805346981Scy const u8 hash_res[] = { 1806346981Scy 0x59, 0xe1, 0x74, 0x87, 0x77, 0x44, 0x8c, 0x69, 1807346981Scy 0xde, 0x6b, 0x80, 0x0d, 0x7a, 0x33, 0xbb, 0xfb, 1808346981Scy 0x9f, 0xf1, 0xb4, 0x63, 0xe4, 0x43, 0x54, 0xc3, 1809346981Scy 0x55, 0x3b, 0xcd, 0xb9, 0xc6, 0x66, 0xfa, 0x90, 1810346981Scy 0x12, 0x5a, 0x3c, 0x79, 0xf9, 0x03, 0x97, 0xbd, 1811346981Scy 0xf5, 0xf6, 0xa1, 0x3d, 0xe8, 0x28, 0x68, 0x4f 1812346981Scy }; 1813346981Scy 1814346981Scy addr[0] = (const u8 *) data; 1815346981Scy len[0] = 5; 1816346981Scy if (sha384_vector(1, addr, len, hash) < 0 || 1817346981Scy os_memcmp(hash, hash_res, 48) != 0) { 1818346981Scy wpa_printf(MSG_INFO, "SHA384 test case 1: FAIL"); 1819346981Scy errors++; 1820346981Scy } else { 1821346981Scy wpa_printf(MSG_INFO, "SHA384 test case 1: OK"); 1822346981Scy } 1823346981Scy 1824346981Scy addr[0] = (const u8 *) data; 1825346981Scy len[0] = 4; 1826346981Scy addr[1] = (const u8 *) data + 4; 1827346981Scy len[1] = 1; 1828346981Scy if (sha384_vector(2, addr, len, hash) < 0 || 1829346981Scy os_memcmp(hash, hash_res, 48) != 0) { 1830346981Scy wpa_printf(MSG_INFO, "SHA384 test case 2: FAIL"); 1831346981Scy errors++; 1832346981Scy } else { 1833346981Scy wpa_printf(MSG_INFO, "SHA384 test case 2: OK"); 1834346981Scy } 1835346981Scy 1836346981Scy for (i = 0; i < ARRAY_SIZE(hmac_tests); i++) { 1837346981Scy const struct hmac_test *t = &hmac_tests[i]; 1838346981Scy 1839346981Scy if (t->hash384[0] == 0 && t->hash384[1] == 0 && 1840346981Scy t->hash384[2] == 0 && t->hash384[3] == 0) 1841346981Scy continue; 1842346981Scy wpa_printf(MSG_INFO, "HMAC-SHA384 test case %d:", i + 1); 1843346981Scy 1844346981Scy if (hmac_sha384(t->key, t->key_len, t->data, t->data_len, 1845346981Scy hash) < 0 || 1846346981Scy os_memcmp(hash, t->hash384, 48) != 0) { 1847346981Scy wpa_printf(MSG_INFO, " FAIL"); 1848346981Scy errors++; 1849346981Scy } else 1850346981Scy wpa_printf(MSG_INFO, " OK"); 1851346981Scy 1852346981Scy addr[0] = t->data; 1853346981Scy len[0] = t->data_len; 1854346981Scy if (hmac_sha384_vector(t->key, t->key_len, 1, addr, len, 1855346981Scy hash) < 0 || 1856346981Scy os_memcmp(hash, t->hash384, 48) != 0) { 1857346981Scy wpa_printf(MSG_INFO, " FAIL"); 1858346981Scy errors++; 1859346981Scy } else 1860346981Scy wpa_printf(MSG_INFO, " OK"); 1861346981Scy 1862346981Scy if (len[0]) { 1863346981Scy addr[0] = t->data; 1864346981Scy len[0] = 1; 1865346981Scy addr[1] = t->data + 1; 1866346981Scy len[1] = t->data_len - 1; 1867346981Scy if (hmac_sha384_vector(t->key, t->key_len, 2, addr, len, 1868346981Scy hash) < 0 || 1869346981Scy os_memcmp(hash, t->hash384, 48) != 0) { 1870346981Scy wpa_printf(MSG_INFO, " FAIL"); 1871346981Scy errors++; 1872346981Scy } else 1873346981Scy wpa_printf(MSG_INFO, " OK"); 1874346981Scy } 1875346981Scy } 1876346981Scy 1877346981Scy if (!errors) 1878346981Scy wpa_printf(MSG_INFO, "SHA384 test cases passed"); 1879346981Scy return errors; 1880346981Scy#else /* CONFIG_SHA384 */ 1881346981Scy return 0; 1882346981Scy#endif /* CONFIG_SHA384 */ 1883346981Scy} 1884346981Scy 1885346981Scy 1886337817Scystatic int test_fips186_2_prf(void) 1887337817Scy{ 1888337817Scy /* http://csrc.nist.gov/encryption/dss/Examples-1024bit.pdf */ 1889337817Scy u8 xkey[] = { 1890337817Scy 0xbd, 0x02, 0x9b, 0xbe, 0x7f, 0x51, 0x96, 0x0b, 1891337817Scy 0xcf, 0x9e, 0xdb, 0x2b, 0x61, 0xf0, 0x6f, 0x0f, 1892337817Scy 0xeb, 0x5a, 0x38, 0xb6 1893337817Scy }; 1894337817Scy u8 w[] = { 1895337817Scy 0x20, 0x70, 0xb3, 0x22, 0x3d, 0xba, 0x37, 0x2f, 1896337817Scy 0xde, 0x1c, 0x0f, 0xfc, 0x7b, 0x2e, 0x3b, 0x49, 1897337817Scy 0x8b, 0x26, 0x06, 0x14, 0x3c, 0x6c, 0x18, 0xba, 1898337817Scy 0xcb, 0x0f, 0x6c, 0x55, 0xba, 0xbb, 0x13, 0x78, 1899337817Scy 0x8e, 0x20, 0xd7, 0x37, 0xa3, 0x27, 0x51, 0x16 1900337817Scy }; 1901337817Scy u8 buf[40]; 1902337817Scy 1903337817Scy wpa_printf(MSG_INFO, 1904337817Scy "Testing EAP-SIM PRF (FIPS 186-2 + change notice 1)"); 1905337817Scy if (fips186_2_prf(xkey, sizeof(xkey), buf, sizeof(buf)) < 0 || 1906337817Scy os_memcmp(w, buf, sizeof(w)) != 0) { 1907337817Scy wpa_printf(MSG_INFO, "fips186_2_prf failed"); 1908337817Scy return 1; 1909337817Scy } 1910337817Scy 1911337817Scy return 0; 1912337817Scy} 1913337817Scy 1914337817Scy 1915346981Scystatic int test_extract_expand_hkdf(void) 1916346981Scy{ 1917346981Scy u8 prk[SHA256_MAC_LEN]; 1918346981Scy u8 okm[82]; 1919346981Scy 1920346981Scy /* RFC 5869, A.1 */ 1921346981Scy u8 ikm1[22] = { 1922346981Scy 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1923346981Scy 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 1924346981Scy 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b 1925346981Scy }; 1926346981Scy u8 salt1[13] = { 1927346981Scy 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 1928346981Scy 0x08, 0x09, 0x0a, 0x0b, 0x0c 1929346981Scy }; 1930346981Scy u8 info1[10] = { 1931346981Scy 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 1932346981Scy 0xf8, 0xf9 1933346981Scy }; 1934346981Scy u8 prk1[32] = { 1935346981Scy 0x07, 0x77, 0x09, 0x36, 0x2c, 0x2e, 0x32, 0xdf, 1936346981Scy 0x0d, 0xdc, 0x3f, 0x0d, 0xc4, 0x7b, 0xba, 0x63, 1937346981Scy 0x90, 0xb6, 0xc7, 0x3b, 0xb5, 0x0f, 0x9c, 0x31, 1938346981Scy 0x22, 0xec, 0x84, 0x4a, 0xd7, 0xc2, 0xb3, 0xe5 1939346981Scy }; 1940346981Scy u8 okm1[42] = { 1941346981Scy 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 1942346981Scy 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, 1943346981Scy 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c, 1944346981Scy 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf, 1945346981Scy 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, 1946346981Scy 0x58, 0x65 1947346981Scy }; 1948346981Scy 1949346981Scy /* RFC 5869, A.2 */ 1950346981Scy u8 ikm2[80] = { 1951346981Scy 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 1952346981Scy 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 1953346981Scy 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 1954346981Scy 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 1955346981Scy 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 1956346981Scy 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 1957346981Scy 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 1958346981Scy 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 1959346981Scy 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 1960346981Scy 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f 1961346981Scy }; 1962346981Scy u8 salt2[80] = { 1963346981Scy 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 1964346981Scy 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 1965346981Scy 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 1966346981Scy 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 1967346981Scy 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 1968346981Scy 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 1969346981Scy 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 1970346981Scy 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, 1971346981Scy 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 1972346981Scy 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf 1973346981Scy }; 1974346981Scy u8 info2[80] = { 1975346981Scy 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, 1976346981Scy 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, 1977346981Scy 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 1978346981Scy 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, 1979346981Scy 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, 1980346981Scy 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 1981346981Scy 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 1982346981Scy 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 1983346981Scy 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 1984346981Scy 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff 1985346981Scy }; 1986346981Scy u8 prk2[32] = { 1987346981Scy 0x06, 0xa6, 0xb8, 0x8c, 0x58, 0x53, 0x36, 0x1a, 1988346981Scy 0x06, 0x10, 0x4c, 0x9c, 0xeb, 0x35, 0xb4, 0x5c, 1989346981Scy 0xef, 0x76, 0x00, 0x14, 0x90, 0x46, 0x71, 0x01, 1990346981Scy 0x4a, 0x19, 0x3f, 0x40, 0xc1, 0x5f, 0xc2, 0x44 1991346981Scy }; 1992346981Scy u8 okm2[82] = { 1993346981Scy 0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1, 1994346981Scy 0xc8, 0xe7, 0xf7, 0x8c, 0x59, 0x6a, 0x49, 0x34, 1995346981Scy 0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, 0xfa, 0xd8, 1996346981Scy 0xa0, 0x50, 0xcc, 0x4c, 0x19, 0xaf, 0xa9, 0x7c, 1997346981Scy 0x59, 0x04, 0x5a, 0x99, 0xca, 0xc7, 0x82, 0x72, 1998346981Scy 0x71, 0xcb, 0x41, 0xc6, 0x5e, 0x59, 0x0e, 0x09, 1999346981Scy 0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8, 2000346981Scy 0x36, 0x77, 0x93, 0xa9, 0xac, 0xa3, 0xdb, 0x71, 2001346981Scy 0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, 0x3e, 0x87, 2002346981Scy 0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f, 2003346981Scy 0x1d, 0x87 2004346981Scy }; 2005346981Scy 2006346981Scy wpa_printf(MSG_INFO, "Testing Extract-and-Expand HKDF (RFC 5869)"); 2007346981Scy 2008346981Scy wpa_printf(MSG_INFO, "RFC 5869 - Test Case 1"); 2009346981Scy if (hmac_sha256(salt1, sizeof(salt1), ikm1, sizeof(ikm1), prk) < 0) 2010346981Scy return -1; 2011346981Scy if (os_memcmp(prk, prk1, SHA256_MAC_LEN) != 0) { 2012346981Scy wpa_printf(MSG_INFO, "HKDF-Extract mismatch in PRK"); 2013346981Scy return -1; 2014346981Scy } 2015346981Scy if (hmac_sha256_kdf(prk1, sizeof(prk1), NULL, info1, sizeof(info1), 2016346981Scy okm, sizeof(okm1)) < 0) 2017346981Scy return -1; 2018346981Scy if (os_memcmp(okm, okm1, sizeof(okm1)) != 0) { 2019346981Scy wpa_printf(MSG_INFO, "HKDF-Expand mismatch in OKM"); 2020346981Scy return -1; 2021346981Scy } 2022346981Scy 2023346981Scy wpa_printf(MSG_INFO, "RFC 5869 - Test Case 2"); 2024346981Scy if (hmac_sha256(salt2, sizeof(salt2), ikm2, sizeof(ikm2), prk) < 0) 2025346981Scy return -1; 2026346981Scy if (os_memcmp(prk, prk2, SHA256_MAC_LEN) != 0) { 2027346981Scy wpa_printf(MSG_INFO, "HKDF-Extract mismatch in PRK"); 2028346981Scy return -1; 2029346981Scy } 2030346981Scy if (hmac_sha256_kdf(prk2, sizeof(prk2), NULL, info2, sizeof(info2), 2031346981Scy okm, sizeof(okm2)) < 0) 2032346981Scy return -1; 2033346981Scy if (os_memcmp(okm, okm2, sizeof(okm2)) != 0) { 2034346981Scy wpa_printf(MSG_INFO, "HKDF-Expand mismatch in OKM"); 2035346981Scy return -1; 2036346981Scy } 2037346981Scy 2038346981Scy wpa_printf(MSG_INFO, "Extract-and-Expand HKDF test cases passed"); 2039346981Scy 2040346981Scy return 0; 2041346981Scy} 2042346981Scy 2043346981Scy 2044281681Srpaulostatic int test_ms_funcs(void) 2045281681Srpaulo{ 2046289549Srpaulo#ifndef CONFIG_FIPS 2047281681Srpaulo /* Test vector from RFC2759 example */ 2048281681Srpaulo char *username = "User"; 2049281681Srpaulo char *password = "clientPass"; 2050281681Srpaulo u8 auth_challenge[] = { 2051281681Srpaulo 0x5B, 0x5D, 0x7C, 0x7D, 0x7B, 0x3F, 0x2F, 0x3E, 2052281681Srpaulo 0x3C, 0x2C, 0x60, 0x21, 0x32, 0x26, 0x26, 0x28 2053281681Srpaulo }; 2054281681Srpaulo u8 peer_challenge[] = { 2055281681Srpaulo 0x21, 0x40, 0x23, 0x24, 0x25, 0x5E, 0x26, 0x2A, 2056281681Srpaulo 0x28, 0x29, 0x5F, 0x2B, 0x3A, 0x33, 0x7C, 0x7E 2057281681Srpaulo }; 2058281681Srpaulo u8 password_hash[] = { 2059281681Srpaulo 0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6, 2060281681Srpaulo 0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE 2061281681Srpaulo }; 2062281681Srpaulo u8 nt_response[] = { 2063281681Srpaulo 0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E, 2064281681Srpaulo 0xA0, 0x8F, 0xAA, 0x39, 0x81, 0xCD, 0x83, 0x54, 2065281681Srpaulo 0x42, 0x33, 0x11, 0x4A, 0x3D, 0x85, 0xD6, 0xDF 2066281681Srpaulo }; 2067281681Srpaulo u8 password_hash_hash[] = { 2068281681Srpaulo 0x41, 0xC0, 0x0C, 0x58, 0x4B, 0xD2, 0xD9, 0x1C, 2069281681Srpaulo 0x40, 0x17, 0xA2, 0xA1, 0x2F, 0xA5, 0x9F, 0x3F 2070281681Srpaulo }; 2071281681Srpaulo u8 authenticator_response[] = { 2072281681Srpaulo 0x40, 0x7A, 0x55, 0x89, 0x11, 0x5F, 0xD0, 0xD6, 2073281681Srpaulo 0x20, 0x9F, 0x51, 0x0F, 0xE9, 0xC0, 0x45, 0x66, 2074281681Srpaulo 0x93, 0x2C, 0xDA, 0x56 2075281681Srpaulo }; 2076281681Srpaulo u8 master_key[] = { 2077281681Srpaulo 0xFD, 0xEC, 0xE3, 0x71, 0x7A, 0x8C, 0x83, 0x8C, 2078281681Srpaulo 0xB3, 0x88, 0xE5, 0x27, 0xAE, 0x3C, 0xDD, 0x31 2079281681Srpaulo }; 2080281681Srpaulo u8 send_start_key[] = { 2081281681Srpaulo 0x8B, 0x7C, 0xDC, 0x14, 0x9B, 0x99, 0x3A, 0x1B, 2082281681Srpaulo 0xA1, 0x18, 0xCB, 0x15, 0x3F, 0x56, 0xDC, 0xCB 2083281681Srpaulo }; 2084281681Srpaulo u8 buf[32]; 2085281681Srpaulo int errors = 0; 2086281681Srpaulo 2087281681Srpaulo if (nt_password_hash((u8 *) password, os_strlen(password), buf) || 2088281681Srpaulo os_memcmp(password_hash, buf, sizeof(password_hash)) != 0) { 2089281681Srpaulo wpa_printf(MSG_ERROR, "nt_password_hash failed"); 2090281681Srpaulo errors++; 2091281681Srpaulo } 2092281681Srpaulo 2093281681Srpaulo if (generate_nt_response(auth_challenge, peer_challenge, 2094281681Srpaulo (u8 *) username, os_strlen(username), 2095281681Srpaulo (u8 *) password, os_strlen(password), buf) || 2096281681Srpaulo os_memcmp(nt_response, buf, sizeof(nt_response)) != 0) { 2097281681Srpaulo wpa_printf(MSG_ERROR, "generate_nt_response failed"); 2098281681Srpaulo errors++; 2099281681Srpaulo } 2100281681Srpaulo 2101281681Srpaulo if (hash_nt_password_hash(password_hash, buf) || 2102281681Srpaulo os_memcmp(password_hash_hash, buf, 2103281681Srpaulo sizeof(password_hash_hash)) != 0) { 2104281681Srpaulo wpa_printf(MSG_ERROR, "hash_nt_password_hash failed"); 2105281681Srpaulo errors++; 2106281681Srpaulo } 2107281681Srpaulo 2108281681Srpaulo if (generate_authenticator_response((u8 *) password, 2109281681Srpaulo os_strlen(password), 2110281681Srpaulo peer_challenge, auth_challenge, 2111281681Srpaulo (u8 *) username, 2112281681Srpaulo os_strlen(username), 2113281681Srpaulo nt_response, buf) || 2114281681Srpaulo os_memcmp(authenticator_response, buf, 2115281681Srpaulo sizeof(authenticator_response)) != 0) { 2116281681Srpaulo wpa_printf(MSG_ERROR, "generate_authenticator_response failed"); 2117281681Srpaulo errors++; 2118281681Srpaulo } 2119281681Srpaulo 2120281681Srpaulo if (get_master_key(password_hash_hash, nt_response, buf) || 2121281681Srpaulo os_memcmp(master_key, buf, sizeof(master_key)) != 0) { 2122281681Srpaulo wpa_printf(MSG_ERROR, "get_master_key failed"); 2123281681Srpaulo errors++; 2124281681Srpaulo } 2125281681Srpaulo 2126281681Srpaulo if (get_asymetric_start_key(master_key, buf, sizeof(send_start_key), 2127281681Srpaulo 1, 1) || 2128281681Srpaulo os_memcmp(send_start_key, buf, sizeof(send_start_key)) != 0) { 2129281681Srpaulo wpa_printf(MSG_ERROR, "get_asymetric_start_key failed"); 2130281681Srpaulo errors++; 2131281681Srpaulo } 2132281681Srpaulo 2133281681Srpaulo if (errors) 2134281681Srpaulo wpa_printf(MSG_ERROR, "ms_funcs: %d errors", errors); 2135281681Srpaulo else 2136281681Srpaulo wpa_printf(MSG_INFO, "ms_funcs test cases passed"); 2137281681Srpaulo 2138281681Srpaulo return errors; 2139289549Srpaulo#else /* CONFIG_FIPS */ 2140289549Srpaulo wpa_printf(MSG_INFO, "ms_funcs test cases skipped due to CONFIG_FIPS"); 2141289549Srpaulo return 0; 2142289549Srpaulo#endif /* CONFIG_FIPS */ 2143281681Srpaulo} 2144281681Srpaulo 2145281681Srpaulo 2146281681Srpauloint crypto_module_tests(void) 2147281681Srpaulo{ 2148281681Srpaulo int ret = 0; 2149281681Srpaulo 2150281681Srpaulo wpa_printf(MSG_INFO, "crypto module tests"); 2151281681Srpaulo if (test_siv() || 2152281681Srpaulo test_omac1() || 2153281681Srpaulo test_eax() || 2154281681Srpaulo test_cbc() || 2155281681Srpaulo test_ecb() || 2156281681Srpaulo test_key_wrap() || 2157281681Srpaulo test_md5() || 2158281681Srpaulo test_sha1() || 2159281681Srpaulo test_sha256() || 2160346981Scy test_sha384() || 2161337817Scy test_fips186_2_prf() || 2162346981Scy test_extract_expand_hkdf() || 2163281681Srpaulo test_ms_funcs()) 2164281681Srpaulo ret = -1; 2165281681Srpaulo 2166281681Srpaulo return ret; 2167281681Srpaulo} 2168