crypto_module_tests.c revision 289549 
1/*
2 * crypto module tests
3 * Copyright (c) 2014-2015, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#include "utils/includes.h"
10
11#include "utils/common.h"
12#include "crypto/aes_siv.h"
13#include "crypto/aes_wrap.h"
14#include "crypto/aes.h"
15#include "crypto/ms_funcs.h"
16#include "crypto/crypto.h"
17#include "crypto/sha1.h"
18#include "crypto/sha256.h"
19
20
21static int test_siv(void)
22{
23#ifdef CONFIG_MESH
24	/* RFC 5297, A.1. Deterministic Authenticated Encryption Example */
25	u8 key[] = {
26		0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
27		0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
28		0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
29		0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
30	};
31	u8 ad[] = {
32		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
33		0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
34		0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27
35	};
36	u8 plaintext[] = {
37		0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
38		0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee
39	};
40	u8 iv_c[] = {
41		0x85, 0x63, 0x2d, 0x07, 0xc6, 0xe8, 0xf3, 0x7f,
42		0x95, 0x0a, 0xcd, 0x32, 0x0a, 0x2e, 0xcc, 0x93,
43		0x40, 0xc0, 0x2b, 0x96, 0x90, 0xc4, 0xdc, 0x04,
44		0xda, 0xef, 0x7f, 0x6a, 0xfe, 0x5c
45	};
46	/* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */
47	u8 key_2[] = {
48		0x7f, 0x7e, 0x7d, 0x7c, 0x7b, 0x7a, 0x79, 0x78,
49		0x77, 0x76, 0x75, 0x74, 0x73, 0x72, 0x71, 0x70,
50		0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
51		0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
52	};
53	u8 ad1_2[] = {
54		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
55		0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
56		0xde, 0xad, 0xda, 0xda, 0xde, 0xad, 0xda, 0xda,
57		0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
58		0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00
59	};
60	u8 ad2_2[] = {
61		0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80,
62		0x90, 0xa0
63	};
64	u8 nonce_2[] = {
65		0x09, 0xf9, 0x11, 0x02, 0x9d, 0x74, 0xe3, 0x5b,
66		0xd8, 0x41, 0x56, 0xc5, 0x63, 0x56, 0x88, 0xc0
67	};
68	u8 plaintext_2[] = {
69		0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
70		0x73, 0x6f, 0x6d, 0x65, 0x20, 0x70, 0x6c, 0x61,
71		0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x20, 0x74,
72		0x6f, 0x20, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70,
73		0x74, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x20,
74		0x53, 0x49, 0x56, 0x2d, 0x41, 0x45, 0x53
75	};
76	u8 iv_c_2[] = {
77		0x7b, 0xdb, 0x6e, 0x3b, 0x43, 0x26, 0x67, 0xeb,
78		0x06, 0xf4, 0xd1, 0x4b, 0xff, 0x2f, 0xbd, 0x0f,
79		0xcb, 0x90, 0x0f, 0x2f, 0xdd, 0xbe, 0x40, 0x43,
80		0x26, 0x60, 0x19, 0x65, 0xc8, 0x89, 0xbf, 0x17,
81		0xdb, 0xa7, 0x7c, 0xeb, 0x09, 0x4f, 0xa6, 0x63,
82		0xb7, 0xa3, 0xf7, 0x48, 0xba, 0x8a, 0xf8, 0x29,
83		0xea, 0x64, 0xad, 0x54, 0x4a, 0x27, 0x2e, 0x9c,
84		0x48, 0x5b, 0x62, 0xa3, 0xfd, 0x5c, 0x0d
85	};
86	u8 out[2 * AES_BLOCK_SIZE + sizeof(plaintext_2)];
87	const u8 *addr[3];
88	size_t len[3];
89
90	/* RFC 5297, A.1. Deterministic Authenticated Encryption Example */
91	addr[0] = ad;
92	len[0] = sizeof(ad);
93
94	if (aes_siv_encrypt(key, plaintext, sizeof(plaintext),
95			    1, addr, len, out)) {
96		wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed");
97		return 1;
98	}
99	if (os_memcmp(out, iv_c, sizeof(iv_c)) != 0) {
100		wpa_printf(MSG_ERROR,
101			   "AES-SIV mode encryption returned invalid cipher text");
102		return 1;
103	}
104
105	if (aes_siv_decrypt(key, iv_c, sizeof(iv_c), 1, addr, len, out)) {
106		wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed");
107		return 1;
108	}
109	if (os_memcmp(out, plaintext, sizeof(plaintext)) != 0) {
110		wpa_printf(MSG_ERROR,
111			   "AES-SIV mode decryption returned invalid plain text");
112		return 1;
113	}
114
115	/* RFC 5297, A.2. Nonce-Based Authenticated Encryption Example */
116	addr[0] = ad1_2;
117	len[0] = sizeof(ad1_2);
118	addr[1] = ad2_2;
119	len[1] = sizeof(ad2_2);
120	addr[2] = nonce_2;
121	len[2] = sizeof(nonce_2);
122
123	if (aes_siv_encrypt(key_2, plaintext_2, sizeof(plaintext_2),
124			    3, addr, len, out)) {
125		wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed");
126		return 1;
127	}
128	if (os_memcmp(out, iv_c_2, sizeof(iv_c_2)) != 0) {
129		wpa_printf(MSG_ERROR,
130			   "AES-SIV mode encryption returned invalid cipher text");
131		return 1;
132	}
133
134	if (aes_siv_decrypt(key_2, iv_c_2, sizeof(iv_c_2), 3, addr, len, out)) {
135		wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed");
136		return 1;
137	}
138	if (os_memcmp(out, plaintext_2, sizeof(plaintext_2)) != 0) {
139		wpa_printf(MSG_ERROR,
140			   "AES-SIV mode decryption returned invalid plain text");
141		return 1;
142	}
143
144	wpa_printf(MSG_INFO, "AES-SIV test cases passed");
145#endif /* CONFIG_MESH */
146
147	return 0;
148}
149
150
151/* OMAC1 AES-128 test vectors from
152 * http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/omac/omac-ad.pdf
153 * which are same as the examples from NIST SP800-38B
154 * http://csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf
155 */
156
157struct omac1_test_vector {
158	u8 k[16];
159	u8 msg[64];
160	int msg_len;
161	u8 tag[16];
162};
163
164static const struct omac1_test_vector omac1_test_vectors[] =
165{
166	{
167		{ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
168		  0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
169		{ },
170		0,
171		{ 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
172		  0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 }
173	},
174	{
175		{ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
176		  0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
177		{ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
178		  0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a},
179		16,
180		{ 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
181		  0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c }
182	},
183	{
184		{ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
185		  0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
186		{ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
187		  0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
188		  0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
189		  0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
190		  0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11 },
191		40,
192		{ 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
193		  0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 }
194	},
195	{
196		{ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
197		  0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
198		{ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
199		  0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
200		  0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
201		  0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
202		  0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
203		  0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
204		  0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
205		  0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 },
206		64,
207		{ 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
208		  0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe }
209	},
210};
211
212
213static int test_omac1_vector(const struct omac1_test_vector *tv,
214			     unsigned int i)
215{
216	u8 key[] = {
217		0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
218		0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
219	};
220	u8 msg[] = { 0x12, 0x34, 0x56 };
221	u8 result[24], result2[24];
222	const u8 *addr[3];
223	size_t len[3];
224
225	if (omac1_aes_128(tv->k, tv->msg, tv->msg_len, result) ||
226	    os_memcmp(result, tv->tag, 16) != 0) {
227		wpa_printf(MSG_ERROR, "OMAC1-AES-128 test vector %u failed", i);
228		return 1;
229	}
230
231	if (tv->msg_len > 1) {
232
233		addr[0] = tv->msg;
234		len[0] = 1;
235		addr[1] = tv->msg + 1;
236		len[1] = tv->msg_len - 1;
237
238		if (omac1_aes_128_vector(tv->k, 2, addr, len, result) ||
239		    os_memcmp(result, tv->tag, 16) != 0) {
240			wpa_printf(MSG_ERROR,
241				   "OMAC1-AES-128(vector) test vector %u failed",
242				   i);
243			return 1;
244		}
245
246		addr[0] = tv->msg;
247		len[0] = tv->msg_len - 2;
248		addr[1] = tv->msg + tv->msg_len - 2;
249		len[1] = 1;
250		addr[2] = tv->msg + tv->msg_len - 1;
251		len[2] = 1;
252
253		if (omac1_aes_128_vector(tv->k, 3, addr, len, result) ||
254		    os_memcmp(result, tv->tag, 16) != 0) {
255			wpa_printf(MSG_ERROR,
256				   "OMAC1-AES-128(vector2) test vector %u failed",
257				   i);
258			return 1;
259		}
260	}
261
262	addr[0] = &msg[0];
263	len[0] = 1;
264	addr[1] = &msg[1];
265	len[1] = 1;
266	addr[2] = &msg[2];
267	len[2] = 1;
268	if (omac1_aes_128(key, msg, sizeof(msg), result) ||
269	    omac1_aes_128_vector(key, 3, addr, len, result2) ||
270	    os_memcmp(result, result2, 16) != 0) {
271		wpa_printf(MSG_ERROR, "OMAC1-AES-128 short test mismatch");
272		return 1;
273	}
274
275	return 0;
276}
277
278
279static int test_omac1(void)
280{
281	unsigned int i;
282
283	for (i = 0; i < ARRAY_SIZE(omac1_test_vectors); i++) {
284		if (test_omac1_vector(&omac1_test_vectors[i], i))
285			return 1;
286	}
287
288	wpa_printf(MSG_INFO, "OMAC1-AES-128 test cases passed");
289
290	return 0;
291}
292
293
294static int test_eax(void)
295{
296#ifdef EAP_PSK
297	u8 msg[] = { 0xF7, 0xFB };
298	u8 key[] = { 0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B,
299		     0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4 };
300	u8 nonce[] = { 0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84,
301		       0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD };
302	u8 hdr[] = { 0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA };
303	u8 cipher[] = { 0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D,
304			0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79,
305			0x67, 0xE5 };
306	u8 data[sizeof(msg)], tag[AES_BLOCK_SIZE];
307
308	os_memcpy(data, msg, sizeof(msg));
309	if (aes_128_eax_encrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
310				data, sizeof(data), tag)) {
311		wpa_printf(MSG_ERROR, "AES-128 EAX mode encryption failed");
312		return 1;
313	}
314	if (os_memcmp(data, cipher, sizeof(data)) != 0) {
315		wpa_printf(MSG_ERROR,
316			   "AES-128 EAX mode encryption returned invalid cipher text");
317		return 1;
318	}
319	if (os_memcmp(tag, cipher + sizeof(data), AES_BLOCK_SIZE) != 0) {
320		wpa_printf(MSG_ERROR,
321			   "AES-128 EAX mode encryption returned invalid tag");
322		return 1;
323	}
324
325	if (aes_128_eax_decrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
326				data, sizeof(data), tag)) {
327		wpa_printf(MSG_ERROR, "AES-128 EAX mode decryption failed");
328		return 1;
329	}
330	if (os_memcmp(data, msg, sizeof(data)) != 0) {
331		wpa_printf(MSG_ERROR,
332			   "AES-128 EAX mode decryption returned invalid plain text");
333		return 1;
334	}
335
336	wpa_printf(MSG_INFO, "AES-128 EAX mode test cases passed");
337#endif /* EAP_PSK */
338
339	return 0;
340}
341
342
343static int test_cbc(void)
344{
345	struct cbc_test_vector {
346		u8 key[16];
347		u8 iv[16];
348		u8 plain[32];
349		u8 cipher[32];
350		size_t len;
351	} vectors[] = {
352		{
353			{ 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b,
354			  0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 },
355			{ 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30,
356			  0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 },
357			"Single block msg",
358			{ 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8,
359			  0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a },
360			16
361		},
362		{
363			{ 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0,
364			  0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a },
365			{ 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28,
366			  0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 },
367			{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
368			  0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
369			  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
370			  0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
371			{ 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a,
372			  0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a,
373			  0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9,
374			  0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 },
375			32
376		}
377	};
378	int ret = 0;
379	u8 *buf;
380	unsigned int i;
381
382	for (i = 0; i < ARRAY_SIZE(vectors); i++) {
383		struct cbc_test_vector *tv = &vectors[i];
384
385		buf = os_malloc(tv->len);
386		if (buf == NULL) {
387			ret++;
388			break;
389		}
390
391		os_memcpy(buf, tv->plain, tv->len);
392		if (aes_128_cbc_encrypt(tv->key, tv->iv, buf, tv->len) ||
393		    os_memcmp(buf, tv->cipher, tv->len) != 0) {
394			wpa_printf(MSG_ERROR, "AES-CBC encrypt %d failed", i);
395			ret++;
396		}
397
398		os_memcpy(buf, tv->cipher, tv->len);
399		if (aes_128_cbc_decrypt(tv->key, tv->iv, buf, tv->len) ||
400		    os_memcmp(buf, tv->plain, tv->len) != 0) {
401			wpa_printf(MSG_ERROR, "AES-CBC decrypt %d failed", i);
402			ret++;
403		}
404
405		os_free(buf);
406	}
407
408	return ret;
409}
410
411
412static int test_ecb(void)
413{
414#ifdef EAP_PSK
415	struct ecb_test_vector {
416		char *key;
417		char *plaintext;
418		char *ciphertext;
419	} vectors[] = {
420		/* CAVS 11.1 - ECBGFSbox128.rsp */
421		{
422			"00000000000000000000000000000000",
423			"f34481ec3cc627bacd5dc3fb08f273e6",
424			"0336763e966d92595a567cc9ce537f5e"
425		},
426		{
427			"00000000000000000000000000000000",
428			"9798c4640bad75c7c3227db910174e72",
429			"a9a1631bf4996954ebc093957b234589"
430		},
431		{
432			"00000000000000000000000000000000",
433			"96ab5c2ff612d9dfaae8c31f30c42168",
434			"ff4f8391a6a40ca5b25d23bedd44a597"
435		},
436		{
437			"00000000000000000000000000000000",
438			"6a118a874519e64e9963798a503f1d35",
439			"dc43be40be0e53712f7e2bf5ca707209"
440		},
441		{
442			"00000000000000000000000000000000",
443			"cb9fceec81286ca3e989bd979b0cb284",
444			"92beedab1895a94faa69b632e5cc47ce"
445		},
446		{
447			"00000000000000000000000000000000",
448			"b26aeb1874e47ca8358ff22378f09144",
449			"459264f4798f6a78bacb89c15ed3d601"
450		},
451		{
452			"00000000000000000000000000000000",
453			"58c8e00b2631686d54eab84b91f0aca1",
454			"08a4e2efec8a8e3312ca7460b9040bbf"
455		},
456		/* CAVS 11.1 - ECBKeySbox128.rsp */
457		{
458			"10a58869d74be5a374cf867cfb473859",
459			"00000000000000000000000000000000",
460			"6d251e6944b051e04eaa6fb4dbf78465"
461		},
462		{
463			"caea65cdbb75e9169ecd22ebe6e54675",
464			"00000000000000000000000000000000",
465			"6e29201190152df4ee058139def610bb",
466		}
467	};
468	int ret = 0;
469	unsigned int i;
470	u8 key[16], plain[16], cipher[16], out[16];
471
472	for (i = 0; i < ARRAY_SIZE(vectors); i++) {
473		struct ecb_test_vector *tv = &vectors[i];
474
475		if (hexstr2bin(tv->key, key, sizeof(key)) ||
476		    hexstr2bin(tv->plaintext, plain, sizeof(plain)) ||
477		    hexstr2bin(tv->ciphertext, cipher, sizeof(cipher))) {
478			wpa_printf(MSG_ERROR, "Invalid AES-ECB test vector %u",
479				   i);
480			ret++;
481			continue;
482		}
483
484		if (aes_128_encrypt_block(key, plain, out) < 0 ||
485		    os_memcmp(out, cipher, 16) != 0) {
486			wpa_printf(MSG_ERROR, "AES-ECB encrypt %u failed", i);
487			ret++;
488		}
489	}
490
491	if (!ret)
492		wpa_printf(MSG_INFO, "AES ECB mode test cases passed");
493
494	return ret;
495#endif /* EAP_PSK */
496
497	return 0;
498}
499
500
501static int test_key_wrap(void)
502{
503	int ret = 0;
504
505	/* RFC 3394 - Test vector 4.1 */
506	u8 kek41[] = {
507		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
508		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
509	};
510	u8 plain41[] = {
511		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
512		0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
513	};
514	u8 crypt41[] = {
515		0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
516		0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
517		0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5
518	};
519#ifndef CONFIG_BORINGSSL
520	/* RFC 3394 - Test vector 4.2 */
521	u8 kek42[] = {
522		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
523		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
524		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
525	};
526	u8 plain42[] = {
527		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
528		0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
529	};
530	u8 crypt42[] = {
531		0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35,
532		0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2,
533		0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D
534	};
535#endif /* CONFIG_BORINGSSL */
536	/* RFC 3394 - Test vector 4.3 */
537	u8 kek43[] = {
538		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
539		0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
540		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
541		0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
542	};
543	u8 plain43[] = {
544		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
545		0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
546	};
547	u8 crypt43[] = {
548		0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2,
549		0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A,
550		0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7,
551	};
552#ifndef CONFIG_BORINGSSL
553	/* RFC 3394 - Test vector 4.4 */
554	u8 kek44[] = {
555		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
556		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
557		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
558	};
559	u8 plain44[] = {
560		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
561		0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
562		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
563	};
564	u8 crypt44[] = {
565		0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32,
566		0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC,
567		0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93,
568		0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2
569	};
570#endif /* CONFIG_BORINGSSL */
571	/* RFC 3394 - Test vector 4.5 */
572	u8 kek45[] = {
573		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
574		0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
575		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
576		0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
577	};
578	u8 plain45[] = {
579		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
580		0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
581		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
582	};
583	u8 crypt45[] = {
584		0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F,
585		0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4,
586		0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95,
587		0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1,
588	};
589	/* RFC 3394 - Test vector 4.6 */
590	u8 kek46[] = {
591		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
592		0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
593		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
594		0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
595	};
596	u8 plain46[] = {
597		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
598		0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
599		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
600		0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
601	};
602	u8 crypt46[] = {
603		0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4,
604		0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26,
605		0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26,
606		0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B,
607		0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21
608	};
609	u8 result[40];
610
611	wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.1");
612	if (aes_wrap(kek41, sizeof(kek41), sizeof(plain41) / 8, plain41,
613		     result)) {
614		wpa_printf(MSG_ERROR, "AES-WRAP-128 reported failure");
615		ret++;
616	}
617	if (os_memcmp(result, crypt41, sizeof(crypt41)) != 0) {
618		wpa_printf(MSG_ERROR, "AES-WRAP-128 failed");
619		ret++;
620	}
621	if (aes_unwrap(kek41, sizeof(kek41), sizeof(plain41) / 8, crypt41,
622		       result)) {
623		wpa_printf(MSG_ERROR, "AES-UNWRAP-128 reported failure");
624		ret++;
625	}
626	if (os_memcmp(result, plain41, sizeof(plain41)) != 0) {
627		wpa_printf(MSG_ERROR, "AES-UNWRAP-128 failed");
628		ret++;
629	}
630
631#ifndef CONFIG_BORINGSSL
632	wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.2");
633	if (aes_wrap(kek42, sizeof(kek42), sizeof(plain42) / 8, plain42,
634		     result)) {
635		wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure");
636		ret++;
637	}
638	if (os_memcmp(result, crypt42, sizeof(crypt42)) != 0) {
639		wpa_printf(MSG_ERROR, "AES-WRAP-192 failed");
640		ret++;
641	}
642	if (aes_unwrap(kek42, sizeof(kek42), sizeof(plain42) / 8, crypt42,
643		       result)) {
644		wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure");
645		ret++;
646	}
647	if (os_memcmp(result, plain42, sizeof(plain42)) != 0) {
648		wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed");
649		ret++;
650	}
651#endif /* CONFIG_BORINGSSL */
652
653	wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.3");
654	if (aes_wrap(kek43, sizeof(kek43), sizeof(plain43) / 8, plain43,
655		     result)) {
656		wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure");
657		ret++;
658	}
659	if (os_memcmp(result, crypt43, sizeof(crypt43)) != 0) {
660		wpa_printf(MSG_ERROR, "AES-WRAP-256 failed");
661		ret++;
662	}
663	if (aes_unwrap(kek43, sizeof(kek43), sizeof(plain43) / 8, crypt43,
664		       result)) {
665		wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure");
666		ret++;
667	}
668	if (os_memcmp(result, plain43, sizeof(plain43)) != 0) {
669		wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed");
670		ret++;
671	}
672
673#ifndef CONFIG_BORINGSSL
674	wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.4");
675	if (aes_wrap(kek44, sizeof(kek44), sizeof(plain44) / 8, plain44,
676		     result)) {
677		wpa_printf(MSG_ERROR, "AES-WRAP-192 reported failure");
678		ret++;
679	}
680	if (os_memcmp(result, crypt44, sizeof(crypt44)) != 0) {
681		wpa_printf(MSG_ERROR, "AES-WRAP-192 failed");
682		ret++;
683	}
684	if (aes_unwrap(kek44, sizeof(kek44), sizeof(plain44) / 8, crypt44,
685		       result)) {
686		wpa_printf(MSG_ERROR, "AES-UNWRAP-192 reported failure");
687		ret++;
688	}
689	if (os_memcmp(result, plain44, sizeof(plain44)) != 0) {
690		wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed");
691		ret++;
692	}
693#endif /* CONFIG_BORINGSSL */
694
695	wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.5");
696	if (aes_wrap(kek45, sizeof(kek45), sizeof(plain45) / 8, plain45,
697		     result)) {
698		wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure");
699		ret++;
700	}
701	if (os_memcmp(result, crypt45, sizeof(crypt45)) != 0) {
702		wpa_printf(MSG_ERROR, "AES-WRAP-256 failed");
703		ret++;
704	}
705	if (aes_unwrap(kek45, sizeof(kek45), sizeof(plain45) / 8, crypt45,
706		       result)) {
707		wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure");
708		ret++;
709	}
710	if (os_memcmp(result, plain45, sizeof(plain45)) != 0) {
711		wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed");
712		ret++;
713	}
714
715	wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.6");
716	if (aes_wrap(kek46, sizeof(kek46), sizeof(plain46) / 8, plain46,
717		     result)) {
718		wpa_printf(MSG_ERROR, "AES-WRAP-256 reported failure");
719		ret++;
720	}
721	if (os_memcmp(result, crypt46, sizeof(crypt46)) != 0) {
722		wpa_printf(MSG_ERROR, "AES-WRAP-256 failed");
723		ret++;
724	}
725	if (aes_unwrap(kek46, sizeof(kek46), sizeof(plain46) / 8, crypt46,
726		       result)) {
727		wpa_printf(MSG_ERROR, "AES-UNWRAP-256 reported failure");
728		ret++;
729	}
730	if (os_memcmp(result, plain46, sizeof(plain46)) != 0) {
731		wpa_printf(MSG_ERROR, "AES-UNWRAP-256 failed");
732		ret++;
733	}
734
735	if (!ret)
736		wpa_printf(MSG_INFO, "AES key wrap/unwrap test cases passed");
737
738	return ret;
739}
740
741
742static int test_md5(void)
743{
744#ifndef CONFIG_FIPS
745	struct {
746		char *data;
747		char *hash;
748	} tests[] = {
749		{
750			"",
751			"\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04"
752			"\xe9\x80\x09\x98\xec\xf8\x42\x7e"
753		},
754		{
755			"a",
756			"\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8"
757			"\x31\xc3\x99\xe2\x69\x77\x26\x61"
758		},
759		{
760			"abc",
761			"\x90\x01\x50\x98\x3c\xd2\x4f\xb0"
762			"\xd6\x96\x3f\x7d\x28\xe1\x7f\x72"
763		},
764		{
765			"message digest",
766			"\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d"
767			"\x52\x5a\x2f\x31\xaa\xf1\x61\xd0"
768		},
769		{
770			"abcdefghijklmnopqrstuvwxyz",
771			"\xc3\xfc\xd3\xd7\x61\x92\xe4\x00"
772			"\x7d\xfb\x49\x6c\xca\x67\xe1\x3b"
773		},
774		{
775			"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
776			"0123456789",
777			"\xd1\x74\xab\x98\xd2\x77\xd9\xf5"
778			"\xa5\x61\x1c\x2c\x9f\x41\x9d\x9f"
779		},
780		{
781			"12345678901234567890123456789012345678901234567890"
782			"123456789012345678901234567890",
783			"\x57\xed\xf4\xa2\x2b\xe3\xc9\x55"
784			"\xac\x49\xda\x2e\x21\x07\xb6\x7a"
785		}
786	};
787	unsigned int i;
788	u8 hash[16];
789	const u8 *addr[2];
790	size_t len[2];
791	int errors = 0;
792
793	for (i = 0; i < ARRAY_SIZE(tests); i++) {
794		wpa_printf(MSG_INFO, "MD5 test case %d", i);
795
796		addr[0] = (u8 *) tests[i].data;
797		len[0] = strlen(tests[i].data);
798		if (md5_vector(1, addr, len, hash) < 0 ||
799		    os_memcmp(hash, tests[i].hash, 16) != 0) {
800			wpa_printf(MSG_INFO, " FAIL");
801			errors++;
802		} else
803			wpa_printf(MSG_INFO, " OK");
804
805		if (len[0]) {
806			addr[0] = (u8 *) tests[i].data;
807			len[0] = strlen(tests[i].data);
808			addr[1] = (u8 *) tests[i].data + 1;
809			len[1] = strlen(tests[i].data) - 1;
810			if (md5_vector(1, addr, len, hash) < 0 ||
811			    os_memcmp(hash, tests[i].hash, 16) != 0) {
812				wpa_printf(MSG_INFO, " FAIL");
813				errors++;
814			} else
815				wpa_printf(MSG_INFO, " OK");
816		}
817	}
818
819	if (!errors)
820		wpa_printf(MSG_INFO, "MD5 test cases passed");
821
822	return errors;
823#else /* CONFIG_FIPS */
824	wpa_printf(MSG_INFO, "MD5 test cases skipped due to CONFIG_FIPS");
825	return 0;
826#endif /* CONFIG_FIPS */
827}
828
829
830static int test_eap_fast(void)
831{
832#ifdef EAP_FAST
833	/* RFC 4851, Appendix B.1 */
834	const u8 pac_key[] = {
835		0x0B, 0x97, 0x39, 0x0F, 0x37, 0x51, 0x78, 0x09,
836		0x81, 0x1E, 0xFD, 0x9C, 0x6E, 0x65, 0x94, 0x2B,
837		0x63, 0x2C, 0xE9, 0x53, 0x89, 0x38, 0x08, 0xBA,
838		0x36, 0x0B, 0x03, 0x7C, 0xD1, 0x85, 0xE4, 0x14
839	};
840	const u8 seed[] = {
841		0x3F, 0xFB, 0x11, 0xC4, 0x6C, 0xBF, 0xA5, 0x7A,
842		0x54, 0x40, 0xDA, 0xE8, 0x22, 0xD3, 0x11, 0xD3,
843		0xF7, 0x6D, 0xE4, 0x1D, 0xD9, 0x33, 0xE5, 0x93,
844		0x70, 0x97, 0xEB, 0xA9, 0xB3, 0x66, 0xF4, 0x2A,
845		0x00, 0x00, 0x00, 0x02, 0x6A, 0x66, 0x43, 0x2A,
846		0x8D, 0x14, 0x43, 0x2C, 0xEC, 0x58, 0x2D, 0x2F,
847		0xC7, 0x9C, 0x33, 0x64, 0xBA, 0x04, 0xAD, 0x3A,
848		0x52, 0x54, 0xD6, 0xA5, 0x79, 0xAD, 0x1E, 0x00
849	};
850	const u8 master_secret[] = {
851		0x4A, 0x1A, 0x51, 0x2C, 0x01, 0x60, 0xBC, 0x02,
852		0x3C, 0xCF, 0xBC, 0x83, 0x3F, 0x03, 0xBC, 0x64,
853		0x88, 0xC1, 0x31, 0x2F, 0x0B, 0xA9, 0xA2, 0x77,
854		0x16, 0xA8, 0xD8, 0xE8, 0xBD, 0xC9, 0xD2, 0x29,
855		0x38, 0x4B, 0x7A, 0x85, 0xBE, 0x16, 0x4D, 0x27,
856		0x33, 0xD5, 0x24, 0x79, 0x87, 0xB1, 0xC5, 0xA2
857	};
858#ifndef CONFIG_FIPS
859	const u8 key_block[] = {
860		0x59, 0x59, 0xBE, 0x8E, 0x41, 0x3A, 0x77, 0x74,
861		0x8B, 0xB2, 0xE5, 0xD3, 0x60, 0xAC, 0x4D, 0x35,
862		0xDF, 0xFB, 0xC8, 0x1E, 0x9C, 0x24, 0x9C, 0x8B,
863		0x0E, 0xC3, 0x1D, 0x72, 0xC8, 0x84, 0x9D, 0x57,
864		0x48, 0x51, 0x2E, 0x45, 0x97, 0x6C, 0x88, 0x70,
865		0xBE, 0x5F, 0x01, 0xD3, 0x64, 0xE7, 0x4C, 0xBB,
866		0x11, 0x24, 0xE3, 0x49, 0xE2, 0x3B, 0xCD, 0xEF,
867		0x7A, 0xB3, 0x05, 0x39, 0x5D, 0x64, 0x8A, 0x44,
868		0x11, 0xB6, 0x69, 0x88, 0x34, 0x2E, 0x8E, 0x29,
869		0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05,
870		0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96,
871		0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84,
872		0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98,
873		0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71
874	};
875#endif /* CONFIG_FIPS */
876	const u8 sks[] = {
877		0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05,
878		0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96,
879		0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84,
880		0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98,
881		0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71
882	};
883	const u8 isk[] = {
884		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
885		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
886		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
887		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
888	};
889	const u8 imck[] = {
890		0x16, 0x15, 0x3C, 0x3F, 0x21, 0x55, 0xEF, 0xD9,
891		0x7F, 0x34, 0xAE, 0xC8, 0x1A, 0x4E, 0x66, 0x80,
892		0x4C, 0xC3, 0x76, 0xF2, 0x8A, 0xA9, 0x6F, 0x96,
893		0xC2, 0x54, 0x5F, 0x8C, 0xAB, 0x65, 0x02, 0xE1,
894		0x18, 0x40, 0x7B, 0x56, 0xBE, 0xEA, 0xA7, 0xC5,
895		0x76, 0x5D, 0x8F, 0x0B, 0xC5, 0x07, 0xC6, 0xB9,
896		0x04, 0xD0, 0x69, 0x56, 0x72, 0x8B, 0x6B, 0xB8,
897		0x15, 0xEC, 0x57, 0x7B
898	};
899	const u8 msk[] = {
900		0x4D, 0x83, 0xA9, 0xBE, 0x6F, 0x8A, 0x74, 0xED,
901		0x6A, 0x02, 0x66, 0x0A, 0x63, 0x4D, 0x2C, 0x33,
902		0xC2, 0xDA, 0x60, 0x15, 0xC6, 0x37, 0x04, 0x51,
903		0x90, 0x38, 0x63, 0xDA, 0x54, 0x3E, 0x14, 0xB9,
904		0x27, 0x99, 0x18, 0x1E, 0x07, 0xBF, 0x0F, 0x5A,
905		0x5E, 0x3C, 0x32, 0x93, 0x80, 0x8C, 0x6C, 0x49,
906		0x67, 0xED, 0x24, 0xFE, 0x45, 0x40, 0xA0, 0x59,
907		0x5E, 0x37, 0xC2, 0xE9, 0xD0, 0x5D, 0x0A, 0xE3
908	};
909	const u8 emsk[] = {
910		0x3A, 0xD4, 0xAB, 0xDB, 0x76, 0xB2, 0x7F, 0x3B,
911		0xEA, 0x32, 0x2C, 0x2B, 0x74, 0xF4, 0x28, 0x55,
912		0xEF, 0x2D, 0xBA, 0x78, 0xC9, 0x57, 0x2F, 0x0D,
913		0x06, 0xCD, 0x51, 0x7C, 0x20, 0x93, 0x98, 0xA9,
914		0x76, 0xEA, 0x70, 0x21, 0xD7, 0x0E, 0x25, 0x54,
915		0x97, 0xED, 0xB2, 0x8A, 0xF6, 0xED, 0xFD, 0x0A,
916		0x2A, 0xE7, 0xA1, 0x58, 0x90, 0x10, 0x50, 0x44,
917		0xB3, 0x82, 0x85, 0xDB, 0x06, 0x14, 0xD2, 0xF9
918	};
919	/* RFC 4851, Appendix B.2 */
920	u8 tlv[] = {
921		0x80, 0x0C, 0x00, 0x38, 0x00, 0x01, 0x01, 0x00,
922		0xD8, 0x6A, 0x8C, 0x68, 0x3C, 0x32, 0x31, 0xA8,
923		0x56, 0x63, 0xB6, 0x40, 0x21, 0xFE, 0x21, 0x14,
924		0x4E, 0xE7, 0x54, 0x20, 0x79, 0x2D, 0x42, 0x62,
925		0xC9, 0xBF, 0x53, 0x7F, 0x54, 0xFD, 0xAC, 0x58,
926		0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF,
927		0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC,
928		0x05, 0xC5, 0x5B, 0xB7
929	};
930	const u8 compound_mac[] = {
931		0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF,
932		0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC,
933		0x05, 0xC5, 0x5B, 0xB7
934	};
935	u8 buf[512];
936	const u8 *simck, *cmk;
937	int errors = 0;
938
939	wpa_printf(MSG_INFO, "EAP-FAST test cases");
940
941	wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / master_secret");
942	if (sha1_t_prf(pac_key, sizeof(pac_key),
943		       "PAC to master secret label hash",
944		       seed, sizeof(seed), buf, sizeof(master_secret)) < 0 ||
945	    os_memcmp(master_secret, buf, sizeof(master_secret)) != 0) {
946		wpa_printf(MSG_INFO, "T-PRF test - FAILED!");
947		errors++;
948	}
949
950#ifndef CONFIG_FIPS
951	wpa_printf(MSG_INFO, "- PRF (TLS, SHA1/MD5) test case / key_block");
952	if (tls_prf_sha1_md5(master_secret, sizeof(master_secret),
953			     "key expansion", seed, sizeof(seed),
954			     buf, sizeof(key_block)) ||
955	    os_memcmp(key_block, buf, sizeof(key_block)) != 0) {
956		wpa_printf(MSG_INFO, "PRF test - FAILED!");
957		errors++;
958	}
959#endif /* CONFIG_FIPS */
960
961	wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / IMCK");
962	if (sha1_t_prf(sks, sizeof(sks), "Inner Methods Compound Keys",
963		       isk, sizeof(isk), buf, sizeof(imck)) < 0 ||
964	    os_memcmp(imck, buf, sizeof(imck)) != 0) {
965		wpa_printf(MSG_INFO, "T-PRF test - FAILED!");
966		errors++;
967	}
968
969	simck = imck;
970	cmk = imck + 40;
971
972	wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / MSK");
973	if (sha1_t_prf(simck, 40, "Session Key Generating Function",
974		       (u8 *) "", 0, buf, sizeof(msk)) < 0 ||
975	    os_memcmp(msk, buf, sizeof(msk)) != 0) {
976		wpa_printf(MSG_INFO, "T-PRF test - FAILED!");
977		errors++;
978	}
979
980	wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / EMSK");
981	if (sha1_t_prf(simck, 40, "Extended Session Key Generating Function",
982		       (u8 *) "", 0, buf, sizeof(msk)) < 0 ||
983	    os_memcmp(emsk, buf, sizeof(emsk)) != 0) {
984		wpa_printf(MSG_INFO, "T-PRF test - FAILED!");
985		errors++;
986	}
987
988	wpa_printf(MSG_INFO, "- Compound MAC test case");
989	os_memset(tlv + sizeof(tlv) - 20, 0, 20);
990	if (hmac_sha1(cmk, 20, tlv, sizeof(tlv), tlv + sizeof(tlv) - 20) < 0 ||
991	    os_memcmp(tlv + sizeof(tlv) - 20, compound_mac,
992		      sizeof(compound_mac)) != 0) {
993		wpa_printf(MSG_INFO, "Compound MAC test - FAILED!");
994		errors++;
995	}
996
997	return errors;
998#else /* EAP_FAST */
999	return 0;
1000#endif /* EAP_FAST */
1001}
1002
1003
1004static const u8 key0[] =
1005{
1006	0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1007	0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1008	0x0b, 0x0b, 0x0b, 0x0b
1009};
1010static const u8 data0[] = "Hi There";
1011static const u8 prf0[] =
1012{
1013	0xbc, 0xd4, 0xc6, 0x50, 0xb3, 0x0b, 0x96, 0x84,
1014	0x95, 0x18, 0x29, 0xe0, 0xd7, 0x5f, 0x9d, 0x54,
1015	0xb8, 0x62, 0x17, 0x5e, 0xd9, 0xf0, 0x06, 0x06,
1016	0xe1, 0x7d, 0x8d, 0xa3, 0x54, 0x02, 0xff, 0xee,
1017	0x75, 0xdf, 0x78, 0xc3, 0xd3, 0x1e, 0x0f, 0x88,
1018	0x9f, 0x01, 0x21, 0x20, 0xc0, 0x86, 0x2b, 0xeb,
1019	0x67, 0x75, 0x3e, 0x74, 0x39, 0xae, 0x24, 0x2e,
1020	0xdb, 0x83, 0x73, 0x69, 0x83, 0x56, 0xcf, 0x5a
1021};
1022
1023static const u8 key1[] = "Jefe";
1024static const u8 data1[] = "what do ya want for nothing?";
1025static const u8 prf1[] =
1026{
1027	0x51, 0xf4, 0xde, 0x5b, 0x33, 0xf2, 0x49, 0xad,
1028	0xf8, 0x1a, 0xeb, 0x71, 0x3a, 0x3c, 0x20, 0xf4,
1029	0xfe, 0x63, 0x14, 0x46, 0xfa, 0xbd, 0xfa, 0x58,
1030	0x24, 0x47, 0x59, 0xae, 0x58, 0xef, 0x90, 0x09,
1031	0xa9, 0x9a, 0xbf, 0x4e, 0xac, 0x2c, 0xa5, 0xfa,
1032	0x87, 0xe6, 0x92, 0xc4, 0x40, 0xeb, 0x40, 0x02,
1033	0x3e, 0x7b, 0xab, 0xb2, 0x06, 0xd6, 0x1d, 0xe7,
1034	0xb9, 0x2f, 0x41, 0x52, 0x90, 0x92, 0xb8, 0xfc
1035};
1036
1037
1038static const u8 key2[] =
1039{
1040	0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1041	0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1042	0xaa, 0xaa, 0xaa, 0xaa
1043};
1044static const u8 data2[] =
1045{
1046	0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1047	0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1048	0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1049	0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1050	0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1051	0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1052	0xdd, 0xdd
1053};
1054static const u8 prf2[] =
1055{
1056	0xe1, 0xac, 0x54, 0x6e, 0xc4, 0xcb, 0x63, 0x6f,
1057	0x99, 0x76, 0x48, 0x7b, 0xe5, 0xc8, 0x6b, 0xe1,
1058	0x7a, 0x02, 0x52, 0xca, 0x5d, 0x8d, 0x8d, 0xf1,
1059	0x2c, 0xfb, 0x04, 0x73, 0x52, 0x52, 0x49, 0xce,
1060	0x9d, 0xd8, 0xd1, 0x77, 0xea, 0xd7, 0x10, 0xbc,
1061	0x9b, 0x59, 0x05, 0x47, 0x23, 0x91, 0x07, 0xae,
1062	0xf7, 0xb4, 0xab, 0xd4, 0x3d, 0x87, 0xf0, 0xa6,
1063	0x8f, 0x1c, 0xbd, 0x9e, 0x2b, 0x6f, 0x76, 0x07
1064};
1065
1066
1067struct passphrase_test {
1068	char *passphrase;
1069	char *ssid;
1070	char psk[32];
1071};
1072
1073static const struct passphrase_test passphrase_tests[] =
1074{
1075	{
1076		"password",
1077		"IEEE",
1078		{
1079			0xf4, 0x2c, 0x6f, 0xc5, 0x2d, 0xf0, 0xeb, 0xef,
1080			0x9e, 0xbb, 0x4b, 0x90, 0xb3, 0x8a, 0x5f, 0x90,
1081			0x2e, 0x83, 0xfe, 0x1b, 0x13, 0x5a, 0x70, 0xe2,
1082			0x3a, 0xed, 0x76, 0x2e, 0x97, 0x10, 0xa1, 0x2e
1083		}
1084	},
1085	{
1086		"ThisIsAPassword",
1087		"ThisIsASSID",
1088		{
1089			0x0d, 0xc0, 0xd6, 0xeb, 0x90, 0x55, 0x5e, 0xd6,
1090			0x41, 0x97, 0x56, 0xb9, 0xa1, 0x5e, 0xc3, 0xe3,
1091			0x20, 0x9b, 0x63, 0xdf, 0x70, 0x7d, 0xd5, 0x08,
1092			0xd1, 0x45, 0x81, 0xf8, 0x98, 0x27, 0x21, 0xaf
1093		}
1094	},
1095	{
1096		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
1097		"ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ",
1098		{
1099			0xbe, 0xcb, 0x93, 0x86, 0x6b, 0xb8, 0xc3, 0x83,
1100			0x2c, 0xb7, 0x77, 0xc2, 0xf5, 0x59, 0x80, 0x7c,
1101			0x8c, 0x59, 0xaf, 0xcb, 0x6e, 0xae, 0x73, 0x48,
1102			0x85, 0x00, 0x13, 0x00, 0xa9, 0x81, 0xcc, 0x62
1103		}
1104	},
1105};
1106
1107#define NUM_PASSPHRASE_TESTS ARRAY_SIZE(passphrase_tests)
1108
1109
1110struct rfc6070_test {
1111	char *p;
1112	char *s;
1113	int c;
1114	char dk[32];
1115	size_t dk_len;
1116};
1117
1118static const struct rfc6070_test rfc6070_tests[] =
1119{
1120	{
1121		"password",
1122		"salt",
1123		1,
1124		{
1125			0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
1126			0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06,
1127			0x2f, 0xe0, 0x37, 0xa6
1128		},
1129		20
1130	},
1131	{
1132		"password",
1133		"salt",
1134		2,
1135		{
1136			0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c,
1137			0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0,
1138			0xd8, 0xde, 0x89, 0x57
1139		},
1140		20
1141	},
1142	{
1143		"password",
1144		"salt",
1145		4096,
1146		{
1147			0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a,
1148			0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0,
1149			0x65, 0xa4, 0x29, 0xc1
1150		},
1151		20
1152	},
1153#if 0 /* This takes quite long to derive.. */
1154	{
1155		"password",
1156		"salt",
1157		16777216,
1158		{
1159			0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4,
1160			0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c,
1161			0x26, 0x34, 0xe9, 0x84
1162		},
1163		20
1164	},
1165#endif
1166	{
1167		"passwordPASSWORDpassword",
1168		"saltSALTsaltSALTsaltSALTsaltSALTsalt",
1169		4096,
1170		{
1171			0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b,
1172			0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a,
1173			0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70,
1174			0x38
1175		},
1176		25
1177	},
1178#if 0 /* \0 not currently supported in passphrase parameters.. */
1179	{
1180		"pass\0word",
1181		"sa\0lt",
1182		4096,
1183		{
1184			0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d,
1185			0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3
1186		},
1187		16
1188	},
1189#endif
1190};
1191
1192#define NUM_RFC6070_TESTS ARRAY_SIZE(rfc6070_tests)
1193
1194
1195static int test_sha1(void)
1196{
1197	u8 res[512];
1198	int ret = 0;
1199	unsigned int i;
1200
1201	wpa_printf(MSG_INFO, "PRF-SHA1 test cases:");
1202
1203	if (sha1_prf(key0, sizeof(key0), "prefix", data0, sizeof(data0) - 1,
1204		     res, sizeof(prf0)) == 0 &&
1205	    os_memcmp(res, prf0, sizeof(prf0)) == 0)
1206		wpa_printf(MSG_INFO, "Test case 0 - OK");
1207	else {
1208		wpa_printf(MSG_INFO, "Test case 0 - FAILED!");
1209		ret++;
1210	}
1211
1212	if (sha1_prf(key1, sizeof(key1) - 1, "prefix", data1, sizeof(data1) - 1,
1213		     res, sizeof(prf1)) == 0 &&
1214	    os_memcmp(res, prf1, sizeof(prf1)) == 0)
1215		wpa_printf(MSG_INFO, "Test case 1 - OK");
1216	else {
1217		wpa_printf(MSG_INFO, "Test case 1 - FAILED!");
1218		ret++;
1219	}
1220
1221	if (sha1_prf(key2, sizeof(key2), "prefix", data2, sizeof(data2),
1222		     res, sizeof(prf2)) == 0 &&
1223	    os_memcmp(res, prf2, sizeof(prf2)) == 0)
1224		wpa_printf(MSG_INFO, "Test case 2 - OK");
1225	else {
1226		wpa_printf(MSG_INFO, "Test case 2 - FAILED!");
1227		ret++;
1228	}
1229
1230	ret += test_eap_fast();
1231
1232	wpa_printf(MSG_INFO, "PBKDF2-SHA1 Passphrase test cases:");
1233	for (i = 0; i < NUM_PASSPHRASE_TESTS; i++) {
1234		u8 psk[32];
1235		const struct passphrase_test *test = &passphrase_tests[i];
1236
1237		if (pbkdf2_sha1(test->passphrase,
1238				(const u8 *) test->ssid, strlen(test->ssid),
1239				4096, psk, 32) == 0 &&
1240		    os_memcmp(psk, test->psk, 32) == 0)
1241			wpa_printf(MSG_INFO, "Test case %d - OK", i);
1242		else {
1243			wpa_printf(MSG_INFO, "Test case %d - FAILED!", i);
1244			ret++;
1245		}
1246	}
1247
1248	wpa_printf(MSG_INFO, "PBKDF2-SHA1 test cases (RFC 6070):");
1249	for (i = 0; i < NUM_RFC6070_TESTS; i++) {
1250		u8 dk[25];
1251		const struct rfc6070_test *test = &rfc6070_tests[i];
1252
1253		if (pbkdf2_sha1(test->p, (const u8 *) test->s, strlen(test->s),
1254				test->c, dk, test->dk_len) == 0 &&
1255		    os_memcmp(dk, test->dk, test->dk_len) == 0)
1256			wpa_printf(MSG_INFO, "Test case %d - OK", i);
1257		else {
1258			wpa_printf(MSG_INFO, "Test case %d - FAILED!", i);
1259			ret++;
1260		}
1261	}
1262
1263	if (!ret)
1264		wpa_printf(MSG_INFO, "SHA1 test cases passed");
1265	return ret;
1266}
1267
1268
1269const struct {
1270	char *data;
1271	u8 hash[32];
1272} tests[] = {
1273	{
1274		"abc",
1275		{
1276			0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea,
1277			0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
1278			0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
1279			0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad
1280		}
1281	},
1282	{
1283		"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
1284		{
1285			0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8,
1286			0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39,
1287			0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67,
1288			0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1
1289		}
1290	}
1291};
1292
1293const struct hmac_test {
1294	u8 key[80];
1295	size_t key_len;
1296	u8 data[128];
1297	size_t data_len;
1298	u8 hash[32];
1299} hmac_tests[] = {
1300	/* draft-ietf-ipsec-ciph-sha-256-01.txt */
1301	{
1302		{
1303			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
1304			0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
1305			0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
1306			0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20
1307		},
1308		32,
1309		"abc", 3,
1310		{
1311			0xa2, 0x1b, 0x1f, 0x5d, 0x4c, 0xf4, 0xf7, 0x3a,
1312			0x4d, 0xd9, 0x39, 0x75, 0x0f, 0x7a, 0x06, 0x6a,
1313			0x7f, 0x98, 0xcc, 0x13, 0x1c, 0xb1, 0x6a, 0x66,
1314			0x92, 0x75, 0x90, 0x21, 0xcf, 0xab, 0x81, 0x81
1315		}
1316	},
1317	{
1318		{
1319			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
1320			0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
1321			0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
1322			0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20
1323		},
1324		32,
1325		"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
1326		56,
1327		{
1328			0x10, 0x4f, 0xdc, 0x12, 0x57, 0x32, 0x8f, 0x08,
1329			0x18, 0x4b, 0xa7, 0x31, 0x31, 0xc5, 0x3c, 0xae,
1330			0xe6, 0x98, 0xe3, 0x61, 0x19, 0x42, 0x11, 0x49,
1331			0xea, 0x8c, 0x71, 0x24, 0x56, 0x69, 0x7d, 0x30
1332		}
1333	},
1334	{
1335		{
1336			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
1337			0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
1338			0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
1339			0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20
1340		},
1341		32,
1342		"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
1343		"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
1344		112,
1345		{
1346			0x47, 0x03, 0x05, 0xfc, 0x7e, 0x40, 0xfe, 0x34,
1347			0xd3, 0xee, 0xb3, 0xe7, 0x73, 0xd9, 0x5a, 0xab,
1348			0x73, 0xac, 0xf0, 0xfd, 0x06, 0x04, 0x47, 0xa5,
1349			0xeb, 0x45, 0x95, 0xbf, 0x33, 0xa9, 0xd1, 0xa3
1350		}
1351	},
1352	{
1353		{
1354			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1355			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1356			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1357			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b
1358		},
1359		32,
1360		"Hi There",
1361		8,
1362		{
1363			0x19, 0x8a, 0x60, 0x7e, 0xb4, 0x4b, 0xfb, 0xc6,
1364			0x99, 0x03, 0xa0, 0xf1, 0xcf, 0x2b, 0xbd, 0xc5,
1365			0xba, 0x0a, 0xa3, 0xf3, 0xd9, 0xae, 0x3c, 0x1c,
1366			0x7a, 0x3b, 0x16, 0x96, 0xa0, 0xb6, 0x8c, 0xf7
1367		}
1368	},
1369	{
1370		"Jefe",
1371		4,
1372		"what do ya want for nothing?",
1373		28,
1374		{
1375			0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e,
1376			0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7,
1377			0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83,
1378			0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43
1379		}
1380	},
1381	{
1382		{
1383			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1384			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1385			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1386			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
1387		},
1388		32,
1389		{
1390			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1391			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1392			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1393			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1394			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1395			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
1396			0xdd, 0xdd
1397		},
1398		50,
1399		{
1400			0xcd, 0xcb, 0x12, 0x20, 0xd1, 0xec, 0xcc, 0xea,
1401			0x91, 0xe5, 0x3a, 0xba, 0x30, 0x92, 0xf9, 0x62,
1402			0xe5, 0x49, 0xfe, 0x6c, 0xe9, 0xed, 0x7f, 0xdc,
1403			0x43, 0x19, 0x1f, 0xbd, 0xe4, 0x5c, 0x30, 0xb0
1404		}
1405	},
1406	{
1407		{
1408			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
1409			0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
1410			0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
1411			0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
1412			0x21, 0x22, 0x23, 0x24, 0x25
1413		},
1414		37,
1415		{
1416			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1417			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1418			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1419			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1420			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1421			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
1422			0xcd, 0xcd
1423		},
1424		50,
1425		{
1426			0xd4, 0x63, 0x3c, 0x17, 0xf6, 0xfb, 0x8d, 0x74,
1427			0x4c, 0x66, 0xde, 0xe0, 0xf8, 0xf0, 0x74, 0x55,
1428			0x6e, 0xc4, 0xaf, 0x55, 0xef, 0x07, 0x99, 0x85,
1429			0x41, 0x46, 0x8e, 0xb4, 0x9b, 0xd2, 0xe9, 0x17
1430		}
1431	},
1432	{
1433		{
1434			0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
1435			0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
1436			0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
1437			0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c
1438		},
1439		32,
1440		"Test With Truncation",
1441		20,
1442		{
1443			0x75, 0x46, 0xaf, 0x01, 0x84, 0x1f, 0xc0, 0x9b,
1444			0x1a, 0xb9, 0xc3, 0x74, 0x9a, 0x5f, 0x1c, 0x17,
1445			0xd4, 0xf5, 0x89, 0x66, 0x8a, 0x58, 0x7b, 0x27,
1446			0x00, 0xa9, 0xc9, 0x7c, 0x11, 0x93, 0xcf, 0x42
1447		}
1448	},
1449	{
1450		{
1451			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1452			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1453			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1454			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1455			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1456			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1457			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1458			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1459			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1460			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
1461		},
1462		80,
1463		"Test Using Larger Than Block-Size Key - Hash Key First",
1464		54,
1465		{
1466			0x69, 0x53, 0x02, 0x5e, 0xd9, 0x6f, 0x0c, 0x09,
1467			0xf8, 0x0a, 0x96, 0xf7, 0x8e, 0x65, 0x38, 0xdb,
1468			0xe2, 0xe7, 0xb8, 0x20, 0xe3, 0xdd, 0x97, 0x0e,
1469			0x7d, 0xdd, 0x39, 0x09, 0x1b, 0x32, 0x35, 0x2f
1470		}
1471	},
1472	{
1473		{
1474			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1475			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1476			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1477			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1478			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1479			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1480			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1481			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1482			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1483			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
1484		},
1485		80,
1486		"Test Using Larger Than Block-Size Key and Larger Than One "
1487		"Block-Size Data",
1488		73,
1489		{
1490			0x63, 0x55, 0xac, 0x22, 0xe8, 0x90, 0xd0, 0xa3,
1491			0xc8, 0x48, 0x1a, 0x5c, 0xa4, 0x82, 0x5b, 0xc8,
1492			0x84, 0xd3, 0xe7, 0xa1, 0xff, 0x98, 0xa2, 0xfc,
1493			0x2a, 0xc7, 0xd8, 0xe0, 0x64, 0xc3, 0xb2, 0xe6
1494		}
1495	}
1496};
1497
1498
1499static int test_sha256(void)
1500{
1501	unsigned int i;
1502	u8 hash[32];
1503	const u8 *addr[2];
1504	size_t len[2];
1505	int errors = 0;
1506
1507	for (i = 0; i < ARRAY_SIZE(tests); i++) {
1508		wpa_printf(MSG_INFO, "SHA256 test case %d:", i + 1);
1509
1510		addr[0] = (u8 *) tests[i].data;
1511		len[0] = strlen(tests[i].data);
1512		sha256_vector(1, addr, len, hash);
1513		if (memcmp(hash, tests[i].hash, 32) != 0) {
1514			wpa_printf(MSG_INFO, " FAIL");
1515			errors++;
1516		} else
1517			wpa_printf(MSG_INFO, " OK");
1518
1519		if (len[0]) {
1520			addr[0] = (u8 *) tests[i].data;
1521			len[0] = 1;
1522			addr[1] = (u8 *) tests[i].data + 1;
1523			len[1] = strlen(tests[i].data) - 1;
1524			sha256_vector(2, addr, len, hash);
1525			if (memcmp(hash, tests[i].hash, 32) != 0) {
1526				wpa_printf(MSG_INFO, " FAIL");
1527				errors++;
1528			} else
1529				wpa_printf(MSG_INFO, " OK");
1530		}
1531	}
1532
1533	for (i = 0; i < ARRAY_SIZE(hmac_tests); i++) {
1534		const struct hmac_test *t = &hmac_tests[i];
1535
1536		wpa_printf(MSG_INFO, "HMAC-SHA256 test case %d:", i + 1);
1537
1538		if (hmac_sha256(t->key, t->key_len, t->data, t->data_len,
1539				hash) < 0 ||
1540		    os_memcmp(hash, t->hash, 32) != 0) {
1541			wpa_printf(MSG_INFO, " FAIL");
1542			errors++;
1543		} else
1544			wpa_printf(MSG_INFO, " OK");
1545
1546		addr[0] = t->data;
1547		len[0] = t->data_len;
1548		if (hmac_sha256_vector(t->key, t->key_len, 1, addr, len,
1549				       hash) < 0 ||
1550		    os_memcmp(hash, t->hash, 32) != 0) {
1551			wpa_printf(MSG_INFO, " FAIL");
1552			errors++;
1553		} else
1554			wpa_printf(MSG_INFO, " OK");
1555
1556		if (len[0]) {
1557			addr[0] = t->data;
1558			len[0] = 1;
1559			addr[1] = t->data + 1;
1560			len[1] = t->data_len - 1;
1561			if (hmac_sha256_vector(t->key, t->key_len, 2, addr, len,
1562					       hash) < 0 ||
1563			    os_memcmp(hash, t->hash, 32) != 0) {
1564				wpa_printf(MSG_INFO, " FAIL");
1565				errors++;
1566			} else
1567				wpa_printf(MSG_INFO, " OK");
1568		}
1569	}
1570
1571	wpa_printf(MSG_INFO, "Test IEEE 802.11r KDF");
1572	sha256_prf((u8 *) "abc", 3, "KDF test", (u8 *) "data", 4,
1573		   hash, sizeof(hash));
1574	/* TODO: add proper test case for this */
1575
1576	if (!errors)
1577		wpa_printf(MSG_INFO, "SHA256 test cases passed");
1578	return errors;
1579}
1580
1581
1582static int test_ms_funcs(void)
1583{
1584#ifndef CONFIG_FIPS
1585	/* Test vector from RFC2759 example */
1586	char *username = "User";
1587	char *password = "clientPass";
1588	u8 auth_challenge[] = {
1589		0x5B, 0x5D, 0x7C, 0x7D, 0x7B, 0x3F, 0x2F, 0x3E,
1590		0x3C, 0x2C, 0x60, 0x21, 0x32, 0x26, 0x26, 0x28
1591	};
1592	u8 peer_challenge[] = {
1593		0x21, 0x40, 0x23, 0x24, 0x25, 0x5E, 0x26, 0x2A,
1594		0x28, 0x29, 0x5F, 0x2B, 0x3A, 0x33, 0x7C, 0x7E
1595	};
1596	u8 password_hash[] = {
1597		0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6,
1598		0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE
1599	};
1600	u8 nt_response[] = {
1601		0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E,
1602		0xA0, 0x8F, 0xAA, 0x39, 0x81, 0xCD, 0x83, 0x54,
1603		0x42, 0x33, 0x11, 0x4A, 0x3D, 0x85, 0xD6, 0xDF
1604	};
1605	u8 password_hash_hash[] = {
1606		0x41, 0xC0, 0x0C, 0x58, 0x4B, 0xD2, 0xD9, 0x1C,
1607		0x40, 0x17, 0xA2, 0xA1, 0x2F, 0xA5, 0x9F, 0x3F
1608	};
1609	u8 authenticator_response[] = {
1610		0x40, 0x7A, 0x55, 0x89, 0x11, 0x5F, 0xD0, 0xD6,
1611		0x20, 0x9F, 0x51, 0x0F, 0xE9, 0xC0, 0x45, 0x66,
1612		0x93, 0x2C, 0xDA, 0x56
1613	};
1614	u8 master_key[] = {
1615		0xFD, 0xEC, 0xE3, 0x71, 0x7A, 0x8C, 0x83, 0x8C,
1616		0xB3, 0x88, 0xE5, 0x27, 0xAE, 0x3C, 0xDD, 0x31
1617	};
1618	u8 send_start_key[] = {
1619		0x8B, 0x7C, 0xDC, 0x14, 0x9B, 0x99, 0x3A, 0x1B,
1620		0xA1, 0x18, 0xCB, 0x15, 0x3F, 0x56, 0xDC, 0xCB
1621	};
1622	u8 buf[32];
1623	int errors = 0;
1624
1625	if (nt_password_hash((u8 *) password, os_strlen(password), buf) ||
1626	    os_memcmp(password_hash, buf, sizeof(password_hash)) != 0) {
1627		wpa_printf(MSG_ERROR, "nt_password_hash failed");
1628		errors++;
1629	}
1630
1631	if (generate_nt_response(auth_challenge, peer_challenge,
1632				 (u8 *) username, os_strlen(username),
1633				 (u8 *) password, os_strlen(password), buf) ||
1634	    os_memcmp(nt_response, buf, sizeof(nt_response)) != 0) {
1635		wpa_printf(MSG_ERROR, "generate_nt_response failed");
1636		errors++;
1637	}
1638
1639	if (hash_nt_password_hash(password_hash, buf) ||
1640	    os_memcmp(password_hash_hash, buf,
1641		      sizeof(password_hash_hash)) != 0) {
1642		wpa_printf(MSG_ERROR, "hash_nt_password_hash failed");
1643		errors++;
1644	}
1645
1646	if (generate_authenticator_response((u8 *) password,
1647					    os_strlen(password),
1648					    peer_challenge, auth_challenge,
1649					    (u8 *) username,
1650					    os_strlen(username),
1651					    nt_response, buf) ||
1652	    os_memcmp(authenticator_response, buf,
1653		      sizeof(authenticator_response)) != 0) {
1654		wpa_printf(MSG_ERROR, "generate_authenticator_response failed");
1655		errors++;
1656	}
1657
1658	if (get_master_key(password_hash_hash, nt_response, buf) ||
1659	    os_memcmp(master_key, buf, sizeof(master_key)) != 0) {
1660		wpa_printf(MSG_ERROR, "get_master_key failed");
1661		errors++;
1662	}
1663
1664	if (get_asymetric_start_key(master_key, buf, sizeof(send_start_key),
1665				    1, 1) ||
1666	    os_memcmp(send_start_key, buf, sizeof(send_start_key)) != 0) {
1667		wpa_printf(MSG_ERROR, "get_asymetric_start_key failed");
1668		errors++;
1669	}
1670
1671	if (errors)
1672		wpa_printf(MSG_ERROR, "ms_funcs: %d errors", errors);
1673	else
1674		wpa_printf(MSG_INFO, "ms_funcs test cases passed");
1675
1676	return errors;
1677#else /* CONFIG_FIPS */
1678	wpa_printf(MSG_INFO, "ms_funcs test cases skipped due to CONFIG_FIPS");
1679	return 0;
1680#endif /* CONFIG_FIPS */
1681}
1682
1683
1684int crypto_module_tests(void)
1685{
1686	int ret = 0;
1687
1688	wpa_printf(MSG_INFO, "crypto module tests");
1689	if (test_siv() ||
1690	    test_omac1() ||
1691	    test_eax() ||
1692	    test_cbc() ||
1693	    test_ecb() ||
1694	    test_key_wrap() ||
1695	    test_md5() ||
1696	    test_sha1() ||
1697	    test_sha256() ||
1698	    test_ms_funcs())
1699		ret = -1;
1700
1701	return ret;
1702}
1703