1 /*
2 * Test program for SHA1 and MD5
3 * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 */
14
15 #include "includes.h"
16
17 #include "common.h"
18 #include "sha1.h"
19 #include "md5.h"
20 #include "crypto.h"
21
22
test_eap_fast(void)23 static int test_eap_fast(void)
24 {
25 /* draft-cam-winget-eap-fast-01.txt */
26 const u8 pac_key[] = {
27 0x0B, 0x97, 0x39, 0x0F, 0x37, 0x51, 0x78, 0x09,
28 0x81, 0x1E, 0xFD, 0x9C, 0x6E, 0x65, 0x94, 0x2B,
29 0x63, 0x2C, 0xE9, 0x53, 0x89, 0x38, 0x08, 0xBA,
30 0x36, 0x0B, 0x03, 0x7C, 0xD1, 0x85, 0xE4, 0x14
31 };
32 const u8 seed[] = {
33 0x3F, 0xFB, 0x11, 0xC4, 0x6C, 0xBF, 0xA5, 0x7A,
34 0x54, 0x40, 0xDA, 0xE8, 0x22, 0xD3, 0x11, 0xD3,
35 0xF7, 0x6D, 0xE4, 0x1D, 0xD9, 0x33, 0xE5, 0x93,
36 0x70, 0x97, 0xEB, 0xA9, 0xB3, 0x66, 0xF4, 0x2A,
37 0x00, 0x00, 0x00, 0x02, 0x6A, 0x66, 0x43, 0x2A,
38 0x8D, 0x14, 0x43, 0x2C, 0xEC, 0x58, 0x2D, 0x2F,
39 0xC7, 0x9C, 0x33, 0x64, 0xBA, 0x04, 0xAD, 0x3A,
40 0x52, 0x54, 0xD6, 0xA5, 0x79, 0xAD, 0x1E, 0x00
41 };
42 const u8 master_secret[] = {
43 0x4A, 0x1A, 0x51, 0x2C, 0x01, 0x60, 0xBC, 0x02,
44 0x3C, 0xCF, 0xBC, 0x83, 0x3F, 0x03, 0xBC, 0x64,
45 0x88, 0xC1, 0x31, 0x2F, 0x0B, 0xA9, 0xA2, 0x77,
46 0x16, 0xA8, 0xD8, 0xE8, 0xBD, 0xC9, 0xD2, 0x29,
47 0x38, 0x4B, 0x7A, 0x85, 0xBE, 0x16, 0x4D, 0x27,
48 0x33, 0xD5, 0x24, 0x79, 0x87, 0xB1, 0xC5, 0xA2
49 };
50 const u8 key_block[] = {
51 0x59, 0x59, 0xBE, 0x8E, 0x41, 0x3A, 0x77, 0x74,
52 0x8B, 0xB2, 0xE5, 0xD3, 0x60, 0xAC, 0x4D, 0x35,
53 0xDF, 0xFB, 0xC8, 0x1E, 0x9C, 0x24, 0x9C, 0x8B,
54 0x0E, 0xC3, 0x1D, 0x72, 0xC8, 0x84, 0x9D, 0x57,
55 0x48, 0x51, 0x2E, 0x45, 0x97, 0x6C, 0x88, 0x70,
56 0xBE, 0x5F, 0x01, 0xD3, 0x64, 0xE7, 0x4C, 0xBB,
57 0x11, 0x24, 0xE3, 0x49, 0xE2, 0x3B, 0xCD, 0xEF,
58 0x7A, 0xB3, 0x05, 0x39, 0x5D, 0x64, 0x8A, 0x44,
59 0x11, 0xB6, 0x69, 0x88, 0x34, 0x2E, 0x8E, 0x29,
60 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05,
61 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96,
62 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84,
63 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98,
64 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71
65 };
66 const u8 sks[] = {
67 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05,
68 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96,
69 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84,
70 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98,
71 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71
72 };
73 const u8 isk[] = {
74 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
75 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
76 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
77 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
78 };
79 const u8 imck[] = {
80 0x16, 0x15, 0x3C, 0x3F, 0x21, 0x55, 0xEF, 0xD9,
81 0x7F, 0x34, 0xAE, 0xC8, 0x1A, 0x4E, 0x66, 0x80,
82 0x4C, 0xC3, 0x76, 0xF2, 0x8A, 0xA9, 0x6F, 0x96,
83 0xC2, 0x54, 0x5F, 0x8C, 0xAB, 0x65, 0x02, 0xE1,
84 0x18, 0x40, 0x7B, 0x56, 0xBE, 0xEA, 0xA7, 0xC5,
85 0x76, 0x5D, 0x8F, 0x0B, 0xC5, 0x07, 0xC6, 0xB9,
86 0x04, 0xD0, 0x69, 0x56, 0x72, 0x8B, 0x6B, 0xB8,
87 0x15, 0xEC, 0x57, 0x7B
88 };
89 const u8 msk[] = {
90 0x4D, 0x83, 0xA9, 0xBE, 0x6F, 0x8A, 0x74, 0xED,
91 0x6A, 0x02, 0x66, 0x0A, 0x63, 0x4D, 0x2C, 0x33,
92 0xC2, 0xDA, 0x60, 0x15, 0xC6, 0x37, 0x04, 0x51,
93 0x90, 0x38, 0x63, 0xDA, 0x54, 0x3E, 0x14, 0xB9,
94 0x27, 0x99, 0x18, 0x1E, 0x07, 0xBF, 0x0F, 0x5A,
95 0x5E, 0x3C, 0x32, 0x93, 0x80, 0x8C, 0x6C, 0x49,
96 0x67, 0xED, 0x24, 0xFE, 0x45, 0x40, 0xA0, 0x59,
97 0x5E, 0x37, 0xC2, 0xE9, 0xD0, 0x5D, 0x0A, 0xE3
98 };
99 u8 tlv[] = {
100 0x80, 0x0C, 0x00, 0x38, 0x00, 0x01, 0x01, 0x00,
101 0xD8, 0x6A, 0x8C, 0x68, 0x3C, 0x32, 0x31, 0xA8,
102 0x56, 0x63, 0xB6, 0x40, 0x21, 0xFE, 0x21, 0x14,
103 0x4E, 0xE7, 0x54, 0x20, 0x79, 0x2D, 0x42, 0x62,
104 0xC9, 0xBF, 0x53, 0x7F, 0x54, 0xFD, 0xAC, 0x58,
105 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF,
106 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC,
107 0x05, 0xC5, 0x5B, 0xB7
108 };
109 const u8 compound_mac[] = {
110 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF,
111 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC,
112 0x05, 0xC5, 0x5B, 0xB7
113 };
114 u8 buf[512];
115 const u8 *simck, *cmk;
116 int errors = 0;
117
118 printf("EAP-FAST test cases\n");
119
120 printf("- T-PRF (SHA1) test case / master_secret\n");
121 sha1_t_prf(pac_key, sizeof(pac_key), "PAC to master secret label hash",
122 seed, sizeof(seed), buf, sizeof(master_secret));
123 if (memcmp(master_secret, buf, sizeof(master_secret)) != 0) {
124 printf("T-PRF test - FAILED!\n");
125 errors++;
126 }
127
128 printf("- PRF (TLS, SHA1/MD5) test case / key_block\n");
129 tls_prf(master_secret, sizeof(master_secret), "key expansion",
130 seed, sizeof(seed), buf, sizeof(key_block));
131 if (memcmp(key_block, buf, sizeof(key_block)) != 0) {
132 printf("PRF test - FAILED!\n");
133 errors++;
134 }
135
136 printf("- T-PRF (SHA1) test case / IMCK\n");
137 sha1_t_prf(sks, sizeof(sks), "Inner Methods Compound Keys",
138 isk, sizeof(isk), buf, sizeof(imck));
139 if (memcmp(imck, buf, sizeof(imck)) != 0) {
140 printf("T-PRF test - FAILED!\n");
141 errors++;
142 }
143
144 simck = imck;
145 cmk = imck + 40;
146
147 printf("- T-PRF (SHA1) test case / MSK\n");
148 sha1_t_prf(simck, 40, "Session Key Generating Function",
149 (u8 *) "", 0, buf, sizeof(msk));
150 if (memcmp(msk, buf, sizeof(msk)) != 0) {
151 printf("T-PRF test - FAILED!\n");
152 errors++;
153 }
154
155 printf("- Compound MAC test case\n");
156 memset(tlv + sizeof(tlv) - 20, 0, 20);
157 hmac_sha1(cmk, 20, tlv, sizeof(tlv), tlv + sizeof(tlv) - 20);
158 if (memcmp(tlv + sizeof(tlv) - 20, compound_mac, sizeof(compound_mac))
159 != 0) {
160 printf("Compound MAC test - FAILED!\n");
161 errors++;
162 }
163
164 return errors;
165 }
166
167
168 static u8 key0[] =
169 {
170 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
171 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
172 0x0b, 0x0b, 0x0b, 0x0b
173 };
174 static u8 data0[] = "Hi There";
175 static u8 prf0[] =
176 {
177 0xbc, 0xd4, 0xc6, 0x50, 0xb3, 0x0b, 0x96, 0x84,
178 0x95, 0x18, 0x29, 0xe0, 0xd7, 0x5f, 0x9d, 0x54,
179 0xb8, 0x62, 0x17, 0x5e, 0xd9, 0xf0, 0x06, 0x06,
180 0xe1, 0x7d, 0x8d, 0xa3, 0x54, 0x02, 0xff, 0xee,
181 0x75, 0xdf, 0x78, 0xc3, 0xd3, 0x1e, 0x0f, 0x88,
182 0x9f, 0x01, 0x21, 0x20, 0xc0, 0x86, 0x2b, 0xeb,
183 0x67, 0x75, 0x3e, 0x74, 0x39, 0xae, 0x24, 0x2e,
184 0xdb, 0x83, 0x73, 0x69, 0x83, 0x56, 0xcf, 0x5a
185 };
186
187 static u8 key1[] = "Jefe";
188 static u8 data1[] = "what do ya want for nothing?";
189 static u8 prf1[] =
190 {
191 0x51, 0xf4, 0xde, 0x5b, 0x33, 0xf2, 0x49, 0xad,
192 0xf8, 0x1a, 0xeb, 0x71, 0x3a, 0x3c, 0x20, 0xf4,
193 0xfe, 0x63, 0x14, 0x46, 0xfa, 0xbd, 0xfa, 0x58,
194 0x24, 0x47, 0x59, 0xae, 0x58, 0xef, 0x90, 0x09,
195 0xa9, 0x9a, 0xbf, 0x4e, 0xac, 0x2c, 0xa5, 0xfa,
196 0x87, 0xe6, 0x92, 0xc4, 0x40, 0xeb, 0x40, 0x02,
197 0x3e, 0x7b, 0xab, 0xb2, 0x06, 0xd6, 0x1d, 0xe7,
198 0xb9, 0x2f, 0x41, 0x52, 0x90, 0x92, 0xb8, 0xfc
199 };
200
201
202 static u8 key2[] =
203 {
204 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
205 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
206 0xaa, 0xaa, 0xaa, 0xaa
207 };
208 static u8 data2[] =
209 {
210 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
211 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
212 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
213 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
214 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
215 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
216 0xdd, 0xdd
217 };
218 static u8 prf2[] =
219 {
220 0xe1, 0xac, 0x54, 0x6e, 0xc4, 0xcb, 0x63, 0x6f,
221 0x99, 0x76, 0x48, 0x7b, 0xe5, 0xc8, 0x6b, 0xe1,
222 0x7a, 0x02, 0x52, 0xca, 0x5d, 0x8d, 0x8d, 0xf1,
223 0x2c, 0xfb, 0x04, 0x73, 0x52, 0x52, 0x49, 0xce,
224 0x9d, 0xd8, 0xd1, 0x77, 0xea, 0xd7, 0x10, 0xbc,
225 0x9b, 0x59, 0x05, 0x47, 0x23, 0x91, 0x07, 0xae,
226 0xf7, 0xb4, 0xab, 0xd4, 0x3d, 0x87, 0xf0, 0xa6,
227 0x8f, 0x1c, 0xbd, 0x9e, 0x2b, 0x6f, 0x76, 0x07
228 };
229
230
231 struct passphrase_test {
232 char *passphrase;
233 char *ssid;
234 char psk[32];
235 };
236
237 static struct passphrase_test passphrase_tests[] =
238 {
239 {
240 "password",
241 "IEEE",
242 {
243 0xf4, 0x2c, 0x6f, 0xc5, 0x2d, 0xf0, 0xeb, 0xef,
244 0x9e, 0xbb, 0x4b, 0x90, 0xb3, 0x8a, 0x5f, 0x90,
245 0x2e, 0x83, 0xfe, 0x1b, 0x13, 0x5a, 0x70, 0xe2,
246 0x3a, 0xed, 0x76, 0x2e, 0x97, 0x10, 0xa1, 0x2e
247 }
248 },
249 {
250 "ThisIsAPassword",
251 "ThisIsASSID",
252 {
253 0x0d, 0xc0, 0xd6, 0xeb, 0x90, 0x55, 0x5e, 0xd6,
254 0x41, 0x97, 0x56, 0xb9, 0xa1, 0x5e, 0xc3, 0xe3,
255 0x20, 0x9b, 0x63, 0xdf, 0x70, 0x7d, 0xd5, 0x08,
256 0xd1, 0x45, 0x81, 0xf8, 0x98, 0x27, 0x21, 0xaf
257 }
258 },
259 {
260 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
261 "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ",
262 {
263 0xbe, 0xcb, 0x93, 0x86, 0x6b, 0xb8, 0xc3, 0x83,
264 0x2c, 0xb7, 0x77, 0xc2, 0xf5, 0x59, 0x80, 0x7c,
265 0x8c, 0x59, 0xaf, 0xcb, 0x6e, 0xae, 0x73, 0x48,
266 0x85, 0x00, 0x13, 0x00, 0xa9, 0x81, 0xcc, 0x62
267 }
268 },
269 };
270
271 #define NUM_PASSPHRASE_TESTS \
272 (sizeof(passphrase_tests) / sizeof(passphrase_tests[0]))
273
274
main(int argc,char * argv[])275 int main(int argc, char *argv[])
276 {
277 u8 res[512];
278 int ret = 0;
279 unsigned int i;
280
281 printf("PRF-SHA1 test cases:\n");
282
283 sha1_prf(key0, sizeof(key0), "prefix", data0, sizeof(data0) - 1,
284 res, sizeof(prf0));
285 if (memcmp(res, prf0, sizeof(prf0)) == 0)
286 printf("Test case 0 - OK\n");
287 else {
288 printf("Test case 0 - FAILED!\n");
289 ret++;
290 }
291
292 sha1_prf(key1, sizeof(key1) - 1, "prefix", data1, sizeof(data1) - 1,
293 res, sizeof(prf1));
294 if (memcmp(res, prf1, sizeof(prf1)) == 0)
295 printf("Test case 1 - OK\n");
296 else {
297 printf("Test case 1 - FAILED!\n");
298 ret++;
299 }
300
301 sha1_prf(key2, sizeof(key2), "prefix", data2, sizeof(data2),
302 res, sizeof(prf2));
303 if (memcmp(res, prf2, sizeof(prf2)) == 0)
304 printf("Test case 2 - OK\n");
305 else {
306 printf("Test case 2 - FAILED!\n");
307 ret++;
308 }
309
310 ret += test_eap_fast();
311
312 printf("PBKDF2-SHA1 Passphrase test cases:\n");
313 for (i = 0; i < NUM_PASSPHRASE_TESTS; i++) {
314 u8 psk[32];
315 struct passphrase_test *test = &passphrase_tests[i];
316 pbkdf2_sha1(test->passphrase,
317 test->ssid, strlen(test->ssid),
318 4096, psk, 32);
319 if (memcmp(psk, test->psk, 32) == 0)
320 printf("Test case %d - OK\n", i);
321 else {
322 printf("Test case %d - FAILED!\n", i);
323 ret++;
324 }
325 }
326
327 return ret;
328 }
329