1 /*
2 * Test program for SHA1 and MD5
3 * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 */
14
15 #include "includes.h"
16
17 #include "common.h"
18 #include "crypto/sha1.h"
19 #include "md5.h"
20 #include "crypto.h"
21
22
test_eap_fast(void)23 static int test_eap_fast(void)
24 {
25 /* RFC 4851, Appendix B.1 */
26 const u8 pac_key[] = {
27 0x0B, 0x97, 0x39, 0x0F, 0x37, 0x51, 0x78, 0x09,
28 0x81, 0x1E, 0xFD, 0x9C, 0x6E, 0x65, 0x94, 0x2B,
29 0x63, 0x2C, 0xE9, 0x53, 0x89, 0x38, 0x08, 0xBA,
30 0x36, 0x0B, 0x03, 0x7C, 0xD1, 0x85, 0xE4, 0x14
31 };
32 const u8 seed[] = {
33 0x3F, 0xFB, 0x11, 0xC4, 0x6C, 0xBF, 0xA5, 0x7A,
34 0x54, 0x40, 0xDA, 0xE8, 0x22, 0xD3, 0x11, 0xD3,
35 0xF7, 0x6D, 0xE4, 0x1D, 0xD9, 0x33, 0xE5, 0x93,
36 0x70, 0x97, 0xEB, 0xA9, 0xB3, 0x66, 0xF4, 0x2A,
37 0x00, 0x00, 0x00, 0x02, 0x6A, 0x66, 0x43, 0x2A,
38 0x8D, 0x14, 0x43, 0x2C, 0xEC, 0x58, 0x2D, 0x2F,
39 0xC7, 0x9C, 0x33, 0x64, 0xBA, 0x04, 0xAD, 0x3A,
40 0x52, 0x54, 0xD6, 0xA5, 0x79, 0xAD, 0x1E, 0x00
41 };
42 const u8 master_secret[] = {
43 0x4A, 0x1A, 0x51, 0x2C, 0x01, 0x60, 0xBC, 0x02,
44 0x3C, 0xCF, 0xBC, 0x83, 0x3F, 0x03, 0xBC, 0x64,
45 0x88, 0xC1, 0x31, 0x2F, 0x0B, 0xA9, 0xA2, 0x77,
46 0x16, 0xA8, 0xD8, 0xE8, 0xBD, 0xC9, 0xD2, 0x29,
47 0x38, 0x4B, 0x7A, 0x85, 0xBE, 0x16, 0x4D, 0x27,
48 0x33, 0xD5, 0x24, 0x79, 0x87, 0xB1, 0xC5, 0xA2
49 };
50 const u8 key_block[] = {
51 0x59, 0x59, 0xBE, 0x8E, 0x41, 0x3A, 0x77, 0x74,
52 0x8B, 0xB2, 0xE5, 0xD3, 0x60, 0xAC, 0x4D, 0x35,
53 0xDF, 0xFB, 0xC8, 0x1E, 0x9C, 0x24, 0x9C, 0x8B,
54 0x0E, 0xC3, 0x1D, 0x72, 0xC8, 0x84, 0x9D, 0x57,
55 0x48, 0x51, 0x2E, 0x45, 0x97, 0x6C, 0x88, 0x70,
56 0xBE, 0x5F, 0x01, 0xD3, 0x64, 0xE7, 0x4C, 0xBB,
57 0x11, 0x24, 0xE3, 0x49, 0xE2, 0x3B, 0xCD, 0xEF,
58 0x7A, 0xB3, 0x05, 0x39, 0x5D, 0x64, 0x8A, 0x44,
59 0x11, 0xB6, 0x69, 0x88, 0x34, 0x2E, 0x8E, 0x29,
60 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05,
61 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96,
62 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84,
63 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98,
64 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71
65 };
66 const u8 sks[] = {
67 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05,
68 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96,
69 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84,
70 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98,
71 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71
72 };
73 const u8 isk[] = {
74 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
75 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
76 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
77 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
78 };
79 const u8 imck[] = {
80 0x16, 0x15, 0x3C, 0x3F, 0x21, 0x55, 0xEF, 0xD9,
81 0x7F, 0x34, 0xAE, 0xC8, 0x1A, 0x4E, 0x66, 0x80,
82 0x4C, 0xC3, 0x76, 0xF2, 0x8A, 0xA9, 0x6F, 0x96,
83 0xC2, 0x54, 0x5F, 0x8C, 0xAB, 0x65, 0x02, 0xE1,
84 0x18, 0x40, 0x7B, 0x56, 0xBE, 0xEA, 0xA7, 0xC5,
85 0x76, 0x5D, 0x8F, 0x0B, 0xC5, 0x07, 0xC6, 0xB9,
86 0x04, 0xD0, 0x69, 0x56, 0x72, 0x8B, 0x6B, 0xB8,
87 0x15, 0xEC, 0x57, 0x7B
88 };
89 const u8 msk[] = {
90 0x4D, 0x83, 0xA9, 0xBE, 0x6F, 0x8A, 0x74, 0xED,
91 0x6A, 0x02, 0x66, 0x0A, 0x63, 0x4D, 0x2C, 0x33,
92 0xC2, 0xDA, 0x60, 0x15, 0xC6, 0x37, 0x04, 0x51,
93 0x90, 0x38, 0x63, 0xDA, 0x54, 0x3E, 0x14, 0xB9,
94 0x27, 0x99, 0x18, 0x1E, 0x07, 0xBF, 0x0F, 0x5A,
95 0x5E, 0x3C, 0x32, 0x93, 0x80, 0x8C, 0x6C, 0x49,
96 0x67, 0xED, 0x24, 0xFE, 0x45, 0x40, 0xA0, 0x59,
97 0x5E, 0x37, 0xC2, 0xE9, 0xD0, 0x5D, 0x0A, 0xE3
98 };
99 const u8 emsk[] = {
100 0x3A, 0xD4, 0xAB, 0xDB, 0x76, 0xB2, 0x7F, 0x3B,
101 0xEA, 0x32, 0x2C, 0x2B, 0x74, 0xF4, 0x28, 0x55,
102 0xEF, 0x2D, 0xBA, 0x78, 0xC9, 0x57, 0x2F, 0x0D,
103 0x06, 0xCD, 0x51, 0x7C, 0x20, 0x93, 0x98, 0xA9,
104 0x76, 0xEA, 0x70, 0x21, 0xD7, 0x0E, 0x25, 0x54,
105 0x97, 0xED, 0xB2, 0x8A, 0xF6, 0xED, 0xFD, 0x0A,
106 0x2A, 0xE7, 0xA1, 0x58, 0x90, 0x10, 0x50, 0x44,
107 0xB3, 0x82, 0x85, 0xDB, 0x06, 0x14, 0xD2, 0xF9
108 };
109 /* RFC 4851, Appendix B.2 */
110 u8 tlv[] = {
111 0x80, 0x0C, 0x00, 0x38, 0x00, 0x01, 0x01, 0x00,
112 0xD8, 0x6A, 0x8C, 0x68, 0x3C, 0x32, 0x31, 0xA8,
113 0x56, 0x63, 0xB6, 0x40, 0x21, 0xFE, 0x21, 0x14,
114 0x4E, 0xE7, 0x54, 0x20, 0x79, 0x2D, 0x42, 0x62,
115 0xC9, 0xBF, 0x53, 0x7F, 0x54, 0xFD, 0xAC, 0x58,
116 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF,
117 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC,
118 0x05, 0xC5, 0x5B, 0xB7
119 };
120 const u8 compound_mac[] = {
121 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF,
122 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC,
123 0x05, 0xC5, 0x5B, 0xB7
124 };
125 u8 buf[512];
126 const u8 *simck, *cmk;
127 int errors = 0;
128
129 printf("EAP-FAST test cases\n");
130
131 printf("- T-PRF (SHA1) test case / master_secret\n");
132 sha1_t_prf(pac_key, sizeof(pac_key), "PAC to master secret label hash",
133 seed, sizeof(seed), buf, sizeof(master_secret));
134 if (memcmp(master_secret, buf, sizeof(master_secret)) != 0) {
135 printf("T-PRF test - FAILED!\n");
136 errors++;
137 }
138
139 printf("- PRF (TLS, SHA1/MD5) test case / key_block\n");
140 tls_prf(master_secret, sizeof(master_secret), "key expansion",
141 seed, sizeof(seed), buf, sizeof(key_block));
142 if (memcmp(key_block, buf, sizeof(key_block)) != 0) {
143 printf("PRF test - FAILED!\n");
144 errors++;
145 }
146
147 printf("- T-PRF (SHA1) test case / IMCK\n");
148 sha1_t_prf(sks, sizeof(sks), "Inner Methods Compound Keys",
149 isk, sizeof(isk), buf, sizeof(imck));
150 if (memcmp(imck, buf, sizeof(imck)) != 0) {
151 printf("T-PRF test - FAILED!\n");
152 errors++;
153 }
154
155 simck = imck;
156 cmk = imck + 40;
157
158 printf("- T-PRF (SHA1) test case / MSK\n");
159 sha1_t_prf(simck, 40, "Session Key Generating Function",
160 (u8 *) "", 0, buf, sizeof(msk));
161 if (memcmp(msk, buf, sizeof(msk)) != 0) {
162 printf("T-PRF test - FAILED!\n");
163 errors++;
164 }
165
166 printf("- T-PRF (SHA1) test case / EMSK\n");
167 sha1_t_prf(simck, 40, "Extended Session Key Generating Function",
168 (u8 *) "", 0, buf, sizeof(msk));
169 if (memcmp(emsk, buf, sizeof(emsk)) != 0) {
170 printf("T-PRF test - FAILED!\n");
171 errors++;
172 }
173
174 printf("- Compound MAC test case\n");
175 memset(tlv + sizeof(tlv) - 20, 0, 20);
176 hmac_sha1(cmk, 20, tlv, sizeof(tlv), tlv + sizeof(tlv) - 20);
177 if (memcmp(tlv + sizeof(tlv) - 20, compound_mac, sizeof(compound_mac))
178 != 0) {
179 printf("Compound MAC test - FAILED!\n");
180 errors++;
181 }
182
183 return errors;
184 }
185
186
187 static u8 key0[] =
188 {
189 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
190 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
191 0x0b, 0x0b, 0x0b, 0x0b
192 };
193 static u8 data0[] = "Hi There";
194 static u8 prf0[] =
195 {
196 0xbc, 0xd4, 0xc6, 0x50, 0xb3, 0x0b, 0x96, 0x84,
197 0x95, 0x18, 0x29, 0xe0, 0xd7, 0x5f, 0x9d, 0x54,
198 0xb8, 0x62, 0x17, 0x5e, 0xd9, 0xf0, 0x06, 0x06,
199 0xe1, 0x7d, 0x8d, 0xa3, 0x54, 0x02, 0xff, 0xee,
200 0x75, 0xdf, 0x78, 0xc3, 0xd3, 0x1e, 0x0f, 0x88,
201 0x9f, 0x01, 0x21, 0x20, 0xc0, 0x86, 0x2b, 0xeb,
202 0x67, 0x75, 0x3e, 0x74, 0x39, 0xae, 0x24, 0x2e,
203 0xdb, 0x83, 0x73, 0x69, 0x83, 0x56, 0xcf, 0x5a
204 };
205
206 static u8 key1[] = "Jefe";
207 static u8 data1[] = "what do ya want for nothing?";
208 static u8 prf1[] =
209 {
210 0x51, 0xf4, 0xde, 0x5b, 0x33, 0xf2, 0x49, 0xad,
211 0xf8, 0x1a, 0xeb, 0x71, 0x3a, 0x3c, 0x20, 0xf4,
212 0xfe, 0x63, 0x14, 0x46, 0xfa, 0xbd, 0xfa, 0x58,
213 0x24, 0x47, 0x59, 0xae, 0x58, 0xef, 0x90, 0x09,
214 0xa9, 0x9a, 0xbf, 0x4e, 0xac, 0x2c, 0xa5, 0xfa,
215 0x87, 0xe6, 0x92, 0xc4, 0x40, 0xeb, 0x40, 0x02,
216 0x3e, 0x7b, 0xab, 0xb2, 0x06, 0xd6, 0x1d, 0xe7,
217 0xb9, 0x2f, 0x41, 0x52, 0x90, 0x92, 0xb8, 0xfc
218 };
219
220
221 static u8 key2[] =
222 {
223 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
224 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
225 0xaa, 0xaa, 0xaa, 0xaa
226 };
227 static u8 data2[] =
228 {
229 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
230 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
231 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
232 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
233 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
234 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
235 0xdd, 0xdd
236 };
237 static u8 prf2[] =
238 {
239 0xe1, 0xac, 0x54, 0x6e, 0xc4, 0xcb, 0x63, 0x6f,
240 0x99, 0x76, 0x48, 0x7b, 0xe5, 0xc8, 0x6b, 0xe1,
241 0x7a, 0x02, 0x52, 0xca, 0x5d, 0x8d, 0x8d, 0xf1,
242 0x2c, 0xfb, 0x04, 0x73, 0x52, 0x52, 0x49, 0xce,
243 0x9d, 0xd8, 0xd1, 0x77, 0xea, 0xd7, 0x10, 0xbc,
244 0x9b, 0x59, 0x05, 0x47, 0x23, 0x91, 0x07, 0xae,
245 0xf7, 0xb4, 0xab, 0xd4, 0x3d, 0x87, 0xf0, 0xa6,
246 0x8f, 0x1c, 0xbd, 0x9e, 0x2b, 0x6f, 0x76, 0x07
247 };
248
249
250 struct passphrase_test {
251 char *passphrase;
252 char *ssid;
253 char psk[32];
254 };
255
256 static struct passphrase_test passphrase_tests[] =
257 {
258 {
259 "password",
260 "IEEE",
261 {
262 0xf4, 0x2c, 0x6f, 0xc5, 0x2d, 0xf0, 0xeb, 0xef,
263 0x9e, 0xbb, 0x4b, 0x90, 0xb3, 0x8a, 0x5f, 0x90,
264 0x2e, 0x83, 0xfe, 0x1b, 0x13, 0x5a, 0x70, 0xe2,
265 0x3a, 0xed, 0x76, 0x2e, 0x97, 0x10, 0xa1, 0x2e
266 }
267 },
268 {
269 "ThisIsAPassword",
270 "ThisIsASSID",
271 {
272 0x0d, 0xc0, 0xd6, 0xeb, 0x90, 0x55, 0x5e, 0xd6,
273 0x41, 0x97, 0x56, 0xb9, 0xa1, 0x5e, 0xc3, 0xe3,
274 0x20, 0x9b, 0x63, 0xdf, 0x70, 0x7d, 0xd5, 0x08,
275 0xd1, 0x45, 0x81, 0xf8, 0x98, 0x27, 0x21, 0xaf
276 }
277 },
278 {
279 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
280 "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ",
281 {
282 0xbe, 0xcb, 0x93, 0x86, 0x6b, 0xb8, 0xc3, 0x83,
283 0x2c, 0xb7, 0x77, 0xc2, 0xf5, 0x59, 0x80, 0x7c,
284 0x8c, 0x59, 0xaf, 0xcb, 0x6e, 0xae, 0x73, 0x48,
285 0x85, 0x00, 0x13, 0x00, 0xa9, 0x81, 0xcc, 0x62
286 }
287 },
288 };
289
290 #define NUM_PASSPHRASE_TESTS \
291 (sizeof(passphrase_tests) / sizeof(passphrase_tests[0]))
292
293
main(int argc,char * argv[])294 int main(int argc, char *argv[])
295 {
296 u8 res[512];
297 int ret = 0;
298 unsigned int i;
299
300 printf("PRF-SHA1 test cases:\n");
301
302 sha1_prf(key0, sizeof(key0), "prefix", data0, sizeof(data0) - 1,
303 res, sizeof(prf0));
304 if (memcmp(res, prf0, sizeof(prf0)) == 0)
305 printf("Test case 0 - OK\n");
306 else {
307 printf("Test case 0 - FAILED!\n");
308 ret++;
309 }
310
311 sha1_prf(key1, sizeof(key1) - 1, "prefix", data1, sizeof(data1) - 1,
312 res, sizeof(prf1));
313 if (memcmp(res, prf1, sizeof(prf1)) == 0)
314 printf("Test case 1 - OK\n");
315 else {
316 printf("Test case 1 - FAILED!\n");
317 ret++;
318 }
319
320 sha1_prf(key2, sizeof(key2), "prefix", data2, sizeof(data2),
321 res, sizeof(prf2));
322 if (memcmp(res, prf2, sizeof(prf2)) == 0)
323 printf("Test case 2 - OK\n");
324 else {
325 printf("Test case 2 - FAILED!\n");
326 ret++;
327 }
328
329 ret += test_eap_fast();
330
331 printf("PBKDF2-SHA1 Passphrase test cases:\n");
332 for (i = 0; i < NUM_PASSPHRASE_TESTS; i++) {
333 u8 psk[32];
334 struct passphrase_test *test = &passphrase_tests[i];
335 pbkdf2_sha1(test->passphrase,
336 test->ssid, strlen(test->ssid),
337 4096, psk, 32);
338 if (memcmp(psk, test->psk, 32) == 0)
339 printf("Test case %d - OK\n", i);
340 else {
341 printf("Test case %d - FAILED!\n", i);
342 ret++;
343 }
344 }
345
346 return ret;
347 }
348