aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2011-01-10 18:41:04 (GMT)
committerJouni Malinen <j@w1.fi>2011-01-10 18:41:04 (GMT)
commit8d806cc2af8d7ff74162ddf5afbd3c38ee6ae0b4 (patch)
tree187e26b221e9f9f9eb4b29e1872a4b45d47b6c3f
parent60ea8187c9db60694d15d5abbd292b3b6016f9c0 (diff)
downloadhostap-8d806cc2af8d7ff74162ddf5afbd3c38ee6ae0b4.zip
hostap-8d806cc2af8d7ff74162ddf5afbd3c38ee6ae0b4.tar.gz
hostap-8d806cc2af8d7ff74162ddf5afbd3c38ee6ae0b4.tar.bz2
test-sha1: Add test vectors from RFC 6070
The test with very large iterations count is commented out since it takes quite long to derive (it does pass, though). In addition, the last test vector is commented out since pbkdf2_sha1() does not support arbitrary binary passphrases (\0 inside the string).
-rw-r--r--tests/test-sha1.c100
1 files changed, 100 insertions, 0 deletions
diff --git a/tests/test-sha1.c b/tests/test-sha1.c
index 792eca0..6c48f2b 100644
--- a/tests/test-sha1.c
+++ b/tests/test-sha1.c
@@ -291,6 +291,92 @@ static struct passphrase_test passphrase_tests[] =
(sizeof(passphrase_tests) / sizeof(passphrase_tests[0]))
+struct rfc6070_test {
+ char *p;
+ char *s;
+ int c;
+ char dk[32];
+ size_t dk_len;
+};
+
+static struct rfc6070_test rfc6070_tests[] =
+{
+ {
+ "password",
+ "salt",
+ 1,
+ {
+ 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
+ 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06,
+ 0x2f, 0xe0, 0x37, 0xa6
+ },
+ 20
+ },
+ {
+ "password",
+ "salt",
+ 2,
+ {
+ 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c,
+ 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0,
+ 0xd8, 0xde, 0x89, 0x57
+ },
+ 20
+ },
+ {
+ "password",
+ "salt",
+ 4096,
+ {
+ 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a,
+ 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0,
+ 0x65, 0xa4, 0x29, 0xc1
+ },
+ 20
+ },
+#if 0 /* This takes quite long to derive.. */
+ {
+ "password",
+ "salt",
+ 16777216,
+ {
+ 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4,
+ 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c,
+ 0x26, 0x34, 0xe9, 0x84
+ },
+ 20
+ },
+#endif
+ {
+ "passwordPASSWORDpassword",
+ "saltSALTsaltSALTsaltSALTsaltSALTsalt",
+ 4096,
+ {
+ 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b,
+ 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a,
+ 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70,
+ 0x38
+ },
+ 25
+ },
+#if 0 /* \0 not currently supported in passphrase parameters.. */
+ {
+ "pass\0word",
+ "sa\0lt",
+ 4096,
+ {
+ 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d,
+ 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3
+ },
+ 16
+ },
+#endif
+};
+
+#define NUM_RFC6070_TESTS \
+(sizeof(rfc6070_tests) / sizeof(rfc6070_tests[0]))
+
+
int main(int argc, char *argv[])
{
u8 res[512];
@@ -343,5 +429,19 @@ int main(int argc, char *argv[])
}
}
+ printf("PBKDF2-SHA1 test cases (RFC 6070):\n");
+ for (i = 0; i < NUM_RFC6070_TESTS; i++) {
+ u8 dk[25];
+ struct rfc6070_test *test = &rfc6070_tests[i];
+ pbkdf2_sha1(test->p, test->s, strlen(test->s), test->c,
+ dk, test->dk_len);
+ if (memcmp(dk, test->dk, test->dk_len) == 0)
+ printf("Test case %d - OK\n", i);
+ else {
+ printf("Test case %d - FAILED!\n", i);
+ ret++;
+ }
+ }
+
return ret;
}