1 /*
2 * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License as
6 * published by the Free Software Foundation; either version 2 of the
7 * License, or any later version.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17 * 02110-1301, USA.
18 *
19 * You can also choose to distribute this program under the terms of
20 * the Unmodified Binary Distribution Licence (as given in the file
21 * COPYING.UBDL), provided that you have satisfied its requirements.
22 */
23
24 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
25
26 /** @file
27 *
28 * HMAC_DRBG tests
29 *
30 * These test vectors are provided by NIST as part of the
31 * Cryptographic Toolkit Examples, downloadable from:
32 *
33 * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/HMAC_DRBG.pdf
34 *
35 */
36
37 /* Forcibly enable assertions */
38 #undef NDEBUG
39
40 #include <assert.h>
41 #include <string.h>
42 #include <ipxe/hmac_drbg.h>
43 #include <ipxe/sha1.h>
44 #include <ipxe/sha256.h>
45 #include <ipxe/test.h>
46
47 /** Define inline expected data */
48 #define EXPECT(...) { __VA_ARGS__ }
49
50 /** An HMAC_DRBG instantiation test */
51 struct hmac_drbg_test_instantiate {
52 /** Underlying hash algorithm */
53 struct digest_algorithm *hash;
54 /** Output block length */
55 size_t out_len;
56 /** Entropy */
57 const void *entropy;
58 /** Length of entropy */
59 size_t entropy_len;
60 /** Nonce */
61 const void *nonce;
62 /** Length of nonce */
63 size_t nonce_len;
64 /** Personalisation string */
65 const void *personal;
66 /** Length of personalisation string */
67 size_t personal_len;
68 /** Expected key */
69 const void *expected_key;
70 /** Length of expected key */
71 size_t expected_key_len;
72 /** Expected value */
73 const void *expected_value;
74 /** Length of expected value */
75 size_t expected_value_len;
76 };
77
78 /**
79 * Define an HMAC_DRBG instantiation test
80 *
81 * @v name Test name
82 * @v hmac_drbg HMAC_DRBG algorithm
83 * @v entropy_array Entropy input
84 * @v nonce_array Nonce
85 * @v personal_array Personalisation string
86 * @v key Expected key
87 * @v value Expected value
88 * @ret test Instantiation test
89 */
90 #define HMAC_DRBG_TEST_INSTANTIATE( name, hmac_drbg, entropy_array, \
91 nonce_array, personal_array, \
92 key, value ) \
93 static const uint8_t name ## _key [] = key; \
94 static const uint8_t name ## _value [] = value; \
95 static struct hmac_drbg_test_instantiate name = { \
96 .hash = HMAC_DRBG_HASH ( hmac_drbg ), \
97 .out_len = HMAC_DRBG_OUTLEN_BYTES ( hmac_drbg ), \
98 .entropy = entropy_array, \
99 .entropy_len = sizeof ( entropy_array ), \
100 .nonce = nonce_array, \
101 .nonce_len = sizeof ( nonce_array ), \
102 .personal = personal_array, \
103 .personal_len = sizeof ( personal_array ), \
104 .expected_key = name ## _key, \
105 .expected_key_len = sizeof ( name ## _key ), \
106 .expected_value = name ## _value, \
107 .expected_value_len = sizeof ( name ## _value ), \
108 }
109
110 /**
111 * Report instantiation test result
112 *
113 * @v state HMAC_DRBG internal state
114 * @v test Instantiation test
115 */
116 #define instantiate_ok( state, test ) do { \
117 struct { \
118 uint8_t entropy[(test)->entropy_len]; \
119 uint8_t nonce[(test)->nonce_len]; \
120 } __attribute__ (( packed )) entropy_nonce; \
121 \
122 assert ( (test)->expected_key_len == (test)->out_len ); \
123 assert ( (test)->expected_value_len == (test)->out_len ); \
124 memcpy ( entropy_nonce.entropy, (test)->entropy, \
125 sizeof ( entropy_nonce.entropy ) ); \
126 memcpy ( entropy_nonce.nonce, (test)->nonce, \
127 sizeof ( entropy_nonce.nonce ) ); \
128 hmac_drbg_instantiate ( (test)->hash, (state), &entropy_nonce, \
129 sizeof ( entropy_nonce ), \
130 (test)->personal, \
131 (test)->personal_len ); \
132 ok ( memcmp ( (state)->key, (test)->expected_key, \
133 (test)->expected_key_len ) == 0 ); \
134 ok ( memcmp ( (state)->value, (test)->expected_value, \
135 (test)->expected_value_len ) == 0 ); \
136 } while ( 0 )
137
138 /** An HMAC_DRBG reseed test */
139 struct hmac_drbg_test_reseed {
140 /** Underlying hash algorithm */
141 struct digest_algorithm *hash;
142 /** Output block length */
143 size_t out_len;
144 /** Entropy */
145 const void *entropy;
146 /** Length of entropy */
147 size_t entropy_len;
148 /** Additional input */
149 const void *additional;
150 /** Length of additional_input */
151 size_t additional_len;
152 /** Expected key */
153 const void *expected_key;
154 /** Length of expected key */
155 size_t expected_key_len;
156 /** Expected value */
157 const void *expected_value;
158 /** Length of expected value */
159 size_t expected_value_len;
160 };
161
162 /**
163 * Define an HMAC_DRBG reseed test
164 *
165 * @v name Test name
166 * @v hmac_drbg HMAC_DRBG algorithm
167 * @v entropy_array Entropy input
168 * @v additional_array Additional input
169 * @v key Expected key
170 * @v value Expected value
171 * @ret test Reseed test
172 */
173 #define HMAC_DRBG_TEST_RESEED( name, hmac_drbg, entropy_array, \
174 additional_array, key, value ) \
175 static const uint8_t name ## _key [] = key; \
176 static const uint8_t name ## _value [] = value; \
177 static struct hmac_drbg_test_reseed name = { \
178 .hash = HMAC_DRBG_HASH ( hmac_drbg ), \
179 .out_len = HMAC_DRBG_OUTLEN_BYTES ( hmac_drbg ), \
180 .entropy = entropy_array, \
181 .entropy_len = sizeof ( entropy_array ), \
182 .additional = additional_array, \
183 .additional_len = sizeof ( additional_array ), \
184 .expected_key = name ## _key, \
185 .expected_key_len = sizeof ( name ## _key ), \
186 .expected_value = name ## _value, \
187 .expected_value_len = sizeof ( name ## _value ), \
188 }
189
190 /**
191 * Report reseed test result
192 *
193 * @v state HMAC_DRBG internal state
194 * @v test Reseed test
195 */
196 #define reseed_ok( state, test ) do { \
197 assert ( (test)->expected_key_len == (test)->out_len ); \
198 assert ( (test)->expected_value_len == (test)->out_len ); \
199 hmac_drbg_reseed ( (test)->hash, (state), (test)->entropy, \
200 (test)->entropy_len, (test)->additional, \
201 (test)->additional_len ); \
202 ok ( memcmp ( (state)->key, (test)->expected_key, \
203 (test)->expected_key_len ) == 0 ); \
204 ok ( memcmp ( (state)->value, (test)->expected_value, \
205 (test)->expected_value_len ) == 0 ); \
206 } while ( 0 )
207
208 /** An HMAC_DRBG generation test */
209 struct hmac_drbg_test_generate {
210 /** Underlying hash algorithm */
211 struct digest_algorithm *hash;
212 /** Output block length */
213 size_t out_len;
214 /** Additional input */
215 const void *additional;
216 /** Length of additional_input */
217 size_t additional_len;
218 /** Expected key */
219 const void *expected_key;
220 /** Length of expected key */
221 size_t expected_key_len;
222 /** Expected value */
223 const void *expected_value;
224 /** Length of expected value */
225 size_t expected_value_len;
226 /** Expected pseudorandom data */
227 const void *expected_data;
228 /** Length of data */
229 size_t expected_data_len;
230 };
231
232 /**
233 * Define an HMAC_DRBG generation test
234 *
235 * @v name Test name
236 * @v hmac_drbg HMAC_DRBG algorithm
237 * @v additional_array Additional input
238 * @v key Expected key
239 * @v value Expected value
240 * @v data Expected pseudorandom data
241 * @ret test Generation test
242 */
243 #define HMAC_DRBG_TEST_GENERATE( name, hmac_drbg, additional_array, \
244 key, value, data ) \
245 static const uint8_t name ## _key [] = key; \
246 static const uint8_t name ## _value [] = value; \
247 static const uint8_t name ## _data [] = data; \
248 static struct hmac_drbg_test_generate name = { \
249 .hash = HMAC_DRBG_HASH ( hmac_drbg ), \
250 .out_len = HMAC_DRBG_OUTLEN_BYTES ( hmac_drbg ), \
251 .additional = additional_array, \
252 .additional_len = sizeof ( additional_array ), \
253 .expected_key = name ## _key, \
254 .expected_key_len = sizeof ( name ## _key ), \
255 .expected_value = name ## _value, \
256 .expected_value_len = sizeof ( name ## _value ), \
257 .expected_data = name ## _data, \
258 .expected_data_len = sizeof ( name ## _data ), \
259 }
260
261 /**
262 * Report generation test result
263 *
264 * @v state HMAC_DRBG internal state
265 * @v test Generation test
266 */
267 #define generate_ok( state, test ) do { \
268 uint8_t data[ (test)->expected_data_len ]; \
269 int rc; \
270 \
271 assert ( (test)->expected_key_len == (test)->out_len ); \
272 assert ( (test)->expected_value_len == (test)->out_len ); \
273 rc = hmac_drbg_generate ( (test)->hash, (state), \
274 (test)->additional, \
275 (test)->additional_len, \
276 data, sizeof ( data ) ); \
277 ok ( rc == 0 ); \
278 ok ( memcmp ( (state)->key, (test)->expected_key, \
279 (test)->expected_key_len ) == 0 ); \
280 ok ( memcmp ( (state)->value, (test)->expected_value, \
281 (test)->expected_value_len ) == 0 ); \
282 ok ( memcmp ( data, (test)->expected_data, \
283 (test)->expected_data_len ) == 0 ); \
284 } while ( 0 )
285
286 /** An HMAC_DRBG generation failure test */
287 struct hmac_drbg_test_generate_fail {
288 /** Underlying hash algorithm */
289 struct digest_algorithm *hash;
290 /** Additional input */
291 const void *additional;
292 /** Length of additional_input */
293 size_t additional_len;
294 /** Length of requested data */
295 size_t requested_len;
296 };
297
298 /**
299 * Define an HMAC_DRBG generation failure test
300 *
301 * @v name Test name
302 * @v hmac_drbg HMAC_DRBG algorithm
303 * @v additional_array Additional input
304 * @ret test Generation failure test
305 */
306 #define HMAC_DRBG_TEST_GENERATE_FAIL( name, hmac_drbg, \
307 additional_array, len ) \
308 static struct hmac_drbg_test_generate_fail name = { \
309 .hash = HMAC_DRBG_HASH ( hmac_drbg ), \
310 .additional = additional_array, \
311 .additional_len = sizeof ( additional_array ), \
312 .requested_len = len, \
313 }
314
315 /**
316 * Report generation failure test result
317 *
318 * @v state HMAC_DRBG internal state
319 * @v test Generation failure test
320 */
321 #define generate_fail_ok( state, test ) do { \
322 uint8_t data[ (test)->requested_len ]; \
323 int rc; \
324 \
325 rc = hmac_drbg_generate ( (test)->hash, (state), \
326 (test)->additional, \
327 (test)->additional_len, data, \
328 sizeof ( data ) ); \
329 ok ( rc != 0 ); \
330 } while ( 0 )
331
332 /** "EntropyInput" */
333 static const uint8_t entropy_input[] = {
334 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
335 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
336 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
337 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
338 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36
339 };
340
341 /** "Nonce" for SHA-1 */
342 static const uint8_t nonce_sha1[] = {
343 0x20, 0x21, 0x22, 0x23, 0x24
344 };
345
346 /** "Nonce" for SHA-256 */
347 static const uint8_t nonce_sha256[] = {
348 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27
349 };
350
351 /** "EntropyInput1 (for Reseed1) */
352 static const uint8_t entropy_input_1[] = {
353 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b,
354 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
355 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3,
356 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
357 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6
358 };
359
360 /** "EntropyInput2 (for Reseed2) */
361 static const uint8_t entropy_input_2[] = {
362 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb,
363 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
364 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3,
365 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
366 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6
367 };
368
369 /** "PersonalizationString = <empty>" */
370 static const uint8_t personalisation_string_empty[] = {};
371
372 /** "PersonalizationString" */
373 static const uint8_t personalisation_string[] = {
374 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b,
375 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
376 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, 0x60, 0x61, 0x62, 0x63,
377 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
378 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76
379 };
380
381 /** "AdditionalInput = <empty>" */
382 static const uint8_t additional_input_empty[] = {};
383
384 /** "AdditionalInput1" */
385 static const uint8_t additional_input_1[] = {
386 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
387 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
388 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83,
389 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
390 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96
391 };
392
393 /** "AdditionalInput2" */
394 static const uint8_t additional_input_2[] = {
395 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab,
396 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
397 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, 0xc0, 0xc1, 0xc2, 0xc3,
398 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
399 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6
400 };
401
402 /** SHA-1 Test 1 : Instantiation */
403 HMAC_DRBG_TEST_INSTANTIATE ( sha1_instantiate_1, HMAC_DRBG_SHA1,
404 entropy_input, nonce_sha1, personalisation_string_empty,
405 EXPECT ( 0xab, 0x16, 0x0d, 0xd2, 0x1c, 0x30, 0x98, 0x0c, 0xa3, 0xca,
406 0x5a, 0x9c, 0x77, 0xb7, 0xbd, 0xf0, 0x50, 0xe6, 0x4e, 0xe9 ),
407 EXPECT ( 0x61, 0x44, 0x99, 0xea, 0x98, 0x0c, 0xfb, 0x3d, 0xaa, 0x2c,
408 0xa8, 0x6d, 0x65, 0xa4, 0x6b, 0xf4, 0x48, 0x8d, 0x8c, 0xc5 ) );
409
410 /** SHA-1 Test 1.1 : First call to Generate */
411 HMAC_DRBG_TEST_GENERATE ( sha1_generate_1_1, HMAC_DRBG_SHA1,
412 additional_input_empty,
413 EXPECT ( 0x7b, 0xb1, 0x80, 0x28, 0xe0, 0x1d, 0x03, 0x42, 0xdf, 0x4f,
414 0x54, 0xda, 0x51, 0x22, 0xfa, 0x5f, 0x2c, 0x3a, 0x05, 0xe4 ),
415 EXPECT ( 0x2f, 0x89, 0x4f, 0x28, 0xcc, 0x2f, 0x53, 0x82, 0x96, 0x40,
416 0x64, 0x3a, 0xd1, 0x7b, 0x84, 0xb0, 0xcd, 0x3c, 0x79, 0x79 ),
417 EXPECT ( 0x5a, 0x7d, 0x3b, 0x44, 0x9f, 0x48, 0x1c, 0xb3, 0x8d, 0xf7,
418 0x9a, 0xd2, 0xb1, 0xfc, 0xc0, 0x1e, 0x57, 0xf8, 0x13, 0x5e,
419 0x8c, 0x0b, 0x22, 0xcd, 0x06, 0x30, 0xbf, 0xb0, 0x12, 0x7f,
420 0xb5, 0x40, 0x8c, 0x8e, 0xfc, 0x17, 0xa9, 0x29, 0x89, 0x6e ) );
421
422 /** SHA-1 Test 1.2 : Second call to Generate */
423 HMAC_DRBG_TEST_GENERATE ( sha1_generate_1_2, HMAC_DRBG_SHA1,
424 additional_input_empty,
425 EXPECT ( 0x3d, 0x4d, 0x73, 0x77, 0xe9, 0x17, 0x2a, 0xaf, 0xa7, 0x76,
426 0xb0, 0xdd, 0xcb, 0x89, 0x42, 0x00, 0x4a, 0x44, 0xb7, 0xfd ),
427 EXPECT ( 0x1a, 0x26, 0xbd, 0x9b, 0xfc, 0x97, 0x44, 0xbd, 0x29, 0xf6,
428 0xae, 0xbe, 0x24, 0x37, 0xe2, 0x09, 0xf1, 0xf7, 0x16, 0x25 ),
429 EXPECT ( 0x82, 0xcf, 0x77, 0x2e, 0xc3, 0xe8, 0x4b, 0x00, 0xfc, 0x74,
430 0xf5, 0xdf, 0x10, 0x4e, 0xfb, 0xfb, 0x24, 0x28, 0x55, 0x4e,
431 0x9c, 0xe3, 0x67, 0xd0, 0x3a, 0xea, 0xde, 0x37, 0x82, 0x7f,
432 0xa8, 0xe9, 0xcb, 0x6a, 0x08, 0x19, 0x61, 0x15, 0xd9, 0x48 ) );
433
434 /** SHA-1 Test 2 : Instantiation */
435 #define sha1_instantiate_2 sha1_instantiate_1
436
437 /** SHA-1 Test 2.1 : First call to Generate */
438 HMAC_DRBG_TEST_GENERATE ( sha1_generate_2_1, HMAC_DRBG_SHA1,
439 additional_input_1,
440 EXPECT ( 0x3a, 0x06, 0x2e, 0x6b, 0x79, 0xfe, 0x70, 0xdb, 0xff, 0xeb,
441 0x3a, 0x2b, 0x6b, 0xe8, 0x03, 0x23, 0xf7, 0xd6, 0x74, 0xc5 ),
442 EXPECT ( 0xbd, 0x36, 0x31, 0x28, 0xbf, 0x58, 0x0d, 0x7a, 0x54, 0x42,
443 0x9d, 0xdd, 0x58, 0xe8, 0x19, 0x3b, 0x98, 0x43, 0xbd, 0x2b ),
444 EXPECT ( 0xc7, 0xaa, 0xac, 0x58, 0x3c, 0x6e, 0xf6, 0x30, 0x07, 0x14,
445 0xc2, 0xcc, 0x5d, 0x06, 0xc1, 0x48, 0xcf, 0xfb, 0x40, 0x44,
446 0x9a, 0xd0, 0xbb, 0x26, 0xfa, 0xc0, 0x49, 0x7b, 0x5c, 0x57,
447 0xe1, 0x61, 0xe3, 0x66, 0x81, 0xbc, 0xc9, 0x30, 0xce, 0x80 ) );
448
449 /** SHA-1 Test 2.2 : Second call to Generate */
450 HMAC_DRBG_TEST_GENERATE ( sha1_generate_2_2, HMAC_DRBG_SHA1,
451 additional_input_2,
452 EXPECT ( 0x8a, 0xd7, 0xe3, 0x47, 0x72, 0xb5, 0xfc, 0x7c, 0x3b, 0x3b,
453 0x27, 0x62, 0x4f, 0x0b, 0x91, 0x77, 0x6a, 0x8a, 0x71, 0x12 ),
454 EXPECT ( 0xd7, 0x13, 0x76, 0xa4, 0x6d, 0x76, 0x4b, 0x17, 0xc3, 0xb7,
455 0x39, 0x34, 0x7b, 0x38, 0x4e, 0x51, 0x51, 0xe8, 0x7e, 0x88 ),
456 EXPECT ( 0x6e, 0xbd, 0x2b, 0x7b, 0x5e, 0x0a, 0x2a, 0xd7, 0xa2, 0x4b,
457 0x1b, 0xf9, 0xa1, 0xdb, 0xa4, 0x7d, 0x43, 0x27, 0x17, 0x19,
458 0xb9, 0xc3, 0x7b, 0x7f, 0xe8, 0x1b, 0xa9, 0x40, 0x45, 0xa1,
459 0x4a, 0x7c, 0xb5, 0x14, 0xb4, 0x46, 0x66, 0x6e, 0xa5, 0xa7 ) );
460
461 /** SHA-1 Test 3 : Instantiation */
462 HMAC_DRBG_TEST_INSTANTIATE ( sha1_instantiate_3, HMAC_DRBG_SHA1,
463 entropy_input, nonce_sha1, personalisation_string,
464 EXPECT ( 0xb7, 0xd9, 0x66, 0xd7, 0x0d, 0x4e, 0x27, 0xa7, 0xfa, 0x83,
465 0x8f, 0x7d, 0x61, 0x12, 0x6c, 0x0e, 0xdc, 0x84, 0x76, 0x1c ),
466 EXPECT ( 0xda, 0xb2, 0xa7, 0x18, 0x83, 0xf1, 0x00, 0x5c, 0x5d, 0xd0,
467 0x39, 0x32, 0x4d, 0x3c, 0x36, 0x4d, 0x6e, 0x18, 0xf9, 0x54 ) );
468
469 /** SHA-1 Test 3.1 : First call to Generate */
470 HMAC_DRBG_TEST_GENERATE ( sha1_generate_3_1, HMAC_DRBG_SHA1,
471 additional_input_empty,
472 EXPECT ( 0x87, 0xd3, 0x82, 0x8b, 0xe0, 0x3a, 0x80, 0x7d, 0xd3, 0x40,
473 0x29, 0x41, 0xbe, 0xd6, 0xde, 0x98, 0x6e, 0xe7, 0xa2, 0x86 ),
474 EXPECT ( 0x6a, 0xe1, 0xd0, 0x08, 0x6f, 0x53, 0xb1, 0xb7, 0x63, 0xa4,
475 0x51, 0x5b, 0x19, 0x06, 0xfe, 0xe4, 0x76, 0x61, 0xfd, 0x47 ),
476 EXPECT ( 0xb3, 0xbd, 0x05, 0x24, 0x6c, 0xba, 0x12, 0xa6, 0x47, 0x35,
477 0xa4, 0xe3, 0xfd, 0xe5, 0x99, 0xbc, 0x1b, 0xe3, 0x0f, 0x43,
478 0x9b, 0xd0, 0x60, 0x20, 0x8e, 0xea, 0x7d, 0x71, 0xf9, 0xd1,
479 0x23, 0xdf, 0x47, 0xb3, 0xce, 0x06, 0x9d, 0x98, 0xed, 0xe6 ) );
480
481 /** SHA-1 Test 3.2 : Second call to Generate */
482 HMAC_DRBG_TEST_GENERATE ( sha1_generate_3_2, HMAC_DRBG_SHA1,
483 additional_input_empty,
484 EXPECT ( 0x26, 0xab, 0xbf, 0x54, 0xb2, 0x8b, 0x93, 0xff, 0x90, 0x08,
485 0x67, 0x0e, 0xbf, 0xee, 0x86, 0xcd, 0xd7, 0x22, 0x8e, 0xd5 ),
486 EXPECT ( 0xe9, 0x25, 0x47, 0x29, 0xe0, 0x02, 0x04, 0xa1, 0xb6, 0xc0,
487 0x21, 0x58, 0xa6, 0xc7, 0x27, 0x86, 0x47, 0x14, 0xf1, 0xf7 ),
488 EXPECT ( 0xb5, 0xda, 0xda, 0x38, 0x0e, 0x28, 0x72, 0xdf, 0x93, 0x5b,
489 0xca, 0x55, 0xb8, 0x82, 0xc8, 0xc9, 0x37, 0x69, 0x02, 0xab,
490 0x63, 0x97, 0x65, 0x47, 0x2b, 0x71, 0xac, 0xeb, 0xe2, 0xea,
491 0x8b, 0x1b, 0x6b, 0x49, 0x62, 0x9c, 0xb6, 0x73, 0x17, 0xe0 ) );
492
493 /** SHA-1 Test 4 : Instantiation */
494 #define sha1_instantiate_4 sha1_instantiate_3
495
496 /** SHA-1 Test 4.1 : First call to Generate */
497 HMAC_DRBG_TEST_GENERATE ( sha1_generate_4_1, HMAC_DRBG_SHA1,
498 additional_input_1,
499 EXPECT ( 0x17, 0xa5, 0xd7, 0x9f, 0x07, 0x67, 0x87, 0x6f, 0x3a, 0x45,
500 0xe0, 0xc9, 0xc3, 0x3e, 0xc8, 0x8b, 0x03, 0xce, 0xea, 0x13 ),
501 EXPECT ( 0x4d, 0x2f, 0x3b, 0xc7, 0x77, 0x50, 0x5c, 0x45, 0xf7, 0xe1,
502 0x7d, 0xcd, 0x3d, 0x86, 0xbf, 0x37, 0x9c, 0xb6, 0x02, 0x5e ),
503 EXPECT ( 0x1f, 0x8f, 0xec, 0x7b, 0xc7, 0xcf, 0xa9, 0xa8, 0x80, 0x34,
504 0x5d, 0x28, 0x0b, 0x13, 0xc6, 0x32, 0xb8, 0x52, 0x77, 0x0a,
505 0x6d, 0xfc, 0x30, 0x2e, 0xad, 0x4c, 0xe3, 0xf5, 0x54, 0xc7,
506 0x9b, 0x0d, 0x44, 0x23, 0x9e, 0xba, 0x56, 0xa7, 0xea, 0x2d ) );
507
508 /** SHA-1 Test 4.2 : Second call to Generate */
509 HMAC_DRBG_TEST_GENERATE ( sha1_generate_4_2, HMAC_DRBG_SHA1,
510 additional_input_2,
511 EXPECT ( 0x07, 0x9b, 0x57, 0xd9, 0x40, 0x6e, 0x11, 0xc2, 0xf8, 0x7c,
512 0x8c, 0x82, 0x8c, 0x8c, 0x6f, 0xa7, 0x6e, 0x40, 0xea, 0x01 ),
513 EXPECT ( 0xa6, 0x54, 0xfe, 0x72, 0xf8, 0xa7, 0x7b, 0xb8, 0xf0, 0x3d,
514 0xff, 0x07, 0xc7, 0x9a, 0x51, 0x53, 0x00, 0x9e, 0xdd, 0xda ),
515 EXPECT ( 0xaf, 0x97, 0xcd, 0xe1, 0xe8, 0xab, 0x32, 0x2a, 0x2e, 0xac,
516 0xa8, 0xe6, 0xf4, 0xe5, 0xbf, 0x78, 0xa1, 0x1b, 0xde, 0xf7,
517 0xdc, 0x91, 0x21, 0x5d, 0x44, 0xb1, 0x07, 0xb4, 0xd5, 0xa7,
518 0x79, 0x01, 0x59, 0x25, 0x09, 0x76, 0x52, 0x80, 0xf9, 0x69 ) );
519
520 /** SHA-1 Test 5 : Instantiation */
521 #define sha1_instantiate_5 sha1_instantiate_1
522
523 /** SHA-1 Test 5.1 : First call to Generate */
524 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_5_1, HMAC_DRBG_SHA1,
525 additional_input_empty, ( 320 / 8 ) );
526
527 /** SHA-1 Test 5.2 : Reseed */
528 HMAC_DRBG_TEST_RESEED ( sha1_reseed_5_2, HMAC_DRBG_SHA1,
529 entropy_input_1, additional_input_empty,
530 EXPECT ( 0xcd, 0x4c, 0xab, 0x38, 0xc8, 0xad, 0x65, 0x71, 0x22, 0xbf,
531 0x5d, 0x3d, 0x00, 0xd0, 0xac, 0x9b, 0x13, 0xd6, 0x29, 0xbb ),
532 EXPECT ( 0xf6, 0x60, 0xe2, 0x3e, 0x91, 0x00, 0x6b, 0x62, 0xc6, 0x54,
533 0x3a, 0xb1, 0x34, 0x4d, 0x23, 0xa3, 0x1a, 0xb4, 0xcf, 0x2c ) );
534
535 /** SHA-1 Test 5.3 : Retried first call to Generate */
536 HMAC_DRBG_TEST_GENERATE ( sha1_generate_5_3, HMAC_DRBG_SHA1,
537 additional_input_empty,
538 EXPECT ( 0x58, 0x7f, 0xd8, 0x21, 0xef, 0x6c, 0x9d, 0xa4, 0xa8, 0x3c,
539 0x19, 0x21, 0x1f, 0x10, 0x56, 0xca, 0xcd, 0x23, 0xfc, 0x1a ),
540 EXPECT ( 0x84, 0x8f, 0xd1, 0x4c, 0x13, 0xb7, 0xea, 0x93, 0x72, 0x0c,
541 0xcf, 0xde, 0x71, 0xf2, 0xf6, 0x44, 0x39, 0xdb, 0x79, 0x5d ),
542 EXPECT ( 0xfe, 0xc4, 0x59, 0x7f, 0x06, 0xa3, 0xa8, 0xcc, 0x85, 0x29,
543 0xd5, 0x95, 0x57, 0xb9, 0xe6, 0x61, 0x05, 0x38, 0x09, 0xc0,
544 0xbc, 0x0e, 0xfc, 0x28, 0x2a, 0xbd, 0x87, 0x60, 0x5c, 0xc9,
545 0x0c, 0xba, 0x9b, 0x86, 0x33, 0xdc, 0xb1, 0xda, 0xe0, 0x2e ) );
546
547 /** SHA-1 Test 5.4 : Second call to Generate */
548 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_5_4, HMAC_DRBG_SHA1,
549 additional_input_empty, ( 320 / 8 ) );
550
551 /** SHA-1 Test 5.5 : Reseed */
552 HMAC_DRBG_TEST_RESEED ( sha1_reseed_5_5, HMAC_DRBG_SHA1,
553 entropy_input_2, additional_input_empty,
554 EXPECT ( 0xdb, 0xa1, 0xcf, 0xf4, 0x87, 0x95, 0x46, 0xa0, 0x38, 0xa5,
555 0x59, 0xb2, 0xa2, 0x4d, 0xf2, 0xc0, 0x30, 0x08, 0x9a, 0x41 ),
556 EXPECT ( 0x2f, 0x88, 0x3c, 0x46, 0x48, 0xe1, 0x31, 0xe8, 0x6d, 0xdf,
557 0x9d, 0xca, 0x0d, 0x74, 0xf3, 0x0c, 0xa1, 0xce, 0x6e, 0xfb ) );
558
559 /** SHA-1 Test 5.6 : Retried second call to Generate */
560 HMAC_DRBG_TEST_GENERATE ( sha1_generate_5_6, HMAC_DRBG_SHA1,
561 additional_input_empty,
562 EXPECT ( 0xf9, 0x39, 0xa5, 0xab, 0x08, 0xa3, 0x9f, 0x23, 0x10, 0x70,
563 0xb0, 0xd4, 0xc9, 0x6d, 0xc2, 0x37, 0x90, 0xba, 0x01, 0x53 ),
564 EXPECT ( 0xce, 0x6d, 0x08, 0xb4, 0xae, 0x2c, 0xe3, 0x83, 0xfd, 0xab,
565 0xb0, 0x1e, 0xaa, 0xfc, 0x9c, 0x8e, 0x76, 0xa0, 0xd4, 0x72 ),
566 EXPECT ( 0x84, 0xad, 0xd5, 0xe2, 0xd2, 0x04, 0x1c, 0x01, 0x72, 0x3a,
567 0x4d, 0xe4, 0x33, 0x5b, 0x13, 0xef, 0xdf, 0x16, 0xb0, 0xe5,
568 0x1a, 0x0a, 0xd3, 0x9b, 0xd1, 0x5e, 0x86, 0x2e, 0x64, 0x4f,
569 0x31, 0xe4, 0xa2, 0xd7, 0xd8, 0x43, 0xe5, 0x7c, 0x59, 0x68 ) );
570
571 /** SHA-1 Test 6 : Instantiate */
572 #define sha1_instantiate_6 sha1_instantiate_1
573
574 /** SHA-1 Test 6.1 : First call to Generate */
575 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_6_1, HMAC_DRBG_SHA1,
576 additional_input_1, ( 320 / 8 ) );
577
578 /** SHA-1 Test 6.2 : Reseed */
579 HMAC_DRBG_TEST_RESEED ( sha1_reseed_6_2, HMAC_DRBG_SHA1,
580 entropy_input_1, additional_input_1,
581 EXPECT ( 0x52, 0x28, 0xa4, 0xb6, 0xa4, 0x46, 0x92, 0x90, 0x5e, 0xc0,
582 0x44, 0xbf, 0xf0, 0xbb, 0x4e, 0x25, 0xa3, 0x87, 0xca, 0xc1 ),
583 EXPECT ( 0x24, 0x77, 0x32, 0xd0, 0x4c, 0xb8, 0x4e, 0xd4, 0x1a, 0xdd,
584 0x95, 0xa4, 0xb7, 0x8b, 0x50, 0xcd, 0x9b, 0x3d, 0x3f, 0x32 ) );
585
586 /** SHA-1 Test 6.3 : Retried first call to Generate */
587 HMAC_DRBG_TEST_GENERATE ( sha1_generate_6_3, HMAC_DRBG_SHA1,
588 additional_input_empty,
589 EXPECT ( 0xab, 0x3d, 0xd4, 0x89, 0x5b, 0xc8, 0xcd, 0x22, 0x71, 0xde,
590 0xba, 0x5f, 0x3c, 0x13, 0x63, 0x52, 0x6b, 0x8b, 0x74, 0x52 ),
591 EXPECT ( 0xa8, 0x66, 0xc5, 0xef, 0xf2, 0xaf, 0x04, 0x2b, 0x11, 0x86,
592 0x44, 0x94, 0x45, 0x23, 0x7f, 0x9c, 0x02, 0x44, 0x98, 0x64 ),
593 EXPECT ( 0xa1, 0xba, 0x8f, 0xa5, 0x8b, 0xb5, 0x01, 0x3f, 0x43, 0xf7,
594 0xb6, 0xed, 0x52, 0xb4, 0x53, 0x9f, 0xa1, 0x6d, 0xc7, 0x79,
595 0x57, 0xae, 0xe8, 0x15, 0xb9, 0xc0, 0x70, 0x04, 0xc7, 0xe9,
596 0x92, 0xeb, 0x8c, 0x7e, 0x59, 0x19, 0x64, 0xaf, 0xee, 0xa2 ) );
597
598 /** SHA-1 Test 6.4 : Second call to Generate */
599 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_6_4, HMAC_DRBG_SHA1,
600 additional_input_2, ( 320 / 8 ) );
601
602 /** SHA-1 Test 6.5 : Reseed */
603 HMAC_DRBG_TEST_RESEED ( sha1_reseed_6_5, HMAC_DRBG_SHA1,
604 entropy_input_2, additional_input_2,
605 EXPECT ( 0xe5, 0x73, 0x9f, 0x9c, 0xf7, 0xff, 0x43, 0x84, 0xd1, 0x27,
606 0x3e, 0x02, 0x6b, 0x45, 0x31, 0x21, 0x36, 0x49, 0x4f, 0x41 ),
607 EXPECT ( 0x30, 0xc3, 0x43, 0x05, 0xc2, 0xc6, 0x48, 0xb0, 0x57, 0xa6,
608 0x40, 0x22, 0x1b, 0x5c, 0x56, 0x57, 0x26, 0xcd, 0x32, 0xb2 ) );
609
610 /** SHA-1 Test 6.6 : Retried second call to Generate */
611 HMAC_DRBG_TEST_GENERATE ( sha1_generate_6_6, HMAC_DRBG_SHA1,
612 additional_input_empty,
613 EXPECT ( 0x61, 0x91, 0xca, 0x9b, 0xf0, 0x00, 0xd1, 0x0a, 0x71, 0x69,
614 0x0a, 0xc1, 0x0e, 0x09, 0xff, 0xc8, 0x92, 0xab, 0xde, 0x9a ),
615 EXPECT ( 0x1e, 0xc0, 0x49, 0x0f, 0xa0, 0xb7, 0x65, 0x52, 0x7e, 0x5e,
616 0xa1, 0x8b, 0x53, 0x22, 0xb2, 0x8b, 0xdd, 0x0e, 0x7b, 0xc0 ),
617 EXPECT ( 0x84, 0x26, 0x4a, 0x73, 0xa8, 0x18, 0xc9, 0x5c, 0x2f, 0x42,
618 0x4b, 0x37, 0xd3, 0xcc, 0x99, 0x0b, 0x04, 0x6f, 0xb5, 0x0c,
619 0x2d, 0xc6, 0x4a, 0x16, 0x42, 0x11, 0x88, 0x9a, 0x01, 0x0f,
620 0x24, 0x71, 0xa0, 0x91, 0x2f, 0xfe, 0xa1, 0xbf, 0x01, 0x95 ) );
621
622 /** SHA-1 Test 7 : Instantiation */
623 #define sha1_instantiate_7 sha1_instantiate_3
624
625 /** SHA-1 Test 7.1 : First call to Generate */
626 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_7_1, HMAC_DRBG_SHA1,
627 additional_input_empty, ( 320 / 8 ) );
628
629 /** SHA-1 Test 7.2 : Reseed */
630 HMAC_DRBG_TEST_RESEED ( sha1_reseed_7_2, HMAC_DRBG_SHA1,
631 entropy_input_1, additional_input_empty,
632 EXPECT ( 0xb9, 0x25, 0x4d, 0x8a, 0xac, 0xba, 0x43, 0xfb, 0xda, 0xe6,
633 0x39, 0x4f, 0x2b, 0x3a, 0xfc, 0x5d, 0x58, 0x08, 0x00, 0xbf ),
634 EXPECT ( 0x28, 0x40, 0x3b, 0x60, 0x36, 0x38, 0xd0, 0x7d, 0x79, 0x66,
635 0x66, 0x1e, 0xf6, 0x7b, 0x9d, 0x39, 0x05, 0xf4, 0x6d, 0xb9 ) );
636
637 /** SHA-1 Test 7.3 : Retried first call to Generate */
638 HMAC_DRBG_TEST_GENERATE ( sha1_generate_7_3, HMAC_DRBG_SHA1,
639 additional_input_empty,
640 EXPECT ( 0x64, 0xfe, 0x07, 0x4a, 0x6e, 0x77, 0x97, 0xd1, 0xa4, 0x35,
641 0xda, 0x89, 0x64, 0x48, 0x4d, 0x6c, 0xf8, 0xbd, 0xc0, 0x1b ),
642 EXPECT ( 0x43, 0xe0, 0xc0, 0x52, 0x15, 0x86, 0xe9, 0x47, 0x3b, 0x06,
643 0x0d, 0x87, 0xd0, 0x8a, 0x23, 0x25, 0xfa, 0xe1, 0x49, 0xd1 ),
644 EXPECT ( 0x6c, 0x37, 0xfd, 0xd7, 0x29, 0xaa, 0x40, 0xf8, 0x0b, 0xc6,
645 0xab, 0x08, 0xca, 0x7c, 0xc6, 0x49, 0x79, 0x4f, 0x69, 0x98,
646 0xb5, 0x70, 0x81, 0xe4, 0x22, 0x0f, 0x22, 0xc5, 0xc2, 0x83,
647 0xe2, 0xc9, 0x1b, 0x8e, 0x30, 0x5a, 0xb8, 0x69, 0xc6, 0x25 ) );
648
649 /** SHA-1 Test 7.4 : Second call to Generate */
650 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_7_4, HMAC_DRBG_SHA1,
651 additional_input_empty, ( 320 / 8 ) );
652
653 /** SHA-1 Test 7.5 : Reseed */
654 HMAC_DRBG_TEST_RESEED ( sha1_reseed_7_5, HMAC_DRBG_SHA1,
655 entropy_input_2, additional_input_empty,
656 EXPECT ( 0x02, 0xbc, 0x57, 0x7f, 0xd1, 0x0e, 0xf7, 0x19, 0x3c, 0x1d,
657 0xb0, 0x98, 0xbd, 0x5b, 0x75, 0xc7, 0xc4, 0xb6, 0x79, 0x59 ),
658 EXPECT ( 0xbc, 0xbd, 0xf0, 0x52, 0xe0, 0xe0, 0x2a, 0xe8, 0x9a, 0x77,
659 0x67, 0x94, 0x3f, 0x98, 0x65, 0xb8, 0xb7, 0x22, 0x90, 0x2d ) );
660
661 /** SHA-1 Test 7.6 : Retried second call to Generate */
662 HMAC_DRBG_TEST_GENERATE ( sha1_generate_7_6, HMAC_DRBG_SHA1,
663 additional_input_empty,
664 EXPECT ( 0x1a, 0xa4, 0x24, 0x1c, 0x69, 0x5e, 0x29, 0xc0, 0xa5, 0x9a,
665 0xd1, 0x8a, 0x60, 0x70, 0xe3, 0x38, 0xa5, 0x48, 0xbe, 0x92 ),
666 EXPECT ( 0x03, 0x47, 0x35, 0x9b, 0xc9, 0xc7, 0xf8, 0x8c, 0xc8, 0x33,
667 0x0d, 0x4f, 0x59, 0xfb, 0xc7, 0x70, 0xb0, 0xb7, 0x7b, 0x03 ),
668 EXPECT ( 0xca, 0xf5, 0x7d, 0xcf, 0xea, 0x39, 0x3b, 0x92, 0x36, 0xbf,
669 0x69, 0x1f, 0xa4, 0x56, 0xfe, 0xa7, 0xfd, 0xf1, 0xdf, 0x83,
670 0x61, 0x48, 0x2c, 0xa5, 0x4d, 0x5f, 0xa7, 0x23, 0xf4, 0xc8,
671 0x8b, 0x4f, 0xa5, 0x04, 0xbf, 0x03, 0x27, 0x7f, 0xa7, 0x83 ) );
672
673 /** SHA-1 Test 8 : Instantiate */
674 #define sha1_instantiate_8 sha1_instantiate_3
675
676 /** SHA-1 Test 8.1 : First call to Generate */
677 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_8_1, HMAC_DRBG_SHA1,
678 additional_input_1, ( 320 / 8 ) );
679
680 /** SHA-1 Test 8.2 : Reseed */
681 HMAC_DRBG_TEST_RESEED ( sha1_reseed_8_2, HMAC_DRBG_SHA1,
682 entropy_input_1, additional_input_1,
683 EXPECT ( 0xc0, 0x95, 0x48, 0xc0, 0xd3, 0xc8, 0x61, 0xd7, 0x40, 0xf2,
684 0x83, 0x7d, 0x72, 0xb5, 0x07, 0x23, 0x5c, 0x26, 0xdb, 0x82 ),
685 EXPECT ( 0x17, 0x4b, 0x3f, 0x84, 0xc3, 0x53, 0x1f, 0x7c, 0x0a, 0x2e,
686 0x54, 0x21, 0x23, 0x4e, 0xa1, 0x6b, 0x70, 0x8d, 0xdf, 0x0d ) );
687
688 /** SHA-1 Test 8.3 : Retried first call to Generate */
689 HMAC_DRBG_TEST_GENERATE ( sha1_generate_8_3, HMAC_DRBG_SHA1,
690 additional_input_empty,
691 EXPECT ( 0x60, 0x3f, 0x09, 0x49, 0x27, 0x9c, 0x70, 0xe8, 0xc6, 0x6c,
692 0x0f, 0x56, 0x37, 0xc0, 0xf3, 0x75, 0x60, 0x07, 0xe5, 0xac ),
693 EXPECT ( 0xf2, 0xb3, 0x3b, 0x21, 0x15, 0x1f, 0xaf, 0x61, 0x20, 0x01,
694 0x83, 0x10, 0xf4, 0x4e, 0x4c, 0xd0, 0xbf, 0xe3, 0x68, 0xea ),
695 EXPECT ( 0xbd, 0x07, 0xc2, 0x5c, 0xfd, 0x7c, 0x5e, 0x3a, 0x4e, 0xaa,
696 0x6e, 0x2e, 0xdc, 0x5a, 0xb7, 0xea, 0x49, 0x42, 0xa0, 0x91,
697 0x34, 0x71, 0xfd, 0xa5, 0x5c, 0x6d, 0xdd, 0x2c, 0x03, 0xef,
698 0xa3, 0xb9, 0x64, 0x3a, 0xb3, 0xbb, 0x22, 0xf6, 0xc9, 0xf2 ) );
699
700 /** SHA-1 Test 8.4 : Second call to Generate */
701 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_8_4, HMAC_DRBG_SHA1,
702 additional_input_2, ( 320 / 8 ) );
703
704 /** SHA-1 Test 8.5 : Reseed */
705 HMAC_DRBG_TEST_RESEED ( sha1_reseed_8_5, HMAC_DRBG_SHA1,
706 entropy_input_2, additional_input_2,
707 EXPECT ( 0x89, 0x42, 0xa5, 0x4f, 0x34, 0x9e, 0x28, 0x1b, 0x84, 0xaa,
708 0x46, 0x95, 0x87, 0xfb, 0xdd, 0xaf, 0x9d, 0x11, 0x40, 0x82 ),
709 EXPECT ( 0x07, 0x73, 0x0e, 0x3c, 0xbf, 0xfd, 0x3c, 0xaf, 0xd7, 0xa8,
710 0xaa, 0xe2, 0xbf, 0x01, 0xd6, 0x01, 0x43, 0x01, 0xe2, 0x4d ) );
711
712 /** SHA-1 Test 8.6 : Retried second call to Generate */
713 HMAC_DRBG_TEST_GENERATE ( sha1_generate_8_6, HMAC_DRBG_SHA1,
714 additional_input_empty,
715 EXPECT ( 0xbd, 0xe1, 0xb4, 0x6c, 0xdc, 0x54, 0x13, 0xb3, 0xd9, 0xf7,
716 0x35, 0xac, 0xdb, 0x80, 0xb1, 0x3c, 0x57, 0xbf, 0xe4, 0x73 ),
717 EXPECT ( 0x72, 0x5a, 0x3c, 0x78, 0x20, 0xde, 0x1a, 0x06, 0xd0, 0x95,
718 0x81, 0x9c, 0xcf, 0x6f, 0x2c, 0x9b, 0x3a, 0x67, 0xf2, 0xce ),
719 EXPECT ( 0xd1, 0xa9, 0xc1, 0xa2, 0x2c, 0x84, 0xfc, 0x23, 0xff, 0x22,
720 0x27, 0xef, 0x98, 0xec, 0x8b, 0xa9, 0xdf, 0x2a, 0x20, 0x9b,
721 0xa1, 0xdb, 0x09, 0x80, 0x9f, 0x57, 0xbf, 0xea, 0xe5, 0xb3,
722 0xe5, 0xf1, 0x46, 0xc7, 0x5f, 0x2d, 0x8d, 0xbb, 0x5e, 0x4a ) );
723
724 /** SHA-256 Test 1 : Instantiation */
725 HMAC_DRBG_TEST_INSTANTIATE ( sha256_instantiate_1, HMAC_DRBG_SHA256,
726 entropy_input, nonce_sha256, personalisation_string_empty,
727 EXPECT ( 0x3d, 0xda, 0x54, 0x3e, 0x7e, 0xef, 0x14, 0xf9, 0x36, 0x23,
728 0x7b, 0xe6, 0x5d, 0x09, 0x4b, 0x4d, 0xdc, 0x96, 0x9c, 0x0b,
729 0x2b, 0x5e, 0xaf, 0xb5, 0xd8, 0x05, 0xe8, 0x6c, 0xfa, 0x64,
730 0xd7, 0x41 ),
731 EXPECT ( 0x2d, 0x02, 0xc2, 0xf8, 0x22, 0x51, 0x7d, 0x54, 0xb8, 0x17,
732 0x27, 0x9a, 0x59, 0x49, 0x1c, 0x41, 0xa1, 0x98, 0x9b, 0x3e,
733 0x38, 0x2d, 0xeb, 0xe8, 0x0d, 0x2c, 0x7f, 0x66, 0x0f, 0x44,
734 0x76, 0xc4 ) );
735
736 /** SHA-256 Test 1.1 : First call to Generate */
737 HMAC_DRBG_TEST_GENERATE ( sha256_generate_1_1, HMAC_DRBG_SHA256,
738 additional_input_empty,
739 EXPECT ( 0xdd, 0x30, 0x95, 0x79, 0x35, 0x38, 0x02, 0xcc, 0xdd, 0x43,
740 0x99, 0xc3, 0x69, 0x1c, 0x9d, 0xd9, 0x09, 0xdd, 0x3b, 0x2d,
741 0xd0, 0x03, 0xcc, 0xd5, 0x9d, 0x6f, 0x08, 0xd8, 0x5f, 0x2e,
742 0x35, 0x09 ),
743 EXPECT ( 0xa1, 0xc2, 0x0f, 0xf2, 0x70, 0xa3, 0x9d, 0x2b, 0x8d, 0x03,
744 0xd6, 0x59, 0xb9, 0xdd, 0xd0, 0x11, 0xc2, 0xcc, 0xdf, 0x24,
745 0x48, 0x55, 0x7e, 0xf6, 0xa1, 0xa9, 0x15, 0xd1, 0x89, 0x40,
746 0xa6, 0x88 ),
747 EXPECT ( 0xd6, 0x7b, 0x8c, 0x17, 0x34, 0xf4, 0x6f, 0xa3, 0xf7, 0x63,
748 0xcf, 0x57, 0xc6, 0xf9, 0xf4, 0xf2, 0xdc, 0x10, 0x89, 0xbd,
749 0x8b, 0xc1, 0xf6, 0xf0, 0x23, 0x95, 0x0b, 0xfc, 0x56, 0x17,
750 0x63, 0x52, 0x08, 0xc8, 0x50, 0x12, 0x38, 0xad, 0x7a, 0x44,
751 0x00, 0xde, 0xfe, 0xe4, 0x6c, 0x64, 0x0b, 0x61, 0xaf, 0x77,
752 0xc2, 0xd1, 0xa3, 0xbf, 0xaa, 0x90, 0xed, 0xe5, 0xd2, 0x07,
753 0x40, 0x6e, 0x54, 0x03 ) );
754
755 /** SHA-256 Test 1.2 : Second call to Generate */
756 HMAC_DRBG_TEST_GENERATE ( sha256_generate_1_2, HMAC_DRBG_SHA256,
757 additional_input_empty,
758 EXPECT ( 0x5c, 0xd5, 0xe5, 0x0a, 0x3e, 0x44, 0x8a, 0x07, 0xc3, 0xd2,
759 0xf2, 0xa3, 0xf9, 0xde, 0xbc, 0xc0, 0x46, 0x5f, 0x9c, 0xf1,
760 0x1c, 0xa1, 0x36, 0xe9, 0xb5, 0x04, 0xb4, 0xd3, 0x1c, 0x7f,
761 0xf1, 0xb8 ),
762 EXPECT ( 0x33, 0xb3, 0x09, 0xf2, 0xff, 0x01, 0xce, 0x10, 0x4b, 0x44,
763 0x29, 0xb6, 0x75, 0xfa, 0xfa, 0x19, 0x01, 0x1e, 0x34, 0x8b,
764 0x28, 0x12, 0x71, 0x5a, 0x76, 0x37, 0xf6, 0xa6, 0xe6, 0x3b,
765 0x5d, 0x57 ),
766 EXPECT ( 0x8f, 0xda, 0xec, 0x20, 0xf8, 0xb4, 0x21, 0x40, 0x70, 0x59,
767 0xe3, 0x58, 0x89, 0x20, 0xda, 0x7e, 0xda, 0x9d, 0xce, 0x3c,
768 0xf8, 0x27, 0x4d, 0xfa, 0x1c, 0x59, 0xc1, 0x08, 0xc1, 0xd0,
769 0xaa, 0x9b, 0x0f, 0xa3, 0x8d, 0xa5, 0xc7, 0x92, 0x03, 0x7c,
770 0x4d, 0x33, 0xcd, 0x07, 0x0c, 0xa7, 0xcd, 0x0c, 0x56, 0x08,
771 0xdb, 0xa8, 0xb8, 0x85, 0x65, 0x46, 0x39, 0xde, 0x21, 0x87,
772 0xb7, 0x4c, 0xb2, 0x63 ) );
773
774 /** SHA-256 Test 2 : Instantiation */
775 #define sha256_instantiate_2 sha256_instantiate_1
776
777 /** SHA-256 Test 2.1 : First call to Generate */
778 HMAC_DRBG_TEST_GENERATE ( sha256_generate_2_1, HMAC_DRBG_SHA256,
779 additional_input_1,
780 EXPECT ( 0x79, 0x1d, 0x31, 0x44, 0xb3, 0x02, 0xad, 0x6c, 0xe4, 0x32,
781 0x41, 0x34, 0x42, 0x10, 0xaa, 0xd0, 0xd3, 0x99, 0xed, 0xb7,
782 0xb5, 0x90, 0x6f, 0xb2, 0x51, 0xdb, 0x1c, 0xb6, 0x00, 0x04,
783 0xea, 0x51 ),
784 EXPECT ( 0x58, 0xfd, 0x96, 0x5f, 0x4f, 0x99, 0x89, 0x3c, 0x17, 0xe6,
785 0xa3, 0x3c, 0xb8, 0xe9, 0x04, 0x15, 0xb5, 0x16, 0xd0, 0x06,
786 0x14, 0xa4, 0x49, 0xd4, 0x06, 0xe0, 0x3c, 0x68, 0x5b, 0xd8,
787 0x59, 0xbd ),
788 EXPECT ( 0x41, 0x87, 0x87, 0x35, 0x81, 0x35, 0x41, 0x9b, 0x93, 0x81,
789 0x33, 0x53, 0x53, 0x06, 0x17, 0x6a, 0xfb, 0x25, 0x1c, 0xdd,
790 0x2b, 0xa3, 0x79, 0x88, 0x59, 0xb5, 0x66, 0xa0, 0x5c, 0xfb,
791 0x1d, 0x68, 0x0e, 0xa9, 0x25, 0x85, 0x6d, 0x5b, 0x84, 0xd5,
792 0x6a, 0xda, 0xe8, 0x70, 0x45, 0xa6, 0xba, 0x28, 0xd2, 0xc9,
793 0x08, 0xab, 0x75, 0xb7, 0xcc, 0x41, 0x43, 0x1f, 0xac, 0x59,
794 0xf3, 0x89, 0x18, 0xa3 ) );
795
796 /** SHA-256 Test 2.2 : Second call to Generate */
797 HMAC_DRBG_TEST_GENERATE ( sha256_generate_2_2, HMAC_DRBG_SHA256,
798 additional_input_2,
799 EXPECT ( 0xe7, 0x45, 0x8f, 0xb4, 0x4a, 0x36, 0x9a, 0x65, 0x3f, 0x2f,
800 0x8f, 0x57, 0x7b, 0xf9, 0x75, 0xc4, 0xb3, 0x62, 0xc4, 0xfe,
801 0x61, 0x8b, 0x2f, 0x1f, 0xf6, 0x76, 0x9b, 0x13, 0xc9, 0x4d,
802 0xec, 0xf4 ),
803 EXPECT ( 0x19, 0x33, 0x4b, 0x8c, 0x31, 0xb7, 0x49, 0x32, 0xdd, 0xd7,
804 0xb2, 0xa4, 0x68, 0xf6, 0x43, 0x6d, 0xf9, 0x2e, 0x10, 0x0d,
805 0x39, 0xd3, 0xac, 0xb3, 0x68, 0xc7, 0x02, 0x9c, 0xb8, 0x83,
806 0xec, 0x89 ),
807 EXPECT ( 0x7c, 0x06, 0x7b, 0xdd, 0xca, 0x81, 0x72, 0x48, 0x23, 0xd6,
808 0x4c, 0x69, 0x82, 0x92, 0x85, 0xbd, 0xbf, 0xf5, 0x37, 0x71,
809 0x61, 0x02, 0xc1, 0x88, 0x2e, 0x20, 0x22, 0x50, 0xe0, 0xfa,
810 0x5e, 0xf3, 0xa3, 0x84, 0xcd, 0x34, 0xa2, 0x0f, 0xfd, 0x1f,
811 0xbc, 0x91, 0xe0, 0xc5, 0x32, 0xa8, 0xa4, 0x21, 0xbc, 0x4a,
812 0xfe, 0x3c, 0xd4, 0x7f, 0x22, 0x32, 0x3e, 0xb4, 0xba, 0xe1,
813 0xa0, 0x07, 0x89, 0x81 ) );
814
815 /** SHA-256 Test 3 : Instantiation */
816 HMAC_DRBG_TEST_INSTANTIATE ( sha256_instantiate_3, HMAC_DRBG_SHA256,
817 entropy_input, nonce_sha256, personalisation_string,
818 EXPECT ( 0x65, 0x67, 0x3c, 0x34, 0x8e, 0x51, 0xcf, 0xac, 0xc4, 0x10,
819 0xbd, 0x20, 0x02, 0x49, 0xa5, 0x9a, 0x9d, 0x6b, 0xae, 0x77,
820 0x69, 0x04, 0x27, 0x1b, 0xb1, 0xf7, 0x18, 0xda, 0x1d, 0x18,
821 0x20, 0x42 ),
822 EXPECT ( 0xe0, 0xf9, 0x1a, 0xc9, 0x96, 0x30, 0xee, 0xe6, 0x7c, 0xf8,
823 0x30, 0xcf, 0xd5, 0x04, 0x4f, 0xeb, 0xf5, 0x5c, 0x0c, 0x11,
824 0x50, 0x07, 0x99, 0x7a, 0xda, 0x11, 0x29, 0x6f, 0xc4, 0x16,
825 0x4a, 0x9a ) );
826
827 /** SHA-256 Test 3.1 : First call to Generate */
828 HMAC_DRBG_TEST_GENERATE ( sha256_generate_3_1, HMAC_DRBG_SHA256,
829 additional_input_empty,
830 EXPECT ( 0xf0, 0xb2, 0xf2, 0x42, 0xca, 0xd9, 0x92, 0xa7, 0x24, 0xf7,
831 0xe5, 0x59, 0x1d, 0x2f, 0x3b, 0x0c, 0x21, 0x57, 0xae, 0x70,
832 0xd5, 0x32, 0x78, 0x99, 0x40, 0xf1, 0x64, 0x45, 0x9b, 0x00,
833 0xc7, 0x49 ),
834 EXPECT ( 0x1a, 0x03, 0xf9, 0x1c, 0x51, 0x20, 0xba, 0xca, 0x2b, 0xf6,
835 0xc6, 0x4d, 0xd7, 0x3a, 0xb1, 0x1d, 0xf6, 0xfd, 0x3f, 0xf1,
836 0xac, 0x3b, 0x57, 0x20, 0xa3, 0xf7, 0xfb, 0xe3, 0x9e, 0x7e,
837 0x7f, 0xe9 ),
838 EXPECT ( 0x0d, 0xd9, 0xc8, 0x55, 0x89, 0xf3, 0x57, 0xc3, 0x89, 0xd6,
839 0xaf, 0x8d, 0xe9, 0xd7, 0x34, 0xa9, 0x17, 0xc7, 0x71, 0xef,
840 0x2d, 0x88, 0x16, 0xb9, 0x82, 0x59, 0x6e, 0xd1, 0x2d, 0xb4,
841 0x5d, 0x73, 0x4a, 0x62, 0x68, 0x08, 0x35, 0xc0, 0x2f, 0xda,
842 0x66, 0xb0, 0x8e, 0x1a, 0x36, 0x9a, 0xe2, 0x18, 0xf2, 0x6d,
843 0x52, 0x10, 0xad, 0x56, 0x42, 0x48, 0x87, 0x2d, 0x7a, 0x28,
844 0x78, 0x41, 0x59, 0xc3 ) );
845
846 /** SHA-256 Test 3.2 : Second call to Generate */
847 HMAC_DRBG_TEST_GENERATE ( sha256_generate_3_2, HMAC_DRBG_SHA256,
848 additional_input_empty,
849 EXPECT ( 0x5c, 0x0d, 0xec, 0x09, 0x37, 0x08, 0xc1, 0x7c, 0xa7, 0x6b,
850 0x57, 0xc0, 0xcb, 0x60, 0xcf, 0x88, 0x9d, 0xcc, 0x47, 0xad,
851 0x10, 0xbd, 0x64, 0xbc, 0x6a, 0x14, 0xb2, 0x3f, 0x20, 0x26,
852 0x07, 0x8a ),
853 EXPECT ( 0x45, 0x67, 0x52, 0xa5, 0x11, 0xb8, 0x48, 0xbd, 0x05, 0xf1,
854 0x81, 0x9b, 0x9f, 0x6b, 0x15, 0x42, 0xc7, 0xd5, 0xec, 0xf9,
855 0x32, 0x73, 0x39, 0x26, 0x7a, 0x0c, 0x77, 0x23, 0x5b, 0x87,
856 0xdc, 0x5a ),
857 EXPECT ( 0x46, 0xb4, 0xf4, 0x75, 0x6a, 0xe7, 0x15, 0xe0, 0xe5, 0x16,
858 0x81, 0xab, 0x29, 0x32, 0xde, 0x15, 0x23, 0xbe, 0x5d, 0x13,
859 0xba, 0xf0, 0xf4, 0x58, 0x8b, 0x11, 0xfe, 0x37, 0x2f, 0xda,
860 0x37, 0xab, 0xe3, 0x68, 0x31, 0x73, 0x41, 0xbc, 0x8b, 0xa9,
861 0x1f, 0xc5, 0xd8, 0x5b, 0x7f, 0xb8, 0xca, 0x8f, 0xbc, 0x30,
862 0x9a, 0x75, 0x8f, 0xd6, 0xfc, 0xa9, 0xdf, 0x43, 0xc7, 0x66,
863 0x0b, 0x22, 0x13, 0x22 ) );
864
865 /** SHA-256 Test 4 : Instantiation */
866 #define sha256_instantiate_4 sha256_instantiate_3
867
868 /** SHA-256 Test 4.1 : First call to Generate */
869 HMAC_DRBG_TEST_GENERATE ( sha256_generate_4_1, HMAC_DRBG_SHA256,
870 additional_input_1,
871 EXPECT ( 0x57, 0x2c, 0x03, 0x74, 0xc1, 0xa1, 0x01, 0x25, 0xbf, 0xa6,
872 0xae, 0xcd, 0x7c, 0xeb, 0xfe, 0x32, 0xf7, 0x52, 0xc3, 0xfb,
873 0x31, 0x67, 0x31, 0xb7, 0xcf, 0xdb, 0xde, 0xc2, 0x63, 0x56,
874 0x93, 0x2b ),
875 EXPECT ( 0xd6, 0x8b, 0xf0, 0x41, 0xf3, 0xeb, 0x50, 0x88, 0x08, 0x8d,
876 0x8b, 0x8e, 0x71, 0x2c, 0x36, 0xae, 0x95, 0x83, 0xbb, 0x08,
877 0xfd, 0x1f, 0x90, 0x34, 0xa4, 0xe9, 0x42, 0xe9, 0xa6, 0x74,
878 0x7c, 0xe7 ),
879 EXPECT ( 0x14, 0x78, 0xf2, 0x9e, 0x94, 0xb0, 0x2c, 0xb4, 0x0d, 0x3a,
880 0xab, 0x86, 0x24, 0x55, 0x57, 0xce, 0x13, 0xa8, 0xca, 0x2f,
881 0xdb, 0x65, 0x7d, 0x98, 0xef, 0xc1, 0x92, 0x34, 0x6b, 0x9f,
882 0xac, 0x33, 0xea, 0x58, 0xad, 0xa2, 0xcc, 0xa4, 0x32, 0xcc,
883 0xde, 0xfb, 0xcd, 0xaa, 0x8b, 0x82, 0xf5, 0x53, 0xef, 0x96,
884 0x61, 0x34, 0xe2, 0xcd, 0x13, 0x9f, 0x15, 0xf0, 0x1c, 0xad,
885 0x56, 0x85, 0x65, 0xa8 ) );
886
887 /** SHA-256 Test 4.2 : Second call to Generate */
888 HMAC_DRBG_TEST_GENERATE ( sha256_generate_4_2, HMAC_DRBG_SHA256,
889 additional_input_2,
890 EXPECT ( 0x28, 0x2e, 0x07, 0x34, 0x80, 0x80, 0x93, 0x75, 0x58, 0xb1,
891 0x39, 0x2e, 0x95, 0xab, 0x91, 0xe7, 0xc1, 0xf6, 0x22, 0xb2,
892 0x4f, 0xfb, 0x87, 0x20, 0xa5, 0xf0, 0xa5, 0xe0, 0x75, 0x50,
893 0xc7, 0xc2 ),
894 EXPECT ( 0xdf, 0xc3, 0xbd, 0xb5, 0xf3, 0xbc, 0xf1, 0xaa, 0x68, 0x29,
895 0x8e, 0x79, 0x0d, 0x72, 0x0a, 0x67, 0xa7, 0x6e, 0x31, 0xb9,
896 0x2b, 0x9b, 0x35, 0xa8, 0xe5, 0x47, 0x1b, 0xb1, 0x7e, 0x30,
897 0x3c, 0x6b ),
898 EXPECT ( 0x49, 0x7c, 0x7a, 0x16, 0xe8, 0x8a, 0x64, 0x11, 0xf8, 0xfc,
899 0xe1, 0x0e, 0xf5, 0x67, 0x63, 0xc6, 0x10, 0x25, 0x80, 0x1d,
900 0x8f, 0x51, 0xa7, 0x43, 0x52, 0xd6, 0x82, 0xcc, 0x23, 0xa0,
901 0xa8, 0xe6, 0x73, 0xca, 0xe0, 0x32, 0x28, 0x93, 0x90, 0x64,
902 0x7d, 0xc6, 0x83, 0xb7, 0x34, 0x28, 0x85, 0xd6, 0xb7, 0x6a,
903 0xb1, 0xda, 0x69, 0x6d, 0x3e, 0x97, 0xe2, 0x2d, 0xff, 0xdd,
904 0xff, 0xfd, 0x8d, 0xf0 ) );
905
906 /** SHA-256 Test 5 : Instantiation */
907 #define sha256_instantiate_5 sha256_instantiate_1
908
909 /** SHA-256 Test 5.1 : First call to Generate */
910 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_5_1, HMAC_DRBG_SHA256,
911 additional_input_empty, ( 512 / 8 ) );
912
913 /** SHA-256 Test 5.2 : Reseed */
914 HMAC_DRBG_TEST_RESEED ( sha256_reseed_5_2, HMAC_DRBG_SHA256,
915 entropy_input_1, additional_input_empty,
916 EXPECT ( 0xb8, 0x40, 0x07, 0xe3, 0xe2, 0x7f, 0x34, 0xf9, 0xa7, 0x82,
917 0x0b, 0x7a, 0xb5, 0x9b, 0xbe, 0xfc, 0xd0, 0xc4, 0xac, 0xae,
918 0xde, 0x4b, 0x0b, 0x36, 0xb1, 0x47, 0xb8, 0x97, 0x79, 0xfd,
919 0x74, 0x9d ),
920 EXPECT ( 0xa7, 0x2b, 0x8f, 0xee, 0x92, 0x39, 0x2f, 0x0a, 0x9d, 0x2d,
921 0x61, 0xbf, 0x09, 0xa4, 0xdf, 0xcc, 0x9d, 0xe6, 0x9a, 0x16,
922 0xa5, 0xf1, 0x50, 0x22, 0x4c, 0x3e, 0xf6, 0x04, 0x2d, 0x15,
923 0x21, 0xfc ) );
924
925 /** SHA-256 Test 5.3 : Retried first call to Generate */
926 HMAC_DRBG_TEST_GENERATE ( sha256_generate_5_3, HMAC_DRBG_SHA256,
927 additional_input_empty,
928 EXPECT ( 0x43, 0x48, 0xaf, 0x84, 0x20, 0x84, 0x2f, 0xa0, 0x77, 0xb9,
929 0xd3, 0xdb, 0xa8, 0xdc, 0xe9, 0xb3, 0xe1, 0xdf, 0x73, 0x4f,
930 0xfc, 0xe1, 0xbe, 0xa5, 0xb9, 0xe2, 0xb1, 0x54, 0xdc, 0x5e,
931 0xc6, 0x15 ),
932 EXPECT ( 0xd2, 0xc1, 0xac, 0x27, 0x88, 0x5d, 0x43, 0x32, 0x76, 0x71,
933 0x31, 0x46, 0x32, 0xea, 0x60, 0x43, 0x3c, 0xca, 0x72, 0x73,
934 0x04, 0x56, 0x9e, 0xa7, 0xd4, 0x71, 0xfe, 0xa7, 0xdb, 0x7d,
935 0x31, 0x5d ),
936 EXPECT ( 0xfa, 0xbd, 0x0a, 0xe2, 0x5c, 0x69, 0xdc, 0x2e, 0xfd, 0xef,
937 0xb7, 0xf2, 0x0c, 0x5a, 0x31, 0xb5, 0x7a, 0xc9, 0x38, 0xab,
938 0x77, 0x1a, 0xa1, 0x9b, 0xf8, 0xf5, 0xf1, 0x46, 0x8f, 0x66,
939 0x5c, 0x93, 0x8c, 0x9a, 0x1a, 0x5d, 0xf0, 0x62, 0x8a, 0x56,
940 0x90, 0xf1, 0x5a, 0x1a, 0xd8, 0xa6, 0x13, 0xf3, 0x1b, 0xbd,
941 0x65, 0xee, 0xad, 0x54, 0x57, 0xd5, 0xd2, 0x69, 0x47, 0xf2,
942 0x9f, 0xe9, 0x1a, 0xa7 ) );
943
944 /** SHA-256 Test 5.4 : Second call to Generate */
945 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_5_4, HMAC_DRBG_SHA256,
946 additional_input_empty, ( 512 / 8 ) );
947
948 /** SHA-256 Test 5.5 : Reseed */
949 HMAC_DRBG_TEST_RESEED ( sha256_reseed_5_5, HMAC_DRBG_SHA256,
950 entropy_input_2, additional_input_empty,
951 EXPECT ( 0xbf, 0xa0, 0x2c, 0xe7, 0xe9, 0x2d, 0xe9, 0x2b, 0x18, 0x24,
952 0x28, 0x86, 0x89, 0x0e, 0x58, 0x6f, 0x83, 0x69, 0x06, 0xac,
953 0xe9, 0xe5, 0x54, 0xf1, 0xb0, 0xed, 0x63, 0x57, 0x3c, 0xb8,
954 0xb5, 0x03 ),
955 EXPECT ( 0xd3, 0x24, 0x03, 0xee, 0xa9, 0xdc, 0xe1, 0x61, 0x6e, 0x4e,
956 0x11, 0x55, 0xb9, 0x23, 0xd8, 0x84, 0x2c, 0xc6, 0xe7, 0x84,
957 0xc6, 0x7a, 0x93, 0x85, 0xb2, 0xa6, 0x37, 0xf1, 0x02, 0xfa,
958 0x45, 0xd5 ) );
959
960 /** SHA-256 Test 5.6 : Retried second call to Generate */
961 HMAC_DRBG_TEST_GENERATE ( sha256_generate_5_6, HMAC_DRBG_SHA256,
962 additional_input_empty,
963 EXPECT ( 0x81, 0x21, 0xf7, 0x76, 0x4c, 0x08, 0x1e, 0xe9, 0xd1, 0x17,
964 0x1e, 0xd1, 0x87, 0xba, 0xe0, 0x88, 0x95, 0xca, 0xe2, 0x30,
965 0xd0, 0xa2, 0x5e, 0x37, 0x39, 0xc5, 0x7d, 0x54, 0x16, 0x10,
966 0x9b, 0x82 ),
967 EXPECT ( 0x37, 0x84, 0x97, 0x7c, 0xc0, 0xe5, 0x9f, 0xbc, 0x9c, 0xda,
968 0x4e, 0x11, 0x92, 0x47, 0x5c, 0x6e, 0xfa, 0xf8, 0x07, 0x20,
969 0x19, 0x86, 0x21, 0x22, 0xcb, 0x6b, 0xce, 0xaa, 0xcc, 0x4a,
970 0x17, 0x5e ),
971 EXPECT ( 0x6b, 0xd9, 0x25, 0xb0, 0xe1, 0xc2, 0x32, 0xef, 0xd6, 0x7c,
972 0xcd, 0x84, 0xf7, 0x22, 0xe9, 0x27, 0xec, 0xb4, 0x6a, 0xb2,
973 0xb7, 0x40, 0x01, 0x47, 0x77, 0xaf, 0x14, 0xba, 0x0b, 0xbf,
974 0x53, 0xa4, 0x5b, 0xdb, 0xb6, 0x2b, 0x3f, 0x7d, 0x0b, 0x9c,
975 0x8e, 0xea, 0xd0, 0x57, 0xc0, 0xec, 0x75, 0x4e, 0xf8, 0xb5,
976 0x3e, 0x60, 0xa1, 0xf4, 0x34, 0xf0, 0x59, 0x46, 0xa8, 0xb6,
977 0x86, 0xaf, 0xbc, 0x7a ) );
978
979 /** SHA-256 Test 6 : Instantiate */
980 #define sha256_instantiate_6 sha256_instantiate_1
981
982 /** SHA-256 Test 6.1 : First call to Generate */
983 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_6_1, HMAC_DRBG_SHA256,
984 additional_input_1, ( 512 / 8 ) );
985
986 /** SHA-256 Test 6.2 : Reseed */
987 HMAC_DRBG_TEST_RESEED ( sha256_reseed_6_2, HMAC_DRBG_SHA256,
988 entropy_input_1, additional_input_1,
989 EXPECT ( 0xc1, 0x25, 0xea, 0x99, 0x75, 0x8e, 0xbb, 0x9a, 0x6f, 0x69,
990 0xae, 0x31, 0x2a, 0xc2, 0x04, 0xb5, 0x94, 0xc0, 0x0a, 0xb6,
991 0x8b, 0x81, 0x6e, 0x3a, 0x52, 0x12, 0x8e, 0x02, 0x78, 0xa5,
992 0x84, 0xac ),
993 EXPECT ( 0xb2, 0xcb, 0x2b, 0x89, 0x12, 0x3f, 0x5b, 0x4a, 0xf5, 0x87,
994 0xb8, 0xf6, 0xbd, 0xc5, 0x42, 0x7a, 0x99, 0x14, 0x19, 0xd3,
995 0x53, 0x07, 0x7c, 0x68, 0x5e, 0x70, 0x7a, 0xcd, 0xf8, 0xe9,
996 0xfd, 0xa9 ) );
997
998 /** SHA-256 Test 6.3 : Retried first call to Generate */
999 HMAC_DRBG_TEST_GENERATE ( sha256_generate_6_3, HMAC_DRBG_SHA256,
1000 additional_input_empty,
1001 EXPECT ( 0xc6, 0xed, 0x8f, 0xed, 0x71, 0x57, 0xa4, 0xd0, 0x9e, 0xa1,
1002 0xdd, 0xe8, 0x94, 0x6b, 0x54, 0x43, 0x3e, 0xcc, 0x54, 0x49,
1003 0xa4, 0xa3, 0x52, 0xaf, 0x45, 0x76, 0x4e, 0xe6, 0x73, 0x4b,
1004 0xbb, 0x04 ),
1005 EXPECT ( 0xeb, 0xc7, 0x75, 0x25, 0x6b, 0xb7, 0x81, 0x24, 0x1e, 0x9c,
1006 0x70, 0xbb, 0xcf, 0x73, 0x2b, 0xdc, 0x90, 0xad, 0x10, 0xd9,
1007 0xdd, 0x3a, 0x89, 0x6e, 0xcc, 0x12, 0xb9, 0x2f, 0xfb, 0x63,
1008 0x45, 0xab ),
1009 EXPECT ( 0x08, 0x5d, 0x57, 0xaf, 0x6b, 0xab, 0xcf, 0x2b, 0x9a, 0xee,
1010 0xf3, 0x87, 0xd5, 0x31, 0x65, 0x0e, 0x6a, 0x50, 0x5c, 0x54,
1011 0x40, 0x6a, 0xb3, 0x7a, 0x52, 0x89, 0x9e, 0x0e, 0xca, 0xb3,
1012 0x63, 0x2b, 0x7a, 0x06, 0x8a, 0x28, 0x14, 0xc6, 0xdf, 0x6a,
1013 0xe5, 0x32, 0xb6, 0x58, 0xd0, 0xd9, 0x74, 0x1c, 0x84, 0x77,
1014 0x5f, 0xee, 0x45, 0xb6, 0x84, 0xcd, 0xbd, 0xc2, 0x5f, 0xbc,
1015 0xb4, 0xd8, 0xf3, 0x10 ) );
1016
1017 /** SHA-256 Test 6.4 : Second call to Generate */
1018 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_6_4, HMAC_DRBG_SHA256,
1019 additional_input_2, ( 512 / 8 ) );
1020
1021 /** SHA-256 Test 6.5 : Reseed */
1022 HMAC_DRBG_TEST_RESEED ( sha256_reseed_6_5, HMAC_DRBG_SHA256,
1023 entropy_input_2, additional_input_2,
1024 EXPECT ( 0xfc, 0x51, 0xda, 0x84, 0xf9, 0x69, 0x6b, 0xcc, 0x84, 0xc8,
1025 0xf2, 0xac, 0xb9, 0x24, 0xbc, 0xdf, 0x72, 0xf8, 0x2e, 0xa2,
1026 0xca, 0x64, 0x3f, 0x08, 0x3b, 0x0c, 0x16, 0xc3, 0x63, 0x4e,
1027 0xfc, 0x62 ),
1028 EXPECT ( 0xb9, 0x74, 0xe4, 0x37, 0x0a, 0xd5, 0x76, 0xbb, 0x99, 0xc4,
1029 0xe4, 0x9e, 0xa6, 0x80, 0xbf, 0xf9, 0x8d, 0xe9, 0xe1, 0x2f,
1030 0xec, 0xd0, 0x13, 0xde, 0xd4, 0x3c, 0x80, 0xf6, 0x9a, 0x7a,
1031 0xde, 0x8a ) );
1032
1033 /** SHA-256 Test 6.6 : Retried second call to Generate */
1034 HMAC_DRBG_TEST_GENERATE ( sha256_generate_6_6, HMAC_DRBG_SHA256,
1035 additional_input_empty,
1036 EXPECT ( 0x56, 0xa2, 0xb4, 0x46, 0x32, 0xcb, 0x8f, 0xc3, 0xa6, 0x40,
1037 0x09, 0xbf, 0xd6, 0xec, 0x95, 0xe5, 0x6c, 0xef, 0x8e, 0x7c,
1038 0x91, 0x2a, 0xa8, 0x2b, 0x16, 0xf6, 0x14, 0x91, 0x5d, 0x9c,
1039 0xd6, 0xe3 ),
1040 EXPECT ( 0xb5, 0xb3, 0x96, 0xa0, 0x15, 0x76, 0xb0, 0xfe, 0x42, 0xf4,
1041 0x08, 0x44, 0x55, 0x6c, 0x4c, 0xf4, 0xb6, 0x80, 0x4c, 0x94,
1042 0xde, 0x9d, 0x62, 0x38, 0xf1, 0xf7, 0xe7, 0xaf, 0x5c, 0x72,
1043 0x57, 0xf3 ),
1044 EXPECT ( 0x9b, 0x21, 0x9f, 0xd9, 0x0d, 0xe2, 0xa0, 0x8e, 0x49, 0x34,
1045 0x05, 0xcf, 0x87, 0x44, 0x17, 0xb5, 0x82, 0x67, 0x70, 0xf3,
1046 0x94, 0x48, 0x15, 0x55, 0xdc, 0x66, 0x8a, 0xcd, 0x96, 0xb9,
1047 0xa3, 0xe5, 0x6f, 0x9d, 0x2c, 0x32, 0x5e, 0x26, 0xd4, 0x7c,
1048 0x1d, 0xfc, 0xfc, 0x8f, 0xbf, 0x86, 0x12, 0x6f, 0x40, 0xa1,
1049 0xe6, 0x39, 0x60, 0xf6, 0x27, 0x49, 0x34, 0x2e, 0xcd, 0xb7,
1050 0x1b, 0x24, 0x0d, 0xc6 ) );
1051
1052 /** SHA-256 Test 7 : Instantiation */
1053 #define sha256_instantiate_7 sha256_instantiate_3
1054
1055 /** SHA-256 Test 7.1 : First call to Generate */
1056 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_7_1, HMAC_DRBG_SHA256,
1057 additional_input_empty, ( 512 / 8 ) );
1058
1059 /** SHA-256 Test 7.2 : Reseed */
1060 HMAC_DRBG_TEST_RESEED ( sha256_reseed_7_2, HMAC_DRBG_SHA256,
1061 entropy_input_1, additional_input_empty,
1062 EXPECT ( 0x44, 0x76, 0xc6, 0xd1, 0x1f, 0xc3, 0x5d, 0x44, 0x09, 0xd9,
1063 0x03, 0x2e, 0x45, 0x3b, 0x0f, 0x0d, 0xc3, 0x31, 0x4d, 0xb8,
1064 0x62, 0xcb, 0xdb, 0x60, 0x9c, 0x56, 0x02, 0x20, 0x8d, 0x4c,
1065 0x88, 0xd8 ),
1066 EXPECT ( 0x95, 0xef, 0x78, 0x5a, 0x61, 0xc2, 0xf7, 0xb3, 0x6b, 0xc5,
1067 0x96, 0xba, 0x4b, 0xa2, 0x08, 0xa5, 0x2c, 0x6d, 0xc2, 0x03,
1068 0x63, 0x6d, 0x8f, 0x17, 0x87, 0x45, 0x3b, 0x85, 0x2b, 0x7e,
1069 0x49, 0xec ) );
1070
1071 /** SHA-256 Test 7.3 : Retried first call to Generate */
1072 HMAC_DRBG_TEST_GENERATE ( sha256_generate_7_3, HMAC_DRBG_SHA256,
1073 additional_input_empty,
1074 EXPECT ( 0x0d, 0xf9, 0x11, 0x0e, 0x2f, 0x22, 0x58, 0x98, 0x24, 0xa9,
1075 0x47, 0x6c, 0x8e, 0x32, 0x08, 0x8e, 0x51, 0xa0, 0xda, 0x36,
1076 0x63, 0x3f, 0x8c, 0xd1, 0xf7, 0x54, 0x7d, 0xff, 0x69, 0x6e,
1077 0x4b, 0x29 ),
1078 EXPECT ( 0xc0, 0xe3, 0xc8, 0xed, 0x5a, 0x8b, 0x57, 0x9e, 0x3f, 0xef,
1079 0x9d, 0xf3, 0xb7, 0xc2, 0xc2, 0x12, 0x98, 0x07, 0x17, 0xcc,
1080 0x91, 0xae, 0x18, 0x66, 0x45, 0xfa, 0xbb, 0x2c, 0xc7, 0x84,
1081 0xd5, 0xd7 ),
1082 EXPECT ( 0xd8, 0xb6, 0x71, 0x30, 0x71, 0x41, 0x94, 0xff, 0xe5, 0xb2,
1083 0xa3, 0x5d, 0xbc, 0xd5, 0xe1, 0xa2, 0x99, 0x42, 0xad, 0x5c,
1084 0x68, 0xf3, 0xde, 0xb9, 0x4a, 0xdd, 0x9e, 0x9e, 0xba, 0xd8,
1085 0x60, 0x67, 0xed, 0xf0, 0x49, 0x15, 0xfb, 0x40, 0xc3, 0x91,
1086 0xea, 0xe7, 0x0c, 0x65, 0x9e, 0xaa, 0xe7, 0xef, 0x11, 0xa3,
1087 0xd4, 0x6a, 0x5b, 0x08, 0x5e, 0xdd, 0x90, 0xcc, 0x72, 0xce,
1088 0xa9, 0x89, 0x21, 0x0b ) );
1089
1090 /** SHA-256 Test 7.4 : Second call to Generate */
1091 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_7_4, HMAC_DRBG_SHA256,
1092 additional_input_empty, ( 512 / 8 ) );
1093
1094 /** SHA-256 Test 7.5 : Reseed */
1095 HMAC_DRBG_TEST_RESEED ( sha256_reseed_7_5, HMAC_DRBG_SHA256,
1096 entropy_input_2, additional_input_empty,
1097 EXPECT ( 0x3d, 0x77, 0x63, 0xe5, 0x30, 0x3d, 0xb5, 0x4b, 0xe2, 0x05,
1098 0x44, 0xa8, 0x1e, 0x9f, 0x00, 0xca, 0xdc, 0xfc, 0x1c, 0xb2,
1099 0x8d, 0xec, 0xb9, 0xcf, 0xc6, 0x99, 0xf6, 0x1d, 0xba, 0xf8,
1100 0x80, 0x21 ),
1101 EXPECT ( 0xfe, 0xbc, 0x02, 0x79, 0xb7, 0x71, 0x0d, 0xec, 0x5c, 0x06,
1102 0x7e, 0xbe, 0xfa, 0x06, 0x8e, 0x4b, 0x59, 0x67, 0x49, 0x1b,
1103 0x7e, 0xef, 0x94, 0x75, 0x83, 0x50, 0x6d, 0x04, 0x97, 0xce,
1104 0x67, 0xba ) );
1105
1106 /** SHA-256 Test 7.6 : Retried second call to Generate */
1107 HMAC_DRBG_TEST_GENERATE ( sha256_generate_7_6, HMAC_DRBG_SHA256,
1108 additional_input_empty,
1109 EXPECT ( 0x2d, 0x21, 0xac, 0x94, 0x99, 0x2f, 0xd8, 0x2b, 0x09, 0x80,
1110 0xd3, 0xd5, 0x95, 0x51, 0xb9, 0xd0, 0x7c, 0x8d, 0x54, 0xb2,
1111 0x52, 0xb6, 0x16, 0x28, 0x93, 0x44, 0xf8, 0xac, 0x86, 0x9e,
1112 0xd3, 0x5b ),
1113 EXPECT ( 0x61, 0x0c, 0x34, 0xcd, 0xbf, 0x6f, 0x75, 0x33, 0x54, 0x7f,
1114 0x23, 0x32, 0xea, 0xc5, 0x7e, 0xe3, 0x1e, 0x72, 0x4f, 0xb2,
1115 0x92, 0x55, 0x56, 0x6b, 0x59, 0x78, 0x33, 0x16, 0x6c, 0xd0,
1116 0x39, 0x9f ),
1117 EXPECT ( 0x8b, 0xba, 0x71, 0xc2, 0x58, 0x3f, 0x25, 0x30, 0xc2, 0x59,
1118 0xc9, 0x07, 0x84, 0xa5, 0x9a, 0xc4, 0x4d, 0x1c, 0x80, 0x56,
1119 0x91, 0x7c, 0xcf, 0x38, 0x87, 0x88, 0x10, 0x2d, 0x73, 0x82,
1120 0x4c, 0x6c, 0x11, 0xd5, 0xd6, 0x3b, 0xe1, 0xf0, 0x10, 0x17,
1121 0xd8, 0x84, 0xcd, 0x69, 0xd9, 0x33, 0x4b, 0x9e, 0xbc, 0x01,
1122 0xe7, 0xbd, 0x8f, 0xdf, 0x2a, 0x8e, 0x52, 0x57, 0x22, 0x93,
1123 0xdc, 0x21, 0xc0, 0xe1 ) );
1124
1125 /** SHA-256 Test 8 : Instantiate */
1126 #define sha256_instantiate_8 sha256_instantiate_3
1127
1128 /** SHA-256 Test 8.1 : First call to Generate */
1129 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_8_1, HMAC_DRBG_SHA256,
1130 additional_input_1, ( 512 / 8 ) );
1131
1132 /** SHA-256 Test 8.2 : Reseed */
1133 HMAC_DRBG_TEST_RESEED ( sha256_reseed_8_2, HMAC_DRBG_SHA256,
1134 entropy_input_1, additional_input_1,
1135 EXPECT ( 0xb3, 0x81, 0x38, 0x8c, 0x1d, 0x7c, 0xfd, 0x56, 0x59, 0x30,
1136 0x99, 0x3b, 0xd9, 0x26, 0x90, 0x66, 0x50, 0x88, 0xd9, 0xb8,
1137 0x39, 0x96, 0x9b, 0x87, 0xf1, 0x6d, 0xb6, 0xdf, 0x4e, 0x43,
1138 0x00, 0xd7 ),
1139 EXPECT ( 0xfa, 0x04, 0x25, 0x64, 0x00, 0xe3, 0x42, 0xe6, 0x55, 0xf4,
1140 0x33, 0x26, 0x94, 0xe3, 0xb2, 0x4c, 0x04, 0xfb, 0x85, 0xbf,
1141 0x87, 0x80, 0x21, 0xe4, 0x52, 0xe7, 0x3b, 0x8f, 0x46, 0xd4,
1142 0xbd, 0xc6 ) );
1143
1144 /** SHA-256 Test 8.3 : Retried first call to Generate */
1145 HMAC_DRBG_TEST_GENERATE ( sha256_generate_8_3, HMAC_DRBG_SHA256,
1146 additional_input_empty,
1147 EXPECT ( 0xd4, 0x1f, 0x6f, 0x33, 0x65, 0x82, 0x21, 0x70, 0x50, 0xb1,
1148 0xf6, 0x59, 0x28, 0xfd, 0x6e, 0x94, 0xcb, 0xc9, 0x45, 0x68,
1149 0xfe, 0x3b, 0x6b, 0x53, 0x38, 0x9e, 0x1e, 0x3a, 0x5b, 0x49,
1150 0xe1, 0x01 ),
1151 EXPECT ( 0xa6, 0x55, 0xc9, 0xe7, 0xd1, 0x33, 0xf1, 0xcd, 0x8b, 0x11,
1152 0x61, 0xf2, 0x7d, 0x54, 0xe7, 0x5a, 0x7e, 0x7c, 0x80, 0x42,
1153 0xbf, 0x74, 0xd4, 0x7f, 0x9f, 0xfd, 0x60, 0xe2, 0x45, 0xeb,
1154 0xa5, 0x7e ),
1155 EXPECT ( 0x44, 0xd7, 0x8b, 0xbc, 0x3e, 0xb6, 0x7c, 0x59, 0xc2, 0x2f,
1156 0x6c, 0x31, 0x00, 0x3d, 0x21, 0x2a, 0x78, 0x37, 0xcc, 0xd8,
1157 0x4c, 0x43, 0x8b, 0x55, 0x15, 0x0f, 0xd0, 0x13, 0xa8, 0xa7,
1158 0x8f, 0xe8, 0xed, 0xea, 0x81, 0xc6, 0x72, 0xe4, 0xb8, 0xdd,
1159 0xc8, 0x18, 0x38, 0x86, 0xe6, 0x9c, 0x2e, 0x17, 0x7d, 0xf5,
1160 0x74, 0xc1, 0xf1, 0x90, 0xdf, 0x27, 0x18, 0x50, 0xf8, 0xce,
1161 0x55, 0xef, 0x20, 0xb8 ) );
1162
1163 /** SHA-256 Test 8.4 : Second call to Generate */
1164 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_8_4, HMAC_DRBG_SHA256,
1165 additional_input_2, ( 512 / 8 ) );
1166
1167 /** SHA-256 Test 8.5 : Reseed */
1168 HMAC_DRBG_TEST_RESEED ( sha256_reseed_8_5, HMAC_DRBG_SHA256,
1169 entropy_input_2, additional_input_2,
1170 EXPECT ( 0xfb, 0xa8, 0x05, 0x45, 0x3e, 0x3c, 0x9a, 0x73, 0x64, 0x58,
1171 0x5c, 0xed, 0xbc, 0xd2, 0x92, 0x30, 0xfb, 0xc9, 0x3d, 0x6f,
1172 0x12, 0x9d, 0x21, 0xed, 0xdd, 0xf6, 0x61, 0x3b, 0x3a, 0x8f,
1173 0xf2, 0x83 ),
1174 EXPECT ( 0x83, 0x64, 0x7a, 0x33, 0x8c, 0x15, 0x3c, 0xba, 0xf0, 0xe4,
1175 0x9a, 0x54, 0xa4, 0x4f, 0xea, 0x66, 0x70, 0xcf, 0xd7, 0xc1,
1176 0x71, 0x4d, 0x4a, 0xb3, 0x5f, 0x11, 0x12, 0x3d, 0xf2, 0x7b,
1177 0x69, 0xcf ) );
1178
1179 /** SHA-256 Test 8.6 : Retried second call to Generate */
1180 HMAC_DRBG_TEST_GENERATE ( sha256_generate_8_6, HMAC_DRBG_SHA256,
1181 additional_input_empty,
1182 EXPECT ( 0xae, 0x59, 0xc7, 0x0a, 0x7c, 0x60, 0xed, 0x49, 0x83, 0x78,
1183 0xea, 0x84, 0x5b, 0xe9, 0x7d, 0x8f, 0xf8, 0x81, 0xe0, 0xea,
1184 0x37, 0x2e, 0x26, 0x5f, 0xa6, 0x72, 0x84, 0x29, 0x3e, 0x1a,
1185 0x46, 0xac ),
1186 EXPECT ( 0xe2, 0xf0, 0x4d, 0xe3, 0xce, 0x21, 0x79, 0x61, 0xae, 0x2b,
1187 0x2d, 0x20, 0xa7, 0xba, 0x7c, 0x6c, 0x82, 0x0b, 0x5b, 0x14,
1188 0x92, 0x6e, 0x59, 0x56, 0xae, 0x6d, 0xfa, 0x2e, 0xd1, 0xd6,
1189 0x39, 0x93 ),
1190 EXPECT ( 0x91, 0x77, 0x80, 0xdc, 0x0c, 0xe9, 0x98, 0x9f, 0xee, 0x6c,
1191 0x08, 0x06, 0xd6, 0xda, 0x12, 0x3a, 0x18, 0x25, 0x29, 0x47,
1192 0x58, 0xd4, 0xe1, 0xb5, 0x82, 0x68, 0x72, 0x31, 0x78, 0x0a,
1193 0x2a, 0x9c, 0x33, 0xf1, 0xd1, 0x56, 0xcc, 0xad, 0x32, 0x77,
1194 0x64, 0xb2, 0x9a, 0x4c, 0xb2, 0x69, 0x01, 0x77, 0xae, 0x96,
1195 0xef, 0x9e, 0xe9, 0x2a, 0xd0, 0xc3, 0x40, 0xba, 0x0f, 0xd1,
1196 0x20, 0x3c, 0x02, 0xc6 ) );
1197
1198 /**
1199 * Force a "reseed required" state
1200 *
1201 * @v state HMAC_DRBG internal state
1202 */
force_reseed_required(struct hmac_drbg_state * state)1203 static inline void force_reseed_required ( struct hmac_drbg_state *state ) {
1204 state->reseed_counter = ( HMAC_DRBG_RESEED_INTERVAL + 1 );
1205 }
1206
1207 /**
1208 * Perform HMAC_DRBG self-test
1209 *
1210 */
hmac_drbg_test_exec(void)1211 static void hmac_drbg_test_exec ( void ) {
1212 struct hmac_drbg_state state;
1213
1214 /*
1215 * IMPORTANT NOTE
1216 *
1217 * The NIST test vector set includes several calls to
1218 * HMAC_DRBG_Generate() that are expected to fail with a
1219 * status of "Reseed required". The pattern seems to be that
1220 * when prediction resistance is requested, any call to
1221 * HMAC_DRBG_Generate() is at first expected to fail. After
1222 * an explicit reseeding, the call to HMAC_DRBG_Generate() is
1223 * retried, and on this second time it is expected to succeed.
1224 *
1225 * This pattern does not match the specifications for
1226 * HMAC_DRBG_Generate(): neither HMAC_DRBG_Generate_algorithm
1227 * (defined in ANS X9.82 Part 3-2007 Section 10.2.2.2.5 (NIST
1228 * SP 800-90 Section 10.1.2.5)) nor the higher-level wrapper
1229 * Generate_function defined in ANS X9.82 Part 3-2007 Section
1230 * 9.4 (NIST SP 800-90 Section 9.3)) can possibly exhibit this
1231 * behaviour:
1232 *
1233 * a) HMAC_DRBG_Generate_algorithm can return a "reseed
1234 * required" status only as a result of the test
1235 *
1236 * "1. If reseed_counter > reseed_interval, then return
1237 * an indication that a reseed is required."
1238 *
1239 * Since the reseed interval is independent of any request
1240 * for prediction resistance, and since the reseed interval
1241 * is not specified as part of the NIST test vector set,
1242 * then this cannot be the source of the "Reseed required"
1243 * failure expected by the NIST test vector set.
1244 *
1245 * b) Generate_function cannot return a "reseed required"
1246 * status under any circumstances. If the underlying
1247 * HMAC_DRBG_Generate_algorithm call returns "reseed
1248 * required", then Generate_function will automatically
1249 * reseed and try again.
1250 *
1251 * To produce the behaviour expected by the NIST test vector
1252 * set, we therefore contrive to produce a "reseed required"
1253 * state where necessary by setting the reseed_counter to
1254 * greater than the reseed_interval.
1255 */
1256
1257 /* SHA-1 Test 1 */
1258 instantiate_ok ( &state, &sha1_instantiate_1 );
1259 generate_ok ( &state, &sha1_generate_1_1 );
1260 generate_ok ( &state, &sha1_generate_1_2 );
1261
1262 /* SHA-1 Test 2 */
1263 instantiate_ok ( &state, &sha1_instantiate_2 );
1264 generate_ok ( &state, &sha1_generate_2_1 );
1265 generate_ok ( &state, &sha1_generate_2_2 );
1266
1267 /* SHA-1 Test 3 */
1268 instantiate_ok ( &state, &sha1_instantiate_3 );
1269 generate_ok ( &state, &sha1_generate_3_1 );
1270 generate_ok ( &state, &sha1_generate_3_2 );
1271
1272 /* SHA-1 Test 4 */
1273 instantiate_ok ( &state, &sha1_instantiate_4 );
1274 generate_ok ( &state, &sha1_generate_4_1 );
1275 generate_ok ( &state, &sha1_generate_4_2 );
1276
1277 /* SHA-1 Test 5 */
1278 instantiate_ok ( &state, &sha1_instantiate_5 );
1279 force_reseed_required ( &state ); /* See above comments */
1280 generate_fail_ok ( &state, &sha1_generate_fail_5_1 );
1281 reseed_ok ( &state, &sha1_reseed_5_2 );
1282 generate_ok ( &state, &sha1_generate_5_3 );
1283 force_reseed_required ( &state ); /* See above comments */
1284 generate_fail_ok ( &state, &sha1_generate_fail_5_4 );
1285 reseed_ok ( &state, &sha1_reseed_5_5 );
1286 generate_ok ( &state, &sha1_generate_5_6 );
1287
1288 /* SHA-1 Test 6 */
1289 instantiate_ok ( &state, &sha1_instantiate_6 );
1290 force_reseed_required ( &state ); /* See above comments */
1291 generate_fail_ok ( &state, &sha1_generate_fail_6_1 );
1292 reseed_ok ( &state, &sha1_reseed_6_2 );
1293 generate_ok ( &state, &sha1_generate_6_3 );
1294 force_reseed_required ( &state ); /* See above comments */
1295 generate_fail_ok ( &state, &sha1_generate_fail_6_4 );
1296 reseed_ok ( &state, &sha1_reseed_6_5 );
1297 generate_ok ( &state, &sha1_generate_6_6 );
1298
1299 /* SHA-1 Test 7 */
1300 instantiate_ok ( &state, &sha1_instantiate_7 );
1301 force_reseed_required ( &state ); /* See above comments */
1302 generate_fail_ok ( &state, &sha1_generate_fail_7_1 );
1303 reseed_ok ( &state, &sha1_reseed_7_2 );
1304 generate_ok ( &state, &sha1_generate_7_3 );
1305 force_reseed_required ( &state ); /* See above comments */
1306 generate_fail_ok ( &state, &sha1_generate_fail_7_4 );
1307 reseed_ok ( &state, &sha1_reseed_7_5 );
1308 generate_ok ( &state, &sha1_generate_7_6 );
1309
1310 /* SHA-1 Test 8 */
1311 instantiate_ok ( &state, &sha1_instantiate_8 );
1312 force_reseed_required ( &state ); /* See above comments */
1313 generate_fail_ok ( &state, &sha1_generate_fail_8_1 );
1314 reseed_ok ( &state, &sha1_reseed_8_2 );
1315 generate_ok ( &state, &sha1_generate_8_3 );
1316 force_reseed_required ( &state ); /* See above comments */
1317 generate_fail_ok ( &state, &sha1_generate_fail_8_4 );
1318 reseed_ok ( &state, &sha1_reseed_8_5 );
1319 generate_ok ( &state, &sha1_generate_8_6 );
1320
1321 /* SHA-256 Test 1 */
1322 instantiate_ok ( &state, &sha256_instantiate_1 );
1323 generate_ok ( &state, &sha256_generate_1_1 );
1324 generate_ok ( &state, &sha256_generate_1_2 );
1325
1326 /* SHA-256 Test 2 */
1327 instantiate_ok ( &state, &sha256_instantiate_2 );
1328 generate_ok ( &state, &sha256_generate_2_1 );
1329 generate_ok ( &state, &sha256_generate_2_2 );
1330
1331 /* SHA-256 Test 3 */
1332 instantiate_ok ( &state, &sha256_instantiate_3 );
1333 generate_ok ( &state, &sha256_generate_3_1 );
1334 generate_ok ( &state, &sha256_generate_3_2 );
1335
1336 /* SHA-256 Test 4 */
1337 instantiate_ok ( &state, &sha256_instantiate_4 );
1338 generate_ok ( &state, &sha256_generate_4_1 );
1339 generate_ok ( &state, &sha256_generate_4_2 );
1340
1341 /* SHA-256 Test 5 */
1342 instantiate_ok ( &state, &sha256_instantiate_5 );
1343 force_reseed_required ( &state ); /* See above comments */
1344 generate_fail_ok ( &state, &sha256_generate_fail_5_1 );
1345 reseed_ok ( &state, &sha256_reseed_5_2 );
1346 generate_ok ( &state, &sha256_generate_5_3 );
1347 force_reseed_required ( &state ); /* See above comments */
1348 generate_fail_ok ( &state, &sha256_generate_fail_5_4 );
1349 reseed_ok ( &state, &sha256_reseed_5_5 );
1350 generate_ok ( &state, &sha256_generate_5_6 );
1351
1352 /* SHA-256 Test 6 */
1353 instantiate_ok ( &state, &sha256_instantiate_6 );
1354 force_reseed_required ( &state ); /* See above comments */
1355 generate_fail_ok ( &state, &sha256_generate_fail_6_1 );
1356 reseed_ok ( &state, &sha256_reseed_6_2 );
1357 generate_ok ( &state, &sha256_generate_6_3 );
1358 force_reseed_required ( &state ); /* See above comments */
1359 generate_fail_ok ( &state, &sha256_generate_fail_6_4 );
1360 reseed_ok ( &state, &sha256_reseed_6_5 );
1361 generate_ok ( &state, &sha256_generate_6_6 );
1362
1363 /* SHA-256 Test 7 */
1364 instantiate_ok ( &state, &sha256_instantiate_7 );
1365 force_reseed_required ( &state ); /* See above comments */
1366 generate_fail_ok ( &state, &sha256_generate_fail_7_1 );
1367 reseed_ok ( &state, &sha256_reseed_7_2 );
1368 generate_ok ( &state, &sha256_generate_7_3 );
1369 force_reseed_required ( &state ); /* See above comments */
1370 generate_fail_ok ( &state, &sha256_generate_fail_7_4 );
1371 reseed_ok ( &state, &sha256_reseed_7_5 );
1372 generate_ok ( &state, &sha256_generate_7_6 );
1373
1374 /* SHA-256 Test 8 */
1375 instantiate_ok ( &state, &sha256_instantiate_8 );
1376 force_reseed_required ( &state ); /* See above comments */
1377 generate_fail_ok ( &state, &sha256_generate_fail_8_1 );
1378 reseed_ok ( &state, &sha256_reseed_8_2 );
1379 generate_ok ( &state, &sha256_generate_8_3 );
1380 force_reseed_required ( &state ); /* See above comments */
1381 generate_fail_ok ( &state, &sha256_generate_fail_8_4 );
1382 reseed_ok ( &state, &sha256_reseed_8_5 );
1383 generate_ok ( &state, &sha256_generate_8_6 );
1384 }
1385
1386 /** HMAC_DRBG self-test */
1387 struct self_test hmac_drbg_test __self_test = {
1388 .name = "hmac_drbg",
1389 .exec = hmac_drbg_test_exec,
1390 };
1391