1 // validat3.cpp - originally written and placed in the public domain by Wei Dai
2 // CryptoPP::Test namespace added by JW in February 2017.
3 // Source files split in July 2018 to expedite compiles.
4
5 #include "pch.h"
6
7 #define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1
8
9 #include "cryptlib.h"
10 #include "cpu.h"
11 #include "validate.h"
12
13 #include "rng.h"
14 #include "drbg.h"
15 #include "darn.h"
16 #include "osrng.h"
17 #include "rdrand.h"
18 #include "mersenne.h"
19 #include "padlkrng.h"
20 #include "randpool.h"
21
22 #include "gzip.h"
23 #include "channels.h"
24
25 #include <iostream>
26 #include <iomanip>
27 #include <sstream>
28
29 // Aggressive stack checking with VS2005 SP1 and above.
30 #if (_MSC_VER >= 1500)
31 # pragma strict_gs_check (on)
32 #endif
33
34 #if CRYPTOPP_MSC_VERSION
35 # pragma warning(disable: 4505 4355)
36 #endif
37
38 NAMESPACE_BEGIN(CryptoPP)
NAMESPACE_BEGIN(Test)39 NAMESPACE_BEGIN(Test)
40
41 bool ValidateAll(bool thorough)
42 {
43 bool pass=TestSettings();
44 pass=TestOS_RNG() && pass;
45 pass=TestRandomPool() && pass;
46 #if !defined(NO_OS_DEPENDENCE) && defined(OS_RNG_AVAILABLE)
47 pass=TestAutoSeededX917() && pass;
48 #endif
49 // pass=TestSecRandom() && pass;
50 #if defined(CRYPTOPP_EXTENDED_VALIDATION)
51 pass=TestMersenne() && pass;
52 #endif
53 #if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64)
54 pass=TestPadlockRNG() && pass;
55 pass=TestRDRAND() && pass;
56 pass=TestRDSEED() && pass;
57 #endif
58 #if (CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64)
59 pass=TestDARN() && pass;
60 #endif
61 #if defined(CRYPTOPP_EXTENDED_VALIDATION)
62 // http://github.com/weidai11/cryptopp/issues/92
63 pass=TestSecBlock() && pass;
64 // http://github.com/weidai11/cryptopp/issues/602
65 pass=TestIntegerOps() && pass;
66 // http://github.com/weidai11/cryptopp/issues/336
67 pass=TestIntegerBitops() && pass;
68 // http://github.com/weidai11/cryptopp/issues/64
69 pass=TestPolynomialMod2() && pass;
70 // http://github.com/weidai11/cryptopp/issues/360
71 pass=TestRounding() && pass;
72 // http://github.com/weidai11/cryptopp/issues/242
73 pass=TestHuffmanCodes() && pass;
74 // http://github.com/weidai11/cryptopp/issues/346
75 pass=TestASN1Parse() && pass;
76 pass=TestASN1Functions() && pass;
77 // https://github.com/weidai11/cryptopp/pull/334
78 pass=TestStringSink() && pass;
79 // Always part of the self tests; call in Debug
80 # if defined(CRYPTOPP_ALTIVEC_AVAILABLE)
81 pass=TestAltivecOps() && pass;
82 # endif
83 // Always part of the self tests; call in Debug
84 pass=ValidateBaseCode() && pass;
85 // https://github.com/weidai11/cryptopp/issues/562
86 pass=ValidateEncoder() && pass;
87 // Additional tests due to no coverage
88 pass=TestCompressors() && pass;
89 pass=TestSharing() && pass;
90 pass=TestEncryptors() && pass;
91 pass=TestX25519() && pass;
92 pass=TestEd25519() && pass;
93 #endif
94
95 pass=ValidateCRC32() && pass;
96 pass=ValidateCRC32C() && pass;
97 pass=ValidateAdler32() && pass;
98 pass=ValidateMD2() && pass;
99 #if defined(CRYPTOPP_EXTENDED_VALIDATION)
100 pass=ValidateMD4() && pass;
101 #endif
102 pass=ValidateMD5() && pass;
103 pass=ValidateSHA() && pass;
104
105 pass=ValidateKeccak() && pass;
106 pass=ValidateSHA3() && pass;
107 pass=ValidateSHAKE() && pass;
108 pass=ValidateSHAKE_XOF() && pass;
109
110 pass=ValidateLSH() && pass;
111
112 pass=ValidateHashDRBG() && pass;
113 pass=ValidateHmacDRBG() && pass;
114
115 pass=ValidateTiger() && pass;
116 pass=ValidateRIPEMD() && pass;
117 pass=ValidatePanama() && pass;
118 pass=ValidateWhirlpool() && pass;
119
120 pass=ValidateSM3() && pass;
121 pass=ValidateBLAKE2s() && pass;
122 pass=ValidateBLAKE2b() && pass;
123 pass=ValidatePoly1305() && pass;
124 pass=ValidateSipHash() && pass;
125
126 pass=ValidateHMAC() && pass;
127 pass=ValidateTTMAC() && pass;
128
129 pass=ValidatePBKDF() && pass;
130 pass=ValidateHKDF() && pass;
131 pass=ValidateScrypt() && pass;
132
133 pass=ValidateDES() && pass;
134 pass=ValidateCipherModes() && pass;
135 pass=ValidateIDEA() && pass;
136 pass=ValidateSAFER() && pass;
137 pass=ValidateRC2() && pass;
138 pass=ValidateARC4() && pass;
139 pass=ValidateRC5() && pass;
140 pass=ValidateBlowfish() && pass;
141 pass=ValidateThreeWay() && pass;
142 pass=ValidateGOST() && pass;
143 pass=ValidateSHARK() && pass;
144 pass=ValidateCAST() && pass;
145 pass=ValidateSquare() && pass;
146 pass=ValidateSKIPJACK() && pass;
147 pass=ValidateSEAL() && pass;
148 pass=ValidateRC6() && pass;
149 pass=ValidateMARS() && pass;
150 pass=ValidateRijndael() && pass;
151 pass=ValidateTwofish() && pass;
152 pass=ValidateSerpent() && pass;
153 pass=ValidateSHACAL2() && pass;
154 pass=ValidateARIA() && pass;
155 pass=ValidateCHAM() && pass;
156 pass=ValidateHIGHT() && pass;
157 pass=ValidateLEA() && pass;
158 pass=ValidateSIMECK() && pass;
159 pass=ValidateSIMON() && pass;
160 pass=ValidateSPECK() && pass;
161 pass=ValidateCamellia() && pass;
162 pass=ValidateSalsa() && pass;
163 pass=ValidateChaCha() && pass;
164 pass=ValidateChaChaTLS() && pass;
165 pass=ValidateSosemanuk() && pass;
166 pass=ValidateRabbit() && pass;
167 pass=ValidateHC128() && pass;
168 pass=ValidateHC256() && pass;
169 pass=RunTestDataFile("TestVectors/seed.txt") && pass;
170 pass=RunTestDataFile("TestVectors/threefish.txt") && pass;
171 pass=RunTestDataFile("TestVectors/kalyna.txt") && pass;
172 pass=RunTestDataFile("TestVectors/sm4.txt") && pass;
173 pass=ValidateVMAC() && pass;
174 pass=ValidateCCM() && pass;
175 pass=ValidateGCM() && pass;
176 pass=ValidateXTS() && pass;
177 pass=ValidateCMAC() && pass;
178 pass=RunTestDataFile("TestVectors/eax.txt") && pass;
179
180 pass=ValidateBBS() && pass;
181 pass=ValidateDH() && pass;
182 pass=ValidateX25519() && pass;
183 pass=ValidateMQV() && pass;
184 pass=ValidateHMQV() && pass;
185 pass=ValidateFHMQV() && pass;
186 pass=ValidateRSA() && pass;
187 pass=ValidateElGamal() && pass;
188 pass=ValidateDLIES() && pass;
189 pass=ValidateNR() && pass;
190 pass=ValidateDSA(thorough) && pass;
191 pass=ValidateLUC() && pass;
192 pass=ValidateLUC_DH() && pass;
193 pass=ValidateLUC_DL() && pass;
194 pass=ValidateXTR_DH() && pass;
195 pass=ValidateRabin() && pass;
196 pass=ValidateRW() && pass;
197 pass=ValidateECP() && pass;
198 pass=ValidateEC2N() && pass;
199 pass=ValidateECP_Legacy_Encrypt() && pass;
200 pass=ValidateEC2N_Legacy_Encrypt() && pass;
201 pass=ValidateECDSA() && pass;
202 pass=ValidateECDSA_RFC6979() && pass;
203 pass=ValidateECGDSA(thorough) && pass;
204 pass=ValidateESIGN() && pass;
205
206 pass=ValidateX25519() && pass;
207 pass=ValidateEd25519() && pass;
208 pass=ValidateNaCl() && pass;
209
210 if (pass)
211 std::cout << "\nAll tests passed!\n";
212 else
213 std::cout << "\nOops! Not all tests passed.\n";
214
215 return pass;
216 }
217
TestSettings()218 bool TestSettings()
219 {
220 bool pass = true;
221
222 std::cout << "\nTesting Settings...\n\n";
223
224 word32 w;
225 const byte s[] = "\x01\x02\x03\x04";
226
227 #if (_MSC_VER >= 1400)
228 memcpy_s(&w, 4, s, 4);
229 #else
230 std::copy(s, s+4, reinterpret_cast<byte*>(&w));
231 #endif
232
233 if (w == 0x04030201L)
234 {
235 #if (CRYPTOPP_LITTLE_ENDIAN)
236 std::cout << "passed: ";
237 #else
238 std::cout << "FAILED: ";
239 pass = false;
240 #endif
241 std::cout << "Your machine is little endian.\n";
242 }
243 else if (w == 0x01020304L)
244 {
245 #if (CRYPTOPP_BIG_ENDIAN)
246 std::cout << "passed: ";
247 #else
248 std::cout << "FAILED: ";
249 pass = false;
250 #endif
251 std::cout << "Your machine is big endian.\n";
252 }
253 else
254 {
255 std::cout << "FAILED: Your machine is neither big endian nor little endian.\n";
256 pass = false;
257 }
258
259 if (sizeof(void*) == 8)
260 {
261 std::cout << "passed: Your machine is 64-bit.\n";
262 }
263 else if (sizeof(void*) == 4)
264 {
265 std::cout << "passed: Your machine is 32-bit.\n";
266 }
267 else
268 {
269 std::cout << "FAILED: Your machine is neither 32-bit nor 64-bit.\n";
270 pass = false;
271 }
272
273 #if defined(CRYPTOPP_EXTENDED_VALIDATION)
274 // App and library versions, http://github.com/weidai11/cryptopp/issues/371
275 const int v1 = LibraryVersion();
276 const int v2 = HeaderVersion();
277 if(v1/10 == v2/10)
278 std::cout << "passed: ";
279 else
280 {
281 std::cout << "FAILED: ";
282 pass = false;
283 }
284 std::cout << "Library version (library): " << v1 << ", header version (app): " << v2 << "\n";
285 #endif
286
287 if (sizeof(byte) == 1)
288 std::cout << "passed: ";
289 else
290 {
291 std::cout << "FAILED: ";
292 pass = false;
293 }
294 std::cout << "sizeof(byte) == " << sizeof(byte) << "\n";
295
296 if (sizeof(word16) == 2)
297 std::cout << "passed: ";
298 else
299 {
300 std::cout << "FAILED: ";
301 pass = false;
302 }
303 std::cout << "sizeof(word16) == " << sizeof(word16) << "\n";
304
305 if (sizeof(word32) == 4)
306 std::cout << "passed: ";
307 else
308 {
309 std::cout << "FAILED: ";
310 pass = false;
311 }
312 std::cout << "sizeof(word32) == " << sizeof(word32) << "\n";
313
314 if (sizeof(word64) == 8)
315 std::cout << "passed: ";
316 else
317 {
318 std::cout << "FAILED: ";
319 pass = false;
320 }
321 std::cout << "sizeof(word64) == " << sizeof(word64) << "\n";
322
323 #ifdef CRYPTOPP_WORD128_AVAILABLE
324 if (sizeof(word128) == 16)
325 std::cout << "passed: ";
326 else
327 {
328 std::cout << "FAILED: ";
329 pass = false;
330 }
331 std::cout << "sizeof(word128) == " << sizeof(word128) << "\n";
332 #endif
333
334 if (sizeof(word) == 2*sizeof(hword)
335 #ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE
336 && sizeof(dword) == 2*sizeof(word)
337 #endif
338 )
339 std::cout << "passed: ";
340 else
341 {
342 std::cout << "FAILED: ";
343 pass = false;
344 }
345 std::cout << "sizeof(hword) == " << sizeof(hword) << ", sizeof(word) == " << sizeof(word);
346 #ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE
347 std::cout << ", sizeof(dword) == " << sizeof(dword);
348 #endif
349 std::cout << "\n";
350
351 const int cacheLineSize = GetCacheLineSize();
352 if (cacheLineSize < 16 || cacheLineSize > 256 || !IsPowerOf2(cacheLineSize))
353 {
354 std::cout << "FAILED: ";
355 pass = false;
356 }
357 else
358 std::cout << "passed: ";
359 std::cout << "cacheLineSize == " << cacheLineSize << "\n";
360
361 #ifdef CRYPTOPP_CPUID_AVAILABLE
362 bool hasSSE2 = HasSSE2();
363 bool hasSSSE3 = HasSSSE3();
364 bool hasSSE41 = HasSSE41();
365 bool hasSSE42 = HasSSE42();
366 bool hasAVX = HasAVX();
367 bool hasAVX2 = HasAVX2();
368 bool hasAESNI = HasAESNI();
369 bool hasCLMUL = HasCLMUL();
370 bool hasRDRAND = HasRDRAND();
371 bool hasRDSEED = HasRDSEED();
372 bool hasSHA = HasSHA();
373 bool isP4 = IsP4();
374
375 std::cout << "hasSSE2 == " << hasSSE2 << ", hasSSSE3 == " << hasSSSE3;
376 std::cout << ", hasSSE4.1 == " << hasSSE41 << ", hasSSE4.2 == " << hasSSE42;
377 std::cout << ", hasAVX == " << hasAVX << ", hasAVX2 == " << hasAVX2;
378 std::cout << ", hasAESNI == " << hasAESNI << ", hasCLMUL == " << hasCLMUL;
379 std::cout << ", hasRDRAND == " << hasRDRAND << ", hasRDSEED == " << hasRDSEED;
380 std::cout << ", hasSHA == " << hasSHA << ", isP4 == " << isP4;
381 std::cout << "\n";
382
383 #elif (CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARMV8)
384
385 # if defined(__arm__)
386 bool hasARMv7 = HasARMv7();
387 bool hasNEON = HasNEON();
388
389 std::cout << "passed: ";
390 std::cout << "hasARMv7 == " << hasARMv7 << ", hasNEON == " << hasNEON << "\n";
391 # else // __arch32__ and __aarch64__
392 bool hasCRC32 = HasCRC32();
393 bool hasPMULL = HasPMULL();
394 bool hasAES = HasAES();
395 bool hasSHA1 = HasSHA1();
396 bool hasSHA2 = HasSHA2();
397 bool hasSHA3 = HasSHA3();
398 bool hasSHA512 = HasSHA512();
399 bool hasSM3 = HasSM3();
400 bool hasSM4 = HasSM4();
401
402 std::cout << "passed: hasASIMD == 1";
403 std::cout << ", hasCRC32 == " << hasCRC32 << ", hasAES == " << hasAES;
404 std::cout << ", hasPMULL == " << hasPMULL << ", hasSHA1 == " << hasSHA1;
405 std::cout << ", hasSHA2 == " << hasSHA2 << ", hasSHA3 == " << hasSHA3;
406 std::cout << ", hasSHA512 == " << hasSHA512 << ", hasSM3 == " << hasSM3;
407 std::cout << ", hasSM4 == " << hasSM4 << "\n";
408 # endif
409
410 #elif (CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64)
411 const bool hasAltivec = HasAltivec();
412 const bool hasPower7 = HasPower7();
413 const bool hasPower8 = HasPower8();
414 const bool hasPower9 = HasPower9();
415 const bool hasAES = HasAES();
416 const bool hasPMULL = HasPMULL();
417 const bool hasSHA256 = HasSHA256();
418 const bool hasSHA512 = HasSHA512();
419 const bool hasDARN = HasDARN();
420
421 std::cout << "passed: ";
422 std::cout << "hasAltivec == " << hasAltivec << ", hasPower7 == " << hasPower7;
423 std::cout << ", hasPower8 == " << hasPower8 << ", hasPower9 == " << hasPower9;
424 std::cout << ", hasAES == " << hasAES << ", hasPMULL == " << hasPMULL;
425 std::cout << ", hasSHA256 == " << hasSHA256 << ", hasSHA512 == " << hasSHA512;
426 std::cout << ", hasDARN == " << hasDARN << "\n";
427
428 #endif
429
430 if (!pass)
431 {
432 std::cerr << "Some critical setting in config.h is in error. Please fix it and recompile.\n";
433 std::abort();
434 }
435 return pass;
436 }
437
Test_RandomNumberGenerator(RandomNumberGenerator & prng,bool drain=false)438 bool Test_RandomNumberGenerator(RandomNumberGenerator& prng, bool drain=false)
439 {
440 bool pass = true, result = true;
441 const size_t GENERATE_SIZE = 1024*10, DISCARD_SIZE = 256, ENTROPY_SIZE = 32;
442
443 if(drain)
444 {
445 RandomNumberSource(prng, UINT_MAX, true, new Redirector(TheBitBucket()));
446 }
447
448 MeterFilter meter(new Redirector(TheBitBucket()));
449 RandomNumberSource(prng, GENERATE_SIZE, true, new Deflator(new Redirector(meter)));
450
451 if (meter.GetTotalBytes() < GENERATE_SIZE)
452 {
453 pass = false;
454 result = false;
455 }
456
457 if (!pass)
458 std::cout << "FAILED:";
459 else
460 std::cout << "passed:";
461 std::cout << " " << GENERATE_SIZE << " generated bytes compressed to ";
462 std::cout << meter.GetTotalBytes() << " bytes by DEFLATE\n";
463
464 try
465 {
466 pass = true;
467 if(prng.CanIncorporateEntropy())
468 {
469 SecByteBlock entropy(ENTROPY_SIZE);
470 GlobalRNG().GenerateBlock(entropy, entropy.SizeInBytes());
471
472 prng.IncorporateEntropy(entropy, entropy.SizeInBytes());
473 prng.IncorporateEntropy(entropy, entropy.SizeInBytes()-1);
474 prng.IncorporateEntropy(entropy, entropy.SizeInBytes()-2);
475 prng.IncorporateEntropy(entropy, entropy.SizeInBytes()-3);
476 }
477 }
478 catch (const Exception& /*ex*/)
479 {
480 pass = false;
481 result = false;
482 }
483
484 if (!pass)
485 std::cout << "FAILED:";
486 else
487 std::cout << "passed:";
488 std::cout << " IncorporateEntropy with " << 4*ENTROPY_SIZE << " bytes\n";
489
490 try
491 {
492 word32 val = prng.GenerateWord32();
493 val = prng.GenerateWord32((val & 0xff), 0xffffffff - (val & 0xff));
494
495 prng.GenerateBlock(reinterpret_cast<byte*>(&val), 4);
496 prng.GenerateBlock(reinterpret_cast<byte*>(&val), 3);
497 prng.GenerateBlock(reinterpret_cast<byte*>(&val), 2);
498 prng.GenerateBlock(reinterpret_cast<byte*>(&val), 1);
499 }
500 catch (const Exception&)
501 {
502 pass = false;
503 result = false;
504 }
505
506 if (!pass)
507 std::cout << "FAILED:";
508 else
509 std::cout << "passed:";
510 std::cout << " GenerateWord32 and Crop\n";
511
512 try
513 {
514 pass = true;
515 prng.DiscardBytes(DISCARD_SIZE);
516 prng.DiscardBytes(DISCARD_SIZE-1);
517 prng.DiscardBytes(DISCARD_SIZE-2);
518 prng.DiscardBytes(DISCARD_SIZE-3);
519 }
520 catch (const Exception&)
521 {
522 pass = false;
523 result = false;
524 }
525
526 if (!pass)
527 std::cout << "FAILED:";
528 else
529 std::cout << "passed:";
530 std::cout << " DiscardBytes with " << 4*DISCARD_SIZE << " bytes\n";
531
532 // Miscellaneous for code coverage
533 (void)prng.AlgorithmName(); // "unknown"
534
535 CRYPTOPP_ASSERT(result);
536 return result;
537 }
538
TestOS_RNG()539 bool TestOS_RNG()
540 {
541 bool pass = true;
542
543 member_ptr<RandomNumberGenerator> rng;
544
545 #ifdef BLOCKING_RNG_AVAILABLE
546 try {rng.reset(new BlockingRng);}
547 catch (const OS_RNG_Err &) {}
548
549 if (rng.get())
550 {
551 std::cout << "\nTesting operating system provided blocking random number generator...\n\n";
552
553 MeterFilter meter(new Redirector(TheBitBucket()));
554 RandomNumberSource test(*rng, UINT_MAX, false, new Deflator(new Redirector(meter)));
555 unsigned long total=0;
556 time_t t = time(NULLPTR), t1 = 0;
557
558 // check that it doesn't take too long to generate a reasonable amount of randomness
559 while (total < 16 && (t1 < 10 || total*8 > (unsigned long)t1))
560 {
561 test.Pump(1);
562 total += 1;
563 t1 = time(NULLPTR) - t;
564 }
565
566 if (total < 16)
567 {
568 std::cout << "FAILED:";
569 pass = false;
570 }
571 else
572 std::cout << "passed:";
573 std::cout << " it took " << long(t1) << " seconds to generate " << total << " bytes" << std::endl;
574
575 test.AttachedTransformation()->MessageEnd();
576
577 if (meter.GetTotalBytes() < total)
578 {
579 std::cout << "FAILED:";
580 pass = false;
581 }
582 else
583 std::cout << "passed:";
584 std::cout << " " << total << " generated bytes compressed to " << meter.GetTotalBytes() << " bytes by DEFLATE\n";
585
586 try
587 {
588 // Miscellaneous for code coverage
589 RandomNumberGenerator& prng = *rng.get();
590 (void)prng.AlgorithmName();
591 word32 result = prng.GenerateWord32();
592 result = prng.GenerateWord32((result & 0xff), 0xffffffff - (result & 0xff));
593 prng.GenerateBlock(reinterpret_cast<byte*>(&result), 4);
594 prng.GenerateBlock(reinterpret_cast<byte*>(&result), 3);
595 prng.GenerateBlock(reinterpret_cast<byte*>(&result), 2);
596 prng.GenerateBlock(reinterpret_cast<byte*>(&result), 1);
597 prng.GenerateBlock(reinterpret_cast<byte*>(&result), 0);
598 pass = true;
599 }
600 catch (const Exception&)
601 {
602 pass = false;
603 }
604
605 if (!pass)
606 std::cout << "FAILED:";
607 else
608 std::cout << "passed:";
609 std::cout << " GenerateWord32 and Crop\n";
610 }
611 else
612 std::cout << "\nNo operating system provided blocking random number generator, skipping test." << std::endl;
613 #endif
614
615 #ifdef NONBLOCKING_RNG_AVAILABLE
616 try {rng.reset(new NonblockingRng);}
617 catch (OS_RNG_Err &) {}
618
619 if (rng.get())
620 {
621 std::cout << "\nTesting operating system provided nonblocking random number generator...\n\n";
622
623 pass = Test_RandomNumberGenerator(*rng.get()) && pass;
624 }
625 else
626 std::cout << "\nNo operating system provided non-blocking random number generator, skipping test." << std::endl;
627 #endif
628
629 CRYPTOPP_ASSERT(pass);
630 return pass;
631 }
632
TestRandomPool()633 bool TestRandomPool()
634 {
635 member_ptr<RandomNumberGenerator> prng;
636 bool pass=true;
637
638 try {prng.reset(new RandomPool);}
639 catch (Exception &) {}
640
641 if(prng.get())
642 {
643 std::cout << "\nTesting RandomPool generator...\n\n";
644 pass = Test_RandomNumberGenerator(*prng.get()) && pass;
645 }
646
647 #if !defined(NO_OS_DEPENDENCE) && defined(OS_RNG_AVAILABLE)
648 try {prng.reset(new AutoSeededRandomPool);}
649 catch (Exception &) {}
650
651 if(prng.get())
652 {
653 std::cout << "\nTesting AutoSeeded RandomPool generator...\n\n";
654 pass = Test_RandomNumberGenerator(*prng.get()) && pass;
655 }
656 #endif
657
658 // Old, PGP 2.6 style RandomPool. Added because users were still having problems
659 // with it in 2017. The missing functionality was a barrier to upgrades.
660 try {prng.reset(new OldRandomPool);}
661 catch (Exception &) {}
662
663 if(prng.get())
664 {
665 std::cout << "\nTesting OldRandomPool generator...\n\n";
666 pass = Test_RandomNumberGenerator(*prng.get()) && pass;
667
668 // https://github.com/weidai11/cryptopp/issues/452
669 byte actual[32], expected[32] = {
670 0x41,0xD1,0xEF,0x8F,0x10,0x3C,0xE2,0x94,
671 0x47,0xC0,0xC3,0x86,0x66,0xBC,0x86,0x09,
672 0x57,0x77,0x73,0x91,0x57,0x4D,0x93,0x66,
673 0xD1,0x13,0xE1,0xBA,0x07,0x49,0x8F,0x75
674 };
675
676 prng.reset(new OldRandomPool);
677 RandomNumberGenerator& old = *prng.get();
678
679 SecByteBlock seed(384);
680 for (size_t i=0; i<384; ++i)
681 seed[i] = static_cast<byte>(i);
682 old.IncorporateEntropy(seed, seed.size());
683
684 old.GenerateBlock(actual, sizeof(actual));
685 pass = (0 == std::memcmp(actual, expected, sizeof(expected))) && pass;
686
687 if (!pass)
688 std::cout << "FAILED:";
689 else
690 std::cout << "passed:";
691 std::cout << " Expected sequence from PGP-style RandomPool (circa 2007)\n";
692 }
693
694 return pass;
695 }
696
697 #if !defined(NO_OS_DEPENDENCE) && defined(OS_RNG_AVAILABLE)
TestAutoSeededX917()698 bool TestAutoSeededX917()
699 {
700 // This tests Auto-Seeding and GenerateIntoBufferedTransformation.
701 std::cout << "\nTesting AutoSeeded X917 generator...\n\n";
702
703 AutoSeededX917RNG<AES> prng;
704 return Test_RandomNumberGenerator(prng);
705 }
706 #endif
707
708 #if defined(CRYPTOPP_EXTENDED_VALIDATION)
TestMersenne()709 bool TestMersenne()
710 {
711 std::cout << "\nTesting Mersenne Twister...\n\n";
712
713 member_ptr<RandomNumberGenerator> rng;
714 bool pass = true;
715
716 try {rng.reset(new MT19937ar);}
717 catch (const Exception &) {}
718
719 if(rng.get())
720 {
721 pass = Test_RandomNumberGenerator(*rng.get());
722 }
723
724 // Reset state
725 try {rng.reset(new MT19937ar);}
726 catch (const Exception &) {}
727
728 if(rng.get())
729 {
730 // First 10; http://create.stephan-brumme.com/mersenne-twister/
731 word32 result[10], expected[10] = {
732 0xD091BB5C, 0x22AE9EF6, 0xE7E1FAEE, 0xD5C31F79,
733 0x2082352C, 0xF807B7DF, 0xE9D30005, 0x3895AFE1,
734 0xA1E24BBA, 0x4EE4092B
735 };
736
737 rng->GenerateBlock(reinterpret_cast<byte*>(result), sizeof(result));
738 pass = (0 == std::memcmp(result, expected, sizeof(expected))) && pass;
739
740 if (!pass)
741 std::cout << "FAILED:";
742 else
743 std::cout << "passed:";
744 std::cout << " Expected sequence from MT19937\n";
745 }
746
747 return pass;
748 }
749 #endif
750
751 #if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64)
TestPadlockRNG()752 bool TestPadlockRNG()
753 {
754 std::cout << "\nTesting Padlock RNG generator...\n\n";
755
756 member_ptr<RandomNumberGenerator> rng;
757 bool pass = true, fail;
758
759 try {rng.reset(new PadlockRNG);}
760 catch (const PadlockRNG_Err &) {}
761
762 if (rng.get())
763 {
764 PadlockRNG& padlock = dynamic_cast<PadlockRNG&>(*rng.get());
765 pass = Test_RandomNumberGenerator(padlock);
766
767 // PadlockRNG does not accept entropy. However, the contract is no throw
768 const byte entropy[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
769 (void)padlock.IncorporateEntropy(entropy, sizeof(entropy));
770
771 SecByteBlock zero(16), one(16), t(16);
772 std::memset(zero, 0x00, zero.size());
773 std::memset( one, 0xff, one.size());
774
775 // Cryptography Research, Inc tests
776 word32 oldDivisor = padlock.SetDivisor(0);
777 padlock.GenerateBlock(t, t.size());
778 word32 msr = padlock.GetMSR();
779 padlock.SetDivisor(oldDivisor);
780
781 // Bit 6 should be set
782 fail = !(msr & (1 << 6U));
783 pass &= !fail;
784 if (fail)
785 std::cout << "FAILED:";
786 else
787 std::cout << "passed:";
788 std::cout << " VIA RNG is activated\n";
789
790 // Bit 13 should be unset
791 fail = !!(msr & (1 << 13U));
792 pass &= !fail;
793 if (fail)
794 std::cout << "FAILED:";
795 else
796 std::cout << "passed:";
797 std::cout << " von Neumann corrector is activated\n";
798
799 // Bit 14 should be unset
800 fail = !!(msr & (1 << 14U));
801 pass &= !fail;
802 if (fail)
803 std::cout << "FAILED:";
804 else
805 std::cout << "passed:";
806 std::cout << " String filter is deactivated\n";
807
808 // Bit 12:10 should be unset
809 fail = !!(msr & (0x7 << 10U));
810 pass &= !fail;
811 if (fail)
812 std::cout << "FAILED:";
813 else
814 std::cout << "passed:";
815 std::cout << " Bias voltage is unmodified\n";
816
817 fail = false;
818 if (t == zero || t == one)
819 fail = true;
820
821 pass &= !fail;
822 if (fail)
823 std::cout << "FAILED:";
824 else
825 std::cout << "passed:";
826 std::cout << " All 0's or all 1's test\n";
827 }
828 else
829 std::cout << "Padlock RNG generator not available, skipping test.\n";
830
831 return pass;
832 }
833
TestRDRAND()834 bool TestRDRAND()
835 {
836 std::cout << "\nTesting RDRAND generator...\n\n";
837
838 bool pass = true;
839 member_ptr<RandomNumberGenerator> rng;
840
841 try {rng.reset(new RDRAND);}
842 catch (const RDRAND_Err &) {}
843
844 if (rng.get())
845 {
846 RDRAND& rdrand = dynamic_cast<RDRAND&>(*rng.get());
847 pass = Test_RandomNumberGenerator(rdrand) && pass;
848
849 // RDRAND does not accept entropy. However, the contract is no throw
850 const byte entropy[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
851 (void)rdrand.IncorporateEntropy(entropy, sizeof(entropy));
852
853 MaurerRandomnessTest maurer;
854 const unsigned int SIZE = 1024*10;
855 RandomNumberSource(rdrand, SIZE, true, new Redirector(maurer));
856
857 CRYPTOPP_ASSERT(0 == maurer.BytesNeeded());
858 const double mv = maurer.GetTestValue();
859 if (mv < 0.98f)
860 pass = false;
861
862 std::ostringstream oss;
863 oss.flags(std::ios::fixed);
864 oss.precision(6);
865
866 if (!pass)
867 oss << "FAILED:";
868 else
869 oss << "passed:";
870 oss << " Maurer Randomness Test returned value " << mv << "\n";
871 std::cout << oss.str();
872 }
873 else
874 std::cout << "RDRAND generator not available, skipping test.\n";
875
876 return pass;
877 }
878
TestRDSEED()879 bool TestRDSEED()
880 {
881 std::cout << "\nTesting RDSEED generator...\n\n";
882
883 bool pass = true;
884 member_ptr<RandomNumberGenerator> rng;
885
886 try {rng.reset(new RDSEED);}
887 catch (const RDSEED_Err &) {}
888
889 if (rng.get())
890 {
891 RDSEED& rdseed = dynamic_cast<RDSEED&>(*rng.get());
892 pass = Test_RandomNumberGenerator(rdseed) && pass;
893
894 // RDSEED does not accept entropy. However, the contract is no throw
895 const byte entropy[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
896 (void)rdseed.IncorporateEntropy(entropy, sizeof(entropy));
897
898 MaurerRandomnessTest maurer;
899 const unsigned int SIZE = 1024*10;
900 RandomNumberSource(rdseed, SIZE, true, new Redirector(maurer));
901
902 CRYPTOPP_ASSERT(0 == maurer.BytesNeeded());
903 const double mv = maurer.GetTestValue();
904 if (mv < 0.98f)
905 pass = false;
906
907 std::ostringstream oss;
908 oss.flags(std::ios::fixed);
909 oss.precision(6);
910
911 if (!pass)
912 oss << "FAILED:";
913 else
914 oss << "passed:";
915 oss << " Maurer Randomness Test returned value " << mv << "\n";
916 std::cout << oss.str();
917 }
918 else
919 std::cout << "RDSEED generator not available, skipping test.\n";
920
921 return pass;
922 }
923 #endif // x86, x32, or x64
924
925 #if (CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64)
TestDARN()926 bool TestDARN()
927 {
928 std::cout << "\nTesting DARN generator...\n\n";
929
930 bool pass = true;
931 member_ptr<RandomNumberGenerator> rng;
932
933 try {rng.reset(new DARN);}
934 catch (const DARN_Err &) {}
935
936 if (rng.get())
937 {
938 DARN& darn = dynamic_cast<DARN&>(*rng.get());
939 pass = Test_RandomNumberGenerator(darn) && pass;
940
941 // DARN does not accept entropy. However, the contract is no throw
942 const byte entropy[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
943 (void)darn.IncorporateEntropy(entropy, sizeof(entropy));
944
945 MaurerRandomnessTest maurer;
946 const unsigned int SIZE = 1024*10;
947 RandomNumberSource(darn, SIZE, true, new Redirector(maurer));
948
949 CRYPTOPP_ASSERT(0 == maurer.BytesNeeded());
950 const double mv = maurer.GetTestValue();
951 if (mv < 0.98f)
952 pass = false;
953
954 std::ostringstream oss;
955 oss.flags(std::ios::fixed);
956 oss.precision(6);
957
958 if (!pass)
959 oss << "FAILED:";
960 else
961 oss << "passed:";
962 oss << " Maurer Randomness Test returned value " << mv << "\n";
963 std::cout << oss.str();
964 }
965 else
966 std::cout << "DARN generator not available, skipping test.\n";
967
968 return pass;
969 }
970 #endif // PPC32 or PPC64
971
ValidateHashDRBG()972 bool ValidateHashDRBG()
973 {
974 std::cout << "\nTesting NIST Hash DRBGs...\n\n";
975 bool pass=true, fail;
976
977 // # CAVS 14.3
978 // # DRBG800-90A information for "drbg_pr"
979 // # Generated on Tue Apr 02 15:32:09 2013
980
981 {
982 // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64]
983 // [PersonalizationStringLen = 0], [AdditionalInputLen = 0], [ReturnedBitsLen = 640]
984 const byte entropy1[] = "\x16\x10\xb8\x28\xcc\xd2\x7d\xe0\x8c\xee\xa0\x32\xa2\x0e\x92\x08";
985 const byte entropy2[] = "\x72\xd2\x8c\x90\x8e\xda\xf9\xa4\xd1\xe5\x26\xd8\xf2\xde\xd5\x44";
986 const byte nonce[] = "\x49\x2c\xf1\x70\x92\x42\xf6\xb5";
987
988 Hash_DRBG<SHA1, 128/8, 440/8> drbg(entropy1, 16, nonce, 8);
989 drbg.IncorporateEntropy(entropy2, 16);
990
991 SecByteBlock result(80);
992 drbg.GenerateBlock(result, result.size());
993 drbg.GenerateBlock(result, result.size());
994
995 const byte expected[] = "\x56\xF3\x3D\x4F\xDB\xB9\xA5\xB6\x4D\x26\x23\x44\x97\xE9\xDC\xB8\x77\x98\xC6\x8D"
996 "\x08\xF7\xC4\x11\x99\xD4\xBD\xDF\x97\xEB\xBF\x6C\xB5\x55\x0E\x5D\x14\x9F\xF4\xD5"
997 "\xBD\x0F\x05\xF2\x5A\x69\x88\xC1\x74\x36\x39\x62\x27\x18\x4A\xF8\x4A\x56\x43\x35"
998 "\x65\x8E\x2F\x85\x72\xBE\xA3\x33\xEE\xE2\xAB\xFF\x22\xFF\xA6\xDE\x3E\x22\xAC\xA2";
999
1000 fail = !!memcmp(result, expected, 640/8);
1001 pass = !fail && pass;
1002
1003 std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA1/128/440 (COUNT=0, E=16, N=8)\n";
1004 }
1005
1006 {
1007 // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64]
1008 // [PersonalizationStringLen = 0], [AdditionalInputLen = 0], [ReturnedBitsLen = 640]
1009 const byte entropy1[] = "\x55\x08\x75\xb7\x4e\xc1\x1f\x90\x67\x78\xa3\x1a\x37\xa3\x29\xfd";
1010 const byte entropy2[] = "\x96\xc6\x39\xec\x14\x9f\x6b\x28\xe2\x79\x3b\xb9\x37\x9e\x60\x67";
1011 const byte nonce[] = "\x08\xdd\x8c\xd3\x5b\xfa\x00\x94";
1012
1013 Hash_DRBG<SHA1, 128/8, 440/8> drbg(entropy1, 16, nonce, 8);
1014 drbg.IncorporateEntropy(entropy2, 16);
1015
1016 SecByteBlock result(80);
1017 drbg.GenerateBlock(result, result.size());
1018 drbg.GenerateBlock(result, result.size());
1019
1020 const byte expected[] = "\xEE\x44\xC6\xCF\x2C\x0C\x73\xA8\xAC\x4C\xA5\x6C\x0E\x71\x2C\xA5\x50\x9A\x19\x5D"
1021 "\xE4\x5B\x8D\x2B\xC9\x40\xA7\xDB\x66\xC3\xEB\x2A\xA1\xBD\xB4\xDD\x76\x85\x12\x45"
1022 "\x80\x2E\x68\x05\x4A\xAB\xA8\x7C\xD6\x3A\xD3\xE5\xC9\x7C\x06\xE7\xA3\x9F\xF6\xF9"
1023 "\x8E\xB3\xD9\x72\xD4\x11\x35\xE5\xE7\x46\x1B\x49\x9C\x56\x45\x6A\xBE\x7F\x77\xD4";
1024
1025 fail = !!memcmp(result, expected, 640/8);
1026 pass = !fail && pass;
1027
1028 std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA1/128/440 (COUNT=1, E=16, N=8)\n";
1029 }
1030
1031 {
1032 // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64]
1033 // [PersonalizationStringLen = 0], [AdditionalInputLen = 128], [ReturnedBitsLen = 640]
1034 const byte entropy1[] = "\xd9\xba\xb5\xce\xdc\xa9\x6f\x61\x78\xd6\x45\x09\xa0\xdf\xdc\x5e";
1035 const byte entropy2[] = "\xc6\xba\xd0\x74\xc5\x90\x67\x86\xf5\xe1\xf3\x20\x99\xf5\xb4\x91";
1036 const byte nonce[] = "\xda\xd8\x98\x94\x14\x45\x0e\x01";
1037 const byte additional1[] = "\x3e\x6b\xf4\x6f\x4d\xaa\x38\x25\xd7\x19\x4e\x69\x4e\x77\x52\xf7";
1038 const byte additional2[] = "\x04\xfa\x28\x95\xaa\x5a\x6f\x8c\x57\x43\x34\x3b\x80\x5e\x5e\xa4";
1039 const byte additional3[] = "\xdf\x5d\xc4\x59\xdf\xf0\x2a\xa2\xf0\x52\xd7\x21\xec\x60\x72\x30";
1040
1041 Hash_DRBG<SHA1, 128/8, 440/8> drbg(entropy1, 16, nonce, 8);
1042 drbg.IncorporateEntropy(entropy2, 16, additional1, 16);
1043
1044 SecByteBlock result(80);
1045 drbg.GenerateBlock(additional2, 16, result, result.size());
1046 drbg.GenerateBlock(additional3, 16, result, result.size());
1047
1048 const byte expected[] = "\xC4\x8B\x89\xF9\xDA\x3F\x74\x82\x45\x55\x5D\x5D\x03\x3B\x69\x3D\xD7\x1A\x4D\xF5"
1049 "\x69\x02\x05\xCE\xFC\xD7\x20\x11\x3C\xC2\x4E\x09\x89\x36\xFF\x5E\x77\xB5\x41\x53"
1050 "\x58\x70\xB3\x39\x46\x8C\xDD\x8D\x6F\xAF\x8C\x56\x16\x3A\x70\x0A\x75\xB2\x3E\x59"
1051 "\x9B\x5A\xEC\xF1\x6F\x3B\xAF\x6D\x5F\x24\x19\x97\x1F\x24\xF4\x46\x72\x0F\xEA\xBE";
1052
1053 fail = !!memcmp(result, expected, 640/8);
1054 pass = !fail && pass;
1055
1056 std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA1/128/440 (C0UNT=0, E=16, N=8, A=16)\n";
1057 }
1058
1059 {
1060 // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64]
1061 // [PersonalizationStringLen = 0], [AdditionalInputLen = 128], [ReturnedBitsLen = 640]
1062 const byte entropy1[] = "\x28\x00\x0f\xbf\xf0\x57\x22\xc8\x89\x93\x06\xc2\x9b\x50\x78\x0a";
1063 const byte entropy2[] = "\xd9\x95\x8e\x8c\x08\xaf\x5a\x41\x0e\x91\x9b\xdf\x40\x8e\x5a\x0a";
1064 const byte nonce[] = "\x11\x2f\x6e\x20\xc0\x29\xed\x3f";
1065 const byte additional1[] = "\x91\x1d\x96\x5b\x6e\x77\xa9\x6c\xfe\x3f\xf2\xd2\xe3\x0e\x2a\x86";
1066 const byte additional2[] = "\xcd\x44\xd9\x96\xab\x05\xef\xe8\x27\xd3\x65\x83\xf1\x43\x18\x2c";
1067 const byte additional3[] = "\x9f\x6a\x31\x82\x12\x18\x4e\x70\xaf\x5d\x00\x14\x1f\x42\x82\xf6";
1068
1069 Hash_DRBG<SHA1, 128/8, 440/8> drbg(entropy1, 16, nonce, 8);
1070 drbg.IncorporateEntropy(entropy2, 16, additional1, 16);
1071
1072 SecByteBlock result(80);
1073 drbg.GenerateBlock(additional2, 16, result, result.size());
1074 drbg.GenerateBlock(additional3, 16, result, result.size());
1075
1076 const byte expected[] = "\x54\x61\x65\x92\x1E\x71\x4A\xD1\x39\x02\x2F\x97\xD2\x65\x3F\x0D\x47\x69\xB1\x4A"
1077 "\x3E\x6E\xEF\xA1\xA0\x16\xD6\x9E\xA9\x7F\x51\xD5\x81\xDC\xAA\xCF\x66\xF9\xB1\xE8"
1078 "\x06\x94\x41\xD6\xB5\xC5\x44\x60\x54\x07\xE8\xE7\xDC\x1C\xD8\xE4\x70\xAD\x84\x77"
1079 "\x5A\x65\x31\xBE\xE0\xFC\x81\x36\xE2\x8F\x0B\xFE\xEB\xE1\x98\x62\x7E\x98\xE0\xC1";
1080
1081 fail = !!memcmp(result, expected, 640/8);
1082 pass = !fail && pass;
1083
1084 std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA1/128/440 (C0UNT=1, E=16, N=8, A=16)\n";
1085 }
1086
1087 {
1088 // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64]
1089 // [PersonalizationStringLen = 128], [AdditionalInputLen = 0], [ReturnedBitsLen = 640]
1090 const byte entropy1[] = "\x0e\xd5\x4c\xef\x44\x5c\x61\x7d\x58\x86\xe0\x34\xc0\x97\x36\xd4";
1091 const byte entropy2[] = "\x0b\x90\x27\xb8\x01\xe7\xf7\x2e\xe6\xec\x50\x2b\x8b\x6b\xd7\x11";
1092 const byte nonce[] = "\x2c\x8b\x07\x13\x55\x6c\x91\x6f";
1093 const byte personalization[] = "\xf3\x37\x8e\xa1\x45\x34\x30\x41\x12\xe0\xee\x57\xe9\xb3\x4a\x4b";
1094
1095 Hash_DRBG<SHA1, 128/8, 440/8> drbg(entropy1, 16, nonce, 8, personalization, 16);
1096 drbg.IncorporateEntropy(entropy2, 16);
1097
1098 SecByteBlock result(80);
1099 drbg.GenerateBlock(result, result.size());
1100 drbg.GenerateBlock(result, result.size());
1101
1102 const byte expected[] = "\x55\x37\x0E\xD4\xB7\xCA\xA4\xBB\x67\x3A\x0F\x58\x40\xB3\x9F\x76\x4E\xDA\xD2\x85"
1103 "\xD5\x6F\x01\x8F\x2D\xA7\x54\x4B\x0E\x66\x39\x62\x35\x96\x1D\xB7\xF6\xDA\xFB\x30"
1104 "\xB6\xC5\x68\xD8\x40\x6E\x2B\xD4\x3D\x23\xEB\x0F\x10\xBA\x5F\x24\x9C\xC9\xE9\x4A"
1105 "\xD3\xA5\xF1\xDF\xA4\xF2\xB4\x80\x40\x91\xED\x8C\xD6\x6D\xE7\xB7\x53\xB2\x09\xD5";
1106
1107 fail = !!memcmp(result, expected, 640/8);
1108 pass = !fail && pass;
1109
1110 std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA1/128/440 (C0UNT=0, E=16, N=8, A=0, P=16)\n";
1111 }
1112
1113 {
1114 // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64]
1115 // [PersonalizationStringLen = 128], [AdditionalInputLen = 0], [ReturnedBitsLen = 640]
1116 const byte entropy1[] = "\x8f\x2a\x33\x9f\x5f\x45\x21\x30\xa4\x57\xa9\x6f\xcb\xe2\xe6\x36";
1117 const byte entropy2[] = "\x1f\xff\x9e\x4f\x4d\x66\x3a\x1f\x9e\x85\x4a\x15\x7d\xad\x97\xe0";
1118 const byte nonce[] = "\x0e\xd0\xe9\xa5\xa4\x54\x8a\xd0";
1119 const byte personalization[] = "\x45\xe4\xb3\xe2\x63\x87\x62\x57\x2c\x99\xe4\x03\x45\xd6\x32\x6f";
1120
1121 Hash_DRBG<SHA1, 128/8, 440/8> drbg(entropy1, 16, nonce, 8, personalization, 16);
1122 drbg.IncorporateEntropy(entropy2, 16);
1123
1124 SecByteBlock result(80);
1125 drbg.GenerateBlock(result, result.size());
1126 drbg.GenerateBlock(result, result.size());
1127
1128 const byte expected[] = "\x4F\xE8\x96\x41\xF8\xD3\x95\xC4\x43\x6E\xFB\xF8\x05\x75\xA7\x69\x74\x6E\x0C\x5F"
1129 "\x54\x14\x35\xB4\xE6\xA6\xB3\x40\x7C\xA2\xC4\x42\xA2\x2F\x66\x28\x28\xCF\x4A\xA8"
1130 "\xDC\x16\xBC\x5F\x69\xE5\xBB\x05\xD1\x43\x8F\x80\xAB\xC5\x8F\x9C\x3F\x75\x57\xEB"
1131 "\x44\x0D\xF5\x0C\xF4\x95\x23\x94\x67\x11\x55\x98\x14\x43\xFF\x13\x14\x85\x5A\xBC";
1132
1133 fail = !!memcmp(result, expected, 640/8);
1134 pass = !fail && pass;
1135
1136 std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA1/128/440 (C0UNT=1, E=16, N=8, A=0, P=16)\n";
1137 }
1138
1139 {
1140 // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64]
1141 // [PersonalizationStringLen = 128], [AdditionalInputLen = 16], [ReturnedBitsLen = 640]
1142 const byte entropy1[] = "\x48\xa1\xa9\x7c\xcc\x49\xd7\xcc\xf6\xe3\x78\xa2\xf1\x6b\x0f\xcd";
1143 const byte entropy2[] = "\xba\x5d\xa6\x79\x12\x37\x24\x3f\xea\x60\x50\xf5\xb9\x9e\xcd\xf5";
1144 const byte nonce[] = "\xb0\x91\xd2\xec\x12\xa8\x39\xfe";
1145 const byte personalization[] = "\x3d\xc1\x6c\x1a\xdd\x9c\xac\x4e\xbb\xb0\xb8\x89\xe4\x3b\x9e\x12";
1146 const byte additional1[] = "\xd1\x23\xe3\x8e\x4c\x97\xe8\x29\x94\xa9\x71\x7a\xc6\xf1\x7c\x08";
1147 const byte additional2[] = "\x80\x0b\xed\x97\x29\xcf\xad\xe6\x68\x0d\xfe\x53\xba\x0c\x1e\x28";
1148 const byte additional3[] = "\x25\x1e\x66\xb9\xe3\x85\xac\x1c\x17\xfb\x77\x1b\x5d\xc7\x6c\xf2";
1149
1150 Hash_DRBG<SHA1, 128/8, 440/8> drbg(entropy1, 16, nonce, 8, personalization, 16);
1151 drbg.IncorporateEntropy(entropy2, 16, additional1, 16);
1152
1153 SecByteBlock result(80);
1154 drbg.GenerateBlock(additional2, 16, result, result.size());
1155 drbg.GenerateBlock(additional3, 16, result, result.size());
1156
1157 const byte expected[] = "\xA1\xB2\xEE\x86\xA0\xF1\xDA\xB7\x93\x83\x13\x3A\x62\x27\x99\x08\x95\x3A\x1C\x9A"
1158 "\x98\x77\x60\x12\x11\x19\xCC\x78\xB8\x51\x2B\xD5\x37\xA1\x9D\xB9\x73\xCA\x39\x7A"
1159 "\xDD\x92\x33\x78\x6D\x5D\x41\xFF\xFA\xE9\x80\x59\x04\x85\x21\xE2\x52\x84\xBC\x6F"
1160 "\xDB\x97\xF3\x4E\x6A\x12\x7A\xCD\x41\x0F\x50\x68\x28\x46\xBE\x56\x9E\x9A\x6B\xC8";
1161
1162 fail = !!memcmp(result, expected, 640/8);
1163 pass = !fail && pass;
1164
1165 std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA1/128/440 (C0UNT=0, E=16, N=8, A=16, P=16)\n";
1166 }
1167
1168 {
1169 // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64]
1170 // [PersonalizationStringLen = 128], [AdditionalInputLen = 16], [ReturnedBitsLen = 640]
1171 const byte entropy1[] = "\x3b\xcb\xa8\x3b\x6d\xfb\x06\x79\x80\xef\xc3\x1e\xd2\x9e\x68\x57";
1172 const byte entropy2[] = "\x2f\xc9\x87\x49\x19\xcb\x52\x4a\x5b\xac\xf0\xcd\x96\x4e\xf8\x6e";
1173 const byte nonce[] = "\x23\xfe\x20\x9f\xac\x70\x45\xde";
1174 const byte personalization[] = "\xf2\x25\xf4\xd9\x6b\x9c\xab\x49\x1e\xab\x18\x14\xb2\x5e\x78\xef";
1175 const byte additional1[] = "\x57\x5b\x9a\x11\x32\x7a\xab\x89\x08\xfe\x46\x11\x9a\xed\x14\x5d";
1176 const byte additional2[] = "\x5d\x19\xcd\xed\xb7\xe3\x44\x66\x8e\x11\x42\x96\xa0\x38\xb1\x7f";
1177 const byte additional3[] = "\x2b\xaf\xa0\x15\xed\xdd\x5c\x76\x32\x75\x34\x35\xd1\x37\x72\xfb";
1178
1179 Hash_DRBG<SHA1, 128/8, 440/8> drbg(entropy1, 16, nonce, 8, personalization, 16);
1180 drbg.IncorporateEntropy(entropy2, 16, additional1, 16);
1181
1182 SecByteBlock result(80);
1183 drbg.GenerateBlock(additional2, 16, result, result.size());
1184 drbg.GenerateBlock(additional3, 16, result, result.size());
1185
1186 const byte expected[] = "\x1D\x12\xEB\x6D\x42\x60\xBD\xFB\xA7\x99\xB8\x53\xCC\x6F\x19\xB1\x64\xFE\x2F\x55"
1187 "\xBA\xA2\x1C\x89\xD4\xD0\xE9\xB4\xBA\xD4\xE5\xF8\xC5\x30\x06\x41\xBA\xC4\x3D\x2B"
1188 "\x73\x91\x27\xE9\x31\xC0\x55\x55\x11\xE8\xB6\x57\x02\x0D\xCE\x90\xAC\x31\xB9\x00"
1189 "\x31\xC1\xD4\x4F\xE7\x12\x3B\xCC\x85\x16\x2F\x12\x8F\xB2\xDF\x84\x4E\xF7\x06\xBE";
1190
1191 fail = !!memcmp(result, expected, 640/8);
1192 pass = !fail && pass;
1193
1194 std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA1/128/440 (C0UNT=1, E=16, N=8, A=16, P=16)\n";
1195 }
1196
1197 {
1198 // [SHA-256], [PredictionResistance = False], [EntropyInputLen = 256], [NonceLen = 128]
1199 // [PersonalizationStringLen = 256], [AdditionalInputLen = 256], [ReturnedBitsLen = 1024]
1200 const byte entropy1[] = "\xf0\x5b\xab\x56\xc7\xac\x6e\xeb\x31\xa0\xcf\x8a\x8a\x06\x2a\x49\x17\x9a\xcf\x3c\x5b\x20\x4d\x60\xdd\x7a\x3e\xb7\x8f\x5d\x8e\x3b";
1201 const byte entropy2[] = "\x72\xd4\x02\xa2\x59\x7b\x98\xa3\xb8\xf5\x0b\x71\x6c\x63\xc6\xdb\xa7\x3a\x07\xe6\x54\x89\x06\x3f\x02\xc5\x32\xf5\xda\xc4\xd4\x18";
1202 const byte nonce[] = "\xa1\x45\x08\x53\x41\x68\xb6\x88\xf0\x5f\x1e\x41\x9c\x88\xcc\x30";
1203 const byte personalization[] = "\xa0\x34\x72\xf4\x04\x59\xe2\x87\xea\xcb\x21\x32\xc0\xb6\x54\x02\x7d\xa3\xe6\x69\x25\xb4\x21\x25\x54\xc4\x48\x18\x8c\x0e\x86\x01";
1204 const byte additional1[] = "\xb3\x0d\x28\xaf\xa4\x11\x6b\xbc\x13\x6e\x65\x09\xb5\x82\xa6\x93\xbc\x91\x71\x40\x46\xaa\x3c\x66\xb6\x77\xb3\xef\xf9\xad\xfd\x49";
1205 const byte additional2[] = "\x77\xfd\x1d\x68\xd6\xa4\xdd\xd5\xf3\x27\x25\x2d\x3f\x6b\xdf\xee\x8c\x35\xce\xd3\x83\xbe\xaf\xc9\x32\x77\xef\xf2\x1b\x6f\xf4\x1b";
1206 const byte additional3[] = "\x59\xa0\x1f\xf8\x6a\x58\x72\x1e\x85\xd2\xf8\x3f\x73\x99\xf1\x96\x4e\x27\xf8\x7f\xcd\x1b\xf5\xc1\xeb\xf3\x37\x10\x9b\x13\xbd\x24";
1207
1208 Hash_DRBG<SHA256, 128/8, 440/8> drbg(entropy1, 32, nonce, 16, personalization, 32);
1209 drbg.IncorporateEntropy(entropy2, 32, additional1, 32);
1210
1211 SecByteBlock result(128);
1212 drbg.GenerateBlock(additional2, 32, result, result.size());
1213 drbg.GenerateBlock(additional3, 32, result, result.size());
1214
1215 const byte expected[] = "\xFF\x27\x96\x38\x5C\x32\xBF\x84\x3D\xFA\xBB\xF0\x3E\x70\x5A\x39\xCB\xA3\x4C\xF1"
1216 "\x4F\xAE\xC3\x05\x63\xDF\x5A\xDD\xBD\x2D\x35\x83\xF5\x7E\x05\xF9\x40\x30\x56\x18"
1217 "\xF2\x00\x88\x14\x03\xC2\xD9\x81\x36\x39\xE6\x67\x55\xDC\xFC\x4E\x88\xEA\x71\xDD"
1218 "\xB2\x25\x2E\x09\x91\x49\x40\xEB\xE2\x3D\x63\x44\xA0\xF4\xDB\x5E\xE8\x39\xE6\x70"
1219 "\xEC\x47\x24\x3F\xA0\xFC\xF5\x13\x61\xCE\x53\x98\xAA\xBF\xB4\x19\x1B\xFE\xD5\x00"
1220 "\xE1\x03\x3A\x76\x54\xFF\xD7\x24\x70\x5E\x8C\xB2\x41\x7D\x92\x0A\x2F\x4F\x27\xB8"
1221 "\x45\x13\x7F\xFB\x87\x90\xA9\x49";
1222
1223 fail = !!memcmp(result, expected, 1024/8);
1224 pass = !fail && pass;
1225
1226 std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA256/128/440 (C0UNT=0, E=32, N=16, A=32, P=32)\n";
1227 }
1228
1229 {
1230 // [SHA-256], [PredictionResistance = False], [EntropyInputLen = 256], [NonceLen = 128]
1231 // [PersonalizationStringLen = 256], [AdditionalInputLen = 256], [ReturnedBitsLen = 1024]
1232 const byte entropy1[] = "\xfe\x61\x50\x79\xf1\xad\x2a\x71\xea\x7f\x0f\x5a\x14\x34\xee\xc8\x46\x35\x54\x4a\x95\x6a\x4f\xbd\x64\xff\xba\xf6\x1d\x34\x61\x83";
1233 const byte entropy2[] = "\x18\x89\x7b\xd8\x3e\xff\x38\xab\xb5\x6e\x82\xa8\x1b\x8c\x5e\x59\x3c\x3d\x85\x62\x2a\xe2\x88\xe5\xb2\xc6\xc5\xd2\xad\x7d\xc9\x45";
1234 const byte nonce[] = "\x9d\xa7\x87\x56\xb7\x49\x17\x02\x4c\xd2\x00\x65\x11\x9b\xe8\x7e";
1235 const byte personalization[] = "\x77\x5d\xbf\x32\xf3\x5c\xf3\x51\xf4\xb8\x1c\xd3\xfa\x7f\x65\x0b\xcf\x31\x88\xa1\x25\x57\x0c\xdd\xac\xaa\xfe\xa1\x7b\x3b\x29\xbc";
1236 const byte additional1[] = "\xef\x96\xc7\x9c\xb1\x73\x1d\x82\x85\x0a\x6b\xca\x9b\x5c\x34\x39\xba\xd3\x4e\x4d\x82\x6f\x35\x9f\x61\x5c\xf6\xf2\xa3\x3e\x91\x05";
1237 const byte additional2[] = "\xaf\x25\xc4\x6e\x21\xfc\xc3\xaf\x1f\xbb\xf8\x76\xb4\x57\xab\x1a\x94\x0a\x85\x16\x47\x81\xa4\xab\xda\xc8\xab\xca\xd0\x84\xda\xae";
1238 const byte additional3[] = "\x59\x5b\x44\x94\x38\x86\x36\xff\x8e\x45\x1a\x0c\x42\xc8\xcc\x21\x06\x38\x3a\xc5\xa6\x30\x96\xb9\x14\x81\xb3\xa1\x2b\xc8\xcd\xf6";
1239
1240 Hash_DRBG<SHA256, 128/8, 440/8> drbg(entropy1, 32, nonce, 16, personalization, 32);
1241 drbg.IncorporateEntropy(entropy2, 32, additional1, 32);
1242
1243 SecByteBlock result(128);
1244 drbg.GenerateBlock(additional2, 32, result, result.size());
1245 drbg.GenerateBlock(additional3, 32, result, result.size());
1246
1247 const byte expected[] = "\x8B\x1C\x9C\x76\xC4\x9B\x3B\xAE\xFD\x6E\xEB\x6C\xFF\xA3\xA1\x03\x3A\x8C\xAF\x09"
1248 "\xFE\xBD\x44\x00\xFC\x0F\xD3\xA8\x26\x9C\xEE\x01\xAC\xE3\x73\x0E\xBE\xDA\x9A\xC6"
1249 "\x23\x44\x6D\xA1\x56\x94\x29\xEC\x4B\xCD\x01\x84\x32\x25\xEF\x00\x91\x0B\xCC\xF3"
1250 "\x06\x3B\x80\xF5\x46\xAC\xD2\xED\x5F\x70\x2B\x56\x2F\x21\x0A\xE9\x80\x87\x38\xAD"
1251 "\xB0\x2A\xEB\x27\xF2\xD9\x20\x2A\x66\x0E\xF5\xC9\x20\x4A\xB4\x3C\xCE\xD6\x24\x97"
1252 "\xDB\xB1\xED\x94\x12\x6A\x2F\x03\x98\x4A\xD4\xD1\x72\xF3\x7A\x66\x74\x7E\x2A\x5B"
1253 "\xDE\xEF\x43\xBC\xB9\x8C\x49\x01";
1254
1255 fail = !!memcmp(result, expected, 1024/8);
1256 pass = !fail && pass;
1257
1258 std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA256/128/440 (C0UNT=1, E=32, N=16, A=32, P=32)\n";
1259 }
1260
1261 {
1262 // [SHA-512], [PredictionResistance = False], [EntropyInputLen = 256], [NonceLen = 128]
1263 // [PersonalizationStringLen = 256], [AdditionalInputLen = 256], [ReturnedBitsLen = 2048]
1264 const byte entropy1[] = "\x55\x4e\x8f\xfd\xc4\x9a\xd8\xf9\x9a\xe5\xd5\xf8\x1a\xf5\xda\xfb\x7f\x75\x53\xd7\xcb\x56\x8e\xa7\x3c\xc0\x82\xdd\x80\x76\x25\xc0";
1265 const byte entropy2[] = "\x78\x07\x3e\x86\x79\x4b\x10\x95\x88\xf4\x22\xf9\xbd\x04\x7e\xc0\xce\xab\xd6\x78\x6b\xdf\xe2\x89\xb3\x16\x43\x9c\x32\x2d\xb2\x59";
1266 const byte nonce[] = "\xf0\x89\x78\xde\x2d\xc2\xcd\xd9\xc0\xfd\x3d\x84\xd9\x8b\x8e\x8e";
1267 const byte personalization[] = "\x3e\x52\x7a\xb5\x81\x2b\x0c\x0e\x98\x2a\x95\x78\x93\x98\xd9\xeb\xf1\xb9\xeb\xd6\x1d\x02\x05\xed\x42\x21\x2d\x24\xb8\x37\xf8\x41";
1268 const byte additional1[] = "\xf2\x6b\xb1\xef\x30\xca\x8f\x97\xc0\x19\xd0\x79\xe5\xc6\x5e\xae\xd1\xa3\x9a\x52\xaf\x12\xe8\x28\xde\x03\x70\x79\x9a\x70\x11\x8b";
1269 const byte additional2[] = "\xb0\x9d\xb5\xa8\x45\xec\x79\x7a\x4b\x60\x7e\xe4\xd5\x58\x56\x70\x35\x20\x9b\xd8\xe5\x01\x6c\x78\xff\x1f\x6b\x93\xbf\x7c\x34\xca";
1270 const byte additional3[] = "\x45\x92\x2f\xb3\x5a\xd0\x6a\x84\x5f\xc9\xca\x16\x4a\x42\xbb\x59\x84\xb4\x38\x57\xa9\x16\x23\x48\xf0\x2f\x51\x61\x24\x35\xb8\x62";
1271
1272 Hash_DRBG<SHA512, 256/8, 888/8> drbg(entropy1, 32, nonce, 16, personalization, 32);
1273 drbg.IncorporateEntropy(entropy2, 32, additional1, 32);
1274
1275 SecByteBlock result(256);
1276 drbg.GenerateBlock(additional2, 32, result, result.size());
1277 drbg.GenerateBlock(additional3, 32, result, result.size());
1278
1279 const byte expected[] = "\x1F\x20\x83\x9E\x22\x55\x3B\x1E\x6C\xD4\xF6\x3A\x47\xC3\x99\x54\x0F\x69\xA3\xBB"
1280 "\x37\x47\xA0\x2A\x12\xAC\xC7\x00\x85\xC5\xCC\xF4\x7B\x12\x5A\x4A\xEA\xED\x2F\xE5"
1281 "\x31\x51\x0D\xC1\x8E\x50\x29\xE2\xA6\xCB\x8F\x34\xBA\xDA\x8B\x47\x32\x33\x81\xF1"
1282 "\x2D\xF6\x8B\x73\x8C\xFF\x15\xC8\x8E\x8C\x31\x48\xFA\xC3\xC4\x9F\x52\x81\x23\xC2"
1283 "\x2A\x83\xBD\xF1\x44\xEF\x15\x49\x93\x44\x83\x6B\x37\x5D\xBB\xFF\x72\xD2\x86\x96"
1284 "\x62\xF8\x4D\x12\x3B\x16\xCB\xAC\xA1\x00\x12\x1F\x94\xA8\xD5\xAE\x9A\x9E\xDA\xC8"
1285 "\xD7\x6D\x59\x33\xFD\x55\xC9\xCC\x5B\xAD\x39\x73\xB5\x13\x8B\x96\xDF\xDB\xF5\x90"
1286 "\x81\xDF\x68\x6A\x30\x72\x42\xF2\x74\xAE\x7F\x1F\x7F\xFE\x8B\x3D\x49\x38\x98\x34"
1287 "\x7C\x63\x46\x6E\xAF\xFA\xCB\x06\x06\x08\xE6\xC8\x35\x3C\x68\xB8\xCC\x9D\x5C\xDF"
1288 "\xDB\xC0\x41\x44\x48\xE6\x11\xD4\x78\x50\x81\x91\xED\x1D\x75\xF3\xBD\x79\xFF\x1E"
1289 "\x37\xAF\xC6\x5D\x49\xD6\x5C\xAC\x5B\xCB\xD6\x91\x37\x51\xFA\x98\x70\xFC\x32\xB3"
1290 "\xF2\x86\xE4\xED\x74\xF2\x5D\x8B\x6C\x4D\xB8\xDE\xD8\x4A\xD6\x5E\xD6\x6D\xAE\xB1"
1291 "\x1B\xA2\x94\x52\x54\xAD\x3C\x3D\x25\xBD\x12\x46\x3C\xA0\x45\x9D";
1292
1293 fail = !!memcmp(result, expected, 2048/8);
1294 pass = !fail && pass;
1295
1296 std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA512/256/888 (C0UNT=0, E=32, N=16, A=32, P=32)\n";
1297 }
1298
1299 {
1300 // [SHA-512], [PredictionResistance = False], [EntropyInputLen = 256], [NonceLen = 128]
1301 // [PersonalizationStringLen = 256], [AdditionalInputLen = 256], [ReturnedBitsLen = 2048]
1302 const byte entropy1[] = "\x0c\x9f\xcd\x06\x21\x3c\xb2\xf6\x3c\xdf\x79\x76\x4b\x46\x74\xfc\xdf\x68\xb0\xff\xae\xc7\x21\x8a\xa2\xaf\x4e\x4c\xb9\xe6\x60\x78";
1303 const byte entropy2[] = "\x75\xb8\x49\x54\xdf\x30\x10\x16\x2c\x06\x8c\x12\xeb\x6c\x1d\x03\x64\x5c\xad\x10\x5c\xc3\x17\x69\xb2\x5a\xc1\x7c\xb8\x33\x5b\x45";
1304 const byte nonce[] = "\x43\x1c\x4d\x65\x93\x96\xad\xdc\xc1\x6d\x17\x9f\x7f\x57\x24\x4d";
1305 const byte personalization[] = "\x7e\x54\xbd\x87\xd2\x0a\x95\xd7\xc4\x0c\x3b\x1b\x32\x15\x26\xd2\x06\x67\xa4\xac\xc1\xaa\xfb\x55\x91\x68\x2c\xb5\xc9\xcd\x66\x05";
1306 const byte additional1[] = "\xd5\x74\x9e\x56\xfb\x5f\xf3\xf8\x2c\x73\x2b\x7a\x83\xe0\xde\x06\x85\x0b\xf0\x57\x50\xc8\x55\x60\x4a\x41\x4f\x86\xb1\x68\x14\x03";
1307 const byte additional2[] = "\x9a\x83\xbb\x06\xdf\x4d\x53\x89\xf5\x3f\x24\xff\xf7\xcd\x0c\xcf\x4f\xbe\x46\x79\x8e\xce\x82\xa8\xc4\x6b\x5f\x8e\x58\x32\x62\x23";
1308 const byte additional3[] = "\x48\x13\xc4\x95\x10\x99\xdd\x7f\xd4\x77\x3c\x9b\x8a\xa4\x1c\x3d\xb0\x93\x92\x50\xba\x23\x98\xef\x4b\x1b\xd2\x53\xc1\x61\xda\xc6";
1309
1310 Hash_DRBG<SHA512, 256/8, 888/8> drbg(entropy1, 32, nonce, 16, personalization, 32);
1311 drbg.IncorporateEntropy(entropy2, 32, additional1, 32);
1312
1313 SecByteBlock result(256);
1314 drbg.GenerateBlock(additional2, 32, result, result.size());
1315 drbg.GenerateBlock(additional3, 32, result, result.size());
1316
1317 const byte expected[] = "\xE1\x7E\x4B\xEE\xD1\x65\x4F\xB2\xFC\xC8\xE8\xD7\xC6\x72\x7D\xD2\xE3\x15\x73\xC0"
1318 "\x23\xC8\x55\x5D\x2B\xD8\x28\xD8\x31\xE4\xC9\x87\x42\x51\x87\x66\x43\x1F\x2C\xA4"
1319 "\x73\xED\x4E\x50\x12\xC4\x50\x0E\x4C\xDD\x14\x73\xA2\xFB\xB3\x07\x0C\x66\x97\x4D"
1320 "\x89\xDE\x35\x1C\x93\xE7\xE6\x8F\x20\x3D\x84\xE6\x73\x46\x0F\x7C\xF4\x3B\x6C\x02"
1321 "\x23\x7C\x79\x6C\x86\xD9\x48\x80\x9C\x34\xCB\xA1\x23\xE7\xF7\x8A\x2E\x4B\x9D\x39"
1322 "\xA5\x86\x1A\x73\x58\x28\x5A\x1D\x8D\x4A\xBD\x42\xD5\x49\x2B\xDF\x53\x1D\xE7\x4A"
1323 "\x5F\x74\x09\x7F\xDC\x29\x7D\x58\x9C\x4B\xC5\x2F\x3B\x8F\xBF\x56\xCA\x48\x0A\x74"
1324 "\xAE\xFF\xDD\x12\xE4\xF6\xAB\x83\x26\x4F\x52\x8A\x19\xBB\x91\x32\xA4\x42\xEC\x4F"
1325 "\x3C\x76\xED\x9F\x03\xAA\x5E\x53\x79\x4C\xD0\x06\xD2\x1A\x42\x9D\xB1\xA7\xEC\xF7"
1326 "\x5B\xD4\x03\x70\x1E\xF2\x47\x26\x48\xAC\x35\xEE\xD0\x58\x40\x94\x8C\x11\xD0\xEB"
1327 "\x77\x39\x5A\xA3\xD5\xD0\xD3\xC3\x68\xE1\x75\xAA\xC0\x44\xEA\xD8\xDD\x13\x3F\xF9"
1328 "\x7D\x21\x14\x34\xA5\x87\x43\xA4\x0A\x96\x77\x00\xCC\xCA\xB1\xDA\xC4\x39\xE0\x66"
1329 "\x37\x05\x6E\xAC\xF2\xE6\xC6\xC5\x4F\x79\xD3\xE5\x6A\x3D\x36\x3F";
1330
1331 fail = !!memcmp(result, expected, 2048/8);
1332 pass = !fail && pass;
1333
1334 std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA512/256/888 (C0UNT=1, E=32, N=16, A=32, P=32)\n";
1335 }
1336
1337 return pass;
1338 }
1339
1340 NAMESPACE_END // Test
1341 NAMESPACE_END // CryptoPP
1342