iPXE
hmac_drbg_test.c
Go to the documentation of this file.
00001 /*
00002  * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
00003  *
00004  * This program is free software; you can redistribute it and/or
00005  * modify it under the terms of the GNU General Public License as
00006  * published by the Free Software Foundation; either version 2 of the
00007  * License, or any later version.
00008  *
00009  * This program is distributed in the hope that it will be useful, but
00010  * WITHOUT ANY WARRANTY; without even the implied warranty of
00011  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00012  * General Public License for more details.
00013  *
00014  * You should have received a copy of the GNU General Public License
00015  * along with this program; if not, write to the Free Software
00016  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
00017  * 02110-1301, USA.
00018  *
00019  * You can also choose to distribute this program under the terms of
00020  * the Unmodified Binary Distribution Licence (as given in the file
00021  * COPYING.UBDL), provided that you have satisfied its requirements.
00022  */
00023 
00024 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
00025 
00026 /** @file
00027  *
00028  * HMAC_DRBG tests
00029  *
00030  * These test vectors are provided by NIST as part of the
00031  * Cryptographic Toolkit Examples, downloadable from:
00032  *
00033  *    http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/HMAC_DRBG.pdf
00034  *
00035  */
00036 
00037 /* Forcibly enable assertions */
00038 #undef NDEBUG
00039 
00040 #include <assert.h>
00041 #include <string.h>
00042 #include <ipxe/hmac_drbg.h>
00043 #include <ipxe/sha1.h>
00044 #include <ipxe/sha256.h>
00045 #include <ipxe/test.h>
00046 
00047 /** Define inline expected data */
00048 #define EXPECT(...) { __VA_ARGS__ }
00049 
00050 /** An HMAC_DRBG instantiation test */
00051 struct hmac_drbg_test_instantiate {
00052         /** Underlying hash algorithm */
00053         struct digest_algorithm *hash;
00054         /** Output block length */
00055         size_t out_len;
00056         /** Entropy */
00057         const void *entropy;
00058         /** Length of entropy */
00059         size_t entropy_len;
00060         /** Nonce */
00061         const void *nonce;
00062         /** Length of nonce */
00063         size_t nonce_len;
00064         /** Personalisation string */
00065         const void *personal;
00066         /** Length of personalisation string */
00067         size_t personal_len;
00068         /** Expected key */
00069         const void *expected_key;
00070         /** Length of expected key */
00071         size_t expected_key_len;
00072         /** Expected value */
00073         const void *expected_value;
00074         /** Length of expected value */
00075         size_t expected_value_len;
00076 };
00077 
00078 /**
00079  * Define an HMAC_DRBG instantiation test
00080  *
00081  * @v name              Test name
00082  * @v hmac_drbg         HMAC_DRBG algorithm
00083  * @v entropy_array     Entropy input
00084  * @v nonce_array       Nonce
00085  * @v personal_array    Personalisation string
00086  * @v key               Expected key
00087  * @v value             Expected value
00088  * @ret test            Instantiation test
00089  */
00090 #define HMAC_DRBG_TEST_INSTANTIATE( name, hmac_drbg, entropy_array,     \
00091                                     nonce_array, personal_array,        \
00092                                     key, value )                        \
00093         static const uint8_t name ## _key [] = key;                     \
00094         static const uint8_t name ## _value [] = value;                 \
00095         static struct hmac_drbg_test_instantiate name = {               \
00096                 .hash = HMAC_DRBG_HASH ( hmac_drbg ),                   \
00097                 .out_len = HMAC_DRBG_OUTLEN_BYTES ( hmac_drbg ),        \
00098                 .entropy = entropy_array,                               \
00099                 .entropy_len = sizeof ( entropy_array ),                \
00100                 .nonce = nonce_array,                                   \
00101                 .nonce_len = sizeof ( nonce_array ),                    \
00102                 .personal = personal_array,                             \
00103                 .personal_len = sizeof ( personal_array ),              \
00104                 .expected_key = name ## _key,                           \
00105                 .expected_key_len = sizeof ( name ## _key ),            \
00106                 .expected_value = name ## _value,                       \
00107                 .expected_value_len = sizeof ( name ## _value ),        \
00108         }
00109 
00110 /**
00111  * Report instantiation test result
00112  *
00113  * @v state             HMAC_DRBG internal state
00114  * @v test              Instantiation test
00115  */
00116 #define instantiate_ok( state, test ) do {                              \
00117         struct {                                                        \
00118                 uint8_t entropy[(test)->entropy_len];                   \
00119                 uint8_t nonce[(test)->nonce_len];                       \
00120         } __attribute__ (( packed )) entropy_nonce;                     \
00121                                                                         \
00122         assert ( (test)->expected_key_len == (test)->out_len );         \
00123         assert ( (test)->expected_value_len == (test)->out_len );       \
00124         memcpy ( entropy_nonce.entropy, (test)->entropy,                \
00125                  sizeof ( entropy_nonce.entropy ) );                    \
00126         memcpy ( entropy_nonce.nonce, (test)->nonce,                    \
00127                  sizeof ( entropy_nonce.nonce ) );                      \
00128         hmac_drbg_instantiate ( (test)->hash, (state), &entropy_nonce,  \
00129                                 sizeof ( entropy_nonce ),               \
00130                                 (test)->personal,                       \
00131                                 (test)->personal_len );                 \
00132         ok ( memcmp ( (state)->key, (test)->expected_key,               \
00133                       (test)->expected_key_len ) == 0 );                \
00134         ok ( memcmp ( (state)->value, (test)->expected_value,           \
00135                       (test)->expected_value_len ) == 0 );              \
00136         } while ( 0 )
00137 
00138 /** An HMAC_DRBG reseed test */
00139 struct hmac_drbg_test_reseed {
00140         /** Underlying hash algorithm */
00141         struct digest_algorithm *hash;
00142         /** Output block length */
00143         size_t out_len;
00144         /** Entropy */
00145         const void *entropy;
00146         /** Length of entropy */
00147         size_t entropy_len;
00148         /** Additional input */
00149         const void *additional;
00150         /** Length of additional_input */
00151         size_t additional_len;
00152         /** Expected key */
00153         const void *expected_key;
00154         /** Length of expected key */
00155         size_t expected_key_len;
00156         /** Expected value */
00157         const void *expected_value;
00158         /** Length of expected value */
00159         size_t expected_value_len;
00160 };
00161 
00162 /**
00163  * Define an HMAC_DRBG reseed test
00164  *
00165  * @v name              Test name
00166  * @v hmac_drbg         HMAC_DRBG algorithm
00167  * @v entropy_array     Entropy input
00168  * @v additional_array  Additional input
00169  * @v key               Expected key
00170  * @v value             Expected value
00171  * @ret test            Reseed test
00172  */
00173 #define HMAC_DRBG_TEST_RESEED( name, hmac_drbg, entropy_array,          \
00174                                additional_array, key, value )           \
00175         static const uint8_t name ## _key [] = key;                     \
00176         static const uint8_t name ## _value [] = value;                 \
00177         static struct hmac_drbg_test_reseed name = {                    \
00178                 .hash = HMAC_DRBG_HASH ( hmac_drbg ),                   \
00179                 .out_len = HMAC_DRBG_OUTLEN_BYTES ( hmac_drbg ),        \
00180                 .entropy = entropy_array,                               \
00181                 .entropy_len = sizeof ( entropy_array ),                \
00182                 .additional = additional_array,                         \
00183                 .additional_len = sizeof ( additional_array ),          \
00184                 .expected_key = name ## _key,                           \
00185                 .expected_key_len = sizeof ( name ## _key ),            \
00186                 .expected_value = name ## _value,                       \
00187                 .expected_value_len = sizeof ( name ## _value ),        \
00188         }
00189 
00190 /**
00191  * Report reseed test result
00192  *
00193  * @v state             HMAC_DRBG internal state
00194  * @v test              Reseed test
00195  */
00196 #define reseed_ok( state, test ) do {                                   \
00197         assert ( (test)->expected_key_len == (test)->out_len );         \
00198         assert ( (test)->expected_value_len == (test)->out_len );       \
00199         hmac_drbg_reseed ( (test)->hash, (state), (test)->entropy,      \
00200                            (test)->entropy_len, (test)->additional,     \
00201                            (test)->additional_len );                    \
00202         ok ( memcmp ( (state)->key, (test)->expected_key,               \
00203                       (test)->expected_key_len ) == 0 );                \
00204         ok ( memcmp ( (state)->value, (test)->expected_value,           \
00205                       (test)->expected_value_len ) == 0 );              \
00206         } while ( 0 )
00207 
00208 /** An HMAC_DRBG generation test */
00209 struct hmac_drbg_test_generate {
00210         /** Underlying hash algorithm */
00211         struct digest_algorithm *hash;
00212         /** Output block length */
00213         size_t out_len;
00214         /** Additional input */
00215         const void *additional;
00216         /** Length of additional_input */
00217         size_t additional_len;
00218         /** Expected key */
00219         const void *expected_key;
00220         /** Length of expected key */
00221         size_t expected_key_len;
00222         /** Expected value */
00223         const void *expected_value;
00224         /** Length of expected value */
00225         size_t expected_value_len;
00226         /** Expected pseudorandom data */
00227         const void *expected_data;
00228         /** Length of data */
00229         size_t expected_data_len;
00230 };
00231 
00232 /**
00233  * Define an HMAC_DRBG generation test
00234  *
00235  * @v name              Test name
00236  * @v hmac_drbg         HMAC_DRBG algorithm
00237  * @v additional_array  Additional input
00238  * @v key               Expected key
00239  * @v value             Expected value
00240  * @v data              Expected pseudorandom data
00241  * @ret test            Generation test
00242  */
00243 #define HMAC_DRBG_TEST_GENERATE( name, hmac_drbg, additional_array,     \
00244                                  key, value, data )                     \
00245         static const uint8_t name ## _key [] = key;                     \
00246         static const uint8_t name ## _value [] = value;                 \
00247         static const uint8_t name ## _data [] = data;                   \
00248         static struct hmac_drbg_test_generate name = {                  \
00249                 .hash = HMAC_DRBG_HASH ( hmac_drbg ),                   \
00250                 .out_len = HMAC_DRBG_OUTLEN_BYTES ( hmac_drbg ),        \
00251                 .additional = additional_array,                         \
00252                 .additional_len = sizeof ( additional_array ),          \
00253                 .expected_key = name ## _key,                           \
00254                 .expected_key_len = sizeof ( name ## _key ),            \
00255                 .expected_value = name ## _value,                       \
00256                 .expected_value_len = sizeof ( name ## _value ),        \
00257                 .expected_data = name ## _data,                         \
00258                 .expected_data_len = sizeof ( name ## _data ),          \
00259         }
00260 
00261 /**
00262  * Report generation test result
00263  *
00264  * @v state             HMAC_DRBG internal state
00265  * @v test              Generation test
00266  */
00267 #define generate_ok( state, test ) do {                                 \
00268         uint8_t data[ (test)->expected_data_len ];                      \
00269         int rc;                                                         \
00270                                                                         \
00271         assert ( (test)->expected_key_len == (test)->out_len );         \
00272         assert ( (test)->expected_value_len == (test)->out_len );       \
00273         rc = hmac_drbg_generate ( (test)->hash, (state),                \
00274                                   (test)->additional,                   \
00275                                   (test)->additional_len,               \
00276                                   data, sizeof ( data ) );              \
00277         ok ( rc == 0 );                                                 \
00278         ok ( memcmp ( (state)->key, (test)->expected_key,               \
00279                       (test)->expected_key_len ) == 0 );                \
00280         ok ( memcmp ( (state)->value, (test)->expected_value,           \
00281                       (test)->expected_value_len ) == 0 );              \
00282         ok ( memcmp ( data, (test)->expected_data,                      \
00283                       (test)->expected_data_len ) == 0 );               \
00284         } while ( 0 )
00285 
00286 /** An HMAC_DRBG generation failure test */
00287 struct hmac_drbg_test_generate_fail {
00288         /** Underlying hash algorithm */
00289         struct digest_algorithm *hash;
00290         /** Additional input */
00291         const void *additional;
00292         /** Length of additional_input */
00293         size_t additional_len;
00294         /** Length of requested data */
00295         size_t requested_len;
00296 };
00297 
00298 /**
00299  * Define an HMAC_DRBG generation failure test
00300  *
00301  * @v name              Test name
00302  * @v hmac_drbg         HMAC_DRBG algorithm
00303  * @v additional_array  Additional input
00304  * @ret test            Generation failure test
00305  */
00306 #define HMAC_DRBG_TEST_GENERATE_FAIL( name, hmac_drbg,                  \
00307                                       additional_array, len )           \
00308         static struct hmac_drbg_test_generate_fail name = {             \
00309                 .hash = HMAC_DRBG_HASH ( hmac_drbg ),                   \
00310                 .additional = additional_array,                         \
00311                 .additional_len = sizeof ( additional_array ),          \
00312                 .requested_len = len,                                   \
00313         }
00314 
00315 /**
00316  * Report generation failure test result
00317  *
00318  * @v state             HMAC_DRBG internal state
00319  * @v test              Generation failure test
00320  */
00321 #define generate_fail_ok( state, test ) do {                            \
00322         uint8_t data[ (test)->requested_len ];                          \
00323         int rc;                                                         \
00324                                                                         \
00325         rc = hmac_drbg_generate ( (test)->hash, (state),                \
00326                                   (test)->additional,                   \
00327                                   (test)->additional_len, data,         \
00328                                   sizeof ( data ) );                    \
00329         ok ( rc != 0 );                                                 \
00330         } while ( 0 )
00331 
00332 /** "EntropyInput" */
00333 static const uint8_t entropy_input[] = {
00334         0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
00335         0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
00336         0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
00337         0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
00338         0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36
00339 };
00340 
00341 /** "Nonce" for SHA-1 */
00342 static const uint8_t nonce_sha1[] = {
00343         0x20, 0x21, 0x22, 0x23, 0x24
00344 };
00345 
00346 /** "Nonce" for SHA-256 */
00347 static const uint8_t nonce_sha256[] = {
00348         0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27
00349 };
00350 
00351 /** "EntropyInput1 (for Reseed1) */
00352 static const uint8_t entropy_input_1[] = {
00353         0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b,
00354         0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
00355         0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3,
00356         0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
00357         0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6
00358 };
00359 
00360 /** "EntropyInput2 (for Reseed2) */
00361 static const uint8_t entropy_input_2[] = {
00362         0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb,
00363         0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
00364         0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3,
00365         0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
00366         0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6
00367 };
00368 
00369 /** "PersonalizationString = <empty>" */
00370 static const uint8_t personalisation_string_empty[] = {};
00371 
00372 /** "PersonalizationString" */
00373 static const uint8_t personalisation_string[] = {
00374         0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b,
00375         0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
00376         0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, 0x60, 0x61, 0x62, 0x63,
00377         0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
00378         0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76
00379 };
00380 
00381 /** "AdditionalInput = <empty>" */
00382 static const uint8_t additional_input_empty[] = {};
00383 
00384 /** "AdditionalInput1" */
00385 static const uint8_t additional_input_1[] = {
00386         0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
00387         0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
00388         0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83,
00389         0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
00390         0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96
00391 };
00392 
00393 /** "AdditionalInput2" */
00394 static const uint8_t additional_input_2[] = {
00395         0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab,
00396         0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
00397         0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, 0xc0, 0xc1, 0xc2, 0xc3,
00398         0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
00399         0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6
00400 };
00401 
00402 /** SHA-1 Test 1 : Instantiation */
00403 HMAC_DRBG_TEST_INSTANTIATE ( sha1_instantiate_1, HMAC_DRBG_SHA1,
00404         entropy_input, nonce_sha1, personalisation_string_empty,
00405         EXPECT ( 0xab, 0x16, 0x0d, 0xd2, 0x1c, 0x30, 0x98, 0x0c, 0xa3, 0xca,
00406                  0x5a, 0x9c, 0x77, 0xb7, 0xbd, 0xf0, 0x50, 0xe6, 0x4e, 0xe9 ),
00407         EXPECT ( 0x61, 0x44, 0x99, 0xea, 0x98, 0x0c, 0xfb, 0x3d, 0xaa, 0x2c,
00408                  0xa8, 0x6d, 0x65, 0xa4, 0x6b, 0xf4, 0x48, 0x8d, 0x8c, 0xc5 ) );
00409 
00410 /** SHA-1 Test 1.1 : First call to Generate */
00411 HMAC_DRBG_TEST_GENERATE ( sha1_generate_1_1, HMAC_DRBG_SHA1,
00412         additional_input_empty,
00413         EXPECT ( 0x7b, 0xb1, 0x80, 0x28, 0xe0, 0x1d, 0x03, 0x42, 0xdf, 0x4f,
00414                  0x54, 0xda, 0x51, 0x22, 0xfa, 0x5f, 0x2c, 0x3a, 0x05, 0xe4 ),
00415         EXPECT ( 0x2f, 0x89, 0x4f, 0x28, 0xcc, 0x2f, 0x53, 0x82, 0x96, 0x40,
00416                  0x64, 0x3a, 0xd1, 0x7b, 0x84, 0xb0, 0xcd, 0x3c, 0x79, 0x79 ),
00417         EXPECT ( 0x5a, 0x7d, 0x3b, 0x44, 0x9f, 0x48, 0x1c, 0xb3, 0x8d, 0xf7,
00418                  0x9a, 0xd2, 0xb1, 0xfc, 0xc0, 0x1e, 0x57, 0xf8, 0x13, 0x5e,
00419                  0x8c, 0x0b, 0x22, 0xcd, 0x06, 0x30, 0xbf, 0xb0, 0x12, 0x7f,
00420                  0xb5, 0x40, 0x8c, 0x8e, 0xfc, 0x17, 0xa9, 0x29, 0x89, 0x6e ) );
00421 
00422 /** SHA-1 Test 1.2 : Second call to Generate */
00423 HMAC_DRBG_TEST_GENERATE ( sha1_generate_1_2, HMAC_DRBG_SHA1,
00424         additional_input_empty,
00425         EXPECT ( 0x3d, 0x4d, 0x73, 0x77, 0xe9, 0x17, 0x2a, 0xaf, 0xa7, 0x76,
00426                  0xb0, 0xdd, 0xcb, 0x89, 0x42, 0x00, 0x4a, 0x44, 0xb7, 0xfd ),
00427         EXPECT ( 0x1a, 0x26, 0xbd, 0x9b, 0xfc, 0x97, 0x44, 0xbd, 0x29, 0xf6,
00428                  0xae, 0xbe, 0x24, 0x37, 0xe2, 0x09, 0xf1, 0xf7, 0x16, 0x25 ),
00429         EXPECT ( 0x82, 0xcf, 0x77, 0x2e, 0xc3, 0xe8, 0x4b, 0x00, 0xfc, 0x74,
00430                  0xf5, 0xdf, 0x10, 0x4e, 0xfb, 0xfb, 0x24, 0x28, 0x55, 0x4e,
00431                  0x9c, 0xe3, 0x67, 0xd0, 0x3a, 0xea, 0xde, 0x37, 0x82, 0x7f,
00432                  0xa8, 0xe9, 0xcb, 0x6a, 0x08, 0x19, 0x61, 0x15, 0xd9, 0x48 ) );
00433 
00434 /** SHA-1 Test 2 : Instantiation */
00435 #define sha1_instantiate_2 sha1_instantiate_1
00436 
00437 /** SHA-1 Test 2.1 : First call to Generate */
00438 HMAC_DRBG_TEST_GENERATE ( sha1_generate_2_1, HMAC_DRBG_SHA1,
00439         additional_input_1,
00440         EXPECT ( 0x3a, 0x06, 0x2e, 0x6b, 0x79, 0xfe, 0x70, 0xdb, 0xff, 0xeb,
00441                  0x3a, 0x2b, 0x6b, 0xe8, 0x03, 0x23, 0xf7, 0xd6, 0x74, 0xc5 ),
00442         EXPECT ( 0xbd, 0x36, 0x31, 0x28, 0xbf, 0x58, 0x0d, 0x7a, 0x54, 0x42,
00443                  0x9d, 0xdd, 0x58, 0xe8, 0x19, 0x3b, 0x98, 0x43, 0xbd, 0x2b ),
00444         EXPECT ( 0xc7, 0xaa, 0xac, 0x58, 0x3c, 0x6e, 0xf6, 0x30, 0x07, 0x14,
00445                  0xc2, 0xcc, 0x5d, 0x06, 0xc1, 0x48, 0xcf, 0xfb, 0x40, 0x44,
00446                  0x9a, 0xd0, 0xbb, 0x26, 0xfa, 0xc0, 0x49, 0x7b, 0x5c, 0x57,
00447                  0xe1, 0x61, 0xe3, 0x66, 0x81, 0xbc, 0xc9, 0x30, 0xce, 0x80 ) );
00448 
00449 /** SHA-1 Test 2.2 : Second call to Generate */
00450 HMAC_DRBG_TEST_GENERATE ( sha1_generate_2_2, HMAC_DRBG_SHA1,
00451         additional_input_2,
00452         EXPECT ( 0x8a, 0xd7, 0xe3, 0x47, 0x72, 0xb5, 0xfc, 0x7c, 0x3b, 0x3b,
00453                  0x27, 0x62, 0x4f, 0x0b, 0x91, 0x77, 0x6a, 0x8a, 0x71, 0x12 ),
00454         EXPECT ( 0xd7, 0x13, 0x76, 0xa4, 0x6d, 0x76, 0x4b, 0x17, 0xc3, 0xb7,
00455                  0x39, 0x34, 0x7b, 0x38, 0x4e, 0x51, 0x51, 0xe8, 0x7e, 0x88 ),
00456         EXPECT ( 0x6e, 0xbd, 0x2b, 0x7b, 0x5e, 0x0a, 0x2a, 0xd7, 0xa2, 0x4b,
00457                  0x1b, 0xf9, 0xa1, 0xdb, 0xa4, 0x7d, 0x43, 0x27, 0x17, 0x19,
00458                  0xb9, 0xc3, 0x7b, 0x7f, 0xe8, 0x1b, 0xa9, 0x40, 0x45, 0xa1,
00459                  0x4a, 0x7c, 0xb5, 0x14, 0xb4, 0x46, 0x66, 0x6e, 0xa5, 0xa7 ) );
00460 
00461 /** SHA-1 Test 3 : Instantiation */
00462 HMAC_DRBG_TEST_INSTANTIATE ( sha1_instantiate_3, HMAC_DRBG_SHA1,
00463         entropy_input, nonce_sha1, personalisation_string,
00464         EXPECT ( 0xb7, 0xd9, 0x66, 0xd7, 0x0d, 0x4e, 0x27, 0xa7, 0xfa, 0x83,
00465                  0x8f, 0x7d, 0x61, 0x12, 0x6c, 0x0e, 0xdc, 0x84, 0x76, 0x1c ),
00466         EXPECT ( 0xda, 0xb2, 0xa7, 0x18, 0x83, 0xf1, 0x00, 0x5c, 0x5d, 0xd0,
00467                  0x39, 0x32, 0x4d, 0x3c, 0x36, 0x4d, 0x6e, 0x18, 0xf9, 0x54 ) );
00468 
00469 /** SHA-1 Test 3.1 : First call to Generate */
00470 HMAC_DRBG_TEST_GENERATE ( sha1_generate_3_1, HMAC_DRBG_SHA1,
00471         additional_input_empty,
00472         EXPECT ( 0x87, 0xd3, 0x82, 0x8b, 0xe0, 0x3a, 0x80, 0x7d, 0xd3, 0x40,
00473                  0x29, 0x41, 0xbe, 0xd6, 0xde, 0x98, 0x6e, 0xe7, 0xa2, 0x86 ),
00474         EXPECT ( 0x6a, 0xe1, 0xd0, 0x08, 0x6f, 0x53, 0xb1, 0xb7, 0x63, 0xa4,
00475                  0x51, 0x5b, 0x19, 0x06, 0xfe, 0xe4, 0x76, 0x61, 0xfd, 0x47 ),
00476         EXPECT ( 0xb3, 0xbd, 0x05, 0x24, 0x6c, 0xba, 0x12, 0xa6, 0x47, 0x35,
00477                  0xa4, 0xe3, 0xfd, 0xe5, 0x99, 0xbc, 0x1b, 0xe3, 0x0f, 0x43,
00478                  0x9b, 0xd0, 0x60, 0x20, 0x8e, 0xea, 0x7d, 0x71, 0xf9, 0xd1,
00479                  0x23, 0xdf, 0x47, 0xb3, 0xce, 0x06, 0x9d, 0x98, 0xed, 0xe6 ) );
00480 
00481 /** SHA-1 Test 3.2 : Second call to Generate */
00482 HMAC_DRBG_TEST_GENERATE ( sha1_generate_3_2, HMAC_DRBG_SHA1,
00483         additional_input_empty,
00484         EXPECT ( 0x26, 0xab, 0xbf, 0x54, 0xb2, 0x8b, 0x93, 0xff, 0x90, 0x08,
00485                  0x67, 0x0e, 0xbf, 0xee, 0x86, 0xcd, 0xd7, 0x22, 0x8e, 0xd5 ),
00486         EXPECT ( 0xe9, 0x25, 0x47, 0x29, 0xe0, 0x02, 0x04, 0xa1, 0xb6, 0xc0,
00487                  0x21, 0x58, 0xa6, 0xc7, 0x27, 0x86, 0x47, 0x14, 0xf1, 0xf7 ),
00488         EXPECT ( 0xb5, 0xda, 0xda, 0x38, 0x0e, 0x28, 0x72, 0xdf, 0x93, 0x5b,
00489                  0xca, 0x55, 0xb8, 0x82, 0xc8, 0xc9, 0x37, 0x69, 0x02, 0xab,
00490                  0x63, 0x97, 0x65, 0x47, 0x2b, 0x71, 0xac, 0xeb, 0xe2, 0xea,
00491                  0x8b, 0x1b, 0x6b, 0x49, 0x62, 0x9c, 0xb6, 0x73, 0x17, 0xe0 ) );
00492 
00493 /** SHA-1 Test 4 : Instantiation */
00494 #define sha1_instantiate_4 sha1_instantiate_3
00495 
00496 /** SHA-1 Test 4.1 : First call to Generate */
00497 HMAC_DRBG_TEST_GENERATE ( sha1_generate_4_1, HMAC_DRBG_SHA1,
00498         additional_input_1,
00499         EXPECT ( 0x17, 0xa5, 0xd7, 0x9f, 0x07, 0x67, 0x87, 0x6f, 0x3a, 0x45,
00500                  0xe0, 0xc9, 0xc3, 0x3e, 0xc8, 0x8b, 0x03, 0xce, 0xea, 0x13 ),
00501         EXPECT ( 0x4d, 0x2f, 0x3b, 0xc7, 0x77, 0x50, 0x5c, 0x45, 0xf7, 0xe1,
00502                  0x7d, 0xcd, 0x3d, 0x86, 0xbf, 0x37, 0x9c, 0xb6, 0x02, 0x5e ),
00503         EXPECT ( 0x1f, 0x8f, 0xec, 0x7b, 0xc7, 0xcf, 0xa9, 0xa8, 0x80, 0x34,
00504                  0x5d, 0x28, 0x0b, 0x13, 0xc6, 0x32, 0xb8, 0x52, 0x77, 0x0a,
00505                  0x6d, 0xfc, 0x30, 0x2e, 0xad, 0x4c, 0xe3, 0xf5, 0x54, 0xc7,
00506                  0x9b, 0x0d, 0x44, 0x23, 0x9e, 0xba, 0x56, 0xa7, 0xea, 0x2d ) );
00507 
00508 /** SHA-1 Test 4.2 : Second call to Generate */
00509 HMAC_DRBG_TEST_GENERATE ( sha1_generate_4_2, HMAC_DRBG_SHA1,
00510         additional_input_2,
00511         EXPECT ( 0x07, 0x9b, 0x57, 0xd9, 0x40, 0x6e, 0x11, 0xc2, 0xf8, 0x7c,
00512                  0x8c, 0x82, 0x8c, 0x8c, 0x6f, 0xa7, 0x6e, 0x40, 0xea, 0x01 ),
00513         EXPECT ( 0xa6, 0x54, 0xfe, 0x72, 0xf8, 0xa7, 0x7b, 0xb8, 0xf0, 0x3d,
00514                  0xff, 0x07, 0xc7, 0x9a, 0x51, 0x53, 0x00, 0x9e, 0xdd, 0xda ),
00515         EXPECT ( 0xaf, 0x97, 0xcd, 0xe1, 0xe8, 0xab, 0x32, 0x2a, 0x2e, 0xac,
00516                  0xa8, 0xe6, 0xf4, 0xe5, 0xbf, 0x78, 0xa1, 0x1b, 0xde, 0xf7,
00517                  0xdc, 0x91, 0x21, 0x5d, 0x44, 0xb1, 0x07, 0xb4, 0xd5, 0xa7,
00518                  0x79, 0x01, 0x59, 0x25, 0x09, 0x76, 0x52, 0x80, 0xf9, 0x69 ) );
00519 
00520 /** SHA-1 Test 5 : Instantiation */
00521 #define sha1_instantiate_5 sha1_instantiate_1
00522 
00523 /** SHA-1 Test 5.1 : First call to Generate */
00524 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_5_1, HMAC_DRBG_SHA1,
00525         additional_input_empty, ( 320 / 8 ) );
00526 
00527 /** SHA-1 Test 5.2 : Reseed */
00528 HMAC_DRBG_TEST_RESEED ( sha1_reseed_5_2, HMAC_DRBG_SHA1,
00529         entropy_input_1, additional_input_empty,
00530         EXPECT ( 0xcd, 0x4c, 0xab, 0x38, 0xc8, 0xad, 0x65, 0x71, 0x22, 0xbf,
00531                  0x5d, 0x3d, 0x00, 0xd0, 0xac, 0x9b, 0x13, 0xd6, 0x29, 0xbb ),
00532         EXPECT ( 0xf6, 0x60, 0xe2, 0x3e, 0x91, 0x00, 0x6b, 0x62, 0xc6, 0x54,
00533                  0x3a, 0xb1, 0x34, 0x4d, 0x23, 0xa3, 0x1a, 0xb4, 0xcf, 0x2c ) );
00534 
00535 /** SHA-1 Test 5.3 : Retried first call to Generate */
00536 HMAC_DRBG_TEST_GENERATE ( sha1_generate_5_3, HMAC_DRBG_SHA1,
00537         additional_input_empty,
00538         EXPECT ( 0x58, 0x7f, 0xd8, 0x21, 0xef, 0x6c, 0x9d, 0xa4, 0xa8, 0x3c,
00539                  0x19, 0x21, 0x1f, 0x10, 0x56, 0xca, 0xcd, 0x23, 0xfc, 0x1a ),
00540         EXPECT ( 0x84, 0x8f, 0xd1, 0x4c, 0x13, 0xb7, 0xea, 0x93, 0x72, 0x0c,
00541                  0xcf, 0xde, 0x71, 0xf2, 0xf6, 0x44, 0x39, 0xdb, 0x79, 0x5d ),
00542         EXPECT ( 0xfe, 0xc4, 0x59, 0x7f, 0x06, 0xa3, 0xa8, 0xcc, 0x85, 0x29,
00543                  0xd5, 0x95, 0x57, 0xb9, 0xe6, 0x61, 0x05, 0x38, 0x09, 0xc0,
00544                  0xbc, 0x0e, 0xfc, 0x28, 0x2a, 0xbd, 0x87, 0x60, 0x5c, 0xc9,
00545                  0x0c, 0xba, 0x9b, 0x86, 0x33, 0xdc, 0xb1, 0xda, 0xe0, 0x2e ) );
00546 
00547 /** SHA-1 Test 5.4 : Second call to Generate */
00548 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_5_4, HMAC_DRBG_SHA1,
00549         additional_input_empty, ( 320 / 8 ) );
00550 
00551 /** SHA-1 Test 5.5 : Reseed */
00552 HMAC_DRBG_TEST_RESEED ( sha1_reseed_5_5, HMAC_DRBG_SHA1,
00553         entropy_input_2, additional_input_empty,
00554         EXPECT ( 0xdb, 0xa1, 0xcf, 0xf4, 0x87, 0x95, 0x46, 0xa0, 0x38, 0xa5,
00555                  0x59, 0xb2, 0xa2, 0x4d, 0xf2, 0xc0, 0x30, 0x08, 0x9a, 0x41 ),
00556         EXPECT ( 0x2f, 0x88, 0x3c, 0x46, 0x48, 0xe1, 0x31, 0xe8, 0x6d, 0xdf,
00557                  0x9d, 0xca, 0x0d, 0x74, 0xf3, 0x0c, 0xa1, 0xce, 0x6e, 0xfb ) );
00558 
00559 /** SHA-1 Test 5.6 : Retried second call to Generate */
00560 HMAC_DRBG_TEST_GENERATE ( sha1_generate_5_6, HMAC_DRBG_SHA1,
00561         additional_input_empty,
00562         EXPECT ( 0xf9, 0x39, 0xa5, 0xab, 0x08, 0xa3, 0x9f, 0x23, 0x10, 0x70,
00563                  0xb0, 0xd4, 0xc9, 0x6d, 0xc2, 0x37, 0x90, 0xba, 0x01, 0x53 ),
00564         EXPECT ( 0xce, 0x6d, 0x08, 0xb4, 0xae, 0x2c, 0xe3, 0x83, 0xfd, 0xab,
00565                  0xb0, 0x1e, 0xaa, 0xfc, 0x9c, 0x8e, 0x76, 0xa0, 0xd4, 0x72 ),
00566         EXPECT ( 0x84, 0xad, 0xd5, 0xe2, 0xd2, 0x04, 0x1c, 0x01, 0x72, 0x3a,
00567                  0x4d, 0xe4, 0x33, 0x5b, 0x13, 0xef, 0xdf, 0x16, 0xb0, 0xe5,
00568                  0x1a, 0x0a, 0xd3, 0x9b, 0xd1, 0x5e, 0x86, 0x2e, 0x64, 0x4f,
00569                  0x31, 0xe4, 0xa2, 0xd7, 0xd8, 0x43, 0xe5, 0x7c, 0x59, 0x68 ) );
00570 
00571 /** SHA-1 Test 6 : Instantiate */
00572 #define sha1_instantiate_6 sha1_instantiate_1
00573 
00574 /** SHA-1 Test 6.1 : First call to Generate */
00575 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_6_1, HMAC_DRBG_SHA1,
00576         additional_input_1, ( 320 / 8 ) );
00577 
00578 /** SHA-1 Test 6.2 : Reseed */
00579 HMAC_DRBG_TEST_RESEED ( sha1_reseed_6_2, HMAC_DRBG_SHA1,
00580         entropy_input_1, additional_input_1,
00581         EXPECT ( 0x52, 0x28, 0xa4, 0xb6, 0xa4, 0x46, 0x92, 0x90, 0x5e, 0xc0,
00582                  0x44, 0xbf, 0xf0, 0xbb, 0x4e, 0x25, 0xa3, 0x87, 0xca, 0xc1 ),
00583         EXPECT ( 0x24, 0x77, 0x32, 0xd0, 0x4c, 0xb8, 0x4e, 0xd4, 0x1a, 0xdd,
00584                  0x95, 0xa4, 0xb7, 0x8b, 0x50, 0xcd, 0x9b, 0x3d, 0x3f, 0x32 ) );
00585 
00586 /** SHA-1 Test 6.3 : Retried first call to Generate */
00587 HMAC_DRBG_TEST_GENERATE ( sha1_generate_6_3, HMAC_DRBG_SHA1,
00588         additional_input_empty,
00589         EXPECT ( 0xab, 0x3d, 0xd4, 0x89, 0x5b, 0xc8, 0xcd, 0x22, 0x71, 0xde,
00590                  0xba, 0x5f, 0x3c, 0x13, 0x63, 0x52, 0x6b, 0x8b, 0x74, 0x52 ),
00591         EXPECT ( 0xa8, 0x66, 0xc5, 0xef, 0xf2, 0xaf, 0x04, 0x2b, 0x11, 0x86,
00592                  0x44, 0x94, 0x45, 0x23, 0x7f, 0x9c, 0x02, 0x44, 0x98, 0x64 ),
00593         EXPECT ( 0xa1, 0xba, 0x8f, 0xa5, 0x8b, 0xb5, 0x01, 0x3f, 0x43, 0xf7,
00594                  0xb6, 0xed, 0x52, 0xb4, 0x53, 0x9f, 0xa1, 0x6d, 0xc7, 0x79,
00595                  0x57, 0xae, 0xe8, 0x15, 0xb9, 0xc0, 0x70, 0x04, 0xc7, 0xe9,
00596                  0x92, 0xeb, 0x8c, 0x7e, 0x59, 0x19, 0x64, 0xaf, 0xee, 0xa2 ) );
00597 
00598 /** SHA-1 Test 6.4 : Second call to Generate */
00599 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_6_4, HMAC_DRBG_SHA1,
00600         additional_input_2, ( 320 / 8 ) );
00601 
00602 /** SHA-1 Test 6.5 : Reseed */
00603 HMAC_DRBG_TEST_RESEED ( sha1_reseed_6_5, HMAC_DRBG_SHA1,
00604         entropy_input_2, additional_input_2,
00605         EXPECT ( 0xe5, 0x73, 0x9f, 0x9c, 0xf7, 0xff, 0x43, 0x84, 0xd1, 0x27,
00606                  0x3e, 0x02, 0x6b, 0x45, 0x31, 0x21, 0x36, 0x49, 0x4f, 0x41 ),
00607         EXPECT ( 0x30, 0xc3, 0x43, 0x05, 0xc2, 0xc6, 0x48, 0xb0, 0x57, 0xa6,
00608                  0x40, 0x22, 0x1b, 0x5c, 0x56, 0x57, 0x26, 0xcd, 0x32, 0xb2 ) );
00609 
00610 /** SHA-1 Test 6.6 : Retried second call to Generate */
00611 HMAC_DRBG_TEST_GENERATE ( sha1_generate_6_6, HMAC_DRBG_SHA1,
00612         additional_input_empty,
00613         EXPECT ( 0x61, 0x91, 0xca, 0x9b, 0xf0, 0x00, 0xd1, 0x0a, 0x71, 0x69,
00614                  0x0a, 0xc1, 0x0e, 0x09, 0xff, 0xc8, 0x92, 0xab, 0xde, 0x9a ),
00615         EXPECT ( 0x1e, 0xc0, 0x49, 0x0f, 0xa0, 0xb7, 0x65, 0x52, 0x7e, 0x5e,
00616                  0xa1, 0x8b, 0x53, 0x22, 0xb2, 0x8b, 0xdd, 0x0e, 0x7b, 0xc0 ),
00617         EXPECT ( 0x84, 0x26, 0x4a, 0x73, 0xa8, 0x18, 0xc9, 0x5c, 0x2f, 0x42,
00618                  0x4b, 0x37, 0xd3, 0xcc, 0x99, 0x0b, 0x04, 0x6f, 0xb5, 0x0c,
00619                  0x2d, 0xc6, 0x4a, 0x16, 0x42, 0x11, 0x88, 0x9a, 0x01, 0x0f,
00620                  0x24, 0x71, 0xa0, 0x91, 0x2f, 0xfe, 0xa1, 0xbf, 0x01, 0x95 ) );
00621 
00622 /** SHA-1 Test 7 : Instantiation */
00623 #define sha1_instantiate_7 sha1_instantiate_3
00624 
00625 /** SHA-1 Test 7.1 : First call to Generate */
00626 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_7_1, HMAC_DRBG_SHA1,
00627         additional_input_empty, ( 320 / 8 ) );
00628 
00629 /** SHA-1 Test 7.2 : Reseed */
00630 HMAC_DRBG_TEST_RESEED ( sha1_reseed_7_2, HMAC_DRBG_SHA1,
00631         entropy_input_1, additional_input_empty,
00632         EXPECT ( 0xb9, 0x25, 0x4d, 0x8a, 0xac, 0xba, 0x43, 0xfb, 0xda, 0xe6,
00633                  0x39, 0x4f, 0x2b, 0x3a, 0xfc, 0x5d, 0x58, 0x08, 0x00, 0xbf ),
00634         EXPECT ( 0x28, 0x40, 0x3b, 0x60, 0x36, 0x38, 0xd0, 0x7d, 0x79, 0x66,
00635                  0x66, 0x1e, 0xf6, 0x7b, 0x9d, 0x39, 0x05, 0xf4, 0x6d, 0xb9 ) );
00636 
00637 /** SHA-1 Test 7.3 : Retried first call to Generate */
00638 HMAC_DRBG_TEST_GENERATE ( sha1_generate_7_3, HMAC_DRBG_SHA1,
00639         additional_input_empty,
00640         EXPECT ( 0x64, 0xfe, 0x07, 0x4a, 0x6e, 0x77, 0x97, 0xd1, 0xa4, 0x35,
00641                  0xda, 0x89, 0x64, 0x48, 0x4d, 0x6c, 0xf8, 0xbd, 0xc0, 0x1b ),
00642         EXPECT ( 0x43, 0xe0, 0xc0, 0x52, 0x15, 0x86, 0xe9, 0x47, 0x3b, 0x06,
00643                  0x0d, 0x87, 0xd0, 0x8a, 0x23, 0x25, 0xfa, 0xe1, 0x49, 0xd1 ),
00644         EXPECT ( 0x6c, 0x37, 0xfd, 0xd7, 0x29, 0xaa, 0x40, 0xf8, 0x0b, 0xc6,
00645                  0xab, 0x08, 0xca, 0x7c, 0xc6, 0x49, 0x79, 0x4f, 0x69, 0x98,
00646                  0xb5, 0x70, 0x81, 0xe4, 0x22, 0x0f, 0x22, 0xc5, 0xc2, 0x83,
00647                  0xe2, 0xc9, 0x1b, 0x8e, 0x30, 0x5a, 0xb8, 0x69, 0xc6, 0x25 ) );
00648 
00649 /** SHA-1 Test 7.4 : Second call to Generate */
00650 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_7_4, HMAC_DRBG_SHA1,
00651         additional_input_empty, ( 320 / 8 ) );
00652 
00653 /** SHA-1 Test 7.5 : Reseed */
00654 HMAC_DRBG_TEST_RESEED ( sha1_reseed_7_5, HMAC_DRBG_SHA1,
00655         entropy_input_2, additional_input_empty,
00656         EXPECT ( 0x02, 0xbc, 0x57, 0x7f, 0xd1, 0x0e, 0xf7, 0x19, 0x3c, 0x1d,
00657                  0xb0, 0x98, 0xbd, 0x5b, 0x75, 0xc7, 0xc4, 0xb6, 0x79, 0x59 ),
00658         EXPECT ( 0xbc, 0xbd, 0xf0, 0x52, 0xe0, 0xe0, 0x2a, 0xe8, 0x9a, 0x77,
00659                  0x67, 0x94, 0x3f, 0x98, 0x65, 0xb8, 0xb7, 0x22, 0x90, 0x2d ) );
00660 
00661 /** SHA-1 Test 7.6 : Retried second call to Generate */
00662 HMAC_DRBG_TEST_GENERATE ( sha1_generate_7_6, HMAC_DRBG_SHA1,
00663         additional_input_empty,
00664         EXPECT ( 0x1a, 0xa4, 0x24, 0x1c, 0x69, 0x5e, 0x29, 0xc0, 0xa5, 0x9a,
00665                  0xd1, 0x8a, 0x60, 0x70, 0xe3, 0x38, 0xa5, 0x48, 0xbe, 0x92 ),
00666         EXPECT ( 0x03, 0x47, 0x35, 0x9b, 0xc9, 0xc7, 0xf8, 0x8c, 0xc8, 0x33,
00667                  0x0d, 0x4f, 0x59, 0xfb, 0xc7, 0x70, 0xb0, 0xb7, 0x7b, 0x03 ),
00668         EXPECT ( 0xca, 0xf5, 0x7d, 0xcf, 0xea, 0x39, 0x3b, 0x92, 0x36, 0xbf,
00669                  0x69, 0x1f, 0xa4, 0x56, 0xfe, 0xa7, 0xfd, 0xf1, 0xdf, 0x83,
00670                  0x61, 0x48, 0x2c, 0xa5, 0x4d, 0x5f, 0xa7, 0x23, 0xf4, 0xc8,
00671                  0x8b, 0x4f, 0xa5, 0x04, 0xbf, 0x03, 0x27, 0x7f, 0xa7, 0x83 ) );
00672 
00673 /** SHA-1 Test 8 : Instantiate */
00674 #define sha1_instantiate_8 sha1_instantiate_3
00675 
00676 /** SHA-1 Test 8.1 : First call to Generate */
00677 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_8_1, HMAC_DRBG_SHA1,
00678         additional_input_1, ( 320 / 8 ) );
00679 
00680 /** SHA-1 Test 8.2 : Reseed */
00681 HMAC_DRBG_TEST_RESEED ( sha1_reseed_8_2, HMAC_DRBG_SHA1,
00682         entropy_input_1, additional_input_1,
00683         EXPECT ( 0xc0, 0x95, 0x48, 0xc0, 0xd3, 0xc8, 0x61, 0xd7, 0x40, 0xf2,
00684                  0x83, 0x7d, 0x72, 0xb5, 0x07, 0x23, 0x5c, 0x26, 0xdb, 0x82 ),
00685         EXPECT ( 0x17, 0x4b, 0x3f, 0x84, 0xc3, 0x53, 0x1f, 0x7c, 0x0a, 0x2e,
00686                  0x54, 0x21, 0x23, 0x4e, 0xa1, 0x6b, 0x70, 0x8d, 0xdf, 0x0d ) );
00687 
00688 /** SHA-1 Test 8.3 : Retried first call to Generate */
00689 HMAC_DRBG_TEST_GENERATE ( sha1_generate_8_3, HMAC_DRBG_SHA1,
00690         additional_input_empty,
00691         EXPECT ( 0x60, 0x3f, 0x09, 0x49, 0x27, 0x9c, 0x70, 0xe8, 0xc6, 0x6c,
00692                  0x0f, 0x56, 0x37, 0xc0, 0xf3, 0x75, 0x60, 0x07, 0xe5, 0xac ),
00693         EXPECT ( 0xf2, 0xb3, 0x3b, 0x21, 0x15, 0x1f, 0xaf, 0x61, 0x20, 0x01,
00694                  0x83, 0x10, 0xf4, 0x4e, 0x4c, 0xd0, 0xbf, 0xe3, 0x68, 0xea ),
00695         EXPECT ( 0xbd, 0x07, 0xc2, 0x5c, 0xfd, 0x7c, 0x5e, 0x3a, 0x4e, 0xaa,
00696                  0x6e, 0x2e, 0xdc, 0x5a, 0xb7, 0xea, 0x49, 0x42, 0xa0, 0x91,
00697                  0x34, 0x71, 0xfd, 0xa5, 0x5c, 0x6d, 0xdd, 0x2c, 0x03, 0xef,
00698                  0xa3, 0xb9, 0x64, 0x3a, 0xb3, 0xbb, 0x22, 0xf6, 0xc9, 0xf2 ) );
00699 
00700 /** SHA-1 Test 8.4 : Second call to Generate */
00701 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_8_4, HMAC_DRBG_SHA1,
00702         additional_input_2, ( 320 / 8 ) );
00703 
00704 /** SHA-1 Test 8.5 : Reseed */
00705 HMAC_DRBG_TEST_RESEED ( sha1_reseed_8_5, HMAC_DRBG_SHA1,
00706         entropy_input_2, additional_input_2,
00707         EXPECT ( 0x89, 0x42, 0xa5, 0x4f, 0x34, 0x9e, 0x28, 0x1b, 0x84, 0xaa,
00708                  0x46, 0x95, 0x87, 0xfb, 0xdd, 0xaf, 0x9d, 0x11, 0x40, 0x82 ),
00709         EXPECT ( 0x07, 0x73, 0x0e, 0x3c, 0xbf, 0xfd, 0x3c, 0xaf, 0xd7, 0xa8,
00710                  0xaa, 0xe2, 0xbf, 0x01, 0xd6, 0x01, 0x43, 0x01, 0xe2, 0x4d ) );
00711 
00712 /** SHA-1 Test 8.6 : Retried second call to Generate */
00713 HMAC_DRBG_TEST_GENERATE ( sha1_generate_8_6, HMAC_DRBG_SHA1,
00714         additional_input_empty,
00715         EXPECT ( 0xbd, 0xe1, 0xb4, 0x6c, 0xdc, 0x54, 0x13, 0xb3, 0xd9, 0xf7,
00716                  0x35, 0xac, 0xdb, 0x80, 0xb1, 0x3c, 0x57, 0xbf, 0xe4, 0x73 ),
00717         EXPECT ( 0x72, 0x5a, 0x3c, 0x78, 0x20, 0xde, 0x1a, 0x06, 0xd0, 0x95,
00718                  0x81, 0x9c, 0xcf, 0x6f, 0x2c, 0x9b, 0x3a, 0x67, 0xf2, 0xce ),
00719         EXPECT ( 0xd1, 0xa9, 0xc1, 0xa2, 0x2c, 0x84, 0xfc, 0x23, 0xff, 0x22,
00720                  0x27, 0xef, 0x98, 0xec, 0x8b, 0xa9, 0xdf, 0x2a, 0x20, 0x9b,
00721                  0xa1, 0xdb, 0x09, 0x80, 0x9f, 0x57, 0xbf, 0xea, 0xe5, 0xb3,
00722                  0xe5, 0xf1, 0x46, 0xc7, 0x5f, 0x2d, 0x8d, 0xbb, 0x5e, 0x4a ) );
00723 
00724 /** SHA-256 Test 1 : Instantiation */
00725 HMAC_DRBG_TEST_INSTANTIATE ( sha256_instantiate_1, HMAC_DRBG_SHA256,
00726         entropy_input, nonce_sha256, personalisation_string_empty,
00727         EXPECT ( 0x3d, 0xda, 0x54, 0x3e, 0x7e, 0xef, 0x14, 0xf9, 0x36, 0x23,
00728                  0x7b, 0xe6, 0x5d, 0x09, 0x4b, 0x4d, 0xdc, 0x96, 0x9c, 0x0b,
00729                  0x2b, 0x5e, 0xaf, 0xb5, 0xd8, 0x05, 0xe8, 0x6c, 0xfa, 0x64,
00730                  0xd7, 0x41 ),
00731         EXPECT ( 0x2d, 0x02, 0xc2, 0xf8, 0x22, 0x51, 0x7d, 0x54, 0xb8, 0x17,
00732                  0x27, 0x9a, 0x59, 0x49, 0x1c, 0x41, 0xa1, 0x98, 0x9b, 0x3e,
00733                  0x38, 0x2d, 0xeb, 0xe8, 0x0d, 0x2c, 0x7f, 0x66, 0x0f, 0x44,
00734                  0x76, 0xc4 ) );
00735 
00736 /** SHA-256 Test 1.1 : First call to Generate */
00737 HMAC_DRBG_TEST_GENERATE ( sha256_generate_1_1, HMAC_DRBG_SHA256,
00738         additional_input_empty,
00739         EXPECT ( 0xdd, 0x30, 0x95, 0x79, 0x35, 0x38, 0x02, 0xcc, 0xdd, 0x43,
00740                  0x99, 0xc3, 0x69, 0x1c, 0x9d, 0xd9, 0x09, 0xdd, 0x3b, 0x2d,
00741                  0xd0, 0x03, 0xcc, 0xd5, 0x9d, 0x6f, 0x08, 0xd8, 0x5f, 0x2e,
00742                  0x35, 0x09 ),
00743         EXPECT ( 0xa1, 0xc2, 0x0f, 0xf2, 0x70, 0xa3, 0x9d, 0x2b, 0x8d, 0x03,
00744                  0xd6, 0x59, 0xb9, 0xdd, 0xd0, 0x11, 0xc2, 0xcc, 0xdf, 0x24,
00745                  0x48, 0x55, 0x7e, 0xf6, 0xa1, 0xa9, 0x15, 0xd1, 0x89, 0x40,
00746                  0xa6, 0x88 ),
00747         EXPECT ( 0xd6, 0x7b, 0x8c, 0x17, 0x34, 0xf4, 0x6f, 0xa3, 0xf7, 0x63,
00748                  0xcf, 0x57, 0xc6, 0xf9, 0xf4, 0xf2, 0xdc, 0x10, 0x89, 0xbd,
00749                  0x8b, 0xc1, 0xf6, 0xf0, 0x23, 0x95, 0x0b, 0xfc, 0x56, 0x17,
00750                  0x63, 0x52, 0x08, 0xc8, 0x50, 0x12, 0x38, 0xad, 0x7a, 0x44,
00751                  0x00, 0xde, 0xfe, 0xe4, 0x6c, 0x64, 0x0b, 0x61, 0xaf, 0x77,
00752                  0xc2, 0xd1, 0xa3, 0xbf, 0xaa, 0x90, 0xed, 0xe5, 0xd2, 0x07,
00753                  0x40, 0x6e, 0x54, 0x03 ) );
00754 
00755 /** SHA-256 Test 1.2 : Second call to Generate */
00756 HMAC_DRBG_TEST_GENERATE ( sha256_generate_1_2, HMAC_DRBG_SHA256,
00757         additional_input_empty,
00758         EXPECT ( 0x5c, 0xd5, 0xe5, 0x0a, 0x3e, 0x44, 0x8a, 0x07, 0xc3, 0xd2,
00759                  0xf2, 0xa3, 0xf9, 0xde, 0xbc, 0xc0, 0x46, 0x5f, 0x9c, 0xf1,
00760                  0x1c, 0xa1, 0x36, 0xe9, 0xb5, 0x04, 0xb4, 0xd3, 0x1c, 0x7f,
00761                  0xf1, 0xb8 ),
00762         EXPECT ( 0x33, 0xb3, 0x09, 0xf2, 0xff, 0x01, 0xce, 0x10, 0x4b, 0x44,
00763                  0x29, 0xb6, 0x75, 0xfa, 0xfa, 0x19, 0x01, 0x1e, 0x34, 0x8b,
00764                  0x28, 0x12, 0x71, 0x5a, 0x76, 0x37, 0xf6, 0xa6, 0xe6, 0x3b,
00765                  0x5d, 0x57 ),
00766         EXPECT ( 0x8f, 0xda, 0xec, 0x20, 0xf8, 0xb4, 0x21, 0x40, 0x70, 0x59,
00767                  0xe3, 0x58, 0x89, 0x20, 0xda, 0x7e, 0xda, 0x9d, 0xce, 0x3c,
00768                  0xf8, 0x27, 0x4d, 0xfa, 0x1c, 0x59, 0xc1, 0x08, 0xc1, 0xd0,
00769                  0xaa, 0x9b, 0x0f, 0xa3, 0x8d, 0xa5, 0xc7, 0x92, 0x03, 0x7c,
00770                  0x4d, 0x33, 0xcd, 0x07, 0x0c, 0xa7, 0xcd, 0x0c, 0x56, 0x08,
00771                  0xdb, 0xa8, 0xb8, 0x85, 0x65, 0x46, 0x39, 0xde, 0x21, 0x87,
00772                  0xb7, 0x4c, 0xb2, 0x63 ) );
00773 
00774 /** SHA-256 Test 2 : Instantiation */
00775 #define sha256_instantiate_2 sha256_instantiate_1
00776 
00777 /** SHA-256 Test 2.1 : First call to Generate */
00778 HMAC_DRBG_TEST_GENERATE ( sha256_generate_2_1, HMAC_DRBG_SHA256,
00779         additional_input_1,
00780         EXPECT ( 0x79, 0x1d, 0x31, 0x44, 0xb3, 0x02, 0xad, 0x6c, 0xe4, 0x32,
00781                  0x41, 0x34, 0x42, 0x10, 0xaa, 0xd0, 0xd3, 0x99, 0xed, 0xb7,
00782                  0xb5, 0x90, 0x6f, 0xb2, 0x51, 0xdb, 0x1c, 0xb6, 0x00, 0x04,
00783                  0xea, 0x51 ),
00784         EXPECT ( 0x58, 0xfd, 0x96, 0x5f, 0x4f, 0x99, 0x89, 0x3c, 0x17, 0xe6,
00785                  0xa3, 0x3c, 0xb8, 0xe9, 0x04, 0x15, 0xb5, 0x16, 0xd0, 0x06,
00786                  0x14, 0xa4, 0x49, 0xd4, 0x06, 0xe0, 0x3c, 0x68, 0x5b, 0xd8,
00787                  0x59, 0xbd ),
00788         EXPECT ( 0x41, 0x87, 0x87, 0x35, 0x81, 0x35, 0x41, 0x9b, 0x93, 0x81,
00789                  0x33, 0x53, 0x53, 0x06, 0x17, 0x6a, 0xfb, 0x25, 0x1c, 0xdd,
00790                  0x2b, 0xa3, 0x79, 0x88, 0x59, 0xb5, 0x66, 0xa0, 0x5c, 0xfb,
00791                  0x1d, 0x68, 0x0e, 0xa9, 0x25, 0x85, 0x6d, 0x5b, 0x84, 0xd5,
00792                  0x6a, 0xda, 0xe8, 0x70, 0x45, 0xa6, 0xba, 0x28, 0xd2, 0xc9,
00793                  0x08, 0xab, 0x75, 0xb7, 0xcc, 0x41, 0x43, 0x1f, 0xac, 0x59,
00794                  0xf3, 0x89, 0x18, 0xa3 ) );
00795 
00796 /** SHA-256 Test 2.2 : Second call to Generate */
00797 HMAC_DRBG_TEST_GENERATE ( sha256_generate_2_2, HMAC_DRBG_SHA256,
00798         additional_input_2,
00799         EXPECT ( 0xe7, 0x45, 0x8f, 0xb4, 0x4a, 0x36, 0x9a, 0x65, 0x3f, 0x2f,
00800                  0x8f, 0x57, 0x7b, 0xf9, 0x75, 0xc4, 0xb3, 0x62, 0xc4, 0xfe,
00801                  0x61, 0x8b, 0x2f, 0x1f, 0xf6, 0x76, 0x9b, 0x13, 0xc9, 0x4d,
00802                  0xec, 0xf4 ),
00803         EXPECT ( 0x19, 0x33, 0x4b, 0x8c, 0x31, 0xb7, 0x49, 0x32, 0xdd, 0xd7,
00804                  0xb2, 0xa4, 0x68, 0xf6, 0x43, 0x6d, 0xf9, 0x2e, 0x10, 0x0d,
00805                  0x39, 0xd3, 0xac, 0xb3, 0x68, 0xc7, 0x02, 0x9c, 0xb8, 0x83,
00806                  0xec, 0x89 ),
00807         EXPECT ( 0x7c, 0x06, 0x7b, 0xdd, 0xca, 0x81, 0x72, 0x48, 0x23, 0xd6,
00808                  0x4c, 0x69, 0x82, 0x92, 0x85, 0xbd, 0xbf, 0xf5, 0x37, 0x71,
00809                  0x61, 0x02, 0xc1, 0x88, 0x2e, 0x20, 0x22, 0x50, 0xe0, 0xfa,
00810                  0x5e, 0xf3, 0xa3, 0x84, 0xcd, 0x34, 0xa2, 0x0f, 0xfd, 0x1f,
00811                  0xbc, 0x91, 0xe0, 0xc5, 0x32, 0xa8, 0xa4, 0x21, 0xbc, 0x4a,
00812                  0xfe, 0x3c, 0xd4, 0x7f, 0x22, 0x32, 0x3e, 0xb4, 0xba, 0xe1,
00813                  0xa0, 0x07, 0x89, 0x81 ) );
00814 
00815 /** SHA-256 Test 3 : Instantiation */
00816 HMAC_DRBG_TEST_INSTANTIATE ( sha256_instantiate_3, HMAC_DRBG_SHA256,
00817         entropy_input, nonce_sha256, personalisation_string,
00818         EXPECT ( 0x65, 0x67, 0x3c, 0x34, 0x8e, 0x51, 0xcf, 0xac, 0xc4, 0x10,
00819                  0xbd, 0x20, 0x02, 0x49, 0xa5, 0x9a, 0x9d, 0x6b, 0xae, 0x77,
00820                  0x69, 0x04, 0x27, 0x1b, 0xb1, 0xf7, 0x18, 0xda, 0x1d, 0x18,
00821                  0x20, 0x42 ),
00822         EXPECT ( 0xe0, 0xf9, 0x1a, 0xc9, 0x96, 0x30, 0xee, 0xe6, 0x7c, 0xf8,
00823                  0x30, 0xcf, 0xd5, 0x04, 0x4f, 0xeb, 0xf5, 0x5c, 0x0c, 0x11,
00824                  0x50, 0x07, 0x99, 0x7a, 0xda, 0x11, 0x29, 0x6f, 0xc4, 0x16,
00825                  0x4a, 0x9a ) );
00826 
00827 /** SHA-256 Test 3.1 : First call to Generate */
00828 HMAC_DRBG_TEST_GENERATE ( sha256_generate_3_1, HMAC_DRBG_SHA256,
00829         additional_input_empty,
00830         EXPECT ( 0xf0, 0xb2, 0xf2, 0x42, 0xca, 0xd9, 0x92, 0xa7, 0x24, 0xf7,
00831                  0xe5, 0x59, 0x1d, 0x2f, 0x3b, 0x0c, 0x21, 0x57, 0xae, 0x70,
00832                  0xd5, 0x32, 0x78, 0x99, 0x40, 0xf1, 0x64, 0x45, 0x9b, 0x00,
00833                  0xc7, 0x49 ),
00834         EXPECT ( 0x1a, 0x03, 0xf9, 0x1c, 0x51, 0x20, 0xba, 0xca, 0x2b, 0xf6,
00835                  0xc6, 0x4d, 0xd7, 0x3a, 0xb1, 0x1d, 0xf6, 0xfd, 0x3f, 0xf1,
00836                  0xac, 0x3b, 0x57, 0x20, 0xa3, 0xf7, 0xfb, 0xe3, 0x9e, 0x7e,
00837                  0x7f, 0xe9 ),
00838         EXPECT ( 0x0d, 0xd9, 0xc8, 0x55, 0x89, 0xf3, 0x57, 0xc3, 0x89, 0xd6,
00839                  0xaf, 0x8d, 0xe9, 0xd7, 0x34, 0xa9, 0x17, 0xc7, 0x71, 0xef,
00840                  0x2d, 0x88, 0x16, 0xb9, 0x82, 0x59, 0x6e, 0xd1, 0x2d, 0xb4,
00841                  0x5d, 0x73, 0x4a, 0x62, 0x68, 0x08, 0x35, 0xc0, 0x2f, 0xda,
00842                  0x66, 0xb0, 0x8e, 0x1a, 0x36, 0x9a, 0xe2, 0x18, 0xf2, 0x6d,
00843                  0x52, 0x10, 0xad, 0x56, 0x42, 0x48, 0x87, 0x2d, 0x7a, 0x28,
00844                  0x78, 0x41, 0x59, 0xc3 ) );
00845 
00846 /** SHA-256 Test 3.2 : Second call to Generate */
00847 HMAC_DRBG_TEST_GENERATE ( sha256_generate_3_2, HMAC_DRBG_SHA256,
00848         additional_input_empty,
00849         EXPECT ( 0x5c, 0x0d, 0xec, 0x09, 0x37, 0x08, 0xc1, 0x7c, 0xa7, 0x6b,
00850                  0x57, 0xc0, 0xcb, 0x60, 0xcf, 0x88, 0x9d, 0xcc, 0x47, 0xad,
00851                  0x10, 0xbd, 0x64, 0xbc, 0x6a, 0x14, 0xb2, 0x3f, 0x20, 0x26,
00852                  0x07, 0x8a ),
00853         EXPECT ( 0x45, 0x67, 0x52, 0xa5, 0x11, 0xb8, 0x48, 0xbd, 0x05, 0xf1,
00854                  0x81, 0x9b, 0x9f, 0x6b, 0x15, 0x42, 0xc7, 0xd5, 0xec, 0xf9,
00855                  0x32, 0x73, 0x39, 0x26, 0x7a, 0x0c, 0x77, 0x23, 0x5b, 0x87,
00856                  0xdc, 0x5a ),
00857         EXPECT ( 0x46, 0xb4, 0xf4, 0x75, 0x6a, 0xe7, 0x15, 0xe0, 0xe5, 0x16,
00858                  0x81, 0xab, 0x29, 0x32, 0xde, 0x15, 0x23, 0xbe, 0x5d, 0x13,
00859                  0xba, 0xf0, 0xf4, 0x58, 0x8b, 0x11, 0xfe, 0x37, 0x2f, 0xda,
00860                  0x37, 0xab, 0xe3, 0x68, 0x31, 0x73, 0x41, 0xbc, 0x8b, 0xa9,
00861                  0x1f, 0xc5, 0xd8, 0x5b, 0x7f, 0xb8, 0xca, 0x8f, 0xbc, 0x30,
00862                  0x9a, 0x75, 0x8f, 0xd6, 0xfc, 0xa9, 0xdf, 0x43, 0xc7, 0x66,
00863                  0x0b, 0x22, 0x13, 0x22 ) );
00864 
00865 /** SHA-256 Test 4 : Instantiation */
00866 #define sha256_instantiate_4 sha256_instantiate_3
00867 
00868 /** SHA-256 Test 4.1 : First call to Generate */
00869 HMAC_DRBG_TEST_GENERATE ( sha256_generate_4_1, HMAC_DRBG_SHA256,
00870         additional_input_1,
00871         EXPECT ( 0x57, 0x2c, 0x03, 0x74, 0xc1, 0xa1, 0x01, 0x25, 0xbf, 0xa6,
00872                  0xae, 0xcd, 0x7c, 0xeb, 0xfe, 0x32, 0xf7, 0x52, 0xc3, 0xfb,
00873                  0x31, 0x67, 0x31, 0xb7, 0xcf, 0xdb, 0xde, 0xc2, 0x63, 0x56,
00874                  0x93, 0x2b ),
00875         EXPECT ( 0xd6, 0x8b, 0xf0, 0x41, 0xf3, 0xeb, 0x50, 0x88, 0x08, 0x8d,
00876                  0x8b, 0x8e, 0x71, 0x2c, 0x36, 0xae, 0x95, 0x83, 0xbb, 0x08,
00877                  0xfd, 0x1f, 0x90, 0x34, 0xa4, 0xe9, 0x42, 0xe9, 0xa6, 0x74,
00878                  0x7c, 0xe7 ),
00879         EXPECT ( 0x14, 0x78, 0xf2, 0x9e, 0x94, 0xb0, 0x2c, 0xb4, 0x0d, 0x3a,
00880                  0xab, 0x86, 0x24, 0x55, 0x57, 0xce, 0x13, 0xa8, 0xca, 0x2f,
00881                  0xdb, 0x65, 0x7d, 0x98, 0xef, 0xc1, 0x92, 0x34, 0x6b, 0x9f,
00882                  0xac, 0x33, 0xea, 0x58, 0xad, 0xa2, 0xcc, 0xa4, 0x32, 0xcc,
00883                  0xde, 0xfb, 0xcd, 0xaa, 0x8b, 0x82, 0xf5, 0x53, 0xef, 0x96,
00884                  0x61, 0x34, 0xe2, 0xcd, 0x13, 0x9f, 0x15, 0xf0, 0x1c, 0xad,
00885                  0x56, 0x85, 0x65, 0xa8 ) );
00886 
00887 /** SHA-256 Test 4.2 : Second call to Generate */
00888 HMAC_DRBG_TEST_GENERATE ( sha256_generate_4_2, HMAC_DRBG_SHA256,
00889         additional_input_2,
00890         EXPECT ( 0x28, 0x2e, 0x07, 0x34, 0x80, 0x80, 0x93, 0x75, 0x58, 0xb1,
00891                  0x39, 0x2e, 0x95, 0xab, 0x91, 0xe7, 0xc1, 0xf6, 0x22, 0xb2,
00892                  0x4f, 0xfb, 0x87, 0x20, 0xa5, 0xf0, 0xa5, 0xe0, 0x75, 0x50,
00893                  0xc7, 0xc2 ),
00894         EXPECT ( 0xdf, 0xc3, 0xbd, 0xb5, 0xf3, 0xbc, 0xf1, 0xaa, 0x68, 0x29,
00895                  0x8e, 0x79, 0x0d, 0x72, 0x0a, 0x67, 0xa7, 0x6e, 0x31, 0xb9,
00896                  0x2b, 0x9b, 0x35, 0xa8, 0xe5, 0x47, 0x1b, 0xb1, 0x7e, 0x30,
00897                  0x3c, 0x6b ),
00898         EXPECT ( 0x49, 0x7c, 0x7a, 0x16, 0xe8, 0x8a, 0x64, 0x11, 0xf8, 0xfc,
00899                  0xe1, 0x0e, 0xf5, 0x67, 0x63, 0xc6, 0x10, 0x25, 0x80, 0x1d,
00900                  0x8f, 0x51, 0xa7, 0x43, 0x52, 0xd6, 0x82, 0xcc, 0x23, 0xa0,
00901                  0xa8, 0xe6, 0x73, 0xca, 0xe0, 0x32, 0x28, 0x93, 0x90, 0x64,
00902                  0x7d, 0xc6, 0x83, 0xb7, 0x34, 0x28, 0x85, 0xd6, 0xb7, 0x6a,
00903                  0xb1, 0xda, 0x69, 0x6d, 0x3e, 0x97, 0xe2, 0x2d, 0xff, 0xdd,
00904                  0xff, 0xfd, 0x8d, 0xf0 ) );
00905 
00906 /** SHA-256 Test 5 : Instantiation */
00907 #define sha256_instantiate_5 sha256_instantiate_1
00908 
00909 /** SHA-256 Test 5.1 : First call to Generate */
00910 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_5_1, HMAC_DRBG_SHA256,
00911         additional_input_empty, ( 512 / 8 ) );
00912 
00913 /** SHA-256 Test 5.2 : Reseed */
00914 HMAC_DRBG_TEST_RESEED ( sha256_reseed_5_2, HMAC_DRBG_SHA256,
00915         entropy_input_1, additional_input_empty,
00916         EXPECT ( 0xb8, 0x40, 0x07, 0xe3, 0xe2, 0x7f, 0x34, 0xf9, 0xa7, 0x82,
00917                  0x0b, 0x7a, 0xb5, 0x9b, 0xbe, 0xfc, 0xd0, 0xc4, 0xac, 0xae,
00918                  0xde, 0x4b, 0x0b, 0x36, 0xb1, 0x47, 0xb8, 0x97, 0x79, 0xfd,
00919                  0x74, 0x9d ),
00920         EXPECT ( 0xa7, 0x2b, 0x8f, 0xee, 0x92, 0x39, 0x2f, 0x0a, 0x9d, 0x2d,
00921                  0x61, 0xbf, 0x09, 0xa4, 0xdf, 0xcc, 0x9d, 0xe6, 0x9a, 0x16,
00922                  0xa5, 0xf1, 0x50, 0x22, 0x4c, 0x3e, 0xf6, 0x04, 0x2d, 0x15,
00923                  0x21, 0xfc ) );
00924 
00925 /** SHA-256 Test 5.3 : Retried first call to Generate */
00926 HMAC_DRBG_TEST_GENERATE ( sha256_generate_5_3, HMAC_DRBG_SHA256,
00927         additional_input_empty,
00928         EXPECT ( 0x43, 0x48, 0xaf, 0x84, 0x20, 0x84, 0x2f, 0xa0, 0x77, 0xb9,
00929                  0xd3, 0xdb, 0xa8, 0xdc, 0xe9, 0xb3, 0xe1, 0xdf, 0x73, 0x4f,
00930                  0xfc, 0xe1, 0xbe, 0xa5, 0xb9, 0xe2, 0xb1, 0x54, 0xdc, 0x5e,
00931                  0xc6, 0x15 ),
00932         EXPECT ( 0xd2, 0xc1, 0xac, 0x27, 0x88, 0x5d, 0x43, 0x32, 0x76, 0x71,
00933                  0x31, 0x46, 0x32, 0xea, 0x60, 0x43, 0x3c, 0xca, 0x72, 0x73,
00934                  0x04, 0x56, 0x9e, 0xa7, 0xd4, 0x71, 0xfe, 0xa7, 0xdb, 0x7d,
00935                  0x31, 0x5d ),
00936         EXPECT ( 0xfa, 0xbd, 0x0a, 0xe2, 0x5c, 0x69, 0xdc, 0x2e, 0xfd, 0xef,
00937                  0xb7, 0xf2, 0x0c, 0x5a, 0x31, 0xb5, 0x7a, 0xc9, 0x38, 0xab,
00938                  0x77, 0x1a, 0xa1, 0x9b, 0xf8, 0xf5, 0xf1, 0x46, 0x8f, 0x66,
00939                  0x5c, 0x93, 0x8c, 0x9a, 0x1a, 0x5d, 0xf0, 0x62, 0x8a, 0x56,
00940                  0x90, 0xf1, 0x5a, 0x1a, 0xd8, 0xa6, 0x13, 0xf3, 0x1b, 0xbd,
00941                  0x65, 0xee, 0xad, 0x54, 0x57, 0xd5, 0xd2, 0x69, 0x47, 0xf2,
00942                  0x9f, 0xe9, 0x1a, 0xa7 ) );
00943 
00944 /** SHA-256 Test 5.4 : Second call to Generate */
00945 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_5_4, HMAC_DRBG_SHA256,
00946         additional_input_empty, ( 512 / 8 ) );
00947 
00948 /** SHA-256 Test 5.5 : Reseed */
00949 HMAC_DRBG_TEST_RESEED ( sha256_reseed_5_5, HMAC_DRBG_SHA256,
00950         entropy_input_2, additional_input_empty,
00951         EXPECT ( 0xbf, 0xa0, 0x2c, 0xe7, 0xe9, 0x2d, 0xe9, 0x2b, 0x18, 0x24,
00952                  0x28, 0x86, 0x89, 0x0e, 0x58, 0x6f, 0x83, 0x69, 0x06, 0xac,
00953                  0xe9, 0xe5, 0x54, 0xf1, 0xb0, 0xed, 0x63, 0x57, 0x3c, 0xb8,
00954                  0xb5, 0x03 ),
00955         EXPECT ( 0xd3, 0x24, 0x03, 0xee, 0xa9, 0xdc, 0xe1, 0x61, 0x6e, 0x4e,
00956                  0x11, 0x55, 0xb9, 0x23, 0xd8, 0x84, 0x2c, 0xc6, 0xe7, 0x84,
00957                  0xc6, 0x7a, 0x93, 0x85, 0xb2, 0xa6, 0x37, 0xf1, 0x02, 0xfa,
00958                  0x45, 0xd5 ) );
00959 
00960 /** SHA-256 Test 5.6 : Retried second call to Generate */
00961 HMAC_DRBG_TEST_GENERATE ( sha256_generate_5_6, HMAC_DRBG_SHA256,
00962         additional_input_empty,
00963         EXPECT ( 0x81, 0x21, 0xf7, 0x76, 0x4c, 0x08, 0x1e, 0xe9, 0xd1, 0x17,
00964                  0x1e, 0xd1, 0x87, 0xba, 0xe0, 0x88, 0x95, 0xca, 0xe2, 0x30,
00965                  0xd0, 0xa2, 0x5e, 0x37, 0x39, 0xc5, 0x7d, 0x54, 0x16, 0x10,
00966                  0x9b, 0x82 ),
00967         EXPECT ( 0x37, 0x84, 0x97, 0x7c, 0xc0, 0xe5, 0x9f, 0xbc, 0x9c, 0xda,
00968                  0x4e, 0x11, 0x92, 0x47, 0x5c, 0x6e, 0xfa, 0xf8, 0x07, 0x20,
00969                  0x19, 0x86, 0x21, 0x22, 0xcb, 0x6b, 0xce, 0xaa, 0xcc, 0x4a,
00970                  0x17, 0x5e ),
00971         EXPECT ( 0x6b, 0xd9, 0x25, 0xb0, 0xe1, 0xc2, 0x32, 0xef, 0xd6, 0x7c,
00972                  0xcd, 0x84, 0xf7, 0x22, 0xe9, 0x27, 0xec, 0xb4, 0x6a, 0xb2,
00973                  0xb7, 0x40, 0x01, 0x47, 0x77, 0xaf, 0x14, 0xba, 0x0b, 0xbf,
00974                  0x53, 0xa4, 0x5b, 0xdb, 0xb6, 0x2b, 0x3f, 0x7d, 0x0b, 0x9c,
00975                  0x8e, 0xea, 0xd0, 0x57, 0xc0, 0xec, 0x75, 0x4e, 0xf8, 0xb5,
00976                  0x3e, 0x60, 0xa1, 0xf4, 0x34, 0xf0, 0x59, 0x46, 0xa8, 0xb6,
00977                  0x86, 0xaf, 0xbc, 0x7a ) );
00978 
00979 /** SHA-256 Test 6 : Instantiate */
00980 #define sha256_instantiate_6 sha256_instantiate_1
00981 
00982 /** SHA-256 Test 6.1 : First call to Generate */
00983 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_6_1, HMAC_DRBG_SHA256,
00984         additional_input_1, ( 512 / 8 ) );
00985 
00986 /** SHA-256 Test 6.2 : Reseed */
00987 HMAC_DRBG_TEST_RESEED ( sha256_reseed_6_2, HMAC_DRBG_SHA256,
00988         entropy_input_1, additional_input_1,
00989         EXPECT ( 0xc1, 0x25, 0xea, 0x99, 0x75, 0x8e, 0xbb, 0x9a, 0x6f, 0x69,
00990                  0xae, 0x31, 0x2a, 0xc2, 0x04, 0xb5, 0x94, 0xc0, 0x0a, 0xb6,
00991                  0x8b, 0x81, 0x6e, 0x3a, 0x52, 0x12, 0x8e, 0x02, 0x78, 0xa5,
00992                  0x84, 0xac ),
00993         EXPECT ( 0xb2, 0xcb, 0x2b, 0x89, 0x12, 0x3f, 0x5b, 0x4a, 0xf5, 0x87,
00994                  0xb8, 0xf6, 0xbd, 0xc5, 0x42, 0x7a, 0x99, 0x14, 0x19, 0xd3,
00995                  0x53, 0x07, 0x7c, 0x68, 0x5e, 0x70, 0x7a, 0xcd, 0xf8, 0xe9,
00996                  0xfd, 0xa9 ) );
00997 
00998 /** SHA-256 Test 6.3 : Retried first call to Generate */
00999 HMAC_DRBG_TEST_GENERATE ( sha256_generate_6_3, HMAC_DRBG_SHA256,
01000         additional_input_empty,
01001         EXPECT ( 0xc6, 0xed, 0x8f, 0xed, 0x71, 0x57, 0xa4, 0xd0, 0x9e, 0xa1,
01002                  0xdd, 0xe8, 0x94, 0x6b, 0x54, 0x43, 0x3e, 0xcc, 0x54, 0x49,
01003                  0xa4, 0xa3, 0x52, 0xaf, 0x45, 0x76, 0x4e, 0xe6, 0x73, 0x4b,
01004                  0xbb, 0x04 ),
01005         EXPECT ( 0xeb, 0xc7, 0x75, 0x25, 0x6b, 0xb7, 0x81, 0x24, 0x1e, 0x9c,
01006                  0x70, 0xbb, 0xcf, 0x73, 0x2b, 0xdc, 0x90, 0xad, 0x10, 0xd9,
01007                  0xdd, 0x3a, 0x89, 0x6e, 0xcc, 0x12, 0xb9, 0x2f, 0xfb, 0x63,
01008                  0x45, 0xab ),
01009         EXPECT ( 0x08, 0x5d, 0x57, 0xaf, 0x6b, 0xab, 0xcf, 0x2b, 0x9a, 0xee,
01010                  0xf3, 0x87, 0xd5, 0x31, 0x65, 0x0e, 0x6a, 0x50, 0x5c, 0x54,
01011                  0x40, 0x6a, 0xb3, 0x7a, 0x52, 0x89, 0x9e, 0x0e, 0xca, 0xb3,
01012                  0x63, 0x2b, 0x7a, 0x06, 0x8a, 0x28, 0x14, 0xc6, 0xdf, 0x6a,
01013                  0xe5, 0x32, 0xb6, 0x58, 0xd0, 0xd9, 0x74, 0x1c, 0x84, 0x77,
01014                  0x5f, 0xee, 0x45, 0xb6, 0x84, 0xcd, 0xbd, 0xc2, 0x5f, 0xbc,
01015                  0xb4, 0xd8, 0xf3, 0x10 ) );
01016 
01017 /** SHA-256 Test 6.4 : Second call to Generate */
01018 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_6_4, HMAC_DRBG_SHA256,
01019         additional_input_2, ( 512 / 8 ) );
01020 
01021 /** SHA-256 Test 6.5 : Reseed */
01022 HMAC_DRBG_TEST_RESEED ( sha256_reseed_6_5, HMAC_DRBG_SHA256,
01023         entropy_input_2, additional_input_2,
01024         EXPECT ( 0xfc, 0x51, 0xda, 0x84, 0xf9, 0x69, 0x6b, 0xcc, 0x84, 0xc8,
01025                  0xf2, 0xac, 0xb9, 0x24, 0xbc, 0xdf, 0x72, 0xf8, 0x2e, 0xa2,
01026                  0xca, 0x64, 0x3f, 0x08, 0x3b, 0x0c, 0x16, 0xc3, 0x63, 0x4e,
01027                  0xfc, 0x62 ),
01028         EXPECT ( 0xb9, 0x74, 0xe4, 0x37, 0x0a, 0xd5, 0x76, 0xbb, 0x99, 0xc4,
01029                  0xe4, 0x9e, 0xa6, 0x80, 0xbf, 0xf9, 0x8d, 0xe9, 0xe1, 0x2f,
01030                  0xec, 0xd0, 0x13, 0xde, 0xd4, 0x3c, 0x80, 0xf6, 0x9a, 0x7a,
01031                  0xde, 0x8a ) );
01032 
01033 /** SHA-256 Test 6.6 : Retried second call to Generate */
01034 HMAC_DRBG_TEST_GENERATE ( sha256_generate_6_6, HMAC_DRBG_SHA256,
01035         additional_input_empty,
01036         EXPECT ( 0x56, 0xa2, 0xb4, 0x46, 0x32, 0xcb, 0x8f, 0xc3, 0xa6, 0x40,
01037                  0x09, 0xbf, 0xd6, 0xec, 0x95, 0xe5, 0x6c, 0xef, 0x8e, 0x7c,
01038                  0x91, 0x2a, 0xa8, 0x2b, 0x16, 0xf6, 0x14, 0x91, 0x5d, 0x9c,
01039                  0xd6, 0xe3 ),
01040         EXPECT ( 0xb5, 0xb3, 0x96, 0xa0, 0x15, 0x76, 0xb0, 0xfe, 0x42, 0xf4,
01041                  0x08, 0x44, 0x55, 0x6c, 0x4c, 0xf4, 0xb6, 0x80, 0x4c, 0x94,
01042                  0xde, 0x9d, 0x62, 0x38, 0xf1, 0xf7, 0xe7, 0xaf, 0x5c, 0x72,
01043                  0x57, 0xf3 ),
01044         EXPECT ( 0x9b, 0x21, 0x9f, 0xd9, 0x0d, 0xe2, 0xa0, 0x8e, 0x49, 0x34,
01045                  0x05, 0xcf, 0x87, 0x44, 0x17, 0xb5, 0x82, 0x67, 0x70, 0xf3,
01046                  0x94, 0x48, 0x15, 0x55, 0xdc, 0x66, 0x8a, 0xcd, 0x96, 0xb9,
01047                  0xa3, 0xe5, 0x6f, 0x9d, 0x2c, 0x32, 0x5e, 0x26, 0xd4, 0x7c,
01048                  0x1d, 0xfc, 0xfc, 0x8f, 0xbf, 0x86, 0x12, 0x6f, 0x40, 0xa1,
01049                  0xe6, 0x39, 0x60, 0xf6, 0x27, 0x49, 0x34, 0x2e, 0xcd, 0xb7,
01050                  0x1b, 0x24, 0x0d, 0xc6 ) );
01051 
01052 /** SHA-256 Test 7 : Instantiation */
01053 #define sha256_instantiate_7 sha256_instantiate_3
01054 
01055 /** SHA-256 Test 7.1 : First call to Generate */
01056 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_7_1, HMAC_DRBG_SHA256,
01057         additional_input_empty, ( 512 / 8 ) );
01058 
01059 /** SHA-256 Test 7.2 : Reseed */
01060 HMAC_DRBG_TEST_RESEED ( sha256_reseed_7_2, HMAC_DRBG_SHA256,
01061         entropy_input_1, additional_input_empty,
01062         EXPECT ( 0x44, 0x76, 0xc6, 0xd1, 0x1f, 0xc3, 0x5d, 0x44, 0x09, 0xd9,
01063                  0x03, 0x2e, 0x45, 0x3b, 0x0f, 0x0d, 0xc3, 0x31, 0x4d, 0xb8,
01064                  0x62, 0xcb, 0xdb, 0x60, 0x9c, 0x56, 0x02, 0x20, 0x8d, 0x4c,
01065                  0x88, 0xd8 ),
01066         EXPECT ( 0x95, 0xef, 0x78, 0x5a, 0x61, 0xc2, 0xf7, 0xb3, 0x6b, 0xc5,
01067                  0x96, 0xba, 0x4b, 0xa2, 0x08, 0xa5, 0x2c, 0x6d, 0xc2, 0x03,
01068                  0x63, 0x6d, 0x8f, 0x17, 0x87, 0x45, 0x3b, 0x85, 0x2b, 0x7e,
01069                  0x49, 0xec ) );
01070 
01071 /** SHA-256 Test 7.3 : Retried first call to Generate */
01072 HMAC_DRBG_TEST_GENERATE ( sha256_generate_7_3, HMAC_DRBG_SHA256,
01073         additional_input_empty,
01074         EXPECT ( 0x0d, 0xf9, 0x11, 0x0e, 0x2f, 0x22, 0x58, 0x98, 0x24, 0xa9,
01075                  0x47, 0x6c, 0x8e, 0x32, 0x08, 0x8e, 0x51, 0xa0, 0xda, 0x36,
01076                  0x63, 0x3f, 0x8c, 0xd1, 0xf7, 0x54, 0x7d, 0xff, 0x69, 0x6e,
01077                  0x4b, 0x29 ),
01078         EXPECT ( 0xc0, 0xe3, 0xc8, 0xed, 0x5a, 0x8b, 0x57, 0x9e, 0x3f, 0xef,
01079                  0x9d, 0xf3, 0xb7, 0xc2, 0xc2, 0x12, 0x98, 0x07, 0x17, 0xcc,
01080                  0x91, 0xae, 0x18, 0x66, 0x45, 0xfa, 0xbb, 0x2c, 0xc7, 0x84,
01081                  0xd5, 0xd7 ),
01082         EXPECT ( 0xd8, 0xb6, 0x71, 0x30, 0x71, 0x41, 0x94, 0xff, 0xe5, 0xb2,
01083                  0xa3, 0x5d, 0xbc, 0xd5, 0xe1, 0xa2, 0x99, 0x42, 0xad, 0x5c,
01084                  0x68, 0xf3, 0xde, 0xb9, 0x4a, 0xdd, 0x9e, 0x9e, 0xba, 0xd8,
01085                  0x60, 0x67, 0xed, 0xf0, 0x49, 0x15, 0xfb, 0x40, 0xc3, 0x91,
01086                  0xea, 0xe7, 0x0c, 0x65, 0x9e, 0xaa, 0xe7, 0xef, 0x11, 0xa3,
01087                  0xd4, 0x6a, 0x5b, 0x08, 0x5e, 0xdd, 0x90, 0xcc, 0x72, 0xce,
01088                  0xa9, 0x89, 0x21, 0x0b ) );
01089 
01090 /** SHA-256 Test 7.4 : Second call to Generate */
01091 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_7_4, HMAC_DRBG_SHA256,
01092         additional_input_empty, ( 512 / 8 ) );
01093 
01094 /** SHA-256 Test 7.5 : Reseed */
01095 HMAC_DRBG_TEST_RESEED ( sha256_reseed_7_5, HMAC_DRBG_SHA256,
01096         entropy_input_2, additional_input_empty,
01097         EXPECT ( 0x3d, 0x77, 0x63, 0xe5, 0x30, 0x3d, 0xb5, 0x4b, 0xe2, 0x05,
01098                  0x44, 0xa8, 0x1e, 0x9f, 0x00, 0xca, 0xdc, 0xfc, 0x1c, 0xb2,
01099                  0x8d, 0xec, 0xb9, 0xcf, 0xc6, 0x99, 0xf6, 0x1d, 0xba, 0xf8,
01100                  0x80, 0x21 ),
01101         EXPECT ( 0xfe, 0xbc, 0x02, 0x79, 0xb7, 0x71, 0x0d, 0xec, 0x5c, 0x06,
01102                  0x7e, 0xbe, 0xfa, 0x06, 0x8e, 0x4b, 0x59, 0x67, 0x49, 0x1b,
01103                  0x7e, 0xef, 0x94, 0x75, 0x83, 0x50, 0x6d, 0x04, 0x97, 0xce,
01104                  0x67, 0xba ) );
01105 
01106 /** SHA-256 Test 7.6 : Retried second call to Generate */
01107 HMAC_DRBG_TEST_GENERATE ( sha256_generate_7_6, HMAC_DRBG_SHA256,
01108         additional_input_empty,
01109         EXPECT ( 0x2d, 0x21, 0xac, 0x94, 0x99, 0x2f, 0xd8, 0x2b, 0x09, 0x80,
01110                  0xd3, 0xd5, 0x95, 0x51, 0xb9, 0xd0, 0x7c, 0x8d, 0x54, 0xb2,
01111                  0x52, 0xb6, 0x16, 0x28, 0x93, 0x44, 0xf8, 0xac, 0x86, 0x9e,
01112                  0xd3, 0x5b ),
01113         EXPECT ( 0x61, 0x0c, 0x34, 0xcd, 0xbf, 0x6f, 0x75, 0x33, 0x54, 0x7f,
01114                  0x23, 0x32, 0xea, 0xc5, 0x7e, 0xe3, 0x1e, 0x72, 0x4f, 0xb2,
01115                  0x92, 0x55, 0x56, 0x6b, 0x59, 0x78, 0x33, 0x16, 0x6c, 0xd0,
01116                  0x39, 0x9f ),
01117         EXPECT ( 0x8b, 0xba, 0x71, 0xc2, 0x58, 0x3f, 0x25, 0x30, 0xc2, 0x59,
01118                  0xc9, 0x07, 0x84, 0xa5, 0x9a, 0xc4, 0x4d, 0x1c, 0x80, 0x56,
01119                  0x91, 0x7c, 0xcf, 0x38, 0x87, 0x88, 0x10, 0x2d, 0x73, 0x82,
01120                  0x4c, 0x6c, 0x11, 0xd5, 0xd6, 0x3b, 0xe1, 0xf0, 0x10, 0x17,
01121                  0xd8, 0x84, 0xcd, 0x69, 0xd9, 0x33, 0x4b, 0x9e, 0xbc, 0x01,
01122                  0xe7, 0xbd, 0x8f, 0xdf, 0x2a, 0x8e, 0x52, 0x57, 0x22, 0x93,
01123                  0xdc, 0x21, 0xc0, 0xe1 ) );
01124 
01125 /** SHA-256 Test 8 : Instantiate */
01126 #define sha256_instantiate_8 sha256_instantiate_3
01127 
01128 /** SHA-256 Test 8.1 : First call to Generate */
01129 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_8_1, HMAC_DRBG_SHA256,
01130         additional_input_1, ( 512 / 8 ) );
01131 
01132 /** SHA-256 Test 8.2 : Reseed */
01133 HMAC_DRBG_TEST_RESEED ( sha256_reseed_8_2, HMAC_DRBG_SHA256,
01134         entropy_input_1, additional_input_1,
01135         EXPECT ( 0xb3, 0x81, 0x38, 0x8c, 0x1d, 0x7c, 0xfd, 0x56, 0x59, 0x30,
01136                  0x99, 0x3b, 0xd9, 0x26, 0x90, 0x66, 0x50, 0x88, 0xd9, 0xb8,
01137                  0x39, 0x96, 0x9b, 0x87, 0xf1, 0x6d, 0xb6, 0xdf, 0x4e, 0x43,
01138                  0x00, 0xd7 ),
01139         EXPECT ( 0xfa, 0x04, 0x25, 0x64, 0x00, 0xe3, 0x42, 0xe6, 0x55, 0xf4,
01140                  0x33, 0x26, 0x94, 0xe3, 0xb2, 0x4c, 0x04, 0xfb, 0x85, 0xbf,
01141                  0x87, 0x80, 0x21, 0xe4, 0x52, 0xe7, 0x3b, 0x8f, 0x46, 0xd4,
01142                  0xbd, 0xc6 ) );
01143 
01144 /** SHA-256 Test 8.3 : Retried first call to Generate */
01145 HMAC_DRBG_TEST_GENERATE ( sha256_generate_8_3, HMAC_DRBG_SHA256,
01146         additional_input_empty,
01147         EXPECT ( 0xd4, 0x1f, 0x6f, 0x33, 0x65, 0x82, 0x21, 0x70, 0x50, 0xb1,
01148                  0xf6, 0x59, 0x28, 0xfd, 0x6e, 0x94, 0xcb, 0xc9, 0x45, 0x68,
01149                  0xfe, 0x3b, 0x6b, 0x53, 0x38, 0x9e, 0x1e, 0x3a, 0x5b, 0x49,
01150                  0xe1, 0x01 ),
01151         EXPECT ( 0xa6, 0x55, 0xc9, 0xe7, 0xd1, 0x33, 0xf1, 0xcd, 0x8b, 0x11,
01152                  0x61, 0xf2, 0x7d, 0x54, 0xe7, 0x5a, 0x7e, 0x7c, 0x80, 0x42,
01153                  0xbf, 0x74, 0xd4, 0x7f, 0x9f, 0xfd, 0x60, 0xe2, 0x45, 0xeb,
01154                  0xa5, 0x7e ),
01155         EXPECT ( 0x44, 0xd7, 0x8b, 0xbc, 0x3e, 0xb6, 0x7c, 0x59, 0xc2, 0x2f,
01156                  0x6c, 0x31, 0x00, 0x3d, 0x21, 0x2a, 0x78, 0x37, 0xcc, 0xd8,
01157                  0x4c, 0x43, 0x8b, 0x55, 0x15, 0x0f, 0xd0, 0x13, 0xa8, 0xa7,
01158                  0x8f, 0xe8, 0xed, 0xea, 0x81, 0xc6, 0x72, 0xe4, 0xb8, 0xdd,
01159                  0xc8, 0x18, 0x38, 0x86, 0xe6, 0x9c, 0x2e, 0x17, 0x7d, 0xf5,
01160                  0x74, 0xc1, 0xf1, 0x90, 0xdf, 0x27, 0x18, 0x50, 0xf8, 0xce,
01161                  0x55, 0xef, 0x20, 0xb8 ) );
01162 
01163 /** SHA-256 Test 8.4 : Second call to Generate */
01164 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_8_4, HMAC_DRBG_SHA256,
01165         additional_input_2, ( 512 / 8 ) );
01166 
01167 /** SHA-256 Test 8.5 : Reseed */
01168 HMAC_DRBG_TEST_RESEED ( sha256_reseed_8_5, HMAC_DRBG_SHA256,
01169         entropy_input_2, additional_input_2,
01170         EXPECT ( 0xfb, 0xa8, 0x05, 0x45, 0x3e, 0x3c, 0x9a, 0x73, 0x64, 0x58,
01171                  0x5c, 0xed, 0xbc, 0xd2, 0x92, 0x30, 0xfb, 0xc9, 0x3d, 0x6f,
01172                  0x12, 0x9d, 0x21, 0xed, 0xdd, 0xf6, 0x61, 0x3b, 0x3a, 0x8f,
01173                  0xf2, 0x83 ),
01174         EXPECT ( 0x83, 0x64, 0x7a, 0x33, 0x8c, 0x15, 0x3c, 0xba, 0xf0, 0xe4,
01175                  0x9a, 0x54, 0xa4, 0x4f, 0xea, 0x66, 0x70, 0xcf, 0xd7, 0xc1,
01176                  0x71, 0x4d, 0x4a, 0xb3, 0x5f, 0x11, 0x12, 0x3d, 0xf2, 0x7b,
01177                  0x69, 0xcf ) );
01178 
01179 /** SHA-256 Test 8.6 : Retried second call to Generate */
01180 HMAC_DRBG_TEST_GENERATE ( sha256_generate_8_6, HMAC_DRBG_SHA256,
01181         additional_input_empty,
01182         EXPECT ( 0xae, 0x59, 0xc7, 0x0a, 0x7c, 0x60, 0xed, 0x49, 0x83, 0x78,
01183                  0xea, 0x84, 0x5b, 0xe9, 0x7d, 0x8f, 0xf8, 0x81, 0xe0, 0xea,
01184                  0x37, 0x2e, 0x26, 0x5f, 0xa6, 0x72, 0x84, 0x29, 0x3e, 0x1a,
01185                  0x46, 0xac ),
01186         EXPECT ( 0xe2, 0xf0, 0x4d, 0xe3, 0xce, 0x21, 0x79, 0x61, 0xae, 0x2b,
01187                  0x2d, 0x20, 0xa7, 0xba, 0x7c, 0x6c, 0x82, 0x0b, 0x5b, 0x14,
01188                  0x92, 0x6e, 0x59, 0x56, 0xae, 0x6d, 0xfa, 0x2e, 0xd1, 0xd6,
01189                  0x39, 0x93 ),
01190         EXPECT ( 0x91, 0x77, 0x80, 0xdc, 0x0c, 0xe9, 0x98, 0x9f, 0xee, 0x6c,
01191                  0x08, 0x06, 0xd6, 0xda, 0x12, 0x3a, 0x18, 0x25, 0x29, 0x47,
01192                  0x58, 0xd4, 0xe1, 0xb5, 0x82, 0x68, 0x72, 0x31, 0x78, 0x0a,
01193                  0x2a, 0x9c, 0x33, 0xf1, 0xd1, 0x56, 0xcc, 0xad, 0x32, 0x77,
01194                  0x64, 0xb2, 0x9a, 0x4c, 0xb2, 0x69, 0x01, 0x77, 0xae, 0x96,
01195                  0xef, 0x9e, 0xe9, 0x2a, 0xd0, 0xc3, 0x40, 0xba, 0x0f, 0xd1,
01196                  0x20, 0x3c, 0x02, 0xc6 ) );
01197 
01198 /**
01199  * Force a "reseed required" state
01200  *
01201  * @v state             HMAC_DRBG internal state
01202  */
01203 static inline void force_reseed_required ( struct hmac_drbg_state *state ) {
01204         state->reseed_counter = ( HMAC_DRBG_RESEED_INTERVAL + 1 );
01205 }
01206 
01207 /**
01208  * Perform HMAC_DRBG self-test
01209  *
01210  */
01211 static void hmac_drbg_test_exec ( void ) {
01212         struct hmac_drbg_state state;
01213 
01214         /*
01215          * IMPORTANT NOTE
01216          *
01217          * The NIST test vector set includes several calls to
01218          * HMAC_DRBG_Generate() that are expected to fail with a
01219          * status of "Reseed required".  The pattern seems to be that
01220          * when prediction resistance is requested, any call to
01221          * HMAC_DRBG_Generate() is at first expected to fail.  After
01222          * an explicit reseeding, the call to HMAC_DRBG_Generate() is
01223          * retried, and on this second time it is expected to succeed.
01224          *
01225          * This pattern does not match the specifications for
01226          * HMAC_DRBG_Generate(): neither HMAC_DRBG_Generate_algorithm
01227          * (defined in ANS X9.82 Part 3-2007 Section 10.2.2.2.5 (NIST
01228          * SP 800-90 Section 10.1.2.5)) nor the higher-level wrapper
01229          * Generate_function defined in ANS X9.82 Part 3-2007 Section
01230          * 9.4 (NIST SP 800-90 Section 9.3)) can possibly exhibit this
01231          * behaviour:
01232          *
01233          * a) HMAC_DRBG_Generate_algorithm can return a "reseed
01234          *    required" status only as a result of the test
01235          *
01236          *      "1. If reseed_counter > reseed_interval, then return
01237          *       an indication that a reseed is required."
01238          *
01239          *    Since the reseed interval is independent of any request
01240          *    for prediction resistance, and since the reseed interval
01241          *    is not specified as part of the NIST test vector set,
01242          *    then this cannot be the source of the "Reseed required"
01243          *    failure expected by the NIST test vector set.
01244          *
01245          * b) Generate_function cannot return a "reseed required"
01246          *    status under any circumstances.  If the underlying
01247          *    HMAC_DRBG_Generate_algorithm call returns "reseed
01248          *    required", then Generate_function will automatically
01249          *    reseed and try again.
01250          *
01251          * To produce the behaviour expected by the NIST test vector
01252          * set, we therefore contrive to produce a "reseed required"
01253          * state where necessary by setting the reseed_counter to
01254          * greater than the reseed_interval.
01255          */
01256 
01257         /* SHA-1 Test 1 */
01258         instantiate_ok ( &state, &sha1_instantiate_1 );
01259         generate_ok ( &state, &sha1_generate_1_1 );
01260         generate_ok ( &state, &sha1_generate_1_2 );
01261 
01262         /* SHA-1 Test 2 */
01263         instantiate_ok ( &state, &sha1_instantiate_2 );
01264         generate_ok ( &state, &sha1_generate_2_1 );
01265         generate_ok ( &state, &sha1_generate_2_2 );
01266 
01267         /* SHA-1 Test 3 */
01268         instantiate_ok ( &state, &sha1_instantiate_3 );
01269         generate_ok ( &state, &sha1_generate_3_1 );
01270         generate_ok ( &state, &sha1_generate_3_2 );
01271 
01272         /* SHA-1 Test 4 */
01273         instantiate_ok ( &state, &sha1_instantiate_4 );
01274         generate_ok ( &state, &sha1_generate_4_1 );
01275         generate_ok ( &state, &sha1_generate_4_2 );
01276 
01277         /* SHA-1 Test 5 */
01278         instantiate_ok ( &state, &sha1_instantiate_5 );
01279         force_reseed_required ( &state ); /* See above comments */
01280         generate_fail_ok ( &state, &sha1_generate_fail_5_1 );
01281         reseed_ok ( &state, &sha1_reseed_5_2 );
01282         generate_ok ( &state, &sha1_generate_5_3 );
01283         force_reseed_required ( &state ); /* See above comments */
01284         generate_fail_ok ( &state, &sha1_generate_fail_5_4 );
01285         reseed_ok ( &state, &sha1_reseed_5_5 );
01286         generate_ok ( &state, &sha1_generate_5_6 );
01287 
01288         /* SHA-1 Test 6 */
01289         instantiate_ok ( &state, &sha1_instantiate_6 );
01290         force_reseed_required ( &state ); /* See above comments */
01291         generate_fail_ok ( &state, &sha1_generate_fail_6_1 );
01292         reseed_ok ( &state, &sha1_reseed_6_2 );
01293         generate_ok ( &state, &sha1_generate_6_3 );
01294         force_reseed_required ( &state ); /* See above comments */
01295         generate_fail_ok ( &state, &sha1_generate_fail_6_4 );
01296         reseed_ok ( &state, &sha1_reseed_6_5 );
01297         generate_ok ( &state, &sha1_generate_6_6 );
01298 
01299         /* SHA-1 Test 7 */
01300         instantiate_ok ( &state, &sha1_instantiate_7 );
01301         force_reseed_required ( &state ); /* See above comments */
01302         generate_fail_ok ( &state, &sha1_generate_fail_7_1 );
01303         reseed_ok ( &state, &sha1_reseed_7_2 );
01304         generate_ok ( &state, &sha1_generate_7_3 );
01305         force_reseed_required ( &state ); /* See above comments */
01306         generate_fail_ok ( &state, &sha1_generate_fail_7_4 );
01307         reseed_ok ( &state, &sha1_reseed_7_5 );
01308         generate_ok ( &state, &sha1_generate_7_6 );
01309 
01310         /* SHA-1 Test 8 */
01311         instantiate_ok ( &state, &sha1_instantiate_8 );
01312         force_reseed_required ( &state ); /* See above comments */
01313         generate_fail_ok ( &state, &sha1_generate_fail_8_1 );
01314         reseed_ok ( &state, &sha1_reseed_8_2 );
01315         generate_ok ( &state, &sha1_generate_8_3 );
01316         force_reseed_required ( &state ); /* See above comments */
01317         generate_fail_ok ( &state, &sha1_generate_fail_8_4 );
01318         reseed_ok ( &state, &sha1_reseed_8_5 );
01319         generate_ok ( &state, &sha1_generate_8_6 );
01320 
01321         /* SHA-256 Test 1 */
01322         instantiate_ok ( &state, &sha256_instantiate_1 );
01323         generate_ok ( &state, &sha256_generate_1_1 );
01324         generate_ok ( &state, &sha256_generate_1_2 );
01325 
01326         /* SHA-256 Test 2 */
01327         instantiate_ok ( &state, &sha256_instantiate_2 );
01328         generate_ok ( &state, &sha256_generate_2_1 );
01329         generate_ok ( &state, &sha256_generate_2_2 );
01330 
01331         /* SHA-256 Test 3 */
01332         instantiate_ok ( &state, &sha256_instantiate_3 );
01333         generate_ok ( &state, &sha256_generate_3_1 );
01334         generate_ok ( &state, &sha256_generate_3_2 );
01335 
01336         /* SHA-256 Test 4 */
01337         instantiate_ok ( &state, &sha256_instantiate_4 );
01338         generate_ok ( &state, &sha256_generate_4_1 );
01339         generate_ok ( &state, &sha256_generate_4_2 );
01340 
01341         /* SHA-256 Test 5 */
01342         instantiate_ok ( &state, &sha256_instantiate_5 );
01343         force_reseed_required ( &state ); /* See above comments */
01344         generate_fail_ok ( &state, &sha256_generate_fail_5_1 );
01345         reseed_ok ( &state, &sha256_reseed_5_2 );
01346         generate_ok ( &state, &sha256_generate_5_3 );
01347         force_reseed_required ( &state ); /* See above comments */
01348         generate_fail_ok ( &state, &sha256_generate_fail_5_4 );
01349         reseed_ok ( &state, &sha256_reseed_5_5 );
01350         generate_ok ( &state, &sha256_generate_5_6 );
01351 
01352         /* SHA-256 Test 6 */
01353         instantiate_ok ( &state, &sha256_instantiate_6 );
01354         force_reseed_required ( &state ); /* See above comments */
01355         generate_fail_ok ( &state, &sha256_generate_fail_6_1 );
01356         reseed_ok ( &state, &sha256_reseed_6_2 );
01357         generate_ok ( &state, &sha256_generate_6_3 );
01358         force_reseed_required ( &state ); /* See above comments */
01359         generate_fail_ok ( &state, &sha256_generate_fail_6_4 );
01360         reseed_ok ( &state, &sha256_reseed_6_5 );
01361         generate_ok ( &state, &sha256_generate_6_6 );
01362 
01363         /* SHA-256 Test 7 */
01364         instantiate_ok ( &state, &sha256_instantiate_7 );
01365         force_reseed_required ( &state ); /* See above comments */
01366         generate_fail_ok ( &state, &sha256_generate_fail_7_1 );
01367         reseed_ok ( &state, &sha256_reseed_7_2 );
01368         generate_ok ( &state, &sha256_generate_7_3 );
01369         force_reseed_required ( &state ); /* See above comments */
01370         generate_fail_ok ( &state, &sha256_generate_fail_7_4 );
01371         reseed_ok ( &state, &sha256_reseed_7_5 );
01372         generate_ok ( &state, &sha256_generate_7_6 );
01373 
01374         /* SHA-256 Test 8 */
01375         instantiate_ok ( &state, &sha256_instantiate_8 );
01376         force_reseed_required ( &state ); /* See above comments */
01377         generate_fail_ok ( &state, &sha256_generate_fail_8_1 );
01378         reseed_ok ( &state, &sha256_reseed_8_2 );
01379         generate_ok ( &state, &sha256_generate_8_3 );
01380         force_reseed_required ( &state ); /* See above comments */
01381         generate_fail_ok ( &state, &sha256_generate_fail_8_4 );
01382         reseed_ok ( &state, &sha256_reseed_8_5 );
01383         generate_ok ( &state, &sha256_generate_8_6 );
01384 }
01385 
01386 /** HMAC_DRBG self-test */
01387 struct self_test hmac_drbg_test __self_test = {
01388         .name = "hmac_drbg",
01389         .exec = hmac_drbg_test_exec,
01390 };