iPXE
hmac_drbg_test.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
3  *
4  * This program is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU General Public License as
6  * published by the Free Software Foundation; either version 2 of the
7  * License, or any later version.
8  *
9  * This program is distributed in the hope that it will be useful, but
10  * WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17  * 02110-1301, USA.
18  *
19  * You can also choose to distribute this program under the terms of
20  * the Unmodified Binary Distribution Licence (as given in the file
21  * COPYING.UBDL), provided that you have satisfied its requirements.
22  */
23 
24 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
25 
26 /** @file
27  *
28  * HMAC_DRBG tests
29  *
30  * These test vectors are provided by NIST as part of the
31  * Cryptographic Toolkit Examples, downloadable from:
32  *
33  * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/HMAC_DRBG.pdf
34  *
35  */
36 
37 /* Forcibly enable assertions */
38 #undef NDEBUG
39 
40 #include <assert.h>
41 #include <string.h>
42 #include <ipxe/hmac_drbg.h>
43 #include <ipxe/sha1.h>
44 #include <ipxe/sha256.h>
45 #include <ipxe/test.h>
46 
47 /** Define inline expected data */
48 #define EXPECT(...) { __VA_ARGS__ }
49 
50 /** An HMAC_DRBG instantiation test */
52  /** Underlying hash algorithm */
54  /** Output block length */
55  size_t out_len;
56  /** Entropy */
57  const void *entropy;
58  /** Length of entropy */
59  size_t entropy_len;
60  /** Nonce */
61  const void *nonce;
62  /** Length of nonce */
63  size_t nonce_len;
64  /** Personalisation string */
65  const void *personal;
66  /** Length of personalisation string */
67  size_t personal_len;
68  /** Expected key */
69  const void *expected_key;
70  /** Length of expected key */
72  /** Expected value */
73  const void *expected_value;
74  /** Length of expected value */
76 };
77 
78 /**
79  * Define an HMAC_DRBG instantiation test
80  *
81  * @v name Test name
82  * @v hmac_drbg HMAC_DRBG algorithm
83  * @v entropy_array Entropy input
84  * @v nonce_array Nonce
85  * @v personal_array Personalisation string
86  * @v key Expected key
87  * @v value Expected value
88  * @ret test Instantiation test
89  */
90 #define HMAC_DRBG_TEST_INSTANTIATE( name, hmac_drbg, entropy_array, \
91  nonce_array, personal_array, \
92  key, value ) \
93  static const uint8_t name ## _key [] = key; \
94  static const uint8_t name ## _value [] = value; \
95  static struct hmac_drbg_test_instantiate name = { \
96  .hash = HMAC_DRBG_HASH ( hmac_drbg ), \
97  .out_len = HMAC_DRBG_OUTLEN_BYTES ( hmac_drbg ), \
98  .entropy = entropy_array, \
99  .entropy_len = sizeof ( entropy_array ), \
100  .nonce = nonce_array, \
101  .nonce_len = sizeof ( nonce_array ), \
102  .personal = personal_array, \
103  .personal_len = sizeof ( personal_array ), \
104  .expected_key = name ## _key, \
105  .expected_key_len = sizeof ( name ## _key ), \
106  .expected_value = name ## _value, \
107  .expected_value_len = sizeof ( name ## _value ), \
108  }
109 
110 /**
111  * Report instantiation test result
112  *
113  * @v state HMAC_DRBG internal state
114  * @v test Instantiation test
115  */
116 #define instantiate_ok( state, test ) do { \
117  struct { \
118  uint8_t entropy[(test)->entropy_len]; \
119  uint8_t nonce[(test)->nonce_len]; \
120  } __attribute__ (( packed )) entropy_nonce; \
121  \
122  assert ( (test)->expected_key_len == (test)->out_len ); \
123  assert ( (test)->expected_value_len == (test)->out_len ); \
124  memcpy ( entropy_nonce.entropy, (test)->entropy, \
125  sizeof ( entropy_nonce.entropy ) ); \
126  memcpy ( entropy_nonce.nonce, (test)->nonce, \
127  sizeof ( entropy_nonce.nonce ) ); \
128  hmac_drbg_instantiate ( (test)->hash, (state), &entropy_nonce, \
129  sizeof ( entropy_nonce ), \
130  (test)->personal, \
131  (test)->personal_len ); \
132  ok ( memcmp ( (state)->key, (test)->expected_key, \
133  (test)->expected_key_len ) == 0 ); \
134  ok ( memcmp ( (state)->value, (test)->expected_value, \
135  (test)->expected_value_len ) == 0 ); \
136  } while ( 0 )
137 
138 /** An HMAC_DRBG reseed test */
140  /** Underlying hash algorithm */
142  /** Output block length */
143  size_t out_len;
144  /** Entropy */
145  const void *entropy;
146  /** Length of entropy */
147  size_t entropy_len;
148  /** Additional input */
149  const void *additional;
150  /** Length of additional_input */
152  /** Expected key */
153  const void *expected_key;
154  /** Length of expected key */
156  /** Expected value */
157  const void *expected_value;
158  /** Length of expected value */
160 };
161 
162 /**
163  * Define an HMAC_DRBG reseed test
164  *
165  * @v name Test name
166  * @v hmac_drbg HMAC_DRBG algorithm
167  * @v entropy_array Entropy input
168  * @v additional_array Additional input
169  * @v key Expected key
170  * @v value Expected value
171  * @ret test Reseed test
172  */
173 #define HMAC_DRBG_TEST_RESEED( name, hmac_drbg, entropy_array, \
174  additional_array, key, value ) \
175  static const uint8_t name ## _key [] = key; \
176  static const uint8_t name ## _value [] = value; \
177  static struct hmac_drbg_test_reseed name = { \
178  .hash = HMAC_DRBG_HASH ( hmac_drbg ), \
179  .out_len = HMAC_DRBG_OUTLEN_BYTES ( hmac_drbg ), \
180  .entropy = entropy_array, \
181  .entropy_len = sizeof ( entropy_array ), \
182  .additional = additional_array, \
183  .additional_len = sizeof ( additional_array ), \
184  .expected_key = name ## _key, \
185  .expected_key_len = sizeof ( name ## _key ), \
186  .expected_value = name ## _value, \
187  .expected_value_len = sizeof ( name ## _value ), \
188  }
189 
190 /**
191  * Report reseed test result
192  *
193  * @v state HMAC_DRBG internal state
194  * @v test Reseed test
195  */
196 #define reseed_ok( state, test ) do { \
197  assert ( (test)->expected_key_len == (test)->out_len ); \
198  assert ( (test)->expected_value_len == (test)->out_len ); \
199  hmac_drbg_reseed ( (test)->hash, (state), (test)->entropy, \
200  (test)->entropy_len, (test)->additional, \
201  (test)->additional_len ); \
202  ok ( memcmp ( (state)->key, (test)->expected_key, \
203  (test)->expected_key_len ) == 0 ); \
204  ok ( memcmp ( (state)->value, (test)->expected_value, \
205  (test)->expected_value_len ) == 0 ); \
206  } while ( 0 )
207 
208 /** An HMAC_DRBG generation test */
210  /** Underlying hash algorithm */
212  /** Output block length */
213  size_t out_len;
214  /** Additional input */
215  const void *additional;
216  /** Length of additional_input */
218  /** Expected key */
219  const void *expected_key;
220  /** Length of expected key */
222  /** Expected value */
223  const void *expected_value;
224  /** Length of expected value */
226  /** Expected pseudorandom data */
227  const void *expected_data;
228  /** Length of data */
230 };
231 
232 /**
233  * Define an HMAC_DRBG generation test
234  *
235  * @v name Test name
236  * @v hmac_drbg HMAC_DRBG algorithm
237  * @v additional_array Additional input
238  * @v key Expected key
239  * @v value Expected value
240  * @v data Expected pseudorandom data
241  * @ret test Generation test
242  */
243 #define HMAC_DRBG_TEST_GENERATE( name, hmac_drbg, additional_array, \
244  key, value, data ) \
245  static const uint8_t name ## _key [] = key; \
246  static const uint8_t name ## _value [] = value; \
247  static const uint8_t name ## _data [] = data; \
248  static struct hmac_drbg_test_generate name = { \
249  .hash = HMAC_DRBG_HASH ( hmac_drbg ), \
250  .out_len = HMAC_DRBG_OUTLEN_BYTES ( hmac_drbg ), \
251  .additional = additional_array, \
252  .additional_len = sizeof ( additional_array ), \
253  .expected_key = name ## _key, \
254  .expected_key_len = sizeof ( name ## _key ), \
255  .expected_value = name ## _value, \
256  .expected_value_len = sizeof ( name ## _value ), \
257  .expected_data = name ## _data, \
258  .expected_data_len = sizeof ( name ## _data ), \
259  }
260 
261 /**
262  * Report generation test result
263  *
264  * @v state HMAC_DRBG internal state
265  * @v test Generation test
266  */
267 #define generate_ok( state, test ) do { \
268  uint8_t data[ (test)->expected_data_len ]; \
269  int rc; \
270  \
271  assert ( (test)->expected_key_len == (test)->out_len ); \
272  assert ( (test)->expected_value_len == (test)->out_len ); \
273  rc = hmac_drbg_generate ( (test)->hash, (state), \
274  (test)->additional, \
275  (test)->additional_len, \
276  data, sizeof ( data ) ); \
277  ok ( rc == 0 ); \
278  ok ( memcmp ( (state)->key, (test)->expected_key, \
279  (test)->expected_key_len ) == 0 ); \
280  ok ( memcmp ( (state)->value, (test)->expected_value, \
281  (test)->expected_value_len ) == 0 ); \
282  ok ( memcmp ( data, (test)->expected_data, \
283  (test)->expected_data_len ) == 0 ); \
284  } while ( 0 )
285 
286 /** An HMAC_DRBG generation failure test */
288  /** Underlying hash algorithm */
290  /** Additional input */
291  const void *additional;
292  /** Length of additional_input */
294  /** Length of requested data */
296 };
297 
298 /**
299  * Define an HMAC_DRBG generation failure test
300  *
301  * @v name Test name
302  * @v hmac_drbg HMAC_DRBG algorithm
303  * @v additional_array Additional input
304  * @ret test Generation failure test
305  */
306 #define HMAC_DRBG_TEST_GENERATE_FAIL( name, hmac_drbg, \
307  additional_array, len ) \
308  static struct hmac_drbg_test_generate_fail name = { \
309  .hash = HMAC_DRBG_HASH ( hmac_drbg ), \
310  .additional = additional_array, \
311  .additional_len = sizeof ( additional_array ), \
312  .requested_len = len, \
313  }
314 
315 /**
316  * Report generation failure test result
317  *
318  * @v state HMAC_DRBG internal state
319  * @v test Generation failure test
320  */
321 #define generate_fail_ok( state, test ) do { \
322  uint8_t data[ (test)->requested_len ]; \
323  int rc; \
324  \
325  rc = hmac_drbg_generate ( (test)->hash, (state), \
326  (test)->additional, \
327  (test)->additional_len, data, \
328  sizeof ( data ) ); \
329  ok ( rc != 0 ); \
330  } while ( 0 )
331 
332 /** "EntropyInput" */
333 static const uint8_t entropy_input[] = {
334  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
335  0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
336  0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
337  0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
338  0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36
339 };
340 
341 /** "Nonce" for SHA-1 */
342 static const uint8_t nonce_sha1[] = {
343  0x20, 0x21, 0x22, 0x23, 0x24
344 };
345 
346 /** "Nonce" for SHA-256 */
347 static const uint8_t nonce_sha256[] = {
348  0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27
349 };
350 
351 /** "EntropyInput1 (for Reseed1) */
352 static const uint8_t entropy_input_1[] = {
353  0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b,
354  0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
355  0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3,
356  0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
357  0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6
358 };
359 
360 /** "EntropyInput2 (for Reseed2) */
361 static const uint8_t entropy_input_2[] = {
362  0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb,
363  0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
364  0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3,
365  0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
366  0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6
367 };
368 
369 /** "PersonalizationString = <empty>" */
371 
372 /** "PersonalizationString" */
373 static const uint8_t personalisation_string[] = {
374  0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b,
375  0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
376  0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, 0x60, 0x61, 0x62, 0x63,
377  0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
378  0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76
379 };
380 
381 /** "AdditionalInput = <empty>" */
382 static const uint8_t additional_input_empty[] = {};
383 
384 /** "AdditionalInput1" */
385 static const uint8_t additional_input_1[] = {
386  0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
387  0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
388  0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83,
389  0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
390  0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96
391 };
392 
393 /** "AdditionalInput2" */
394 static const uint8_t additional_input_2[] = {
395  0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab,
396  0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
397  0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, 0xc0, 0xc1, 0xc2, 0xc3,
398  0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
399  0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6
400 };
401 
402 /** SHA-1 Test 1 : Instantiation */
403 HMAC_DRBG_TEST_INSTANTIATE ( sha1_instantiate_1, HMAC_DRBG_SHA1,
405  EXPECT ( 0xab, 0x16, 0x0d, 0xd2, 0x1c, 0x30, 0x98, 0x0c, 0xa3, 0xca,
406  0x5a, 0x9c, 0x77, 0xb7, 0xbd, 0xf0, 0x50, 0xe6, 0x4e, 0xe9 ),
407  EXPECT ( 0x61, 0x44, 0x99, 0xea, 0x98, 0x0c, 0xfb, 0x3d, 0xaa, 0x2c,
408  0xa8, 0x6d, 0x65, 0xa4, 0x6b, 0xf4, 0x48, 0x8d, 0x8c, 0xc5 ) );
409 
410 /** SHA-1 Test 1.1 : First call to Generate */
411 HMAC_DRBG_TEST_GENERATE ( sha1_generate_1_1, HMAC_DRBG_SHA1,
413  EXPECT ( 0x7b, 0xb1, 0x80, 0x28, 0xe0, 0x1d, 0x03, 0x42, 0xdf, 0x4f,
414  0x54, 0xda, 0x51, 0x22, 0xfa, 0x5f, 0x2c, 0x3a, 0x05, 0xe4 ),
415  EXPECT ( 0x2f, 0x89, 0x4f, 0x28, 0xcc, 0x2f, 0x53, 0x82, 0x96, 0x40,
416  0x64, 0x3a, 0xd1, 0x7b, 0x84, 0xb0, 0xcd, 0x3c, 0x79, 0x79 ),
417  EXPECT ( 0x5a, 0x7d, 0x3b, 0x44, 0x9f, 0x48, 0x1c, 0xb3, 0x8d, 0xf7,
418  0x9a, 0xd2, 0xb1, 0xfc, 0xc0, 0x1e, 0x57, 0xf8, 0x13, 0x5e,
419  0x8c, 0x0b, 0x22, 0xcd, 0x06, 0x30, 0xbf, 0xb0, 0x12, 0x7f,
420  0xb5, 0x40, 0x8c, 0x8e, 0xfc, 0x17, 0xa9, 0x29, 0x89, 0x6e ) );
421 
422 /** SHA-1 Test 1.2 : Second call to Generate */
423 HMAC_DRBG_TEST_GENERATE ( sha1_generate_1_2, HMAC_DRBG_SHA1,
425  EXPECT ( 0x3d, 0x4d, 0x73, 0x77, 0xe9, 0x17, 0x2a, 0xaf, 0xa7, 0x76,
426  0xb0, 0xdd, 0xcb, 0x89, 0x42, 0x00, 0x4a, 0x44, 0xb7, 0xfd ),
427  EXPECT ( 0x1a, 0x26, 0xbd, 0x9b, 0xfc, 0x97, 0x44, 0xbd, 0x29, 0xf6,
428  0xae, 0xbe, 0x24, 0x37, 0xe2, 0x09, 0xf1, 0xf7, 0x16, 0x25 ),
429  EXPECT ( 0x82, 0xcf, 0x77, 0x2e, 0xc3, 0xe8, 0x4b, 0x00, 0xfc, 0x74,
430  0xf5, 0xdf, 0x10, 0x4e, 0xfb, 0xfb, 0x24, 0x28, 0x55, 0x4e,
431  0x9c, 0xe3, 0x67, 0xd0, 0x3a, 0xea, 0xde, 0x37, 0x82, 0x7f,
432  0xa8, 0xe9, 0xcb, 0x6a, 0x08, 0x19, 0x61, 0x15, 0xd9, 0x48 ) );
433 
434 /** SHA-1 Test 2 : Instantiation */
435 #define sha1_instantiate_2 sha1_instantiate_1
436 
437 /** SHA-1 Test 2.1 : First call to Generate */
438 HMAC_DRBG_TEST_GENERATE ( sha1_generate_2_1, HMAC_DRBG_SHA1,
440  EXPECT ( 0x3a, 0x06, 0x2e, 0x6b, 0x79, 0xfe, 0x70, 0xdb, 0xff, 0xeb,
441  0x3a, 0x2b, 0x6b, 0xe8, 0x03, 0x23, 0xf7, 0xd6, 0x74, 0xc5 ),
442  EXPECT ( 0xbd, 0x36, 0x31, 0x28, 0xbf, 0x58, 0x0d, 0x7a, 0x54, 0x42,
443  0x9d, 0xdd, 0x58, 0xe8, 0x19, 0x3b, 0x98, 0x43, 0xbd, 0x2b ),
444  EXPECT ( 0xc7, 0xaa, 0xac, 0x58, 0x3c, 0x6e, 0xf6, 0x30, 0x07, 0x14,
445  0xc2, 0xcc, 0x5d, 0x06, 0xc1, 0x48, 0xcf, 0xfb, 0x40, 0x44,
446  0x9a, 0xd0, 0xbb, 0x26, 0xfa, 0xc0, 0x49, 0x7b, 0x5c, 0x57,
447  0xe1, 0x61, 0xe3, 0x66, 0x81, 0xbc, 0xc9, 0x30, 0xce, 0x80 ) );
448 
449 /** SHA-1 Test 2.2 : Second call to Generate */
450 HMAC_DRBG_TEST_GENERATE ( sha1_generate_2_2, HMAC_DRBG_SHA1,
452  EXPECT ( 0x8a, 0xd7, 0xe3, 0x47, 0x72, 0xb5, 0xfc, 0x7c, 0x3b, 0x3b,
453  0x27, 0x62, 0x4f, 0x0b, 0x91, 0x77, 0x6a, 0x8a, 0x71, 0x12 ),
454  EXPECT ( 0xd7, 0x13, 0x76, 0xa4, 0x6d, 0x76, 0x4b, 0x17, 0xc3, 0xb7,
455  0x39, 0x34, 0x7b, 0x38, 0x4e, 0x51, 0x51, 0xe8, 0x7e, 0x88 ),
456  EXPECT ( 0x6e, 0xbd, 0x2b, 0x7b, 0x5e, 0x0a, 0x2a, 0xd7, 0xa2, 0x4b,
457  0x1b, 0xf9, 0xa1, 0xdb, 0xa4, 0x7d, 0x43, 0x27, 0x17, 0x19,
458  0xb9, 0xc3, 0x7b, 0x7f, 0xe8, 0x1b, 0xa9, 0x40, 0x45, 0xa1,
459  0x4a, 0x7c, 0xb5, 0x14, 0xb4, 0x46, 0x66, 0x6e, 0xa5, 0xa7 ) );
460 
461 /** SHA-1 Test 3 : Instantiation */
462 HMAC_DRBG_TEST_INSTANTIATE ( sha1_instantiate_3, HMAC_DRBG_SHA1,
464  EXPECT ( 0xb7, 0xd9, 0x66, 0xd7, 0x0d, 0x4e, 0x27, 0xa7, 0xfa, 0x83,
465  0x8f, 0x7d, 0x61, 0x12, 0x6c, 0x0e, 0xdc, 0x84, 0x76, 0x1c ),
466  EXPECT ( 0xda, 0xb2, 0xa7, 0x18, 0x83, 0xf1, 0x00, 0x5c, 0x5d, 0xd0,
467  0x39, 0x32, 0x4d, 0x3c, 0x36, 0x4d, 0x6e, 0x18, 0xf9, 0x54 ) );
468 
469 /** SHA-1 Test 3.1 : First call to Generate */
470 HMAC_DRBG_TEST_GENERATE ( sha1_generate_3_1, HMAC_DRBG_SHA1,
472  EXPECT ( 0x87, 0xd3, 0x82, 0x8b, 0xe0, 0x3a, 0x80, 0x7d, 0xd3, 0x40,
473  0x29, 0x41, 0xbe, 0xd6, 0xde, 0x98, 0x6e, 0xe7, 0xa2, 0x86 ),
474  EXPECT ( 0x6a, 0xe1, 0xd0, 0x08, 0x6f, 0x53, 0xb1, 0xb7, 0x63, 0xa4,
475  0x51, 0x5b, 0x19, 0x06, 0xfe, 0xe4, 0x76, 0x61, 0xfd, 0x47 ),
476  EXPECT ( 0xb3, 0xbd, 0x05, 0x24, 0x6c, 0xba, 0x12, 0xa6, 0x47, 0x35,
477  0xa4, 0xe3, 0xfd, 0xe5, 0x99, 0xbc, 0x1b, 0xe3, 0x0f, 0x43,
478  0x9b, 0xd0, 0x60, 0x20, 0x8e, 0xea, 0x7d, 0x71, 0xf9, 0xd1,
479  0x23, 0xdf, 0x47, 0xb3, 0xce, 0x06, 0x9d, 0x98, 0xed, 0xe6 ) );
480 
481 /** SHA-1 Test 3.2 : Second call to Generate */
482 HMAC_DRBG_TEST_GENERATE ( sha1_generate_3_2, HMAC_DRBG_SHA1,
484  EXPECT ( 0x26, 0xab, 0xbf, 0x54, 0xb2, 0x8b, 0x93, 0xff, 0x90, 0x08,
485  0x67, 0x0e, 0xbf, 0xee, 0x86, 0xcd, 0xd7, 0x22, 0x8e, 0xd5 ),
486  EXPECT ( 0xe9, 0x25, 0x47, 0x29, 0xe0, 0x02, 0x04, 0xa1, 0xb6, 0xc0,
487  0x21, 0x58, 0xa6, 0xc7, 0x27, 0x86, 0x47, 0x14, 0xf1, 0xf7 ),
488  EXPECT ( 0xb5, 0xda, 0xda, 0x38, 0x0e, 0x28, 0x72, 0xdf, 0x93, 0x5b,
489  0xca, 0x55, 0xb8, 0x82, 0xc8, 0xc9, 0x37, 0x69, 0x02, 0xab,
490  0x63, 0x97, 0x65, 0x47, 0x2b, 0x71, 0xac, 0xeb, 0xe2, 0xea,
491  0x8b, 0x1b, 0x6b, 0x49, 0x62, 0x9c, 0xb6, 0x73, 0x17, 0xe0 ) );
492 
493 /** SHA-1 Test 4 : Instantiation */
494 #define sha1_instantiate_4 sha1_instantiate_3
495 
496 /** SHA-1 Test 4.1 : First call to Generate */
497 HMAC_DRBG_TEST_GENERATE ( sha1_generate_4_1, HMAC_DRBG_SHA1,
499  EXPECT ( 0x17, 0xa5, 0xd7, 0x9f, 0x07, 0x67, 0x87, 0x6f, 0x3a, 0x45,
500  0xe0, 0xc9, 0xc3, 0x3e, 0xc8, 0x8b, 0x03, 0xce, 0xea, 0x13 ),
501  EXPECT ( 0x4d, 0x2f, 0x3b, 0xc7, 0x77, 0x50, 0x5c, 0x45, 0xf7, 0xe1,
502  0x7d, 0xcd, 0x3d, 0x86, 0xbf, 0x37, 0x9c, 0xb6, 0x02, 0x5e ),
503  EXPECT ( 0x1f, 0x8f, 0xec, 0x7b, 0xc7, 0xcf, 0xa9, 0xa8, 0x80, 0x34,
504  0x5d, 0x28, 0x0b, 0x13, 0xc6, 0x32, 0xb8, 0x52, 0x77, 0x0a,
505  0x6d, 0xfc, 0x30, 0x2e, 0xad, 0x4c, 0xe3, 0xf5, 0x54, 0xc7,
506  0x9b, 0x0d, 0x44, 0x23, 0x9e, 0xba, 0x56, 0xa7, 0xea, 0x2d ) );
507 
508 /** SHA-1 Test 4.2 : Second call to Generate */
509 HMAC_DRBG_TEST_GENERATE ( sha1_generate_4_2, HMAC_DRBG_SHA1,
511  EXPECT ( 0x07, 0x9b, 0x57, 0xd9, 0x40, 0x6e, 0x11, 0xc2, 0xf8, 0x7c,
512  0x8c, 0x82, 0x8c, 0x8c, 0x6f, 0xa7, 0x6e, 0x40, 0xea, 0x01 ),
513  EXPECT ( 0xa6, 0x54, 0xfe, 0x72, 0xf8, 0xa7, 0x7b, 0xb8, 0xf0, 0x3d,
514  0xff, 0x07, 0xc7, 0x9a, 0x51, 0x53, 0x00, 0x9e, 0xdd, 0xda ),
515  EXPECT ( 0xaf, 0x97, 0xcd, 0xe1, 0xe8, 0xab, 0x32, 0x2a, 0x2e, 0xac,
516  0xa8, 0xe6, 0xf4, 0xe5, 0xbf, 0x78, 0xa1, 0x1b, 0xde, 0xf7,
517  0xdc, 0x91, 0x21, 0x5d, 0x44, 0xb1, 0x07, 0xb4, 0xd5, 0xa7,
518  0x79, 0x01, 0x59, 0x25, 0x09, 0x76, 0x52, 0x80, 0xf9, 0x69 ) );
519 
520 /** SHA-1 Test 5 : Instantiation */
521 #define sha1_instantiate_5 sha1_instantiate_1
522 
523 /** SHA-1 Test 5.1 : First call to Generate */
524 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_5_1, HMAC_DRBG_SHA1,
525  additional_input_empty, ( 320 / 8 ) );
526 
527 /** SHA-1 Test 5.2 : Reseed */
528 HMAC_DRBG_TEST_RESEED ( sha1_reseed_5_2, HMAC_DRBG_SHA1,
530  EXPECT ( 0xcd, 0x4c, 0xab, 0x38, 0xc8, 0xad, 0x65, 0x71, 0x22, 0xbf,
531  0x5d, 0x3d, 0x00, 0xd0, 0xac, 0x9b, 0x13, 0xd6, 0x29, 0xbb ),
532  EXPECT ( 0xf6, 0x60, 0xe2, 0x3e, 0x91, 0x00, 0x6b, 0x62, 0xc6, 0x54,
533  0x3a, 0xb1, 0x34, 0x4d, 0x23, 0xa3, 0x1a, 0xb4, 0xcf, 0x2c ) );
534 
535 /** SHA-1 Test 5.3 : Retried first call to Generate */
536 HMAC_DRBG_TEST_GENERATE ( sha1_generate_5_3, HMAC_DRBG_SHA1,
538  EXPECT ( 0x58, 0x7f, 0xd8, 0x21, 0xef, 0x6c, 0x9d, 0xa4, 0xa8, 0x3c,
539  0x19, 0x21, 0x1f, 0x10, 0x56, 0xca, 0xcd, 0x23, 0xfc, 0x1a ),
540  EXPECT ( 0x84, 0x8f, 0xd1, 0x4c, 0x13, 0xb7, 0xea, 0x93, 0x72, 0x0c,
541  0xcf, 0xde, 0x71, 0xf2, 0xf6, 0x44, 0x39, 0xdb, 0x79, 0x5d ),
542  EXPECT ( 0xfe, 0xc4, 0x59, 0x7f, 0x06, 0xa3, 0xa8, 0xcc, 0x85, 0x29,
543  0xd5, 0x95, 0x57, 0xb9, 0xe6, 0x61, 0x05, 0x38, 0x09, 0xc0,
544  0xbc, 0x0e, 0xfc, 0x28, 0x2a, 0xbd, 0x87, 0x60, 0x5c, 0xc9,
545  0x0c, 0xba, 0x9b, 0x86, 0x33, 0xdc, 0xb1, 0xda, 0xe0, 0x2e ) );
546 
547 /** SHA-1 Test 5.4 : Second call to Generate */
548 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_5_4, HMAC_DRBG_SHA1,
549  additional_input_empty, ( 320 / 8 ) );
550 
551 /** SHA-1 Test 5.5 : Reseed */
552 HMAC_DRBG_TEST_RESEED ( sha1_reseed_5_5, HMAC_DRBG_SHA1,
554  EXPECT ( 0xdb, 0xa1, 0xcf, 0xf4, 0x87, 0x95, 0x46, 0xa0, 0x38, 0xa5,
555  0x59, 0xb2, 0xa2, 0x4d, 0xf2, 0xc0, 0x30, 0x08, 0x9a, 0x41 ),
556  EXPECT ( 0x2f, 0x88, 0x3c, 0x46, 0x48, 0xe1, 0x31, 0xe8, 0x6d, 0xdf,
557  0x9d, 0xca, 0x0d, 0x74, 0xf3, 0x0c, 0xa1, 0xce, 0x6e, 0xfb ) );
558 
559 /** SHA-1 Test 5.6 : Retried second call to Generate */
560 HMAC_DRBG_TEST_GENERATE ( sha1_generate_5_6, HMAC_DRBG_SHA1,
562  EXPECT ( 0xf9, 0x39, 0xa5, 0xab, 0x08, 0xa3, 0x9f, 0x23, 0x10, 0x70,
563  0xb0, 0xd4, 0xc9, 0x6d, 0xc2, 0x37, 0x90, 0xba, 0x01, 0x53 ),
564  EXPECT ( 0xce, 0x6d, 0x08, 0xb4, 0xae, 0x2c, 0xe3, 0x83, 0xfd, 0xab,
565  0xb0, 0x1e, 0xaa, 0xfc, 0x9c, 0x8e, 0x76, 0xa0, 0xd4, 0x72 ),
566  EXPECT ( 0x84, 0xad, 0xd5, 0xe2, 0xd2, 0x04, 0x1c, 0x01, 0x72, 0x3a,
567  0x4d, 0xe4, 0x33, 0x5b, 0x13, 0xef, 0xdf, 0x16, 0xb0, 0xe5,
568  0x1a, 0x0a, 0xd3, 0x9b, 0xd1, 0x5e, 0x86, 0x2e, 0x64, 0x4f,
569  0x31, 0xe4, 0xa2, 0xd7, 0xd8, 0x43, 0xe5, 0x7c, 0x59, 0x68 ) );
570 
571 /** SHA-1 Test 6 : Instantiate */
572 #define sha1_instantiate_6 sha1_instantiate_1
573 
574 /** SHA-1 Test 6.1 : First call to Generate */
575 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_6_1, HMAC_DRBG_SHA1,
576  additional_input_1, ( 320 / 8 ) );
577 
578 /** SHA-1 Test 6.2 : Reseed */
579 HMAC_DRBG_TEST_RESEED ( sha1_reseed_6_2, HMAC_DRBG_SHA1,
581  EXPECT ( 0x52, 0x28, 0xa4, 0xb6, 0xa4, 0x46, 0x92, 0x90, 0x5e, 0xc0,
582  0x44, 0xbf, 0xf0, 0xbb, 0x4e, 0x25, 0xa3, 0x87, 0xca, 0xc1 ),
583  EXPECT ( 0x24, 0x77, 0x32, 0xd0, 0x4c, 0xb8, 0x4e, 0xd4, 0x1a, 0xdd,
584  0x95, 0xa4, 0xb7, 0x8b, 0x50, 0xcd, 0x9b, 0x3d, 0x3f, 0x32 ) );
585 
586 /** SHA-1 Test 6.3 : Retried first call to Generate */
587 HMAC_DRBG_TEST_GENERATE ( sha1_generate_6_3, HMAC_DRBG_SHA1,
589  EXPECT ( 0xab, 0x3d, 0xd4, 0x89, 0x5b, 0xc8, 0xcd, 0x22, 0x71, 0xde,
590  0xba, 0x5f, 0x3c, 0x13, 0x63, 0x52, 0x6b, 0x8b, 0x74, 0x52 ),
591  EXPECT ( 0xa8, 0x66, 0xc5, 0xef, 0xf2, 0xaf, 0x04, 0x2b, 0x11, 0x86,
592  0x44, 0x94, 0x45, 0x23, 0x7f, 0x9c, 0x02, 0x44, 0x98, 0x64 ),
593  EXPECT ( 0xa1, 0xba, 0x8f, 0xa5, 0x8b, 0xb5, 0x01, 0x3f, 0x43, 0xf7,
594  0xb6, 0xed, 0x52, 0xb4, 0x53, 0x9f, 0xa1, 0x6d, 0xc7, 0x79,
595  0x57, 0xae, 0xe8, 0x15, 0xb9, 0xc0, 0x70, 0x04, 0xc7, 0xe9,
596  0x92, 0xeb, 0x8c, 0x7e, 0x59, 0x19, 0x64, 0xaf, 0xee, 0xa2 ) );
597 
598 /** SHA-1 Test 6.4 : Second call to Generate */
599 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_6_4, HMAC_DRBG_SHA1,
600  additional_input_2, ( 320 / 8 ) );
601 
602 /** SHA-1 Test 6.5 : Reseed */
603 HMAC_DRBG_TEST_RESEED ( sha1_reseed_6_5, HMAC_DRBG_SHA1,
605  EXPECT ( 0xe5, 0x73, 0x9f, 0x9c, 0xf7, 0xff, 0x43, 0x84, 0xd1, 0x27,
606  0x3e, 0x02, 0x6b, 0x45, 0x31, 0x21, 0x36, 0x49, 0x4f, 0x41 ),
607  EXPECT ( 0x30, 0xc3, 0x43, 0x05, 0xc2, 0xc6, 0x48, 0xb0, 0x57, 0xa6,
608  0x40, 0x22, 0x1b, 0x5c, 0x56, 0x57, 0x26, 0xcd, 0x32, 0xb2 ) );
609 
610 /** SHA-1 Test 6.6 : Retried second call to Generate */
611 HMAC_DRBG_TEST_GENERATE ( sha1_generate_6_6, HMAC_DRBG_SHA1,
613  EXPECT ( 0x61, 0x91, 0xca, 0x9b, 0xf0, 0x00, 0xd1, 0x0a, 0x71, 0x69,
614  0x0a, 0xc1, 0x0e, 0x09, 0xff, 0xc8, 0x92, 0xab, 0xde, 0x9a ),
615  EXPECT ( 0x1e, 0xc0, 0x49, 0x0f, 0xa0, 0xb7, 0x65, 0x52, 0x7e, 0x5e,
616  0xa1, 0x8b, 0x53, 0x22, 0xb2, 0x8b, 0xdd, 0x0e, 0x7b, 0xc0 ),
617  EXPECT ( 0x84, 0x26, 0x4a, 0x73, 0xa8, 0x18, 0xc9, 0x5c, 0x2f, 0x42,
618  0x4b, 0x37, 0xd3, 0xcc, 0x99, 0x0b, 0x04, 0x6f, 0xb5, 0x0c,
619  0x2d, 0xc6, 0x4a, 0x16, 0x42, 0x11, 0x88, 0x9a, 0x01, 0x0f,
620  0x24, 0x71, 0xa0, 0x91, 0x2f, 0xfe, 0xa1, 0xbf, 0x01, 0x95 ) );
621 
622 /** SHA-1 Test 7 : Instantiation */
623 #define sha1_instantiate_7 sha1_instantiate_3
624 
625 /** SHA-1 Test 7.1 : First call to Generate */
626 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_7_1, HMAC_DRBG_SHA1,
627  additional_input_empty, ( 320 / 8 ) );
628 
629 /** SHA-1 Test 7.2 : Reseed */
630 HMAC_DRBG_TEST_RESEED ( sha1_reseed_7_2, HMAC_DRBG_SHA1,
632  EXPECT ( 0xb9, 0x25, 0x4d, 0x8a, 0xac, 0xba, 0x43, 0xfb, 0xda, 0xe6,
633  0x39, 0x4f, 0x2b, 0x3a, 0xfc, 0x5d, 0x58, 0x08, 0x00, 0xbf ),
634  EXPECT ( 0x28, 0x40, 0x3b, 0x60, 0x36, 0x38, 0xd0, 0x7d, 0x79, 0x66,
635  0x66, 0x1e, 0xf6, 0x7b, 0x9d, 0x39, 0x05, 0xf4, 0x6d, 0xb9 ) );
636 
637 /** SHA-1 Test 7.3 : Retried first call to Generate */
638 HMAC_DRBG_TEST_GENERATE ( sha1_generate_7_3, HMAC_DRBG_SHA1,
640  EXPECT ( 0x64, 0xfe, 0x07, 0x4a, 0x6e, 0x77, 0x97, 0xd1, 0xa4, 0x35,
641  0xda, 0x89, 0x64, 0x48, 0x4d, 0x6c, 0xf8, 0xbd, 0xc0, 0x1b ),
642  EXPECT ( 0x43, 0xe0, 0xc0, 0x52, 0x15, 0x86, 0xe9, 0x47, 0x3b, 0x06,
643  0x0d, 0x87, 0xd0, 0x8a, 0x23, 0x25, 0xfa, 0xe1, 0x49, 0xd1 ),
644  EXPECT ( 0x6c, 0x37, 0xfd, 0xd7, 0x29, 0xaa, 0x40, 0xf8, 0x0b, 0xc6,
645  0xab, 0x08, 0xca, 0x7c, 0xc6, 0x49, 0x79, 0x4f, 0x69, 0x98,
646  0xb5, 0x70, 0x81, 0xe4, 0x22, 0x0f, 0x22, 0xc5, 0xc2, 0x83,
647  0xe2, 0xc9, 0x1b, 0x8e, 0x30, 0x5a, 0xb8, 0x69, 0xc6, 0x25 ) );
648 
649 /** SHA-1 Test 7.4 : Second call to Generate */
650 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_7_4, HMAC_DRBG_SHA1,
651  additional_input_empty, ( 320 / 8 ) );
652 
653 /** SHA-1 Test 7.5 : Reseed */
654 HMAC_DRBG_TEST_RESEED ( sha1_reseed_7_5, HMAC_DRBG_SHA1,
656  EXPECT ( 0x02, 0xbc, 0x57, 0x7f, 0xd1, 0x0e, 0xf7, 0x19, 0x3c, 0x1d,
657  0xb0, 0x98, 0xbd, 0x5b, 0x75, 0xc7, 0xc4, 0xb6, 0x79, 0x59 ),
658  EXPECT ( 0xbc, 0xbd, 0xf0, 0x52, 0xe0, 0xe0, 0x2a, 0xe8, 0x9a, 0x77,
659  0x67, 0x94, 0x3f, 0x98, 0x65, 0xb8, 0xb7, 0x22, 0x90, 0x2d ) );
660 
661 /** SHA-1 Test 7.6 : Retried second call to Generate */
662 HMAC_DRBG_TEST_GENERATE ( sha1_generate_7_6, HMAC_DRBG_SHA1,
664  EXPECT ( 0x1a, 0xa4, 0x24, 0x1c, 0x69, 0x5e, 0x29, 0xc0, 0xa5, 0x9a,
665  0xd1, 0x8a, 0x60, 0x70, 0xe3, 0x38, 0xa5, 0x48, 0xbe, 0x92 ),
666  EXPECT ( 0x03, 0x47, 0x35, 0x9b, 0xc9, 0xc7, 0xf8, 0x8c, 0xc8, 0x33,
667  0x0d, 0x4f, 0x59, 0xfb, 0xc7, 0x70, 0xb0, 0xb7, 0x7b, 0x03 ),
668  EXPECT ( 0xca, 0xf5, 0x7d, 0xcf, 0xea, 0x39, 0x3b, 0x92, 0x36, 0xbf,
669  0x69, 0x1f, 0xa4, 0x56, 0xfe, 0xa7, 0xfd, 0xf1, 0xdf, 0x83,
670  0x61, 0x48, 0x2c, 0xa5, 0x4d, 0x5f, 0xa7, 0x23, 0xf4, 0xc8,
671  0x8b, 0x4f, 0xa5, 0x04, 0xbf, 0x03, 0x27, 0x7f, 0xa7, 0x83 ) );
672 
673 /** SHA-1 Test 8 : Instantiate */
674 #define sha1_instantiate_8 sha1_instantiate_3
675 
676 /** SHA-1 Test 8.1 : First call to Generate */
677 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_8_1, HMAC_DRBG_SHA1,
678  additional_input_1, ( 320 / 8 ) );
679 
680 /** SHA-1 Test 8.2 : Reseed */
681 HMAC_DRBG_TEST_RESEED ( sha1_reseed_8_2, HMAC_DRBG_SHA1,
683  EXPECT ( 0xc0, 0x95, 0x48, 0xc0, 0xd3, 0xc8, 0x61, 0xd7, 0x40, 0xf2,
684  0x83, 0x7d, 0x72, 0xb5, 0x07, 0x23, 0x5c, 0x26, 0xdb, 0x82 ),
685  EXPECT ( 0x17, 0x4b, 0x3f, 0x84, 0xc3, 0x53, 0x1f, 0x7c, 0x0a, 0x2e,
686  0x54, 0x21, 0x23, 0x4e, 0xa1, 0x6b, 0x70, 0x8d, 0xdf, 0x0d ) );
687 
688 /** SHA-1 Test 8.3 : Retried first call to Generate */
689 HMAC_DRBG_TEST_GENERATE ( sha1_generate_8_3, HMAC_DRBG_SHA1,
691  EXPECT ( 0x60, 0x3f, 0x09, 0x49, 0x27, 0x9c, 0x70, 0xe8, 0xc6, 0x6c,
692  0x0f, 0x56, 0x37, 0xc0, 0xf3, 0x75, 0x60, 0x07, 0xe5, 0xac ),
693  EXPECT ( 0xf2, 0xb3, 0x3b, 0x21, 0x15, 0x1f, 0xaf, 0x61, 0x20, 0x01,
694  0x83, 0x10, 0xf4, 0x4e, 0x4c, 0xd0, 0xbf, 0xe3, 0x68, 0xea ),
695  EXPECT ( 0xbd, 0x07, 0xc2, 0x5c, 0xfd, 0x7c, 0x5e, 0x3a, 0x4e, 0xaa,
696  0x6e, 0x2e, 0xdc, 0x5a, 0xb7, 0xea, 0x49, 0x42, 0xa0, 0x91,
697  0x34, 0x71, 0xfd, 0xa5, 0x5c, 0x6d, 0xdd, 0x2c, 0x03, 0xef,
698  0xa3, 0xb9, 0x64, 0x3a, 0xb3, 0xbb, 0x22, 0xf6, 0xc9, 0xf2 ) );
699 
700 /** SHA-1 Test 8.4 : Second call to Generate */
701 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_8_4, HMAC_DRBG_SHA1,
702  additional_input_2, ( 320 / 8 ) );
703 
704 /** SHA-1 Test 8.5 : Reseed */
705 HMAC_DRBG_TEST_RESEED ( sha1_reseed_8_5, HMAC_DRBG_SHA1,
707  EXPECT ( 0x89, 0x42, 0xa5, 0x4f, 0x34, 0x9e, 0x28, 0x1b, 0x84, 0xaa,
708  0x46, 0x95, 0x87, 0xfb, 0xdd, 0xaf, 0x9d, 0x11, 0x40, 0x82 ),
709  EXPECT ( 0x07, 0x73, 0x0e, 0x3c, 0xbf, 0xfd, 0x3c, 0xaf, 0xd7, 0xa8,
710  0xaa, 0xe2, 0xbf, 0x01, 0xd6, 0x01, 0x43, 0x01, 0xe2, 0x4d ) );
711 
712 /** SHA-1 Test 8.6 : Retried second call to Generate */
713 HMAC_DRBG_TEST_GENERATE ( sha1_generate_8_6, HMAC_DRBG_SHA1,
715  EXPECT ( 0xbd, 0xe1, 0xb4, 0x6c, 0xdc, 0x54, 0x13, 0xb3, 0xd9, 0xf7,
716  0x35, 0xac, 0xdb, 0x80, 0xb1, 0x3c, 0x57, 0xbf, 0xe4, 0x73 ),
717  EXPECT ( 0x72, 0x5a, 0x3c, 0x78, 0x20, 0xde, 0x1a, 0x06, 0xd0, 0x95,
718  0x81, 0x9c, 0xcf, 0x6f, 0x2c, 0x9b, 0x3a, 0x67, 0xf2, 0xce ),
719  EXPECT ( 0xd1, 0xa9, 0xc1, 0xa2, 0x2c, 0x84, 0xfc, 0x23, 0xff, 0x22,
720  0x27, 0xef, 0x98, 0xec, 0x8b, 0xa9, 0xdf, 0x2a, 0x20, 0x9b,
721  0xa1, 0xdb, 0x09, 0x80, 0x9f, 0x57, 0xbf, 0xea, 0xe5, 0xb3,
722  0xe5, 0xf1, 0x46, 0xc7, 0x5f, 0x2d, 0x8d, 0xbb, 0x5e, 0x4a ) );
723 
724 /** SHA-256 Test 1 : Instantiation */
725 HMAC_DRBG_TEST_INSTANTIATE ( sha256_instantiate_1, HMAC_DRBG_SHA256,
727  EXPECT ( 0x3d, 0xda, 0x54, 0x3e, 0x7e, 0xef, 0x14, 0xf9, 0x36, 0x23,
728  0x7b, 0xe6, 0x5d, 0x09, 0x4b, 0x4d, 0xdc, 0x96, 0x9c, 0x0b,
729  0x2b, 0x5e, 0xaf, 0xb5, 0xd8, 0x05, 0xe8, 0x6c, 0xfa, 0x64,
730  0xd7, 0x41 ),
731  EXPECT ( 0x2d, 0x02, 0xc2, 0xf8, 0x22, 0x51, 0x7d, 0x54, 0xb8, 0x17,
732  0x27, 0x9a, 0x59, 0x49, 0x1c, 0x41, 0xa1, 0x98, 0x9b, 0x3e,
733  0x38, 0x2d, 0xeb, 0xe8, 0x0d, 0x2c, 0x7f, 0x66, 0x0f, 0x44,
734  0x76, 0xc4 ) );
735 
736 /** SHA-256 Test 1.1 : First call to Generate */
737 HMAC_DRBG_TEST_GENERATE ( sha256_generate_1_1, HMAC_DRBG_SHA256,
739  EXPECT ( 0xdd, 0x30, 0x95, 0x79, 0x35, 0x38, 0x02, 0xcc, 0xdd, 0x43,
740  0x99, 0xc3, 0x69, 0x1c, 0x9d, 0xd9, 0x09, 0xdd, 0x3b, 0x2d,
741  0xd0, 0x03, 0xcc, 0xd5, 0x9d, 0x6f, 0x08, 0xd8, 0x5f, 0x2e,
742  0x35, 0x09 ),
743  EXPECT ( 0xa1, 0xc2, 0x0f, 0xf2, 0x70, 0xa3, 0x9d, 0x2b, 0x8d, 0x03,
744  0xd6, 0x59, 0xb9, 0xdd, 0xd0, 0x11, 0xc2, 0xcc, 0xdf, 0x24,
745  0x48, 0x55, 0x7e, 0xf6, 0xa1, 0xa9, 0x15, 0xd1, 0x89, 0x40,
746  0xa6, 0x88 ),
747  EXPECT ( 0xd6, 0x7b, 0x8c, 0x17, 0x34, 0xf4, 0x6f, 0xa3, 0xf7, 0x63,
748  0xcf, 0x57, 0xc6, 0xf9, 0xf4, 0xf2, 0xdc, 0x10, 0x89, 0xbd,
749  0x8b, 0xc1, 0xf6, 0xf0, 0x23, 0x95, 0x0b, 0xfc, 0x56, 0x17,
750  0x63, 0x52, 0x08, 0xc8, 0x50, 0x12, 0x38, 0xad, 0x7a, 0x44,
751  0x00, 0xde, 0xfe, 0xe4, 0x6c, 0x64, 0x0b, 0x61, 0xaf, 0x77,
752  0xc2, 0xd1, 0xa3, 0xbf, 0xaa, 0x90, 0xed, 0xe5, 0xd2, 0x07,
753  0x40, 0x6e, 0x54, 0x03 ) );
754 
755 /** SHA-256 Test 1.2 : Second call to Generate */
756 HMAC_DRBG_TEST_GENERATE ( sha256_generate_1_2, HMAC_DRBG_SHA256,
758  EXPECT ( 0x5c, 0xd5, 0xe5, 0x0a, 0x3e, 0x44, 0x8a, 0x07, 0xc3, 0xd2,
759  0xf2, 0xa3, 0xf9, 0xde, 0xbc, 0xc0, 0x46, 0x5f, 0x9c, 0xf1,
760  0x1c, 0xa1, 0x36, 0xe9, 0xb5, 0x04, 0xb4, 0xd3, 0x1c, 0x7f,
761  0xf1, 0xb8 ),
762  EXPECT ( 0x33, 0xb3, 0x09, 0xf2, 0xff, 0x01, 0xce, 0x10, 0x4b, 0x44,
763  0x29, 0xb6, 0x75, 0xfa, 0xfa, 0x19, 0x01, 0x1e, 0x34, 0x8b,
764  0x28, 0x12, 0x71, 0x5a, 0x76, 0x37, 0xf6, 0xa6, 0xe6, 0x3b,
765  0x5d, 0x57 ),
766  EXPECT ( 0x8f, 0xda, 0xec, 0x20, 0xf8, 0xb4, 0x21, 0x40, 0x70, 0x59,
767  0xe3, 0x58, 0x89, 0x20, 0xda, 0x7e, 0xda, 0x9d, 0xce, 0x3c,
768  0xf8, 0x27, 0x4d, 0xfa, 0x1c, 0x59, 0xc1, 0x08, 0xc1, 0xd0,
769  0xaa, 0x9b, 0x0f, 0xa3, 0x8d, 0xa5, 0xc7, 0x92, 0x03, 0x7c,
770  0x4d, 0x33, 0xcd, 0x07, 0x0c, 0xa7, 0xcd, 0x0c, 0x56, 0x08,
771  0xdb, 0xa8, 0xb8, 0x85, 0x65, 0x46, 0x39, 0xde, 0x21, 0x87,
772  0xb7, 0x4c, 0xb2, 0x63 ) );
773 
774 /** SHA-256 Test 2 : Instantiation */
775 #define sha256_instantiate_2 sha256_instantiate_1
776 
777 /** SHA-256 Test 2.1 : First call to Generate */
778 HMAC_DRBG_TEST_GENERATE ( sha256_generate_2_1, HMAC_DRBG_SHA256,
780  EXPECT ( 0x79, 0x1d, 0x31, 0x44, 0xb3, 0x02, 0xad, 0x6c, 0xe4, 0x32,
781  0x41, 0x34, 0x42, 0x10, 0xaa, 0xd0, 0xd3, 0x99, 0xed, 0xb7,
782  0xb5, 0x90, 0x6f, 0xb2, 0x51, 0xdb, 0x1c, 0xb6, 0x00, 0x04,
783  0xea, 0x51 ),
784  EXPECT ( 0x58, 0xfd, 0x96, 0x5f, 0x4f, 0x99, 0x89, 0x3c, 0x17, 0xe6,
785  0xa3, 0x3c, 0xb8, 0xe9, 0x04, 0x15, 0xb5, 0x16, 0xd0, 0x06,
786  0x14, 0xa4, 0x49, 0xd4, 0x06, 0xe0, 0x3c, 0x68, 0x5b, 0xd8,
787  0x59, 0xbd ),
788  EXPECT ( 0x41, 0x87, 0x87, 0x35, 0x81, 0x35, 0x41, 0x9b, 0x93, 0x81,
789  0x33, 0x53, 0x53, 0x06, 0x17, 0x6a, 0xfb, 0x25, 0x1c, 0xdd,
790  0x2b, 0xa3, 0x79, 0x88, 0x59, 0xb5, 0x66, 0xa0, 0x5c, 0xfb,
791  0x1d, 0x68, 0x0e, 0xa9, 0x25, 0x85, 0x6d, 0x5b, 0x84, 0xd5,
792  0x6a, 0xda, 0xe8, 0x70, 0x45, 0xa6, 0xba, 0x28, 0xd2, 0xc9,
793  0x08, 0xab, 0x75, 0xb7, 0xcc, 0x41, 0x43, 0x1f, 0xac, 0x59,
794  0xf3, 0x89, 0x18, 0xa3 ) );
795 
796 /** SHA-256 Test 2.2 : Second call to Generate */
797 HMAC_DRBG_TEST_GENERATE ( sha256_generate_2_2, HMAC_DRBG_SHA256,
799  EXPECT ( 0xe7, 0x45, 0x8f, 0xb4, 0x4a, 0x36, 0x9a, 0x65, 0x3f, 0x2f,
800  0x8f, 0x57, 0x7b, 0xf9, 0x75, 0xc4, 0xb3, 0x62, 0xc4, 0xfe,
801  0x61, 0x8b, 0x2f, 0x1f, 0xf6, 0x76, 0x9b, 0x13, 0xc9, 0x4d,
802  0xec, 0xf4 ),
803  EXPECT ( 0x19, 0x33, 0x4b, 0x8c, 0x31, 0xb7, 0x49, 0x32, 0xdd, 0xd7,
804  0xb2, 0xa4, 0x68, 0xf6, 0x43, 0x6d, 0xf9, 0x2e, 0x10, 0x0d,
805  0x39, 0xd3, 0xac, 0xb3, 0x68, 0xc7, 0x02, 0x9c, 0xb8, 0x83,
806  0xec, 0x89 ),
807  EXPECT ( 0x7c, 0x06, 0x7b, 0xdd, 0xca, 0x81, 0x72, 0x48, 0x23, 0xd6,
808  0x4c, 0x69, 0x82, 0x92, 0x85, 0xbd, 0xbf, 0xf5, 0x37, 0x71,
809  0x61, 0x02, 0xc1, 0x88, 0x2e, 0x20, 0x22, 0x50, 0xe0, 0xfa,
810  0x5e, 0xf3, 0xa3, 0x84, 0xcd, 0x34, 0xa2, 0x0f, 0xfd, 0x1f,
811  0xbc, 0x91, 0xe0, 0xc5, 0x32, 0xa8, 0xa4, 0x21, 0xbc, 0x4a,
812  0xfe, 0x3c, 0xd4, 0x7f, 0x22, 0x32, 0x3e, 0xb4, 0xba, 0xe1,
813  0xa0, 0x07, 0x89, 0x81 ) );
814 
815 /** SHA-256 Test 3 : Instantiation */
816 HMAC_DRBG_TEST_INSTANTIATE ( sha256_instantiate_3, HMAC_DRBG_SHA256,
818  EXPECT ( 0x65, 0x67, 0x3c, 0x34, 0x8e, 0x51, 0xcf, 0xac, 0xc4, 0x10,
819  0xbd, 0x20, 0x02, 0x49, 0xa5, 0x9a, 0x9d, 0x6b, 0xae, 0x77,
820  0x69, 0x04, 0x27, 0x1b, 0xb1, 0xf7, 0x18, 0xda, 0x1d, 0x18,
821  0x20, 0x42 ),
822  EXPECT ( 0xe0, 0xf9, 0x1a, 0xc9, 0x96, 0x30, 0xee, 0xe6, 0x7c, 0xf8,
823  0x30, 0xcf, 0xd5, 0x04, 0x4f, 0xeb, 0xf5, 0x5c, 0x0c, 0x11,
824  0x50, 0x07, 0x99, 0x7a, 0xda, 0x11, 0x29, 0x6f, 0xc4, 0x16,
825  0x4a, 0x9a ) );
826 
827 /** SHA-256 Test 3.1 : First call to Generate */
828 HMAC_DRBG_TEST_GENERATE ( sha256_generate_3_1, HMAC_DRBG_SHA256,
830  EXPECT ( 0xf0, 0xb2, 0xf2, 0x42, 0xca, 0xd9, 0x92, 0xa7, 0x24, 0xf7,
831  0xe5, 0x59, 0x1d, 0x2f, 0x3b, 0x0c, 0x21, 0x57, 0xae, 0x70,
832  0xd5, 0x32, 0x78, 0x99, 0x40, 0xf1, 0x64, 0x45, 0x9b, 0x00,
833  0xc7, 0x49 ),
834  EXPECT ( 0x1a, 0x03, 0xf9, 0x1c, 0x51, 0x20, 0xba, 0xca, 0x2b, 0xf6,
835  0xc6, 0x4d, 0xd7, 0x3a, 0xb1, 0x1d, 0xf6, 0xfd, 0x3f, 0xf1,
836  0xac, 0x3b, 0x57, 0x20, 0xa3, 0xf7, 0xfb, 0xe3, 0x9e, 0x7e,
837  0x7f, 0xe9 ),
838  EXPECT ( 0x0d, 0xd9, 0xc8, 0x55, 0x89, 0xf3, 0x57, 0xc3, 0x89, 0xd6,
839  0xaf, 0x8d, 0xe9, 0xd7, 0x34, 0xa9, 0x17, 0xc7, 0x71, 0xef,
840  0x2d, 0x88, 0x16, 0xb9, 0x82, 0x59, 0x6e, 0xd1, 0x2d, 0xb4,
841  0x5d, 0x73, 0x4a, 0x62, 0x68, 0x08, 0x35, 0xc0, 0x2f, 0xda,
842  0x66, 0xb0, 0x8e, 0x1a, 0x36, 0x9a, 0xe2, 0x18, 0xf2, 0x6d,
843  0x52, 0x10, 0xad, 0x56, 0x42, 0x48, 0x87, 0x2d, 0x7a, 0x28,
844  0x78, 0x41, 0x59, 0xc3 ) );
845 
846 /** SHA-256 Test 3.2 : Second call to Generate */
847 HMAC_DRBG_TEST_GENERATE ( sha256_generate_3_2, HMAC_DRBG_SHA256,
849  EXPECT ( 0x5c, 0x0d, 0xec, 0x09, 0x37, 0x08, 0xc1, 0x7c, 0xa7, 0x6b,
850  0x57, 0xc0, 0xcb, 0x60, 0xcf, 0x88, 0x9d, 0xcc, 0x47, 0xad,
851  0x10, 0xbd, 0x64, 0xbc, 0x6a, 0x14, 0xb2, 0x3f, 0x20, 0x26,
852  0x07, 0x8a ),
853  EXPECT ( 0x45, 0x67, 0x52, 0xa5, 0x11, 0xb8, 0x48, 0xbd, 0x05, 0xf1,
854  0x81, 0x9b, 0x9f, 0x6b, 0x15, 0x42, 0xc7, 0xd5, 0xec, 0xf9,
855  0x32, 0x73, 0x39, 0x26, 0x7a, 0x0c, 0x77, 0x23, 0x5b, 0x87,
856  0xdc, 0x5a ),
857  EXPECT ( 0x46, 0xb4, 0xf4, 0x75, 0x6a, 0xe7, 0x15, 0xe0, 0xe5, 0x16,
858  0x81, 0xab, 0x29, 0x32, 0xde, 0x15, 0x23, 0xbe, 0x5d, 0x13,
859  0xba, 0xf0, 0xf4, 0x58, 0x8b, 0x11, 0xfe, 0x37, 0x2f, 0xda,
860  0x37, 0xab, 0xe3, 0x68, 0x31, 0x73, 0x41, 0xbc, 0x8b, 0xa9,
861  0x1f, 0xc5, 0xd8, 0x5b, 0x7f, 0xb8, 0xca, 0x8f, 0xbc, 0x30,
862  0x9a, 0x75, 0x8f, 0xd6, 0xfc, 0xa9, 0xdf, 0x43, 0xc7, 0x66,
863  0x0b, 0x22, 0x13, 0x22 ) );
864 
865 /** SHA-256 Test 4 : Instantiation */
866 #define sha256_instantiate_4 sha256_instantiate_3
867 
868 /** SHA-256 Test 4.1 : First call to Generate */
869 HMAC_DRBG_TEST_GENERATE ( sha256_generate_4_1, HMAC_DRBG_SHA256,
871  EXPECT ( 0x57, 0x2c, 0x03, 0x74, 0xc1, 0xa1, 0x01, 0x25, 0xbf, 0xa6,
872  0xae, 0xcd, 0x7c, 0xeb, 0xfe, 0x32, 0xf7, 0x52, 0xc3, 0xfb,
873  0x31, 0x67, 0x31, 0xb7, 0xcf, 0xdb, 0xde, 0xc2, 0x63, 0x56,
874  0x93, 0x2b ),
875  EXPECT ( 0xd6, 0x8b, 0xf0, 0x41, 0xf3, 0xeb, 0x50, 0x88, 0x08, 0x8d,
876  0x8b, 0x8e, 0x71, 0x2c, 0x36, 0xae, 0x95, 0x83, 0xbb, 0x08,
877  0xfd, 0x1f, 0x90, 0x34, 0xa4, 0xe9, 0x42, 0xe9, 0xa6, 0x74,
878  0x7c, 0xe7 ),
879  EXPECT ( 0x14, 0x78, 0xf2, 0x9e, 0x94, 0xb0, 0x2c, 0xb4, 0x0d, 0x3a,
880  0xab, 0x86, 0x24, 0x55, 0x57, 0xce, 0x13, 0xa8, 0xca, 0x2f,
881  0xdb, 0x65, 0x7d, 0x98, 0xef, 0xc1, 0x92, 0x34, 0x6b, 0x9f,
882  0xac, 0x33, 0xea, 0x58, 0xad, 0xa2, 0xcc, 0xa4, 0x32, 0xcc,
883  0xde, 0xfb, 0xcd, 0xaa, 0x8b, 0x82, 0xf5, 0x53, 0xef, 0x96,
884  0x61, 0x34, 0xe2, 0xcd, 0x13, 0x9f, 0x15, 0xf0, 0x1c, 0xad,
885  0x56, 0x85, 0x65, 0xa8 ) );
886 
887 /** SHA-256 Test 4.2 : Second call to Generate */
888 HMAC_DRBG_TEST_GENERATE ( sha256_generate_4_2, HMAC_DRBG_SHA256,
890  EXPECT ( 0x28, 0x2e, 0x07, 0x34, 0x80, 0x80, 0x93, 0x75, 0x58, 0xb1,
891  0x39, 0x2e, 0x95, 0xab, 0x91, 0xe7, 0xc1, 0xf6, 0x22, 0xb2,
892  0x4f, 0xfb, 0x87, 0x20, 0xa5, 0xf0, 0xa5, 0xe0, 0x75, 0x50,
893  0xc7, 0xc2 ),
894  EXPECT ( 0xdf, 0xc3, 0xbd, 0xb5, 0xf3, 0xbc, 0xf1, 0xaa, 0x68, 0x29,
895  0x8e, 0x79, 0x0d, 0x72, 0x0a, 0x67, 0xa7, 0x6e, 0x31, 0xb9,
896  0x2b, 0x9b, 0x35, 0xa8, 0xe5, 0x47, 0x1b, 0xb1, 0x7e, 0x30,
897  0x3c, 0x6b ),
898  EXPECT ( 0x49, 0x7c, 0x7a, 0x16, 0xe8, 0x8a, 0x64, 0x11, 0xf8, 0xfc,
899  0xe1, 0x0e, 0xf5, 0x67, 0x63, 0xc6, 0x10, 0x25, 0x80, 0x1d,
900  0x8f, 0x51, 0xa7, 0x43, 0x52, 0xd6, 0x82, 0xcc, 0x23, 0xa0,
901  0xa8, 0xe6, 0x73, 0xca, 0xe0, 0x32, 0x28, 0x93, 0x90, 0x64,
902  0x7d, 0xc6, 0x83, 0xb7, 0x34, 0x28, 0x85, 0xd6, 0xb7, 0x6a,
903  0xb1, 0xda, 0x69, 0x6d, 0x3e, 0x97, 0xe2, 0x2d, 0xff, 0xdd,
904  0xff, 0xfd, 0x8d, 0xf0 ) );
905 
906 /** SHA-256 Test 5 : Instantiation */
907 #define sha256_instantiate_5 sha256_instantiate_1
908 
909 /** SHA-256 Test 5.1 : First call to Generate */
910 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_5_1, HMAC_DRBG_SHA256,
911  additional_input_empty, ( 512 / 8 ) );
912 
913 /** SHA-256 Test 5.2 : Reseed */
914 HMAC_DRBG_TEST_RESEED ( sha256_reseed_5_2, HMAC_DRBG_SHA256,
916  EXPECT ( 0xb8, 0x40, 0x07, 0xe3, 0xe2, 0x7f, 0x34, 0xf9, 0xa7, 0x82,
917  0x0b, 0x7a, 0xb5, 0x9b, 0xbe, 0xfc, 0xd0, 0xc4, 0xac, 0xae,
918  0xde, 0x4b, 0x0b, 0x36, 0xb1, 0x47, 0xb8, 0x97, 0x79, 0xfd,
919  0x74, 0x9d ),
920  EXPECT ( 0xa7, 0x2b, 0x8f, 0xee, 0x92, 0x39, 0x2f, 0x0a, 0x9d, 0x2d,
921  0x61, 0xbf, 0x09, 0xa4, 0xdf, 0xcc, 0x9d, 0xe6, 0x9a, 0x16,
922  0xa5, 0xf1, 0x50, 0x22, 0x4c, 0x3e, 0xf6, 0x04, 0x2d, 0x15,
923  0x21, 0xfc ) );
924 
925 /** SHA-256 Test 5.3 : Retried first call to Generate */
926 HMAC_DRBG_TEST_GENERATE ( sha256_generate_5_3, HMAC_DRBG_SHA256,
928  EXPECT ( 0x43, 0x48, 0xaf, 0x84, 0x20, 0x84, 0x2f, 0xa0, 0x77, 0xb9,
929  0xd3, 0xdb, 0xa8, 0xdc, 0xe9, 0xb3, 0xe1, 0xdf, 0x73, 0x4f,
930  0xfc, 0xe1, 0xbe, 0xa5, 0xb9, 0xe2, 0xb1, 0x54, 0xdc, 0x5e,
931  0xc6, 0x15 ),
932  EXPECT ( 0xd2, 0xc1, 0xac, 0x27, 0x88, 0x5d, 0x43, 0x32, 0x76, 0x71,
933  0x31, 0x46, 0x32, 0xea, 0x60, 0x43, 0x3c, 0xca, 0x72, 0x73,
934  0x04, 0x56, 0x9e, 0xa7, 0xd4, 0x71, 0xfe, 0xa7, 0xdb, 0x7d,
935  0x31, 0x5d ),
936  EXPECT ( 0xfa, 0xbd, 0x0a, 0xe2, 0x5c, 0x69, 0xdc, 0x2e, 0xfd, 0xef,
937  0xb7, 0xf2, 0x0c, 0x5a, 0x31, 0xb5, 0x7a, 0xc9, 0x38, 0xab,
938  0x77, 0x1a, 0xa1, 0x9b, 0xf8, 0xf5, 0xf1, 0x46, 0x8f, 0x66,
939  0x5c, 0x93, 0x8c, 0x9a, 0x1a, 0x5d, 0xf0, 0x62, 0x8a, 0x56,
940  0x90, 0xf1, 0x5a, 0x1a, 0xd8, 0xa6, 0x13, 0xf3, 0x1b, 0xbd,
941  0x65, 0xee, 0xad, 0x54, 0x57, 0xd5, 0xd2, 0x69, 0x47, 0xf2,
942  0x9f, 0xe9, 0x1a, 0xa7 ) );
943 
944 /** SHA-256 Test 5.4 : Second call to Generate */
945 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_5_4, HMAC_DRBG_SHA256,
946  additional_input_empty, ( 512 / 8 ) );
947 
948 /** SHA-256 Test 5.5 : Reseed */
949 HMAC_DRBG_TEST_RESEED ( sha256_reseed_5_5, HMAC_DRBG_SHA256,
951  EXPECT ( 0xbf, 0xa0, 0x2c, 0xe7, 0xe9, 0x2d, 0xe9, 0x2b, 0x18, 0x24,
952  0x28, 0x86, 0x89, 0x0e, 0x58, 0x6f, 0x83, 0x69, 0x06, 0xac,
953  0xe9, 0xe5, 0x54, 0xf1, 0xb0, 0xed, 0x63, 0x57, 0x3c, 0xb8,
954  0xb5, 0x03 ),
955  EXPECT ( 0xd3, 0x24, 0x03, 0xee, 0xa9, 0xdc, 0xe1, 0x61, 0x6e, 0x4e,
956  0x11, 0x55, 0xb9, 0x23, 0xd8, 0x84, 0x2c, 0xc6, 0xe7, 0x84,
957  0xc6, 0x7a, 0x93, 0x85, 0xb2, 0xa6, 0x37, 0xf1, 0x02, 0xfa,
958  0x45, 0xd5 ) );
959 
960 /** SHA-256 Test 5.6 : Retried second call to Generate */
961 HMAC_DRBG_TEST_GENERATE ( sha256_generate_5_6, HMAC_DRBG_SHA256,
963  EXPECT ( 0x81, 0x21, 0xf7, 0x76, 0x4c, 0x08, 0x1e, 0xe9, 0xd1, 0x17,
964  0x1e, 0xd1, 0x87, 0xba, 0xe0, 0x88, 0x95, 0xca, 0xe2, 0x30,
965  0xd0, 0xa2, 0x5e, 0x37, 0x39, 0xc5, 0x7d, 0x54, 0x16, 0x10,
966  0x9b, 0x82 ),
967  EXPECT ( 0x37, 0x84, 0x97, 0x7c, 0xc0, 0xe5, 0x9f, 0xbc, 0x9c, 0xda,
968  0x4e, 0x11, 0x92, 0x47, 0x5c, 0x6e, 0xfa, 0xf8, 0x07, 0x20,
969  0x19, 0x86, 0x21, 0x22, 0xcb, 0x6b, 0xce, 0xaa, 0xcc, 0x4a,
970  0x17, 0x5e ),
971  EXPECT ( 0x6b, 0xd9, 0x25, 0xb0, 0xe1, 0xc2, 0x32, 0xef, 0xd6, 0x7c,
972  0xcd, 0x84, 0xf7, 0x22, 0xe9, 0x27, 0xec, 0xb4, 0x6a, 0xb2,
973  0xb7, 0x40, 0x01, 0x47, 0x77, 0xaf, 0x14, 0xba, 0x0b, 0xbf,
974  0x53, 0xa4, 0x5b, 0xdb, 0xb6, 0x2b, 0x3f, 0x7d, 0x0b, 0x9c,
975  0x8e, 0xea, 0xd0, 0x57, 0xc0, 0xec, 0x75, 0x4e, 0xf8, 0xb5,
976  0x3e, 0x60, 0xa1, 0xf4, 0x34, 0xf0, 0x59, 0x46, 0xa8, 0xb6,
977  0x86, 0xaf, 0xbc, 0x7a ) );
978 
979 /** SHA-256 Test 6 : Instantiate */
980 #define sha256_instantiate_6 sha256_instantiate_1
981 
982 /** SHA-256 Test 6.1 : First call to Generate */
983 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_6_1, HMAC_DRBG_SHA256,
984  additional_input_1, ( 512 / 8 ) );
985 
986 /** SHA-256 Test 6.2 : Reseed */
987 HMAC_DRBG_TEST_RESEED ( sha256_reseed_6_2, HMAC_DRBG_SHA256,
989  EXPECT ( 0xc1, 0x25, 0xea, 0x99, 0x75, 0x8e, 0xbb, 0x9a, 0x6f, 0x69,
990  0xae, 0x31, 0x2a, 0xc2, 0x04, 0xb5, 0x94, 0xc0, 0x0a, 0xb6,
991  0x8b, 0x81, 0x6e, 0x3a, 0x52, 0x12, 0x8e, 0x02, 0x78, 0xa5,
992  0x84, 0xac ),
993  EXPECT ( 0xb2, 0xcb, 0x2b, 0x89, 0x12, 0x3f, 0x5b, 0x4a, 0xf5, 0x87,
994  0xb8, 0xf6, 0xbd, 0xc5, 0x42, 0x7a, 0x99, 0x14, 0x19, 0xd3,
995  0x53, 0x07, 0x7c, 0x68, 0x5e, 0x70, 0x7a, 0xcd, 0xf8, 0xe9,
996  0xfd, 0xa9 ) );
997 
998 /** SHA-256 Test 6.3 : Retried first call to Generate */
999 HMAC_DRBG_TEST_GENERATE ( sha256_generate_6_3, HMAC_DRBG_SHA256,
1001  EXPECT ( 0xc6, 0xed, 0x8f, 0xed, 0x71, 0x57, 0xa4, 0xd0, 0x9e, 0xa1,
1002  0xdd, 0xe8, 0x94, 0x6b, 0x54, 0x43, 0x3e, 0xcc, 0x54, 0x49,
1003  0xa4, 0xa3, 0x52, 0xaf, 0x45, 0x76, 0x4e, 0xe6, 0x73, 0x4b,
1004  0xbb, 0x04 ),
1005  EXPECT ( 0xeb, 0xc7, 0x75, 0x25, 0x6b, 0xb7, 0x81, 0x24, 0x1e, 0x9c,
1006  0x70, 0xbb, 0xcf, 0x73, 0x2b, 0xdc, 0x90, 0xad, 0x10, 0xd9,
1007  0xdd, 0x3a, 0x89, 0x6e, 0xcc, 0x12, 0xb9, 0x2f, 0xfb, 0x63,
1008  0x45, 0xab ),
1009  EXPECT ( 0x08, 0x5d, 0x57, 0xaf, 0x6b, 0xab, 0xcf, 0x2b, 0x9a, 0xee,
1010  0xf3, 0x87, 0xd5, 0x31, 0x65, 0x0e, 0x6a, 0x50, 0x5c, 0x54,
1011  0x40, 0x6a, 0xb3, 0x7a, 0x52, 0x89, 0x9e, 0x0e, 0xca, 0xb3,
1012  0x63, 0x2b, 0x7a, 0x06, 0x8a, 0x28, 0x14, 0xc6, 0xdf, 0x6a,
1013  0xe5, 0x32, 0xb6, 0x58, 0xd0, 0xd9, 0x74, 0x1c, 0x84, 0x77,
1014  0x5f, 0xee, 0x45, 0xb6, 0x84, 0xcd, 0xbd, 0xc2, 0x5f, 0xbc,
1015  0xb4, 0xd8, 0xf3, 0x10 ) );
1016 
1017 /** SHA-256 Test 6.4 : Second call to Generate */
1018 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_6_4, HMAC_DRBG_SHA256,
1019  additional_input_2, ( 512 / 8 ) );
1020 
1021 /** SHA-256 Test 6.5 : Reseed */
1022 HMAC_DRBG_TEST_RESEED ( sha256_reseed_6_5, HMAC_DRBG_SHA256,
1024  EXPECT ( 0xfc, 0x51, 0xda, 0x84, 0xf9, 0x69, 0x6b, 0xcc, 0x84, 0xc8,
1025  0xf2, 0xac, 0xb9, 0x24, 0xbc, 0xdf, 0x72, 0xf8, 0x2e, 0xa2,
1026  0xca, 0x64, 0x3f, 0x08, 0x3b, 0x0c, 0x16, 0xc3, 0x63, 0x4e,
1027  0xfc, 0x62 ),
1028  EXPECT ( 0xb9, 0x74, 0xe4, 0x37, 0x0a, 0xd5, 0x76, 0xbb, 0x99, 0xc4,
1029  0xe4, 0x9e, 0xa6, 0x80, 0xbf, 0xf9, 0x8d, 0xe9, 0xe1, 0x2f,
1030  0xec, 0xd0, 0x13, 0xde, 0xd4, 0x3c, 0x80, 0xf6, 0x9a, 0x7a,
1031  0xde, 0x8a ) );
1032 
1033 /** SHA-256 Test 6.6 : Retried second call to Generate */
1034 HMAC_DRBG_TEST_GENERATE ( sha256_generate_6_6, HMAC_DRBG_SHA256,
1036  EXPECT ( 0x56, 0xa2, 0xb4, 0x46, 0x32, 0xcb, 0x8f, 0xc3, 0xa6, 0x40,
1037  0x09, 0xbf, 0xd6, 0xec, 0x95, 0xe5, 0x6c, 0xef, 0x8e, 0x7c,
1038  0x91, 0x2a, 0xa8, 0x2b, 0x16, 0xf6, 0x14, 0x91, 0x5d, 0x9c,
1039  0xd6, 0xe3 ),
1040  EXPECT ( 0xb5, 0xb3, 0x96, 0xa0, 0x15, 0x76, 0xb0, 0xfe, 0x42, 0xf4,
1041  0x08, 0x44, 0x55, 0x6c, 0x4c, 0xf4, 0xb6, 0x80, 0x4c, 0x94,
1042  0xde, 0x9d, 0x62, 0x38, 0xf1, 0xf7, 0xe7, 0xaf, 0x5c, 0x72,
1043  0x57, 0xf3 ),
1044  EXPECT ( 0x9b, 0x21, 0x9f, 0xd9, 0x0d, 0xe2, 0xa0, 0x8e, 0x49, 0x34,
1045  0x05, 0xcf, 0x87, 0x44, 0x17, 0xb5, 0x82, 0x67, 0x70, 0xf3,
1046  0x94, 0x48, 0x15, 0x55, 0xdc, 0x66, 0x8a, 0xcd, 0x96, 0xb9,
1047  0xa3, 0xe5, 0x6f, 0x9d, 0x2c, 0x32, 0x5e, 0x26, 0xd4, 0x7c,
1048  0x1d, 0xfc, 0xfc, 0x8f, 0xbf, 0x86, 0x12, 0x6f, 0x40, 0xa1,
1049  0xe6, 0x39, 0x60, 0xf6, 0x27, 0x49, 0x34, 0x2e, 0xcd, 0xb7,
1050  0x1b, 0x24, 0x0d, 0xc6 ) );
1051 
1052 /** SHA-256 Test 7 : Instantiation */
1053 #define sha256_instantiate_7 sha256_instantiate_3
1054 
1055 /** SHA-256 Test 7.1 : First call to Generate */
1056 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_7_1, HMAC_DRBG_SHA256,
1057  additional_input_empty, ( 512 / 8 ) );
1058 
1059 /** SHA-256 Test 7.2 : Reseed */
1060 HMAC_DRBG_TEST_RESEED ( sha256_reseed_7_2, HMAC_DRBG_SHA256,
1062  EXPECT ( 0x44, 0x76, 0xc6, 0xd1, 0x1f, 0xc3, 0x5d, 0x44, 0x09, 0xd9,
1063  0x03, 0x2e, 0x45, 0x3b, 0x0f, 0x0d, 0xc3, 0x31, 0x4d, 0xb8,
1064  0x62, 0xcb, 0xdb, 0x60, 0x9c, 0x56, 0x02, 0x20, 0x8d, 0x4c,
1065  0x88, 0xd8 ),
1066  EXPECT ( 0x95, 0xef, 0x78, 0x5a, 0x61, 0xc2, 0xf7, 0xb3, 0x6b, 0xc5,
1067  0x96, 0xba, 0x4b, 0xa2, 0x08, 0xa5, 0x2c, 0x6d, 0xc2, 0x03,
1068  0x63, 0x6d, 0x8f, 0x17, 0x87, 0x45, 0x3b, 0x85, 0x2b, 0x7e,
1069  0x49, 0xec ) );
1070 
1071 /** SHA-256 Test 7.3 : Retried first call to Generate */
1072 HMAC_DRBG_TEST_GENERATE ( sha256_generate_7_3, HMAC_DRBG_SHA256,
1074  EXPECT ( 0x0d, 0xf9, 0x11, 0x0e, 0x2f, 0x22, 0x58, 0x98, 0x24, 0xa9,
1075  0x47, 0x6c, 0x8e, 0x32, 0x08, 0x8e, 0x51, 0xa0, 0xda, 0x36,
1076  0x63, 0x3f, 0x8c, 0xd1, 0xf7, 0x54, 0x7d, 0xff, 0x69, 0x6e,
1077  0x4b, 0x29 ),
1078  EXPECT ( 0xc0, 0xe3, 0xc8, 0xed, 0x5a, 0x8b, 0x57, 0x9e, 0x3f, 0xef,
1079  0x9d, 0xf3, 0xb7, 0xc2, 0xc2, 0x12, 0x98, 0x07, 0x17, 0xcc,
1080  0x91, 0xae, 0x18, 0x66, 0x45, 0xfa, 0xbb, 0x2c, 0xc7, 0x84,
1081  0xd5, 0xd7 ),
1082  EXPECT ( 0xd8, 0xb6, 0x71, 0x30, 0x71, 0x41, 0x94, 0xff, 0xe5, 0xb2,
1083  0xa3, 0x5d, 0xbc, 0xd5, 0xe1, 0xa2, 0x99, 0x42, 0xad, 0x5c,
1084  0x68, 0xf3, 0xde, 0xb9, 0x4a, 0xdd, 0x9e, 0x9e, 0xba, 0xd8,
1085  0x60, 0x67, 0xed, 0xf0, 0x49, 0x15, 0xfb, 0x40, 0xc3, 0x91,
1086  0xea, 0xe7, 0x0c, 0x65, 0x9e, 0xaa, 0xe7, 0xef, 0x11, 0xa3,
1087  0xd4, 0x6a, 0x5b, 0x08, 0x5e, 0xdd, 0x90, 0xcc, 0x72, 0xce,
1088  0xa9, 0x89, 0x21, 0x0b ) );
1089 
1090 /** SHA-256 Test 7.4 : Second call to Generate */
1091 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_7_4, HMAC_DRBG_SHA256,
1092  additional_input_empty, ( 512 / 8 ) );
1093 
1094 /** SHA-256 Test 7.5 : Reseed */
1095 HMAC_DRBG_TEST_RESEED ( sha256_reseed_7_5, HMAC_DRBG_SHA256,
1097  EXPECT ( 0x3d, 0x77, 0x63, 0xe5, 0x30, 0x3d, 0xb5, 0x4b, 0xe2, 0x05,
1098  0x44, 0xa8, 0x1e, 0x9f, 0x00, 0xca, 0xdc, 0xfc, 0x1c, 0xb2,
1099  0x8d, 0xec, 0xb9, 0xcf, 0xc6, 0x99, 0xf6, 0x1d, 0xba, 0xf8,
1100  0x80, 0x21 ),
1101  EXPECT ( 0xfe, 0xbc, 0x02, 0x79, 0xb7, 0x71, 0x0d, 0xec, 0x5c, 0x06,
1102  0x7e, 0xbe, 0xfa, 0x06, 0x8e, 0x4b, 0x59, 0x67, 0x49, 0x1b,
1103  0x7e, 0xef, 0x94, 0x75, 0x83, 0x50, 0x6d, 0x04, 0x97, 0xce,
1104  0x67, 0xba ) );
1105 
1106 /** SHA-256 Test 7.6 : Retried second call to Generate */
1107 HMAC_DRBG_TEST_GENERATE ( sha256_generate_7_6, HMAC_DRBG_SHA256,
1109  EXPECT ( 0x2d, 0x21, 0xac, 0x94, 0x99, 0x2f, 0xd8, 0x2b, 0x09, 0x80,
1110  0xd3, 0xd5, 0x95, 0x51, 0xb9, 0xd0, 0x7c, 0x8d, 0x54, 0xb2,
1111  0x52, 0xb6, 0x16, 0x28, 0x93, 0x44, 0xf8, 0xac, 0x86, 0x9e,
1112  0xd3, 0x5b ),
1113  EXPECT ( 0x61, 0x0c, 0x34, 0xcd, 0xbf, 0x6f, 0x75, 0x33, 0x54, 0x7f,
1114  0x23, 0x32, 0xea, 0xc5, 0x7e, 0xe3, 0x1e, 0x72, 0x4f, 0xb2,
1115  0x92, 0x55, 0x56, 0x6b, 0x59, 0x78, 0x33, 0x16, 0x6c, 0xd0,
1116  0x39, 0x9f ),
1117  EXPECT ( 0x8b, 0xba, 0x71, 0xc2, 0x58, 0x3f, 0x25, 0x30, 0xc2, 0x59,
1118  0xc9, 0x07, 0x84, 0xa5, 0x9a, 0xc4, 0x4d, 0x1c, 0x80, 0x56,
1119  0x91, 0x7c, 0xcf, 0x38, 0x87, 0x88, 0x10, 0x2d, 0x73, 0x82,
1120  0x4c, 0x6c, 0x11, 0xd5, 0xd6, 0x3b, 0xe1, 0xf0, 0x10, 0x17,
1121  0xd8, 0x84, 0xcd, 0x69, 0xd9, 0x33, 0x4b, 0x9e, 0xbc, 0x01,
1122  0xe7, 0xbd, 0x8f, 0xdf, 0x2a, 0x8e, 0x52, 0x57, 0x22, 0x93,
1123  0xdc, 0x21, 0xc0, 0xe1 ) );
1124 
1125 /** SHA-256 Test 8 : Instantiate */
1126 #define sha256_instantiate_8 sha256_instantiate_3
1127 
1128 /** SHA-256 Test 8.1 : First call to Generate */
1129 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_8_1, HMAC_DRBG_SHA256,
1130  additional_input_1, ( 512 / 8 ) );
1131 
1132 /** SHA-256 Test 8.2 : Reseed */
1133 HMAC_DRBG_TEST_RESEED ( sha256_reseed_8_2, HMAC_DRBG_SHA256,
1135  EXPECT ( 0xb3, 0x81, 0x38, 0x8c, 0x1d, 0x7c, 0xfd, 0x56, 0x59, 0x30,
1136  0x99, 0x3b, 0xd9, 0x26, 0x90, 0x66, 0x50, 0x88, 0xd9, 0xb8,
1137  0x39, 0x96, 0x9b, 0x87, 0xf1, 0x6d, 0xb6, 0xdf, 0x4e, 0x43,
1138  0x00, 0xd7 ),
1139  EXPECT ( 0xfa, 0x04, 0x25, 0x64, 0x00, 0xe3, 0x42, 0xe6, 0x55, 0xf4,
1140  0x33, 0x26, 0x94, 0xe3, 0xb2, 0x4c, 0x04, 0xfb, 0x85, 0xbf,
1141  0x87, 0x80, 0x21, 0xe4, 0x52, 0xe7, 0x3b, 0x8f, 0x46, 0xd4,
1142  0xbd, 0xc6 ) );
1143 
1144 /** SHA-256 Test 8.3 : Retried first call to Generate */
1145 HMAC_DRBG_TEST_GENERATE ( sha256_generate_8_3, HMAC_DRBG_SHA256,
1147  EXPECT ( 0xd4, 0x1f, 0x6f, 0x33, 0x65, 0x82, 0x21, 0x70, 0x50, 0xb1,
1148  0xf6, 0x59, 0x28, 0xfd, 0x6e, 0x94, 0xcb, 0xc9, 0x45, 0x68,
1149  0xfe, 0x3b, 0x6b, 0x53, 0x38, 0x9e, 0x1e, 0x3a, 0x5b, 0x49,
1150  0xe1, 0x01 ),
1151  EXPECT ( 0xa6, 0x55, 0xc9, 0xe7, 0xd1, 0x33, 0xf1, 0xcd, 0x8b, 0x11,
1152  0x61, 0xf2, 0x7d, 0x54, 0xe7, 0x5a, 0x7e, 0x7c, 0x80, 0x42,
1153  0xbf, 0x74, 0xd4, 0x7f, 0x9f, 0xfd, 0x60, 0xe2, 0x45, 0xeb,
1154  0xa5, 0x7e ),
1155  EXPECT ( 0x44, 0xd7, 0x8b, 0xbc, 0x3e, 0xb6, 0x7c, 0x59, 0xc2, 0x2f,
1156  0x6c, 0x31, 0x00, 0x3d, 0x21, 0x2a, 0x78, 0x37, 0xcc, 0xd8,
1157  0x4c, 0x43, 0x8b, 0x55, 0x15, 0x0f, 0xd0, 0x13, 0xa8, 0xa7,
1158  0x8f, 0xe8, 0xed, 0xea, 0x81, 0xc6, 0x72, 0xe4, 0xb8, 0xdd,
1159  0xc8, 0x18, 0x38, 0x86, 0xe6, 0x9c, 0x2e, 0x17, 0x7d, 0xf5,
1160  0x74, 0xc1, 0xf1, 0x90, 0xdf, 0x27, 0x18, 0x50, 0xf8, 0xce,
1161  0x55, 0xef, 0x20, 0xb8 ) );
1162 
1163 /** SHA-256 Test 8.4 : Second call to Generate */
1164 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_8_4, HMAC_DRBG_SHA256,
1165  additional_input_2, ( 512 / 8 ) );
1166 
1167 /** SHA-256 Test 8.5 : Reseed */
1168 HMAC_DRBG_TEST_RESEED ( sha256_reseed_8_5, HMAC_DRBG_SHA256,
1170  EXPECT ( 0xfb, 0xa8, 0x05, 0x45, 0x3e, 0x3c, 0x9a, 0x73, 0x64, 0x58,
1171  0x5c, 0xed, 0xbc, 0xd2, 0x92, 0x30, 0xfb, 0xc9, 0x3d, 0x6f,
1172  0x12, 0x9d, 0x21, 0xed, 0xdd, 0xf6, 0x61, 0x3b, 0x3a, 0x8f,
1173  0xf2, 0x83 ),
1174  EXPECT ( 0x83, 0x64, 0x7a, 0x33, 0x8c, 0x15, 0x3c, 0xba, 0xf0, 0xe4,
1175  0x9a, 0x54, 0xa4, 0x4f, 0xea, 0x66, 0x70, 0xcf, 0xd7, 0xc1,
1176  0x71, 0x4d, 0x4a, 0xb3, 0x5f, 0x11, 0x12, 0x3d, 0xf2, 0x7b,
1177  0x69, 0xcf ) );
1178 
1179 /** SHA-256 Test 8.6 : Retried second call to Generate */
1180 HMAC_DRBG_TEST_GENERATE ( sha256_generate_8_6, HMAC_DRBG_SHA256,
1182  EXPECT ( 0xae, 0x59, 0xc7, 0x0a, 0x7c, 0x60, 0xed, 0x49, 0x83, 0x78,
1183  0xea, 0x84, 0x5b, 0xe9, 0x7d, 0x8f, 0xf8, 0x81, 0xe0, 0xea,
1184  0x37, 0x2e, 0x26, 0x5f, 0xa6, 0x72, 0x84, 0x29, 0x3e, 0x1a,
1185  0x46, 0xac ),
1186  EXPECT ( 0xe2, 0xf0, 0x4d, 0xe3, 0xce, 0x21, 0x79, 0x61, 0xae, 0x2b,
1187  0x2d, 0x20, 0xa7, 0xba, 0x7c, 0x6c, 0x82, 0x0b, 0x5b, 0x14,
1188  0x92, 0x6e, 0x59, 0x56, 0xae, 0x6d, 0xfa, 0x2e, 0xd1, 0xd6,
1189  0x39, 0x93 ),
1190  EXPECT ( 0x91, 0x77, 0x80, 0xdc, 0x0c, 0xe9, 0x98, 0x9f, 0xee, 0x6c,
1191  0x08, 0x06, 0xd6, 0xda, 0x12, 0x3a, 0x18, 0x25, 0x29, 0x47,
1192  0x58, 0xd4, 0xe1, 0xb5, 0x82, 0x68, 0x72, 0x31, 0x78, 0x0a,
1193  0x2a, 0x9c, 0x33, 0xf1, 0xd1, 0x56, 0xcc, 0xad, 0x32, 0x77,
1194  0x64, 0xb2, 0x9a, 0x4c, 0xb2, 0x69, 0x01, 0x77, 0xae, 0x96,
1195  0xef, 0x9e, 0xe9, 0x2a, 0xd0, 0xc3, 0x40, 0xba, 0x0f, 0xd1,
1196  0x20, 0x3c, 0x02, 0xc6 ) );
1197 
1198 /**
1199  * Force a "reseed required" state
1200  *
1201  * @v state HMAC_DRBG internal state
1202  */
1203 static inline void force_reseed_required ( struct hmac_drbg_state *state ) {
1204  state->reseed_counter = ( HMAC_DRBG_RESEED_INTERVAL + 1 );
1205 }
1206 
1207 /**
1208  * Perform HMAC_DRBG self-test
1209  *
1210  */
1211 static void hmac_drbg_test_exec ( void ) {
1212  struct hmac_drbg_state state;
1213 
1214  /*
1215  * IMPORTANT NOTE
1216  *
1217  * The NIST test vector set includes several calls to
1218  * HMAC_DRBG_Generate() that are expected to fail with a
1219  * status of "Reseed required". The pattern seems to be that
1220  * when prediction resistance is requested, any call to
1221  * HMAC_DRBG_Generate() is at first expected to fail. After
1222  * an explicit reseeding, the call to HMAC_DRBG_Generate() is
1223  * retried, and on this second time it is expected to succeed.
1224  *
1225  * This pattern does not match the specifications for
1226  * HMAC_DRBG_Generate(): neither HMAC_DRBG_Generate_algorithm
1227  * (defined in ANS X9.82 Part 3-2007 Section 10.2.2.2.5 (NIST
1228  * SP 800-90 Section 10.1.2.5)) nor the higher-level wrapper
1229  * Generate_function defined in ANS X9.82 Part 3-2007 Section
1230  * 9.4 (NIST SP 800-90 Section 9.3)) can possibly exhibit this
1231  * behaviour:
1232  *
1233  * a) HMAC_DRBG_Generate_algorithm can return a "reseed
1234  * required" status only as a result of the test
1235  *
1236  * "1. If reseed_counter > reseed_interval, then return
1237  * an indication that a reseed is required."
1238  *
1239  * Since the reseed interval is independent of any request
1240  * for prediction resistance, and since the reseed interval
1241  * is not specified as part of the NIST test vector set,
1242  * then this cannot be the source of the "Reseed required"
1243  * failure expected by the NIST test vector set.
1244  *
1245  * b) Generate_function cannot return a "reseed required"
1246  * status under any circumstances. If the underlying
1247  * HMAC_DRBG_Generate_algorithm call returns "reseed
1248  * required", then Generate_function will automatically
1249  * reseed and try again.
1250  *
1251  * To produce the behaviour expected by the NIST test vector
1252  * set, we therefore contrive to produce a "reseed required"
1253  * state where necessary by setting the reseed_counter to
1254  * greater than the reseed_interval.
1255  */
1256 
1257  /* SHA-1 Test 1 */
1258  instantiate_ok ( &state, &sha1_instantiate_1 );
1259  generate_ok ( &state, &sha1_generate_1_1 );
1260  generate_ok ( &state, &sha1_generate_1_2 );
1261 
1262  /* SHA-1 Test 2 */
1264  generate_ok ( &state, &sha1_generate_2_1 );
1265  generate_ok ( &state, &sha1_generate_2_2 );
1266 
1267  /* SHA-1 Test 3 */
1268  instantiate_ok ( &state, &sha1_instantiate_3 );
1269  generate_ok ( &state, &sha1_generate_3_1 );
1270  generate_ok ( &state, &sha1_generate_3_2 );
1271 
1272  /* SHA-1 Test 4 */
1274  generate_ok ( &state, &sha1_generate_4_1 );
1275  generate_ok ( &state, &sha1_generate_4_2 );
1276 
1277  /* SHA-1 Test 5 */
1279  force_reseed_required ( &state ); /* See above comments */
1280  generate_fail_ok ( &state, &sha1_generate_fail_5_1 );
1281  reseed_ok ( &state, &sha1_reseed_5_2 );
1282  generate_ok ( &state, &sha1_generate_5_3 );
1283  force_reseed_required ( &state ); /* See above comments */
1284  generate_fail_ok ( &state, &sha1_generate_fail_5_4 );
1285  reseed_ok ( &state, &sha1_reseed_5_5 );
1286  generate_ok ( &state, &sha1_generate_5_6 );
1287 
1288  /* SHA-1 Test 6 */
1290  force_reseed_required ( &state ); /* See above comments */
1291  generate_fail_ok ( &state, &sha1_generate_fail_6_1 );
1292  reseed_ok ( &state, &sha1_reseed_6_2 );
1293  generate_ok ( &state, &sha1_generate_6_3 );
1294  force_reseed_required ( &state ); /* See above comments */
1295  generate_fail_ok ( &state, &sha1_generate_fail_6_4 );
1296  reseed_ok ( &state, &sha1_reseed_6_5 );
1297  generate_ok ( &state, &sha1_generate_6_6 );
1298 
1299  /* SHA-1 Test 7 */
1301  force_reseed_required ( &state ); /* See above comments */
1302  generate_fail_ok ( &state, &sha1_generate_fail_7_1 );
1303  reseed_ok ( &state, &sha1_reseed_7_2 );
1304  generate_ok ( &state, &sha1_generate_7_3 );
1305  force_reseed_required ( &state ); /* See above comments */
1306  generate_fail_ok ( &state, &sha1_generate_fail_7_4 );
1307  reseed_ok ( &state, &sha1_reseed_7_5 );
1308  generate_ok ( &state, &sha1_generate_7_6 );
1309 
1310  /* SHA-1 Test 8 */
1312  force_reseed_required ( &state ); /* See above comments */
1313  generate_fail_ok ( &state, &sha1_generate_fail_8_1 );
1314  reseed_ok ( &state, &sha1_reseed_8_2 );
1315  generate_ok ( &state, &sha1_generate_8_3 );
1316  force_reseed_required ( &state ); /* See above comments */
1317  generate_fail_ok ( &state, &sha1_generate_fail_8_4 );
1318  reseed_ok ( &state, &sha1_reseed_8_5 );
1319  generate_ok ( &state, &sha1_generate_8_6 );
1320 
1321  /* SHA-256 Test 1 */
1322  instantiate_ok ( &state, &sha256_instantiate_1 );
1323  generate_ok ( &state, &sha256_generate_1_1 );
1324  generate_ok ( &state, &sha256_generate_1_2 );
1325 
1326  /* SHA-256 Test 2 */
1328  generate_ok ( &state, &sha256_generate_2_1 );
1329  generate_ok ( &state, &sha256_generate_2_2 );
1330 
1331  /* SHA-256 Test 3 */
1332  instantiate_ok ( &state, &sha256_instantiate_3 );
1333  generate_ok ( &state, &sha256_generate_3_1 );
1334  generate_ok ( &state, &sha256_generate_3_2 );
1335 
1336  /* SHA-256 Test 4 */
1338  generate_ok ( &state, &sha256_generate_4_1 );
1339  generate_ok ( &state, &sha256_generate_4_2 );
1340 
1341  /* SHA-256 Test 5 */
1343  force_reseed_required ( &state ); /* See above comments */
1344  generate_fail_ok ( &state, &sha256_generate_fail_5_1 );
1345  reseed_ok ( &state, &sha256_reseed_5_2 );
1346  generate_ok ( &state, &sha256_generate_5_3 );
1347  force_reseed_required ( &state ); /* See above comments */
1348  generate_fail_ok ( &state, &sha256_generate_fail_5_4 );
1349  reseed_ok ( &state, &sha256_reseed_5_5 );
1350  generate_ok ( &state, &sha256_generate_5_6 );
1351 
1352  /* SHA-256 Test 6 */
1354  force_reseed_required ( &state ); /* See above comments */
1355  generate_fail_ok ( &state, &sha256_generate_fail_6_1 );
1356  reseed_ok ( &state, &sha256_reseed_6_2 );
1357  generate_ok ( &state, &sha256_generate_6_3 );
1358  force_reseed_required ( &state ); /* See above comments */
1359  generate_fail_ok ( &state, &sha256_generate_fail_6_4 );
1360  reseed_ok ( &state, &sha256_reseed_6_5 );
1361  generate_ok ( &state, &sha256_generate_6_6 );
1362 
1363  /* SHA-256 Test 7 */
1365  force_reseed_required ( &state ); /* See above comments */
1366  generate_fail_ok ( &state, &sha256_generate_fail_7_1 );
1367  reseed_ok ( &state, &sha256_reseed_7_2 );
1368  generate_ok ( &state, &sha256_generate_7_3 );
1369  force_reseed_required ( &state ); /* See above comments */
1370  generate_fail_ok ( &state, &sha256_generate_fail_7_4 );
1371  reseed_ok ( &state, &sha256_reseed_7_5 );
1372  generate_ok ( &state, &sha256_generate_7_6 );
1373 
1374  /* SHA-256 Test 8 */
1376  force_reseed_required ( &state ); /* See above comments */
1377  generate_fail_ok ( &state, &sha256_generate_fail_8_1 );
1378  reseed_ok ( &state, &sha256_reseed_8_2 );
1379  generate_ok ( &state, &sha256_generate_8_3 );
1380  force_reseed_required ( &state ); /* See above comments */
1381  generate_fail_ok ( &state, &sha256_generate_fail_8_4 );
1382  reseed_ok ( &state, &sha256_reseed_8_5 );
1383  generate_ok ( &state, &sha256_generate_8_6 );
1384 }
1385 
1386 /** HMAC_DRBG self-test */
1387 struct self_test hmac_drbg_test __self_test = {
1388  .name = "hmac_drbg",
1389  .exec = hmac_drbg_test_exec,
1390 };
const void * entropy
Entropy.
#define sha1_instantiate_5
SHA-1 Test 5 : Instantiation.
#define sha1_instantiate_8
SHA-1 Test 8 : Instantiate.
#define generate_fail_ok(state, test)
Report generation failure test result.
const void * expected_value
Expected value.
#define sha256_instantiate_5
SHA-256 Test 5 : Instantiation.
size_t out_len
Output block length.
struct digest_algorithm * hash
Underlying hash algorithm.
#define sha1_instantiate_7
SHA-1 Test 7 : Instantiation.
uint8_t state
State.
Definition: eth_slow.h:47
const void * expected_key
Expected key.
struct digest_algorithm * hash
Underlying hash algorithm.
#define sha256_instantiate_4
SHA-256 Test 4 : Instantiation.
const void * additional
Additional input.
#define generate_ok(state, test)
Report generation test result.
An HMAC_DRBG reseed test.
const void * expected_value
Expected value.
static const uint8_t personalisation_string_empty[]
"PersonalizationString = <empty>"
#define sha256_instantiate_7
SHA-256 Test 7 : Instantiation.
size_t expected_value_len
Length of expected value.
static const uint8_t additional_input_empty[]
"AdditionalInput = <empty>"
Self-test infrastructure.
#define HMAC_DRBG_TEST_GENERATE_FAIL(name, hmac_drbg, additional_array, len)
Define an HMAC_DRBG generation failure test.
const char * name
Test set name.
Definition: test.h:17
size_t expected_key_len
Length of expected key.
static void hmac_drbg_test_exec(void)
Perform HMAC_DRBG self-test.
struct self_test hmac_drbg_test __self_test
HMAC_DRBG self-test.
An HMAC_DRBG generation test.
A self-test set.
Definition: test.h:15
#define HMAC_DRBG_SHA1
HMAC_DRBG using SHA-1.
Definition: hmac_drbg.h:35
size_t additional_len
Length of additional_input.
const void * additional
Additional input.
#define sha256_instantiate_6
SHA-256 Test 6 : Instantiate.
const void * expected_key
Expected key.
#define instantiate_ok(state, test)
Report instantiation test result.
size_t requested_len
Length of requested data.
An HMAC_DRBG instantiation test.
size_t expected_key_len
Length of expected key.
size_t personal_len
Length of personalisation string.
static const uint8_t nonce_sha1[]
"Nonce" for SHA-1
static const uint8_t entropy_input_1[]
"EntropyInput1 (for Reseed1)
Assertions.
const void * entropy
Entropy.
size_t expected_key_len
Length of expected key.
static const uint8_t entropy_input_2[]
"EntropyInput2 (for Reseed2)
struct digest_algorithm * hash
Underlying hash algorithm.
#define HMAC_DRBG_RESEED_INTERVAL
Reseed interval.
Definition: hmac_drbg.h:206
#define sha256_instantiate_8
SHA-256 Test 8 : Instantiate.
size_t expected_value_len
Length of expected value.
size_t out_len
Output block length.
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
unsigned char uint8_t
Definition: stdint.h:10
static const uint8_t additional_input_2[]
"AdditionalInput2"
#define sha1_instantiate_4
SHA-1 Test 4 : Instantiation.
size_t additional_len
Length of additional_input.
static const uint8_t additional_input_1[]
"AdditionalInput1"
#define HMAC_DRBG_TEST_GENERATE(name, hmac_drbg, additional_array, key, value, data)
Define an HMAC_DRBG generation test.
const void * expected_data
Expected pseudorandom data.
struct digest_algorithm * hash
Underlying hash algorithm.
size_t out_len
Output block length.
static const uint8_t nonce_sha256[]
"Nonce" for SHA-256
HMAC_DRBG internal state.
Definition: hmac_drbg.h:218
size_t expected_value_len
Length of expected value.
#define sha256_instantiate_2
SHA-256 Test 2 : Instantiation.
size_t entropy_len
Length of entropy.
const void * personal
Personalisation string.
#define HMAC_DRBG_SHA256
HMAC_DRBG using SHA-256.
Definition: hmac_drbg.h:59
const void * nonce
Nonce.
size_t additional_len
Length of additional_input.
size_t nonce_len
Length of nonce.
SHA-1 algorithm.
const void * expected_value
Expected value.
static void force_reseed_required(struct hmac_drbg_state *state)
Force a "reseed required" state.
A message digest algorithm.
Definition: crypto.h:16
size_t expected_data_len
Length of data.
const void * additional
Additional input.
#define HMAC_DRBG_TEST_RESEED(name, hmac_drbg, entropy_array, additional_array, key, value)
Define an HMAC_DRBG reseed test.
const void * expected_key
Expected key.
static const uint8_t entropy_input[]
"EntropyInput"
#define reseed_ok(state, test)
Report reseed test result.
SHA-256 algorithm.
#define sha1_instantiate_6
SHA-1 Test 6 : Instantiate.
String functions.
#define HMAC_DRBG_TEST_INSTANTIATE(name, hmac_drbg, entropy_array, nonce_array, personal_array, key, value)
Define an HMAC_DRBG instantiation test.
static const uint8_t personalisation_string[]
"PersonalizationString"
An HMAC_DRBG generation failure test.
#define EXPECT(...)
Define inline expected data.
size_t entropy_len
Length of entropy.
#define sha1_instantiate_2
SHA-1 Test 2 : Instantiation.
HMAC_DRBG algorithm.