2 * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License as
6 * published by the Free Software Foundation; either version 2 of the
7 * License, or any later version.
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
20 FILE_LICENCE ( GPL2_OR_LATER );
26 * These test vectors are provided by NIST as part of the
27 * Cryptographic Toolkit Examples, downloadable from:
29 * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/HMAC_DRBG.pdf
33 /* Forcibly enable assertions */
38 #include <ipxe/hmac_drbg.h>
39 #include <ipxe/sha1.h>
40 #include <ipxe/sha256.h>
41 #include <ipxe/test.h>
43 /** Define inline expected data */
44 #define EXPECT(...) { __VA_ARGS__ }
46 /** An HMAC_DRBG instantiation test */
47 struct hmac_drbg_test_instantiate {
48 /** Underlying hash algorithm */
49 struct digest_algorithm *hash;
50 /** Output block length */
54 /** Length of entropy */
58 /** Length of nonce */
60 /** Personalisation string */
62 /** Length of personalisation string */
65 const void *expected_key;
66 /** Length of expected key */
67 size_t expected_key_len;
69 const void *expected_value;
70 /** Length of expected value */
71 size_t expected_value_len;
75 * Define an HMAC_DRBG instantiation test
78 * @v hmac_drbg HMAC_DRBG algorithm
79 * @v entropy_array Entropy input
80 * @v nonce_array Nonce
81 * @v personal_array Personalisation string
83 * @v value Expected value
84 * @ret test Instantiation test
86 #define HMAC_DRBG_TEST_INSTANTIATE( name, hmac_drbg, entropy_array, \
87 nonce_array, personal_array, \
89 static const uint8_t name ## _key [] = key; \
90 static const uint8_t name ## _value [] = value; \
91 static struct hmac_drbg_test_instantiate name = { \
92 .hash = HMAC_DRBG_HASH ( hmac_drbg ), \
93 .out_len = HMAC_DRBG_OUTLEN_BYTES ( hmac_drbg ), \
94 .entropy = entropy_array, \
95 .entropy_len = sizeof ( entropy_array ), \
96 .nonce = nonce_array, \
97 .nonce_len = sizeof ( nonce_array ), \
98 .personal = personal_array, \
99 .personal_len = sizeof ( personal_array ), \
100 .expected_key = name ## _key, \
101 .expected_key_len = sizeof ( name ## _key ), \
102 .expected_value = name ## _value, \
103 .expected_value_len = sizeof ( name ## _value ), \
107 * Report instantiation test result
109 * @v state HMAC_DRBG internal state
110 * @v test Instantiation test
112 #define instantiate_ok( state, test ) do { \
114 uint8_t entropy[(test)->entropy_len]; \
115 uint8_t nonce[(test)->nonce_len]; \
116 } __attribute__ (( packed )) entropy_nonce; \
118 assert ( (test)->expected_key_len == (test)->out_len ); \
119 assert ( (test)->expected_value_len == (test)->out_len ); \
120 memcpy ( entropy_nonce.entropy, (test)->entropy, \
121 sizeof ( entropy_nonce.entropy ) ); \
122 memcpy ( entropy_nonce.nonce, (test)->nonce, \
123 sizeof ( entropy_nonce.nonce ) ); \
124 hmac_drbg_instantiate ( (test)->hash, (state), &entropy_nonce, \
125 sizeof ( entropy_nonce ), \
127 (test)->personal_len ); \
128 ok ( memcmp ( (state)->key, (test)->expected_key, \
129 (test)->expected_key_len ) == 0 ); \
130 ok ( memcmp ( (state)->value, (test)->expected_value, \
131 (test)->expected_value_len ) == 0 ); \
134 /** An HMAC_DRBG reseed test */
135 struct hmac_drbg_test_reseed {
136 /** Underlying hash algorithm */
137 struct digest_algorithm *hash;
138 /** Output block length */
142 /** Length of entropy */
144 /** Additional input */
145 const void *additional;
146 /** Length of additional_input */
147 size_t additional_len;
149 const void *expected_key;
150 /** Length of expected key */
151 size_t expected_key_len;
152 /** Expected value */
153 const void *expected_value;
154 /** Length of expected value */
155 size_t expected_value_len;
159 * Define an HMAC_DRBG reseed test
162 * @v hmac_drbg HMAC_DRBG algorithm
163 * @v entropy_array Entropy input
164 * @v additional_array Additional input
165 * @v key Expected key
166 * @v value Expected value
167 * @ret test Reseed test
169 #define HMAC_DRBG_TEST_RESEED( name, hmac_drbg, entropy_array, \
170 additional_array, key, value ) \
171 static const uint8_t name ## _key [] = key; \
172 static const uint8_t name ## _value [] = value; \
173 static struct hmac_drbg_test_reseed name = { \
174 .hash = HMAC_DRBG_HASH ( hmac_drbg ), \
175 .out_len = HMAC_DRBG_OUTLEN_BYTES ( hmac_drbg ), \
176 .entropy = entropy_array, \
177 .entropy_len = sizeof ( entropy_array ), \
178 .additional = additional_array, \
179 .additional_len = sizeof ( additional_array ), \
180 .expected_key = name ## _key, \
181 .expected_key_len = sizeof ( name ## _key ), \
182 .expected_value = name ## _value, \
183 .expected_value_len = sizeof ( name ## _value ), \
187 * Report reseed test result
189 * @v state HMAC_DRBG internal state
190 * @v test Reseed test
192 #define reseed_ok( state, test ) do { \
193 assert ( (test)->expected_key_len == (test)->out_len ); \
194 assert ( (test)->expected_value_len == (test)->out_len ); \
195 hmac_drbg_reseed ( (test)->hash, (state), (test)->entropy, \
196 (test)->entropy_len, (test)->additional, \
197 (test)->additional_len ); \
198 ok ( memcmp ( (state)->key, (test)->expected_key, \
199 (test)->expected_key_len ) == 0 ); \
200 ok ( memcmp ( (state)->value, (test)->expected_value, \
201 (test)->expected_value_len ) == 0 ); \
204 /** An HMAC_DRBG generation test */
205 struct hmac_drbg_test_generate {
206 /** Underlying hash algorithm */
207 struct digest_algorithm *hash;
208 /** Output block length */
210 /** Additional input */
211 const void *additional;
212 /** Length of additional_input */
213 size_t additional_len;
215 const void *expected_key;
216 /** Length of expected key */
217 size_t expected_key_len;
218 /** Expected value */
219 const void *expected_value;
220 /** Length of expected value */
221 size_t expected_value_len;
222 /** Expected pseudorandom data */
223 const void *expected_data;
224 /** Length of data */
225 size_t expected_data_len;
229 * Define an HMAC_DRBG generation test
232 * @v hmac_drbg HMAC_DRBG algorithm
233 * @v additional_array Additional input
234 * @v key Expected key
235 * @v value Expected value
236 * @v data Expected pseudorandom data
237 * @ret test Generation test
239 #define HMAC_DRBG_TEST_GENERATE( name, hmac_drbg, additional_array, \
241 static const uint8_t name ## _key [] = key; \
242 static const uint8_t name ## _value [] = value; \
243 static const uint8_t name ## _data [] = data; \
244 static struct hmac_drbg_test_generate name = { \
245 .hash = HMAC_DRBG_HASH ( hmac_drbg ), \
246 .out_len = HMAC_DRBG_OUTLEN_BYTES ( hmac_drbg ), \
247 .additional = additional_array, \
248 .additional_len = sizeof ( additional_array ), \
249 .expected_key = name ## _key, \
250 .expected_key_len = sizeof ( name ## _key ), \
251 .expected_value = name ## _value, \
252 .expected_value_len = sizeof ( name ## _value ), \
253 .expected_data = name ## _data, \
254 .expected_data_len = sizeof ( name ## _data ), \
258 * Report generation test result
260 * @v state HMAC_DRBG internal state
261 * @v test Generation test
263 #define generate_ok( state, test ) do { \
264 uint8_t data[ (test)->expected_data_len ]; \
267 assert ( (test)->expected_key_len == (test)->out_len ); \
268 assert ( (test)->expected_value_len == (test)->out_len ); \
269 rc = hmac_drbg_generate ( (test)->hash, (state), \
270 (test)->additional, \
271 (test)->additional_len, \
272 data, sizeof ( data ) ); \
274 ok ( memcmp ( (state)->key, (test)->expected_key, \
275 (test)->expected_key_len ) == 0 ); \
276 ok ( memcmp ( (state)->value, (test)->expected_value, \
277 (test)->expected_value_len ) == 0 ); \
278 ok ( memcmp ( data, (test)->expected_data, \
279 (test)->expected_data_len ) == 0 ); \
282 /** An HMAC_DRBG generation failure test */
283 struct hmac_drbg_test_generate_fail {
284 /** Underlying hash algorithm */
285 struct digest_algorithm *hash;
286 /** Additional input */
287 const void *additional;
288 /** Length of additional_input */
289 size_t additional_len;
290 /** Length of requested data */
291 size_t requested_len;
295 * Define an HMAC_DRBG generation failure test
298 * @v hmac_drbg HMAC_DRBG algorithm
299 * @v additional_array Additional input
300 * @ret test Generation failure test
302 #define HMAC_DRBG_TEST_GENERATE_FAIL( name, hmac_drbg, \
303 additional_array, len ) \
304 static struct hmac_drbg_test_generate_fail name = { \
305 .hash = HMAC_DRBG_HASH ( hmac_drbg ), \
306 .additional = additional_array, \
307 .additional_len = sizeof ( additional_array ), \
308 .requested_len = len, \
312 * Report generation failure test result
314 * @v state HMAC_DRBG internal state
315 * @v test Generation failure test
317 #define generate_fail_ok( state, test ) do { \
318 uint8_t data[ (test)->requested_len ]; \
321 rc = hmac_drbg_generate ( (test)->hash, (state), \
322 (test)->additional, \
323 (test)->additional_len, data, \
328 /** "EntropyInput" */
329 static const uint8_t entropy_input[] = {
330 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
331 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
332 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
333 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
334 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36
337 /** "Nonce" for SHA-1 */
338 static const uint8_t nonce_sha1[] = {
339 0x20, 0x21, 0x22, 0x23, 0x24
342 /** "Nonce" for SHA-256 */
343 static const uint8_t nonce_sha256[] = {
344 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27
347 /** "EntropyInput1 (for Reseed1) */
348 static const uint8_t entropy_input_1[] = {
349 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b,
350 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
351 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3,
352 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
353 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6
356 /** "EntropyInput2 (for Reseed2) */
357 static const uint8_t entropy_input_2[] = {
358 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb,
359 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
360 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3,
361 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
362 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6
365 /** "PersonalizationString = <empty>" */
366 static const uint8_t personalisation_string_empty[] = {};
368 /** "PersonalizationString" */
369 static const uint8_t personalisation_string[] = {
370 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b,
371 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
372 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, 0x60, 0x61, 0x62, 0x63,
373 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
374 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76
377 /** "AdditionalInput = <empty>" */
378 static const uint8_t additional_input_empty[] = {};
380 /** "AdditionalInput1" */
381 static const uint8_t additional_input_1[] = {
382 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
383 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
384 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83,
385 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
386 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96
389 /** "AdditionalInput2" */
390 static const uint8_t additional_input_2[] = {
391 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab,
392 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
393 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, 0xc0, 0xc1, 0xc2, 0xc3,
394 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
395 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6
398 /** SHA-1 Test 1 : Instantiation */
399 HMAC_DRBG_TEST_INSTANTIATE ( sha1_instantiate_1, HMAC_DRBG_SHA1,
400 entropy_input, nonce_sha1, personalisation_string_empty,
401 EXPECT ( 0xab, 0x16, 0x0d, 0xd2, 0x1c, 0x30, 0x98, 0x0c, 0xa3, 0xca,
402 0x5a, 0x9c, 0x77, 0xb7, 0xbd, 0xf0, 0x50, 0xe6, 0x4e, 0xe9 ),
403 EXPECT ( 0x61, 0x44, 0x99, 0xea, 0x98, 0x0c, 0xfb, 0x3d, 0xaa, 0x2c,
404 0xa8, 0x6d, 0x65, 0xa4, 0x6b, 0xf4, 0x48, 0x8d, 0x8c, 0xc5 ) );
406 /** SHA-1 Test 1.1 : First call to Generate */
407 HMAC_DRBG_TEST_GENERATE ( sha1_generate_1_1, HMAC_DRBG_SHA1,
408 additional_input_empty,
409 EXPECT ( 0x7b, 0xb1, 0x80, 0x28, 0xe0, 0x1d, 0x03, 0x42, 0xdf, 0x4f,
410 0x54, 0xda, 0x51, 0x22, 0xfa, 0x5f, 0x2c, 0x3a, 0x05, 0xe4 ),
411 EXPECT ( 0x2f, 0x89, 0x4f, 0x28, 0xcc, 0x2f, 0x53, 0x82, 0x96, 0x40,
412 0x64, 0x3a, 0xd1, 0x7b, 0x84, 0xb0, 0xcd, 0x3c, 0x79, 0x79 ),
413 EXPECT ( 0x5a, 0x7d, 0x3b, 0x44, 0x9f, 0x48, 0x1c, 0xb3, 0x8d, 0xf7,
414 0x9a, 0xd2, 0xb1, 0xfc, 0xc0, 0x1e, 0x57, 0xf8, 0x13, 0x5e,
415 0x8c, 0x0b, 0x22, 0xcd, 0x06, 0x30, 0xbf, 0xb0, 0x12, 0x7f,
416 0xb5, 0x40, 0x8c, 0x8e, 0xfc, 0x17, 0xa9, 0x29, 0x89, 0x6e ) );
418 /** SHA-1 Test 1.2 : Second call to Generate */
419 HMAC_DRBG_TEST_GENERATE ( sha1_generate_1_2, HMAC_DRBG_SHA1,
420 additional_input_empty,
421 EXPECT ( 0x3d, 0x4d, 0x73, 0x77, 0xe9, 0x17, 0x2a, 0xaf, 0xa7, 0x76,
422 0xb0, 0xdd, 0xcb, 0x89, 0x42, 0x00, 0x4a, 0x44, 0xb7, 0xfd ),
423 EXPECT ( 0x1a, 0x26, 0xbd, 0x9b, 0xfc, 0x97, 0x44, 0xbd, 0x29, 0xf6,
424 0xae, 0xbe, 0x24, 0x37, 0xe2, 0x09, 0xf1, 0xf7, 0x16, 0x25 ),
425 EXPECT ( 0x82, 0xcf, 0x77, 0x2e, 0xc3, 0xe8, 0x4b, 0x00, 0xfc, 0x74,
426 0xf5, 0xdf, 0x10, 0x4e, 0xfb, 0xfb, 0x24, 0x28, 0x55, 0x4e,
427 0x9c, 0xe3, 0x67, 0xd0, 0x3a, 0xea, 0xde, 0x37, 0x82, 0x7f,
428 0xa8, 0xe9, 0xcb, 0x6a, 0x08, 0x19, 0x61, 0x15, 0xd9, 0x48 ) );
430 /** SHA-1 Test 2 : Instantiation */
431 #define sha1_instantiate_2 sha1_instantiate_1
433 /** SHA-1 Test 2.1 : First call to Generate */
434 HMAC_DRBG_TEST_GENERATE ( sha1_generate_2_1, HMAC_DRBG_SHA1,
436 EXPECT ( 0x3a, 0x06, 0x2e, 0x6b, 0x79, 0xfe, 0x70, 0xdb, 0xff, 0xeb,
437 0x3a, 0x2b, 0x6b, 0xe8, 0x03, 0x23, 0xf7, 0xd6, 0x74, 0xc5 ),
438 EXPECT ( 0xbd, 0x36, 0x31, 0x28, 0xbf, 0x58, 0x0d, 0x7a, 0x54, 0x42,
439 0x9d, 0xdd, 0x58, 0xe8, 0x19, 0x3b, 0x98, 0x43, 0xbd, 0x2b ),
440 EXPECT ( 0xc7, 0xaa, 0xac, 0x58, 0x3c, 0x6e, 0xf6, 0x30, 0x07, 0x14,
441 0xc2, 0xcc, 0x5d, 0x06, 0xc1, 0x48, 0xcf, 0xfb, 0x40, 0x44,
442 0x9a, 0xd0, 0xbb, 0x26, 0xfa, 0xc0, 0x49, 0x7b, 0x5c, 0x57,
443 0xe1, 0x61, 0xe3, 0x66, 0x81, 0xbc, 0xc9, 0x30, 0xce, 0x80 ) );
445 /** SHA-1 Test 2.2 : Second call to Generate */
446 HMAC_DRBG_TEST_GENERATE ( sha1_generate_2_2, HMAC_DRBG_SHA1,
448 EXPECT ( 0x8a, 0xd7, 0xe3, 0x47, 0x72, 0xb5, 0xfc, 0x7c, 0x3b, 0x3b,
449 0x27, 0x62, 0x4f, 0x0b, 0x91, 0x77, 0x6a, 0x8a, 0x71, 0x12 ),
450 EXPECT ( 0xd7, 0x13, 0x76, 0xa4, 0x6d, 0x76, 0x4b, 0x17, 0xc3, 0xb7,
451 0x39, 0x34, 0x7b, 0x38, 0x4e, 0x51, 0x51, 0xe8, 0x7e, 0x88 ),
452 EXPECT ( 0x6e, 0xbd, 0x2b, 0x7b, 0x5e, 0x0a, 0x2a, 0xd7, 0xa2, 0x4b,
453 0x1b, 0xf9, 0xa1, 0xdb, 0xa4, 0x7d, 0x43, 0x27, 0x17, 0x19,
454 0xb9, 0xc3, 0x7b, 0x7f, 0xe8, 0x1b, 0xa9, 0x40, 0x45, 0xa1,
455 0x4a, 0x7c, 0xb5, 0x14, 0xb4, 0x46, 0x66, 0x6e, 0xa5, 0xa7 ) );
457 /** SHA-1 Test 3 : Instantiation */
458 HMAC_DRBG_TEST_INSTANTIATE ( sha1_instantiate_3, HMAC_DRBG_SHA1,
459 entropy_input, nonce_sha1, personalisation_string,
460 EXPECT ( 0xb7, 0xd9, 0x66, 0xd7, 0x0d, 0x4e, 0x27, 0xa7, 0xfa, 0x83,
461 0x8f, 0x7d, 0x61, 0x12, 0x6c, 0x0e, 0xdc, 0x84, 0x76, 0x1c ),
462 EXPECT ( 0xda, 0xb2, 0xa7, 0x18, 0x83, 0xf1, 0x00, 0x5c, 0x5d, 0xd0,
463 0x39, 0x32, 0x4d, 0x3c, 0x36, 0x4d, 0x6e, 0x18, 0xf9, 0x54 ) );
465 /** SHA-1 Test 3.1 : First call to Generate */
466 HMAC_DRBG_TEST_GENERATE ( sha1_generate_3_1, HMAC_DRBG_SHA1,
467 additional_input_empty,
468 EXPECT ( 0x87, 0xd3, 0x82, 0x8b, 0xe0, 0x3a, 0x80, 0x7d, 0xd3, 0x40,
469 0x29, 0x41, 0xbe, 0xd6, 0xde, 0x98, 0x6e, 0xe7, 0xa2, 0x86 ),
470 EXPECT ( 0x6a, 0xe1, 0xd0, 0x08, 0x6f, 0x53, 0xb1, 0xb7, 0x63, 0xa4,
471 0x51, 0x5b, 0x19, 0x06, 0xfe, 0xe4, 0x76, 0x61, 0xfd, 0x47 ),
472 EXPECT ( 0xb3, 0xbd, 0x05, 0x24, 0x6c, 0xba, 0x12, 0xa6, 0x47, 0x35,
473 0xa4, 0xe3, 0xfd, 0xe5, 0x99, 0xbc, 0x1b, 0xe3, 0x0f, 0x43,
474 0x9b, 0xd0, 0x60, 0x20, 0x8e, 0xea, 0x7d, 0x71, 0xf9, 0xd1,
475 0x23, 0xdf, 0x47, 0xb3, 0xce, 0x06, 0x9d, 0x98, 0xed, 0xe6 ) );
477 /** SHA-1 Test 3.2 : Second call to Generate */
478 HMAC_DRBG_TEST_GENERATE ( sha1_generate_3_2, HMAC_DRBG_SHA1,
479 additional_input_empty,
480 EXPECT ( 0x26, 0xab, 0xbf, 0x54, 0xb2, 0x8b, 0x93, 0xff, 0x90, 0x08,
481 0x67, 0x0e, 0xbf, 0xee, 0x86, 0xcd, 0xd7, 0x22, 0x8e, 0xd5 ),
482 EXPECT ( 0xe9, 0x25, 0x47, 0x29, 0xe0, 0x02, 0x04, 0xa1, 0xb6, 0xc0,
483 0x21, 0x58, 0xa6, 0xc7, 0x27, 0x86, 0x47, 0x14, 0xf1, 0xf7 ),
484 EXPECT ( 0xb5, 0xda, 0xda, 0x38, 0x0e, 0x28, 0x72, 0xdf, 0x93, 0x5b,
485 0xca, 0x55, 0xb8, 0x82, 0xc8, 0xc9, 0x37, 0x69, 0x02, 0xab,
486 0x63, 0x97, 0x65, 0x47, 0x2b, 0x71, 0xac, 0xeb, 0xe2, 0xea,
487 0x8b, 0x1b, 0x6b, 0x49, 0x62, 0x9c, 0xb6, 0x73, 0x17, 0xe0 ) );
489 /** SHA-1 Test 4 : Instantiation */
490 #define sha1_instantiate_4 sha1_instantiate_3
492 /** SHA-1 Test 4.1 : First call to Generate */
493 HMAC_DRBG_TEST_GENERATE ( sha1_generate_4_1, HMAC_DRBG_SHA1,
495 EXPECT ( 0x17, 0xa5, 0xd7, 0x9f, 0x07, 0x67, 0x87, 0x6f, 0x3a, 0x45,
496 0xe0, 0xc9, 0xc3, 0x3e, 0xc8, 0x8b, 0x03, 0xce, 0xea, 0x13 ),
497 EXPECT ( 0x4d, 0x2f, 0x3b, 0xc7, 0x77, 0x50, 0x5c, 0x45, 0xf7, 0xe1,
498 0x7d, 0xcd, 0x3d, 0x86, 0xbf, 0x37, 0x9c, 0xb6, 0x02, 0x5e ),
499 EXPECT ( 0x1f, 0x8f, 0xec, 0x7b, 0xc7, 0xcf, 0xa9, 0xa8, 0x80, 0x34,
500 0x5d, 0x28, 0x0b, 0x13, 0xc6, 0x32, 0xb8, 0x52, 0x77, 0x0a,
501 0x6d, 0xfc, 0x30, 0x2e, 0xad, 0x4c, 0xe3, 0xf5, 0x54, 0xc7,
502 0x9b, 0x0d, 0x44, 0x23, 0x9e, 0xba, 0x56, 0xa7, 0xea, 0x2d ) );
504 /** SHA-1 Test 4.2 : Second call to Generate */
505 HMAC_DRBG_TEST_GENERATE ( sha1_generate_4_2, HMAC_DRBG_SHA1,
507 EXPECT ( 0x07, 0x9b, 0x57, 0xd9, 0x40, 0x6e, 0x11, 0xc2, 0xf8, 0x7c,
508 0x8c, 0x82, 0x8c, 0x8c, 0x6f, 0xa7, 0x6e, 0x40, 0xea, 0x01 ),
509 EXPECT ( 0xa6, 0x54, 0xfe, 0x72, 0xf8, 0xa7, 0x7b, 0xb8, 0xf0, 0x3d,
510 0xff, 0x07, 0xc7, 0x9a, 0x51, 0x53, 0x00, 0x9e, 0xdd, 0xda ),
511 EXPECT ( 0xaf, 0x97, 0xcd, 0xe1, 0xe8, 0xab, 0x32, 0x2a, 0x2e, 0xac,
512 0xa8, 0xe6, 0xf4, 0xe5, 0xbf, 0x78, 0xa1, 0x1b, 0xde, 0xf7,
513 0xdc, 0x91, 0x21, 0x5d, 0x44, 0xb1, 0x07, 0xb4, 0xd5, 0xa7,
514 0x79, 0x01, 0x59, 0x25, 0x09, 0x76, 0x52, 0x80, 0xf9, 0x69 ) );
516 /** SHA-1 Test 5 : Instantiation */
517 #define sha1_instantiate_5 sha1_instantiate_1
519 /** SHA-1 Test 5.1 : First call to Generate */
520 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_5_1, HMAC_DRBG_SHA1,
521 additional_input_empty, ( 320 / 8 ) );
523 /** SHA-1 Test 5.2 : Reseed */
524 HMAC_DRBG_TEST_RESEED ( sha1_reseed_5_2, HMAC_DRBG_SHA1,
525 entropy_input_1, additional_input_empty,
526 EXPECT ( 0xcd, 0x4c, 0xab, 0x38, 0xc8, 0xad, 0x65, 0x71, 0x22, 0xbf,
527 0x5d, 0x3d, 0x00, 0xd0, 0xac, 0x9b, 0x13, 0xd6, 0x29, 0xbb ),
528 EXPECT ( 0xf6, 0x60, 0xe2, 0x3e, 0x91, 0x00, 0x6b, 0x62, 0xc6, 0x54,
529 0x3a, 0xb1, 0x34, 0x4d, 0x23, 0xa3, 0x1a, 0xb4, 0xcf, 0x2c ) );
531 /** SHA-1 Test 5.3 : Retried first call to Generate */
532 HMAC_DRBG_TEST_GENERATE ( sha1_generate_5_3, HMAC_DRBG_SHA1,
533 additional_input_empty,
534 EXPECT ( 0x58, 0x7f, 0xd8, 0x21, 0xef, 0x6c, 0x9d, 0xa4, 0xa8, 0x3c,
535 0x19, 0x21, 0x1f, 0x10, 0x56, 0xca, 0xcd, 0x23, 0xfc, 0x1a ),
536 EXPECT ( 0x84, 0x8f, 0xd1, 0x4c, 0x13, 0xb7, 0xea, 0x93, 0x72, 0x0c,
537 0xcf, 0xde, 0x71, 0xf2, 0xf6, 0x44, 0x39, 0xdb, 0x79, 0x5d ),
538 EXPECT ( 0xfe, 0xc4, 0x59, 0x7f, 0x06, 0xa3, 0xa8, 0xcc, 0x85, 0x29,
539 0xd5, 0x95, 0x57, 0xb9, 0xe6, 0x61, 0x05, 0x38, 0x09, 0xc0,
540 0xbc, 0x0e, 0xfc, 0x28, 0x2a, 0xbd, 0x87, 0x60, 0x5c, 0xc9,
541 0x0c, 0xba, 0x9b, 0x86, 0x33, 0xdc, 0xb1, 0xda, 0xe0, 0x2e ) );
543 /** SHA-1 Test 5.4 : Second call to Generate */
544 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_5_4, HMAC_DRBG_SHA1,
545 additional_input_empty, ( 320 / 8 ) );
547 /** SHA-1 Test 5.5 : Reseed */
548 HMAC_DRBG_TEST_RESEED ( sha1_reseed_5_5, HMAC_DRBG_SHA1,
549 entropy_input_2, additional_input_empty,
550 EXPECT ( 0xdb, 0xa1, 0xcf, 0xf4, 0x87, 0x95, 0x46, 0xa0, 0x38, 0xa5,
551 0x59, 0xb2, 0xa2, 0x4d, 0xf2, 0xc0, 0x30, 0x08, 0x9a, 0x41 ),
552 EXPECT ( 0x2f, 0x88, 0x3c, 0x46, 0x48, 0xe1, 0x31, 0xe8, 0x6d, 0xdf,
553 0x9d, 0xca, 0x0d, 0x74, 0xf3, 0x0c, 0xa1, 0xce, 0x6e, 0xfb ) );
555 /** SHA-1 Test 5.6 : Retried second call to Generate */
556 HMAC_DRBG_TEST_GENERATE ( sha1_generate_5_6, HMAC_DRBG_SHA1,
557 additional_input_empty,
558 EXPECT ( 0xf9, 0x39, 0xa5, 0xab, 0x08, 0xa3, 0x9f, 0x23, 0x10, 0x70,
559 0xb0, 0xd4, 0xc9, 0x6d, 0xc2, 0x37, 0x90, 0xba, 0x01, 0x53 ),
560 EXPECT ( 0xce, 0x6d, 0x08, 0xb4, 0xae, 0x2c, 0xe3, 0x83, 0xfd, 0xab,
561 0xb0, 0x1e, 0xaa, 0xfc, 0x9c, 0x8e, 0x76, 0xa0, 0xd4, 0x72 ),
562 EXPECT ( 0x84, 0xad, 0xd5, 0xe2, 0xd2, 0x04, 0x1c, 0x01, 0x72, 0x3a,
563 0x4d, 0xe4, 0x33, 0x5b, 0x13, 0xef, 0xdf, 0x16, 0xb0, 0xe5,
564 0x1a, 0x0a, 0xd3, 0x9b, 0xd1, 0x5e, 0x86, 0x2e, 0x64, 0x4f,
565 0x31, 0xe4, 0xa2, 0xd7, 0xd8, 0x43, 0xe5, 0x7c, 0x59, 0x68 ) );
567 /** SHA-1 Test 6 : Instantiate */
568 #define sha1_instantiate_6 sha1_instantiate_1
570 /** SHA-1 Test 6.1 : First call to Generate */
571 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_6_1, HMAC_DRBG_SHA1,
572 additional_input_1, ( 320 / 8 ) );
574 /** SHA-1 Test 6.2 : Reseed */
575 HMAC_DRBG_TEST_RESEED ( sha1_reseed_6_2, HMAC_DRBG_SHA1,
576 entropy_input_1, additional_input_1,
577 EXPECT ( 0x52, 0x28, 0xa4, 0xb6, 0xa4, 0x46, 0x92, 0x90, 0x5e, 0xc0,
578 0x44, 0xbf, 0xf0, 0xbb, 0x4e, 0x25, 0xa3, 0x87, 0xca, 0xc1 ),
579 EXPECT ( 0x24, 0x77, 0x32, 0xd0, 0x4c, 0xb8, 0x4e, 0xd4, 0x1a, 0xdd,
580 0x95, 0xa4, 0xb7, 0x8b, 0x50, 0xcd, 0x9b, 0x3d, 0x3f, 0x32 ) );
582 /** SHA-1 Test 6.3 : Retried first call to Generate */
583 HMAC_DRBG_TEST_GENERATE ( sha1_generate_6_3, HMAC_DRBG_SHA1,
584 additional_input_empty,
585 EXPECT ( 0xab, 0x3d, 0xd4, 0x89, 0x5b, 0xc8, 0xcd, 0x22, 0x71, 0xde,
586 0xba, 0x5f, 0x3c, 0x13, 0x63, 0x52, 0x6b, 0x8b, 0x74, 0x52 ),
587 EXPECT ( 0xa8, 0x66, 0xc5, 0xef, 0xf2, 0xaf, 0x04, 0x2b, 0x11, 0x86,
588 0x44, 0x94, 0x45, 0x23, 0x7f, 0x9c, 0x02, 0x44, 0x98, 0x64 ),
589 EXPECT ( 0xa1, 0xba, 0x8f, 0xa5, 0x8b, 0xb5, 0x01, 0x3f, 0x43, 0xf7,
590 0xb6, 0xed, 0x52, 0xb4, 0x53, 0x9f, 0xa1, 0x6d, 0xc7, 0x79,
591 0x57, 0xae, 0xe8, 0x15, 0xb9, 0xc0, 0x70, 0x04, 0xc7, 0xe9,
592 0x92, 0xeb, 0x8c, 0x7e, 0x59, 0x19, 0x64, 0xaf, 0xee, 0xa2 ) );
594 /** SHA-1 Test 6.4 : Second call to Generate */
595 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_6_4, HMAC_DRBG_SHA1,
596 additional_input_2, ( 320 / 8 ) );
598 /** SHA-1 Test 6.5 : Reseed */
599 HMAC_DRBG_TEST_RESEED ( sha1_reseed_6_5, HMAC_DRBG_SHA1,
600 entropy_input_2, additional_input_2,
601 EXPECT ( 0xe5, 0x73, 0x9f, 0x9c, 0xf7, 0xff, 0x43, 0x84, 0xd1, 0x27,
602 0x3e, 0x02, 0x6b, 0x45, 0x31, 0x21, 0x36, 0x49, 0x4f, 0x41 ),
603 EXPECT ( 0x30, 0xc3, 0x43, 0x05, 0xc2, 0xc6, 0x48, 0xb0, 0x57, 0xa6,
604 0x40, 0x22, 0x1b, 0x5c, 0x56, 0x57, 0x26, 0xcd, 0x32, 0xb2 ) );
606 /** SHA-1 Test 6.6 : Retried second call to Generate */
607 HMAC_DRBG_TEST_GENERATE ( sha1_generate_6_6, HMAC_DRBG_SHA1,
608 additional_input_empty,
609 EXPECT ( 0x61, 0x91, 0xca, 0x9b, 0xf0, 0x00, 0xd1, 0x0a, 0x71, 0x69,
610 0x0a, 0xc1, 0x0e, 0x09, 0xff, 0xc8, 0x92, 0xab, 0xde, 0x9a ),
611 EXPECT ( 0x1e, 0xc0, 0x49, 0x0f, 0xa0, 0xb7, 0x65, 0x52, 0x7e, 0x5e,
612 0xa1, 0x8b, 0x53, 0x22, 0xb2, 0x8b, 0xdd, 0x0e, 0x7b, 0xc0 ),
613 EXPECT ( 0x84, 0x26, 0x4a, 0x73, 0xa8, 0x18, 0xc9, 0x5c, 0x2f, 0x42,
614 0x4b, 0x37, 0xd3, 0xcc, 0x99, 0x0b, 0x04, 0x6f, 0xb5, 0x0c,
615 0x2d, 0xc6, 0x4a, 0x16, 0x42, 0x11, 0x88, 0x9a, 0x01, 0x0f,
616 0x24, 0x71, 0xa0, 0x91, 0x2f, 0xfe, 0xa1, 0xbf, 0x01, 0x95 ) );
618 /** SHA-1 Test 7 : Instantiation */
619 #define sha1_instantiate_7 sha1_instantiate_3
621 /** SHA-1 Test 7.1 : First call to Generate */
622 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_7_1, HMAC_DRBG_SHA1,
623 additional_input_empty, ( 320 / 8 ) );
625 /** SHA-1 Test 7.2 : Reseed */
626 HMAC_DRBG_TEST_RESEED ( sha1_reseed_7_2, HMAC_DRBG_SHA1,
627 entropy_input_1, additional_input_empty,
628 EXPECT ( 0xb9, 0x25, 0x4d, 0x8a, 0xac, 0xba, 0x43, 0xfb, 0xda, 0xe6,
629 0x39, 0x4f, 0x2b, 0x3a, 0xfc, 0x5d, 0x58, 0x08, 0x00, 0xbf ),
630 EXPECT ( 0x28, 0x40, 0x3b, 0x60, 0x36, 0x38, 0xd0, 0x7d, 0x79, 0x66,
631 0x66, 0x1e, 0xf6, 0x7b, 0x9d, 0x39, 0x05, 0xf4, 0x6d, 0xb9 ) );
633 /** SHA-1 Test 7.3 : Retried first call to Generate */
634 HMAC_DRBG_TEST_GENERATE ( sha1_generate_7_3, HMAC_DRBG_SHA1,
635 additional_input_empty,
636 EXPECT ( 0x64, 0xfe, 0x07, 0x4a, 0x6e, 0x77, 0x97, 0xd1, 0xa4, 0x35,
637 0xda, 0x89, 0x64, 0x48, 0x4d, 0x6c, 0xf8, 0xbd, 0xc0, 0x1b ),
638 EXPECT ( 0x43, 0xe0, 0xc0, 0x52, 0x15, 0x86, 0xe9, 0x47, 0x3b, 0x06,
639 0x0d, 0x87, 0xd0, 0x8a, 0x23, 0x25, 0xfa, 0xe1, 0x49, 0xd1 ),
640 EXPECT ( 0x6c, 0x37, 0xfd, 0xd7, 0x29, 0xaa, 0x40, 0xf8, 0x0b, 0xc6,
641 0xab, 0x08, 0xca, 0x7c, 0xc6, 0x49, 0x79, 0x4f, 0x69, 0x98,
642 0xb5, 0x70, 0x81, 0xe4, 0x22, 0x0f, 0x22, 0xc5, 0xc2, 0x83,
643 0xe2, 0xc9, 0x1b, 0x8e, 0x30, 0x5a, 0xb8, 0x69, 0xc6, 0x25 ) );
645 /** SHA-1 Test 7.4 : Second call to Generate */
646 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_7_4, HMAC_DRBG_SHA1,
647 additional_input_empty, ( 320 / 8 ) );
649 /** SHA-1 Test 7.5 : Reseed */
650 HMAC_DRBG_TEST_RESEED ( sha1_reseed_7_5, HMAC_DRBG_SHA1,
651 entropy_input_2, additional_input_empty,
652 EXPECT ( 0x02, 0xbc, 0x57, 0x7f, 0xd1, 0x0e, 0xf7, 0x19, 0x3c, 0x1d,
653 0xb0, 0x98, 0xbd, 0x5b, 0x75, 0xc7, 0xc4, 0xb6, 0x79, 0x59 ),
654 EXPECT ( 0xbc, 0xbd, 0xf0, 0x52, 0xe0, 0xe0, 0x2a, 0xe8, 0x9a, 0x77,
655 0x67, 0x94, 0x3f, 0x98, 0x65, 0xb8, 0xb7, 0x22, 0x90, 0x2d ) );
657 /** SHA-1 Test 7.6 : Retried second call to Generate */
658 HMAC_DRBG_TEST_GENERATE ( sha1_generate_7_6, HMAC_DRBG_SHA1,
659 additional_input_empty,
660 EXPECT ( 0x1a, 0xa4, 0x24, 0x1c, 0x69, 0x5e, 0x29, 0xc0, 0xa5, 0x9a,
661 0xd1, 0x8a, 0x60, 0x70, 0xe3, 0x38, 0xa5, 0x48, 0xbe, 0x92 ),
662 EXPECT ( 0x03, 0x47, 0x35, 0x9b, 0xc9, 0xc7, 0xf8, 0x8c, 0xc8, 0x33,
663 0x0d, 0x4f, 0x59, 0xfb, 0xc7, 0x70, 0xb0, 0xb7, 0x7b, 0x03 ),
664 EXPECT ( 0xca, 0xf5, 0x7d, 0xcf, 0xea, 0x39, 0x3b, 0x92, 0x36, 0xbf,
665 0x69, 0x1f, 0xa4, 0x56, 0xfe, 0xa7, 0xfd, 0xf1, 0xdf, 0x83,
666 0x61, 0x48, 0x2c, 0xa5, 0x4d, 0x5f, 0xa7, 0x23, 0xf4, 0xc8,
667 0x8b, 0x4f, 0xa5, 0x04, 0xbf, 0x03, 0x27, 0x7f, 0xa7, 0x83 ) );
669 /** SHA-1 Test 8 : Instantiate */
670 #define sha1_instantiate_8 sha1_instantiate_3
672 /** SHA-1 Test 8.1 : First call to Generate */
673 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_8_1, HMAC_DRBG_SHA1,
674 additional_input_1, ( 320 / 8 ) );
676 /** SHA-1 Test 8.2 : Reseed */
677 HMAC_DRBG_TEST_RESEED ( sha1_reseed_8_2, HMAC_DRBG_SHA1,
678 entropy_input_1, additional_input_1,
679 EXPECT ( 0xc0, 0x95, 0x48, 0xc0, 0xd3, 0xc8, 0x61, 0xd7, 0x40, 0xf2,
680 0x83, 0x7d, 0x72, 0xb5, 0x07, 0x23, 0x5c, 0x26, 0xdb, 0x82 ),
681 EXPECT ( 0x17, 0x4b, 0x3f, 0x84, 0xc3, 0x53, 0x1f, 0x7c, 0x0a, 0x2e,
682 0x54, 0x21, 0x23, 0x4e, 0xa1, 0x6b, 0x70, 0x8d, 0xdf, 0x0d ) );
684 /** SHA-1 Test 8.3 : Retried first call to Generate */
685 HMAC_DRBG_TEST_GENERATE ( sha1_generate_8_3, HMAC_DRBG_SHA1,
686 additional_input_empty,
687 EXPECT ( 0x60, 0x3f, 0x09, 0x49, 0x27, 0x9c, 0x70, 0xe8, 0xc6, 0x6c,
688 0x0f, 0x56, 0x37, 0xc0, 0xf3, 0x75, 0x60, 0x07, 0xe5, 0xac ),
689 EXPECT ( 0xf2, 0xb3, 0x3b, 0x21, 0x15, 0x1f, 0xaf, 0x61, 0x20, 0x01,
690 0x83, 0x10, 0xf4, 0x4e, 0x4c, 0xd0, 0xbf, 0xe3, 0x68, 0xea ),
691 EXPECT ( 0xbd, 0x07, 0xc2, 0x5c, 0xfd, 0x7c, 0x5e, 0x3a, 0x4e, 0xaa,
692 0x6e, 0x2e, 0xdc, 0x5a, 0xb7, 0xea, 0x49, 0x42, 0xa0, 0x91,
693 0x34, 0x71, 0xfd, 0xa5, 0x5c, 0x6d, 0xdd, 0x2c, 0x03, 0xef,
694 0xa3, 0xb9, 0x64, 0x3a, 0xb3, 0xbb, 0x22, 0xf6, 0xc9, 0xf2 ) );
696 /** SHA-1 Test 8.4 : Second call to Generate */
697 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_8_4, HMAC_DRBG_SHA1,
698 additional_input_2, ( 320 / 8 ) );
700 /** SHA-1 Test 8.5 : Reseed */
701 HMAC_DRBG_TEST_RESEED ( sha1_reseed_8_5, HMAC_DRBG_SHA1,
702 entropy_input_2, additional_input_2,
703 EXPECT ( 0x89, 0x42, 0xa5, 0x4f, 0x34, 0x9e, 0x28, 0x1b, 0x84, 0xaa,
704 0x46, 0x95, 0x87, 0xfb, 0xdd, 0xaf, 0x9d, 0x11, 0x40, 0x82 ),
705 EXPECT ( 0x07, 0x73, 0x0e, 0x3c, 0xbf, 0xfd, 0x3c, 0xaf, 0xd7, 0xa8,
706 0xaa, 0xe2, 0xbf, 0x01, 0xd6, 0x01, 0x43, 0x01, 0xe2, 0x4d ) );
708 /** SHA-1 Test 8.6 : Retried second call to Generate */
709 HMAC_DRBG_TEST_GENERATE ( sha1_generate_8_6, HMAC_DRBG_SHA1,
710 additional_input_empty,
711 EXPECT ( 0xbd, 0xe1, 0xb4, 0x6c, 0xdc, 0x54, 0x13, 0xb3, 0xd9, 0xf7,
712 0x35, 0xac, 0xdb, 0x80, 0xb1, 0x3c, 0x57, 0xbf, 0xe4, 0x73 ),
713 EXPECT ( 0x72, 0x5a, 0x3c, 0x78, 0x20, 0xde, 0x1a, 0x06, 0xd0, 0x95,
714 0x81, 0x9c, 0xcf, 0x6f, 0x2c, 0x9b, 0x3a, 0x67, 0xf2, 0xce ),
715 EXPECT ( 0xd1, 0xa9, 0xc1, 0xa2, 0x2c, 0x84, 0xfc, 0x23, 0xff, 0x22,
716 0x27, 0xef, 0x98, 0xec, 0x8b, 0xa9, 0xdf, 0x2a, 0x20, 0x9b,
717 0xa1, 0xdb, 0x09, 0x80, 0x9f, 0x57, 0xbf, 0xea, 0xe5, 0xb3,
718 0xe5, 0xf1, 0x46, 0xc7, 0x5f, 0x2d, 0x8d, 0xbb, 0x5e, 0x4a ) );
720 /** SHA-256 Test 1 : Instantiation */
721 HMAC_DRBG_TEST_INSTANTIATE ( sha256_instantiate_1, HMAC_DRBG_SHA256,
722 entropy_input, nonce_sha256, personalisation_string_empty,
723 EXPECT ( 0x3d, 0xda, 0x54, 0x3e, 0x7e, 0xef, 0x14, 0xf9, 0x36, 0x23,
724 0x7b, 0xe6, 0x5d, 0x09, 0x4b, 0x4d, 0xdc, 0x96, 0x9c, 0x0b,
725 0x2b, 0x5e, 0xaf, 0xb5, 0xd8, 0x05, 0xe8, 0x6c, 0xfa, 0x64,
727 EXPECT ( 0x2d, 0x02, 0xc2, 0xf8, 0x22, 0x51, 0x7d, 0x54, 0xb8, 0x17,
728 0x27, 0x9a, 0x59, 0x49, 0x1c, 0x41, 0xa1, 0x98, 0x9b, 0x3e,
729 0x38, 0x2d, 0xeb, 0xe8, 0x0d, 0x2c, 0x7f, 0x66, 0x0f, 0x44,
732 /** SHA-256 Test 1.1 : First call to Generate */
733 HMAC_DRBG_TEST_GENERATE ( sha256_generate_1_1, HMAC_DRBG_SHA256,
734 additional_input_empty,
735 EXPECT ( 0xdd, 0x30, 0x95, 0x79, 0x35, 0x38, 0x02, 0xcc, 0xdd, 0x43,
736 0x99, 0xc3, 0x69, 0x1c, 0x9d, 0xd9, 0x09, 0xdd, 0x3b, 0x2d,
737 0xd0, 0x03, 0xcc, 0xd5, 0x9d, 0x6f, 0x08, 0xd8, 0x5f, 0x2e,
739 EXPECT ( 0xa1, 0xc2, 0x0f, 0xf2, 0x70, 0xa3, 0x9d, 0x2b, 0x8d, 0x03,
740 0xd6, 0x59, 0xb9, 0xdd, 0xd0, 0x11, 0xc2, 0xcc, 0xdf, 0x24,
741 0x48, 0x55, 0x7e, 0xf6, 0xa1, 0xa9, 0x15, 0xd1, 0x89, 0x40,
743 EXPECT ( 0xd6, 0x7b, 0x8c, 0x17, 0x34, 0xf4, 0x6f, 0xa3, 0xf7, 0x63,
744 0xcf, 0x57, 0xc6, 0xf9, 0xf4, 0xf2, 0xdc, 0x10, 0x89, 0xbd,
745 0x8b, 0xc1, 0xf6, 0xf0, 0x23, 0x95, 0x0b, 0xfc, 0x56, 0x17,
746 0x63, 0x52, 0x08, 0xc8, 0x50, 0x12, 0x38, 0xad, 0x7a, 0x44,
747 0x00, 0xde, 0xfe, 0xe4, 0x6c, 0x64, 0x0b, 0x61, 0xaf, 0x77,
748 0xc2, 0xd1, 0xa3, 0xbf, 0xaa, 0x90, 0xed, 0xe5, 0xd2, 0x07,
749 0x40, 0x6e, 0x54, 0x03 ) );
751 /** SHA-256 Test 1.2 : Second call to Generate */
752 HMAC_DRBG_TEST_GENERATE ( sha256_generate_1_2, HMAC_DRBG_SHA256,
753 additional_input_empty,
754 EXPECT ( 0x5c, 0xd5, 0xe5, 0x0a, 0x3e, 0x44, 0x8a, 0x07, 0xc3, 0xd2,
755 0xf2, 0xa3, 0xf9, 0xde, 0xbc, 0xc0, 0x46, 0x5f, 0x9c, 0xf1,
756 0x1c, 0xa1, 0x36, 0xe9, 0xb5, 0x04, 0xb4, 0xd3, 0x1c, 0x7f,
758 EXPECT ( 0x33, 0xb3, 0x09, 0xf2, 0xff, 0x01, 0xce, 0x10, 0x4b, 0x44,
759 0x29, 0xb6, 0x75, 0xfa, 0xfa, 0x19, 0x01, 0x1e, 0x34, 0x8b,
760 0x28, 0x12, 0x71, 0x5a, 0x76, 0x37, 0xf6, 0xa6, 0xe6, 0x3b,
762 EXPECT ( 0x8f, 0xda, 0xec, 0x20, 0xf8, 0xb4, 0x21, 0x40, 0x70, 0x59,
763 0xe3, 0x58, 0x89, 0x20, 0xda, 0x7e, 0xda, 0x9d, 0xce, 0x3c,
764 0xf8, 0x27, 0x4d, 0xfa, 0x1c, 0x59, 0xc1, 0x08, 0xc1, 0xd0,
765 0xaa, 0x9b, 0x0f, 0xa3, 0x8d, 0xa5, 0xc7, 0x92, 0x03, 0x7c,
766 0x4d, 0x33, 0xcd, 0x07, 0x0c, 0xa7, 0xcd, 0x0c, 0x56, 0x08,
767 0xdb, 0xa8, 0xb8, 0x85, 0x65, 0x46, 0x39, 0xde, 0x21, 0x87,
768 0xb7, 0x4c, 0xb2, 0x63 ) );
770 /** SHA-256 Test 2 : Instantiation */
771 #define sha256_instantiate_2 sha256_instantiate_1
773 /** SHA-256 Test 2.1 : First call to Generate */
774 HMAC_DRBG_TEST_GENERATE ( sha256_generate_2_1, HMAC_DRBG_SHA256,
776 EXPECT ( 0x79, 0x1d, 0x31, 0x44, 0xb3, 0x02, 0xad, 0x6c, 0xe4, 0x32,
777 0x41, 0x34, 0x42, 0x10, 0xaa, 0xd0, 0xd3, 0x99, 0xed, 0xb7,
778 0xb5, 0x90, 0x6f, 0xb2, 0x51, 0xdb, 0x1c, 0xb6, 0x00, 0x04,
780 EXPECT ( 0x58, 0xfd, 0x96, 0x5f, 0x4f, 0x99, 0x89, 0x3c, 0x17, 0xe6,
781 0xa3, 0x3c, 0xb8, 0xe9, 0x04, 0x15, 0xb5, 0x16, 0xd0, 0x06,
782 0x14, 0xa4, 0x49, 0xd4, 0x06, 0xe0, 0x3c, 0x68, 0x5b, 0xd8,
784 EXPECT ( 0x41, 0x87, 0x87, 0x35, 0x81, 0x35, 0x41, 0x9b, 0x93, 0x81,
785 0x33, 0x53, 0x53, 0x06, 0x17, 0x6a, 0xfb, 0x25, 0x1c, 0xdd,
786 0x2b, 0xa3, 0x79, 0x88, 0x59, 0xb5, 0x66, 0xa0, 0x5c, 0xfb,
787 0x1d, 0x68, 0x0e, 0xa9, 0x25, 0x85, 0x6d, 0x5b, 0x84, 0xd5,
788 0x6a, 0xda, 0xe8, 0x70, 0x45, 0xa6, 0xba, 0x28, 0xd2, 0xc9,
789 0x08, 0xab, 0x75, 0xb7, 0xcc, 0x41, 0x43, 0x1f, 0xac, 0x59,
790 0xf3, 0x89, 0x18, 0xa3 ) );
792 /** SHA-256 Test 2.2 : Second call to Generate */
793 HMAC_DRBG_TEST_GENERATE ( sha256_generate_2_2, HMAC_DRBG_SHA256,
795 EXPECT ( 0xe7, 0x45, 0x8f, 0xb4, 0x4a, 0x36, 0x9a, 0x65, 0x3f, 0x2f,
796 0x8f, 0x57, 0x7b, 0xf9, 0x75, 0xc4, 0xb3, 0x62, 0xc4, 0xfe,
797 0x61, 0x8b, 0x2f, 0x1f, 0xf6, 0x76, 0x9b, 0x13, 0xc9, 0x4d,
799 EXPECT ( 0x19, 0x33, 0x4b, 0x8c, 0x31, 0xb7, 0x49, 0x32, 0xdd, 0xd7,
800 0xb2, 0xa4, 0x68, 0xf6, 0x43, 0x6d, 0xf9, 0x2e, 0x10, 0x0d,
801 0x39, 0xd3, 0xac, 0xb3, 0x68, 0xc7, 0x02, 0x9c, 0xb8, 0x83,
803 EXPECT ( 0x7c, 0x06, 0x7b, 0xdd, 0xca, 0x81, 0x72, 0x48, 0x23, 0xd6,
804 0x4c, 0x69, 0x82, 0x92, 0x85, 0xbd, 0xbf, 0xf5, 0x37, 0x71,
805 0x61, 0x02, 0xc1, 0x88, 0x2e, 0x20, 0x22, 0x50, 0xe0, 0xfa,
806 0x5e, 0xf3, 0xa3, 0x84, 0xcd, 0x34, 0xa2, 0x0f, 0xfd, 0x1f,
807 0xbc, 0x91, 0xe0, 0xc5, 0x32, 0xa8, 0xa4, 0x21, 0xbc, 0x4a,
808 0xfe, 0x3c, 0xd4, 0x7f, 0x22, 0x32, 0x3e, 0xb4, 0xba, 0xe1,
809 0xa0, 0x07, 0x89, 0x81 ) );
811 /** SHA-256 Test 3 : Instantiation */
812 HMAC_DRBG_TEST_INSTANTIATE ( sha256_instantiate_3, HMAC_DRBG_SHA256,
813 entropy_input, nonce_sha256, personalisation_string,
814 EXPECT ( 0x65, 0x67, 0x3c, 0x34, 0x8e, 0x51, 0xcf, 0xac, 0xc4, 0x10,
815 0xbd, 0x20, 0x02, 0x49, 0xa5, 0x9a, 0x9d, 0x6b, 0xae, 0x77,
816 0x69, 0x04, 0x27, 0x1b, 0xb1, 0xf7, 0x18, 0xda, 0x1d, 0x18,
818 EXPECT ( 0xe0, 0xf9, 0x1a, 0xc9, 0x96, 0x30, 0xee, 0xe6, 0x7c, 0xf8,
819 0x30, 0xcf, 0xd5, 0x04, 0x4f, 0xeb, 0xf5, 0x5c, 0x0c, 0x11,
820 0x50, 0x07, 0x99, 0x7a, 0xda, 0x11, 0x29, 0x6f, 0xc4, 0x16,
823 /** SHA-256 Test 3.1 : First call to Generate */
824 HMAC_DRBG_TEST_GENERATE ( sha256_generate_3_1, HMAC_DRBG_SHA256,
825 additional_input_empty,
826 EXPECT ( 0xf0, 0xb2, 0xf2, 0x42, 0xca, 0xd9, 0x92, 0xa7, 0x24, 0xf7,
827 0xe5, 0x59, 0x1d, 0x2f, 0x3b, 0x0c, 0x21, 0x57, 0xae, 0x70,
828 0xd5, 0x32, 0x78, 0x99, 0x40, 0xf1, 0x64, 0x45, 0x9b, 0x00,
830 EXPECT ( 0x1a, 0x03, 0xf9, 0x1c, 0x51, 0x20, 0xba, 0xca, 0x2b, 0xf6,
831 0xc6, 0x4d, 0xd7, 0x3a, 0xb1, 0x1d, 0xf6, 0xfd, 0x3f, 0xf1,
832 0xac, 0x3b, 0x57, 0x20, 0xa3, 0xf7, 0xfb, 0xe3, 0x9e, 0x7e,
834 EXPECT ( 0x0d, 0xd9, 0xc8, 0x55, 0x89, 0xf3, 0x57, 0xc3, 0x89, 0xd6,
835 0xaf, 0x8d, 0xe9, 0xd7, 0x34, 0xa9, 0x17, 0xc7, 0x71, 0xef,
836 0x2d, 0x88, 0x16, 0xb9, 0x82, 0x59, 0x6e, 0xd1, 0x2d, 0xb4,
837 0x5d, 0x73, 0x4a, 0x62, 0x68, 0x08, 0x35, 0xc0, 0x2f, 0xda,
838 0x66, 0xb0, 0x8e, 0x1a, 0x36, 0x9a, 0xe2, 0x18, 0xf2, 0x6d,
839 0x52, 0x10, 0xad, 0x56, 0x42, 0x48, 0x87, 0x2d, 0x7a, 0x28,
840 0x78, 0x41, 0x59, 0xc3 ) );
842 /** SHA-256 Test 3.2 : Second call to Generate */
843 HMAC_DRBG_TEST_GENERATE ( sha256_generate_3_2, HMAC_DRBG_SHA256,
844 additional_input_empty,
845 EXPECT ( 0x5c, 0x0d, 0xec, 0x09, 0x37, 0x08, 0xc1, 0x7c, 0xa7, 0x6b,
846 0x57, 0xc0, 0xcb, 0x60, 0xcf, 0x88, 0x9d, 0xcc, 0x47, 0xad,
847 0x10, 0xbd, 0x64, 0xbc, 0x6a, 0x14, 0xb2, 0x3f, 0x20, 0x26,
849 EXPECT ( 0x45, 0x67, 0x52, 0xa5, 0x11, 0xb8, 0x48, 0xbd, 0x05, 0xf1,
850 0x81, 0x9b, 0x9f, 0x6b, 0x15, 0x42, 0xc7, 0xd5, 0xec, 0xf9,
851 0x32, 0x73, 0x39, 0x26, 0x7a, 0x0c, 0x77, 0x23, 0x5b, 0x87,
853 EXPECT ( 0x46, 0xb4, 0xf4, 0x75, 0x6a, 0xe7, 0x15, 0xe0, 0xe5, 0x16,
854 0x81, 0xab, 0x29, 0x32, 0xde, 0x15, 0x23, 0xbe, 0x5d, 0x13,
855 0xba, 0xf0, 0xf4, 0x58, 0x8b, 0x11, 0xfe, 0x37, 0x2f, 0xda,
856 0x37, 0xab, 0xe3, 0x68, 0x31, 0x73, 0x41, 0xbc, 0x8b, 0xa9,
857 0x1f, 0xc5, 0xd8, 0x5b, 0x7f, 0xb8, 0xca, 0x8f, 0xbc, 0x30,
858 0x9a, 0x75, 0x8f, 0xd6, 0xfc, 0xa9, 0xdf, 0x43, 0xc7, 0x66,
859 0x0b, 0x22, 0x13, 0x22 ) );
861 /** SHA-256 Test 4 : Instantiation */
862 #define sha256_instantiate_4 sha256_instantiate_3
864 /** SHA-256 Test 4.1 : First call to Generate */
865 HMAC_DRBG_TEST_GENERATE ( sha256_generate_4_1, HMAC_DRBG_SHA256,
867 EXPECT ( 0x57, 0x2c, 0x03, 0x74, 0xc1, 0xa1, 0x01, 0x25, 0xbf, 0xa6,
868 0xae, 0xcd, 0x7c, 0xeb, 0xfe, 0x32, 0xf7, 0x52, 0xc3, 0xfb,
869 0x31, 0x67, 0x31, 0xb7, 0xcf, 0xdb, 0xde, 0xc2, 0x63, 0x56,
871 EXPECT ( 0xd6, 0x8b, 0xf0, 0x41, 0xf3, 0xeb, 0x50, 0x88, 0x08, 0x8d,
872 0x8b, 0x8e, 0x71, 0x2c, 0x36, 0xae, 0x95, 0x83, 0xbb, 0x08,
873 0xfd, 0x1f, 0x90, 0x34, 0xa4, 0xe9, 0x42, 0xe9, 0xa6, 0x74,
875 EXPECT ( 0x14, 0x78, 0xf2, 0x9e, 0x94, 0xb0, 0x2c, 0xb4, 0x0d, 0x3a,
876 0xab, 0x86, 0x24, 0x55, 0x57, 0xce, 0x13, 0xa8, 0xca, 0x2f,
877 0xdb, 0x65, 0x7d, 0x98, 0xef, 0xc1, 0x92, 0x34, 0x6b, 0x9f,
878 0xac, 0x33, 0xea, 0x58, 0xad, 0xa2, 0xcc, 0xa4, 0x32, 0xcc,
879 0xde, 0xfb, 0xcd, 0xaa, 0x8b, 0x82, 0xf5, 0x53, 0xef, 0x96,
880 0x61, 0x34, 0xe2, 0xcd, 0x13, 0x9f, 0x15, 0xf0, 0x1c, 0xad,
881 0x56, 0x85, 0x65, 0xa8 ) );
883 /** SHA-256 Test 4.2 : Second call to Generate */
884 HMAC_DRBG_TEST_GENERATE ( sha256_generate_4_2, HMAC_DRBG_SHA256,
886 EXPECT ( 0x28, 0x2e, 0x07, 0x34, 0x80, 0x80, 0x93, 0x75, 0x58, 0xb1,
887 0x39, 0x2e, 0x95, 0xab, 0x91, 0xe7, 0xc1, 0xf6, 0x22, 0xb2,
888 0x4f, 0xfb, 0x87, 0x20, 0xa5, 0xf0, 0xa5, 0xe0, 0x75, 0x50,
890 EXPECT ( 0xdf, 0xc3, 0xbd, 0xb5, 0xf3, 0xbc, 0xf1, 0xaa, 0x68, 0x29,
891 0x8e, 0x79, 0x0d, 0x72, 0x0a, 0x67, 0xa7, 0x6e, 0x31, 0xb9,
892 0x2b, 0x9b, 0x35, 0xa8, 0xe5, 0x47, 0x1b, 0xb1, 0x7e, 0x30,
894 EXPECT ( 0x49, 0x7c, 0x7a, 0x16, 0xe8, 0x8a, 0x64, 0x11, 0xf8, 0xfc,
895 0xe1, 0x0e, 0xf5, 0x67, 0x63, 0xc6, 0x10, 0x25, 0x80, 0x1d,
896 0x8f, 0x51, 0xa7, 0x43, 0x52, 0xd6, 0x82, 0xcc, 0x23, 0xa0,
897 0xa8, 0xe6, 0x73, 0xca, 0xe0, 0x32, 0x28, 0x93, 0x90, 0x64,
898 0x7d, 0xc6, 0x83, 0xb7, 0x34, 0x28, 0x85, 0xd6, 0xb7, 0x6a,
899 0xb1, 0xda, 0x69, 0x6d, 0x3e, 0x97, 0xe2, 0x2d, 0xff, 0xdd,
900 0xff, 0xfd, 0x8d, 0xf0 ) );
902 /** SHA-256 Test 5 : Instantiation */
903 #define sha256_instantiate_5 sha256_instantiate_1
905 /** SHA-256 Test 5.1 : First call to Generate */
906 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_5_1, HMAC_DRBG_SHA256,
907 additional_input_empty, ( 512 / 8 ) );
909 /** SHA-256 Test 5.2 : Reseed */
910 HMAC_DRBG_TEST_RESEED ( sha256_reseed_5_2, HMAC_DRBG_SHA256,
911 entropy_input_1, additional_input_empty,
912 EXPECT ( 0xb8, 0x40, 0x07, 0xe3, 0xe2, 0x7f, 0x34, 0xf9, 0xa7, 0x82,
913 0x0b, 0x7a, 0xb5, 0x9b, 0xbe, 0xfc, 0xd0, 0xc4, 0xac, 0xae,
914 0xde, 0x4b, 0x0b, 0x36, 0xb1, 0x47, 0xb8, 0x97, 0x79, 0xfd,
916 EXPECT ( 0xa7, 0x2b, 0x8f, 0xee, 0x92, 0x39, 0x2f, 0x0a, 0x9d, 0x2d,
917 0x61, 0xbf, 0x09, 0xa4, 0xdf, 0xcc, 0x9d, 0xe6, 0x9a, 0x16,
918 0xa5, 0xf1, 0x50, 0x22, 0x4c, 0x3e, 0xf6, 0x04, 0x2d, 0x15,
921 /** SHA-256 Test 5.3 : Retried first call to Generate */
922 HMAC_DRBG_TEST_GENERATE ( sha256_generate_5_3, HMAC_DRBG_SHA256,
923 additional_input_empty,
924 EXPECT ( 0x43, 0x48, 0xaf, 0x84, 0x20, 0x84, 0x2f, 0xa0, 0x77, 0xb9,
925 0xd3, 0xdb, 0xa8, 0xdc, 0xe9, 0xb3, 0xe1, 0xdf, 0x73, 0x4f,
926 0xfc, 0xe1, 0xbe, 0xa5, 0xb9, 0xe2, 0xb1, 0x54, 0xdc, 0x5e,
928 EXPECT ( 0xd2, 0xc1, 0xac, 0x27, 0x88, 0x5d, 0x43, 0x32, 0x76, 0x71,
929 0x31, 0x46, 0x32, 0xea, 0x60, 0x43, 0x3c, 0xca, 0x72, 0x73,
930 0x04, 0x56, 0x9e, 0xa7, 0xd4, 0x71, 0xfe, 0xa7, 0xdb, 0x7d,
932 EXPECT ( 0xfa, 0xbd, 0x0a, 0xe2, 0x5c, 0x69, 0xdc, 0x2e, 0xfd, 0xef,
933 0xb7, 0xf2, 0x0c, 0x5a, 0x31, 0xb5, 0x7a, 0xc9, 0x38, 0xab,
934 0x77, 0x1a, 0xa1, 0x9b, 0xf8, 0xf5, 0xf1, 0x46, 0x8f, 0x66,
935 0x5c, 0x93, 0x8c, 0x9a, 0x1a, 0x5d, 0xf0, 0x62, 0x8a, 0x56,
936 0x90, 0xf1, 0x5a, 0x1a, 0xd8, 0xa6, 0x13, 0xf3, 0x1b, 0xbd,
937 0x65, 0xee, 0xad, 0x54, 0x57, 0xd5, 0xd2, 0x69, 0x47, 0xf2,
938 0x9f, 0xe9, 0x1a, 0xa7 ) );
940 /** SHA-256 Test 5.4 : Second call to Generate */
941 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_5_4, HMAC_DRBG_SHA256,
942 additional_input_empty, ( 512 / 8 ) );
944 /** SHA-256 Test 5.5 : Reseed */
945 HMAC_DRBG_TEST_RESEED ( sha256_reseed_5_5, HMAC_DRBG_SHA256,
946 entropy_input_2, additional_input_empty,
947 EXPECT ( 0xbf, 0xa0, 0x2c, 0xe7, 0xe9, 0x2d, 0xe9, 0x2b, 0x18, 0x24,
948 0x28, 0x86, 0x89, 0x0e, 0x58, 0x6f, 0x83, 0x69, 0x06, 0xac,
949 0xe9, 0xe5, 0x54, 0xf1, 0xb0, 0xed, 0x63, 0x57, 0x3c, 0xb8,
951 EXPECT ( 0xd3, 0x24, 0x03, 0xee, 0xa9, 0xdc, 0xe1, 0x61, 0x6e, 0x4e,
952 0x11, 0x55, 0xb9, 0x23, 0xd8, 0x84, 0x2c, 0xc6, 0xe7, 0x84,
953 0xc6, 0x7a, 0x93, 0x85, 0xb2, 0xa6, 0x37, 0xf1, 0x02, 0xfa,
956 /** SHA-256 Test 5.6 : Retried second call to Generate */
957 HMAC_DRBG_TEST_GENERATE ( sha256_generate_5_6, HMAC_DRBG_SHA256,
958 additional_input_empty,
959 EXPECT ( 0x81, 0x21, 0xf7, 0x76, 0x4c, 0x08, 0x1e, 0xe9, 0xd1, 0x17,
960 0x1e, 0xd1, 0x87, 0xba, 0xe0, 0x88, 0x95, 0xca, 0xe2, 0x30,
961 0xd0, 0xa2, 0x5e, 0x37, 0x39, 0xc5, 0x7d, 0x54, 0x16, 0x10,
963 EXPECT ( 0x37, 0x84, 0x97, 0x7c, 0xc0, 0xe5, 0x9f, 0xbc, 0x9c, 0xda,
964 0x4e, 0x11, 0x92, 0x47, 0x5c, 0x6e, 0xfa, 0xf8, 0x07, 0x20,
965 0x19, 0x86, 0x21, 0x22, 0xcb, 0x6b, 0xce, 0xaa, 0xcc, 0x4a,
967 EXPECT ( 0x6b, 0xd9, 0x25, 0xb0, 0xe1, 0xc2, 0x32, 0xef, 0xd6, 0x7c,
968 0xcd, 0x84, 0xf7, 0x22, 0xe9, 0x27, 0xec, 0xb4, 0x6a, 0xb2,
969 0xb7, 0x40, 0x01, 0x47, 0x77, 0xaf, 0x14, 0xba, 0x0b, 0xbf,
970 0x53, 0xa4, 0x5b, 0xdb, 0xb6, 0x2b, 0x3f, 0x7d, 0x0b, 0x9c,
971 0x8e, 0xea, 0xd0, 0x57, 0xc0, 0xec, 0x75, 0x4e, 0xf8, 0xb5,
972 0x3e, 0x60, 0xa1, 0xf4, 0x34, 0xf0, 0x59, 0x46, 0xa8, 0xb6,
973 0x86, 0xaf, 0xbc, 0x7a ) );
975 /** SHA-256 Test 6 : Instantiate */
976 #define sha256_instantiate_6 sha256_instantiate_1
978 /** SHA-256 Test 6.1 : First call to Generate */
979 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_6_1, HMAC_DRBG_SHA256,
980 additional_input_1, ( 512 / 8 ) );
982 /** SHA-256 Test 6.2 : Reseed */
983 HMAC_DRBG_TEST_RESEED ( sha256_reseed_6_2, HMAC_DRBG_SHA256,
984 entropy_input_1, additional_input_1,
985 EXPECT ( 0xc1, 0x25, 0xea, 0x99, 0x75, 0x8e, 0xbb, 0x9a, 0x6f, 0x69,
986 0xae, 0x31, 0x2a, 0xc2, 0x04, 0xb5, 0x94, 0xc0, 0x0a, 0xb6,
987 0x8b, 0x81, 0x6e, 0x3a, 0x52, 0x12, 0x8e, 0x02, 0x78, 0xa5,
989 EXPECT ( 0xb2, 0xcb, 0x2b, 0x89, 0x12, 0x3f, 0x5b, 0x4a, 0xf5, 0x87,
990 0xb8, 0xf6, 0xbd, 0xc5, 0x42, 0x7a, 0x99, 0x14, 0x19, 0xd3,
991 0x53, 0x07, 0x7c, 0x68, 0x5e, 0x70, 0x7a, 0xcd, 0xf8, 0xe9,
994 /** SHA-256 Test 6.3 : Retried first call to Generate */
995 HMAC_DRBG_TEST_GENERATE ( sha256_generate_6_3, HMAC_DRBG_SHA256,
996 additional_input_empty,
997 EXPECT ( 0xc6, 0xed, 0x8f, 0xed, 0x71, 0x57, 0xa4, 0xd0, 0x9e, 0xa1,
998 0xdd, 0xe8, 0x94, 0x6b, 0x54, 0x43, 0x3e, 0xcc, 0x54, 0x49,
999 0xa4, 0xa3, 0x52, 0xaf, 0x45, 0x76, 0x4e, 0xe6, 0x73, 0x4b,
1001 EXPECT ( 0xeb, 0xc7, 0x75, 0x25, 0x6b, 0xb7, 0x81, 0x24, 0x1e, 0x9c,
1002 0x70, 0xbb, 0xcf, 0x73, 0x2b, 0xdc, 0x90, 0xad, 0x10, 0xd9,
1003 0xdd, 0x3a, 0x89, 0x6e, 0xcc, 0x12, 0xb9, 0x2f, 0xfb, 0x63,
1005 EXPECT ( 0x08, 0x5d, 0x57, 0xaf, 0x6b, 0xab, 0xcf, 0x2b, 0x9a, 0xee,
1006 0xf3, 0x87, 0xd5, 0x31, 0x65, 0x0e, 0x6a, 0x50, 0x5c, 0x54,
1007 0x40, 0x6a, 0xb3, 0x7a, 0x52, 0x89, 0x9e, 0x0e, 0xca, 0xb3,
1008 0x63, 0x2b, 0x7a, 0x06, 0x8a, 0x28, 0x14, 0xc6, 0xdf, 0x6a,
1009 0xe5, 0x32, 0xb6, 0x58, 0xd0, 0xd9, 0x74, 0x1c, 0x84, 0x77,
1010 0x5f, 0xee, 0x45, 0xb6, 0x84, 0xcd, 0xbd, 0xc2, 0x5f, 0xbc,
1011 0xb4, 0xd8, 0xf3, 0x10 ) );
1013 /** SHA-256 Test 6.4 : Second call to Generate */
1014 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_6_4, HMAC_DRBG_SHA256,
1015 additional_input_2, ( 512 / 8 ) );
1017 /** SHA-256 Test 6.5 : Reseed */
1018 HMAC_DRBG_TEST_RESEED ( sha256_reseed_6_5, HMAC_DRBG_SHA256,
1019 entropy_input_2, additional_input_2,
1020 EXPECT ( 0xfc, 0x51, 0xda, 0x84, 0xf9, 0x69, 0x6b, 0xcc, 0x84, 0xc8,
1021 0xf2, 0xac, 0xb9, 0x24, 0xbc, 0xdf, 0x72, 0xf8, 0x2e, 0xa2,
1022 0xca, 0x64, 0x3f, 0x08, 0x3b, 0x0c, 0x16, 0xc3, 0x63, 0x4e,
1024 EXPECT ( 0xb9, 0x74, 0xe4, 0x37, 0x0a, 0xd5, 0x76, 0xbb, 0x99, 0xc4,
1025 0xe4, 0x9e, 0xa6, 0x80, 0xbf, 0xf9, 0x8d, 0xe9, 0xe1, 0x2f,
1026 0xec, 0xd0, 0x13, 0xde, 0xd4, 0x3c, 0x80, 0xf6, 0x9a, 0x7a,
1029 /** SHA-256 Test 6.6 : Retried second call to Generate */
1030 HMAC_DRBG_TEST_GENERATE ( sha256_generate_6_6, HMAC_DRBG_SHA256,
1031 additional_input_empty,
1032 EXPECT ( 0x56, 0xa2, 0xb4, 0x46, 0x32, 0xcb, 0x8f, 0xc3, 0xa6, 0x40,
1033 0x09, 0xbf, 0xd6, 0xec, 0x95, 0xe5, 0x6c, 0xef, 0x8e, 0x7c,
1034 0x91, 0x2a, 0xa8, 0x2b, 0x16, 0xf6, 0x14, 0x91, 0x5d, 0x9c,
1036 EXPECT ( 0xb5, 0xb3, 0x96, 0xa0, 0x15, 0x76, 0xb0, 0xfe, 0x42, 0xf4,
1037 0x08, 0x44, 0x55, 0x6c, 0x4c, 0xf4, 0xb6, 0x80, 0x4c, 0x94,
1038 0xde, 0x9d, 0x62, 0x38, 0xf1, 0xf7, 0xe7, 0xaf, 0x5c, 0x72,
1040 EXPECT ( 0x9b, 0x21, 0x9f, 0xd9, 0x0d, 0xe2, 0xa0, 0x8e, 0x49, 0x34,
1041 0x05, 0xcf, 0x87, 0x44, 0x17, 0xb5, 0x82, 0x67, 0x70, 0xf3,
1042 0x94, 0x48, 0x15, 0x55, 0xdc, 0x66, 0x8a, 0xcd, 0x96, 0xb9,
1043 0xa3, 0xe5, 0x6f, 0x9d, 0x2c, 0x32, 0x5e, 0x26, 0xd4, 0x7c,
1044 0x1d, 0xfc, 0xfc, 0x8f, 0xbf, 0x86, 0x12, 0x6f, 0x40, 0xa1,
1045 0xe6, 0x39, 0x60, 0xf6, 0x27, 0x49, 0x34, 0x2e, 0xcd, 0xb7,
1046 0x1b, 0x24, 0x0d, 0xc6 ) );
1048 /** SHA-256 Test 7 : Instantiation */
1049 #define sha256_instantiate_7 sha256_instantiate_3
1051 /** SHA-256 Test 7.1 : First call to Generate */
1052 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_7_1, HMAC_DRBG_SHA256,
1053 additional_input_empty, ( 512 / 8 ) );
1055 /** SHA-256 Test 7.2 : Reseed */
1056 HMAC_DRBG_TEST_RESEED ( sha256_reseed_7_2, HMAC_DRBG_SHA256,
1057 entropy_input_1, additional_input_empty,
1058 EXPECT ( 0x44, 0x76, 0xc6, 0xd1, 0x1f, 0xc3, 0x5d, 0x44, 0x09, 0xd9,
1059 0x03, 0x2e, 0x45, 0x3b, 0x0f, 0x0d, 0xc3, 0x31, 0x4d, 0xb8,
1060 0x62, 0xcb, 0xdb, 0x60, 0x9c, 0x56, 0x02, 0x20, 0x8d, 0x4c,
1062 EXPECT ( 0x95, 0xef, 0x78, 0x5a, 0x61, 0xc2, 0xf7, 0xb3, 0x6b, 0xc5,
1063 0x96, 0xba, 0x4b, 0xa2, 0x08, 0xa5, 0x2c, 0x6d, 0xc2, 0x03,
1064 0x63, 0x6d, 0x8f, 0x17, 0x87, 0x45, 0x3b, 0x85, 0x2b, 0x7e,
1067 /** SHA-256 Test 7.3 : Retried first call to Generate */
1068 HMAC_DRBG_TEST_GENERATE ( sha256_generate_7_3, HMAC_DRBG_SHA256,
1069 additional_input_empty,
1070 EXPECT ( 0x0d, 0xf9, 0x11, 0x0e, 0x2f, 0x22, 0x58, 0x98, 0x24, 0xa9,
1071 0x47, 0x6c, 0x8e, 0x32, 0x08, 0x8e, 0x51, 0xa0, 0xda, 0x36,
1072 0x63, 0x3f, 0x8c, 0xd1, 0xf7, 0x54, 0x7d, 0xff, 0x69, 0x6e,
1074 EXPECT ( 0xc0, 0xe3, 0xc8, 0xed, 0x5a, 0x8b, 0x57, 0x9e, 0x3f, 0xef,
1075 0x9d, 0xf3, 0xb7, 0xc2, 0xc2, 0x12, 0x98, 0x07, 0x17, 0xcc,
1076 0x91, 0xae, 0x18, 0x66, 0x45, 0xfa, 0xbb, 0x2c, 0xc7, 0x84,
1078 EXPECT ( 0xd8, 0xb6, 0x71, 0x30, 0x71, 0x41, 0x94, 0xff, 0xe5, 0xb2,
1079 0xa3, 0x5d, 0xbc, 0xd5, 0xe1, 0xa2, 0x99, 0x42, 0xad, 0x5c,
1080 0x68, 0xf3, 0xde, 0xb9, 0x4a, 0xdd, 0x9e, 0x9e, 0xba, 0xd8,
1081 0x60, 0x67, 0xed, 0xf0, 0x49, 0x15, 0xfb, 0x40, 0xc3, 0x91,
1082 0xea, 0xe7, 0x0c, 0x65, 0x9e, 0xaa, 0xe7, 0xef, 0x11, 0xa3,
1083 0xd4, 0x6a, 0x5b, 0x08, 0x5e, 0xdd, 0x90, 0xcc, 0x72, 0xce,
1084 0xa9, 0x89, 0x21, 0x0b ) );
1086 /** SHA-256 Test 7.4 : Second call to Generate */
1087 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_7_4, HMAC_DRBG_SHA256,
1088 additional_input_empty, ( 512 / 8 ) );
1090 /** SHA-256 Test 7.5 : Reseed */
1091 HMAC_DRBG_TEST_RESEED ( sha256_reseed_7_5, HMAC_DRBG_SHA256,
1092 entropy_input_2, additional_input_empty,
1093 EXPECT ( 0x3d, 0x77, 0x63, 0xe5, 0x30, 0x3d, 0xb5, 0x4b, 0xe2, 0x05,
1094 0x44, 0xa8, 0x1e, 0x9f, 0x00, 0xca, 0xdc, 0xfc, 0x1c, 0xb2,
1095 0x8d, 0xec, 0xb9, 0xcf, 0xc6, 0x99, 0xf6, 0x1d, 0xba, 0xf8,
1097 EXPECT ( 0xfe, 0xbc, 0x02, 0x79, 0xb7, 0x71, 0x0d, 0xec, 0x5c, 0x06,
1098 0x7e, 0xbe, 0xfa, 0x06, 0x8e, 0x4b, 0x59, 0x67, 0x49, 0x1b,
1099 0x7e, 0xef, 0x94, 0x75, 0x83, 0x50, 0x6d, 0x04, 0x97, 0xce,
1102 /** SHA-256 Test 7.6 : Retried second call to Generate */
1103 HMAC_DRBG_TEST_GENERATE ( sha256_generate_7_6, HMAC_DRBG_SHA256,
1104 additional_input_empty,
1105 EXPECT ( 0x2d, 0x21, 0xac, 0x94, 0x99, 0x2f, 0xd8, 0x2b, 0x09, 0x80,
1106 0xd3, 0xd5, 0x95, 0x51, 0xb9, 0xd0, 0x7c, 0x8d, 0x54, 0xb2,
1107 0x52, 0xb6, 0x16, 0x28, 0x93, 0x44, 0xf8, 0xac, 0x86, 0x9e,
1109 EXPECT ( 0x61, 0x0c, 0x34, 0xcd, 0xbf, 0x6f, 0x75, 0x33, 0x54, 0x7f,
1110 0x23, 0x32, 0xea, 0xc5, 0x7e, 0xe3, 0x1e, 0x72, 0x4f, 0xb2,
1111 0x92, 0x55, 0x56, 0x6b, 0x59, 0x78, 0x33, 0x16, 0x6c, 0xd0,
1113 EXPECT ( 0x8b, 0xba, 0x71, 0xc2, 0x58, 0x3f, 0x25, 0x30, 0xc2, 0x59,
1114 0xc9, 0x07, 0x84, 0xa5, 0x9a, 0xc4, 0x4d, 0x1c, 0x80, 0x56,
1115 0x91, 0x7c, 0xcf, 0x38, 0x87, 0x88, 0x10, 0x2d, 0x73, 0x82,
1116 0x4c, 0x6c, 0x11, 0xd5, 0xd6, 0x3b, 0xe1, 0xf0, 0x10, 0x17,
1117 0xd8, 0x84, 0xcd, 0x69, 0xd9, 0x33, 0x4b, 0x9e, 0xbc, 0x01,
1118 0xe7, 0xbd, 0x8f, 0xdf, 0x2a, 0x8e, 0x52, 0x57, 0x22, 0x93,
1119 0xdc, 0x21, 0xc0, 0xe1 ) );
1121 /** SHA-256 Test 8 : Instantiate */
1122 #define sha256_instantiate_8 sha256_instantiate_3
1124 /** SHA-256 Test 8.1 : First call to Generate */
1125 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_8_1, HMAC_DRBG_SHA256,
1126 additional_input_1, ( 512 / 8 ) );
1128 /** SHA-256 Test 8.2 : Reseed */
1129 HMAC_DRBG_TEST_RESEED ( sha256_reseed_8_2, HMAC_DRBG_SHA256,
1130 entropy_input_1, additional_input_1,
1131 EXPECT ( 0xb3, 0x81, 0x38, 0x8c, 0x1d, 0x7c, 0xfd, 0x56, 0x59, 0x30,
1132 0x99, 0x3b, 0xd9, 0x26, 0x90, 0x66, 0x50, 0x88, 0xd9, 0xb8,
1133 0x39, 0x96, 0x9b, 0x87, 0xf1, 0x6d, 0xb6, 0xdf, 0x4e, 0x43,
1135 EXPECT ( 0xfa, 0x04, 0x25, 0x64, 0x00, 0xe3, 0x42, 0xe6, 0x55, 0xf4,
1136 0x33, 0x26, 0x94, 0xe3, 0xb2, 0x4c, 0x04, 0xfb, 0x85, 0xbf,
1137 0x87, 0x80, 0x21, 0xe4, 0x52, 0xe7, 0x3b, 0x8f, 0x46, 0xd4,
1140 /** SHA-256 Test 8.3 : Retried first call to Generate */
1141 HMAC_DRBG_TEST_GENERATE ( sha256_generate_8_3, HMAC_DRBG_SHA256,
1142 additional_input_empty,
1143 EXPECT ( 0xd4, 0x1f, 0x6f, 0x33, 0x65, 0x82, 0x21, 0x70, 0x50, 0xb1,
1144 0xf6, 0x59, 0x28, 0xfd, 0x6e, 0x94, 0xcb, 0xc9, 0x45, 0x68,
1145 0xfe, 0x3b, 0x6b, 0x53, 0x38, 0x9e, 0x1e, 0x3a, 0x5b, 0x49,
1147 EXPECT ( 0xa6, 0x55, 0xc9, 0xe7, 0xd1, 0x33, 0xf1, 0xcd, 0x8b, 0x11,
1148 0x61, 0xf2, 0x7d, 0x54, 0xe7, 0x5a, 0x7e, 0x7c, 0x80, 0x42,
1149 0xbf, 0x74, 0xd4, 0x7f, 0x9f, 0xfd, 0x60, 0xe2, 0x45, 0xeb,
1151 EXPECT ( 0x44, 0xd7, 0x8b, 0xbc, 0x3e, 0xb6, 0x7c, 0x59, 0xc2, 0x2f,
1152 0x6c, 0x31, 0x00, 0x3d, 0x21, 0x2a, 0x78, 0x37, 0xcc, 0xd8,
1153 0x4c, 0x43, 0x8b, 0x55, 0x15, 0x0f, 0xd0, 0x13, 0xa8, 0xa7,
1154 0x8f, 0xe8, 0xed, 0xea, 0x81, 0xc6, 0x72, 0xe4, 0xb8, 0xdd,
1155 0xc8, 0x18, 0x38, 0x86, 0xe6, 0x9c, 0x2e, 0x17, 0x7d, 0xf5,
1156 0x74, 0xc1, 0xf1, 0x90, 0xdf, 0x27, 0x18, 0x50, 0xf8, 0xce,
1157 0x55, 0xef, 0x20, 0xb8 ) );
1159 /** SHA-256 Test 8.4 : Second call to Generate */
1160 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_8_4, HMAC_DRBG_SHA256,
1161 additional_input_2, ( 512 / 8 ) );
1163 /** SHA-256 Test 8.5 : Reseed */
1164 HMAC_DRBG_TEST_RESEED ( sha256_reseed_8_5, HMAC_DRBG_SHA256,
1165 entropy_input_2, additional_input_2,
1166 EXPECT ( 0xfb, 0xa8, 0x05, 0x45, 0x3e, 0x3c, 0x9a, 0x73, 0x64, 0x58,
1167 0x5c, 0xed, 0xbc, 0xd2, 0x92, 0x30, 0xfb, 0xc9, 0x3d, 0x6f,
1168 0x12, 0x9d, 0x21, 0xed, 0xdd, 0xf6, 0x61, 0x3b, 0x3a, 0x8f,
1170 EXPECT ( 0x83, 0x64, 0x7a, 0x33, 0x8c, 0x15, 0x3c, 0xba, 0xf0, 0xe4,
1171 0x9a, 0x54, 0xa4, 0x4f, 0xea, 0x66, 0x70, 0xcf, 0xd7, 0xc1,
1172 0x71, 0x4d, 0x4a, 0xb3, 0x5f, 0x11, 0x12, 0x3d, 0xf2, 0x7b,
1175 /** SHA-256 Test 8.6 : Retried second call to Generate */
1176 HMAC_DRBG_TEST_GENERATE ( sha256_generate_8_6, HMAC_DRBG_SHA256,
1177 additional_input_empty,
1178 EXPECT ( 0xae, 0x59, 0xc7, 0x0a, 0x7c, 0x60, 0xed, 0x49, 0x83, 0x78,
1179 0xea, 0x84, 0x5b, 0xe9, 0x7d, 0x8f, 0xf8, 0x81, 0xe0, 0xea,
1180 0x37, 0x2e, 0x26, 0x5f, 0xa6, 0x72, 0x84, 0x29, 0x3e, 0x1a,
1182 EXPECT ( 0xe2, 0xf0, 0x4d, 0xe3, 0xce, 0x21, 0x79, 0x61, 0xae, 0x2b,
1183 0x2d, 0x20, 0xa7, 0xba, 0x7c, 0x6c, 0x82, 0x0b, 0x5b, 0x14,
1184 0x92, 0x6e, 0x59, 0x56, 0xae, 0x6d, 0xfa, 0x2e, 0xd1, 0xd6,
1186 EXPECT ( 0x91, 0x77, 0x80, 0xdc, 0x0c, 0xe9, 0x98, 0x9f, 0xee, 0x6c,
1187 0x08, 0x06, 0xd6, 0xda, 0x12, 0x3a, 0x18, 0x25, 0x29, 0x47,
1188 0x58, 0xd4, 0xe1, 0xb5, 0x82, 0x68, 0x72, 0x31, 0x78, 0x0a,
1189 0x2a, 0x9c, 0x33, 0xf1, 0xd1, 0x56, 0xcc, 0xad, 0x32, 0x77,
1190 0x64, 0xb2, 0x9a, 0x4c, 0xb2, 0x69, 0x01, 0x77, 0xae, 0x96,
1191 0xef, 0x9e, 0xe9, 0x2a, 0xd0, 0xc3, 0x40, 0xba, 0x0f, 0xd1,
1192 0x20, 0x3c, 0x02, 0xc6 ) );
1195 * Force a "reseed required" state
1197 * @v state HMAC_DRBG internal state
1199 static inline void force_reseed_required ( struct hmac_drbg_state *state ) {
1200 state->reseed_counter = ( HMAC_DRBG_RESEED_INTERVAL + 1 );
1204 * Perform HMAC_DRBG self-test
1207 static void hmac_drbg_test_exec ( void ) {
1208 struct hmac_drbg_state state;
1213 * The NIST test vector set includes several calls to
1214 * HMAC_DRBG_Generate() that are expected to fail with a
1215 * status of "Reseed required". The pattern seems to be that
1216 * when prediction resistance is requested, any call to
1217 * HMAC_DRBG_Generate() is at first expected to fail. After
1218 * an explicit reseeding, the call to HMAC_DRBG_Generate() is
1219 * retried, and on this second time it is expected to succeed.
1221 * This pattern does not match the specifications for
1222 * HMAC_DRBG_Generate(): neither HMAC_DRBG_Generate_algorithm
1223 * (defined in ANS X9.82 Part 3-2007 Section 10.2.2.2.5 (NIST
1224 * SP 800-90 Section 10.1.2.5)) nor the higher-level wrapper
1225 * Generate_function defined in ANS X9.82 Part 3-2007 Section
1226 * 9.4 (NIST SP 800-90 Section 9.3)) can possibly exhibit this
1229 * a) HMAC_DRBG_Generate_algorithm can return a "reseed
1230 * required" status only as a result of the test
1232 * "1. If reseed_counter > reseed_interval, then return
1233 * an indication that a reseed is required."
1235 * Since the reseed interval is independent of any request
1236 * for prediction resistance, and since the reseed interval
1237 * is not specified as part of the NIST test vector set,
1238 * then this cannot be the source of the "Reseed required"
1239 * failure expected by the NIST test vector set.
1241 * b) Generate_function cannot return a "reseed required"
1242 * status under any circumstances. If the underlying
1243 * HMAC_DRBG_Generate_algorithm call returns "reseed
1244 * required", then Generate_function will automatically
1245 * reseed and try again.
1247 * To produce the behaviour expected by the NIST test vector
1248 * set, we therefore contrive to produce a "reseed required"
1249 * state where necessary by setting the reseed_counter to
1250 * greater than the reseed_interval.
1254 instantiate_ok ( &state, &sha1_instantiate_1 );
1255 generate_ok ( &state, &sha1_generate_1_1 );
1256 generate_ok ( &state, &sha1_generate_1_2 );
1259 instantiate_ok ( &state, &sha1_instantiate_2 );
1260 generate_ok ( &state, &sha1_generate_2_1 );
1261 generate_ok ( &state, &sha1_generate_2_2 );
1264 instantiate_ok ( &state, &sha1_instantiate_3 );
1265 generate_ok ( &state, &sha1_generate_3_1 );
1266 generate_ok ( &state, &sha1_generate_3_2 );
1269 instantiate_ok ( &state, &sha1_instantiate_4 );
1270 generate_ok ( &state, &sha1_generate_4_1 );
1271 generate_ok ( &state, &sha1_generate_4_2 );
1274 instantiate_ok ( &state, &sha1_instantiate_5 );
1275 force_reseed_required ( &state ); /* See above comments */
1276 generate_fail_ok ( &state, &sha1_generate_fail_5_1 );
1277 reseed_ok ( &state, &sha1_reseed_5_2 );
1278 generate_ok ( &state, &sha1_generate_5_3 );
1279 force_reseed_required ( &state ); /* See above comments */
1280 generate_fail_ok ( &state, &sha1_generate_fail_5_4 );
1281 reseed_ok ( &state, &sha1_reseed_5_5 );
1282 generate_ok ( &state, &sha1_generate_5_6 );
1285 instantiate_ok ( &state, &sha1_instantiate_6 );
1286 force_reseed_required ( &state ); /* See above comments */
1287 generate_fail_ok ( &state, &sha1_generate_fail_6_1 );
1288 reseed_ok ( &state, &sha1_reseed_6_2 );
1289 generate_ok ( &state, &sha1_generate_6_3 );
1290 force_reseed_required ( &state ); /* See above comments */
1291 generate_fail_ok ( &state, &sha1_generate_fail_6_4 );
1292 reseed_ok ( &state, &sha1_reseed_6_5 );
1293 generate_ok ( &state, &sha1_generate_6_6 );
1296 instantiate_ok ( &state, &sha1_instantiate_7 );
1297 force_reseed_required ( &state ); /* See above comments */
1298 generate_fail_ok ( &state, &sha1_generate_fail_7_1 );
1299 reseed_ok ( &state, &sha1_reseed_7_2 );
1300 generate_ok ( &state, &sha1_generate_7_3 );
1301 force_reseed_required ( &state ); /* See above comments */
1302 generate_fail_ok ( &state, &sha1_generate_fail_7_4 );
1303 reseed_ok ( &state, &sha1_reseed_7_5 );
1304 generate_ok ( &state, &sha1_generate_7_6 );
1307 instantiate_ok ( &state, &sha1_instantiate_8 );
1308 force_reseed_required ( &state ); /* See above comments */
1309 generate_fail_ok ( &state, &sha1_generate_fail_8_1 );
1310 reseed_ok ( &state, &sha1_reseed_8_2 );
1311 generate_ok ( &state, &sha1_generate_8_3 );
1312 force_reseed_required ( &state ); /* See above comments */
1313 generate_fail_ok ( &state, &sha1_generate_fail_8_4 );
1314 reseed_ok ( &state, &sha1_reseed_8_5 );
1315 generate_ok ( &state, &sha1_generate_8_6 );
1317 /* SHA-256 Test 1 */
1318 instantiate_ok ( &state, &sha256_instantiate_1 );
1319 generate_ok ( &state, &sha256_generate_1_1 );
1320 generate_ok ( &state, &sha256_generate_1_2 );
1322 /* SHA-256 Test 2 */
1323 instantiate_ok ( &state, &sha256_instantiate_2 );
1324 generate_ok ( &state, &sha256_generate_2_1 );
1325 generate_ok ( &state, &sha256_generate_2_2 );
1327 /* SHA-256 Test 3 */
1328 instantiate_ok ( &state, &sha256_instantiate_3 );
1329 generate_ok ( &state, &sha256_generate_3_1 );
1330 generate_ok ( &state, &sha256_generate_3_2 );
1332 /* SHA-256 Test 4 */
1333 instantiate_ok ( &state, &sha256_instantiate_4 );
1334 generate_ok ( &state, &sha256_generate_4_1 );
1335 generate_ok ( &state, &sha256_generate_4_2 );
1337 /* SHA-256 Test 5 */
1338 instantiate_ok ( &state, &sha256_instantiate_5 );
1339 force_reseed_required ( &state ); /* See above comments */
1340 generate_fail_ok ( &state, &sha256_generate_fail_5_1 );
1341 reseed_ok ( &state, &sha256_reseed_5_2 );
1342 generate_ok ( &state, &sha256_generate_5_3 );
1343 force_reseed_required ( &state ); /* See above comments */
1344 generate_fail_ok ( &state, &sha256_generate_fail_5_4 );
1345 reseed_ok ( &state, &sha256_reseed_5_5 );
1346 generate_ok ( &state, &sha256_generate_5_6 );
1348 /* SHA-256 Test 6 */
1349 instantiate_ok ( &state, &sha256_instantiate_6 );
1350 force_reseed_required ( &state ); /* See above comments */
1351 generate_fail_ok ( &state, &sha256_generate_fail_6_1 );
1352 reseed_ok ( &state, &sha256_reseed_6_2 );
1353 generate_ok ( &state, &sha256_generate_6_3 );
1354 force_reseed_required ( &state ); /* See above comments */
1355 generate_fail_ok ( &state, &sha256_generate_fail_6_4 );
1356 reseed_ok ( &state, &sha256_reseed_6_5 );
1357 generate_ok ( &state, &sha256_generate_6_6 );
1359 /* SHA-256 Test 7 */
1360 instantiate_ok ( &state, &sha256_instantiate_7 );
1361 force_reseed_required ( &state ); /* See above comments */
1362 generate_fail_ok ( &state, &sha256_generate_fail_7_1 );
1363 reseed_ok ( &state, &sha256_reseed_7_2 );
1364 generate_ok ( &state, &sha256_generate_7_3 );
1365 force_reseed_required ( &state ); /* See above comments */
1366 generate_fail_ok ( &state, &sha256_generate_fail_7_4 );
1367 reseed_ok ( &state, &sha256_reseed_7_5 );
1368 generate_ok ( &state, &sha256_generate_7_6 );
1370 /* SHA-256 Test 8 */
1371 instantiate_ok ( &state, &sha256_instantiate_8 );
1372 force_reseed_required ( &state ); /* See above comments */
1373 generate_fail_ok ( &state, &sha256_generate_fail_8_1 );
1374 reseed_ok ( &state, &sha256_reseed_8_2 );
1375 generate_ok ( &state, &sha256_generate_8_3 );
1376 force_reseed_required ( &state ); /* See above comments */
1377 generate_fail_ok ( &state, &sha256_generate_fail_8_4 );
1378 reseed_ok ( &state, &sha256_reseed_8_5 );
1379 generate_ok ( &state, &sha256_generate_8_6 );
1382 /** HMAC_DRBG self-test */
1383 struct self_test hmac_drbg_test __self_test = {
1384 .name = "hmac_drbg",
1385 .exec = hmac_drbg_test_exec,