2 * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License as
6 * published by the Free Software Foundation; either version 2 of the
7 * License, or any later version.
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19 * You can also choose to distribute this program under the terms of
20 * the Unmodified Binary Distribution Licence (as given in the file
21 * COPYING.UBDL), provided that you have satisfied its requirements.
24 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
30 * These test vectors are provided by NIST as part of the
31 * Cryptographic Toolkit Examples, downloadable from:
33 * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/HMAC_DRBG.pdf
37 /* Forcibly enable assertions */
42 #include <ipxe/hmac_drbg.h>
43 #include <ipxe/sha1.h>
44 #include <ipxe/sha256.h>
45 #include <ipxe/test.h>
47 /** Define inline expected data */
48 #define EXPECT(...) { __VA_ARGS__ }
50 /** An HMAC_DRBG instantiation test */
51 struct hmac_drbg_test_instantiate {
52 /** Underlying hash algorithm */
53 struct digest_algorithm *hash;
54 /** Output block length */
58 /** Length of entropy */
62 /** Length of nonce */
64 /** Personalisation string */
66 /** Length of personalisation string */
69 const void *expected_key;
70 /** Length of expected key */
71 size_t expected_key_len;
73 const void *expected_value;
74 /** Length of expected value */
75 size_t expected_value_len;
79 * Define an HMAC_DRBG instantiation test
82 * @v hmac_drbg HMAC_DRBG algorithm
83 * @v entropy_array Entropy input
84 * @v nonce_array Nonce
85 * @v personal_array Personalisation string
87 * @v value Expected value
88 * @ret test Instantiation test
90 #define HMAC_DRBG_TEST_INSTANTIATE( name, hmac_drbg, entropy_array, \
91 nonce_array, personal_array, \
93 static const uint8_t name ## _key [] = key; \
94 static const uint8_t name ## _value [] = value; \
95 static struct hmac_drbg_test_instantiate name = { \
96 .hash = HMAC_DRBG_HASH ( hmac_drbg ), \
97 .out_len = HMAC_DRBG_OUTLEN_BYTES ( hmac_drbg ), \
98 .entropy = entropy_array, \
99 .entropy_len = sizeof ( entropy_array ), \
100 .nonce = nonce_array, \
101 .nonce_len = sizeof ( nonce_array ), \
102 .personal = personal_array, \
103 .personal_len = sizeof ( personal_array ), \
104 .expected_key = name ## _key, \
105 .expected_key_len = sizeof ( name ## _key ), \
106 .expected_value = name ## _value, \
107 .expected_value_len = sizeof ( name ## _value ), \
111 * Report instantiation test result
113 * @v state HMAC_DRBG internal state
114 * @v test Instantiation test
116 #define instantiate_ok( state, test ) do { \
118 uint8_t entropy[(test)->entropy_len]; \
119 uint8_t nonce[(test)->nonce_len]; \
120 } __attribute__ (( packed )) entropy_nonce; \
122 assert ( (test)->expected_key_len == (test)->out_len ); \
123 assert ( (test)->expected_value_len == (test)->out_len ); \
124 memcpy ( entropy_nonce.entropy, (test)->entropy, \
125 sizeof ( entropy_nonce.entropy ) ); \
126 memcpy ( entropy_nonce.nonce, (test)->nonce, \
127 sizeof ( entropy_nonce.nonce ) ); \
128 hmac_drbg_instantiate ( (test)->hash, (state), &entropy_nonce, \
129 sizeof ( entropy_nonce ), \
131 (test)->personal_len ); \
132 ok ( memcmp ( (state)->key, (test)->expected_key, \
133 (test)->expected_key_len ) == 0 ); \
134 ok ( memcmp ( (state)->value, (test)->expected_value, \
135 (test)->expected_value_len ) == 0 ); \
138 /** An HMAC_DRBG reseed test */
139 struct hmac_drbg_test_reseed {
140 /** Underlying hash algorithm */
141 struct digest_algorithm *hash;
142 /** Output block length */
146 /** Length of entropy */
148 /** Additional input */
149 const void *additional;
150 /** Length of additional_input */
151 size_t additional_len;
153 const void *expected_key;
154 /** Length of expected key */
155 size_t expected_key_len;
156 /** Expected value */
157 const void *expected_value;
158 /** Length of expected value */
159 size_t expected_value_len;
163 * Define an HMAC_DRBG reseed test
166 * @v hmac_drbg HMAC_DRBG algorithm
167 * @v entropy_array Entropy input
168 * @v additional_array Additional input
169 * @v key Expected key
170 * @v value Expected value
171 * @ret test Reseed test
173 #define HMAC_DRBG_TEST_RESEED( name, hmac_drbg, entropy_array, \
174 additional_array, key, value ) \
175 static const uint8_t name ## _key [] = key; \
176 static const uint8_t name ## _value [] = value; \
177 static struct hmac_drbg_test_reseed name = { \
178 .hash = HMAC_DRBG_HASH ( hmac_drbg ), \
179 .out_len = HMAC_DRBG_OUTLEN_BYTES ( hmac_drbg ), \
180 .entropy = entropy_array, \
181 .entropy_len = sizeof ( entropy_array ), \
182 .additional = additional_array, \
183 .additional_len = sizeof ( additional_array ), \
184 .expected_key = name ## _key, \
185 .expected_key_len = sizeof ( name ## _key ), \
186 .expected_value = name ## _value, \
187 .expected_value_len = sizeof ( name ## _value ), \
191 * Report reseed test result
193 * @v state HMAC_DRBG internal state
194 * @v test Reseed test
196 #define reseed_ok( state, test ) do { \
197 assert ( (test)->expected_key_len == (test)->out_len ); \
198 assert ( (test)->expected_value_len == (test)->out_len ); \
199 hmac_drbg_reseed ( (test)->hash, (state), (test)->entropy, \
200 (test)->entropy_len, (test)->additional, \
201 (test)->additional_len ); \
202 ok ( memcmp ( (state)->key, (test)->expected_key, \
203 (test)->expected_key_len ) == 0 ); \
204 ok ( memcmp ( (state)->value, (test)->expected_value, \
205 (test)->expected_value_len ) == 0 ); \
208 /** An HMAC_DRBG generation test */
209 struct hmac_drbg_test_generate {
210 /** Underlying hash algorithm */
211 struct digest_algorithm *hash;
212 /** Output block length */
214 /** Additional input */
215 const void *additional;
216 /** Length of additional_input */
217 size_t additional_len;
219 const void *expected_key;
220 /** Length of expected key */
221 size_t expected_key_len;
222 /** Expected value */
223 const void *expected_value;
224 /** Length of expected value */
225 size_t expected_value_len;
226 /** Expected pseudorandom data */
227 const void *expected_data;
228 /** Length of data */
229 size_t expected_data_len;
233 * Define an HMAC_DRBG generation test
236 * @v hmac_drbg HMAC_DRBG algorithm
237 * @v additional_array Additional input
238 * @v key Expected key
239 * @v value Expected value
240 * @v data Expected pseudorandom data
241 * @ret test Generation test
243 #define HMAC_DRBG_TEST_GENERATE( name, hmac_drbg, additional_array, \
245 static const uint8_t name ## _key [] = key; \
246 static const uint8_t name ## _value [] = value; \
247 static const uint8_t name ## _data [] = data; \
248 static struct hmac_drbg_test_generate name = { \
249 .hash = HMAC_DRBG_HASH ( hmac_drbg ), \
250 .out_len = HMAC_DRBG_OUTLEN_BYTES ( hmac_drbg ), \
251 .additional = additional_array, \
252 .additional_len = sizeof ( additional_array ), \
253 .expected_key = name ## _key, \
254 .expected_key_len = sizeof ( name ## _key ), \
255 .expected_value = name ## _value, \
256 .expected_value_len = sizeof ( name ## _value ), \
257 .expected_data = name ## _data, \
258 .expected_data_len = sizeof ( name ## _data ), \
262 * Report generation test result
264 * @v state HMAC_DRBG internal state
265 * @v test Generation test
267 #define generate_ok( state, test ) do { \
268 uint8_t data[ (test)->expected_data_len ]; \
271 assert ( (test)->expected_key_len == (test)->out_len ); \
272 assert ( (test)->expected_value_len == (test)->out_len ); \
273 rc = hmac_drbg_generate ( (test)->hash, (state), \
274 (test)->additional, \
275 (test)->additional_len, \
276 data, sizeof ( data ) ); \
278 ok ( memcmp ( (state)->key, (test)->expected_key, \
279 (test)->expected_key_len ) == 0 ); \
280 ok ( memcmp ( (state)->value, (test)->expected_value, \
281 (test)->expected_value_len ) == 0 ); \
282 ok ( memcmp ( data, (test)->expected_data, \
283 (test)->expected_data_len ) == 0 ); \
286 /** An HMAC_DRBG generation failure test */
287 struct hmac_drbg_test_generate_fail {
288 /** Underlying hash algorithm */
289 struct digest_algorithm *hash;
290 /** Additional input */
291 const void *additional;
292 /** Length of additional_input */
293 size_t additional_len;
294 /** Length of requested data */
295 size_t requested_len;
299 * Define an HMAC_DRBG generation failure test
302 * @v hmac_drbg HMAC_DRBG algorithm
303 * @v additional_array Additional input
304 * @ret test Generation failure test
306 #define HMAC_DRBG_TEST_GENERATE_FAIL( name, hmac_drbg, \
307 additional_array, len ) \
308 static struct hmac_drbg_test_generate_fail name = { \
309 .hash = HMAC_DRBG_HASH ( hmac_drbg ), \
310 .additional = additional_array, \
311 .additional_len = sizeof ( additional_array ), \
312 .requested_len = len, \
316 * Report generation failure test result
318 * @v state HMAC_DRBG internal state
319 * @v test Generation failure test
321 #define generate_fail_ok( state, test ) do { \
322 uint8_t data[ (test)->requested_len ]; \
325 rc = hmac_drbg_generate ( (test)->hash, (state), \
326 (test)->additional, \
327 (test)->additional_len, data, \
332 /** "EntropyInput" */
333 static const uint8_t entropy_input[] = {
334 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
335 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
336 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
337 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
338 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36
341 /** "Nonce" for SHA-1 */
342 static const uint8_t nonce_sha1[] = {
343 0x20, 0x21, 0x22, 0x23, 0x24
346 /** "Nonce" for SHA-256 */
347 static const uint8_t nonce_sha256[] = {
348 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27
351 /** "EntropyInput1 (for Reseed1) */
352 static const uint8_t entropy_input_1[] = {
353 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b,
354 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
355 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3,
356 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
357 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6
360 /** "EntropyInput2 (for Reseed2) */
361 static const uint8_t entropy_input_2[] = {
362 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb,
363 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
364 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3,
365 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
366 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6
369 /** "PersonalizationString = <empty>" */
370 static const uint8_t personalisation_string_empty[] = {};
372 /** "PersonalizationString" */
373 static const uint8_t personalisation_string[] = {
374 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b,
375 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
376 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, 0x60, 0x61, 0x62, 0x63,
377 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
378 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76
381 /** "AdditionalInput = <empty>" */
382 static const uint8_t additional_input_empty[] = {};
384 /** "AdditionalInput1" */
385 static const uint8_t additional_input_1[] = {
386 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
387 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
388 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83,
389 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
390 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96
393 /** "AdditionalInput2" */
394 static const uint8_t additional_input_2[] = {
395 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab,
396 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
397 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, 0xc0, 0xc1, 0xc2, 0xc3,
398 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
399 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6
402 /** SHA-1 Test 1 : Instantiation */
403 HMAC_DRBG_TEST_INSTANTIATE ( sha1_instantiate_1, HMAC_DRBG_SHA1,
404 entropy_input, nonce_sha1, personalisation_string_empty,
405 EXPECT ( 0xab, 0x16, 0x0d, 0xd2, 0x1c, 0x30, 0x98, 0x0c, 0xa3, 0xca,
406 0x5a, 0x9c, 0x77, 0xb7, 0xbd, 0xf0, 0x50, 0xe6, 0x4e, 0xe9 ),
407 EXPECT ( 0x61, 0x44, 0x99, 0xea, 0x98, 0x0c, 0xfb, 0x3d, 0xaa, 0x2c,
408 0xa8, 0x6d, 0x65, 0xa4, 0x6b, 0xf4, 0x48, 0x8d, 0x8c, 0xc5 ) );
410 /** SHA-1 Test 1.1 : First call to Generate */
411 HMAC_DRBG_TEST_GENERATE ( sha1_generate_1_1, HMAC_DRBG_SHA1,
412 additional_input_empty,
413 EXPECT ( 0x7b, 0xb1, 0x80, 0x28, 0xe0, 0x1d, 0x03, 0x42, 0xdf, 0x4f,
414 0x54, 0xda, 0x51, 0x22, 0xfa, 0x5f, 0x2c, 0x3a, 0x05, 0xe4 ),
415 EXPECT ( 0x2f, 0x89, 0x4f, 0x28, 0xcc, 0x2f, 0x53, 0x82, 0x96, 0x40,
416 0x64, 0x3a, 0xd1, 0x7b, 0x84, 0xb0, 0xcd, 0x3c, 0x79, 0x79 ),
417 EXPECT ( 0x5a, 0x7d, 0x3b, 0x44, 0x9f, 0x48, 0x1c, 0xb3, 0x8d, 0xf7,
418 0x9a, 0xd2, 0xb1, 0xfc, 0xc0, 0x1e, 0x57, 0xf8, 0x13, 0x5e,
419 0x8c, 0x0b, 0x22, 0xcd, 0x06, 0x30, 0xbf, 0xb0, 0x12, 0x7f,
420 0xb5, 0x40, 0x8c, 0x8e, 0xfc, 0x17, 0xa9, 0x29, 0x89, 0x6e ) );
422 /** SHA-1 Test 1.2 : Second call to Generate */
423 HMAC_DRBG_TEST_GENERATE ( sha1_generate_1_2, HMAC_DRBG_SHA1,
424 additional_input_empty,
425 EXPECT ( 0x3d, 0x4d, 0x73, 0x77, 0xe9, 0x17, 0x2a, 0xaf, 0xa7, 0x76,
426 0xb0, 0xdd, 0xcb, 0x89, 0x42, 0x00, 0x4a, 0x44, 0xb7, 0xfd ),
427 EXPECT ( 0x1a, 0x26, 0xbd, 0x9b, 0xfc, 0x97, 0x44, 0xbd, 0x29, 0xf6,
428 0xae, 0xbe, 0x24, 0x37, 0xe2, 0x09, 0xf1, 0xf7, 0x16, 0x25 ),
429 EXPECT ( 0x82, 0xcf, 0x77, 0x2e, 0xc3, 0xe8, 0x4b, 0x00, 0xfc, 0x74,
430 0xf5, 0xdf, 0x10, 0x4e, 0xfb, 0xfb, 0x24, 0x28, 0x55, 0x4e,
431 0x9c, 0xe3, 0x67, 0xd0, 0x3a, 0xea, 0xde, 0x37, 0x82, 0x7f,
432 0xa8, 0xe9, 0xcb, 0x6a, 0x08, 0x19, 0x61, 0x15, 0xd9, 0x48 ) );
434 /** SHA-1 Test 2 : Instantiation */
435 #define sha1_instantiate_2 sha1_instantiate_1
437 /** SHA-1 Test 2.1 : First call to Generate */
438 HMAC_DRBG_TEST_GENERATE ( sha1_generate_2_1, HMAC_DRBG_SHA1,
440 EXPECT ( 0x3a, 0x06, 0x2e, 0x6b, 0x79, 0xfe, 0x70, 0xdb, 0xff, 0xeb,
441 0x3a, 0x2b, 0x6b, 0xe8, 0x03, 0x23, 0xf7, 0xd6, 0x74, 0xc5 ),
442 EXPECT ( 0xbd, 0x36, 0x31, 0x28, 0xbf, 0x58, 0x0d, 0x7a, 0x54, 0x42,
443 0x9d, 0xdd, 0x58, 0xe8, 0x19, 0x3b, 0x98, 0x43, 0xbd, 0x2b ),
444 EXPECT ( 0xc7, 0xaa, 0xac, 0x58, 0x3c, 0x6e, 0xf6, 0x30, 0x07, 0x14,
445 0xc2, 0xcc, 0x5d, 0x06, 0xc1, 0x48, 0xcf, 0xfb, 0x40, 0x44,
446 0x9a, 0xd0, 0xbb, 0x26, 0xfa, 0xc0, 0x49, 0x7b, 0x5c, 0x57,
447 0xe1, 0x61, 0xe3, 0x66, 0x81, 0xbc, 0xc9, 0x30, 0xce, 0x80 ) );
449 /** SHA-1 Test 2.2 : Second call to Generate */
450 HMAC_DRBG_TEST_GENERATE ( sha1_generate_2_2, HMAC_DRBG_SHA1,
452 EXPECT ( 0x8a, 0xd7, 0xe3, 0x47, 0x72, 0xb5, 0xfc, 0x7c, 0x3b, 0x3b,
453 0x27, 0x62, 0x4f, 0x0b, 0x91, 0x77, 0x6a, 0x8a, 0x71, 0x12 ),
454 EXPECT ( 0xd7, 0x13, 0x76, 0xa4, 0x6d, 0x76, 0x4b, 0x17, 0xc3, 0xb7,
455 0x39, 0x34, 0x7b, 0x38, 0x4e, 0x51, 0x51, 0xe8, 0x7e, 0x88 ),
456 EXPECT ( 0x6e, 0xbd, 0x2b, 0x7b, 0x5e, 0x0a, 0x2a, 0xd7, 0xa2, 0x4b,
457 0x1b, 0xf9, 0xa1, 0xdb, 0xa4, 0x7d, 0x43, 0x27, 0x17, 0x19,
458 0xb9, 0xc3, 0x7b, 0x7f, 0xe8, 0x1b, 0xa9, 0x40, 0x45, 0xa1,
459 0x4a, 0x7c, 0xb5, 0x14, 0xb4, 0x46, 0x66, 0x6e, 0xa5, 0xa7 ) );
461 /** SHA-1 Test 3 : Instantiation */
462 HMAC_DRBG_TEST_INSTANTIATE ( sha1_instantiate_3, HMAC_DRBG_SHA1,
463 entropy_input, nonce_sha1, personalisation_string,
464 EXPECT ( 0xb7, 0xd9, 0x66, 0xd7, 0x0d, 0x4e, 0x27, 0xa7, 0xfa, 0x83,
465 0x8f, 0x7d, 0x61, 0x12, 0x6c, 0x0e, 0xdc, 0x84, 0x76, 0x1c ),
466 EXPECT ( 0xda, 0xb2, 0xa7, 0x18, 0x83, 0xf1, 0x00, 0x5c, 0x5d, 0xd0,
467 0x39, 0x32, 0x4d, 0x3c, 0x36, 0x4d, 0x6e, 0x18, 0xf9, 0x54 ) );
469 /** SHA-1 Test 3.1 : First call to Generate */
470 HMAC_DRBG_TEST_GENERATE ( sha1_generate_3_1, HMAC_DRBG_SHA1,
471 additional_input_empty,
472 EXPECT ( 0x87, 0xd3, 0x82, 0x8b, 0xe0, 0x3a, 0x80, 0x7d, 0xd3, 0x40,
473 0x29, 0x41, 0xbe, 0xd6, 0xde, 0x98, 0x6e, 0xe7, 0xa2, 0x86 ),
474 EXPECT ( 0x6a, 0xe1, 0xd0, 0x08, 0x6f, 0x53, 0xb1, 0xb7, 0x63, 0xa4,
475 0x51, 0x5b, 0x19, 0x06, 0xfe, 0xe4, 0x76, 0x61, 0xfd, 0x47 ),
476 EXPECT ( 0xb3, 0xbd, 0x05, 0x24, 0x6c, 0xba, 0x12, 0xa6, 0x47, 0x35,
477 0xa4, 0xe3, 0xfd, 0xe5, 0x99, 0xbc, 0x1b, 0xe3, 0x0f, 0x43,
478 0x9b, 0xd0, 0x60, 0x20, 0x8e, 0xea, 0x7d, 0x71, 0xf9, 0xd1,
479 0x23, 0xdf, 0x47, 0xb3, 0xce, 0x06, 0x9d, 0x98, 0xed, 0xe6 ) );
481 /** SHA-1 Test 3.2 : Second call to Generate */
482 HMAC_DRBG_TEST_GENERATE ( sha1_generate_3_2, HMAC_DRBG_SHA1,
483 additional_input_empty,
484 EXPECT ( 0x26, 0xab, 0xbf, 0x54, 0xb2, 0x8b, 0x93, 0xff, 0x90, 0x08,
485 0x67, 0x0e, 0xbf, 0xee, 0x86, 0xcd, 0xd7, 0x22, 0x8e, 0xd5 ),
486 EXPECT ( 0xe9, 0x25, 0x47, 0x29, 0xe0, 0x02, 0x04, 0xa1, 0xb6, 0xc0,
487 0x21, 0x58, 0xa6, 0xc7, 0x27, 0x86, 0x47, 0x14, 0xf1, 0xf7 ),
488 EXPECT ( 0xb5, 0xda, 0xda, 0x38, 0x0e, 0x28, 0x72, 0xdf, 0x93, 0x5b,
489 0xca, 0x55, 0xb8, 0x82, 0xc8, 0xc9, 0x37, 0x69, 0x02, 0xab,
490 0x63, 0x97, 0x65, 0x47, 0x2b, 0x71, 0xac, 0xeb, 0xe2, 0xea,
491 0x8b, 0x1b, 0x6b, 0x49, 0x62, 0x9c, 0xb6, 0x73, 0x17, 0xe0 ) );
493 /** SHA-1 Test 4 : Instantiation */
494 #define sha1_instantiate_4 sha1_instantiate_3
496 /** SHA-1 Test 4.1 : First call to Generate */
497 HMAC_DRBG_TEST_GENERATE ( sha1_generate_4_1, HMAC_DRBG_SHA1,
499 EXPECT ( 0x17, 0xa5, 0xd7, 0x9f, 0x07, 0x67, 0x87, 0x6f, 0x3a, 0x45,
500 0xe0, 0xc9, 0xc3, 0x3e, 0xc8, 0x8b, 0x03, 0xce, 0xea, 0x13 ),
501 EXPECT ( 0x4d, 0x2f, 0x3b, 0xc7, 0x77, 0x50, 0x5c, 0x45, 0xf7, 0xe1,
502 0x7d, 0xcd, 0x3d, 0x86, 0xbf, 0x37, 0x9c, 0xb6, 0x02, 0x5e ),
503 EXPECT ( 0x1f, 0x8f, 0xec, 0x7b, 0xc7, 0xcf, 0xa9, 0xa8, 0x80, 0x34,
504 0x5d, 0x28, 0x0b, 0x13, 0xc6, 0x32, 0xb8, 0x52, 0x77, 0x0a,
505 0x6d, 0xfc, 0x30, 0x2e, 0xad, 0x4c, 0xe3, 0xf5, 0x54, 0xc7,
506 0x9b, 0x0d, 0x44, 0x23, 0x9e, 0xba, 0x56, 0xa7, 0xea, 0x2d ) );
508 /** SHA-1 Test 4.2 : Second call to Generate */
509 HMAC_DRBG_TEST_GENERATE ( sha1_generate_4_2, HMAC_DRBG_SHA1,
511 EXPECT ( 0x07, 0x9b, 0x57, 0xd9, 0x40, 0x6e, 0x11, 0xc2, 0xf8, 0x7c,
512 0x8c, 0x82, 0x8c, 0x8c, 0x6f, 0xa7, 0x6e, 0x40, 0xea, 0x01 ),
513 EXPECT ( 0xa6, 0x54, 0xfe, 0x72, 0xf8, 0xa7, 0x7b, 0xb8, 0xf0, 0x3d,
514 0xff, 0x07, 0xc7, 0x9a, 0x51, 0x53, 0x00, 0x9e, 0xdd, 0xda ),
515 EXPECT ( 0xaf, 0x97, 0xcd, 0xe1, 0xe8, 0xab, 0x32, 0x2a, 0x2e, 0xac,
516 0xa8, 0xe6, 0xf4, 0xe5, 0xbf, 0x78, 0xa1, 0x1b, 0xde, 0xf7,
517 0xdc, 0x91, 0x21, 0x5d, 0x44, 0xb1, 0x07, 0xb4, 0xd5, 0xa7,
518 0x79, 0x01, 0x59, 0x25, 0x09, 0x76, 0x52, 0x80, 0xf9, 0x69 ) );
520 /** SHA-1 Test 5 : Instantiation */
521 #define sha1_instantiate_5 sha1_instantiate_1
523 /** SHA-1 Test 5.1 : First call to Generate */
524 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_5_1, HMAC_DRBG_SHA1,
525 additional_input_empty, ( 320 / 8 ) );
527 /** SHA-1 Test 5.2 : Reseed */
528 HMAC_DRBG_TEST_RESEED ( sha1_reseed_5_2, HMAC_DRBG_SHA1,
529 entropy_input_1, additional_input_empty,
530 EXPECT ( 0xcd, 0x4c, 0xab, 0x38, 0xc8, 0xad, 0x65, 0x71, 0x22, 0xbf,
531 0x5d, 0x3d, 0x00, 0xd0, 0xac, 0x9b, 0x13, 0xd6, 0x29, 0xbb ),
532 EXPECT ( 0xf6, 0x60, 0xe2, 0x3e, 0x91, 0x00, 0x6b, 0x62, 0xc6, 0x54,
533 0x3a, 0xb1, 0x34, 0x4d, 0x23, 0xa3, 0x1a, 0xb4, 0xcf, 0x2c ) );
535 /** SHA-1 Test 5.3 : Retried first call to Generate */
536 HMAC_DRBG_TEST_GENERATE ( sha1_generate_5_3, HMAC_DRBG_SHA1,
537 additional_input_empty,
538 EXPECT ( 0x58, 0x7f, 0xd8, 0x21, 0xef, 0x6c, 0x9d, 0xa4, 0xa8, 0x3c,
539 0x19, 0x21, 0x1f, 0x10, 0x56, 0xca, 0xcd, 0x23, 0xfc, 0x1a ),
540 EXPECT ( 0x84, 0x8f, 0xd1, 0x4c, 0x13, 0xb7, 0xea, 0x93, 0x72, 0x0c,
541 0xcf, 0xde, 0x71, 0xf2, 0xf6, 0x44, 0x39, 0xdb, 0x79, 0x5d ),
542 EXPECT ( 0xfe, 0xc4, 0x59, 0x7f, 0x06, 0xa3, 0xa8, 0xcc, 0x85, 0x29,
543 0xd5, 0x95, 0x57, 0xb9, 0xe6, 0x61, 0x05, 0x38, 0x09, 0xc0,
544 0xbc, 0x0e, 0xfc, 0x28, 0x2a, 0xbd, 0x87, 0x60, 0x5c, 0xc9,
545 0x0c, 0xba, 0x9b, 0x86, 0x33, 0xdc, 0xb1, 0xda, 0xe0, 0x2e ) );
547 /** SHA-1 Test 5.4 : Second call to Generate */
548 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_5_4, HMAC_DRBG_SHA1,
549 additional_input_empty, ( 320 / 8 ) );
551 /** SHA-1 Test 5.5 : Reseed */
552 HMAC_DRBG_TEST_RESEED ( sha1_reseed_5_5, HMAC_DRBG_SHA1,
553 entropy_input_2, additional_input_empty,
554 EXPECT ( 0xdb, 0xa1, 0xcf, 0xf4, 0x87, 0x95, 0x46, 0xa0, 0x38, 0xa5,
555 0x59, 0xb2, 0xa2, 0x4d, 0xf2, 0xc0, 0x30, 0x08, 0x9a, 0x41 ),
556 EXPECT ( 0x2f, 0x88, 0x3c, 0x46, 0x48, 0xe1, 0x31, 0xe8, 0x6d, 0xdf,
557 0x9d, 0xca, 0x0d, 0x74, 0xf3, 0x0c, 0xa1, 0xce, 0x6e, 0xfb ) );
559 /** SHA-1 Test 5.6 : Retried second call to Generate */
560 HMAC_DRBG_TEST_GENERATE ( sha1_generate_5_6, HMAC_DRBG_SHA1,
561 additional_input_empty,
562 EXPECT ( 0xf9, 0x39, 0xa5, 0xab, 0x08, 0xa3, 0x9f, 0x23, 0x10, 0x70,
563 0xb0, 0xd4, 0xc9, 0x6d, 0xc2, 0x37, 0x90, 0xba, 0x01, 0x53 ),
564 EXPECT ( 0xce, 0x6d, 0x08, 0xb4, 0xae, 0x2c, 0xe3, 0x83, 0xfd, 0xab,
565 0xb0, 0x1e, 0xaa, 0xfc, 0x9c, 0x8e, 0x76, 0xa0, 0xd4, 0x72 ),
566 EXPECT ( 0x84, 0xad, 0xd5, 0xe2, 0xd2, 0x04, 0x1c, 0x01, 0x72, 0x3a,
567 0x4d, 0xe4, 0x33, 0x5b, 0x13, 0xef, 0xdf, 0x16, 0xb0, 0xe5,
568 0x1a, 0x0a, 0xd3, 0x9b, 0xd1, 0x5e, 0x86, 0x2e, 0x64, 0x4f,
569 0x31, 0xe4, 0xa2, 0xd7, 0xd8, 0x43, 0xe5, 0x7c, 0x59, 0x68 ) );
571 /** SHA-1 Test 6 : Instantiate */
572 #define sha1_instantiate_6 sha1_instantiate_1
574 /** SHA-1 Test 6.1 : First call to Generate */
575 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_6_1, HMAC_DRBG_SHA1,
576 additional_input_1, ( 320 / 8 ) );
578 /** SHA-1 Test 6.2 : Reseed */
579 HMAC_DRBG_TEST_RESEED ( sha1_reseed_6_2, HMAC_DRBG_SHA1,
580 entropy_input_1, additional_input_1,
581 EXPECT ( 0x52, 0x28, 0xa4, 0xb6, 0xa4, 0x46, 0x92, 0x90, 0x5e, 0xc0,
582 0x44, 0xbf, 0xf0, 0xbb, 0x4e, 0x25, 0xa3, 0x87, 0xca, 0xc1 ),
583 EXPECT ( 0x24, 0x77, 0x32, 0xd0, 0x4c, 0xb8, 0x4e, 0xd4, 0x1a, 0xdd,
584 0x95, 0xa4, 0xb7, 0x8b, 0x50, 0xcd, 0x9b, 0x3d, 0x3f, 0x32 ) );
586 /** SHA-1 Test 6.3 : Retried first call to Generate */
587 HMAC_DRBG_TEST_GENERATE ( sha1_generate_6_3, HMAC_DRBG_SHA1,
588 additional_input_empty,
589 EXPECT ( 0xab, 0x3d, 0xd4, 0x89, 0x5b, 0xc8, 0xcd, 0x22, 0x71, 0xde,
590 0xba, 0x5f, 0x3c, 0x13, 0x63, 0x52, 0x6b, 0x8b, 0x74, 0x52 ),
591 EXPECT ( 0xa8, 0x66, 0xc5, 0xef, 0xf2, 0xaf, 0x04, 0x2b, 0x11, 0x86,
592 0x44, 0x94, 0x45, 0x23, 0x7f, 0x9c, 0x02, 0x44, 0x98, 0x64 ),
593 EXPECT ( 0xa1, 0xba, 0x8f, 0xa5, 0x8b, 0xb5, 0x01, 0x3f, 0x43, 0xf7,
594 0xb6, 0xed, 0x52, 0xb4, 0x53, 0x9f, 0xa1, 0x6d, 0xc7, 0x79,
595 0x57, 0xae, 0xe8, 0x15, 0xb9, 0xc0, 0x70, 0x04, 0xc7, 0xe9,
596 0x92, 0xeb, 0x8c, 0x7e, 0x59, 0x19, 0x64, 0xaf, 0xee, 0xa2 ) );
598 /** SHA-1 Test 6.4 : Second call to Generate */
599 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_6_4, HMAC_DRBG_SHA1,
600 additional_input_2, ( 320 / 8 ) );
602 /** SHA-1 Test 6.5 : Reseed */
603 HMAC_DRBG_TEST_RESEED ( sha1_reseed_6_5, HMAC_DRBG_SHA1,
604 entropy_input_2, additional_input_2,
605 EXPECT ( 0xe5, 0x73, 0x9f, 0x9c, 0xf7, 0xff, 0x43, 0x84, 0xd1, 0x27,
606 0x3e, 0x02, 0x6b, 0x45, 0x31, 0x21, 0x36, 0x49, 0x4f, 0x41 ),
607 EXPECT ( 0x30, 0xc3, 0x43, 0x05, 0xc2, 0xc6, 0x48, 0xb0, 0x57, 0xa6,
608 0x40, 0x22, 0x1b, 0x5c, 0x56, 0x57, 0x26, 0xcd, 0x32, 0xb2 ) );
610 /** SHA-1 Test 6.6 : Retried second call to Generate */
611 HMAC_DRBG_TEST_GENERATE ( sha1_generate_6_6, HMAC_DRBG_SHA1,
612 additional_input_empty,
613 EXPECT ( 0x61, 0x91, 0xca, 0x9b, 0xf0, 0x00, 0xd1, 0x0a, 0x71, 0x69,
614 0x0a, 0xc1, 0x0e, 0x09, 0xff, 0xc8, 0x92, 0xab, 0xde, 0x9a ),
615 EXPECT ( 0x1e, 0xc0, 0x49, 0x0f, 0xa0, 0xb7, 0x65, 0x52, 0x7e, 0x5e,
616 0xa1, 0x8b, 0x53, 0x22, 0xb2, 0x8b, 0xdd, 0x0e, 0x7b, 0xc0 ),
617 EXPECT ( 0x84, 0x26, 0x4a, 0x73, 0xa8, 0x18, 0xc9, 0x5c, 0x2f, 0x42,
618 0x4b, 0x37, 0xd3, 0xcc, 0x99, 0x0b, 0x04, 0x6f, 0xb5, 0x0c,
619 0x2d, 0xc6, 0x4a, 0x16, 0x42, 0x11, 0x88, 0x9a, 0x01, 0x0f,
620 0x24, 0x71, 0xa0, 0x91, 0x2f, 0xfe, 0xa1, 0xbf, 0x01, 0x95 ) );
622 /** SHA-1 Test 7 : Instantiation */
623 #define sha1_instantiate_7 sha1_instantiate_3
625 /** SHA-1 Test 7.1 : First call to Generate */
626 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_7_1, HMAC_DRBG_SHA1,
627 additional_input_empty, ( 320 / 8 ) );
629 /** SHA-1 Test 7.2 : Reseed */
630 HMAC_DRBG_TEST_RESEED ( sha1_reseed_7_2, HMAC_DRBG_SHA1,
631 entropy_input_1, additional_input_empty,
632 EXPECT ( 0xb9, 0x25, 0x4d, 0x8a, 0xac, 0xba, 0x43, 0xfb, 0xda, 0xe6,
633 0x39, 0x4f, 0x2b, 0x3a, 0xfc, 0x5d, 0x58, 0x08, 0x00, 0xbf ),
634 EXPECT ( 0x28, 0x40, 0x3b, 0x60, 0x36, 0x38, 0xd0, 0x7d, 0x79, 0x66,
635 0x66, 0x1e, 0xf6, 0x7b, 0x9d, 0x39, 0x05, 0xf4, 0x6d, 0xb9 ) );
637 /** SHA-1 Test 7.3 : Retried first call to Generate */
638 HMAC_DRBG_TEST_GENERATE ( sha1_generate_7_3, HMAC_DRBG_SHA1,
639 additional_input_empty,
640 EXPECT ( 0x64, 0xfe, 0x07, 0x4a, 0x6e, 0x77, 0x97, 0xd1, 0xa4, 0x35,
641 0xda, 0x89, 0x64, 0x48, 0x4d, 0x6c, 0xf8, 0xbd, 0xc0, 0x1b ),
642 EXPECT ( 0x43, 0xe0, 0xc0, 0x52, 0x15, 0x86, 0xe9, 0x47, 0x3b, 0x06,
643 0x0d, 0x87, 0xd0, 0x8a, 0x23, 0x25, 0xfa, 0xe1, 0x49, 0xd1 ),
644 EXPECT ( 0x6c, 0x37, 0xfd, 0xd7, 0x29, 0xaa, 0x40, 0xf8, 0x0b, 0xc6,
645 0xab, 0x08, 0xca, 0x7c, 0xc6, 0x49, 0x79, 0x4f, 0x69, 0x98,
646 0xb5, 0x70, 0x81, 0xe4, 0x22, 0x0f, 0x22, 0xc5, 0xc2, 0x83,
647 0xe2, 0xc9, 0x1b, 0x8e, 0x30, 0x5a, 0xb8, 0x69, 0xc6, 0x25 ) );
649 /** SHA-1 Test 7.4 : Second call to Generate */
650 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_7_4, HMAC_DRBG_SHA1,
651 additional_input_empty, ( 320 / 8 ) );
653 /** SHA-1 Test 7.5 : Reseed */
654 HMAC_DRBG_TEST_RESEED ( sha1_reseed_7_5, HMAC_DRBG_SHA1,
655 entropy_input_2, additional_input_empty,
656 EXPECT ( 0x02, 0xbc, 0x57, 0x7f, 0xd1, 0x0e, 0xf7, 0x19, 0x3c, 0x1d,
657 0xb0, 0x98, 0xbd, 0x5b, 0x75, 0xc7, 0xc4, 0xb6, 0x79, 0x59 ),
658 EXPECT ( 0xbc, 0xbd, 0xf0, 0x52, 0xe0, 0xe0, 0x2a, 0xe8, 0x9a, 0x77,
659 0x67, 0x94, 0x3f, 0x98, 0x65, 0xb8, 0xb7, 0x22, 0x90, 0x2d ) );
661 /** SHA-1 Test 7.6 : Retried second call to Generate */
662 HMAC_DRBG_TEST_GENERATE ( sha1_generate_7_6, HMAC_DRBG_SHA1,
663 additional_input_empty,
664 EXPECT ( 0x1a, 0xa4, 0x24, 0x1c, 0x69, 0x5e, 0x29, 0xc0, 0xa5, 0x9a,
665 0xd1, 0x8a, 0x60, 0x70, 0xe3, 0x38, 0xa5, 0x48, 0xbe, 0x92 ),
666 EXPECT ( 0x03, 0x47, 0x35, 0x9b, 0xc9, 0xc7, 0xf8, 0x8c, 0xc8, 0x33,
667 0x0d, 0x4f, 0x59, 0xfb, 0xc7, 0x70, 0xb0, 0xb7, 0x7b, 0x03 ),
668 EXPECT ( 0xca, 0xf5, 0x7d, 0xcf, 0xea, 0x39, 0x3b, 0x92, 0x36, 0xbf,
669 0x69, 0x1f, 0xa4, 0x56, 0xfe, 0xa7, 0xfd, 0xf1, 0xdf, 0x83,
670 0x61, 0x48, 0x2c, 0xa5, 0x4d, 0x5f, 0xa7, 0x23, 0xf4, 0xc8,
671 0x8b, 0x4f, 0xa5, 0x04, 0xbf, 0x03, 0x27, 0x7f, 0xa7, 0x83 ) );
673 /** SHA-1 Test 8 : Instantiate */
674 #define sha1_instantiate_8 sha1_instantiate_3
676 /** SHA-1 Test 8.1 : First call to Generate */
677 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_8_1, HMAC_DRBG_SHA1,
678 additional_input_1, ( 320 / 8 ) );
680 /** SHA-1 Test 8.2 : Reseed */
681 HMAC_DRBG_TEST_RESEED ( sha1_reseed_8_2, HMAC_DRBG_SHA1,
682 entropy_input_1, additional_input_1,
683 EXPECT ( 0xc0, 0x95, 0x48, 0xc0, 0xd3, 0xc8, 0x61, 0xd7, 0x40, 0xf2,
684 0x83, 0x7d, 0x72, 0xb5, 0x07, 0x23, 0x5c, 0x26, 0xdb, 0x82 ),
685 EXPECT ( 0x17, 0x4b, 0x3f, 0x84, 0xc3, 0x53, 0x1f, 0x7c, 0x0a, 0x2e,
686 0x54, 0x21, 0x23, 0x4e, 0xa1, 0x6b, 0x70, 0x8d, 0xdf, 0x0d ) );
688 /** SHA-1 Test 8.3 : Retried first call to Generate */
689 HMAC_DRBG_TEST_GENERATE ( sha1_generate_8_3, HMAC_DRBG_SHA1,
690 additional_input_empty,
691 EXPECT ( 0x60, 0x3f, 0x09, 0x49, 0x27, 0x9c, 0x70, 0xe8, 0xc6, 0x6c,
692 0x0f, 0x56, 0x37, 0xc0, 0xf3, 0x75, 0x60, 0x07, 0xe5, 0xac ),
693 EXPECT ( 0xf2, 0xb3, 0x3b, 0x21, 0x15, 0x1f, 0xaf, 0x61, 0x20, 0x01,
694 0x83, 0x10, 0xf4, 0x4e, 0x4c, 0xd0, 0xbf, 0xe3, 0x68, 0xea ),
695 EXPECT ( 0xbd, 0x07, 0xc2, 0x5c, 0xfd, 0x7c, 0x5e, 0x3a, 0x4e, 0xaa,
696 0x6e, 0x2e, 0xdc, 0x5a, 0xb7, 0xea, 0x49, 0x42, 0xa0, 0x91,
697 0x34, 0x71, 0xfd, 0xa5, 0x5c, 0x6d, 0xdd, 0x2c, 0x03, 0xef,
698 0xa3, 0xb9, 0x64, 0x3a, 0xb3, 0xbb, 0x22, 0xf6, 0xc9, 0xf2 ) );
700 /** SHA-1 Test 8.4 : Second call to Generate */
701 HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_8_4, HMAC_DRBG_SHA1,
702 additional_input_2, ( 320 / 8 ) );
704 /** SHA-1 Test 8.5 : Reseed */
705 HMAC_DRBG_TEST_RESEED ( sha1_reseed_8_5, HMAC_DRBG_SHA1,
706 entropy_input_2, additional_input_2,
707 EXPECT ( 0x89, 0x42, 0xa5, 0x4f, 0x34, 0x9e, 0x28, 0x1b, 0x84, 0xaa,
708 0x46, 0x95, 0x87, 0xfb, 0xdd, 0xaf, 0x9d, 0x11, 0x40, 0x82 ),
709 EXPECT ( 0x07, 0x73, 0x0e, 0x3c, 0xbf, 0xfd, 0x3c, 0xaf, 0xd7, 0xa8,
710 0xaa, 0xe2, 0xbf, 0x01, 0xd6, 0x01, 0x43, 0x01, 0xe2, 0x4d ) );
712 /** SHA-1 Test 8.6 : Retried second call to Generate */
713 HMAC_DRBG_TEST_GENERATE ( sha1_generate_8_6, HMAC_DRBG_SHA1,
714 additional_input_empty,
715 EXPECT ( 0xbd, 0xe1, 0xb4, 0x6c, 0xdc, 0x54, 0x13, 0xb3, 0xd9, 0xf7,
716 0x35, 0xac, 0xdb, 0x80, 0xb1, 0x3c, 0x57, 0xbf, 0xe4, 0x73 ),
717 EXPECT ( 0x72, 0x5a, 0x3c, 0x78, 0x20, 0xde, 0x1a, 0x06, 0xd0, 0x95,
718 0x81, 0x9c, 0xcf, 0x6f, 0x2c, 0x9b, 0x3a, 0x67, 0xf2, 0xce ),
719 EXPECT ( 0xd1, 0xa9, 0xc1, 0xa2, 0x2c, 0x84, 0xfc, 0x23, 0xff, 0x22,
720 0x27, 0xef, 0x98, 0xec, 0x8b, 0xa9, 0xdf, 0x2a, 0x20, 0x9b,
721 0xa1, 0xdb, 0x09, 0x80, 0x9f, 0x57, 0xbf, 0xea, 0xe5, 0xb3,
722 0xe5, 0xf1, 0x46, 0xc7, 0x5f, 0x2d, 0x8d, 0xbb, 0x5e, 0x4a ) );
724 /** SHA-256 Test 1 : Instantiation */
725 HMAC_DRBG_TEST_INSTANTIATE ( sha256_instantiate_1, HMAC_DRBG_SHA256,
726 entropy_input, nonce_sha256, personalisation_string_empty,
727 EXPECT ( 0x3d, 0xda, 0x54, 0x3e, 0x7e, 0xef, 0x14, 0xf9, 0x36, 0x23,
728 0x7b, 0xe6, 0x5d, 0x09, 0x4b, 0x4d, 0xdc, 0x96, 0x9c, 0x0b,
729 0x2b, 0x5e, 0xaf, 0xb5, 0xd8, 0x05, 0xe8, 0x6c, 0xfa, 0x64,
731 EXPECT ( 0x2d, 0x02, 0xc2, 0xf8, 0x22, 0x51, 0x7d, 0x54, 0xb8, 0x17,
732 0x27, 0x9a, 0x59, 0x49, 0x1c, 0x41, 0xa1, 0x98, 0x9b, 0x3e,
733 0x38, 0x2d, 0xeb, 0xe8, 0x0d, 0x2c, 0x7f, 0x66, 0x0f, 0x44,
736 /** SHA-256 Test 1.1 : First call to Generate */
737 HMAC_DRBG_TEST_GENERATE ( sha256_generate_1_1, HMAC_DRBG_SHA256,
738 additional_input_empty,
739 EXPECT ( 0xdd, 0x30, 0x95, 0x79, 0x35, 0x38, 0x02, 0xcc, 0xdd, 0x43,
740 0x99, 0xc3, 0x69, 0x1c, 0x9d, 0xd9, 0x09, 0xdd, 0x3b, 0x2d,
741 0xd0, 0x03, 0xcc, 0xd5, 0x9d, 0x6f, 0x08, 0xd8, 0x5f, 0x2e,
743 EXPECT ( 0xa1, 0xc2, 0x0f, 0xf2, 0x70, 0xa3, 0x9d, 0x2b, 0x8d, 0x03,
744 0xd6, 0x59, 0xb9, 0xdd, 0xd0, 0x11, 0xc2, 0xcc, 0xdf, 0x24,
745 0x48, 0x55, 0x7e, 0xf6, 0xa1, 0xa9, 0x15, 0xd1, 0x89, 0x40,
747 EXPECT ( 0xd6, 0x7b, 0x8c, 0x17, 0x34, 0xf4, 0x6f, 0xa3, 0xf7, 0x63,
748 0xcf, 0x57, 0xc6, 0xf9, 0xf4, 0xf2, 0xdc, 0x10, 0x89, 0xbd,
749 0x8b, 0xc1, 0xf6, 0xf0, 0x23, 0x95, 0x0b, 0xfc, 0x56, 0x17,
750 0x63, 0x52, 0x08, 0xc8, 0x50, 0x12, 0x38, 0xad, 0x7a, 0x44,
751 0x00, 0xde, 0xfe, 0xe4, 0x6c, 0x64, 0x0b, 0x61, 0xaf, 0x77,
752 0xc2, 0xd1, 0xa3, 0xbf, 0xaa, 0x90, 0xed, 0xe5, 0xd2, 0x07,
753 0x40, 0x6e, 0x54, 0x03 ) );
755 /** SHA-256 Test 1.2 : Second call to Generate */
756 HMAC_DRBG_TEST_GENERATE ( sha256_generate_1_2, HMAC_DRBG_SHA256,
757 additional_input_empty,
758 EXPECT ( 0x5c, 0xd5, 0xe5, 0x0a, 0x3e, 0x44, 0x8a, 0x07, 0xc3, 0xd2,
759 0xf2, 0xa3, 0xf9, 0xde, 0xbc, 0xc0, 0x46, 0x5f, 0x9c, 0xf1,
760 0x1c, 0xa1, 0x36, 0xe9, 0xb5, 0x04, 0xb4, 0xd3, 0x1c, 0x7f,
762 EXPECT ( 0x33, 0xb3, 0x09, 0xf2, 0xff, 0x01, 0xce, 0x10, 0x4b, 0x44,
763 0x29, 0xb6, 0x75, 0xfa, 0xfa, 0x19, 0x01, 0x1e, 0x34, 0x8b,
764 0x28, 0x12, 0x71, 0x5a, 0x76, 0x37, 0xf6, 0xa6, 0xe6, 0x3b,
766 EXPECT ( 0x8f, 0xda, 0xec, 0x20, 0xf8, 0xb4, 0x21, 0x40, 0x70, 0x59,
767 0xe3, 0x58, 0x89, 0x20, 0xda, 0x7e, 0xda, 0x9d, 0xce, 0x3c,
768 0xf8, 0x27, 0x4d, 0xfa, 0x1c, 0x59, 0xc1, 0x08, 0xc1, 0xd0,
769 0xaa, 0x9b, 0x0f, 0xa3, 0x8d, 0xa5, 0xc7, 0x92, 0x03, 0x7c,
770 0x4d, 0x33, 0xcd, 0x07, 0x0c, 0xa7, 0xcd, 0x0c, 0x56, 0x08,
771 0xdb, 0xa8, 0xb8, 0x85, 0x65, 0x46, 0x39, 0xde, 0x21, 0x87,
772 0xb7, 0x4c, 0xb2, 0x63 ) );
774 /** SHA-256 Test 2 : Instantiation */
775 #define sha256_instantiate_2 sha256_instantiate_1
777 /** SHA-256 Test 2.1 : First call to Generate */
778 HMAC_DRBG_TEST_GENERATE ( sha256_generate_2_1, HMAC_DRBG_SHA256,
780 EXPECT ( 0x79, 0x1d, 0x31, 0x44, 0xb3, 0x02, 0xad, 0x6c, 0xe4, 0x32,
781 0x41, 0x34, 0x42, 0x10, 0xaa, 0xd0, 0xd3, 0x99, 0xed, 0xb7,
782 0xb5, 0x90, 0x6f, 0xb2, 0x51, 0xdb, 0x1c, 0xb6, 0x00, 0x04,
784 EXPECT ( 0x58, 0xfd, 0x96, 0x5f, 0x4f, 0x99, 0x89, 0x3c, 0x17, 0xe6,
785 0xa3, 0x3c, 0xb8, 0xe9, 0x04, 0x15, 0xb5, 0x16, 0xd0, 0x06,
786 0x14, 0xa4, 0x49, 0xd4, 0x06, 0xe0, 0x3c, 0x68, 0x5b, 0xd8,
788 EXPECT ( 0x41, 0x87, 0x87, 0x35, 0x81, 0x35, 0x41, 0x9b, 0x93, 0x81,
789 0x33, 0x53, 0x53, 0x06, 0x17, 0x6a, 0xfb, 0x25, 0x1c, 0xdd,
790 0x2b, 0xa3, 0x79, 0x88, 0x59, 0xb5, 0x66, 0xa0, 0x5c, 0xfb,
791 0x1d, 0x68, 0x0e, 0xa9, 0x25, 0x85, 0x6d, 0x5b, 0x84, 0xd5,
792 0x6a, 0xda, 0xe8, 0x70, 0x45, 0xa6, 0xba, 0x28, 0xd2, 0xc9,
793 0x08, 0xab, 0x75, 0xb7, 0xcc, 0x41, 0x43, 0x1f, 0xac, 0x59,
794 0xf3, 0x89, 0x18, 0xa3 ) );
796 /** SHA-256 Test 2.2 : Second call to Generate */
797 HMAC_DRBG_TEST_GENERATE ( sha256_generate_2_2, HMAC_DRBG_SHA256,
799 EXPECT ( 0xe7, 0x45, 0x8f, 0xb4, 0x4a, 0x36, 0x9a, 0x65, 0x3f, 0x2f,
800 0x8f, 0x57, 0x7b, 0xf9, 0x75, 0xc4, 0xb3, 0x62, 0xc4, 0xfe,
801 0x61, 0x8b, 0x2f, 0x1f, 0xf6, 0x76, 0x9b, 0x13, 0xc9, 0x4d,
803 EXPECT ( 0x19, 0x33, 0x4b, 0x8c, 0x31, 0xb7, 0x49, 0x32, 0xdd, 0xd7,
804 0xb2, 0xa4, 0x68, 0xf6, 0x43, 0x6d, 0xf9, 0x2e, 0x10, 0x0d,
805 0x39, 0xd3, 0xac, 0xb3, 0x68, 0xc7, 0x02, 0x9c, 0xb8, 0x83,
807 EXPECT ( 0x7c, 0x06, 0x7b, 0xdd, 0xca, 0x81, 0x72, 0x48, 0x23, 0xd6,
808 0x4c, 0x69, 0x82, 0x92, 0x85, 0xbd, 0xbf, 0xf5, 0x37, 0x71,
809 0x61, 0x02, 0xc1, 0x88, 0x2e, 0x20, 0x22, 0x50, 0xe0, 0xfa,
810 0x5e, 0xf3, 0xa3, 0x84, 0xcd, 0x34, 0xa2, 0x0f, 0xfd, 0x1f,
811 0xbc, 0x91, 0xe0, 0xc5, 0x32, 0xa8, 0xa4, 0x21, 0xbc, 0x4a,
812 0xfe, 0x3c, 0xd4, 0x7f, 0x22, 0x32, 0x3e, 0xb4, 0xba, 0xe1,
813 0xa0, 0x07, 0x89, 0x81 ) );
815 /** SHA-256 Test 3 : Instantiation */
816 HMAC_DRBG_TEST_INSTANTIATE ( sha256_instantiate_3, HMAC_DRBG_SHA256,
817 entropy_input, nonce_sha256, personalisation_string,
818 EXPECT ( 0x65, 0x67, 0x3c, 0x34, 0x8e, 0x51, 0xcf, 0xac, 0xc4, 0x10,
819 0xbd, 0x20, 0x02, 0x49, 0xa5, 0x9a, 0x9d, 0x6b, 0xae, 0x77,
820 0x69, 0x04, 0x27, 0x1b, 0xb1, 0xf7, 0x18, 0xda, 0x1d, 0x18,
822 EXPECT ( 0xe0, 0xf9, 0x1a, 0xc9, 0x96, 0x30, 0xee, 0xe6, 0x7c, 0xf8,
823 0x30, 0xcf, 0xd5, 0x04, 0x4f, 0xeb, 0xf5, 0x5c, 0x0c, 0x11,
824 0x50, 0x07, 0x99, 0x7a, 0xda, 0x11, 0x29, 0x6f, 0xc4, 0x16,
827 /** SHA-256 Test 3.1 : First call to Generate */
828 HMAC_DRBG_TEST_GENERATE ( sha256_generate_3_1, HMAC_DRBG_SHA256,
829 additional_input_empty,
830 EXPECT ( 0xf0, 0xb2, 0xf2, 0x42, 0xca, 0xd9, 0x92, 0xa7, 0x24, 0xf7,
831 0xe5, 0x59, 0x1d, 0x2f, 0x3b, 0x0c, 0x21, 0x57, 0xae, 0x70,
832 0xd5, 0x32, 0x78, 0x99, 0x40, 0xf1, 0x64, 0x45, 0x9b, 0x00,
834 EXPECT ( 0x1a, 0x03, 0xf9, 0x1c, 0x51, 0x20, 0xba, 0xca, 0x2b, 0xf6,
835 0xc6, 0x4d, 0xd7, 0x3a, 0xb1, 0x1d, 0xf6, 0xfd, 0x3f, 0xf1,
836 0xac, 0x3b, 0x57, 0x20, 0xa3, 0xf7, 0xfb, 0xe3, 0x9e, 0x7e,
838 EXPECT ( 0x0d, 0xd9, 0xc8, 0x55, 0x89, 0xf3, 0x57, 0xc3, 0x89, 0xd6,
839 0xaf, 0x8d, 0xe9, 0xd7, 0x34, 0xa9, 0x17, 0xc7, 0x71, 0xef,
840 0x2d, 0x88, 0x16, 0xb9, 0x82, 0x59, 0x6e, 0xd1, 0x2d, 0xb4,
841 0x5d, 0x73, 0x4a, 0x62, 0x68, 0x08, 0x35, 0xc0, 0x2f, 0xda,
842 0x66, 0xb0, 0x8e, 0x1a, 0x36, 0x9a, 0xe2, 0x18, 0xf2, 0x6d,
843 0x52, 0x10, 0xad, 0x56, 0x42, 0x48, 0x87, 0x2d, 0x7a, 0x28,
844 0x78, 0x41, 0x59, 0xc3 ) );
846 /** SHA-256 Test 3.2 : Second call to Generate */
847 HMAC_DRBG_TEST_GENERATE ( sha256_generate_3_2, HMAC_DRBG_SHA256,
848 additional_input_empty,
849 EXPECT ( 0x5c, 0x0d, 0xec, 0x09, 0x37, 0x08, 0xc1, 0x7c, 0xa7, 0x6b,
850 0x57, 0xc0, 0xcb, 0x60, 0xcf, 0x88, 0x9d, 0xcc, 0x47, 0xad,
851 0x10, 0xbd, 0x64, 0xbc, 0x6a, 0x14, 0xb2, 0x3f, 0x20, 0x26,
853 EXPECT ( 0x45, 0x67, 0x52, 0xa5, 0x11, 0xb8, 0x48, 0xbd, 0x05, 0xf1,
854 0x81, 0x9b, 0x9f, 0x6b, 0x15, 0x42, 0xc7, 0xd5, 0xec, 0xf9,
855 0x32, 0x73, 0x39, 0x26, 0x7a, 0x0c, 0x77, 0x23, 0x5b, 0x87,
857 EXPECT ( 0x46, 0xb4, 0xf4, 0x75, 0x6a, 0xe7, 0x15, 0xe0, 0xe5, 0x16,
858 0x81, 0xab, 0x29, 0x32, 0xde, 0x15, 0x23, 0xbe, 0x5d, 0x13,
859 0xba, 0xf0, 0xf4, 0x58, 0x8b, 0x11, 0xfe, 0x37, 0x2f, 0xda,
860 0x37, 0xab, 0xe3, 0x68, 0x31, 0x73, 0x41, 0xbc, 0x8b, 0xa9,
861 0x1f, 0xc5, 0xd8, 0x5b, 0x7f, 0xb8, 0xca, 0x8f, 0xbc, 0x30,
862 0x9a, 0x75, 0x8f, 0xd6, 0xfc, 0xa9, 0xdf, 0x43, 0xc7, 0x66,
863 0x0b, 0x22, 0x13, 0x22 ) );
865 /** SHA-256 Test 4 : Instantiation */
866 #define sha256_instantiate_4 sha256_instantiate_3
868 /** SHA-256 Test 4.1 : First call to Generate */
869 HMAC_DRBG_TEST_GENERATE ( sha256_generate_4_1, HMAC_DRBG_SHA256,
871 EXPECT ( 0x57, 0x2c, 0x03, 0x74, 0xc1, 0xa1, 0x01, 0x25, 0xbf, 0xa6,
872 0xae, 0xcd, 0x7c, 0xeb, 0xfe, 0x32, 0xf7, 0x52, 0xc3, 0xfb,
873 0x31, 0x67, 0x31, 0xb7, 0xcf, 0xdb, 0xde, 0xc2, 0x63, 0x56,
875 EXPECT ( 0xd6, 0x8b, 0xf0, 0x41, 0xf3, 0xeb, 0x50, 0x88, 0x08, 0x8d,
876 0x8b, 0x8e, 0x71, 0x2c, 0x36, 0xae, 0x95, 0x83, 0xbb, 0x08,
877 0xfd, 0x1f, 0x90, 0x34, 0xa4, 0xe9, 0x42, 0xe9, 0xa6, 0x74,
879 EXPECT ( 0x14, 0x78, 0xf2, 0x9e, 0x94, 0xb0, 0x2c, 0xb4, 0x0d, 0x3a,
880 0xab, 0x86, 0x24, 0x55, 0x57, 0xce, 0x13, 0xa8, 0xca, 0x2f,
881 0xdb, 0x65, 0x7d, 0x98, 0xef, 0xc1, 0x92, 0x34, 0x6b, 0x9f,
882 0xac, 0x33, 0xea, 0x58, 0xad, 0xa2, 0xcc, 0xa4, 0x32, 0xcc,
883 0xde, 0xfb, 0xcd, 0xaa, 0x8b, 0x82, 0xf5, 0x53, 0xef, 0x96,
884 0x61, 0x34, 0xe2, 0xcd, 0x13, 0x9f, 0x15, 0xf0, 0x1c, 0xad,
885 0x56, 0x85, 0x65, 0xa8 ) );
887 /** SHA-256 Test 4.2 : Second call to Generate */
888 HMAC_DRBG_TEST_GENERATE ( sha256_generate_4_2, HMAC_DRBG_SHA256,
890 EXPECT ( 0x28, 0x2e, 0x07, 0x34, 0x80, 0x80, 0x93, 0x75, 0x58, 0xb1,
891 0x39, 0x2e, 0x95, 0xab, 0x91, 0xe7, 0xc1, 0xf6, 0x22, 0xb2,
892 0x4f, 0xfb, 0x87, 0x20, 0xa5, 0xf0, 0xa5, 0xe0, 0x75, 0x50,
894 EXPECT ( 0xdf, 0xc3, 0xbd, 0xb5, 0xf3, 0xbc, 0xf1, 0xaa, 0x68, 0x29,
895 0x8e, 0x79, 0x0d, 0x72, 0x0a, 0x67, 0xa7, 0x6e, 0x31, 0xb9,
896 0x2b, 0x9b, 0x35, 0xa8, 0xe5, 0x47, 0x1b, 0xb1, 0x7e, 0x30,
898 EXPECT ( 0x49, 0x7c, 0x7a, 0x16, 0xe8, 0x8a, 0x64, 0x11, 0xf8, 0xfc,
899 0xe1, 0x0e, 0xf5, 0x67, 0x63, 0xc6, 0x10, 0x25, 0x80, 0x1d,
900 0x8f, 0x51, 0xa7, 0x43, 0x52, 0xd6, 0x82, 0xcc, 0x23, 0xa0,
901 0xa8, 0xe6, 0x73, 0xca, 0xe0, 0x32, 0x28, 0x93, 0x90, 0x64,
902 0x7d, 0xc6, 0x83, 0xb7, 0x34, 0x28, 0x85, 0xd6, 0xb7, 0x6a,
903 0xb1, 0xda, 0x69, 0x6d, 0x3e, 0x97, 0xe2, 0x2d, 0xff, 0xdd,
904 0xff, 0xfd, 0x8d, 0xf0 ) );
906 /** SHA-256 Test 5 : Instantiation */
907 #define sha256_instantiate_5 sha256_instantiate_1
909 /** SHA-256 Test 5.1 : First call to Generate */
910 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_5_1, HMAC_DRBG_SHA256,
911 additional_input_empty, ( 512 / 8 ) );
913 /** SHA-256 Test 5.2 : Reseed */
914 HMAC_DRBG_TEST_RESEED ( sha256_reseed_5_2, HMAC_DRBG_SHA256,
915 entropy_input_1, additional_input_empty,
916 EXPECT ( 0xb8, 0x40, 0x07, 0xe3, 0xe2, 0x7f, 0x34, 0xf9, 0xa7, 0x82,
917 0x0b, 0x7a, 0xb5, 0x9b, 0xbe, 0xfc, 0xd0, 0xc4, 0xac, 0xae,
918 0xde, 0x4b, 0x0b, 0x36, 0xb1, 0x47, 0xb8, 0x97, 0x79, 0xfd,
920 EXPECT ( 0xa7, 0x2b, 0x8f, 0xee, 0x92, 0x39, 0x2f, 0x0a, 0x9d, 0x2d,
921 0x61, 0xbf, 0x09, 0xa4, 0xdf, 0xcc, 0x9d, 0xe6, 0x9a, 0x16,
922 0xa5, 0xf1, 0x50, 0x22, 0x4c, 0x3e, 0xf6, 0x04, 0x2d, 0x15,
925 /** SHA-256 Test 5.3 : Retried first call to Generate */
926 HMAC_DRBG_TEST_GENERATE ( sha256_generate_5_3, HMAC_DRBG_SHA256,
927 additional_input_empty,
928 EXPECT ( 0x43, 0x48, 0xaf, 0x84, 0x20, 0x84, 0x2f, 0xa0, 0x77, 0xb9,
929 0xd3, 0xdb, 0xa8, 0xdc, 0xe9, 0xb3, 0xe1, 0xdf, 0x73, 0x4f,
930 0xfc, 0xe1, 0xbe, 0xa5, 0xb9, 0xe2, 0xb1, 0x54, 0xdc, 0x5e,
932 EXPECT ( 0xd2, 0xc1, 0xac, 0x27, 0x88, 0x5d, 0x43, 0x32, 0x76, 0x71,
933 0x31, 0x46, 0x32, 0xea, 0x60, 0x43, 0x3c, 0xca, 0x72, 0x73,
934 0x04, 0x56, 0x9e, 0xa7, 0xd4, 0x71, 0xfe, 0xa7, 0xdb, 0x7d,
936 EXPECT ( 0xfa, 0xbd, 0x0a, 0xe2, 0x5c, 0x69, 0xdc, 0x2e, 0xfd, 0xef,
937 0xb7, 0xf2, 0x0c, 0x5a, 0x31, 0xb5, 0x7a, 0xc9, 0x38, 0xab,
938 0x77, 0x1a, 0xa1, 0x9b, 0xf8, 0xf5, 0xf1, 0x46, 0x8f, 0x66,
939 0x5c, 0x93, 0x8c, 0x9a, 0x1a, 0x5d, 0xf0, 0x62, 0x8a, 0x56,
940 0x90, 0xf1, 0x5a, 0x1a, 0xd8, 0xa6, 0x13, 0xf3, 0x1b, 0xbd,
941 0x65, 0xee, 0xad, 0x54, 0x57, 0xd5, 0xd2, 0x69, 0x47, 0xf2,
942 0x9f, 0xe9, 0x1a, 0xa7 ) );
944 /** SHA-256 Test 5.4 : Second call to Generate */
945 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_5_4, HMAC_DRBG_SHA256,
946 additional_input_empty, ( 512 / 8 ) );
948 /** SHA-256 Test 5.5 : Reseed */
949 HMAC_DRBG_TEST_RESEED ( sha256_reseed_5_5, HMAC_DRBG_SHA256,
950 entropy_input_2, additional_input_empty,
951 EXPECT ( 0xbf, 0xa0, 0x2c, 0xe7, 0xe9, 0x2d, 0xe9, 0x2b, 0x18, 0x24,
952 0x28, 0x86, 0x89, 0x0e, 0x58, 0x6f, 0x83, 0x69, 0x06, 0xac,
953 0xe9, 0xe5, 0x54, 0xf1, 0xb0, 0xed, 0x63, 0x57, 0x3c, 0xb8,
955 EXPECT ( 0xd3, 0x24, 0x03, 0xee, 0xa9, 0xdc, 0xe1, 0x61, 0x6e, 0x4e,
956 0x11, 0x55, 0xb9, 0x23, 0xd8, 0x84, 0x2c, 0xc6, 0xe7, 0x84,
957 0xc6, 0x7a, 0x93, 0x85, 0xb2, 0xa6, 0x37, 0xf1, 0x02, 0xfa,
960 /** SHA-256 Test 5.6 : Retried second call to Generate */
961 HMAC_DRBG_TEST_GENERATE ( sha256_generate_5_6, HMAC_DRBG_SHA256,
962 additional_input_empty,
963 EXPECT ( 0x81, 0x21, 0xf7, 0x76, 0x4c, 0x08, 0x1e, 0xe9, 0xd1, 0x17,
964 0x1e, 0xd1, 0x87, 0xba, 0xe0, 0x88, 0x95, 0xca, 0xe2, 0x30,
965 0xd0, 0xa2, 0x5e, 0x37, 0x39, 0xc5, 0x7d, 0x54, 0x16, 0x10,
967 EXPECT ( 0x37, 0x84, 0x97, 0x7c, 0xc0, 0xe5, 0x9f, 0xbc, 0x9c, 0xda,
968 0x4e, 0x11, 0x92, 0x47, 0x5c, 0x6e, 0xfa, 0xf8, 0x07, 0x20,
969 0x19, 0x86, 0x21, 0x22, 0xcb, 0x6b, 0xce, 0xaa, 0xcc, 0x4a,
971 EXPECT ( 0x6b, 0xd9, 0x25, 0xb0, 0xe1, 0xc2, 0x32, 0xef, 0xd6, 0x7c,
972 0xcd, 0x84, 0xf7, 0x22, 0xe9, 0x27, 0xec, 0xb4, 0x6a, 0xb2,
973 0xb7, 0x40, 0x01, 0x47, 0x77, 0xaf, 0x14, 0xba, 0x0b, 0xbf,
974 0x53, 0xa4, 0x5b, 0xdb, 0xb6, 0x2b, 0x3f, 0x7d, 0x0b, 0x9c,
975 0x8e, 0xea, 0xd0, 0x57, 0xc0, 0xec, 0x75, 0x4e, 0xf8, 0xb5,
976 0x3e, 0x60, 0xa1, 0xf4, 0x34, 0xf0, 0x59, 0x46, 0xa8, 0xb6,
977 0x86, 0xaf, 0xbc, 0x7a ) );
979 /** SHA-256 Test 6 : Instantiate */
980 #define sha256_instantiate_6 sha256_instantiate_1
982 /** SHA-256 Test 6.1 : First call to Generate */
983 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_6_1, HMAC_DRBG_SHA256,
984 additional_input_1, ( 512 / 8 ) );
986 /** SHA-256 Test 6.2 : Reseed */
987 HMAC_DRBG_TEST_RESEED ( sha256_reseed_6_2, HMAC_DRBG_SHA256,
988 entropy_input_1, additional_input_1,
989 EXPECT ( 0xc1, 0x25, 0xea, 0x99, 0x75, 0x8e, 0xbb, 0x9a, 0x6f, 0x69,
990 0xae, 0x31, 0x2a, 0xc2, 0x04, 0xb5, 0x94, 0xc0, 0x0a, 0xb6,
991 0x8b, 0x81, 0x6e, 0x3a, 0x52, 0x12, 0x8e, 0x02, 0x78, 0xa5,
993 EXPECT ( 0xb2, 0xcb, 0x2b, 0x89, 0x12, 0x3f, 0x5b, 0x4a, 0xf5, 0x87,
994 0xb8, 0xf6, 0xbd, 0xc5, 0x42, 0x7a, 0x99, 0x14, 0x19, 0xd3,
995 0x53, 0x07, 0x7c, 0x68, 0x5e, 0x70, 0x7a, 0xcd, 0xf8, 0xe9,
998 /** SHA-256 Test 6.3 : Retried first call to Generate */
999 HMAC_DRBG_TEST_GENERATE ( sha256_generate_6_3, HMAC_DRBG_SHA256,
1000 additional_input_empty,
1001 EXPECT ( 0xc6, 0xed, 0x8f, 0xed, 0x71, 0x57, 0xa4, 0xd0, 0x9e, 0xa1,
1002 0xdd, 0xe8, 0x94, 0x6b, 0x54, 0x43, 0x3e, 0xcc, 0x54, 0x49,
1003 0xa4, 0xa3, 0x52, 0xaf, 0x45, 0x76, 0x4e, 0xe6, 0x73, 0x4b,
1005 EXPECT ( 0xeb, 0xc7, 0x75, 0x25, 0x6b, 0xb7, 0x81, 0x24, 0x1e, 0x9c,
1006 0x70, 0xbb, 0xcf, 0x73, 0x2b, 0xdc, 0x90, 0xad, 0x10, 0xd9,
1007 0xdd, 0x3a, 0x89, 0x6e, 0xcc, 0x12, 0xb9, 0x2f, 0xfb, 0x63,
1009 EXPECT ( 0x08, 0x5d, 0x57, 0xaf, 0x6b, 0xab, 0xcf, 0x2b, 0x9a, 0xee,
1010 0xf3, 0x87, 0xd5, 0x31, 0x65, 0x0e, 0x6a, 0x50, 0x5c, 0x54,
1011 0x40, 0x6a, 0xb3, 0x7a, 0x52, 0x89, 0x9e, 0x0e, 0xca, 0xb3,
1012 0x63, 0x2b, 0x7a, 0x06, 0x8a, 0x28, 0x14, 0xc6, 0xdf, 0x6a,
1013 0xe5, 0x32, 0xb6, 0x58, 0xd0, 0xd9, 0x74, 0x1c, 0x84, 0x77,
1014 0x5f, 0xee, 0x45, 0xb6, 0x84, 0xcd, 0xbd, 0xc2, 0x5f, 0xbc,
1015 0xb4, 0xd8, 0xf3, 0x10 ) );
1017 /** SHA-256 Test 6.4 : Second call to Generate */
1018 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_6_4, HMAC_DRBG_SHA256,
1019 additional_input_2, ( 512 / 8 ) );
1021 /** SHA-256 Test 6.5 : Reseed */
1022 HMAC_DRBG_TEST_RESEED ( sha256_reseed_6_5, HMAC_DRBG_SHA256,
1023 entropy_input_2, additional_input_2,
1024 EXPECT ( 0xfc, 0x51, 0xda, 0x84, 0xf9, 0x69, 0x6b, 0xcc, 0x84, 0xc8,
1025 0xf2, 0xac, 0xb9, 0x24, 0xbc, 0xdf, 0x72, 0xf8, 0x2e, 0xa2,
1026 0xca, 0x64, 0x3f, 0x08, 0x3b, 0x0c, 0x16, 0xc3, 0x63, 0x4e,
1028 EXPECT ( 0xb9, 0x74, 0xe4, 0x37, 0x0a, 0xd5, 0x76, 0xbb, 0x99, 0xc4,
1029 0xe4, 0x9e, 0xa6, 0x80, 0xbf, 0xf9, 0x8d, 0xe9, 0xe1, 0x2f,
1030 0xec, 0xd0, 0x13, 0xde, 0xd4, 0x3c, 0x80, 0xf6, 0x9a, 0x7a,
1033 /** SHA-256 Test 6.6 : Retried second call to Generate */
1034 HMAC_DRBG_TEST_GENERATE ( sha256_generate_6_6, HMAC_DRBG_SHA256,
1035 additional_input_empty,
1036 EXPECT ( 0x56, 0xa2, 0xb4, 0x46, 0x32, 0xcb, 0x8f, 0xc3, 0xa6, 0x40,
1037 0x09, 0xbf, 0xd6, 0xec, 0x95, 0xe5, 0x6c, 0xef, 0x8e, 0x7c,
1038 0x91, 0x2a, 0xa8, 0x2b, 0x16, 0xf6, 0x14, 0x91, 0x5d, 0x9c,
1040 EXPECT ( 0xb5, 0xb3, 0x96, 0xa0, 0x15, 0x76, 0xb0, 0xfe, 0x42, 0xf4,
1041 0x08, 0x44, 0x55, 0x6c, 0x4c, 0xf4, 0xb6, 0x80, 0x4c, 0x94,
1042 0xde, 0x9d, 0x62, 0x38, 0xf1, 0xf7, 0xe7, 0xaf, 0x5c, 0x72,
1044 EXPECT ( 0x9b, 0x21, 0x9f, 0xd9, 0x0d, 0xe2, 0xa0, 0x8e, 0x49, 0x34,
1045 0x05, 0xcf, 0x87, 0x44, 0x17, 0xb5, 0x82, 0x67, 0x70, 0xf3,
1046 0x94, 0x48, 0x15, 0x55, 0xdc, 0x66, 0x8a, 0xcd, 0x96, 0xb9,
1047 0xa3, 0xe5, 0x6f, 0x9d, 0x2c, 0x32, 0x5e, 0x26, 0xd4, 0x7c,
1048 0x1d, 0xfc, 0xfc, 0x8f, 0xbf, 0x86, 0x12, 0x6f, 0x40, 0xa1,
1049 0xe6, 0x39, 0x60, 0xf6, 0x27, 0x49, 0x34, 0x2e, 0xcd, 0xb7,
1050 0x1b, 0x24, 0x0d, 0xc6 ) );
1052 /** SHA-256 Test 7 : Instantiation */
1053 #define sha256_instantiate_7 sha256_instantiate_3
1055 /** SHA-256 Test 7.1 : First call to Generate */
1056 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_7_1, HMAC_DRBG_SHA256,
1057 additional_input_empty, ( 512 / 8 ) );
1059 /** SHA-256 Test 7.2 : Reseed */
1060 HMAC_DRBG_TEST_RESEED ( sha256_reseed_7_2, HMAC_DRBG_SHA256,
1061 entropy_input_1, additional_input_empty,
1062 EXPECT ( 0x44, 0x76, 0xc6, 0xd1, 0x1f, 0xc3, 0x5d, 0x44, 0x09, 0xd9,
1063 0x03, 0x2e, 0x45, 0x3b, 0x0f, 0x0d, 0xc3, 0x31, 0x4d, 0xb8,
1064 0x62, 0xcb, 0xdb, 0x60, 0x9c, 0x56, 0x02, 0x20, 0x8d, 0x4c,
1066 EXPECT ( 0x95, 0xef, 0x78, 0x5a, 0x61, 0xc2, 0xf7, 0xb3, 0x6b, 0xc5,
1067 0x96, 0xba, 0x4b, 0xa2, 0x08, 0xa5, 0x2c, 0x6d, 0xc2, 0x03,
1068 0x63, 0x6d, 0x8f, 0x17, 0x87, 0x45, 0x3b, 0x85, 0x2b, 0x7e,
1071 /** SHA-256 Test 7.3 : Retried first call to Generate */
1072 HMAC_DRBG_TEST_GENERATE ( sha256_generate_7_3, HMAC_DRBG_SHA256,
1073 additional_input_empty,
1074 EXPECT ( 0x0d, 0xf9, 0x11, 0x0e, 0x2f, 0x22, 0x58, 0x98, 0x24, 0xa9,
1075 0x47, 0x6c, 0x8e, 0x32, 0x08, 0x8e, 0x51, 0xa0, 0xda, 0x36,
1076 0x63, 0x3f, 0x8c, 0xd1, 0xf7, 0x54, 0x7d, 0xff, 0x69, 0x6e,
1078 EXPECT ( 0xc0, 0xe3, 0xc8, 0xed, 0x5a, 0x8b, 0x57, 0x9e, 0x3f, 0xef,
1079 0x9d, 0xf3, 0xb7, 0xc2, 0xc2, 0x12, 0x98, 0x07, 0x17, 0xcc,
1080 0x91, 0xae, 0x18, 0x66, 0x45, 0xfa, 0xbb, 0x2c, 0xc7, 0x84,
1082 EXPECT ( 0xd8, 0xb6, 0x71, 0x30, 0x71, 0x41, 0x94, 0xff, 0xe5, 0xb2,
1083 0xa3, 0x5d, 0xbc, 0xd5, 0xe1, 0xa2, 0x99, 0x42, 0xad, 0x5c,
1084 0x68, 0xf3, 0xde, 0xb9, 0x4a, 0xdd, 0x9e, 0x9e, 0xba, 0xd8,
1085 0x60, 0x67, 0xed, 0xf0, 0x49, 0x15, 0xfb, 0x40, 0xc3, 0x91,
1086 0xea, 0xe7, 0x0c, 0x65, 0x9e, 0xaa, 0xe7, 0xef, 0x11, 0xa3,
1087 0xd4, 0x6a, 0x5b, 0x08, 0x5e, 0xdd, 0x90, 0xcc, 0x72, 0xce,
1088 0xa9, 0x89, 0x21, 0x0b ) );
1090 /** SHA-256 Test 7.4 : Second call to Generate */
1091 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_7_4, HMAC_DRBG_SHA256,
1092 additional_input_empty, ( 512 / 8 ) );
1094 /** SHA-256 Test 7.5 : Reseed */
1095 HMAC_DRBG_TEST_RESEED ( sha256_reseed_7_5, HMAC_DRBG_SHA256,
1096 entropy_input_2, additional_input_empty,
1097 EXPECT ( 0x3d, 0x77, 0x63, 0xe5, 0x30, 0x3d, 0xb5, 0x4b, 0xe2, 0x05,
1098 0x44, 0xa8, 0x1e, 0x9f, 0x00, 0xca, 0xdc, 0xfc, 0x1c, 0xb2,
1099 0x8d, 0xec, 0xb9, 0xcf, 0xc6, 0x99, 0xf6, 0x1d, 0xba, 0xf8,
1101 EXPECT ( 0xfe, 0xbc, 0x02, 0x79, 0xb7, 0x71, 0x0d, 0xec, 0x5c, 0x06,
1102 0x7e, 0xbe, 0xfa, 0x06, 0x8e, 0x4b, 0x59, 0x67, 0x49, 0x1b,
1103 0x7e, 0xef, 0x94, 0x75, 0x83, 0x50, 0x6d, 0x04, 0x97, 0xce,
1106 /** SHA-256 Test 7.6 : Retried second call to Generate */
1107 HMAC_DRBG_TEST_GENERATE ( sha256_generate_7_6, HMAC_DRBG_SHA256,
1108 additional_input_empty,
1109 EXPECT ( 0x2d, 0x21, 0xac, 0x94, 0x99, 0x2f, 0xd8, 0x2b, 0x09, 0x80,
1110 0xd3, 0xd5, 0x95, 0x51, 0xb9, 0xd0, 0x7c, 0x8d, 0x54, 0xb2,
1111 0x52, 0xb6, 0x16, 0x28, 0x93, 0x44, 0xf8, 0xac, 0x86, 0x9e,
1113 EXPECT ( 0x61, 0x0c, 0x34, 0xcd, 0xbf, 0x6f, 0x75, 0x33, 0x54, 0x7f,
1114 0x23, 0x32, 0xea, 0xc5, 0x7e, 0xe3, 0x1e, 0x72, 0x4f, 0xb2,
1115 0x92, 0x55, 0x56, 0x6b, 0x59, 0x78, 0x33, 0x16, 0x6c, 0xd0,
1117 EXPECT ( 0x8b, 0xba, 0x71, 0xc2, 0x58, 0x3f, 0x25, 0x30, 0xc2, 0x59,
1118 0xc9, 0x07, 0x84, 0xa5, 0x9a, 0xc4, 0x4d, 0x1c, 0x80, 0x56,
1119 0x91, 0x7c, 0xcf, 0x38, 0x87, 0x88, 0x10, 0x2d, 0x73, 0x82,
1120 0x4c, 0x6c, 0x11, 0xd5, 0xd6, 0x3b, 0xe1, 0xf0, 0x10, 0x17,
1121 0xd8, 0x84, 0xcd, 0x69, 0xd9, 0x33, 0x4b, 0x9e, 0xbc, 0x01,
1122 0xe7, 0xbd, 0x8f, 0xdf, 0x2a, 0x8e, 0x52, 0x57, 0x22, 0x93,
1123 0xdc, 0x21, 0xc0, 0xe1 ) );
1125 /** SHA-256 Test 8 : Instantiate */
1126 #define sha256_instantiate_8 sha256_instantiate_3
1128 /** SHA-256 Test 8.1 : First call to Generate */
1129 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_8_1, HMAC_DRBG_SHA256,
1130 additional_input_1, ( 512 / 8 ) );
1132 /** SHA-256 Test 8.2 : Reseed */
1133 HMAC_DRBG_TEST_RESEED ( sha256_reseed_8_2, HMAC_DRBG_SHA256,
1134 entropy_input_1, additional_input_1,
1135 EXPECT ( 0xb3, 0x81, 0x38, 0x8c, 0x1d, 0x7c, 0xfd, 0x56, 0x59, 0x30,
1136 0x99, 0x3b, 0xd9, 0x26, 0x90, 0x66, 0x50, 0x88, 0xd9, 0xb8,
1137 0x39, 0x96, 0x9b, 0x87, 0xf1, 0x6d, 0xb6, 0xdf, 0x4e, 0x43,
1139 EXPECT ( 0xfa, 0x04, 0x25, 0x64, 0x00, 0xe3, 0x42, 0xe6, 0x55, 0xf4,
1140 0x33, 0x26, 0x94, 0xe3, 0xb2, 0x4c, 0x04, 0xfb, 0x85, 0xbf,
1141 0x87, 0x80, 0x21, 0xe4, 0x52, 0xe7, 0x3b, 0x8f, 0x46, 0xd4,
1144 /** SHA-256 Test 8.3 : Retried first call to Generate */
1145 HMAC_DRBG_TEST_GENERATE ( sha256_generate_8_3, HMAC_DRBG_SHA256,
1146 additional_input_empty,
1147 EXPECT ( 0xd4, 0x1f, 0x6f, 0x33, 0x65, 0x82, 0x21, 0x70, 0x50, 0xb1,
1148 0xf6, 0x59, 0x28, 0xfd, 0x6e, 0x94, 0xcb, 0xc9, 0x45, 0x68,
1149 0xfe, 0x3b, 0x6b, 0x53, 0x38, 0x9e, 0x1e, 0x3a, 0x5b, 0x49,
1151 EXPECT ( 0xa6, 0x55, 0xc9, 0xe7, 0xd1, 0x33, 0xf1, 0xcd, 0x8b, 0x11,
1152 0x61, 0xf2, 0x7d, 0x54, 0xe7, 0x5a, 0x7e, 0x7c, 0x80, 0x42,
1153 0xbf, 0x74, 0xd4, 0x7f, 0x9f, 0xfd, 0x60, 0xe2, 0x45, 0xeb,
1155 EXPECT ( 0x44, 0xd7, 0x8b, 0xbc, 0x3e, 0xb6, 0x7c, 0x59, 0xc2, 0x2f,
1156 0x6c, 0x31, 0x00, 0x3d, 0x21, 0x2a, 0x78, 0x37, 0xcc, 0xd8,
1157 0x4c, 0x43, 0x8b, 0x55, 0x15, 0x0f, 0xd0, 0x13, 0xa8, 0xa7,
1158 0x8f, 0xe8, 0xed, 0xea, 0x81, 0xc6, 0x72, 0xe4, 0xb8, 0xdd,
1159 0xc8, 0x18, 0x38, 0x86, 0xe6, 0x9c, 0x2e, 0x17, 0x7d, 0xf5,
1160 0x74, 0xc1, 0xf1, 0x90, 0xdf, 0x27, 0x18, 0x50, 0xf8, 0xce,
1161 0x55, 0xef, 0x20, 0xb8 ) );
1163 /** SHA-256 Test 8.4 : Second call to Generate */
1164 HMAC_DRBG_TEST_GENERATE_FAIL ( sha256_generate_fail_8_4, HMAC_DRBG_SHA256,
1165 additional_input_2, ( 512 / 8 ) );
1167 /** SHA-256 Test 8.5 : Reseed */
1168 HMAC_DRBG_TEST_RESEED ( sha256_reseed_8_5, HMAC_DRBG_SHA256,
1169 entropy_input_2, additional_input_2,
1170 EXPECT ( 0xfb, 0xa8, 0x05, 0x45, 0x3e, 0x3c, 0x9a, 0x73, 0x64, 0x58,
1171 0x5c, 0xed, 0xbc, 0xd2, 0x92, 0x30, 0xfb, 0xc9, 0x3d, 0x6f,
1172 0x12, 0x9d, 0x21, 0xed, 0xdd, 0xf6, 0x61, 0x3b, 0x3a, 0x8f,
1174 EXPECT ( 0x83, 0x64, 0x7a, 0x33, 0x8c, 0x15, 0x3c, 0xba, 0xf0, 0xe4,
1175 0x9a, 0x54, 0xa4, 0x4f, 0xea, 0x66, 0x70, 0xcf, 0xd7, 0xc1,
1176 0x71, 0x4d, 0x4a, 0xb3, 0x5f, 0x11, 0x12, 0x3d, 0xf2, 0x7b,
1179 /** SHA-256 Test 8.6 : Retried second call to Generate */
1180 HMAC_DRBG_TEST_GENERATE ( sha256_generate_8_6, HMAC_DRBG_SHA256,
1181 additional_input_empty,
1182 EXPECT ( 0xae, 0x59, 0xc7, 0x0a, 0x7c, 0x60, 0xed, 0x49, 0x83, 0x78,
1183 0xea, 0x84, 0x5b, 0xe9, 0x7d, 0x8f, 0xf8, 0x81, 0xe0, 0xea,
1184 0x37, 0x2e, 0x26, 0x5f, 0xa6, 0x72, 0x84, 0x29, 0x3e, 0x1a,
1186 EXPECT ( 0xe2, 0xf0, 0x4d, 0xe3, 0xce, 0x21, 0x79, 0x61, 0xae, 0x2b,
1187 0x2d, 0x20, 0xa7, 0xba, 0x7c, 0x6c, 0x82, 0x0b, 0x5b, 0x14,
1188 0x92, 0x6e, 0x59, 0x56, 0xae, 0x6d, 0xfa, 0x2e, 0xd1, 0xd6,
1190 EXPECT ( 0x91, 0x77, 0x80, 0xdc, 0x0c, 0xe9, 0x98, 0x9f, 0xee, 0x6c,
1191 0x08, 0x06, 0xd6, 0xda, 0x12, 0x3a, 0x18, 0x25, 0x29, 0x47,
1192 0x58, 0xd4, 0xe1, 0xb5, 0x82, 0x68, 0x72, 0x31, 0x78, 0x0a,
1193 0x2a, 0x9c, 0x33, 0xf1, 0xd1, 0x56, 0xcc, 0xad, 0x32, 0x77,
1194 0x64, 0xb2, 0x9a, 0x4c, 0xb2, 0x69, 0x01, 0x77, 0xae, 0x96,
1195 0xef, 0x9e, 0xe9, 0x2a, 0xd0, 0xc3, 0x40, 0xba, 0x0f, 0xd1,
1196 0x20, 0x3c, 0x02, 0xc6 ) );
1199 * Force a "reseed required" state
1201 * @v state HMAC_DRBG internal state
1203 static inline void force_reseed_required ( struct hmac_drbg_state *state ) {
1204 state->reseed_counter = ( HMAC_DRBG_RESEED_INTERVAL + 1 );
1208 * Perform HMAC_DRBG self-test
1211 static void hmac_drbg_test_exec ( void ) {
1212 struct hmac_drbg_state state;
1217 * The NIST test vector set includes several calls to
1218 * HMAC_DRBG_Generate() that are expected to fail with a
1219 * status of "Reseed required". The pattern seems to be that
1220 * when prediction resistance is requested, any call to
1221 * HMAC_DRBG_Generate() is at first expected to fail. After
1222 * an explicit reseeding, the call to HMAC_DRBG_Generate() is
1223 * retried, and on this second time it is expected to succeed.
1225 * This pattern does not match the specifications for
1226 * HMAC_DRBG_Generate(): neither HMAC_DRBG_Generate_algorithm
1227 * (defined in ANS X9.82 Part 3-2007 Section 10.2.2.2.5 (NIST
1228 * SP 800-90 Section 10.1.2.5)) nor the higher-level wrapper
1229 * Generate_function defined in ANS X9.82 Part 3-2007 Section
1230 * 9.4 (NIST SP 800-90 Section 9.3)) can possibly exhibit this
1233 * a) HMAC_DRBG_Generate_algorithm can return a "reseed
1234 * required" status only as a result of the test
1236 * "1. If reseed_counter > reseed_interval, then return
1237 * an indication that a reseed is required."
1239 * Since the reseed interval is independent of any request
1240 * for prediction resistance, and since the reseed interval
1241 * is not specified as part of the NIST test vector set,
1242 * then this cannot be the source of the "Reseed required"
1243 * failure expected by the NIST test vector set.
1245 * b) Generate_function cannot return a "reseed required"
1246 * status under any circumstances. If the underlying
1247 * HMAC_DRBG_Generate_algorithm call returns "reseed
1248 * required", then Generate_function will automatically
1249 * reseed and try again.
1251 * To produce the behaviour expected by the NIST test vector
1252 * set, we therefore contrive to produce a "reseed required"
1253 * state where necessary by setting the reseed_counter to
1254 * greater than the reseed_interval.
1258 instantiate_ok ( &state, &sha1_instantiate_1 );
1259 generate_ok ( &state, &sha1_generate_1_1 );
1260 generate_ok ( &state, &sha1_generate_1_2 );
1263 instantiate_ok ( &state, &sha1_instantiate_2 );
1264 generate_ok ( &state, &sha1_generate_2_1 );
1265 generate_ok ( &state, &sha1_generate_2_2 );
1268 instantiate_ok ( &state, &sha1_instantiate_3 );
1269 generate_ok ( &state, &sha1_generate_3_1 );
1270 generate_ok ( &state, &sha1_generate_3_2 );
1273 instantiate_ok ( &state, &sha1_instantiate_4 );
1274 generate_ok ( &state, &sha1_generate_4_1 );
1275 generate_ok ( &state, &sha1_generate_4_2 );
1278 instantiate_ok ( &state, &sha1_instantiate_5 );
1279 force_reseed_required ( &state ); /* See above comments */
1280 generate_fail_ok ( &state, &sha1_generate_fail_5_1 );
1281 reseed_ok ( &state, &sha1_reseed_5_2 );
1282 generate_ok ( &state, &sha1_generate_5_3 );
1283 force_reseed_required ( &state ); /* See above comments */
1284 generate_fail_ok ( &state, &sha1_generate_fail_5_4 );
1285 reseed_ok ( &state, &sha1_reseed_5_5 );
1286 generate_ok ( &state, &sha1_generate_5_6 );
1289 instantiate_ok ( &state, &sha1_instantiate_6 );
1290 force_reseed_required ( &state ); /* See above comments */
1291 generate_fail_ok ( &state, &sha1_generate_fail_6_1 );
1292 reseed_ok ( &state, &sha1_reseed_6_2 );
1293 generate_ok ( &state, &sha1_generate_6_3 );
1294 force_reseed_required ( &state ); /* See above comments */
1295 generate_fail_ok ( &state, &sha1_generate_fail_6_4 );
1296 reseed_ok ( &state, &sha1_reseed_6_5 );
1297 generate_ok ( &state, &sha1_generate_6_6 );
1300 instantiate_ok ( &state, &sha1_instantiate_7 );
1301 force_reseed_required ( &state ); /* See above comments */
1302 generate_fail_ok ( &state, &sha1_generate_fail_7_1 );
1303 reseed_ok ( &state, &sha1_reseed_7_2 );
1304 generate_ok ( &state, &sha1_generate_7_3 );
1305 force_reseed_required ( &state ); /* See above comments */
1306 generate_fail_ok ( &state, &sha1_generate_fail_7_4 );
1307 reseed_ok ( &state, &sha1_reseed_7_5 );
1308 generate_ok ( &state, &sha1_generate_7_6 );
1311 instantiate_ok ( &state, &sha1_instantiate_8 );
1312 force_reseed_required ( &state ); /* See above comments */
1313 generate_fail_ok ( &state, &sha1_generate_fail_8_1 );
1314 reseed_ok ( &state, &sha1_reseed_8_2 );
1315 generate_ok ( &state, &sha1_generate_8_3 );
1316 force_reseed_required ( &state ); /* See above comments */
1317 generate_fail_ok ( &state, &sha1_generate_fail_8_4 );
1318 reseed_ok ( &state, &sha1_reseed_8_5 );
1319 generate_ok ( &state, &sha1_generate_8_6 );
1321 /* SHA-256 Test 1 */
1322 instantiate_ok ( &state, &sha256_instantiate_1 );
1323 generate_ok ( &state, &sha256_generate_1_1 );
1324 generate_ok ( &state, &sha256_generate_1_2 );
1326 /* SHA-256 Test 2 */
1327 instantiate_ok ( &state, &sha256_instantiate_2 );
1328 generate_ok ( &state, &sha256_generate_2_1 );
1329 generate_ok ( &state, &sha256_generate_2_2 );
1331 /* SHA-256 Test 3 */
1332 instantiate_ok ( &state, &sha256_instantiate_3 );
1333 generate_ok ( &state, &sha256_generate_3_1 );
1334 generate_ok ( &state, &sha256_generate_3_2 );
1336 /* SHA-256 Test 4 */
1337 instantiate_ok ( &state, &sha256_instantiate_4 );
1338 generate_ok ( &state, &sha256_generate_4_1 );
1339 generate_ok ( &state, &sha256_generate_4_2 );
1341 /* SHA-256 Test 5 */
1342 instantiate_ok ( &state, &sha256_instantiate_5 );
1343 force_reseed_required ( &state ); /* See above comments */
1344 generate_fail_ok ( &state, &sha256_generate_fail_5_1 );
1345 reseed_ok ( &state, &sha256_reseed_5_2 );
1346 generate_ok ( &state, &sha256_generate_5_3 );
1347 force_reseed_required ( &state ); /* See above comments */
1348 generate_fail_ok ( &state, &sha256_generate_fail_5_4 );
1349 reseed_ok ( &state, &sha256_reseed_5_5 );
1350 generate_ok ( &state, &sha256_generate_5_6 );
1352 /* SHA-256 Test 6 */
1353 instantiate_ok ( &state, &sha256_instantiate_6 );
1354 force_reseed_required ( &state ); /* See above comments */
1355 generate_fail_ok ( &state, &sha256_generate_fail_6_1 );
1356 reseed_ok ( &state, &sha256_reseed_6_2 );
1357 generate_ok ( &state, &sha256_generate_6_3 );
1358 force_reseed_required ( &state ); /* See above comments */
1359 generate_fail_ok ( &state, &sha256_generate_fail_6_4 );
1360 reseed_ok ( &state, &sha256_reseed_6_5 );
1361 generate_ok ( &state, &sha256_generate_6_6 );
1363 /* SHA-256 Test 7 */
1364 instantiate_ok ( &state, &sha256_instantiate_7 );
1365 force_reseed_required ( &state ); /* See above comments */
1366 generate_fail_ok ( &state, &sha256_generate_fail_7_1 );
1367 reseed_ok ( &state, &sha256_reseed_7_2 );
1368 generate_ok ( &state, &sha256_generate_7_3 );
1369 force_reseed_required ( &state ); /* See above comments */
1370 generate_fail_ok ( &state, &sha256_generate_fail_7_4 );
1371 reseed_ok ( &state, &sha256_reseed_7_5 );
1372 generate_ok ( &state, &sha256_generate_7_6 );
1374 /* SHA-256 Test 8 */
1375 instantiate_ok ( &state, &sha256_instantiate_8 );
1376 force_reseed_required ( &state ); /* See above comments */
1377 generate_fail_ok ( &state, &sha256_generate_fail_8_1 );
1378 reseed_ok ( &state, &sha256_reseed_8_2 );
1379 generate_ok ( &state, &sha256_generate_8_3 );
1380 force_reseed_required ( &state ); /* See above comments */
1381 generate_fail_ok ( &state, &sha256_generate_fail_8_4 );
1382 reseed_ok ( &state, &sha256_reseed_8_5 );
1383 generate_ok ( &state, &sha256_generate_8_6 );
1386 /** HMAC_DRBG self-test */
1387 struct self_test hmac_drbg_test __self_test = {
1388 .name = "hmac_drbg",
1389 .exec = hmac_drbg_test_exec,