/*
* Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
FILE_LICENCE ( GPL2_OR_LATER );
/** @file
*
* HMAC_DRBG tests
*
* These test vectors are provided by NIST as part of the
* Cryptographic Toolkit Examples, downloadable from:
*
* http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/HMAC_DRBG.pdf
*
*/
/* Forcibly enable assertions */
#undef NDEBUG
#include <assert.h>
#include <string.h>
#include <ipxe/hmac_drbg.h>
#include <ipxe/sha1.h>
#include <ipxe/test.h>
/** Define inline expected data */
#define EXPECT(...) { __VA_ARGS__ }
/** An HMAC_DRBG instantiation test */
struct hmac_drbg_test_instantiate {
/** Underlying hash algorithm */
struct digest_algorithm *hash;
/** Output block length */
size_t out_len;
/** Entropy */
const void *entropy;
/** Length of entropy */
size_t entropy_len;
/** Nonce */
const void *nonce;
/** Length of nonce */
size_t nonce_len;
/** Personalisation string */
const void *personal;
/** Length of personalisation string */
size_t personal_len;
/** Expected key */
const void *expected_key;
/** Length of expected key */
size_t expected_key_len;
/** Expected value */
const void *expected_value;
/** Length of expected value */
size_t expected_value_len;
};
/**
* Define an HMAC_DRBG instantiation test
*
* @v name Test name
* @v hmac_drbg HMAC_DRBG algorithm
* @v entropy_array Entropy input
* @v nonce_array Nonce
* @v personal_array Personalisation string
* @v key Expected key
* @v value Expected value
* @ret test Instantiation test
*/
#define HMAC_DRBG_TEST_INSTANTIATE( name, hmac_drbg, entropy_array, \
nonce_array, personal_array, \
key, value ) \
static const uint8_t name ## _key [] = key; \
static const uint8_t name ## _value [] = value; \
static const struct hmac_drbg_test_instantiate name = { \
.hash = HMAC_DRBG_HASH ( hmac_drbg ), \
.out_len = HMAC_DRBG_OUTLEN_BYTES ( hmac_drbg ), \
.entropy = entropy_array, \
.entropy_len = sizeof ( entropy_array ), \
.nonce = nonce_array, \
.nonce_len = sizeof ( nonce_array ), \
.personal = personal_array, \
.personal_len = sizeof ( personal_array ), \
.expected_key = name ## _key, \
.expected_key_len = sizeof ( name ## _key ), \
.expected_value = name ## _value, \
.expected_value_len = sizeof ( name ## _value ), \
}
/**
* Report instantiation test result
*
* @v state HMAC_DRBG internal state
* @v test Instantiation test
*/
#define instantiate_ok( state, test ) do { \
struct { \
uint8_t entropy[(test)->entropy_len]; \
uint8_t nonce[(test)->nonce_len]; \
} __attribute__ (( packed )) entropy_nonce; \
\
assert ( (test)->expected_key_len == (test)->out_len ); \
assert ( (test)->expected_value_len == (test)->out_len ); \
memcpy ( entropy_nonce.entropy, (test)->entropy, \
sizeof ( entropy_nonce.entropy ) ); \
memcpy ( entropy_nonce.nonce, (test)->nonce, \
sizeof ( entropy_nonce.nonce ) ); \
hmac_drbg_instantiate ( (test)->hash, (state), &entropy_nonce, \
sizeof ( entropy_nonce ), \
(test)->personal, \
(test)->personal_len ); \
ok ( memcmp ( (state)->key, (test)->expected_key, \
(test)->expected_key_len ) == 0 ); \
ok ( memcmp ( (state)->value, (test)->expected_value, \
(test)->expected_value_len ) == 0 ); \
} while ( 0 )
/** An HMAC_DRBG reseed test */
struct hmac_drbg_test_reseed {
/** Underlying hash algorithm */
struct digest_algorithm *hash;
/** Output block length */
size_t out_len;
/** Entropy */
const void *entropy;
/** Length of entropy */
size_t entropy_len;
/** Additional input */
const void *additional;
/** Length of additional_input */
size_t additional_len;
/** Expected key */
const void *expected_key;
/** Length of expected key */
size_t expected_key_len;
/** Expected value */
const void *expected_value;
/** Length of expected value */
size_t expected_value_len;
};
/**
* Define an HMAC_DRBG reseed test
*
* @v name Test name
* @v hmac_drbg HMAC_DRBG algorithm
* @v entropy_array Entropy input
* @v additional_array Additional input
* @v key Expected key
* @v value Expected value
* @ret test Reseed test
*/
#define HMAC_DRBG_TEST_RESEED( name, hmac_drbg, entropy_array, \
additional_array, key, value ) \
static const uint8_t name ## _key [] = key; \
static const uint8_t name ## _value [] = value; \
static const struct hmac_drbg_test_reseed name = { \
.hash = HMAC_DRBG_HASH ( hmac_drbg ), \
.out_len = HMAC_DRBG_OUTLEN_BYTES ( hmac_drbg ), \
.entropy = entropy_array, \
.entropy_len = sizeof ( entropy_array ), \
.additional = additional_array, \
.additional_len = sizeof ( additional_array ), \
.expected_key = name ## _key, \
.expected_key_len = sizeof ( name ## _key ), \
.expected_value = name ## _value, \
.expected_value_len = sizeof ( name ## _value ), \
}
/**
* Report reseed test result
*
* @v state HMAC_DRBG internal state
* @v test Reseed test
*/
#define reseed_ok( state, test ) do { \
assert ( (test)->expected_key_len == (test)->out_len ); \
assert ( (test)->expected_value_len == (test)->out_len ); \
hmac_drbg_reseed ( (test)->hash, (state), (test)->entropy, \
(test)->entropy_len, (test)->additional, \
(test)->additional_len ); \
ok ( memcmp ( (state)->key, (test)->expected_key, \
(test)->expected_key_len ) == 0 ); \
ok ( memcmp ( (state)->value, (test)->expected_value, \
(test)->expected_value_len ) == 0 ); \
} while ( 0 )
/** An HMAC_DRBG generation test */
struct hmac_drbg_test_generate {
/** Underlying hash algorithm */
struct digest_algorithm *hash;
/** Output block length */
size_t out_len;
/** Additional input */
const void *additional;
/** Length of additional_input */
size_t additional_len;
/** Expected key */
const void *expected_key;
/** Length of expected key */
size_t expected_key_len;
/** Expected value */
const void *expected_value;
/** Length of expected value */
size_t expected_value_len;
/** Expected pseudorandom data */
const void *expected_data;
/** Length of data */
size_t expected_data_len;
};
/**
* Define an HMAC_DRBG generation test
*
* @v name Test name
* @v hmac_drbg HMAC_DRBG algorithm
* @v additional_array Additional input
* @v key Expected key
* @v value Expected value
* @v data Expected pseudorandom data
* @ret test Generation test
*/
#define HMAC_DRBG_TEST_GENERATE( name, hmac_drbg, additional_array, \
key, value, data ) \
static const uint8_t name ## _key [] = key; \
static const uint8_t name ## _value [] = value; \
static const uint8_t name ## _data [] = data; \
static const struct hmac_drbg_test_generate name = { \
.hash = HMAC_DRBG_HASH ( hmac_drbg ), \
.out_len = HMAC_DRBG_OUTLEN_BYTES ( hmac_drbg ), \
.additional = additional_array, \
.additional_len = sizeof ( additional_array ), \
.expected_key = name ## _key, \
.expected_key_len = sizeof ( name ## _key ), \
.expected_value = name ## _value, \
.expected_value_len = sizeof ( name ## _value ), \
.expected_data = name ## _data, \
.expected_data_len = sizeof ( name ## _data ), \
}
/**
* Report generation test result
*
* @v state HMAC_DRBG internal state
* @v test Generation test
*/
#define generate_ok( state, test ) do { \
uint8_t data[ (test)->expected_data_len ]; \
int rc; \
\
assert ( (test)->expected_key_len == (test)->out_len ); \
assert ( (test)->expected_value_len == (test)->out_len ); \
rc = hmac_drbg_generate ( (test)->hash, (state), \
(test)->additional, \
(test)->additional_len, \
data, sizeof ( data ) ); \
ok ( rc == 0 ); \
ok ( memcmp ( (state)->key, (test)->expected_key, \
(test)->expected_key_len ) == 0 ); \
ok ( memcmp ( (state)->value, (test)->expected_value, \
(test)->expected_value_len ) == 0 ); \
ok ( memcmp ( data, (test)->expected_data, \
(test)->expected_data_len ) == 0 ); \
} while ( 0 )
/** An HMAC_DRBG generation failure test */
struct hmac_drbg_test_generate_fail {
/** Underlying hash algorithm */
struct digest_algorithm *hash;
/** Additional input */
const void *additional;
/** Length of additional_input */
size_t additional_len;
/** Length of requested data */
size_t requested_len;
};
/**
* Define an HMAC_DRBG generation failure test
*
* @v name Test name
* @v hmac_drbg HMAC_DRBG algorithm
* @v additional_array Additional input
* @ret test Generation failure test
*/
#define HMAC_DRBG_TEST_GENERATE_FAIL( name, hmac_drbg, \
additional_array, len ) \
static const struct hmac_drbg_test_generate_fail name = { \
.hash = HMAC_DRBG_HASH ( hmac_drbg ), \
.additional = additional_array, \
.additional_len = sizeof ( additional_array ), \
.requested_len = len, \
}
/**
* Report generation failure test result
*
* @v state HMAC_DRBG internal state
* @v test Generation failure test
*/
#define generate_fail_ok( state, test ) do { \
uint8_t data[ (test)->requested_len ]; \
int rc; \
\
rc = hmac_drbg_generate ( (test)->hash, (state), \
(test)->additional, \
(test)->additional_len, data, \
sizeof ( data ) ); \
ok ( rc != 0 ); \
} while ( 0 )
/** "EntropyInput" */
static const uint8_t entropy_input[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36
};
/** "Nonce" for SHA-1 */
static const uint8_t nonce_sha1[] = {
0x20, 0x21, 0x22, 0x23, 0x24
};
/** "EntropyInput1 (for Reseed1) */
static const uint8_t entropy_input_1[] = {
0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b,
0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3,
0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6
};
/** "EntropyInput2 (for Reseed2) */
static const uint8_t entropy_input_2[] = {
0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb,
0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3,
0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6
};
/** "PersonalizationString = <empty>" */
static const uint8_t personalisation_string_empty[] = {};
/** "PersonalizationString" */
static const uint8_t personalisation_string[] = {
0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b,
0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, 0x60, 0x61, 0x62, 0x63,
0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76
};
/** "AdditionalInput = <empty>" */
static const uint8_t additional_input_empty[] = {};
/** "AdditionalInput1" */
static const uint8_t additional_input_1[] = {
0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83,
0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96
};
/** "AdditionalInput2" */
static const uint8_t additional_input_2[] = {
0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab,
0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, 0xc0, 0xc1, 0xc2, 0xc3,
0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6
};
/** SHA-1 Test 1 : Instantiation */
HMAC_DRBG_TEST_INSTANTIATE ( sha1_instantiate_1, HMAC_DRBG_SHA1,
entropy_input, nonce_sha1, personalisation_string_empty,
EXPECT ( 0xab, 0x16, 0x0d, 0xd2, 0x1c, 0x30, 0x98, 0x0c, 0xa3, 0xca,
0x5a, 0x9c, 0x77, 0xb7, 0xbd, 0xf0, 0x50, 0xe6, 0x4e, 0xe9 ),
EXPECT ( 0x61, 0x44, 0x99, 0xea, 0x98, 0x0c, 0xfb, 0x3d, 0xaa, 0x2c,
0xa8, 0x6d, 0x65, 0xa4, 0x6b, 0xf4, 0x48, 0x8d, 0x8c, 0xc5 ) );
/** SHA-1 Test 1.1 : First call to Generate */
HMAC_DRBG_TEST_GENERATE ( sha1_generate_1_1, HMAC_DRBG_SHA1,
additional_input_empty,
EXPECT ( 0x7b, 0xb1, 0x80, 0x28, 0xe0, 0x1d, 0x03, 0x42, 0xdf, 0x4f,
0x54, 0xda, 0x51, 0x22, 0xfa, 0x5f, 0x2c, 0x3a, 0x05, 0xe4 ),
EXPECT ( 0x2f, 0x89, 0x4f, 0x28, 0xcc, 0x2f, 0x53, 0x82, 0x96, 0x40,
0x64, 0x3a, 0xd1, 0x7b, 0x84, 0xb0, 0xcd, 0x3c, 0x79, 0x79 ),
EXPECT ( 0x5a, 0x7d, 0x3b, 0x44, 0x9f, 0x48, 0x1c, 0xb3, 0x8d, 0xf7,
0x9a, 0xd2, 0xb1, 0xfc, 0xc0, 0x1e, 0x57, 0xf8, 0x13, 0x5e,
0x8c, 0x0b, 0x22, 0xcd, 0x06, 0x30, 0xbf, 0xb0, 0x12, 0x7f,
0xb5, 0x40, 0x8c, 0x8e, 0xfc, 0x17, 0xa9, 0x29, 0x89, 0x6e ) );
/** SHA-1 Test 1.2 : Second call to Generate */
HMAC_DRBG_TEST_GENERATE ( sha1_generate_1_2, HMAC_DRBG_SHA1,
additional_input_empty,
EXPECT ( 0x3d, 0x4d, 0x73, 0x77, 0xe9, 0x17, 0x2a, 0xaf, 0xa7, 0x76,
0xb0, 0xdd, 0xcb, 0x89, 0x42, 0x00, 0x4a, 0x44, 0xb7, 0xfd ),
EXPECT ( 0x1a, 0x26, 0xbd, 0x9b, 0xfc, 0x97, 0x44, 0xbd, 0x29, 0xf6,
0xae, 0xbe, 0x24, 0x37, 0xe2, 0x09, 0xf1, 0xf7, 0x16, 0x25 ),
EXPECT ( 0x82, 0xcf, 0x77, 0x2e, 0xc3, 0xe8, 0x4b, 0x00, 0xfc, 0x74,
0xf5, 0xdf, 0x10, 0x4e, 0xfb, 0xfb, 0x24, 0x28, 0x55, 0x4e,
0x9c, 0xe3, 0x67, 0xd0, 0x3a, 0xea, 0xde, 0x37, 0x82, 0x7f,
0xa8, 0xe9, 0xcb, 0x6a, 0x08, 0x19, 0x61, 0x15, 0xd9, 0x48 ) );
/** SHA-1 Test 2 : Instantiation */
#define sha1_instantiate_2 sha1_instantiate_1
/** SHA-1 Test 2.1 : First call to Generate */
HMAC_DRBG_TEST_GENERATE ( sha1_generate_2_1, HMAC_DRBG_SHA1,
additional_input_1,
EXPECT ( 0x3a, 0x06, 0x2e, 0x6b, 0x79, 0xfe, 0x70, 0xdb, 0xff, 0xeb,
0x3a, 0x2b, 0x6b, 0xe8, 0x03, 0x23, 0xf7, 0xd6, 0x74, 0xc5 ),
EXPECT ( 0xbd, 0x36, 0x31, 0x28, 0xbf, 0x58, 0x0d, 0x7a, 0x54, 0x42,
0x9d, 0xdd, 0x58, 0xe8, 0x19, 0x3b, 0x98, 0x43, 0xbd, 0x2b ),
EXPECT ( 0xc7, 0xaa, 0xac, 0x58, 0x3c, 0x6e, 0xf6, 0x30, 0x07, 0x14,
0xc2, 0xcc, 0x5d, 0x06, 0xc1, 0x48, 0xcf, 0xfb, 0x40, 0x44,
0x9a, 0xd0, 0xbb, 0x26, 0xfa, 0xc0, 0x49, 0x7b, 0x5c, 0x57,
0xe1, 0x61, 0xe3, 0x66, 0x81, 0xbc, 0xc9, 0x30, 0xce, 0x80 ) );
/** SHA-1 Test 2.2 : Second call to Generate */
HMAC_DRBG_TEST_GENERATE ( sha1_generate_2_2, HMAC_DRBG_SHA1,
additional_input_2,
EXPECT ( 0x8a, 0xd7, 0xe3, 0x47, 0x72, 0xb5, 0xfc, 0x7c, 0x3b, 0x3b,
0x27, 0x62, 0x4f, 0x0b, 0x91, 0x77, 0x6a, 0x8a, 0x71, 0x12 ),
EXPECT ( 0xd7, 0x13, 0x76, 0xa4, 0x6d, 0x76, 0x4b, 0x17, 0xc3, 0xb7,
0x39, 0x34, 0x7b, 0x38, 0x4e, 0x51, 0x51, 0xe8, 0x7e, 0x88 ),
EXPECT ( 0x6e, 0xbd, 0x2b, 0x7b, 0x5e, 0x0a, 0x2a, 0xd7, 0xa2, 0x4b,
0x1b, 0xf9, 0xa1, 0xdb, 0xa4, 0x7d, 0x43, 0x27, 0x17, 0x19,
0xb9, 0xc3, 0x7b, 0x7f, 0xe8, 0x1b, 0xa9, 0x40, 0x45, 0xa1,
0x4a, 0x7c, 0xb5, 0x14, 0xb4, 0x46, 0x66, 0x6e, 0xa5, 0xa7 ) );
/** SHA-1 Test 3 : Instantiation */
HMAC_DRBG_TEST_INSTANTIATE ( sha1_instantiate_3, HMAC_DRBG_SHA1,
entropy_input, nonce_sha1, personalisation_string,
EXPECT ( 0xb7, 0xd9, 0x66, 0xd7, 0x0d, 0x4e, 0x27, 0xa7, 0xfa, 0x83,
0x8f, 0x7d, 0x61, 0x12, 0x6c, 0x0e, 0xdc, 0x84, 0x76, 0x1c ),
EXPECT ( 0xda, 0xb2, 0xa7, 0x18, 0x83, 0xf1, 0x00, 0x5c, 0x5d, 0xd0,
0x39, 0x32, 0x4d, 0x3c, 0x36, 0x4d, 0x6e, 0x18, 0xf9, 0x54 ) );
/** SHA-1 Test 3.1 : First call to Generate */
HMAC_DRBG_TEST_GENERATE ( sha1_generate_3_1, HMAC_DRBG_SHA1,
additional_input_empty,
EXPECT ( 0x87, 0xd3, 0x82, 0x8b, 0xe0, 0x3a, 0x80, 0x7d, 0xd3, 0x40,
0x29, 0x41, 0xbe, 0xd6, 0xde, 0x98, 0x6e, 0xe7, 0xa2, 0x86 ),
EXPECT ( 0x6a, 0xe1, 0xd0, 0x08, 0x6f, 0x53, 0xb1, 0xb7, 0x63, 0xa4,
0x51, 0x5b, 0x19, 0x06, 0xfe, 0xe4, 0x76, 0x61, 0xfd, 0x47 ),
EXPECT ( 0xb3, 0xbd, 0x05, 0x24, 0x6c, 0xba, 0x12, 0xa6, 0x47, 0x35,
0xa4, 0xe3, 0xfd, 0xe5, 0x99, 0xbc, 0x1b, 0xe3, 0x0f, 0x43,
0x9b, 0xd0, 0x60, 0x20, 0x8e, 0xea, 0x7d, 0x71, 0xf9, 0xd1,
0x23, 0xdf, 0x47, 0xb3, 0xce, 0x06, 0x9d, 0x98, 0xed, 0xe6 ) );
/** SHA-1 Test 3.2 : Second call to Generate */
HMAC_DRBG_TEST_GENERATE ( sha1_generate_3_2, HMAC_DRBG_SHA1,
additional_input_empty,
EXPECT ( 0x26, 0xab, 0xbf, 0x54, 0xb2, 0x8b, 0x93, 0xff, 0x90, 0x08,
0x67, 0x0e, 0xbf, 0xee, 0x86, 0xcd, 0xd7, 0x22, 0x8e, 0xd5 ),
EXPECT ( 0xe9, 0x25, 0x47, 0x29, 0xe0, 0x02, 0x04, 0xa1, 0xb6, 0xc0,
0x21, 0x58, 0xa6, 0xc7, 0x27, 0x86, 0x47, 0x14, 0xf1, 0xf7 ),
EXPECT ( 0xb5, 0xda, 0xda, 0x38, 0x0e, 0x28, 0x72, 0xdf, 0x93, 0x5b,
0xca, 0x55, 0xb8, 0x82, 0xc8, 0xc9, 0x37, 0x69, 0x02, 0xab,
0x63, 0x97, 0x65, 0x47, 0x2b, 0x71, 0xac, 0xeb, 0xe2, 0xea,
0x8b, 0x1b, 0x6b, 0x49, 0x62, 0x9c, 0xb6, 0x73, 0x17, 0xe0 ) );
/** SHA-1 Test 4 : Instantiation */
#define sha1_instantiate_4 sha1_instantiate_3
/** SHA-1 Test 4.1 : First call to Generate */
HMAC_DRBG_TEST_GENERATE ( sha1_generate_4_1, HMAC_DRBG_SHA1,
additional_input_1,
EXPECT ( 0x17, 0xa5, 0xd7, 0x9f, 0x07, 0x67, 0x87, 0x6f, 0x3a, 0x45,
0xe0, 0xc9, 0xc3, 0x3e, 0xc8, 0x8b, 0x03, 0xce, 0xea, 0x13 ),
EXPECT ( 0x4d, 0x2f, 0x3b, 0xc7, 0x77, 0x50, 0x5c, 0x45, 0xf7, 0xe1,
0x7d, 0xcd, 0x3d, 0x86, 0xbf, 0x37, 0x9c, 0xb6, 0x02, 0x5e ),
EXPECT ( 0x1f, 0x8f, 0xec, 0x7b, 0xc7, 0xcf, 0xa9, 0xa8, 0x80, 0x34,
0x5d, 0x28, 0x0b, 0x13, 0xc6, 0x32, 0xb8, 0x52, 0x77, 0x0a,
0x6d, 0xfc, 0x30, 0x2e, 0xad, 0x4c, 0xe3, 0xf5, 0x54, 0xc7,
0x9b, 0x0d, 0x44, 0x23, 0x9e, 0xba, 0x56, 0xa7, 0xea, 0x2d ) );
/** SHA-1 Test 4.2 : Second call to Generate */
HMAC_DRBG_TEST_GENERATE ( sha1_generate_4_2, HMAC_DRBG_SHA1,
additional_input_2,
EXPECT ( 0x07, 0x9b, 0x57, 0xd9, 0x40, 0x6e, 0x11, 0xc2, 0xf8, 0x7c,
0x8c, 0x82, 0x8c, 0x8c, 0x6f, 0xa7, 0x6e, 0x40, 0xea, 0x01 ),
EXPECT ( 0xa6, 0x54, 0xfe, 0x72, 0xf8, 0xa7, 0x7b, 0xb8, 0xf0, 0x3d,
0xff, 0x07, 0xc7, 0x9a, 0x51, 0x53, 0x00, 0x9e, 0xdd, 0xda ),
EXPECT ( 0xaf, 0x97, 0xcd, 0xe1, 0xe8, 0xab, 0x32, 0x2a, 0x2e, 0xac,
0xa8, 0xe6, 0xf4, 0xe5, 0xbf, 0x78, 0xa1, 0x1b, 0xde, 0xf7,
0xdc, 0x91, 0x21, 0x5d, 0x44, 0xb1, 0x07, 0xb4, 0xd5, 0xa7,
0x79, 0x01, 0x59, 0x25, 0x09, 0x76, 0x52, 0x80, 0xf9, 0x69 ) );
/** SHA-1 Test 5 : Instantiation */
#define sha1_instantiate_5 sha1_instantiate_1
/** SHA-1 Test 5.1 : First call to Generate */
HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_5_1, HMAC_DRBG_SHA1,
additional_input_empty, ( 320 / 8 ) );
/** SHA-1 Test 5.2 : Reseed */
HMAC_DRBG_TEST_RESEED ( sha1_reseed_5_2, HMAC_DRBG_SHA1,
entropy_input_1, additional_input_empty,
EXPECT ( 0xcd, 0x4c, 0xab, 0x38, 0xc8, 0xad, 0x65, 0x71, 0x22, 0xbf,
0x5d, 0x3d, 0x00, 0xd0, 0xac, 0x9b, 0x13, 0xd6, 0x29, 0xbb ),
EXPECT ( 0xf6, 0x60, 0xe2, 0x3e, 0x91, 0x00, 0x6b, 0x62, 0xc6, 0x54,
0x3a, 0xb1, 0x34, 0x4d, 0x23, 0xa3, 0x1a, 0xb4, 0xcf, 0x2c ) );
/** SHA-1 Test 5.3 : Retried first call to Generate */
HMAC_DRBG_TEST_GENERATE ( sha1_generate_5_3, HMAC_DRBG_SHA1,
additional_input_empty,
EXPECT ( 0x58, 0x7f, 0xd8, 0x21, 0xef, 0x6c, 0x9d, 0xa4, 0xa8, 0x3c,
0x19, 0x21, 0x1f, 0x10, 0x56, 0xca, 0xcd, 0x23, 0xfc, 0x1a ),
EXPECT ( 0x84, 0x8f, 0xd1, 0x4c, 0x13, 0xb7, 0xea, 0x93, 0x72, 0x0c,
0xcf, 0xde, 0x71, 0xf2, 0xf6, 0x44, 0x39, 0xdb, 0x79, 0x5d ),
EXPECT ( 0xfe, 0xc4, 0x59, 0x7f, 0x06, 0xa3, 0xa8, 0xcc, 0x85, 0x29,
0xd5, 0x95, 0x57, 0xb9, 0xe6, 0x61, 0x05, 0x38, 0x09, 0xc0,
0xbc, 0x0e, 0xfc, 0x28, 0x2a, 0xbd, 0x87, 0x60, 0x5c, 0xc9,
0x0c, 0xba, 0x9b, 0x86, 0x33, 0xdc, 0xb1, 0xda, 0xe0, 0x2e ) );
/** SHA-1 Test 5.4 : Second call to Generate */
HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_5_4, HMAC_DRBG_SHA1,
additional_input_empty, ( 320 / 8 ) );
/** SHA-1 Test 5.5 : Reseed */
HMAC_DRBG_TEST_RESEED ( sha1_reseed_5_5, HMAC_DRBG_SHA1,
entropy_input_2, additional_input_empty,
EXPECT ( 0xdb, 0xa1, 0xcf, 0xf4, 0x87, 0x95, 0x46, 0xa0, 0x38, 0xa5,
0x59, 0xb2, 0xa2, 0x4d, 0xf2, 0xc0, 0x30, 0x08, 0x9a, 0x41 ),
EXPECT ( 0x2f, 0x88, 0x3c, 0x46, 0x48, 0xe1, 0x31, 0xe8, 0x6d, 0xdf,
0x9d, 0xca, 0x0d, 0x74, 0xf3, 0x0c, 0xa1, 0xce, 0x6e, 0xfb ) );
/** SHA-1 Test 5.6 : Retried second call to Generate */
HMAC_DRBG_TEST_GENERATE ( sha1_generate_5_6, HMAC_DRBG_SHA1,
additional_input_empty,
EXPECT ( 0xf9, 0x39, 0xa5, 0xab, 0x08, 0xa3, 0x9f, 0x23, 0x10, 0x70,
0xb0, 0xd4, 0xc9, 0x6d, 0xc2, 0x37, 0x90, 0xba, 0x01, 0x53 ),
EXPECT ( 0xce, 0x6d, 0x08, 0xb4, 0xae, 0x2c, 0xe3, 0x83, 0xfd, 0xab,
0xb0, 0x1e, 0xaa, 0xfc, 0x9c, 0x8e, 0x76, 0xa0, 0xd4, 0x72 ),
EXPECT ( 0x84, 0xad, 0xd5, 0xe2, 0xd2, 0x04, 0x1c, 0x01, 0x72, 0x3a,
0x4d, 0xe4, 0x33, 0x5b, 0x13, 0xef, 0xdf, 0x16, 0xb0, 0xe5,
0x1a, 0x0a, 0xd3, 0x9b, 0xd1, 0x5e, 0x86, 0x2e, 0x64, 0x4f,
0x31, 0xe4, 0xa2, 0xd7, 0xd8, 0x43, 0xe5, 0x7c, 0x59, 0x68 ) );
/** SHA-1 Test 6 : Instantiate */
#define sha1_instantiate_6 sha1_instantiate_1
/** SHA-1 Test 6.1 : First call to Generate */
HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_6_1, HMAC_DRBG_SHA1,
additional_input_1, ( 320 / 8 ) );
/** SHA-1 Test 6.2 : Reseed */
HMAC_DRBG_TEST_RESEED ( sha1_reseed_6_2, HMAC_DRBG_SHA1,
entropy_input_1, additional_input_1,
EXPECT ( 0x52, 0x28, 0xa4, 0xb6, 0xa4, 0x46, 0x92, 0x90, 0x5e, 0xc0,
0x44, 0xbf, 0xf0, 0xbb, 0x4e, 0x25, 0xa3, 0x87, 0xca, 0xc1 ),
EXPECT ( 0x24, 0x77, 0x32, 0xd0, 0x4c, 0xb8, 0x4e, 0xd4, 0x1a, 0xdd,
0x95, 0xa4, 0xb7, 0x8b, 0x50, 0xcd, 0x9b, 0x3d, 0x3f, 0x32 ) );
/** SHA-1 Test 6.3 : Retried first call to Generate */
HMAC_DRBG_TEST_GENERATE ( sha1_generate_6_3, HMAC_DRBG_SHA1,
additional_input_empty,
EXPECT ( 0xab, 0x3d, 0xd4, 0x89, 0x5b, 0xc8, 0xcd, 0x22, 0x71, 0xde,
0xba, 0x5f, 0x3c, 0x13, 0x63, 0x52, 0x6b, 0x8b, 0x74, 0x52 ),
EXPECT ( 0xa8, 0x66, 0xc5, 0xef, 0xf2, 0xaf, 0x04, 0x2b, 0x11, 0x86,
0x44, 0x94, 0x45, 0x23, 0x7f, 0x9c, 0x02, 0x44, 0x98, 0x64 ),
EXPECT ( 0xa1, 0xba, 0x8f, 0xa5, 0x8b, 0xb5, 0x01, 0x3f, 0x43, 0xf7,
0xb6, 0xed, 0x52, 0xb4, 0x53, 0x9f, 0xa1, 0x6d, 0xc7, 0x79,
0x57, 0xae, 0xe8, 0x15, 0xb9, 0xc0, 0x70, 0x04, 0xc7, 0xe9,
0x92, 0xeb, 0x8c, 0x7e, 0x59, 0x19, 0x64, 0xaf, 0xee, 0xa2 ) );
/** SHA-1 Test 6.4 : Second call to Generate */
HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_6_4, HMAC_DRBG_SHA1,
additional_input_2, ( 320 / 8 ) );
/** SHA-1 Test 6.5 : Reseed */
HMAC_DRBG_TEST_RESEED ( sha1_reseed_6_5, HMAC_DRBG_SHA1,
entropy_input_2, additional_input_2,
EXPECT ( 0xe5, 0x73, 0x9f, 0x9c, 0xf7, 0xff, 0x43, 0x84, 0xd1, 0x27,
0x3e, 0x02, 0x6b, 0x45, 0x31, 0x21, 0x36, 0x49, 0x4f, 0x41 ),
EXPECT ( 0x30, 0xc3, 0x43, 0x05, 0xc2, 0xc6, 0x48, 0xb0, 0x57, 0xa6,
0x40, 0x22, 0x1b, 0x5c, 0x56, 0x57, 0x26, 0xcd, 0x32, 0xb2 ) );
/** SHA-1 Test 6.6 : Retried second call to Generate */
HMAC_DRBG_TEST_GENERATE ( sha1_generate_6_6, HMAC_DRBG_SHA1,
additional_input_empty,
EXPECT ( 0x61, 0x91, 0xca, 0x9b, 0xf0, 0x00, 0xd1, 0x0a, 0x71, 0x69,
0x0a, 0xc1, 0x0e, 0x09, 0xff, 0xc8, 0x92, 0xab, 0xde, 0x9a ),
EXPECT ( 0x1e, 0xc0, 0x49, 0x0f, 0xa0, 0xb7, 0x65, 0x52, 0x7e, 0x5e,
0xa1, 0x8b, 0x53, 0x22, 0xb2, 0x8b, 0xdd, 0x0e, 0x7b, 0xc0 ),
EXPECT ( 0x84, 0x26, 0x4a, 0x73, 0xa8, 0x18, 0xc9, 0x5c, 0x2f, 0x42,
0x4b, 0x37, 0xd3, 0xcc, 0x99, 0x0b, 0x04, 0x6f, 0xb5, 0x0c,
0x2d, 0xc6, 0x4a, 0x16, 0x42, 0x11, 0x88, 0x9a, 0x01, 0x0f,
0x24, 0x71, 0xa0, 0x91, 0x2f, 0xfe, 0xa1, 0xbf, 0x01, 0x95 ) );
/** SHA-1 Test 7 : Instantiation */
#define sha1_instantiate_7 sha1_instantiate_3
/** SHA-1 Test 7.1 : First call to Generate */
HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_7_1, HMAC_DRBG_SHA1,
additional_input_empty, ( 320 / 8 ) );
/** SHA-1 Test 7.2 : Reseed */
HMAC_DRBG_TEST_RESEED ( sha1_reseed_7_2, HMAC_DRBG_SHA1,
entropy_input_1, additional_input_empty,
EXPECT ( 0xb9, 0x25, 0x4d, 0x8a, 0xac, 0xba, 0x43, 0xfb, 0xda, 0xe6,
0x39, 0x4f, 0x2b, 0x3a, 0xfc, 0x5d, 0x58, 0x08, 0x00, 0xbf ),
EXPECT ( 0x28, 0x40, 0x3b, 0x60, 0x36, 0x38, 0xd0, 0x7d, 0x79, 0x66,
0x66, 0x1e, 0xf6, 0x7b, 0x9d, 0x39, 0x05, 0xf4, 0x6d, 0xb9 ) );
/** SHA-1 Test 7.3 : Retried first call to Generate */
HMAC_DRBG_TEST_GENERATE ( sha1_generate_7_3, HMAC_DRBG_SHA1,
additional_input_empty,
EXPECT ( 0x64, 0xfe, 0x07, 0x4a, 0x6e, 0x77, 0x97, 0xd1, 0xa4, 0x35,
0xda, 0x89, 0x64, 0x48, 0x4d, 0x6c, 0xf8, 0xbd, 0xc0, 0x1b ),
EXPECT ( 0x43, 0xe0, 0xc0, 0x52, 0x15, 0x86, 0xe9, 0x47, 0x3b, 0x06,
0x0d, 0x87, 0xd0, 0x8a, 0x23, 0x25, 0xfa, 0xe1, 0x49, 0xd1 ),
EXPECT ( 0x6c, 0x37, 0xfd, 0xd7, 0x29, 0xaa, 0x40, 0xf8, 0x0b, 0xc6,
0xab, 0x08, 0xca, 0x7c, 0xc6, 0x49, 0x79, 0x4f, 0x69, 0x98,
0xb5, 0x70, 0x81, 0xe4, 0x22, 0x0f, 0x22, 0xc5, 0xc2, 0x83,
0xe2, 0xc9, 0x1b, 0x8e, 0x30, 0x5a, 0xb8, 0x69, 0xc6, 0x25 ) );
/** SHA-1 Test 7.4 : Second call to Generate */
HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_7_4, HMAC_DRBG_SHA1,
additional_input_empty, ( 320 / 8 ) );
/** SHA-1 Test 7.5 : Reseed */
HMAC_DRBG_TEST_RESEED ( sha1_reseed_7_5, HMAC_DRBG_SHA1,
entropy_input_2, additional_input_empty,
EXPECT ( 0x02, 0xbc, 0x57, 0x7f, 0xd1, 0x0e, 0xf7, 0x19, 0x3c, 0x1d,
0xb0, 0x98, 0xbd, 0x5b, 0x75, 0xc7, 0xc4, 0xb6, 0x79, 0x59 ),
EXPECT ( 0xbc, 0xbd, 0xf0, 0x52, 0xe0, 0xe0, 0x2a, 0xe8, 0x9a, 0x77,
0x67, 0x94, 0x3f, 0x98, 0x65, 0xb8, 0xb7, 0x22, 0x90, 0x2d ) );
/** SHA-1 Test 7.6 : Retried second call to Generate */
HMAC_DRBG_TEST_GENERATE ( sha1_generate_7_6, HMAC_DRBG_SHA1,
additional_input_empty,
EXPECT ( 0x1a, 0xa4, 0x24, 0x1c, 0x69, 0x5e, 0x29, 0xc0, 0xa5, 0x9a,
0xd1, 0x8a, 0x60, 0x70, 0xe3, 0x38, 0xa5, 0x48, 0xbe, 0x92 ),
EXPECT ( 0x03, 0x47, 0x35, 0x9b, 0xc9, 0xc7, 0xf8, 0x8c, 0xc8, 0x33,
0x0d, 0x4f, 0x59, 0xfb, 0xc7, 0x70, 0xb0, 0xb7, 0x7b, 0x03 ),
EXPECT ( 0xca, 0xf5, 0x7d, 0xcf, 0xea, 0x39, 0x3b, 0x92, 0x36, 0xbf,
0x69, 0x1f, 0xa4, 0x56, 0xfe, 0xa7, 0xfd, 0xf1, 0xdf, 0x83,
0x61, 0x48, 0x2c, 0xa5, 0x4d, 0x5f, 0xa7, 0x23, 0xf4, 0xc8,
0x8b, 0x4f, 0xa5, 0x04, 0xbf, 0x03, 0x27, 0x7f, 0xa7, 0x83 ) );
/** SHA-1 Test 8 : Instantiate */
#define sha1_instantiate_8 sha1_instantiate_3
/** SHA-1 Test 8.1 : First call to Generate */
HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_8_1, HMAC_DRBG_SHA1,
additional_input_1, ( 320 / 8 ) );
/** SHA-1 Test 8.2 : Reseed */
HMAC_DRBG_TEST_RESEED ( sha1_reseed_8_2, HMAC_DRBG_SHA1,
entropy_input_1, additional_input_1,
EXPECT ( 0xc0, 0x95, 0x48, 0xc0, 0xd3, 0xc8, 0x61, 0xd7, 0x40, 0xf2,
0x83, 0x7d, 0x72, 0xb5, 0x07, 0x23, 0x5c, 0x26, 0xdb, 0x82 ),
EXPECT ( 0x17, 0x4b, 0x3f, 0x84, 0xc3, 0x53, 0x1f, 0x7c, 0x0a, 0x2e,
0x54, 0x21, 0x23, 0x4e, 0xa1, 0x6b, 0x70, 0x8d, 0xdf, 0x0d ) );
/** SHA-1 Test 8.3 : Retried first call to Generate */
HMAC_DRBG_TEST_GENERATE ( sha1_generate_8_3, HMAC_DRBG_SHA1,
additional_input_empty,
EXPECT ( 0x60, 0x3f, 0x09, 0x49, 0x27, 0x9c, 0x70, 0xe8, 0xc6, 0x6c,
0x0f, 0x56, 0x37, 0xc0, 0xf3, 0x75, 0x60, 0x07, 0xe5, 0xac ),
EXPECT ( 0xf2, 0xb3, 0x3b, 0x21, 0x15, 0x1f, 0xaf, 0x61, 0x20, 0x01,
0x83, 0x10, 0xf4, 0x4e, 0x4c, 0xd0, 0xbf, 0xe3, 0x68, 0xea ),
EXPECT ( 0xbd, 0x07, 0xc2, 0x5c, 0xfd, 0x7c, 0x5e, 0x3a, 0x4e, 0xaa,
0x6e, 0x2e, 0xdc, 0x5a, 0xb7, 0xea, 0x49, 0x42, 0xa0, 0x91,
0x34, 0x71, 0xfd, 0xa5, 0x5c, 0x6d, 0xdd, 0x2c, 0x03, 0xef,
0xa3, 0xb9, 0x64, 0x3a, 0xb3, 0xbb, 0x22, 0xf6, 0xc9, 0xf2 ) );
/** SHA-1 Test 8.4 : Second call to Generate */
HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_8_4, HMAC_DRBG_SHA1,
additional_input_2, ( 320 / 8 ) );
/** SHA-1 Test 8.5 : Reseed */
HMAC_DRBG_TEST_RESEED ( sha1_reseed_8_5, HMAC_DRBG_SHA1,
entropy_input_2, additional_input_2,
EXPECT ( 0x89, 0x42, 0xa5, 0x4f, 0x34, 0x9e, 0x28, 0x1b, 0x84, 0xaa,
0x46, 0x95, 0x87, 0xfb, 0xdd, 0xaf, 0x9d, 0x11, 0x40, 0x82 ),
EXPECT ( 0x07, 0x73, 0x0e, 0x3c, 0xbf, 0xfd, 0x3c, 0xaf, 0xd7, 0xa8,
0xaa, 0xe2, 0xbf, 0x01, 0xd6, 0x01, 0x43, 0x01, 0xe2, 0x4d ) );
/** SHA-1 Test 8.6 : Retried second call to Generate */
HMAC_DRBG_TEST_GENERATE ( sha1_generate_8_6, HMAC_DRBG_SHA1,
additional_input_empty,
EXPECT ( 0xbd, 0xe1, 0xb4, 0x6c, 0xdc, 0x54, 0x13, 0xb3, 0xd9, 0xf7,
0x35, 0xac, 0xdb, 0x80, 0xb1, 0x3c, 0x57, 0xbf, 0xe4, 0x73 ),
EXPECT ( 0x72, 0x5a, 0x3c, 0x78, 0x20, 0xde, 0x1a, 0x06, 0xd0, 0x95,
0x81, 0x9c, 0xcf, 0x6f, 0x2c, 0x9b, 0x3a, 0x67, 0xf2, 0xce ),
EXPECT ( 0xd1, 0xa9, 0xc1, 0xa2, 0x2c, 0x84, 0xfc, 0x23, 0xff, 0x22,
0x27, 0xef, 0x98, 0xec, 0x8b, 0xa9, 0xdf, 0x2a, 0x20, 0x9b,
0xa1, 0xdb, 0x09, 0x80, 0x9f, 0x57, 0xbf, 0xea, 0xe5, 0xb3,
0xe5, 0xf1, 0x46, 0xc7, 0x5f, 0x2d, 0x8d, 0xbb, 0x5e, 0x4a ) );
/**
* Force a "reseed required" state
*
* @v state HMAC_DRBG internal state
*/
static inline void force_reseed_required ( struct hmac_drbg_state *state ) {
state->reseed_counter = ( HMAC_DRBG_RESEED_INTERVAL + 1 );
}
/**
* Perform HMAC_DRBG self-test
*
*/
static void hmac_drbg_test_exec ( void ) {
struct hmac_drbg_state state;
/*
* IMPORTANT NOTE
*
* The NIST test vector set includes several calls to
* HMAC_DRBG_Generate() that are expected to fail with a
* status of "Reseed required". The pattern seems to be that
* when prediction resistance is requested, any call to
* HMAC_DRBG_Generate() is at first expected to fail. After
* an explicit reseeding, the call to HMAC_DRBG_Generate() is
* retried, and on this second time it is expected to succeed.
*
* This pattern does not match the specifications for
* HMAC_DRBG_Generate(): neither HMAC_DRBG_Generate_algorithm
* (defined in ANS X9.82 Part 3-2007 Section 10.2.2.2.5 (NIST
* SP 800-90 Section 10.1.2.5)) nor the higher-level wrapper
* Generate_function defined in ANS X9.82 Part 3-2007 Section
* 9.4 (NIST SP 800-90 Section 9.3)) can possibly exhibit this
* behaviour:
*
* a) HMAC_DRBG_Generate_algorithm can return a "reseed
* required" status only as a result of the test
*
* "1. If reseed_counter > reseed_interval, then return
* an indication that a reseed is required."
*
* Since the reseed interval is independent of any request
* for prediction resistance, and since the reseed interval
* is not specified as part of the NIST test vector set,
* then this cannot be the source of the "Reseed required"
* failure expected by the NIST test vector set.
*
* b) Generate_function cannot return a "reseed required"
* status under any circumstances. If the underlying
* HMAC_DRBG_Generate_algorithm call returns "reseed
* required", then Generate_function will automatically
* reseed and try again.
*
* To produce the behaviour expected by the NIST test vector
* set, we therefore contrive to produce a "reseed required"
* state where necessary by setting the reseed_counter to
* greater than the reseed_interval.
*/
/* SHA-1 Test 1 */
instantiate_ok ( &state, &sha1_instantiate_1 );
generate_ok ( &state, &sha1_generate_1_1 );
generate_ok ( &state, &sha1_generate_1_2 );
/* SHA-1 Test 2 */
instantiate_ok ( &state, &sha1_instantiate_2 );
generate_ok ( &state, &sha1_generate_2_1 );
generate_ok ( &state, &sha1_generate_2_2 );
/* SHA-1 Test 3 */
instantiate_ok ( &state, &sha1_instantiate_3 );
generate_ok ( &state, &sha1_generate_3_1 );
generate_ok ( &state, &sha1_generate_3_2 );
/* SHA-1 Test 4 */
instantiate_ok ( &state, &sha1_instantiate_4 );
generate_ok ( &state, &sha1_generate_4_1 );
generate_ok ( &state, &sha1_generate_4_2 );
/* SHA-1 Test 5 */
instantiate_ok ( &state, &sha1_instantiate_5 );
force_reseed_required ( &state ); /* See above comments */
generate_fail_ok ( &state, &sha1_generate_fail_5_1 );
reseed_ok ( &state, &sha1_reseed_5_2 );
generate_ok ( &state, &sha1_generate_5_3 );
force_reseed_required ( &state ); /* See above comments */
generate_fail_ok ( &state, &sha1_generate_fail_5_4 );
reseed_ok ( &state, &sha1_reseed_5_5 );
generate_ok ( &state, &sha1_generate_5_6 );
/* SHA-1 Test 6 */
instantiate_ok ( &state, &sha1_instantiate_6 );
force_reseed_required ( &state ); /* See above comments */
generate_fail_ok ( &state, &sha1_generate_fail_6_1 );
reseed_ok ( &state, &sha1_reseed_6_2 );
generate_ok ( &state, &sha1_generate_6_3 );
force_reseed_required ( &state ); /* See above comments */
generate_fail_ok ( &state, &sha1_generate_fail_6_4 );
reseed_ok ( &state, &sha1_reseed_6_5 );
generate_ok ( &state, &sha1_generate_6_6 );
/* SHA-1 Test 7 */
instantiate_ok ( &state, &sha1_instantiate_7 );
force_reseed_required ( &state ); /* See above comments */
generate_fail_ok ( &state, &sha1_generate_fail_7_1 );
reseed_ok ( &state, &sha1_reseed_7_2 );
generate_ok ( &state, &sha1_generate_7_3 );
force_reseed_required ( &state ); /* See above comments */
generate_fail_ok ( &state, &sha1_generate_fail_7_4 );
reseed_ok ( &state, &sha1_reseed_7_5 );
generate_ok ( &state, &sha1_generate_7_6 );
/* SHA-1 Test 8 */
instantiate_ok ( &state, &sha1_instantiate_8 );
force_reseed_required ( &state ); /* See above comments */
generate_fail_ok ( &state, &sha1_generate_fail_8_1 );
reseed_ok ( &state, &sha1_reseed_8_2 );
generate_ok ( &state, &sha1_generate_8_3 );
force_reseed_required ( &state ); /* See above comments */
generate_fail_ok ( &state, &sha1_generate_fail_8_4 );
reseed_ok ( &state, &sha1_reseed_8_5 );
generate_ok ( &state, &sha1_generate_8_6 );
}
/** HMAC_DRBG self-test */
struct self_test hmac_drbg_test __self_test = {
.name = "hmac_drbg",
.exec = hmac_drbg_test_exec,
};
