ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

drbg: Implemented NIST SP-800-90A DRBG

This commit is contained in:
Andreas Steffen 2019-10-10 00:00:05 +02:00
parent 2a7937f179
commit 737375a2d2
33 changed files with 2825 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
conf/Makefile.am
View File

@ -39,6 +39,7 @@ plugins = \
plugins/curl.opt \
plugins/dhcp.opt \
plugins/dnscert.opt \
plugins/drbg.opt \
plugins/duplicheck.opt \
plugins/eap-aka.opt \
plugins/eap-aka-3gpp.opt \

3
conf/plugins/drbg.opt Normal file
View File

@ -0,0 +1,3 @@
charon.plugins.drbg.max_drbg_requests = 4294967294
Number of pseudo-random bit requests from the DRBG before an automatic
reseeding occurs.

6
configure.ac
View File

@ -1,6 +1,6 @@
#
# Copyright (C) 2007-2017 Tobias Brunner
# Copyright (C) 2006-2017 Andreas Steffen
# Copyright (C) 2006-2019 Andreas Steffen
# Copyright (C) 2006-2014 Martin Willi
# HSR Hochschule fuer Technik Rapperswil
#
@ -132,6 +132,7 @@ ARG_ENABL_SET([chapoly], [enables the ChaCha20/Poly1305 AEAD plugin.])
ARG_DISBL_SET([cmac], [disable CMAC crypto implementation plugin.])
ARG_ENABL_SET([ctr], [enables the Counter Mode wrapper crypto plugin.])
ARG_DISBL_SET([des], [disable DES/3DES software implementation plugin.])
ARG_DISBL_SET([drbg], [disable the NIST Deterministic Random Bit Generator plugin.])
ARG_DISBL_SET([fips-prf], [disable FIPS PRF software implementation plugin.])
ARG_ENABL_SET([gcm], [enables the GCM AEAD wrapper crypto plugin.])
ARG_ENABL_SET([gcrypt], [enables the libgcrypt plugin.])
@ -1442,6 +1443,7 @@ ADD_PLUGIN([ctr], [s charon scripts nm cmd])
ADD_PLUGIN([ccm], [s charon scripts nm cmd])
ADD_PLUGIN([gcm], [s charon scripts nm cmd])
ADD_PLUGIN([ntru], [s charon scripts nm cmd])
ADD_PLUGIN([drbg], [s charon pki scripts nm cmd])
ADD_PLUGIN([newhope], [s charon scripts nm cmd])
ADD_PLUGIN([bliss], [s charon pki scripts nm cmd])
ADD_PLUGIN([curl], [s charon scepclient pki scripts nm cmd])
@ -1611,6 +1613,7 @@ AM_CONDITIONAL(USE_AF_ALG, test x$af_alg = xtrue)
AM_CONDITIONAL(USE_NTRU, test x$ntru = xtrue)
AM_CONDITIONAL(USE_NEWHOPE, test x$newhope = xtrue)
AM_CONDITIONAL(USE_BLISS, test x$bliss = xtrue)
AM_CONDITIONAL(USE_DRBG, test x$drbg = xtrue)
# charon plugins
# ----------------
@ -1887,6 +1890,7 @@ AC_CONFIG_FILES([
src/libstrongswan/plugins/ccm/Makefile
src/libstrongswan/plugins/gcm/Makefile
src/libstrongswan/plugins/af_alg/Makefile
src/libstrongswan/plugins/drbg/Makefile
src/libstrongswan/plugins/ntru/Makefile
src/libstrongswan/plugins/bliss/Makefile
src/libstrongswan/plugins/bliss/tests/Makefile

18
src/libstrongswan/Makefile.am
View File

@ -5,11 +5,13 @@ library.c \
asn1/asn1.c asn1/asn1_parser.c asn1/oid.c bio/bio_reader.c bio/bio_writer.c \
collections/blocking_queue.c collections/enumerator.c collections/hashtable.c \
collections/array.c \
collections/linked_list.c crypto/crypters/crypter.c crypto/hashers/hasher.c \
collections/linked_list.c crypto/crypters/crypter.c \
crypto/drbgs/drbg.c crypto/hashers/hasher.c \
crypto/hashers/hash_algorithm_set.c crypto/proposal/proposal.c \
crypto/proposal/proposal_keywords.c crypto/proposal/proposal_keywords_static.c \
crypto/prfs/prf.c crypto/prfs/mac_prf.c crypto/pkcs5.c \
crypto/rngs/rng.c crypto/prf_plus.c crypto/signers/signer.c \
crypto/rngs/rng.c crypto/rngs/rng_tester.c \
crypto/prf_plus.c crypto/signers/signer.c \
crypto/signers/mac_signer.c crypto/crypto_factory.c crypto/crypto_tester.c \
crypto/diffie_hellman.c crypto/aead.c crypto/transform.c \
crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c crypto/iv/iv_gen_seq.c \
@ -68,10 +70,11 @@ library.h \
asn1/asn1.h asn1/asn1_parser.h asn1/oid.h bio/bio_reader.h bio/bio_writer.h \
collections/blocking_queue.h collections/enumerator.h collections/hashtable.h \
collections/linked_list.h collections/array.h collections/dictionary.h \
crypto/crypters/crypter.h crypto/hashers/hasher.h \
crypto/crypters/crypter.h crypto/drbgs/drbg.h crypto/hashers/hasher.h \
crypto/hashers/hash_algorithm_set.h crypto/mac.h crypto/proposal/proposal.h \
crypto/proposal/proposal_keywords.h crypto/proposal/proposal_keywords_static.h \
crypto/prfs/prf.h crypto/prfs/mac_prf.h crypto/rngs/rng.h crypto/nonce_gen.h \
crypto/rngs/rng.h crypto/rngs/rng_tester.h \
crypto/prfs/prf.h crypto/prfs/mac_prf.h crypto/nonce_gen.h \
crypto/prf_plus.h crypto/signers/signer.h crypto/signers/mac_signer.h \
crypto/crypto_factory.h crypto/crypto_tester.h crypto/diffie_hellman.h \
crypto/aead.h crypto/transform.h crypto/pkcs5.h crypto/iv/iv_gen.h \
@ -663,6 +666,13 @@ if MONOLITHIC
endif
endif
if USE_DRBG
SUBDIRS += plugins/drbg
if MONOLITHIC
libstrongswan_la_LIBADD += plugins/drbg/libstrongswan-drbg.la
endif
endif
if USE_TEST_VECTORS
SUBDIRS += plugins/test_vectors
if MONOLITHIC

118
src/libstrongswan/crypto/crypto_factory.c
View File

@ -1,7 +1,7 @@
/*
* Copyright (C) 2013-2014 Tobias Brunner
* Copyright (C) 2008 Martin Willi
* Copyright (C) 2016 Andreas Steffen
* Copyright (C) 2016-2019 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -53,6 +53,7 @@ struct entry_t {
hasher_constructor_t create_hasher;
prf_constructor_t create_prf;
xof_constructor_t create_xof;
drbg_constructor_t create_drbg;
rng_constructor_t create_rng;
nonce_gen_constructor_t create_nonce_gen;
dh_constructor_t create_dh;
@ -102,6 +103,11 @@ struct private_crypto_factory_t {
*/
linked_list_t *xofs;
/**
* registered drbgs, as entry_t
*/
linked_list_t *drbgs;
/**
* registered rngs, as entry_t
*/
@ -342,6 +348,40 @@ METHOD(crypto_factory_t, create_xof, xof_t*,
return xof;
}
METHOD(crypto_factory_t, create_drbg, drbg_t*,
private_crypto_factory_t *this, drbg_type_t type, uint32_t strength,
rng_t *entropy, chunk_t personalization_str)
{
enumerator_t *enumerator;
entry_t *entry;
drbg_t *drbg = NULL;
this->lock->read_lock(this->lock);
enumerator = this->drbgs->create_enumerator(this->drbgs);
while (enumerator->enumerate(enumerator, &entry))
{
if (entry->algo == type)
{
if (this->test_on_create &&
!this->tester->test_drbg(this->tester, type,
entry->create_drbg, NULL,
default_plugin_name))
{
continue;
}
drbg = entry->create_drbg(type, strength, entropy,
personalization_str);
if (drbg)
{
break;
}
}
}
enumerator->destroy(enumerator);
this->lock->unlock(this->lock);
return drbg;
}
METHOD(crypto_factory_t, create_rng, rng_t*,
private_crypto_factory_t *this, rng_quality_t quality)
{
@ -709,6 +749,43 @@ METHOD(crypto_factory_t, remove_xof, void,
this->lock->unlock(this->lock);
}
METHOD(crypto_factory_t, add_drbg, bool,
private_crypto_factory_t *this, drbg_type_t type,
const char *plugin_name, drbg_constructor_t create)
{
u_int speed = 0;
if (!this->test_on_add ||
this->tester->test_drbg(this->tester, type, create,
this->bench ? &speed : NULL, plugin_name))
{
add_entry(this, this->drbgs, type, plugin_name, speed, create);
return TRUE;
}
this->test_failures++;
return FALSE;
}
METHOD(crypto_factory_t, remove_drbg, void,
private_crypto_factory_t *this, drbg_constructor_t create)
{
entry_t *entry;
enumerator_t *enumerator;
this->lock->write_lock(this->lock);
enumerator = this->drbgs->create_enumerator(this->drbgs);
while (enumerator->enumerate(enumerator, &entry))
{
if (entry->create_drbg == create)
{
this->drbgs->remove_at(this->drbgs, enumerator);
free(entry);
}
}
enumerator->destroy(enumerator);
this->lock->unlock(this->lock);
}
METHOD(crypto_factory_t, add_rng, bool,
private_crypto_factory_t *this, rng_quality_t quality,
const char *plugin_name, rng_constructor_t create)
@ -981,6 +1058,30 @@ METHOD(crypto_factory_t, create_xof_enumerator, enumerator_t*,
return create_enumerator(this, this->xofs, xof_filter);
}
CALLBACK(drbg_filter, bool,
void *n, enumerator_t *orig, va_list args)
{
entry_t *entry;
drbg_type_t *type;
const char **plugin_name;
VA_ARGS_VGET(args, type, plugin_name);
if (orig->enumerate(orig, &entry))
{
*type = entry->algo;
*plugin_name = entry->plugin_name;
return TRUE;
}
return FALSE;
}
METHOD(crypto_factory_t, create_drbg_enumerator, enumerator_t*,
private_crypto_factory_t *this)
{
return create_enumerator(this, this->drbgs, drbg_filter);
}
CALLBACK(dh_filter, bool,
void *n, enumerator_t *orig, va_list args)
{
@ -1068,6 +1169,8 @@ METHOD(crypto_factory_t, add_test_vector, void,
return this->tester->add_prf_vector(this->tester, vector);
case EXTENDED_OUTPUT_FUNCTION:
return this->tester->add_xof_vector(this->tester, vector);
case DETERMINISTIC_RANDOM_BIT_GENERATOR:
return this->tester->add_drbg_vector(this->tester, vector);
case RANDOM_NUMBER_GENERATOR:
return this->tester->add_rng_vector(this->tester, vector);
case DIFFIE_HELLMAN_GROUP:
@ -1129,6 +1232,10 @@ METHOD(enumerator_t, verify_enumerate, bool,
*valid = this->tester->test_xof(this->tester, entry->algo,
entry->create_xof, NULL, entry->plugin_name);
break;
case DETERMINISTIC_RANDOM_BIT_GENERATOR:
*valid = this->tester->test_drbg(this->tester, entry->algo,
entry->create_drbg, NULL, entry->plugin_name);
break;
case RANDOM_NUMBER_GENERATOR:
*valid = this->tester->test_rng(this->tester, entry->algo,
entry->create_rng, NULL, entry->plugin_name);
@ -1180,6 +1287,9 @@ METHOD(crypto_factory_t, create_verify_enumerator, enumerator_t*,
case EXTENDED_OUTPUT_FUNCTION:
inner = this->xofs->create_enumerator(this->xofs);
break;
case DETERMINISTIC_RANDOM_BIT_GENERATOR:
inner = this->drbgs->create_enumerator(this->drbgs);
break;
case RANDOM_NUMBER_GENERATOR:
inner = this->rngs->create_enumerator(this->rngs);
break;
@ -1213,6 +1323,7 @@ METHOD(crypto_factory_t, destroy, void,
this->hashers->destroy(this->hashers);
this->prfs->destroy(this->prfs);
this->xofs->destroy(this->xofs);
this->drbgs->destroy(this->drbgs);
this->rngs->destroy(this->rngs);
this->nonce_gens->destroy(this->nonce_gens);
this->dhs->destroy(this->dhs);
@ -1236,6 +1347,7 @@ crypto_factory_t *crypto_factory_create()
.create_hasher = _create_hasher,
.create_prf = _create_prf,
.create_xof = _create_xof,
.create_drbg = _create_drbg,
.create_rng = _create_rng,
.create_nonce_gen = _create_nonce_gen,
.create_dh = _create_dh,
@ -1251,6 +1363,8 @@ crypto_factory_t *crypto_factory_create()
.remove_prf = _remove_prf,
.add_xof = _add_xof,
.remove_xof = _remove_xof,
.add_drbg = _add_drbg,
.remove_drbg = _remove_drbg,
.add_rng = _add_rng,
.remove_rng = _remove_rng,
.add_nonce_gen = _add_nonce_gen,
@ -1263,6 +1377,7 @@ crypto_factory_t *crypto_factory_create()
.create_hasher_enumerator = _create_hasher_enumerator,
.create_prf_enumerator = _create_prf_enumerator,
.create_xof_enumerator = _create_xof_enumerator,
.create_drbg_enumerator = _create_drbg_enumerator,
.create_dh_enumerator = _create_dh_enumerator,
.create_rng_enumerator = _create_rng_enumerator,
.create_nonce_gen_enumerator = _create_nonce_gen_enumerator,
@ -1276,6 +1391,7 @@ crypto_factory_t *crypto_factory_create()
.hashers = linked_list_create(),
.prfs = linked_list_create(),
.xofs = linked_list_create(),
.drbgs = linked_list_create(),
.rngs = linked_list_create(),
.nonce_gens = linked_list_create(),
.dhs = linked_list_create(),

49
src/libstrongswan/crypto/crypto_factory.h
View File

@ -1,6 +1,6 @@
/*
* Copyright (C) 2008 Martin Willi
* Copyright (C) 2016 Andreas Steffen
* Copyright (C) 2016-2019 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -33,6 +33,7 @@ typedef struct crypto_factory_t crypto_factory_t;
#include <crypto/prfs/prf.h>
#include <crypto/rngs/rng.h>
#include <crypto/xofs/xof.h>
#include <crypto/drbgs/drbg.h>
#include <crypto/nonce_gen.h>
#include <crypto/diffie_hellman.h>
#include <crypto/transform.h>
@ -65,10 +66,16 @@ typedef hasher_t* (*hasher_constructor_t)(hash_algorithm_t algo);
typedef prf_t* (*prf_constructor_t)(pseudo_random_function_t algo);
/**
* Constructor function for pseudo random functions
* Constructor function for extended output functions
*/
typedef xof_t* (*xof_constructor_t)(ext_out_function_t algo);
/**
* Constructor function for deterministic random bit generators
*/
typedef drbg_t* (*drbg_constructor_t)(drbg_type_t type, uint32_t strength,
rng_t *entropy, chunk_t personalization_str);
/**
* Constructor function for source of randomness
*/
@ -147,6 +154,19 @@ struct crypto_factory_t {
*/
xof_t* (*create_xof)(crypto_factory_t *this, ext_out_function_t algo);
/**
* Create a deterministic random bit generator instance.
*
* @param type DRBG type to use
* @param strength security strength in bits
* @param entropy entropy source to be used
* @param personalization_str optional personalization string
* @return drbg_t instance, NULL if not supported
*/
drbg_t* (*create_drbg)(crypto_factory_t *this, drbg_type_t type,
uint32_t strength, rng_t *entropy,
chunk_t personalization_str);
/**
* Create a source of randomness.
*
@ -285,6 +305,24 @@ struct crypto_factory_t {
*/
void (*remove_xof)(crypto_factory_t *this, xof_constructor_t create);
/**
* Register a drbg constructor.
*
* @param type type to constructor
* @param plugin_name plugin that registered this algorithm
* @param create constructor function for that algorithm
* @return TRUE if registered, FALSE if test vector failed
*/
bool (*add_drbg)(crypto_factory_t *this, drbg_type_t type,
const char *plugin_name, drbg_constructor_t create);
/**
* Unregister a drbg constructor.
*
* @param create constructor function to unregister
*/
void (*remove_drbg)(crypto_factory_t *this, drbg_constructor_t create);
/**
* Register a source of randomness.
*
@ -381,6 +419,13 @@ struct crypto_factory_t {
*/
enumerator_t* (*create_xof_enumerator)(crypto_factory_t *this);
/**
* Create an enumerator over all registered DRBGs.
*
* @return enumerator over drbg_type_t, plugin
*/
enumerator_t* (*create_drbg_enumerator)(crypto_factory_t *this);
/**
* Create an enumerator over all registered diffie hellman groups.
*

144
src/libstrongswan/crypto/crypto_tester.c
View File

@ -1,5 +1,6 @@
/*
* Copyright (C) 2009-2010 Martin Willi
* Copyright (C) 2016-2019 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
* Copyright (C) 2010 revosec AG
*
@ -24,6 +25,7 @@
#include <utils/debug.h>
#include <collections/linked_list.h>
#include <crypto/rngs/rng_tester.h>
typedef struct private_crypto_tester_t private_crypto_tester_t;
@ -67,6 +69,11 @@ struct private_crypto_tester_t {
*/
linked_list_t *xof;
/**
* List of DRBG test vectors
*/
linked_list_t *drbg;
/**
* List of RNG test vectors
*/
@ -1179,6 +1186,133 @@ failure:
return !failed;
}
/**
* Benchmark a DRBG
*/
static u_int bench_drbg(private_crypto_tester_t *this,
drbg_type_t type, drbg_constructor_t create)
{
drbg_t *drbg;
rng_t *entropy;
uint32_t strength = 128;
chunk_t seed = chunk_alloca(48);
memset(seed.ptr, 0x81, seed.len);
entropy = rng_tester_create(seed);
drbg = create(type, strength, entropy, chunk_empty);
if (drbg)
{
struct timespec start;
u_int runs = 0;
size_t out_len = 128;
char out_buf[out_len];
start_timing(&start);
while (end_timing(&start) < this->bench_time)
{
if (drbg->generate(drbg, out_len, out_buf))
{
runs++;
}
}
drbg->destroy(drbg);
return runs;
}
return 0;
}
METHOD(crypto_tester_t, test_drbg, bool,
private_crypto_tester_t *this, drbg_type_t type,
drbg_constructor_t create, u_int *speed, const char *plugin_name)
{
enumerator_t *enumerator;
drbg_test_vector_t *vector;
bool failed = FALSE;
u_int tested = 0;
enumerator = this->drbg->create_enumerator(this->drbg);
while (enumerator->enumerate(enumerator, &vector))
{
drbg_t *drbg;
rng_t *entropy;
chunk_t out = chunk_empty;
if (vector->type != type)
{
continue;
}
tested++;
failed = TRUE;
entropy = rng_tester_create(vector->entropy);
out = chunk_alloc(vector->out.len);
drbg = create(type, vector->strength, entropy,
vector->personalization_str);
if (!drbg)
{
DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed",
drbg_type_names, type, plugin_name);
entropy->destroy(entropy);
chunk_free(&out);
break;
}
if (!drbg->reseed(drbg))
{
goto failure;
}
if (!drbg->generate(drbg, out.len, out.ptr))
{
goto failure;
}
if (!drbg->generate(drbg, out.len, out.ptr))
{
goto failure;
}
if (!chunk_equals(out, vector->out))
{
goto failure;
}
failed = FALSE;
failure:
drbg->destroy(drbg);
entropy->destroy(entropy);
chunk_free(&out);
if (failed)
{
DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed",
drbg_type_names, type, plugin_name, get_name(vector));
break;
}
}
enumerator->destroy(enumerator);
if (!tested)
{
DBG1(DBG_LIB, "%s %N[%s]: no test vectors found",
this->required ? "disabled" : "enabled ",
drbg_type_names, type, plugin_name);
return !this->required;
}
if (!failed)
{
if (speed)
{
*speed = bench_drbg(this, type, create);
DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points",
drbg_type_names, type, plugin_name, tested, *speed);
}
else
{
DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors",
drbg_type_names, type, plugin_name, tested);
}
}
return !failed;
}
/**
* Benchmark a RNG
*/
@ -1489,6 +1623,12 @@ METHOD(crypto_tester_t, add_xof_vector, void,
this->xof->insert_last(this->xof, vector);
}
METHOD(crypto_tester_t, add_drbg_vector, void,
private_crypto_tester_t *this, drbg_test_vector_t *vector)
{
this->drbg->insert_last(this->drbg, vector);
}
METHOD(crypto_tester_t, add_rng_vector, void,
private_crypto_tester_t *this, rng_test_vector_t *vector)
{
@ -1510,6 +1650,7 @@ METHOD(crypto_tester_t, destroy, void,
this->hasher->destroy(this->hasher);
this->prf->destroy(this->prf);
this->xof->destroy(this->xof);
this->drbg->destroy(this->drbg);
this->rng->destroy(this->rng);
this->dh->destroy(this->dh);
free(this);
@ -1530,6 +1671,7 @@ crypto_tester_t *crypto_tester_create()
.test_hasher = _test_hasher,
.test_prf = _test_prf,
.test_xof = _test_xof,
.test_drbg = _test_drbg,
.test_rng = _test_rng,
.test_dh = _test_dh,
.add_crypter_vector = _add_crypter_vector,
@ -1538,6 +1680,7 @@ crypto_tester_t *crypto_tester_create()
.add_hasher_vector = _add_hasher_vector,
.add_prf_vector = _add_prf_vector,
.add_xof_vector = _add_xof_vector,
.add_drbg_vector = _add_drbg_vector,
.add_rng_vector = _add_rng_vector,
.add_dh_vector = _add_dh_vector,
.destroy = _destroy,
@ -1548,6 +1691,7 @@ crypto_tester_t *crypto_tester_create()
.hasher = linked_list_create(),
.prf = linked_list_create(),
.xof = linked_list_create(),
.drbg = linked_list_create(),
.rng = linked_list_create(),
.dh = linked_list_create(),

33
src/libstrongswan/crypto/crypto_tester.h
View File

@ -1,5 +1,6 @@
/*
* Copyright (C) 2009 Martin Willi
* Copyright (C) 2016-2019 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -31,6 +32,7 @@ typedef struct signer_test_vector_t signer_test_vector_t;
typedef struct hasher_test_vector_t hasher_test_vector_t;
typedef struct prf_test_vector_t prf_test_vector_t;
typedef struct xof_test_vector_t xof_test_vector_t;
typedef struct drbg_test_vector_t drbg_test_vector_t;
typedef struct rng_test_vector_t rng_test_vector_t;
typedef struct dh_test_vector_t dh_test_vector_t;
@ -128,6 +130,19 @@ struct xof_test_vector_t {
u_char *out;
};
struct drbg_test_vector_t {
/** drbg type this test vector tests */
drbg_type_t type;
/** security strength in bits */
uint32_t strength;
/** optional personalization string */
chunk_t personalization_str;
/** entropy_input | nonce | entropy_input_reseed */
chunk_t entropy;
/** returned output bits */
chunk_t out;
};
/**
* Test vector for a RNG.
*
@ -241,6 +256,17 @@ struct crypto_tester_t {
bool (*test_xof)(crypto_tester_t *this, ext_out_function_t alg,
xof_constructor_t create,
u_int *speed, const char *plugin_name);
/**
* Test a DRBG type.
*
* @param type DRBG type to test
* @param create constructor function for the DRBG
* @param speed speed test result, NULL to omit
* @return TRUE if test passed
*/
bool (*test_drbg)(crypto_tester_t *this, drbg_type_t type,
drbg_constructor_t create,
u_int *speed, const char *plugin_name);
/**
* Test a RNG implementation.
*
@ -306,6 +332,13 @@ struct crypto_tester_t {
*/
void (*add_xof_vector)(crypto_tester_t *this, xof_test_vector_t *vector);
/**
* Add a test vector to test a DRBG.
*
* @param vector pointer to test vector
*/
void (*add_drbg_vector)(crypto_tester_t *this, drbg_test_vector_t *vector);
/**
* Add a test vector to test a RNG.
*

28
src/libstrongswan/crypto/drbgs/drbg.c Normal file
View File

@ -0,0 +1,28 @@
/*
* Copyright (C) 2019 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the "GNU General Public License as published by the
* Free Software Foundatio"n; either version 2 of the License, or (at your
* option) any later version". See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
**/
#include "drbg.h"
ENUM(drbg_type_names, DRBG_UNDEFINED, DRBG_CTR_AES256,
"DRBG_UNDEFINED",
"DRBG_HMAC_SHA1",
"DRBG_HMAC_SHA256",
"DRBG_HMAC_SHA384",
"DRBG_HMAC_SHA512",
"DRBG_CTR_AES128",
"DRBG_CTR_AES192",
"DRBG_CTR_AES256",
);

99
src/libstrongswan/crypto/drbgs/drbg.h Normal file
View File

@ -0,0 +1,99 @@
/*
* Copyright (C) 2019 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
/**
* @defgroup drbg drbg
* @{ @ingroup crypto
*/
#ifndef DRBG_H_
#define DRBG_H_
typedef enum drbg_type_t drbg_type_t;
typedef struct drbg_t drbg_t;
#include <library.h>
/**
* Deterministic Random Bit Generator.(DRBG) Type
*/
enum drbg_type_t {
DRBG_UNDEFINED,
DRBG_HMAC_SHA1,
DRBG_HMAC_SHA256,
DRBG_HMAC_SHA384,
DRBG_HMAC_SHA512,
DRBG_CTR_AES128,
DRBG_CTR_AES192,
DRBG_CTR_AES256,
};
/**
* enum name for drbg_type_t.
*/
extern enum_name_t *drbg_type_names;
/**
* Interface for a Deterministic Random Bit Generator (DRBG)
* compliant with NIST SP 800-90A
*/
struct drbg_t {
/**
* Return the type of the DRBG
*
* @return DRBG type
*/
drbg_type_t (*get_type)(drbg_t *this);
/**
* Return the security strength of the DRBG
*
* @return configured security strength in bits
*/
uint32_t (*get_strength)(drbg_t *this);
/**
* Reseed the instantiated DRBG
*
* @return TRUE if successful
*/
bool (*reseed)(drbg_t *this);
/**
* Generate pseudorandom bytes.
* If the maximum number of requests has been reached, reseeding occurs
*
* @param len number of octets to generate
* @param out address of output buffer
* @return TRUE if successful
*/
bool (*generate)(drbg_t *this, uint32_t len, uint8_t *out);
/**
* Get a reference on an drbg_t object increasing the count by one
*
* @return reference to the drbg_t object
*/
drbg_t* (*get_ref)(drbg_t *this);
/**
* Uninstantiate and destroy the DRBG object
*/
void (*destroy)(drbg_t *this);
};
#endif /** DRBG_H_ @}*/

4
src/libstrongswan/tests/utils/test_rng.c → src/libstrongswan/crypto/rngs/rng_tester.c
View File

@ -13,7 +13,7 @@
* for more details.
*/
#include "test_rng.h"
#include "rng_tester.h"
typedef struct private_rng_t private_rng_t;
@ -69,7 +69,7 @@ METHOD(rng_t, destroy, void,
/*
* Described in header.
*/
rng_t *test_rng_create(chunk_t entropy)
rng_t *rng_tester_create(chunk_t entropy)
{
private_rng_t *this;

22
src/libstrongswan/tests/utils/test_rng.h → src/libstrongswan/crypto/rngs/rng_tester.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2013 Andreas Steffen
* Copyright (C) 2013-2019 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -14,23 +14,23 @@
*/
/**
* rng_t providing NIST SP 800-90A entropy test vectors
* rng_t providing deterministic output (DO NOT USE IN PRODUCTIVE SYSTEMS!!!)
*
* @defgroup test_rng test_rng
* @{ @ingroup test_utils
* @defgroup rng_tester rng_tester
* @{ @ingroup crypto
*/
#ifndef TEST_RNG_H_
#define TEST_RNG_H_
#ifndef RNG_TESTER_H_
#define RNG_TESTER_H_
#include <library.h>
/**
* Creates a test_rng_t instance.
* Creates a rng_tester_t instance.
*
* @param entropy entropy test vector
* @return created test_rng_t
* @param entropy deterministic output
* @return created rng_tester_t
*/
rng_t *test_rng_create(chunk_t entropy);
rng_t *rng_tester_create(chunk_t entropy);
#endif /** TEST_RNG_H_ @} */
#endif /** RNG_TESTER_H_ @} */

10
src/libstrongswan/crypto/transform.c
View File

@ -23,14 +23,15 @@ ENUM_BEGIN(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS
"INTEGRITY_ALGORITHM",
"DIFFIE_HELLMAN_GROUP",
"EXTENDED_SEQUENCE_NUMBERS");
ENUM_NEXT(transform_type_names, HASH_ALGORITHM, EXTENDED_OUTPUT_FUNCTION,
ENUM_NEXT(transform_type_names, HASH_ALGORITHM, DETERMINISTIC_RANDOM_BIT_GENERATOR,
EXTENDED_SEQUENCE_NUMBERS,
"HASH_ALGORITHM",
"RANDOM_NUMBER_GENERATOR",
"AEAD_ALGORITHM",
"COMPRESSION_ALGORITHM",
"EXTENDED OUTPUT FUNCTION");
ENUM_END(transform_type_names, EXTENDED_OUTPUT_FUNCTION);
"EXTENDED OUTPUT FUNCTION",
"DETERMINISTIC RANDOM BIT GENERATOR");
ENUM_END(transform_type_names, DETERMINISTIC_RANDOM_BIT_GENERATOR);
ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS,
@ -38,7 +39,6 @@ ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS,
"EXT_SEQ",
);
/**
* See header
*/
@ -63,6 +63,8 @@ enum_name_t* transform_get_enum_names(transform_type_t type)
return extended_sequence_numbers_names;
case EXTENDED_OUTPUT_FUNCTION:
return ext_out_function_names;
case DETERMINISTIC_RANDOM_BIT_GENERATOR:
return drbg_type_names;
case COMPRESSION_ALGORITHM:
break;
}

1
src/libstrongswan/crypto/transform.h
View File

@ -39,6 +39,7 @@ enum transform_type_t {
AEAD_ALGORITHM = 258,
COMPRESSION_ALGORITHM = 259,
EXTENDED_OUTPUT_FUNCTION = 260,
DETERMINISTIC_RANDOM_BIT_GENERATOR = 261,
};
/**

18
src/libstrongswan/plugins/drbg/Makefile.am Normal file
View File

@ -0,0 +1,18 @@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = \
$(PLUGIN_CFLAGS)
if MONOLITHIC
noinst_LTLIBRARIES = libstrongswan-drbg.la
else
plugin_LTLIBRARIES = libstrongswan-drbg.la
endif
libstrongswan_drbg_la_SOURCES = \
drbg_plugin.h drbg_plugin.c \
drbg_ctr.h drbg_ctr.c \
drbg_hmac.h drbg_hmac.c
libstrongswan_drbg_la_LDFLAGS = -module -avoid-version

356
src/libstrongswan/plugins/drbg/drbg_ctr.c Normal file
View File

@ -0,0 +1,356 @@
/*
* Copyright (C) 2016-2019 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include "drbg_ctr.h"
#define MAX_DRBG_REQUESTS 0xfffffffe
typedef struct private_drbg_ctr_t private_drbg_ctr_t;
/**
* Private data of an drbg_ctr_t object.
*/
struct private_drbg_ctr_t {
/**
* Public drbg_ctr_t interface.
*/
drbg_ctr_t public;
/**
* DRBG type.
*/
drbg_type_t type;
/**
* Security strength in bits.
*/
uint32_t strength;
/**
* Number of requests for pseudorandom bits
*/
uint32_t reseed_counter;
/**
* Maximum number of requests for pseudorandom bits
*/
uint32_t max_requests;
/**
* True entropy source
*/
rng_t *entropy;
/**
* Block cipher in counter mode used by the DRBG
*/
crypter_t *crypter;
/**
* Internal state of HMAC: key
*/
chunk_t key;
/**
* Internal state of HMAC: value
*/
chunk_t value;
/**
* reference count
*/
refcount_t ref;
};
METHOD(drbg_t, get_type, drbg_type_t,
private_drbg_ctr_t *this)
{
return this->type;
}
METHOD(drbg_t, get_strength, uint32_t,
private_drbg_ctr_t *this)
{
return this->strength;
}
static bool encrypt_ctr(private_drbg_ctr_t *this, chunk_t out)
{
chunk_t iv = chunk_alloca(this->value.len);
chunk_t bl = chunk_alloca(this->value.len);
chunk_t block;
size_t delta, pos = 0;
int bit;
/* Initialize IV to all zeroes for ECB mode */
memset(iv.ptr, 0x00, iv.len);
if (!this->crypter->set_key(this->crypter, this->key))
{
return FALSE;
}
while (pos < out.len)
{
/* Increment counter by one */
chunk_increment(this->value);
/* Copy current counter to input block */
delta = out.len - pos;
block = (delta < this->value.len) ?
bl : chunk_create(out.ptr + pos, this->value.len);
memcpy(block.ptr, this->value.ptr, this->value.len);
/* ECB encryption */
if (!this->crypter->encrypt(this->crypter, block, iv, NULL))
{
return FALSE;
}
/* Partial output block at the end? */
if (delta < this->value.len)
{
memcpy(out.ptr + pos, block.ptr, delta);
}
pos += this->value.len;
}
return TRUE;
}
/**
* Update the internal state of the CTR_DRBG
*/
static bool update(private_drbg_ctr_t *this, chunk_t data)
{
chunk_t temp;
if (data.len && data.len != (this->key.len + this->value.len))
{
return FALSE;
}
temp = chunk_alloca(this->key.len + this->value.len);
if (!encrypt_ctr(this, temp))
{
return FALSE;
}
/* Apply data */
memxor(temp.ptr, data.ptr, data.len);
/* Copy new key and value */
memcpy(this->key.ptr, temp.ptr, this->key.len);
memcpy(this->value.ptr, temp.ptr + this->key.len, this->value.len);
memwipe(temp.ptr, temp.len);
DBG4(DBG_LIB, "CTR_DRBG K: %B", &this->key);
DBG4(DBG_LIB, "CTR_DRBG V: %B", &this->value);
return TRUE;
}
METHOD(drbg_t, reseed, bool,
private_drbg_ctr_t *this)
{
chunk_t seed;
bool success;
seed = chunk_alloc(this->key.len + this->value.len);
DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", seed.len);
if (!this->entropy->get_bytes(this->entropy, seed.len, seed.ptr))
{
chunk_free(&seed);
return FALSE;
}
DBG4(DBG_LIB, "reseed: %B", &seed);
success = update(this, seed);
chunk_clear(&seed);
if (!success)
{
return FALSE;
}
this->reseed_counter = 1;
return TRUE;
}
METHOD(drbg_t, generate, bool,
private_drbg_ctr_t *this, uint32_t len, uint8_t *out)
{
chunk_t output;
if (this->reseed_counter > this->max_requests)
{
if (!reseed(this))
{
return FALSE;
}
}
DBG2(DBG_LIB, "DRBG generates %u pseudorandom bytes", len);
if (!out || len == 0)
{
return FALSE;
}
output = chunk_create(out, len);
if (!encrypt_ctr(this, output))
{
return FALSE;
}
DBG4(DBG_LIB, "CTR_DRBG Out: %B", &output);
if (!update(this, chunk_empty))
{
return FALSE;
}
this->reseed_counter++;
return TRUE;
}
METHOD(drbg_t, get_ref, drbg_t*,
private_drbg_ctr_t *this)
{
ref_get(&this->ref);
return &this->public.interface;
}
METHOD(drbg_t, destroy, void,
private_drbg_ctr_t *this)
{
if (ref_put(&this->ref))
{
this->crypter->destroy(this->crypter);
chunk_clear(&this->key);
chunk_clear(&this->value);
free(this);
}
}
/**
* See header
*/
drbg_ctr_t *drbg_ctr_create(drbg_type_t type, uint32_t strength,
rng_t *entropy, chunk_t personalization_str)
{
private_drbg_ctr_t *this;
encryption_algorithm_t crypter_type;
crypter_t *crypter;
chunk_t seed;
size_t key_len, out_len, seed_len;
uint32_t max_requests;
bool success;
switch (type)
{
case DRBG_CTR_AES128:
crypter_type = ENCR_AES_CBC;
key_len = 16;
break;
case DRBG_CTR_AES192:
crypter_type = ENCR_AES_CBC;
key_len = 24;
break;
case DRBG_CTR_AES256:
crypter_type = ENCR_AES_CBC;
key_len = 32;
break;
default:
DBG1(DBG_LIB, "%N not supported", drbg_type_names, type);
return NULL;
}
if (strength > key_len * BITS_PER_BYTE)
{
DBG1(DBG_LIB, "%d bit block encryption key not sufficient for security "
"strength of % bits", key_len * BITS_PER_BYTE, strength);
return NULL;
}
crypter = lib->crypto->create_crypter(lib->crypto, crypter_type, key_len);
if (!crypter)
{
DBG1(DBG_LIB, "creation of %N for DRBG failed",
encryption_algorithm_names, crypter_type);
return NULL;
}
out_len = crypter->get_block_size(crypter);
seed_len = key_len + out_len;
if (personalization_str.len > seed_len)
{
DBG1(DBG_LIB, "personalization string length of %d bytes is larger "
"than seed length of % bytes", personalization_str.len, seed_len);
crypter->destroy(crypter);
return NULL;
}
max_requests = lib->settings->get_int(lib->settings,
"%s.plugins.drbg.max_drbg_requests",
MAX_DRBG_REQUESTS, lib->ns);
INIT(this,
.public = {
.interface = {
.get_type = _get_type,
.get_strength = _get_strength,
.reseed = _reseed,
.generate = _generate,
.get_ref = _get_ref,
.destroy = _destroy,
},
},
.type = type,
.strength = strength,
.entropy = entropy,
.crypter = crypter,
.key = chunk_alloc(key_len),
.value = chunk_alloc(out_len),
.max_requests = max_requests,
.reseed_counter = 1,
.ref = 1,
);
memset(this->key.ptr, 0x00, key_len);
memset(this->value.ptr, 0x00, out_len);
seed = chunk_alloc(seed_len);
DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", seed_len);
if (!this->entropy->get_bytes(this->entropy, seed.len, seed.ptr))
{
chunk_free(&seed);
destroy(this);
return NULL;
}
memxor(seed.ptr, personalization_str.ptr, personalization_str.len);
DBG4(DBG_LIB, "seed: %B", &seed);
success = update(this, seed);
chunk_clear(&seed);
if (!success)
{
destroy(this);
return NULL;
}
return &this->public;
}

51
src/libstrongswan/plugins/drbg/drbg_ctr.h Normal file
View File

@ -0,0 +1,51 @@
/*
* Copyright (C) 2019 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
/**
* @defgroup drbg_ctr drbg_ctr
* @{ @ingroup drbg
*/
#ifndef DRBG_CTR_H_
#define DRBG_CTR_H_
#include <crypto/drbgs/drbg.h>
typedef struct drbg_ctr_t drbg_ctr_t;
/**
* NIST SP 800-90A CTR DRBC implementation
*/
struct drbg_ctr_t {
/**
* Public Deterministic Random Bit Generator (DRBG) Interface
*/
drbg_t interface;
};
/**
* Create a drbg_ctr instance.
*
* @param type DRBG CTR type
* @param strength security strength in bits
* @param entropy entropy source to be used
* @param personalization_str optional personalization string
* @return drbg_ctr_t object, NULL if not supported
*/
drbg_ctr_t *drbg_ctr_create(drbg_type_t type, uint32_t strength,
rng_t *entropy, chunk_t personalization_str);
#endif /** DRBG_CTR_H_ @}*/

319
src/libstrongswan/plugins/drbg/drbg_hmac.c Normal file
View File

@ -0,0 +1,319 @@
/*
* Copyright (C) 2016-2019 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include "drbg_hmac.h"
#define MAX_DRBG_REQUESTS 0xfffffffe
typedef struct private_drbg_hmac_t private_drbg_hmac_t;
/**
* Private data of an drbg_prf_t object.
*/
struct private_drbg_hmac_t {
/**
* Public drbg_prf_t interface.
*/
drbg_hmac_t public;
/**
* DRBG type.
*/
drbg_type_t type;
/**
* Security strength in bits.
*/
uint32_t strength;
/**
* Number of requests for pseudorandom bits
*/
size_t reseed_counter;
/**
* Maximum number of requests for pseudorandom bits
*/
size_t max_requests;
/**
* True entropy source
*/
rng_t *entropy;
/**
* HMAC PRF used by the DRBG
*/
prf_t *prf;
/**
* Internal state of HMAC: key
*/
chunk_t key;
/**
* Internal state of HMAC: value
*/
chunk_t value;
/**
* reference count
*/
refcount_t ref;
};
METHOD(drbg_t, get_type, drbg_type_t,
private_drbg_hmac_t *this)
{
return this->type;
}
METHOD(drbg_t, get_strength, uint32_t,
private_drbg_hmac_t *this)
{
return this->strength;
}
/**
* Update the internal state of the HMAC_DRBG
*/
static bool update(private_drbg_hmac_t *this, chunk_t data)
{
chunk_t ch_00 = chunk_from_chars(0x00);
chunk_t ch_01 = chunk_from_chars(0x01);
if (!this->prf->set_key(this->prf, this->key) ||
!this->prf->get_bytes(this->prf, this->value, NULL) ||
!this->prf->get_bytes(this->prf, ch_00, NULL) ||
!this->prf->get_bytes(this->prf, data, this->key.ptr) ||
!this->prf->set_key(this->prf, this->key) ||
!this->prf->get_bytes(this->prf, this->value, this->value.ptr))
{
return FALSE;
}
if (data.len > 0)
{
if (!this->prf->set_key(this->prf, this->key) ||
!this->prf->get_bytes(this->prf, this->value, NULL) ||
!this->prf->get_bytes(this->prf, ch_01, NULL) ||
!this->prf->get_bytes(this->prf, data, this->key.ptr) ||
!this->prf->set_key(this->prf, this->key) ||
!this->prf->get_bytes(this->prf, this->value, this->value.ptr))
{
return FALSE;
}
}
DBG4(DBG_LIB, "HMAC_DRBG K: %B", &this->key);
DBG4(DBG_LIB, "HMAC_DRBG V: %B", &this->value);
return TRUE;
}
METHOD(drbg_t, reseed, bool,
private_drbg_hmac_t *this)
{
chunk_t seed;
bool success;
seed = chunk_alloc(this->strength / BITS_PER_BYTE);
DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", seed.len);
if (!this->entropy->get_bytes(this->entropy, seed.len, seed.ptr))
{
chunk_free(&seed);
return FALSE;
}
DBG4(DBG_LIB, "reseed: %B", &seed);
success = update(this, seed);
chunk_clear(&seed);
if (!success)
{
return FALSE;
}
this->reseed_counter = 1;
return TRUE;
}
METHOD(drbg_t, generate, bool,
private_drbg_hmac_t *this, uint32_t len, uint8_t *out)
{
size_t delta;
chunk_t output;
DBG2(DBG_LIB, "DRBG generates %u pseudorandom bytes", len);
if (!out || len == 0)
{
return FALSE;
}
output = chunk_create(out, len);
if (this->reseed_counter > this->max_requests)
{
if (!reseed(this))
{
return FALSE;
}
}
while (len)
{
if (!this->prf->get_bytes(this->prf, this->value, this->value.ptr))
{
return FALSE;
}
delta = min(len, this->value.len);
memcpy(out, this->value.ptr, delta);
len -= delta;
out += delta;
}
DBG4(DBG_LIB, "HMAC_DRBG Out: %B", &output);
if (!update(this, chunk_empty))
{
return FALSE;
}
this->reseed_counter++;
return TRUE;
}
METHOD(drbg_t, get_ref, drbg_t*,
private_drbg_hmac_t *this)
{
ref_get(&this->ref);
return &this->public.interface;
}
METHOD(drbg_t, destroy, void,
private_drbg_hmac_t *this)
{
if (ref_put(&this->ref))
{
this->prf->destroy(this->prf);
chunk_clear(&this->key);
chunk_clear(&this->value);
free(this);
}
}
/**
* See header
*/
drbg_hmac_t *drbg_hmac_create(drbg_type_t type, uint32_t strength,
rng_t *entropy, chunk_t personalization_str)
{
private_drbg_hmac_t *this;
pseudo_random_function_t prf_type = PRF_UNDEFINED;
size_t out_len, entropy_len;
uint32_t max_requests;
chunk_t seed;
prf_t * prf;
bool success;
switch (type)
{
case DRBG_HMAC_SHA1:
prf_type = PRF_HMAC_SHA1;
break;
case DRBG_HMAC_SHA256:
prf_type = PRF_HMAC_SHA2_256;
break;
case DRBG_HMAC_SHA384:
prf_type = PRF_HMAC_SHA2_384;
break;
case DRBG_HMAC_SHA512:
prf_type = PRF_HMAC_SHA2_512;
break;
default:
DBG1(DBG_LIB, "%N not supported", drbg_type_names, type);
return NULL;
}
prf = lib->crypto->create_prf(lib->crypto, prf_type);
if (!prf)
{
DBG1(DBG_LIB, "creation of %N for DRBG failed",
pseudo_random_function_names, prf_type);
return NULL;
}
out_len = prf->get_key_size(prf);
if (strength > out_len * BITS_PER_BYTE)
{
DBG1(DBG_LIB, "%N not sufficient for security strength of % bits",
pseudo_random_function_names, prf_type, strength);
prf->destroy(prf);
return NULL;
}
max_requests = lib->settings->get_int(lib->settings,
"%s.plugins.drbg.max_drbg_requests",
MAX_DRBG_REQUESTS, lib->ns);
INIT(this,
.public = {
.interface = {
.get_type = _get_type,
.get_strength = _get_strength,
.reseed = _reseed,
.generate = _generate,
.get_ref = _get_ref,
.destroy = _destroy,
},
},
.type = type,
.strength = strength,
.entropy = entropy,
.prf = prf,
.key = chunk_alloc(out_len),
.value = chunk_alloc(out_len),
.max_requests = max_requests,
.reseed_counter = 1,
.ref = 1,
);
memset(this->key.ptr, 0x00, out_len);
memset(this->value.ptr, 0x01, out_len);
entropy_len = (strength + strength/2) / BITS_PER_BYTE;
seed = chunk_alloc(entropy_len + personalization_str.len);
DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", entropy_len);
if (!this->entropy->get_bytes(this->entropy, entropy_len, seed.ptr))
{
chunk_free(&seed);
destroy(this);
return NULL;
}
memcpy(seed.ptr + entropy_len,
personalization_str.ptr, personalization_str.len);
DBG4(DBG_LIB, "seed: %B", &seed);
success = update(this, seed);
chunk_clear(&seed);
if (!success)
{
destroy(this);
return NULL;
}
return &this->public;
}

51
src/libstrongswan/plugins/drbg/drbg_hmac.h Normal file
View File

@ -0,0 +1,51 @@
/*
* Copyright (C) 2019 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
/**
* @defgroup drbg_hmac drbg_hmac
* @{ @ingroup drbg
*/
#ifndef DRBG_HMAC_H_
#define DRBG_HMAC_H_
#include <crypto/drbgs/drbg.h>
typedef struct drbg_hmac_t drbg_hmac_t;
/**
* NIST SP 800-90A HMAC DRBC implementation
*/
struct drbg_hmac_t {
/**
* Public Deterministic Random Bit Generator (DRBG) Interface
*/
drbg_t interface;
};
/**
* Create a drbg_hmac instance.
*
* @param type DRBG HMAC type
* @param strength security strength in bits
* @param entropy entropy source to be used
* @param personalization_str optional personalization string
* @return drbg_hmac_t object, NULL if not supported
*/
drbg_hmac_t *drbg_hmac_create(drbg_type_t type, uint32_t strength,
rng_t *entropy, chunk_t personalization_str);
#endif /** DRBG_HMAC_H_ @}*/

92
src/libstrongswan/plugins/drbg/drbg_plugin.c Normal file
View File

@ -0,0 +1,92 @@
/*
* Copyright (C) 2019 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include "drbg_plugin.h"
#include "drbg_ctr.h"
#include "drbg_hmac.h"
#include <library.h>
typedef struct private_drbg_plugin_t private_drbg_plugin_t;
/**
* private data of drbg_plugin
*/
struct private_drbg_plugin_t {
/**
* public functions
*/
drbg_plugin_t public;
};
METHOD(plugin_t, get_name, char*,
private_drbg_plugin_t *this)
{
return "drbg";
}
METHOD(plugin_t, get_features, int,
private_drbg_plugin_t *this, plugin_feature_t *features[])
{
static plugin_feature_t f[] = {
/* NIST CTR DRBG */
PLUGIN_REGISTER(DRBG, drbg_ctr_create),
PLUGIN_PROVIDE(DRBG, DRBG_CTR_AES128),
PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16),
PLUGIN_PROVIDE(DRBG, DRBG_CTR_AES192),
PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 24),
PLUGIN_PROVIDE(DRBG, DRBG_CTR_AES256),
PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 32),
/* NIST HMAC DRBG */
PLUGIN_REGISTER(DRBG, drbg_hmac_create),
PLUGIN_PROVIDE(DRBG, DRBG_HMAC_SHA1),
PLUGIN_DEPENDS(PRF, PRF_HMAC_SHA1),
PLUGIN_PROVIDE(DRBG, DRBG_HMAC_SHA256),
PLUGIN_DEPENDS(PRF, PRF_HMAC_SHA2_256),
PLUGIN_PROVIDE(DRBG, DRBG_HMAC_SHA384),
PLUGIN_DEPENDS(PRF, PRF_HMAC_SHA2_384),
PLUGIN_PROVIDE(DRBG, DRBG_HMAC_SHA512),
PLUGIN_DEPENDS(PRF, PRF_HMAC_SHA2_512),
};
*features = f;
return countof(f);
}
METHOD(plugin_t, destroy, void,
private_drbg_plugin_t *this)
{
free(this);
}
/*
* see header file
*/
plugin_t *drbg_plugin_create()
{
private_drbg_plugin_t *this;
INIT(this,
.public = {
.plugin = {
.get_name = _get_name,
.get_features = _get_features,
.destroy = _destroy,
},
},
);
return &this->public.plugin;
}

42
src/libstrongswan/plugins/drbg/drbg_plugin.h Normal file
View File

@ -0,0 +1,42 @@
/*
* Copyright (C) 2019 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
/**
* @defgroup drbg_p drbg
* @ingroup plugins
*
* @defgroup drbg_plugin drbg_plugin
* @{ @ingroup drbg_p
*/
#ifndef DRBG_PLUGIN_H_
#define DRBG_PLUGIN_H_
#include <plugins/plugin.h>
typedef struct drbg_plugin_t drbg_plugin_t;
/**
* Plugin providing a NIST CTR and HMAC DRBG implementation
*/
struct drbg_plugin_t {
/**
* implements plugin interface
*/
plugin_t plugin;
};
#endif /** DRBG_PLUGIN_H_ @}*/

22
src/libstrongswan/plugins/plugin_feature.c
View File

@ -1,5 +1,6 @@
/*
* Copyright (C) 2012-2015 Tobias Brunner
* Copyright (C) 2016-2019 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* Copyright (C) 2011 Martin Willi
@ -31,6 +32,7 @@ ENUM(plugin_feature_names, FEATURE_NONE, FEATURE_CUSTOM,
"HASHER",
"PRF",
"XOF",
"DRBG",
"DH",
"RNG",
"NONCE_GEN",
@ -91,6 +93,9 @@ uint32_t plugin_feature_hash(plugin_feature_t *feature)
case FEATURE_XOF:
data = chunk_from_thing(feature->arg.xof);
break;
case FEATURE_DRBG:
data = chunk_from_thing(feature->arg.drbg);
break;
case FEATURE_DH:
data = chunk_from_thing(feature->arg.dh_group);
break;
@ -166,6 +171,8 @@ bool plugin_feature_matches(plugin_feature_t *a, plugin_feature_t *b)
return a->arg.prf == b->arg.prf;
case FEATURE_XOF:
return a->arg.xof == b->arg.xof;
case FEATURE_DRBG:
return a->arg.drbg == b->arg.drbg;
case FEATURE_DH:
return a->arg.dh_group == b->arg.dh_group;
case FEATURE_RNG:
@ -225,6 +232,7 @@ bool plugin_feature_equals(plugin_feature_t *a, plugin_feature_t *b)
case FEATURE_HASHER:
case FEATURE_PRF:
case FEATURE_XOF:
case FEATURE_DRBG:
case FEATURE_DH:
case FEATURE_NONCE_GEN:
case FEATURE_RESOLVER:
@ -319,6 +327,13 @@ char* plugin_feature_get_string(plugin_feature_t *feature)
return str;
}
break;
case FEATURE_DRBG:
if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type,
drbg_type_names, feature->arg.drbg) > 0)
{
return str;
}
break;
case FEATURE_DH:
if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type,
diffie_hellman_group_names, feature->arg.dh_group) > 0)
@ -483,6 +498,10 @@ bool plugin_feature_load(plugin_t *plugin, plugin_feature_t *feature,
lib->crypto->add_xof(lib->crypto, feature->arg.xof,
name, reg->arg.reg.f);
break;
case FEATURE_DRBG:
lib->crypto->add_drbg(lib->crypto, feature->arg.drbg,
name, reg->arg.reg.f);
break;
case FEATURE_DH:
lib->crypto->add_dh(lib->crypto, feature->arg.dh_group,
name, reg->arg.reg.f);
@ -573,6 +592,9 @@ bool plugin_feature_unload(plugin_t *plugin, plugin_feature_t *feature,
case FEATURE_XOF:
lib->crypto->remove_xof(lib->crypto, reg->arg.reg.f);
break;
case FEATURE_DRBG:
lib->crypto->remove_drbg(lib->crypto, reg->arg.reg.f);
break;
case FEATURE_DH:
lib->crypto->remove_dh(lib->crypto, reg->arg.reg.f);
break;

7
src/libstrongswan/plugins/plugin_feature.h
View File

@ -1,5 +1,6 @@
/*
* Copyright (C) 2012-2015 Tobias Brunner
* Copyright (C) 2016-2019 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* Copyright (C) 2011 Martin Willi
@ -112,6 +113,8 @@ struct plugin_feature_t {
FEATURE_PRF,
/** xof_t */
FEATURE_XOF,
/** drbg_t */
FEATURE_DRBG,
/** diffie_hellman_t */
FEATURE_DH,
/** rng_t */
@ -175,6 +178,8 @@ struct plugin_feature_t {
pseudo_random_function_t prf;
/** FEATURE_XOFF */
ext_out_function_t xof;
/** FEATURE_DRBG */
drbg_type_t drbg;
/** FEATURE_HASHER */
hash_algorithm_t hasher;
/** FEATURE_DH */
@ -283,6 +288,7 @@ struct plugin_feature_t {
#define _PLUGIN_FEATURE_HASHER(kind, alg) __PLUGIN_FEATURE(kind, HASHER, .hasher = alg)
#define _PLUGIN_FEATURE_PRF(kind, alg) __PLUGIN_FEATURE(kind, PRF, .prf = alg)
#define _PLUGIN_FEATURE_XOF(kind, alg) __PLUGIN_FEATURE(kind, XOF, .xof = alg)
#define _PLUGIN_FEATURE_DRBG(kind, type) __PLUGIN_FEATURE(kind, DRBG, .drbg = type)
#define _PLUGIN_FEATURE_DH(kind, group) __PLUGIN_FEATURE(kind, DH, .dh_group = group)
#define _PLUGIN_FEATURE_RNG(kind, quality) __PLUGIN_FEATURE(kind, RNG, .rng_quality = quality)
#define _PLUGIN_FEATURE_NONCE_GEN(kind, ...) __PLUGIN_FEATURE(kind, NONCE_GEN, .custom = NULL)
@ -316,6 +322,7 @@ struct plugin_feature_t {
#define _PLUGIN_FEATURE_REGISTER_HASHER(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
#define _PLUGIN_FEATURE_REGISTER_PRF(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
#define _PLUGIN_FEATURE_REGISTER_XOF(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
#define _PLUGIN_FEATURE_REGISTER_DRBG(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
#define _PLUGIN_FEATURE_REGISTER_DH(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
#define _PLUGIN_FEATURE_REGISTER_RNG(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
#define _PLUGIN_FEATURE_REGISTER_NONCE_GEN(type, f) __PLUGIN_FEATURE_REGISTER(type, f)

2
src/libstrongswan/plugins/test_vectors/Makefile.am
View File

@ -50,6 +50,8 @@ libstrongswan_test_vectors_la_SOURCES = \
test_vectors/ecpbp.c \
test_vectors/curve25519.c \
test_vectors/curve448.c \
test_vectors/drbg_ctr.c \
test_vectors/drbg_hmac.c \
test_vectors/rng.c
libstrongswan_test_vectors_la_LDFLAGS = -module -avoid-version

44
src/libstrongswan/plugins/test_vectors/test_vectors.h
View File

@ -1,5 +1,6 @@
/*
* Copyright (C) 2009 Martin Willi
* Copyright (C) 2009-2019 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -274,6 +275,49 @@ TEST_VECTOR_XOF(chacha20_xof_2)
TEST_VECTOR_XOF(chacha20_xof_3)
TEST_VECTOR_XOF(chacha20_xof_4)
TEST_VECTOR_DRBG(drbg_ctr_aes128_1)
TEST_VECTOR_DRBG(drbg_ctr_aes128_2)
TEST_VECTOR_DRBG(drbg_ctr_aes128_3)
TEST_VECTOR_DRBG(drbg_ctr_aes128_4)
TEST_VECTOR_DRBG(drbg_ctr_aes128_5)
TEST_VECTOR_DRBG(drbg_ctr_aes128_6)
TEST_VECTOR_DRBG(drbg_ctr_aes192_1)
TEST_VECTOR_DRBG(drbg_ctr_aes192_2)
TEST_VECTOR_DRBG(drbg_ctr_aes192_3)
TEST_VECTOR_DRBG(drbg_ctr_aes192_4)
TEST_VECTOR_DRBG(drbg_ctr_aes192_5)
TEST_VECTOR_DRBG(drbg_ctr_aes192_6)
TEST_VECTOR_DRBG(drbg_ctr_aes256_1)
TEST_VECTOR_DRBG(drbg_ctr_aes256_2)
TEST_VECTOR_DRBG(drbg_ctr_aes256_3)
TEST_VECTOR_DRBG(drbg_ctr_aes256_4)
TEST_VECTOR_DRBG(drbg_ctr_aes256_5)
TEST_VECTOR_DRBG(drbg_ctr_aes256_6)
TEST_VECTOR_DRBG(drbg_hmac_sha1_1)
TEST_VECTOR_DRBG(drbg_hmac_sha1_2)
TEST_VECTOR_DRBG(drbg_hmac_sha1_3)
TEST_VECTOR_DRBG(drbg_hmac_sha1_4)
TEST_VECTOR_DRBG(drbg_hmac_sha1_5)
TEST_VECTOR_DRBG(drbg_hmac_sha1_6)
TEST_VECTOR_DRBG(drbg_hmac_sha256_1)
TEST_VECTOR_DRBG(drbg_hmac_sha256_2)
TEST_VECTOR_DRBG(drbg_hmac_sha256_3)
TEST_VECTOR_DRBG(drbg_hmac_sha256_4)
TEST_VECTOR_DRBG(drbg_hmac_sha256_5)
TEST_VECTOR_DRBG(drbg_hmac_sha256_6)
TEST_VECTOR_DRBG(drbg_hmac_sha384_1)
TEST_VECTOR_DRBG(drbg_hmac_sha384_2)
TEST_VECTOR_DRBG(drbg_hmac_sha384_3)
TEST_VECTOR_DRBG(drbg_hmac_sha384_4)
TEST_VECTOR_DRBG(drbg_hmac_sha384_5)
TEST_VECTOR_DRBG(drbg_hmac_sha384_6)
TEST_VECTOR_DRBG(drbg_hmac_sha512_1)
TEST_VECTOR_DRBG(drbg_hmac_sha512_2)
TEST_VECTOR_DRBG(drbg_hmac_sha512_3)
TEST_VECTOR_DRBG(drbg_hmac_sha512_4)
TEST_VECTOR_DRBG(drbg_hmac_sha512_5)
TEST_VECTOR_DRBG(drbg_hmac_sha512_6)
TEST_VECTOR_RNG(rng_monobit_1)
TEST_VECTOR_RNG(rng_monobit_2)
TEST_VECTOR_RNG(rng_monobit_3)

470
src/libstrongswan/plugins/test_vectors/test_vectors/drbg_ctr.c Normal file
View File

@ -0,0 +1,470 @@
/*
* Copyright (C) 2019 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the Licenseor (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be usefulbut
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include <crypto/crypto_tester.h>
/**
* NIST SP 800-90A DRBG CTR Validation System (DRBGVS)
*/
/**
* AES-128 no df test case 1 - count 0
*/
drbg_test_vector_t drbg_ctr_aes128_1 = {
.type = DRBG_CTR_AES128, .strength = 128,
{ NULL, 0 },
chunk_from_chars(0xed, 0x1e, 0x7f, 0x21, 0xef, 0x66, 0xea, 0x5d, 0x8e, 0x2a,
0x85, 0xb9, 0x33, 0x72, 0x45, 0x44, 0x5b, 0x71, 0xd6, 0x39,
0x3a, 0x4e, 0xec, 0xb0, 0xe6, 0x3c, 0x19, 0x3d, 0x0f, 0x72,
0xf9, 0xa9, 0x30, 0x3f, 0xb5, 0x19, 0xf0, 0xa4, 0xe1, 0x7d,
0x6d, 0xf0, 0xb6, 0x42, 0x6a, 0xa0, 0xec, 0xb2, 0xa3, 0x60,
0x79, 0xbd, 0x48, 0xbe, 0x47, 0xad, 0x2a, 0x8d, 0xbf, 0xe4,
0x8d, 0xa3, 0xef, 0xad),
chunk_from_chars(0xf8, 0x01, 0x11, 0xd0, 0x8e, 0x87, 0x46, 0x72, 0xf3, 0x2f,
0x42, 0x99, 0x71, 0x33, 0xa5, 0x21, 0x0f, 0x7a, 0x93, 0x75,
0xe2, 0x2c, 0xea, 0x70, 0x58, 0x7f, 0x9c, 0xfa, 0xfe, 0xbe,
0x0f, 0x6a, 0x6a, 0xa2, 0xeb, 0x68, 0xe7, 0xdd, 0x91, 0x64,
0x53, 0x6d, 0x53, 0xfa, 0x02, 0x0f, 0xca, 0xb2, 0x0f, 0x54,
0xca, 0xdd, 0xfa, 0xb7, 0xd6, 0xd9, 0x1e, 0x5f, 0xfe, 0xc1,
0xdf, 0xd8, 0xde, 0xaa)
};
/**
* AES-128 no df test case 3 - count 0
*/
drbg_test_vector_t drbg_ctr_aes128_2 = {
.type = DRBG_CTR_AES128, .strength = 128,
chunk_from_chars(0xe8, 0xfa, 0x4c, 0x5d, 0xe8, 0x25, 0x79, 0x1e, 0x68, 0x18,
0x0f, 0x2b, 0xa1, 0x07, 0xe8, 0x29, 0xc4, 0x82, 0x99, 0xcb,
0x01, 0xbe, 0x93, 0x9c, 0xd0, 0xbe, 0x76, 0xda, 0x12, 0x0a,
0x91, 0xf2),
chunk_from_chars(0x34, 0xcb, 0xc2, 0xb2, 0x17, 0xf3, 0xd9, 0x07, 0xfa, 0x2a,
0xd6, 0xa0, 0xd7, 0xa8, 0x13, 0xb0, 0xfd, 0xa1, 0xe1, 0x7f,
0xbe, 0xed, 0x94, 0xb0, 0xe0, 0xa0, 0xab, 0xfb, 0xec, 0x94,
0x71, 0x46, 0x83, 0x26, 0xf8, 0xe9, 0xcf, 0xbd, 0x02, 0xeb,
0x07, 0x6b, 0xbb, 0x98, 0x19, 0xd9, 0x6a, 0x02, 0x38, 0x6f,
0x80, 0xbf, 0x91, 0x3c, 0x8e, 0x4a, 0x80, 0x36, 0x1d, 0x82,
0xca, 0xfa, 0xd5, 0x2e),
chunk_from_chars(0x52, 0xf5, 0xe7, 0x18, 0xbf, 0x48, 0xd9, 0x9e, 0x49, 0x87,
0x75, 0xc0, 0x03, 0x78, 0xe5, 0x45, 0x79, 0x9b, 0xb2, 0x05,
0x9a, 0xef, 0x0b, 0x74, 0xbe, 0x57, 0x3d, 0x82, 0x83, 0xf0,
0x2b, 0x52, 0x93, 0x91, 0x79, 0x13, 0xbc, 0x8f, 0x26, 0xfc,
0x23, 0x76, 0x0a, 0x1c, 0x86, 0xc3, 0xf5, 0xc8, 0x44, 0x85,
0x74, 0x19, 0x86, 0x8e, 0xaf, 0xeb, 0x17, 0xc9, 0x24, 0x82,
0x27, 0xd0, 0x26, 0xb8)
};
/**
* AES-128 no df test case 5 - count 0
*/
drbg_test_vector_t drbg_ctr_aes128_3 = {
.type = DRBG_CTR_AES128, .strength = 128,
{ NULL, 0 },
chunk_from_chars(0xb2, 0xb3, 0x29, 0x83, 0x06, 0x47, 0x1b, 0xfc, 0xae, 0x61,
0x43, 0x8a, 0x3a, 0x79, 0xe2, 0x35, 0x5e, 0xfa, 0x0b, 0x6e,
0xde, 0x4c, 0xbc, 0xd3, 0xe6, 0x6d, 0xe5, 0x14, 0x0b, 0x3a,
0xe6, 0x80, 0x26, 0xf0, 0xd1, 0xe4, 0x4b, 0xe5, 0x75, 0xee,
0x6f, 0x3e, 0xda, 0x89, 0xc1, 0xe7, 0xe4, 0xfb, 0xd1, 0x42,
0x8f, 0x88, 0x52, 0x60, 0x48, 0x71, 0xc7, 0xa4, 0xf4, 0xc7,
0x07, 0xa3, 0x93, 0x28),
chunk_from_chars(0xb7, 0x1b, 0x6d, 0x73, 0x22, 0x45, 0x3a, 0x61, 0x2c, 0x34,
0xa9, 0x1c, 0x1e, 0x5c, 0x3f, 0x8c, 0x30, 0x48, 0x6a, 0x69,
0x2b, 0x1a, 0xd1, 0x3a, 0x4c, 0x08, 0xca, 0xcc, 0xd1, 0x23,
0xa6, 0x39, 0xfd, 0x2e, 0x0a, 0x7c, 0x38, 0x9c, 0xfa, 0x1a,
0x97, 0xcb, 0x78, 0xb4, 0x38, 0xdf, 0xf5, 0x7b, 0x0b, 0x5e,
0xc4, 0xd5, 0x69, 0xa8, 0xb2, 0x81, 0x0a, 0x15, 0xf8, 0x5c,
0x8c, 0x92, 0x26, 0xbf)
};
/**
* AES-128 no df test case 7 - count 0
*/
drbg_test_vector_t drbg_ctr_aes128_4 = {
.type = DRBG_CTR_AES128, .strength = 128,
chunk_from_chars(0x35, 0x14, 0x20, 0xc0, 0x26, 0x3c, 0xe1, 0x1e, 0xe8, 0xb6,
0x83, 0xf6, 0x10, 0x61, 0x30, 0xc6, 0x7f, 0xf1, 0xc6, 0x55,
0xc4, 0xe6, 0x78, 0x82, 0x52, 0x93, 0xf0, 0x04, 0xd2, 0x7c,
0x54, 0x24),
chunk_from_chars(0x5c, 0xd1, 0xdf, 0x6d, 0xb5, 0x8e, 0xa5, 0x07, 0x83, 0x8d,
0x74, 0x26, 0xb3, 0xfb, 0x48, 0x40, 0x2c, 0xd1, 0x4a, 0xb7,
0x5a, 0xbb, 0xde, 0xf3, 0x3c, 0xe3, 0x0f, 0xb9, 0x7c, 0x53,
0x09, 0x98, 0x99, 0xe6, 0x85, 0x0f, 0xa2, 0x91, 0x31, 0xbf,
0xc7, 0x48, 0xb2, 0xe7, 0x4e, 0x0f, 0xd6, 0x2a, 0xcc, 0x4b,
0xe4, 0xe9, 0xb5, 0xf0, 0x64, 0x47, 0xdc, 0x26, 0xf7, 0x72,
0xc0, 0x24, 0x15, 0x61),
chunk_from_chars(0xf6, 0x04, 0x0a, 0xf8, 0xae, 0x7a, 0xb0, 0x4c, 0xde, 0x02,
0xbe, 0x25, 0xaf, 0x95, 0xde, 0xda, 0xda, 0x3b, 0x10, 0x32,
0x1c, 0x41, 0x8c, 0x7a, 0xf4, 0xed, 0x5b, 0xc8, 0x2e, 0x28,
0xeb, 0xf7, 0x78, 0xae, 0x42, 0x48, 0xc5, 0x65, 0x29, 0x2e,
0x4c, 0xb8, 0xec, 0xcd, 0x40, 0xf1, 0x8a, 0x38, 0x28, 0x48,
0xb4, 0x0d, 0x74, 0x41, 0xa2, 0x91, 0xcc, 0x9e, 0xe8, 0x46,
0x5c, 0xbe, 0x5f, 0xd6)
};
/**
* AES-128 no df test case 9 - count 0
*/
drbg_test_vector_t drbg_ctr_aes128_5 = {
.type = DRBG_CTR_AES128, .strength = 128,
{ NULL, 0 },
chunk_from_chars(0x85, 0x82, 0x04, 0xf2, 0x7e, 0x93, 0xe8, 0x72, 0xa1, 0xce,
0x62, 0x08, 0xef, 0x6d, 0xe3, 0x98, 0x68, 0xdd, 0xad, 0x55,
0xea, 0xc8, 0x99, 0xca, 0x05, 0x81, 0xb9, 0xbb, 0x69, 0x7d,
0x44, 0x17, 0x1e, 0x82, 0x20, 0x08, 0xae, 0xcf, 0x6e, 0x67,
0xcc, 0x47, 0xf2, 0xb9, 0x8b, 0x04, 0x68, 0x7b, 0x12, 0x1e,
0xa4, 0x03, 0x6b, 0x6c, 0xab, 0xb0, 0xc3, 0x6e, 0xfb, 0xe1,
0x51, 0x46, 0x38, 0x0b),
chunk_from_chars(0x49, 0xce, 0x84, 0x96, 0x3d, 0xf8, 0x64, 0xaa, 0xe3, 0x6b,
0xec, 0x3f, 0x3e, 0xd2, 0x23, 0xf9, 0x5d, 0xf4, 0x95, 0x6c,
0x7c, 0x01, 0xb6, 0x20, 0xd5, 0xf2, 0x10, 0xe6, 0x38, 0x65,
0x9d, 0x5e, 0x18, 0x86, 0x70, 0x0c, 0x04, 0xe7, 0x9e, 0x57,
0x9c, 0xa7, 0xc9, 0xb0, 0x54, 0x54, 0xb5, 0x25, 0xc2, 0xea,
0x73, 0x48, 0x03, 0x2b, 0x3a, 0xb8, 0xd9, 0x1b, 0x4c, 0x47,
0x00, 0x22, 0x04, 0xaf)
};
/**
* AES-128 no df test case 11 - count 0
*/
drbg_test_vector_t drbg_ctr_aes128_6 = {
.type = DRBG_CTR_AES128, .strength = 128,
chunk_from_chars(0xa6, 0xcf, 0xbd, 0xd0, 0x5e, 0xee, 0x36, 0xa3, 0xd1, 0x01,
0xc3, 0xd0, 0x30, 0x1c, 0xb6, 0xff, 0x21, 0x68, 0x7d, 0x9f,
0x89, 0xcf, 0xc8, 0x60, 0xd0, 0x5d, 0xfa, 0x1a, 0x95, 0x7f,
0x56, 0xbd),
chunk_from_chars(0x87, 0x64, 0xbf, 0x9c, 0x12, 0xff, 0x37, 0xe2, 0x3a, 0xfe,
0x28, 0xa4, 0x5c, 0x43, 0x04, 0xc0, 0x5d, 0x54, 0x65, 0x4b,
0xa1, 0x4c, 0xf5, 0x8d, 0x7a, 0xe3, 0x71, 0x34, 0x7e, 0x1e,
0x70, 0x35, 0x19, 0x09, 0x33, 0xf0, 0x7a, 0x1d, 0x44, 0x8d,
0xab, 0x65, 0x07, 0x16, 0xa1, 0xb3, 0x07, 0x14, 0xca, 0xda,
0x5c, 0xd0, 0xfb, 0xc4, 0x3b, 0x9d, 0x2d, 0xde, 0x79, 0x1c,
0x4a, 0xd8, 0x52, 0x2d),
chunk_from_chars(0x5c, 0xbd, 0x9b, 0x5c, 0xf1, 0x88, 0x33, 0x30, 0xb3, 0x0b,
0x1d, 0xa9, 0x17, 0xe6, 0x2d, 0x66, 0x82, 0x11, 0x5f, 0x0e,
0x97, 0x52, 0x39, 0x6c, 0x32, 0xc5, 0x97, 0xb9, 0x0a, 0x95,
0x72, 0xa7, 0xe9, 0xc6, 0x13, 0x89, 0xf5, 0xec, 0x97, 0x9a,
0x72, 0xf7, 0x1f, 0xe0, 0x3d, 0x0c, 0xd2, 0xf3, 0x4b, 0x3d,
0x91, 0x70, 0xcc, 0x96, 0x1a, 0x79, 0x42, 0xc6, 0x52, 0xec,
0x42, 0x65, 0x1b, 0xd3)
};
/**
* AES-192 no df test case 1 - count 0
*/
drbg_test_vector_t drbg_ctr_aes192_1 = {
.type = DRBG_CTR_AES192, .strength = 192,
{ NULL, 0 },
chunk_from_chars(0xd6, 0xe1, 0x8f, 0x45, 0x65, 0xfd, 0xf2, 0x82, 0x6d, 0x0d,
0x56, 0x41, 0x96, 0x47, 0xc0, 0x20, 0x41, 0x3b, 0x96, 0x32,
0x99, 0xd8, 0xde, 0x2c, 0x65, 0x10, 0x27, 0x7f, 0x8c, 0xe9,
0x88, 0xa7, 0xf0, 0xb3, 0xbc, 0x1d, 0xf8, 0x5b, 0x15, 0x3f,
0xa8, 0x23, 0xd6, 0x31, 0x1f, 0x9f, 0x66, 0xdf, 0x32, 0x9e,
0x3d, 0x70, 0x65, 0xe2, 0x4f, 0xe2, 0x50, 0x7e, 0x6b, 0x9d,
0xbc, 0xc2, 0x28, 0x38, 0x48, 0x3f, 0xa7, 0x29, 0xca, 0x51,
0x16, 0xd0, 0x3a, 0x91, 0x02, 0x81, 0x39, 0xd7, 0x13, 0x0a),
chunk_from_chars(0x4b, 0xf8, 0x06, 0x69, 0x0a, 0xf1, 0x3d, 0xbc, 0xfd, 0x44,
0x8c, 0x79, 0xa3, 0x53, 0x2e, 0x00, 0x0b, 0xca, 0xbc, 0xef,
0x36, 0xf2, 0x64, 0x3f, 0x3e, 0x1c, 0x9d, 0xe6, 0x07, 0x10,
0x42, 0x82, 0xf8, 0x1c, 0xd6, 0xcd, 0xcf, 0x8d, 0xa8, 0x42,
0x9c, 0x94, 0x10, 0x82, 0x45, 0x11, 0x4d, 0x3d, 0xa1, 0x7b,
0x9f, 0x48, 0xbb, 0x07, 0x09, 0x4c, 0x07, 0x3a, 0x94, 0xf5,
0xd2, 0xef, 0x9e, 0x30)
};
/**
* AES-192 no df test case 3 - count 0
*/
drbg_test_vector_t drbg_ctr_aes192_2 = {
.type = DRBG_CTR_AES192, .strength = 192,
chunk_from_chars(0x2e, 0xca, 0x97, 0x47, 0x8d, 0x60, 0x6b, 0x0b, 0xca, 0x56,
0xf0, 0x55, 0xa1, 0xe8, 0x39, 0x4b, 0x44, 0xf5, 0xe3, 0x02,
0x8d, 0xa5, 0x9a, 0x39, 0x00, 0xd5, 0xd7, 0xbd, 0x34, 0x1b,
0x06, 0x21, 0xb5, 0xf6, 0xd2, 0x30, 0x9e, 0x36, 0xb4, 0xae),
chunk_from_chars(0xe0, 0xe0, 0x3d, 0x4a, 0x9e, 0x4d, 0xe3, 0x62, 0xe6, 0xbb,
0x9b, 0xa6, 0x35, 0xb8, 0x47, 0x91, 0x2a, 0x3f, 0x9e, 0x1d,
0x83, 0xb4, 0x36, 0x3f, 0xc2, 0x58, 0xcd, 0xea, 0x29, 0x28,
0xa8, 0x78, 0x23, 0x18, 0x6f, 0x1c, 0x47, 0xc4, 0x17, 0x5f,
0x66, 0xaa, 0x3d, 0xb4, 0xbe, 0xa8, 0xf2, 0xe1, 0xb2, 0x46,
0x97, 0x51, 0x57, 0x8f, 0x24, 0xf1, 0xb4, 0xd0, 0xdf, 0x97,
0x1c, 0xf2, 0x28, 0x17, 0x12, 0x14, 0x98, 0x12, 0xc2, 0x0e,
0x80, 0x4b, 0x90, 0xf3, 0xaa, 0xc1, 0x2d, 0x7c, 0x98, 0x32),
chunk_from_chars(0x0e, 0x02, 0xf3, 0x44, 0xb1, 0x15, 0x9c, 0xcd, 0x77, 0x95,
0x97, 0x4e, 0x7b, 0xb9, 0xdf, 0x9e, 0x8c, 0xc3, 0x81, 0xa1,
0x30, 0xb9, 0x8b, 0x43, 0x46, 0x22, 0x85, 0xfe, 0x3e, 0xd8,
0x58, 0x78, 0x11, 0xab, 0xde, 0xf4, 0x71, 0xbb, 0xcf, 0xe8,
0x30, 0xe5, 0x16, 0xb7, 0x8f, 0x78, 0x1a, 0x05, 0xb5, 0x2e,
0x44, 0xd5, 0x41, 0x22, 0x77, 0x50, 0x84, 0x17, 0x0f, 0xf6,
0xd8, 0x06, 0x27, 0xe9)
};
/**
* AES-192 no df test case 5 - count 0
*/
drbg_test_vector_t drbg_ctr_aes192_3 = {
.type = DRBG_CTR_AES192, .strength = 192,
{ NULL, 0 },
chunk_from_chars(0x21, 0xa5, 0x3c, 0x17, 0x66, 0x1a, 0xed, 0x92, 0x95, 0x0f,
0xf4, 0xfd, 0xf4, 0xab, 0x8f, 0xa5, 0xdc, 0x44, 0xe9, 0x9f,
0x88, 0xaa, 0x95, 0x3e, 0x19, 0xb4, 0xbe, 0x78, 0xba, 0x75,
0xf2, 0x67, 0xf6, 0x70, 0x34, 0xa1, 0x56, 0x6e, 0x83, 0x3e,
0x1e, 0xcb, 0x61, 0xa5, 0xdd, 0x70, 0xb1, 0x67, 0xd6, 0x55,
0x77, 0x41, 0x5c, 0x2f, 0xb8, 0x12, 0xea, 0x20, 0xb3, 0x25,
0xd2, 0xb5, 0x31, 0x58, 0x69, 0x7c, 0xf9, 0x7c, 0x81, 0xd7,
0x9e, 0x84, 0x99, 0xf7, 0x45, 0x40, 0x13, 0x7f, 0xd1, 0xe1),
chunk_from_chars(0x11, 0xa0, 0x7b, 0x22, 0x31, 0x91, 0x6f, 0x99, 0xc3, 0xf7,
0xa0, 0x7d, 0x14, 0x51, 0xab, 0x94, 0x0d, 0x2d, 0x66, 0x3c,
0x97, 0x29, 0xc1, 0x85, 0x71, 0x70, 0xa3, 0x16, 0x55, 0x07,
0x8a, 0x82, 0x74, 0xec, 0x4a, 0x90, 0x31, 0xbc, 0xfd, 0x2a,
0xbb, 0x1a, 0xe5, 0x81, 0x3f, 0x49, 0x70, 0xa7, 0x16, 0xe3,
0xd1, 0x42, 0x87, 0xe4, 0xf2, 0x1e, 0x01, 0x32, 0x3f, 0xdf,
0xff, 0xb7, 0x61, 0x87)
};
/**
* AES-192 no df test case 7 - count 0
*/
drbg_test_vector_t drbg_ctr_aes192_4 = {
.type = DRBG_CTR_AES192, .strength = 192,
chunk_from_chars(0x08, 0x94, 0x30, 0xcf, 0x99, 0x6e, 0x06, 0xa0, 0xdc, 0x31,
0x32, 0xc8, 0xaa, 0x6e, 0x3e, 0xdc, 0x76, 0x51, 0xff, 0x4f,
0x01, 0xe7, 0x11, 0x3c, 0xa3, 0xce, 0x2a, 0x21, 0x5e, 0x10,
0xec, 0x88, 0xad, 0x72, 0x36, 0xb8, 0x30, 0x7c, 0x85, 0x69),
chunk_from_chars(0x9d, 0xda, 0x17, 0x5d, 0x9f, 0x26, 0xe5, 0x6b, 0x94, 0x49,
0xbb, 0x0c, 0x9d, 0x02, 0x2c, 0x47, 0x13, 0x8a, 0xe7, 0x8b,
0xa3, 0x8c, 0x35, 0xd1, 0x5f, 0x2d, 0x2c, 0x55, 0x5d, 0x69,
0xd4, 0xd6, 0x94, 0x5a, 0x57, 0xae, 0x39, 0x69, 0x62, 0x52,
0xd7, 0x5a, 0xae, 0x1b, 0x7b, 0xb4, 0x9b, 0x81, 0xff, 0x43,
0xa8, 0xe8, 0x9f, 0x7b, 0x0c, 0xcb, 0xf6, 0xf6, 0xaf, 0x46,
0x47, 0xa5, 0x57, 0xf7, 0x6e, 0xd7, 0x3f, 0x09, 0x25, 0x4d,
0x67, 0xff, 0xd7, 0xe3, 0x56, 0x29, 0x86, 0x86, 0x23, 0x00),
chunk_from_chars(0xbc, 0x80, 0x62, 0x76, 0x71, 0xbc, 0xa2, 0x67, 0xba, 0xe1,
0xa0, 0xde, 0x9e, 0xb9, 0xe4, 0x81, 0xd8, 0x3b, 0x5c, 0xad,
0xe6, 0xe3, 0xc5, 0x08, 0x24, 0x34, 0xb0, 0xb7, 0x00, 0xf3,
0x15, 0x43, 0x9c, 0x2c, 0xa2, 0xe9, 0xde, 0xf4, 0x3b, 0x1b,
0xf2, 0x05, 0x84, 0x57, 0x7c, 0xef, 0x5b, 0x61, 0xc0, 0x68,
0x1e, 0x4b, 0xd4, 0x40, 0xe8, 0x8d, 0xa3, 0x79, 0xa0, 0x21,
0x4c, 0xf5, 0xf5, 0xcf)
};
/**
* AES-192 no df test case 9 - count 0
*/
drbg_test_vector_t drbg_ctr_aes192_5 = {
.type = DRBG_CTR_AES192, .strength = 192,
{ NULL, 0 },
chunk_from_chars(0x3b, 0xb9, 0xb2, 0x66, 0x2a, 0x25, 0x5d, 0xf8, 0xf8, 0x80,
0x88, 0x47, 0x18, 0x84, 0x06, 0x96, 0x0e, 0xc0, 0x03, 0x35,
0x1c, 0xab, 0x3a, 0xd2, 0x02, 0x78, 0x71, 0xf1, 0x30, 0x29,
0x56, 0xaa, 0x31, 0xab, 0xc8, 0xd3, 0x9c, 0x36, 0x29, 0xd9,
0x7b, 0xc8, 0x63, 0xda, 0x2b, 0x9f, 0xde, 0x00, 0x8b, 0x61,
0x00, 0x79, 0xf8, 0xbd, 0x80, 0x41, 0x80, 0xa7, 0xe8, 0x65,
0x3c, 0xa6, 0xe9, 0x1a, 0x5a, 0x90, 0x61, 0x9c, 0x23, 0xe0,
0x2c, 0xe4, 0xd6, 0x07, 0xb0, 0x0c, 0x79, 0x24, 0x36, 0xfe),
chunk_from_chars(0x50, 0x6c, 0x74, 0x51, 0xe5, 0xee, 0x0f, 0xdc, 0xa4, 0x86,
0x32, 0x94, 0x2f, 0x2b, 0xa4, 0x73, 0x04, 0xeb, 0x02, 0x10,
0xf1, 0xfa, 0xc6, 0x6c, 0x62, 0x03, 0x65, 0xf7, 0x53, 0xef,
0x70, 0x98, 0x9c, 0x40, 0xfe, 0x9f, 0xd5, 0x4d, 0x54, 0xa9,
0xe4, 0xaa, 0x0b, 0x3f, 0x1a, 0xb7, 0x00, 0xaa, 0x6e, 0x9d,
0x45, 0xbc, 0x7c, 0xe3, 0x2b, 0x88, 0xbb, 0xed, 0x53, 0x7e,
0xcb, 0xc4, 0xf3, 0x77)
};
/**
* AES-192 no df test case 11 - count 0
*/
drbg_test_vector_t drbg_ctr_aes192_6 = {
.type = DRBG_CTR_AES192, .strength = 192,
chunk_from_chars(0x7a, 0xa6, 0x0c, 0x5a, 0x25, 0x36, 0x0d, 0x8a, 0x0a, 0x9d,
0x41, 0xe3, 0x4c, 0x76, 0xc4, 0xf1, 0x80, 0x71, 0xb5, 0x6a,
0xc6, 0x73, 0xd4, 0xba, 0xac, 0xbe, 0xe7, 0x75, 0x49, 0xdd,
0x36, 0x1d, 0xb6, 0x49, 0x6f, 0x90, 0x34, 0x51, 0x38, 0x88),
chunk_from_chars(0xe7, 0xb5, 0xcc, 0x99, 0xdd, 0xe3, 0x12, 0x31, 0x8e, 0xcb,
0x2a, 0x3b, 0xc4, 0xee, 0x8c, 0x14, 0x76, 0x34, 0x5a, 0xd3,
0xe8, 0x1b, 0x5d, 0x6d, 0xc0, 0xb7, 0x47, 0xb5, 0x90, 0xc0,
0xd2, 0x1b, 0xe7, 0x31, 0x39, 0x8f, 0x82, 0x3a, 0xad, 0x02,
0x31, 0x0e, 0x8e, 0x8d, 0xbc, 0x6a, 0xe5, 0x86, 0x62, 0x5d,
0x75, 0x0f, 0x5a, 0x1c, 0xee, 0x76, 0x4a, 0x7e, 0x47, 0xa2,
0xeb, 0x35, 0x5c, 0x5c, 0x94, 0xdd, 0xe9, 0x50, 0x06, 0x5f,
0xb7, 0x55, 0x46, 0xff, 0x34, 0x7f, 0x7f, 0x17, 0x24, 0xeb),
chunk_from_chars(0x21, 0x46, 0x0b, 0xda, 0x25, 0xdc, 0xad, 0x96, 0xd2, 0x91,
0x44, 0xc9, 0x12, 0xc6, 0x54, 0xe3, 0x07, 0xa0, 0xb5, 0x59,
0xd7, 0x26, 0xc0, 0x51, 0x3e, 0x2f, 0x07, 0xa4, 0xe6, 0xca,
0x0c, 0x44, 0x4e, 0xcb, 0x4f, 0xf6, 0xa9, 0x77, 0x88, 0x0c,
0xba, 0x4b, 0xb9, 0x93, 0xb2, 0xd2, 0x87, 0x3d, 0xab, 0xd3,
0x59, 0xa8, 0xc4, 0x93, 0xdc, 0x28, 0x38, 0xab, 0xb1, 0x0f,
0x63, 0xd3, 0xa8, 0xe7)
};
/**
* AES-256 no df test case 1 - count 0
*/
drbg_test_vector_t drbg_ctr_aes256_1 = {
.type = DRBG_CTR_AES256, .strength = 256,
{ NULL, 0 },
chunk_from_chars(0xe4, 0xbc, 0x23, 0xc5, 0x08, 0x9a, 0x19, 0xd8, 0x6f, 0x41,
0x19, 0xcb, 0x3f, 0xa0, 0x8c, 0x0a, 0x49, 0x91, 0xe0, 0xa1,
0xde, 0xf1, 0x7e, 0x10, 0x1e, 0x4c, 0x14, 0xd9, 0xc3, 0x23,
0x46, 0x0a, 0x7c, 0x2f, 0xb5, 0x8e, 0x0b, 0x08, 0x6c, 0x6c,
0x57, 0xb5, 0x5f, 0x56, 0xca, 0xe2, 0x5b, 0xad, 0xfd, 0x85,
0xa8, 0x36, 0xbb, 0xa8, 0x50, 0x19, 0x88, 0x1e, 0x8c, 0x6b,
0xad, 0x23, 0xc9, 0x06, 0x1a, 0xdc, 0x75, 0x47, 0x76, 0x59,
0xac, 0xae, 0xa8, 0xe4, 0xa0, 0x1d, 0xfe, 0x07, 0xa1, 0x83,
0x2d, 0xad, 0x1c, 0x13, 0x6f, 0x59, 0xd7, 0x0f, 0x86, 0x53,
0xa5, 0xdc, 0x11, 0x86, 0x63, 0xd6),
chunk_from_chars(0xb2, 0xcb, 0x89, 0x05, 0xc0, 0x5e, 0x59, 0x50, 0xca, 0x31,
0x89, 0x50, 0x96, 0xbe, 0x29, 0xea, 0x3d, 0x5a, 0x3b, 0x82,
0xb2, 0x69, 0x49, 0x55, 0x54, 0xeb, 0x80, 0xfe, 0x07, 0xde,
0x43, 0xe1, 0x93, 0xb9, 0xe7, 0xc3, 0xec, 0xe7, 0x3b, 0x80,
0xe0, 0x62, 0xb1, 0xc1, 0xf6, 0x82, 0x02, 0xfb, 0xb1, 0xc5,
0x2a, 0x04, 0x0e, 0xa2, 0x47, 0x88, 0x64, 0x29, 0x52, 0x82,
0x23, 0x4a, 0xaa, 0xda)
};
/**
* AES-256 no df test case 3 - count 0
*/
drbg_test_vector_t drbg_ctr_aes256_2 = {
.type = DRBG_CTR_AES256, .strength = 256,
chunk_from_chars(0x1d, 0x2b, 0xe6, 0xf2, 0x5e, 0x88, 0xfa, 0x30, 0xc4, 0xef,
0x42, 0xe4, 0xd5, 0x4e, 0xfd, 0x95, 0x7d, 0xec, 0x23, 0x1f,
0xa0, 0x01, 0x43, 0xca, 0x47, 0x58, 0x0b, 0xe6, 0x66, 0xa8,
0xc1, 0x43, 0xa9, 0x16, 0xc9, 0x0b, 0x38, 0x19, 0xa0, 0xa7,
0xea, 0x91, 0x4e, 0x3c, 0x9a, 0x2e, 0x7a, 0x3f),
chunk_from_chars(0xff, 0xad, 0x10, 0x10, 0x00, 0x25, 0xa8, 0x79, 0x67, 0x2f,
0xf5, 0x03, 0x74, 0xb2, 0x86, 0x71, 0x2f, 0x45, 0x7d, 0xd0,
0x14, 0x41, 0xd7, 0x6a, 0xc1, 0xa1, 0xcd, 0x15, 0xc7, 0x39,
0x0d, 0xd9, 0x31, 0x79, 0xa2, 0xf5, 0x92, 0x0d, 0x19, 0x8b,
0xf3, 0x4a, 0x1b, 0x76, 0xfb, 0xc2, 0x12, 0x89, 0x6c, 0x1a,
0x08, 0x9c, 0xae, 0x31, 0x33, 0x63, 0xbc, 0x76, 0xa7, 0x80,
0x13, 0x9e, 0xb4, 0xf2, 0xf2, 0x04, 0x8b, 0x1f, 0x6b, 0x07,
0x89, 0x6c, 0x5c, 0x41, 0x2b, 0xff, 0x03, 0x85, 0x44, 0x0f,
0xc4, 0x3b, 0x73, 0xfa, 0xcb, 0xb7, 0x9e, 0x3a, 0x25, 0x2f,
0xa0, 0x1f, 0xe1, 0x7a, 0xb3, 0x91),
chunk_from_chars(0xe0, 0x53, 0xc7, 0xd4, 0xbd, 0x90, 0x99, 0xef, 0x6a, 0x99,
0xf1, 0x90, 0xa5, 0xfd, 0x80, 0x21, 0x94, 0x37, 0xd6, 0x42,
0x00, 0x66, 0x72, 0x33, 0x8d, 0xa6, 0xe0, 0xfe, 0x73, 0xca,
0x4d, 0x24, 0xff, 0xa5, 0x11, 0x51, 0xbf, 0xbd, 0xac, 0x78,
0xd8, 0xa2, 0xf6, 0x25, 0x50, 0x46, 0xed, 0xf5, 0x7a, 0x04,
0x62, 0x6e, 0x99, 0x77, 0x13, 0x9c, 0x69, 0x33, 0x27, 0x42,
0x99, 0xf3, 0xbd, 0xff)
};
/**
* AES-256 no df test case 5 - count 0
*/
drbg_test_vector_t drbg_ctr_aes256_3 = {
.type = DRBG_CTR_AES256, .strength = 256,
{ NULL, 0 },
chunk_from_chars(0xfc, 0xa0, 0xb6, 0xe5, 0x57, 0xf5, 0x14, 0x30, 0xdd, 0x78,
0x7a, 0xb4, 0xd3, 0x3f, 0x18, 0xd9, 0xae, 0xc2, 0x19, 0x62,
0x9d, 0x1b, 0x83, 0x9a, 0x35, 0xca, 0xaf, 0xc8, 0x25, 0xab,
0x55, 0xbe, 0x6a, 0x88, 0x03, 0x21, 0xbe, 0x58, 0xc1, 0x6e,
0xac, 0xb9, 0x45, 0xb7, 0xbb, 0x7c, 0xad, 0xb7, 0x7b, 0x68,
0x49, 0x23, 0xae, 0x50, 0x86, 0x6f, 0x71, 0x0d, 0x3b, 0x5b,
0x2e, 0xdf, 0x24, 0x45, 0x59, 0x3f, 0xe6, 0x6d, 0x15, 0xf2,
0xdc, 0x73, 0x5e, 0x2b, 0x0c, 0x27, 0x8f, 0x1c, 0xc9, 0x73,
0x50, 0x75, 0xdd, 0x26, 0x8b, 0x91, 0x40, 0x8e, 0xf7, 0x3d,
0x55, 0x04, 0x23, 0x54, 0x5a, 0xdc),
chunk_from_chars(0x29, 0x37, 0x56, 0x71, 0x40, 0x7b, 0x1a, 0x45, 0xb9, 0xfd,
0x8b, 0x4f, 0x50, 0x7d, 0xda, 0x23, 0x48, 0x22, 0xd5, 0x57,
0xe4, 0x8b, 0x9a, 0x52, 0x99, 0x7b, 0x13, 0x75, 0x7e, 0x0c,
0x2f, 0x79, 0x6c, 0x87, 0x41, 0xf9, 0x4b, 0xc2, 0xbd, 0x0d,
0x8c, 0x98, 0xe5, 0xe2, 0x5e, 0x4c, 0xee, 0x65, 0xe4, 0xdd,
0x63, 0x4c, 0x98, 0xbc, 0x3b, 0x66, 0xfb, 0x62, 0x79, 0xf9,
0x46, 0x8a, 0xc8, 0x41)
};
/**
* AES-256 no df test case 7 - count 0
*/
drbg_test_vector_t drbg_ctr_aes256_4 = {
.type = DRBG_CTR_AES256, .strength = 256,
chunk_from_chars(0x71, 0x00, 0xbe, 0xe1, 0xf8, 0xca, 0x38, 0xf4, 0xf0, 0x7b,
0x99, 0x10, 0xb1, 0x2b, 0xae, 0xce, 0x71, 0x52, 0x22, 0x66,
0x3a, 0x1d, 0x5c, 0x16, 0x99, 0xb5, 0xd4, 0x02, 0x2c, 0x0e,
0x0b, 0x1a, 0x49, 0xc9, 0x4b, 0x89, 0x8e, 0x53, 0x18, 0xf6,
0x86, 0x1b, 0x43, 0xa8, 0xf1, 0xa4, 0xa8, 0x82),
chunk_from_chars(0x91, 0xe1, 0x5b, 0x57, 0x88, 0x61, 0x56, 0xd0, 0xea, 0xe2,
0xed, 0xa3, 0x68, 0x7c, 0xc4, 0xb6, 0x17, 0x72, 0x56, 0x47,
0xfc, 0x34, 0x23, 0xfb, 0x54, 0x8f, 0x18, 0x03, 0x38, 0x06,
0x4a, 0xb6, 0x68, 0x98, 0x00, 0x50, 0x09, 0xc2, 0xc9, 0xc5,
0xf7, 0xc4, 0x20, 0xd9, 0x9e, 0x4f, 0x35, 0x1a, 0x25, 0xda,
0x97, 0x00, 0xe7, 0x98, 0x8a, 0x46, 0xb2, 0xfb, 0x44, 0x35,
0x8f, 0xc3, 0xb1, 0x40, 0xaf, 0x96, 0xb9, 0xf8, 0x5c, 0xfc,
0x74, 0x79, 0x78, 0xe8, 0x5a, 0xfc, 0xca, 0x0b, 0xcc, 0x02,
0xe8, 0x07, 0xaf, 0x83, 0x0b, 0x3c, 0x0e, 0x69, 0x60, 0xa6,
0x0b, 0xbc, 0x2d, 0xed, 0x89, 0x1b),
chunk_from_chars(0xea, 0xa8, 0x0c, 0x6f, 0x59, 0x0f, 0x28, 0xcc, 0x7b, 0x5e,
0xdb, 0xd3, 0xd8, 0x64, 0x3a, 0x68, 0xf7, 0xe6, 0xde, 0x87,
0x3b, 0x0b, 0x9d, 0x83, 0x9b, 0x0a, 0xb9, 0x6c, 0xa2, 0x48,
0xbb, 0x4b, 0x92, 0x34, 0xb1, 0xc0, 0x65, 0x85, 0x7d, 0x93,
0x6c, 0xe6, 0xdd, 0x0f, 0xc9, 0x2d, 0x6b, 0x3c, 0xf9, 0x8f,
0x3a, 0x29, 0xc1, 0x6b, 0xb5, 0x49, 0xf6, 0xde, 0xa4, 0x22,
0x12, 0x26, 0xe5, 0x50)
};
/**
* AES-256 no df test case 9 - count 0
*/
drbg_test_vector_t drbg_ctr_aes256_5 = {
.type = DRBG_CTR_AES256, .strength = 256,
{ NULL, 0 },
chunk_from_chars(0x3f, 0xa9, 0x04, 0x74, 0x70, 0x34, 0xcc, 0x30, 0x93, 0xde,
0xaa, 0xc4, 0x97, 0xe3, 0xc1, 0x43, 0xfa, 0x44, 0x00, 0xac,
0xcf, 0xc5, 0x58, 0x85, 0x71, 0x7f, 0xa9, 0x43, 0xf4, 0x3c,
0xba, 0xd1, 0xa8, 0x91, 0x68, 0xaa, 0x76, 0x96, 0x1e, 0x15,
0x0e, 0x26, 0x49, 0xec, 0x1e, 0xd6, 0x73, 0x61, 0xc6, 0x0c,
0x5b, 0x41, 0x5b, 0xad, 0x71, 0x54, 0x93, 0x48, 0x6b, 0x7a,
0x12, 0x3b, 0xa6, 0xc0, 0x46, 0x08, 0x9e, 0x95, 0x49, 0xea,
0x8b, 0xb2, 0x2a, 0x7a, 0xd4, 0x10, 0x8b, 0xec, 0x98, 0x11,
0x7f, 0x75, 0x1a, 0x2e, 0x4c, 0xc2, 0x0b, 0x02, 0x51, 0x0d,
0x2a, 0x3d, 0x02, 0x60, 0x5b, 0x4d),
chunk_from_chars(0xab, 0x2d, 0x70, 0x9d, 0xe8, 0x81, 0x16, 0x4b, 0x6c, 0x21,
0x49, 0xb2, 0x1e, 0xae, 0x15, 0x17, 0xf8, 0x75, 0x61, 0x64,
0x9e, 0x0d, 0xd9, 0xca, 0x5c, 0xe5, 0x51, 0xc5, 0xbd, 0x12,
0xfd, 0xf7, 0x09, 0x1e, 0x08, 0x1d, 0x30, 0x71, 0x23, 0xae,
0xc5, 0xae, 0x7c, 0x30, 0xaf, 0xd2, 0xa6, 0x4c, 0x8d, 0x13,
0x6e, 0xa0, 0x7f, 0x7e, 0xc5, 0xed, 0xb4, 0x40, 0x0b, 0x9a,
0x64, 0x45, 0x66, 0x42)
};
/**
* AES-256 no df test case 11 - count 0
*/
drbg_test_vector_t drbg_ctr_aes256_6 = {
.type = DRBG_CTR_AES256, .strength = 256,
chunk_from_chars(0xda, 0x7c, 0x74, 0x2b, 0x40, 0x8d, 0xeb, 0x1b, 0x02, 0x6e,
0xc5, 0xdf, 0xeb, 0x00, 0xdd, 0x07, 0x5f, 0x48, 0x06, 0x9c,
0x18, 0x5e, 0x5d, 0x35, 0x5b, 0x09, 0xef, 0xf8, 0x8f, 0xcc,
0xf2, 0x89, 0xef, 0x04, 0x52, 0x26, 0xc2, 0xe2, 0x99, 0x1e,
0x20, 0xb0, 0x97, 0x64, 0x33, 0x99, 0x4c, 0x0d),
chunk_from_chars(0xa3, 0x68, 0x73, 0x75, 0x12, 0x9c, 0x98, 0x86, 0xea, 0x48,
0xa2, 0xf4, 0x9b, 0xe3, 0x28, 0xdd, 0x2b, 0xcf, 0x46, 0x68,
0x9a, 0x59, 0xde, 0x69, 0xa9, 0x29, 0xdc, 0xb0, 0x1e, 0x6b,
0x79, 0xac, 0x96, 0xf9, 0x8d, 0xde, 0xd9, 0xe1, 0x38, 0x11,
0xc2, 0x5c, 0x55, 0x59, 0x7b, 0xbd, 0x3f, 0x8b, 0x40, 0xca,
0x11, 0x4f, 0x31, 0xa5, 0x45, 0xb9, 0x29, 0xc4, 0x22, 0x5d,
0x0d, 0x21, 0x99, 0x74, 0x3a, 0x5d, 0xf3, 0x6a, 0x83, 0x61,
0x89, 0x2d, 0x5c, 0xdf, 0x35, 0x21, 0x8e, 0xed, 0x63, 0x54,
0xa6, 0x5c, 0xaf, 0x04, 0xd8, 0x61, 0xf6, 0x14, 0x75, 0x62,
0x5b, 0x21, 0x5a, 0xc6, 0x38, 0x3c),
chunk_from_chars(0x47, 0xa4, 0x52, 0x1d, 0xd4, 0x5c, 0x7b, 0x72, 0xe3, 0x9b,
0x7b, 0xb6, 0xbe, 0x14, 0xbf, 0xb4, 0x02, 0x9f, 0x33, 0xea,
0x87, 0xbf, 0x11, 0xf1, 0x84, 0x1e, 0x01, 0xd3, 0x37, 0x2d,
0x7a, 0x0c, 0x6d, 0x12, 0x89, 0xe0, 0xec, 0x60, 0x59, 0x9c,
0x28, 0xc4, 0x0f, 0x38, 0x2f, 0x7d, 0xce, 0x33, 0xcf, 0x81,
0x57, 0x55, 0x20, 0xbf, 0xf5, 0x58, 0x00, 0x87, 0xf3, 0x01,
0x08, 0x80, 0xbd, 0xbc)
};

812
src/libstrongswan/plugins/test_vectors/test_vectors/drbg_hmac.c Normal file
View File

@ -0,0 +1,812 @@
/*
* Copyright (C) 2019 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the Licenseor (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be usefulbut
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include <crypto/crypto_tester.h>
/**
* NIST SP 800-90A DRBG HMAC Validation System (DRBGVS)
*/
/**
* SHA-1 test case 1 - count 0
*/
drbg_test_vector_t drbg_hmac_sha1_1 = {
.type = DRBG_HMAC_SHA1, .strength = 128,
{ NULL, 0 },
chunk_from_chars(0x79, 0x34, 0x9b, 0xbf, 0x7c, 0xdd, 0xa5, 0x79, 0x95, 0x57,
0x86, 0x66, 0x21, 0xc9, 0x13, 0x83, 0x11, 0x46, 0x73, 0x3a,
0xbf, 0x8c, 0x35, 0xc8, 0xc7, 0x21, 0x5b, 0x5b, 0x96, 0xc4,
0x8e, 0x9b, 0x33, 0x8c, 0x74, 0xe3, 0xe9, 0x9d, 0xfe, 0xdf),
chunk_from_chars(0xc6, 0xa1, 0x6a, 0xb8, 0xd4, 0x20, 0x70, 0x6f, 0x0f, 0x34,
0xab, 0x7f, 0xec, 0x5a, 0xdc, 0xa9, 0xd8, 0xca, 0x3a, 0x13,
0x3e, 0x15, 0x9c, 0xa6, 0xac, 0x43, 0xc6, 0xf8, 0xa2, 0xbe,
0x22, 0x83, 0x4a, 0x4c, 0x0a, 0x0a, 0xff, 0xb1, 0x0d, 0x71,
0x94, 0xf1, 0xc1, 0xa5, 0xcf, 0x73, 0x22, 0xec, 0x1a, 0xe0,
0x96, 0x4e, 0xd4, 0xbf, 0x12, 0x27, 0x46, 0xe0, 0x87, 0xfd,
0xb5, 0xb3, 0xe9, 0x1b, 0x34, 0x93, 0xd5, 0xbb, 0x98, 0xfa,
0xed, 0x49, 0xe8, 0x5f, 0x13, 0x0f, 0xc8, 0xa4, 0x59, 0xb7)
};
/**
* SHA-1 test case 3 - count 0
*/
drbg_test_vector_t drbg_hmac_sha1_2 = {
.type = DRBG_HMAC_SHA1, .strength = 128,
chunk_from_chars(0xb2, 0x4e, 0x39, 0x2c, 0xb1, 0xf3, 0xc1, 0x8a, 0xf2, 0xcb,
0x50, 0xfe, 0xac, 0x73, 0x3e, 0x32),
chunk_from_chars(0x11, 0xc0, 0xa7, 0xe1, 0x47, 0x2c, 0xec, 0x70, 0xfa, 0x8c,
0x1c, 0xa1, 0x57, 0x59, 0xac, 0x5b, 0xb1, 0xc7, 0x3c, 0x22,
0xdb, 0x39, 0xcd, 0x7b, 0xc6, 0xab, 0x59, 0xff, 0x70, 0x8a,
0x5c, 0x1f, 0x59, 0x8e, 0x75, 0xdf, 0x06, 0x0e, 0x19, 0x81),
chunk_from_chars(0x07, 0x0e, 0x60, 0x3c, 0xd4, 0x8d, 0x56, 0x43, 0x0a, 0x5a,
0xb4, 0x61, 0xa7, 0x51, 0xec, 0x2a, 0x4a, 0x6a, 0xa6, 0xfb,
0x6e, 0xe5, 0x2e, 0xfe, 0x9a, 0x41, 0xe4, 0x61, 0x1e, 0xaf,
0xdf, 0xc9, 0x57, 0x18, 0x4b, 0x47, 0xbb, 0xb0, 0x17, 0xe4,
0x84, 0xac, 0x34, 0xc7, 0xde, 0x56, 0xcd, 0x78, 0x13, 0xfe,
0xb3, 0x01, 0xb5, 0xbe, 0xfc, 0xe5, 0x73, 0xad, 0x0a, 0x25,
0x4e, 0x6c, 0xfe, 0x35, 0xb7, 0x7c, 0x30, 0xbe, 0x6b, 0x7c,
0xb5, 0xe7, 0xef, 0xa7, 0x28, 0x13, 0xc7, 0x54, 0x6b, 0xa5)
};
/**
* SHA-1 test case 5 - count 0
*/
drbg_test_vector_t drbg_hmac_sha1_3 = {
.type = DRBG_HMAC_SHA1, .strength = 128,
{ NULL, 0 },
chunk_from_chars(0xe5, 0xa8, 0x13, 0x57, 0xb9, 0x12, 0x15, 0xdd, 0xa0, 0xa0,
0x98, 0x6a, 0x3f, 0xf5, 0x12, 0x3f, 0x9c, 0x18, 0x38, 0xd7,
0x36, 0x0e, 0x67, 0x4b, 0x59, 0x2d, 0xd2, 0x32, 0xac, 0x83,
0xdb, 0x36, 0xab, 0xba, 0xcf, 0xb8, 0xc6, 0x40, 0xdc, 0x60),
chunk_from_chars(0xa4, 0xd1, 0x84, 0x3c, 0x7a, 0xf2, 0x08, 0xf7, 0x70, 0xf8,
0xb5, 0xac, 0xf6, 0x45, 0x28, 0x86, 0x6d, 0x51, 0xe7, 0x31,
0xed, 0x5e, 0xbc, 0x75, 0x6e, 0x81, 0xef, 0xe8, 0xfb, 0x8f,
0x9c, 0x9a, 0xf8, 0x9d, 0x52, 0xe8, 0xe8, 0xd1, 0xc0, 0x14,
0x1e, 0xbe, 0xbc, 0x18, 0xb1, 0xca, 0x78, 0xc7, 0x8a, 0x2f,
0x21, 0xcb, 0x90, 0x9d, 0x5b, 0xac, 0x3b, 0x6a, 0xe6, 0x0c,
0x4a, 0x2f, 0xf4, 0x17, 0x6b, 0x14, 0x90, 0x5e, 0x4a, 0xfa,
0x3b, 0xa9, 0xe4, 0x58, 0x21, 0x6d, 0x57, 0x20, 0xce, 0x83)
};
/**
* SHA-1 test case 7 - count 0
*/
drbg_test_vector_t drbg_hmac_sha1_4 = {
.type = DRBG_HMAC_SHA1, .strength = 128,
chunk_from_chars(0x12, 0x91, 0x26, 0xc1, 0x6d, 0x99, 0xa6, 0x84, 0xf3, 0xcb,
0x47, 0xe7, 0xff, 0xb2, 0x07, 0xac),
chunk_from_chars(0x12, 0xbf, 0xb2, 0xbf, 0xf5, 0x78, 0x11, 0x28, 0x96, 0x7e,
0x9c, 0xe4, 0xd4, 0x29, 0x45, 0x3c, 0x5a, 0xab, 0x2b, 0xe4,
0xe9, 0x2e, 0xc8, 0x55, 0xfa, 0x8b, 0x0d, 0xa2, 0xcd, 0x50,
0x31, 0x43, 0x3d, 0x64, 0x31, 0x0b, 0xa4, 0x4d, 0x47, 0xe4),
chunk_from_chars(0x76, 0x6c, 0x4a, 0x16, 0x70, 0xde, 0xe6, 0x3e, 0xe3, 0xaa,
0xfb, 0x60, 0x39, 0xe8, 0x6e, 0xc5, 0xca, 0x28, 0x90, 0x53,
0x19, 0x74, 0xe7, 0x0f, 0xed, 0xb3, 0xc0, 0x21, 0x8b, 0x08,
0xfa, 0xca, 0x07, 0xdd, 0xfa, 0xaf, 0xf0, 0xa7, 0x7f, 0x0a,
0xe4, 0x77, 0x62, 0xb0, 0xe1, 0xb3, 0x1c, 0x5f, 0xb0, 0x36,
0xdc, 0xa4, 0x13, 0xfb, 0x96, 0xf6, 0xe0, 0xec, 0x6a, 0xb7,
0xdb, 0xcb, 0xb5, 0x58, 0xaa, 0x5d, 0x94, 0xf4, 0x29, 0xc3,
0x8e, 0x0f, 0xd7, 0xb3, 0x9f, 0x12, 0x72, 0x1c, 0x99, 0x35)
};
/**
* SHA-1 test case 9 - count 0
*/
drbg_test_vector_t drbg_hmac_sha1_5 = {
.type = DRBG_HMAC_SHA1, .strength = 128,
{ NULL, 0 },
chunk_from_chars(0x23, 0xbe, 0xc0, 0x2f, 0x58, 0xa3, 0xa8, 0xd9, 0xd9, 0xfb,
0x36, 0x8d, 0xd2, 0x62, 0x8c, 0x56, 0xee, 0xda, 0xa5, 0x0c,
0xea, 0x71, 0x25, 0x46, 0x4d, 0x46, 0x6a, 0x36, 0x08, 0xa4,
0xac, 0xdb, 0xd6, 0xa5, 0xa7, 0xa7, 0x53, 0xa1, 0x5f, 0x9b),
chunk_from_chars(0x98, 0x7f, 0x5c, 0xa0, 0xb5, 0x9d, 0x6f, 0xd1, 0xde, 0x8d,
0x7e, 0xbb, 0x07, 0xc0, 0xd9, 0x88, 0xe2, 0x46, 0xc3, 0x0f,
0xea, 0x5d, 0xbf, 0x5c, 0xdd, 0x5b, 0xbe, 0xf7, 0xca, 0x45,
0x30, 0x18, 0xe2, 0xba, 0xcb, 0xf7, 0x97, 0x7f, 0x49, 0x4c,
0xa9, 0xbf, 0x5c, 0x12, 0x80, 0x55, 0xe4, 0x1a, 0xb8, 0xf7,
0xda, 0x93, 0xd8, 0xbb, 0xfa, 0xf9, 0x04, 0x4b, 0x09, 0x4a,
0x6e, 0xdd, 0x0d, 0x72, 0x96, 0x3f, 0x83, 0xa3, 0xd1, 0xf4,
0x17, 0xfc, 0x8f, 0x5b, 0x72, 0x39, 0x11, 0xec, 0xa0, 0x62)
};
/**
* SHA-1 test case 11 - count 0
*/
drbg_test_vector_t drbg_hmac_sha1_6 = {
.type = DRBG_HMAC_SHA1, .strength = 128,
chunk_from_chars(0x99, 0x9d, 0x6d, 0xa3, 0xb5, 0xdd, 0x45, 0x2c, 0x4b, 0xd9,
0x72, 0x01, 0x7b, 0x3f, 0xa1, 0x35),
chunk_from_chars(0x91, 0x11, 0xd8, 0xc3, 0x3f, 0x0f, 0x58, 0x53, 0x47, 0xd5,
0x13, 0x54, 0xab, 0xa7, 0xaa, 0x15, 0xbd, 0x05, 0xff, 0x4f,
0xcb, 0x05, 0x8d, 0xe3, 0x84, 0x47, 0xd0, 0x6c, 0x5f, 0xdb,
0x5c, 0xf2, 0xad, 0xd7, 0x7b, 0xc5, 0x69, 0xe8, 0x94, 0x4b),
chunk_from_chars(0x69, 0x7d, 0x46, 0x8a, 0xcc, 0xc5, 0x26, 0x55, 0x81, 0x98,
0xa0, 0xd0, 0xaf, 0x81, 0x85, 0x0b, 0xb9, 0x91, 0x0b, 0x70,
0x51, 0x8c, 0x86, 0xa7, 0xf9, 0x9b, 0x7b, 0x82, 0x65, 0x79,
0x66, 0xa0, 0x5c, 0x73, 0x89, 0x0c, 0x3a, 0xf4, 0x81, 0x52,
0x04, 0x5e, 0x66, 0x9a, 0xfd, 0xca, 0x08, 0x07, 0x39, 0x72,
0x1f, 0xc2, 0xbd, 0xd4, 0x9f, 0x90, 0xa1, 0xe5, 0x65, 0xa6,
0x90, 0x69, 0x23, 0x6e, 0x83, 0xe5, 0xe1, 0xde, 0x6c, 0x91,
0xbe, 0x64, 0x02, 0x0a, 0x9a, 0x95, 0xa2, 0xb7, 0x49, 0x82)
};
/**
* SHA-256 test case 1 - count 0
*/
drbg_test_vector_t drbg_hmac_sha256_1 = {
.type = DRBG_HMAC_SHA256, .strength = 256,
{ NULL, 0 },
chunk_from_chars(0x06, 0x03, 0x2c, 0xd5, 0xee, 0xd3, 0x3f, 0x39, 0x26, 0x5f,
0x49, 0xec, 0xb1, 0x42, 0xc5, 0x11, 0xda, 0x9a, 0xff, 0x2a,
0xf7, 0x12, 0x03, 0xbf, 0xfa, 0xf3, 0x4a, 0x9c, 0xa5, 0xbd,
0x9c, 0x0d, 0x0e, 0x66, 0xf7, 0x1e, 0xdc, 0x43, 0xe4, 0x2a,
0x45, 0xad, 0x3c, 0x6f, 0xc6, 0xcd, 0xc4, 0xdf, 0x01, 0x92,
0x0a, 0x4e, 0x66, 0x9e, 0xd3, 0xa8, 0x5a, 0xe8, 0xa3, 0x3b,
0x35, 0xa7, 0x4a, 0xd7, 0xfb, 0x2a, 0x6b, 0xb4, 0xcf, 0x39,
0x5c, 0xe0, 0x03, 0x34, 0xa9, 0xc9, 0xa5, 0xa5, 0xd5, 0x52),
chunk_from_chars(0x76, 0xfc, 0x79, 0xfe, 0x9b, 0x50, 0xbe, 0xcc, 0xc9, 0x91,
0xa1, 0x1b, 0x56, 0x35, 0x78, 0x3a, 0x83, 0x53, 0x6a, 0xdd,
0x03, 0xc1, 0x57, 0xfb, 0x30, 0x64, 0x5e, 0x61, 0x1c, 0x28,
0x98, 0xbb, 0x2b, 0x1b, 0xc2, 0x15, 0x00, 0x02, 0x09, 0x20,
0x8c, 0xd5, 0x06, 0xcb, 0x28, 0xda, 0x2a, 0x51, 0xbd, 0xb0,
0x38, 0x26, 0xaa, 0xf2, 0xbd, 0x23, 0x35, 0xd5, 0x76, 0xd5,
0x19, 0x16, 0x08, 0x42, 0xe7, 0x15, 0x8a, 0xd0, 0x94, 0x9d,
0x1a, 0x9e, 0xc3, 0xe6, 0x6e, 0xa1, 0xb1, 0xa0, 0x64, 0xb0,
0x05, 0xde, 0x91, 0x4e, 0xac, 0x2e, 0x9d, 0x4f, 0x2d, 0x72,
0xa8, 0x61, 0x6a, 0x80, 0x22, 0x54, 0x22, 0x91, 0x82, 0x50,
0xff, 0x66, 0xa4, 0x1b, 0xd2, 0xf8, 0x64, 0xa6, 0xa3, 0x8c,
0xc5, 0xb6, 0x49, 0x9d, 0xc4, 0x3f, 0x7f, 0x2b, 0xd0, 0x9e,
0x1e, 0x0f, 0x8f, 0x58, 0x85, 0x93, 0x51, 0x24)
};
/**
* SHA-256 test case 3 - count 0
*/
drbg_test_vector_t drbg_hmac_sha256_2 = {
.type = DRBG_HMAC_SHA256, .strength = 256,
chunk_from_chars(0xf2, 0xe5, 0x8f, 0xe6, 0x0a, 0x3a, 0xfc, 0x59, 0xda, 0xd3,
0x75, 0x95, 0x41, 0x5f, 0xfd, 0x31, 0x8c, 0xcf, 0x69, 0xd6,
0x77, 0x80, 0xf6, 0xfa, 0x07, 0x97, 0xdc, 0x9a, 0xa4, 0x3e,
0x14, 0x4c),
chunk_from_chars(0xfa, 0x0e, 0xe1, 0xfe, 0x39, 0xc7, 0xc3, 0x90, 0xaa, 0x94,
0x15, 0x9d, 0x0d, 0xe9, 0x75, 0x64, 0x34, 0x2b, 0x59, 0x17,
0x77, 0xf3, 0xe5, 0xf6, 0xa4, 0xba, 0x2a, 0xea, 0x34, 0x2e,
0xc8, 0x40, 0xdd, 0x08, 0x20, 0x65, 0x5c, 0xb2, 0xff, 0xdb,
0x0d, 0xa9, 0xe9, 0x31, 0x0a, 0x67, 0xc9, 0xe5, 0xe0, 0x62,
0x9b, 0x6d, 0x79, 0x75, 0xdd, 0xfa, 0x96, 0xa3, 0x99, 0x64,
0x87, 0x40, 0xe6, 0x0f, 0x1f, 0x95, 0x57, 0xdc, 0x58, 0xb3,
0xd7, 0x41, 0x5f, 0x9b, 0xa9, 0xd4, 0xdb, 0xb5, 0x01, 0xf6),
chunk_from_chars(0xf9, 0x2d, 0x4c, 0xf9, 0x9a, 0x53, 0x5b, 0x20, 0x22, 0x2a,
0x52, 0xa6, 0x8d, 0xb0, 0x4c, 0x5a, 0xf6, 0xf5, 0xff, 0xc7,
0xb6, 0x6a, 0x47, 0x3a, 0x37, 0xa2, 0x56, 0xbd, 0x8d, 0x29,
0x8f, 0x9b, 0x4a, 0xa4, 0xaf, 0x7e, 0x8d, 0x18, 0x1e, 0x02,
0x36, 0x79, 0x03, 0xf9, 0x3b, 0xdb, 0x74, 0x4c, 0x6c, 0x2f,
0x3f, 0x34, 0x72, 0x62, 0x6b, 0x40, 0xce, 0x9b, 0xd6, 0xa7,
0x0e, 0x7b, 0x8f, 0x93, 0x99, 0x2a, 0x16, 0xa7, 0x6f, 0xab,
0x6b, 0x5f, 0x16, 0x25, 0x68, 0xe0, 0x8e, 0xe6, 0xc3, 0xe8,
0x04, 0xae, 0xfd, 0x95, 0x2d, 0xdd, 0x3a, 0xcb, 0x79, 0x1c,
0x50, 0xf2, 0xad, 0x69, 0xe9, 0xa0, 0x40, 0x28, 0xa0, 0x6a,
0x9c, 0x01, 0xd3, 0xa6, 0x2a, 0xca, 0x2a, 0xaf, 0x6e, 0xfe,
0x69, 0xed, 0x97, 0xa0, 0x16, 0x21, 0x3a, 0x2d, 0xd6, 0x42,
0xb4, 0x88, 0x67, 0x64, 0x07, 0x2d, 0x9c, 0xbe)
};
/**
* SHA-256 test case 5 - count 0
*/
drbg_test_vector_t drbg_hmac_sha256_3 = {
.type = DRBG_HMAC_SHA256, .strength = 256,
{ NULL, 0 },
chunk_from_chars(0xff, 0x0c, 0xdd, 0x55, 0x5c, 0x60, 0x46, 0x47, 0x60, 0xb2,
0x89, 0xb7, 0xbc, 0x1f, 0x81, 0x1a, 0x41, 0xff, 0xf7, 0x2d,
0xe5, 0x90, 0x83, 0x85, 0x8c, 0x02, 0x0a, 0x10, 0x53, 0xbd,
0xc7, 0x4a, 0x7b, 0xc0, 0x99, 0x28, 0x5a, 0xd5, 0x62, 0x19,
0x93, 0xb6, 0x39, 0xc4, 0xa9, 0x4c, 0x37, 0x6b, 0x14, 0xfc,
0x6c, 0x9b, 0x17, 0x8d, 0xb6, 0x44, 0xa8, 0xcd, 0x71, 0x30,
0xa4, 0xcf, 0x05, 0x16, 0x78, 0xc8, 0xf4, 0xfa, 0x8f, 0x24,
0xc2, 0x7b, 0x0a, 0x53, 0x13, 0x38, 0xa5, 0xce, 0x85, 0x89),
chunk_from_chars(0x2f, 0x26, 0x20, 0x34, 0x7b, 0xdd, 0xca, 0xa2, 0x94, 0x36,
0x85, 0x34, 0x6b, 0xbf, 0x31, 0xc4, 0x40, 0x81, 0xf8, 0x66,
0x5f, 0x3d, 0xdb, 0x2b, 0x42, 0xae, 0x14, 0x16, 0xa7, 0x4c,
0x4b, 0x77, 0xfa, 0xb3, 0xfa, 0x19, 0xae, 0xec, 0xc5, 0x47,
0xe7, 0x6c, 0x8c, 0xbe, 0x6a, 0xd1, 0xf1, 0x00, 0xa3, 0xfc,
0x8b, 0x2c, 0xe2, 0xa1, 0xea, 0x3a, 0x3d, 0xd7, 0xcf, 0xad,
0x46, 0xc1, 0xb2, 0x78, 0x30, 0xb9, 0x40, 0xba, 0x18, 0xd0,
0x9e, 0x9b, 0x7f, 0xa9, 0x02, 0xbb, 0x76, 0x06, 0x69, 0xb1,
0x73, 0x5c, 0xc7, 0xb7, 0xbd, 0x39, 0x05, 0x2d, 0xa7, 0xf2,
0x62, 0x6f, 0xa8, 0x70, 0x00, 0xcf, 0xfa, 0xda, 0x41, 0x00,
0x19, 0xd0, 0x53, 0x38, 0x6a, 0xd8, 0x08, 0xbd, 0x3c, 0x0c,
0xfc, 0xf5, 0x6b, 0x91, 0x87, 0x9e, 0xb8, 0xd3, 0xf9, 0x32,
0xee, 0x2d, 0x18, 0x5e, 0x54, 0xf3, 0x1b, 0x74)
};
/**
* SHA-256 test case 7 - count 0
*/
drbg_test_vector_t drbg_hmac_sha256_4 = {
.type = DRBG_HMAC_SHA256, .strength = 256,
chunk_from_chars(0x40, 0x93, 0x3f, 0xdc, 0xce, 0x41, 0x59, 0xb0, 0x95, 0x51,
0x11, 0xf8, 0x44, 0x47, 0x1b, 0x0d, 0xb8, 0x5b, 0x73, 0xbd,
0xd2, 0xb7, 0x8c, 0x46, 0x8d, 0xd3, 0x9e, 0x2a, 0x9b, 0x29,
0xae, 0xf2),
chunk_from_chars(0x28, 0xba, 0x1a, 0x66, 0x16, 0x32, 0xef, 0xc8, 0xec, 0xce,
0xd5, 0xf5, 0x1b, 0x79, 0x13, 0x00, 0xfb, 0x3b, 0x55, 0xb0,
0x5d, 0x04, 0x17, 0x08, 0x63, 0x8d, 0xe4, 0xbe, 0xb7, 0x57,
0xa9, 0xe5, 0x76, 0x82, 0x87, 0x96, 0xaf, 0xf0, 0x7f, 0x55,
0x79, 0x5c, 0xb5, 0x47, 0x13, 0xc7, 0x7e, 0xd4, 0xa5, 0xf5,
0x42, 0xb0, 0x4a, 0xaa, 0x5d, 0xbc, 0x93, 0x1e, 0x47, 0x01,
0x9f, 0xeb, 0x38, 0x96, 0x26, 0x16, 0xc5, 0x7a, 0xf0, 0x9b,
0x7c, 0x1d, 0xf8, 0x3f, 0x2b, 0x86, 0x0f, 0xf7, 0x65, 0x86),
chunk_from_chars(0x65, 0xe5, 0xaa, 0x47, 0xb3, 0x85, 0xf1, 0xea, 0x42, 0xb2,
0x31, 0xb9, 0xfe, 0x74, 0x42, 0x53, 0xb8, 0x59, 0x88, 0x59,
0xd7, 0x01, 0x1e, 0x52, 0x5f, 0x5a, 0x2a, 0x1a, 0xd3, 0x2a,
0x97, 0x2a, 0x85, 0x08, 0x02, 0xc6, 0x0a, 0x2b, 0xe1, 0x9b,
0xe2, 0x70, 0x06, 0x3a, 0x3c, 0xfb, 0xea, 0xae, 0x95, 0x4f,
0x10, 0xb1, 0x22, 0x35, 0x2d, 0xe6, 0xa0, 0x8a, 0xc4, 0x10,
0xe0, 0x99, 0x16, 0x53, 0xaa, 0xb2, 0x71, 0xb3, 0x60, 0xfe,
0x91, 0x91, 0xcf, 0x5a, 0xdd, 0xcc, 0xcc, 0xed, 0x8c, 0x4a,
0xcf, 0xb6, 0x14, 0x57, 0x04, 0x99, 0x92, 0x98, 0x8f, 0xd7,
0xa9, 0xac, 0xca, 0x1f, 0x1b, 0xca, 0x35, 0xf1, 0x47, 0x58,
0x13, 0x69, 0x4a, 0x39, 0x98, 0x8e, 0x5f, 0xac, 0x9f, 0x4a,
0xc0, 0x57, 0x22, 0x86, 0xbc, 0x46, 0x25, 0x82, 0xad, 0x0a,
0xf7, 0x8a, 0xb3, 0xb8, 0x5e, 0xc1, 0x7a, 0x25)
};
/**
* SHA-256 test case 9 - count 0
*/
drbg_test_vector_t drbg_hmac_sha256_5 = {
.type = DRBG_HMAC_SHA256, .strength = 256,
{ NULL, 0 },
chunk_from_chars(0x6a, 0xe8, 0x03, 0x03, 0x29, 0x23, 0x91, 0x33, 0x5b, 0xf9,
0xc9, 0x38, 0x7f, 0xbd, 0x3b, 0xf6, 0x15, 0x75, 0x6c, 0x9c,
0x27, 0xc3, 0x47, 0x8c, 0x87, 0xe2, 0x60, 0xcf, 0x97, 0xd4,
0x71, 0x10, 0x01, 0xe1, 0x62, 0x47, 0xdd, 0x4c, 0xae, 0x64,
0x99, 0x33, 0x7d, 0x82, 0x78, 0x4e, 0xa5, 0x7f, 0x03, 0x57,
0x02, 0xef, 0x4e, 0x11, 0x2b, 0x17, 0x31, 0x12, 0xc5, 0x85,
0x1d, 0x07, 0xb2, 0x79, 0x30, 0x98, 0x63, 0x74, 0x0d, 0x38,
0xd0, 0xd0, 0x72, 0x02, 0x23, 0xe2, 0x40, 0x17, 0xbb, 0xc0),
chunk_from_chars(0xcf, 0x43, 0x15, 0x59, 0x8f, 0xcd, 0x6a, 0xf1, 0x31, 0x55,
0x18, 0xc4, 0xbf, 0xba, 0xc0, 0x54, 0x0c, 0x58, 0x96, 0x35,
0x27, 0x35, 0x48, 0xa7, 0xb5, 0x07, 0xe7, 0xd2, 0xe6, 0x85,
0xe5, 0x94, 0x7b, 0x87, 0xae, 0x25, 0x7e, 0x58, 0xfa, 0xf2,
0x14, 0xf2, 0xb5, 0x8e, 0xd1, 0x0c, 0x3b, 0xd3, 0x5f, 0x75,
0xf6, 0xc3, 0x5d, 0xd6, 0xd4, 0x41, 0xc9, 0x3b, 0xcd, 0x42,
0xe7, 0x17, 0x20, 0x10, 0x26, 0x31, 0xb1, 0xa6, 0xa4, 0xba,
0x24, 0x7c, 0x17, 0x5e, 0xd8, 0x00, 0xcf, 0xca, 0x6e, 0x1e,
0x83, 0x9b, 0x5a, 0xa9, 0x07, 0x60, 0x4c, 0xcf, 0xe6, 0xf9,
0x84, 0xf6, 0x82, 0x2e, 0x00, 0x1a, 0xb0, 0x2d, 0xd6, 0x63,
0x49, 0x64, 0xf7, 0x89, 0xcb, 0x10, 0x7a, 0x97, 0x73, 0x46,
0x69, 0x3f, 0x32, 0x44, 0xc8, 0x95, 0xe8, 0x40, 0xdf, 0xa0,
0xed, 0xf7, 0xf1, 0x4d, 0xc6, 0x1d, 0x79, 0x4f)
};
/**
* SHA-256 test case 11 - count 0
*/
drbg_test_vector_t drbg_hmac_sha256_6 = {
.type = DRBG_HMAC_SHA256, .strength = 256,
chunk_from_chars(0x9f, 0x16, 0x99, 0xc9, 0x9d, 0x60, 0xb0, 0x85, 0xbc, 0x61,
0xcb, 0x11, 0x0e, 0xf8, 0xab, 0x59, 0x0d, 0x82, 0xa9, 0x70,
0x02, 0x1c, 0x3c, 0x6a, 0x5d, 0x48, 0x02, 0x1c, 0x45, 0xde,
0x49, 0x56),
chunk_from_chars(0x63, 0x3d, 0x32, 0xe3, 0x00, 0x5f, 0x78, 0x11, 0x47, 0x23,
0xb3, 0xea, 0x5a, 0xc1, 0x21, 0xba, 0x74, 0xaa, 0x00, 0xc5,
0x2d, 0x93, 0x96, 0x67, 0xe3, 0x0c, 0x33, 0x51, 0xb3, 0x85,
0x49, 0xf7, 0x37, 0xaf, 0xff, 0x50, 0x4a, 0x2d, 0x8a, 0xc1,
0x68, 0xc6, 0x8e, 0x24, 0xd0, 0xfe, 0x66, 0xf6, 0x3e, 0x33,
0x47, 0xc5, 0x47, 0xf1, 0x7f, 0x4d, 0x0b, 0x9f, 0x46, 0x40,
0x5a, 0x54, 0xee, 0xdd, 0x7e, 0x98, 0x0d, 0x06, 0xa2, 0x15,
0xec, 0x15, 0xe8, 0x93, 0x16, 0xab, 0x74, 0x3b, 0x75, 0x47),
chunk_from_chars(0x6e, 0x38, 0xe8, 0x29, 0x62, 0xd7, 0x07, 0xce, 0x9a, 0x6a,
0xc3, 0x83, 0xa7, 0x38, 0xa7, 0x48, 0xf9, 0x75, 0xeb, 0x78,
0x56, 0x11, 0xfa, 0xd5, 0xe3, 0xf5, 0xa4, 0xfe, 0x44, 0xd7,
0xb5, 0x9a, 0x98, 0x13, 0x7a, 0x2b, 0xcd, 0xc3, 0x5f, 0x9e,
0xe9, 0xa1, 0xe2, 0x1b, 0xb1, 0x7d, 0xf1, 0x66, 0x5c, 0xd1,
0x39, 0x76, 0x25, 0xa1, 0x77, 0x24, 0x7e, 0x2e, 0x32, 0x9a,
0x66, 0x01, 0x40, 0x63, 0x61, 0x41, 0x56, 0x06, 0x10, 0xa3,
0x68, 0xbf, 0xd4, 0x99, 0xc2, 0xe2, 0x5b, 0xe3, 0x18, 0xaa,
0x4d, 0xa9, 0xe7, 0xa3, 0x52, 0xd1, 0x15, 0xdb, 0x82, 0x82,
0xed, 0x8d, 0x79, 0xec, 0xf9, 0xcd, 0x82, 0x03, 0x60, 0xd3,
0xd2, 0xd1, 0xa5, 0x8a, 0x93, 0xe0, 0x40, 0xf5, 0x55, 0x48,
0x87, 0xce, 0x6c, 0x98, 0x58, 0xbc, 0x2b, 0xb1, 0x02, 0x24,
0x99, 0x80, 0xa8, 0x58, 0x49, 0x8a, 0xbc, 0xda)
};
/**
* SHA-384 test case 1 - count 0
*/
drbg_test_vector_t drbg_hmac_sha384_1 = {
.type = DRBG_HMAC_SHA384, .strength = 256,
{ NULL, 0 },
chunk_from_chars(0x09, 0x63, 0x49, 0x50, 0x6f, 0x3a, 0x76, 0x53, 0xd5, 0x4d,
0xb7, 0xec, 0x1d, 0x09, 0xe9, 0x34, 0x13, 0xed, 0xd1, 0x75,
0xb6, 0xdd, 0xbe, 0xb0, 0x0e, 0x56, 0x75, 0x2a, 0x52, 0x0a,
0xc8, 0xff, 0xfc, 0x79, 0x83, 0xb9, 0x18, 0xac, 0xad, 0xaa,
0x71, 0xa6, 0x7e, 0x16, 0x24, 0xf1, 0xb5, 0x02, 0x42, 0x60,
0xa0, 0x49, 0x5f, 0xda, 0xba, 0x58, 0xaa, 0xe4, 0x1d, 0xf8,
0x25, 0x05, 0x01, 0x2d, 0x48, 0x0c, 0x8e, 0x4f, 0x75, 0x1f,
0xd7, 0xeb, 0xc3, 0x9f, 0x9b, 0xec, 0xd6, 0x94, 0xb2, 0xa3),
chunk_from_chars(0xf4, 0xc7, 0xbe, 0xc0, 0xc2, 0x6c, 0xf3, 0x89, 0x2d, 0x21,
0x45, 0x49, 0xac, 0x6f, 0x3d, 0x82, 0xf3, 0x4c, 0x69, 0x66,
0xd4, 0x29, 0x50, 0x99, 0xee, 0x56, 0x16, 0x6e, 0x87, 0x9a,
0x70, 0xec, 0xae, 0x13, 0x02, 0x51, 0xfa, 0xcd, 0xa3, 0x51,
0xe9, 0x03, 0xd8, 0x77, 0xb6, 0xc5, 0xea, 0xb5, 0x15, 0x3c,
0xe8, 0x7b, 0xa6, 0xc7, 0xcf, 0x8b, 0xcc, 0x61, 0xcb, 0xd1,
0x4c, 0xfb, 0xe3, 0x4c, 0xf1, 0xed, 0x43, 0x67, 0x8a, 0xee,
0x69, 0xcd, 0x87, 0xb6, 0x0e, 0x6b, 0xcb, 0x6f, 0xf4, 0x8e,
0xbd, 0x44, 0xce, 0x9e, 0x31, 0x98, 0x2d, 0x8f, 0xe2, 0x0a,
0xec, 0x34, 0xfa, 0x51, 0xd6, 0x25, 0xf8, 0x45, 0xf6, 0x10,
0x56, 0x57, 0x59, 0x69, 0xbf, 0x78, 0x5c, 0x2f, 0xfa, 0xb4,
0xdc, 0xc7, 0x54, 0xf1, 0x3d, 0xe6, 0x34, 0x23, 0xe9, 0x4b,
0xad, 0x8d, 0x5e, 0x16, 0x6d, 0x96, 0xa6, 0x2a, 0x60, 0x2d,
0x3e, 0xe4, 0x04, 0x5d, 0xf1, 0x62, 0x02, 0x8b, 0x89, 0xca,
0xc4, 0x5e, 0x62, 0x07, 0xd9, 0x09, 0x7f, 0x2b, 0x3a, 0xc0,
0xab, 0x17, 0x72, 0x92, 0x51, 0x98, 0x5f, 0x27, 0x6f, 0x12,
0x87, 0xf5, 0xc5, 0x6c, 0xc9, 0xba, 0x1a, 0x79, 0xfb, 0xdb,
0xb2, 0x91, 0xf3, 0xa9, 0x45, 0xfb, 0xfd, 0xbd, 0x63, 0xcf,
0x13, 0xb8, 0x2e, 0xc9, 0x1f, 0x7b, 0x10, 0x85, 0xb3, 0x32,
0x79, 0xe3)
};
/**
* SHA-384 test case 3 - count 0
*/
drbg_test_vector_t drbg_hmac_sha384_2 = {
.type = DRBG_HMAC_SHA384, .strength = 256,
chunk_from_chars(0x43, 0xbf, 0x6f, 0x32, 0xb3, 0xb5, 0xf5, 0x80, 0xb5, 0x41,
0x79, 0xe4, 0x10, 0x2d, 0x06, 0x35, 0x36, 0xe7, 0xc4, 0x76,
0x81, 0xd6, 0xde, 0x3c, 0xfe, 0x88, 0xfd, 0x8e, 0xc6, 0x6e,
0x48, 0x73),
chunk_from_chars(0x4d, 0x95, 0xf3, 0x1b, 0x96, 0x06, 0xa5, 0xf6, 0xd0, 0x4d,
0xff, 0x1d, 0x89, 0xb5, 0x0b, 0xec, 0xfd, 0x08, 0x82, 0xe6,
0xcf, 0x51, 0xc1, 0xc5, 0xd2, 0x4a, 0xd8, 0x43, 0xbc, 0x12,
0xd9, 0x77, 0xeb, 0xa4, 0x58, 0x2c, 0x39, 0xd7, 0x93, 0xa6,
0x3e, 0xad, 0xb6, 0x3f, 0x29, 0x25, 0x68, 0xc7, 0xfc, 0x42,
0x70, 0xe6, 0xc9, 0xae, 0xc8, 0x31, 0x86, 0xa2, 0x08, 0x19,
0xa7, 0xd3, 0x5e, 0x7f, 0x11, 0x55, 0xea, 0x10, 0x87, 0x94,
0x30, 0x2d, 0x59, 0x3c, 0x53, 0xce, 0x9d, 0x25, 0x42, 0x2b),
chunk_from_chars(0xe9, 0x91, 0xd0, 0x00, 0xb2, 0x4e, 0xbd, 0xf8, 0x38, 0xba,
0x11, 0xf9, 0x84, 0x95, 0x91, 0xb0, 0x02, 0x9f, 0xef, 0xf3,
0x36, 0x04, 0xbc, 0x4d, 0x71, 0xac, 0xd9, 0x43, 0x01, 0xf8,
0xd0, 0x45, 0xee, 0xb1, 0xf8, 0x1f, 0x3a, 0x10, 0x1a, 0x29,
0x74, 0x03, 0xa3, 0x58, 0x59, 0x11, 0x3c, 0x09, 0x99, 0x39,
0x63, 0x86, 0x80, 0xd4, 0x81, 0xc8, 0x60, 0x67, 0xf5, 0x47,
0x62, 0x89, 0x2f, 0x82, 0x14, 0x6f, 0x61, 0xcc, 0xe7, 0xbc,
0x2c, 0x85, 0xd3, 0x95, 0x34, 0x8f, 0x3e, 0xa2, 0xab, 0xa6,
0xbb, 0x3e, 0x59, 0xdb, 0xcf, 0x8e, 0x41, 0xa8, 0x19, 0x18,
0xb6, 0xca, 0xb3, 0x04, 0xd4, 0x4e, 0xa1, 0xe3, 0x25, 0x73,
0xcd, 0x69, 0x36, 0xf3, 0x8c, 0xdc, 0x11, 0xd3, 0xc2, 0xf9,
0x62, 0x90, 0xcc, 0x27, 0xb0, 0xdf, 0xa3, 0xbb, 0xba, 0xfa,
0x93, 0x94, 0xac, 0xdf, 0x2f, 0x44, 0x35, 0x17, 0x0b, 0x42,
0x85, 0x63, 0x42, 0x7c, 0x4b, 0x02, 0xed, 0x25, 0x92, 0x42,
0x26, 0xed, 0xf8, 0xd5, 0xa5, 0xec, 0xa4, 0xee, 0xc4, 0xae,
0xcf, 0x98, 0xef, 0x2e, 0x6f, 0x75, 0xca, 0xa7, 0x0b, 0xdd,
0x84, 0x87, 0x7d, 0xf2, 0xe6, 0x37, 0xb7, 0xfa, 0xd6, 0x21,
0xc6, 0x17, 0x0c, 0xa5, 0xbd, 0x86, 0xe2, 0x1d, 0x0b, 0xb0,
0x1c, 0xc9, 0x0f, 0xe2, 0xe7, 0x63, 0x53, 0xa9, 0xd5, 0x68,
0x7b, 0xea)
};
/**
* SHA-384 test case 5 - count 0
*/
drbg_test_vector_t drbg_hmac_sha384_3 = {
.type = DRBG_HMAC_SHA384, .strength = 256,
{ NULL, 0 },
chunk_from_chars(0xdc, 0x46, 0xe3, 0x17, 0xbe, 0xde, 0x8f, 0xf5, 0xb4, 0x51,
0x20, 0xee, 0xfa, 0x6d, 0xe7, 0x80, 0x31, 0xb0, 0x8c, 0xa7,
0x87, 0x6d, 0x62, 0xd1, 0x0e, 0xc8, 0x2f, 0x66, 0xa4, 0x8e,
0xba, 0x3f, 0x60, 0x24, 0xe1, 0x39, 0x63, 0xed, 0x40, 0x42,
0x29, 0xac, 0xb7, 0x96, 0xba, 0x0b, 0x2d, 0x0b, 0x04, 0x55,
0xc3, 0xa1, 0xae, 0xe2, 0x0c, 0xcd, 0x66, 0xa3, 0xdd, 0x96,
0x89, 0x68, 0x3f, 0x5c, 0xae, 0x3a, 0x7c, 0x37, 0xd0, 0x9a,
0xd6, 0xce, 0x74, 0x6d, 0xb6, 0x69, 0x21, 0x02, 0xc2, 0x89),
chunk_from_chars(0xb3, 0xb5, 0x41, 0xca, 0x46, 0x2a, 0x72, 0xa2, 0xcc, 0xb9,
0x25, 0xf5, 0x8f, 0x40, 0xfc, 0xb1, 0xd5, 0x38, 0x51, 0x38,
0xb0, 0x95, 0xf7, 0x71, 0x57, 0x5e, 0x62, 0x85, 0x18, 0xd6,
0x94, 0xb9, 0xed, 0x47, 0xb1, 0x26, 0x34, 0x06, 0x3d, 0x9e,
0x9f, 0xb6, 0x4d, 0xdb, 0x20, 0xde, 0xcd, 0x20, 0xe5, 0x7f,
0xac, 0x66, 0x5e, 0xec, 0x16, 0x8a, 0x18, 0xf7, 0xaa, 0xf8,
0xc8, 0xf9, 0x25, 0xfe, 0x2c, 0x34, 0xfa, 0x9f, 0x76, 0x6d,
0x5a, 0x17, 0x24, 0x59, 0xf3, 0x2b, 0xcf, 0x24, 0x31, 0x99,
0xaa, 0xc7, 0x13, 0x9b, 0x2c, 0x1a, 0xa7, 0x98, 0x2f, 0xfb,
0x24, 0x24, 0xa4, 0x76, 0x5a, 0x9d, 0xd1, 0xdd, 0x46, 0x2f,
0x08, 0xa2, 0x80, 0x35, 0x0f, 0x0c, 0xea, 0x0c, 0x4b, 0x9c,
0xd8, 0x73, 0x24, 0xb0, 0xf4, 0x0c, 0x68, 0xf1, 0xa8, 0x77,
0xe6, 0x99, 0x18, 0x7f, 0x5c, 0x40, 0x61, 0x0d, 0x38, 0xe7,
0x15, 0x91, 0xe9, 0x85, 0x64, 0x01, 0x8e, 0xd2, 0xe3, 0x09,
0x00, 0x09, 0xe4, 0x9e, 0x1b, 0xe3, 0x6f, 0x86, 0x2b, 0xfd,
0x01, 0xf3, 0x8d, 0x95, 0x37, 0xda, 0xa3, 0x4d, 0x75, 0x65,
0xbb, 0x17, 0x61, 0xb5, 0x72, 0x7d, 0xf7, 0x55, 0x4f, 0xda,
0xf7, 0xf0, 0x98, 0x0d, 0xe7, 0xc2, 0x03, 0x3c, 0x1d, 0xbb,
0xea, 0xa2, 0x98, 0xdf, 0x1c, 0x7f, 0x34, 0x05, 0x16, 0x29,
0xfd, 0x4f)
};
/**
* SHA-384 test case 7 - count 0
*/
drbg_test_vector_t drbg_hmac_sha384_4 = {
.type = DRBG_HMAC_SHA384, .strength = 256,
chunk_from_chars(0x8a, 0xf7, 0x9c, 0xed, 0x4b, 0x27, 0x77, 0xf4, 0x4e, 0xb3,
0xf9, 0x78, 0x1b, 0xab, 0x24, 0x35, 0x85, 0xb8, 0x27, 0x11,
0xdc, 0x1b, 0x36, 0x2e, 0xe9, 0x8c, 0x8e, 0x65, 0x77, 0x89,
0x1c, 0x7d),
chunk_from_chars(0x79, 0xbe, 0x91, 0xa2, 0x24, 0x86, 0xcf, 0xd6, 0x21, 0x24,
0x8a, 0xed, 0x9c, 0xd8, 0x20, 0x27, 0x8f, 0x1a, 0xba, 0xc8,
0x2d, 0xe3, 0x77, 0xc3, 0x66, 0x4d, 0x83, 0xce, 0x2f, 0xf3,
0xd1, 0x75, 0x24, 0xca, 0x63, 0x07, 0x4b, 0xd6, 0x7b, 0x2e,
0xff, 0xc6, 0x20, 0xbd, 0xef, 0x61, 0x7b, 0x6f, 0x64, 0x3a,
0x86, 0x91, 0x9e, 0x5e, 0x98, 0x4d, 0x62, 0x81, 0xde, 0x71,
0x50, 0x40, 0xb6, 0xf5, 0x21, 0x86, 0x6e, 0xdf, 0xaa, 0xea,
0xd6, 0x16, 0xe1, 0xd1, 0xbd, 0x83, 0xc2, 0x21, 0x0f, 0x5e),
chunk_from_chars(0x5b, 0x6a, 0x4a, 0xb3, 0x60, 0xfb, 0x85, 0x1b, 0xba, 0xa0,
0x35, 0xac, 0x55, 0xa5, 0x85, 0x3c, 0x4f, 0x06, 0xfd, 0x80,
0x41, 0xf2, 0x82, 0xde, 0xe1, 0x08, 0x27, 0xb5, 0x61, 0xee,
0x03, 0x8a, 0x3d, 0x3c, 0x53, 0x7d, 0x55, 0x43, 0x0b, 0x01,
0x3b, 0x97, 0x25, 0xc0, 0x11, 0xa2, 0x7b, 0x33, 0x49, 0x21,
0x43, 0x88, 0xb4, 0x23, 0x2d, 0xd3, 0x1a, 0x36, 0x60, 0xe5,
0xb6, 0xad, 0x1f, 0xab, 0x50, 0x82, 0x04, 0x1a, 0xa3, 0x4f,
0xc8, 0x04, 0xbf, 0x2b, 0xe3, 0x68, 0xac, 0x6d, 0xea, 0x0b,
0x3e, 0xbc, 0xaa, 0x5b, 0x54, 0xdb, 0xa5, 0x16, 0x82, 0xec,
0xa1, 0x9f, 0x9a, 0x5d, 0x59, 0x56, 0x33, 0xff, 0xac, 0xdd,
0x74, 0x6e, 0x10, 0x89, 0xea, 0x3d, 0x67, 0xb1, 0x56, 0xea,
0xa2, 0xe9, 0xf9, 0xb7, 0x9c, 0xc1, 0x78, 0x74, 0x55, 0x56,
0x16, 0x79, 0x2a, 0xf3, 0x70, 0x85, 0xad, 0x3f, 0xfa, 0xa2,
0x8b, 0xec, 0x60, 0xd5, 0xdb, 0x6e, 0xb0, 0xc2, 0xbc, 0xd6,
0xf8, 0x70, 0x54, 0x3d, 0x8e, 0xca, 0x7e, 0xeb, 0xfd, 0x63,
0xda, 0xcd, 0xb7, 0xf3, 0xd3, 0x89, 0xd0, 0xe0, 0xb2, 0xa9,
0xab, 0x92, 0xe7, 0xa7, 0x8d, 0x11, 0xf8, 0xa3, 0xf0, 0x64,
0x02, 0xa9, 0xae, 0x75, 0x10, 0xdd, 0x96, 0x48, 0xac, 0x8c,
0xc3, 0x3d, 0xee, 0xe4, 0x9b, 0xc6, 0xfe, 0xe9, 0x7b, 0xc8,
0x6d, 0xcf)
};
/**
* SHA-384 test case 9 - count 0
*/
drbg_test_vector_t drbg_hmac_sha384_5 = {
.type = DRBG_HMAC_SHA384, .strength = 256,
{ NULL, 0 },
chunk_from_chars(0x54, 0x96, 0x45, 0x38, 0xca, 0x40, 0xae, 0xe8, 0xef, 0xa7,
0xbf, 0x33, 0x6a, 0x23, 0x78, 0x7d, 0x95, 0x06, 0x40, 0x69,
0x64, 0xc3, 0x27, 0x43, 0xdf, 0x9c, 0xce, 0x28, 0xe8, 0x92,
0xc2, 0xa6, 0x9e, 0x7b, 0xdf, 0x08, 0xe8, 0x5e, 0x8d, 0xe7,
0xe0, 0x49, 0xe7, 0xfc, 0x3a, 0x13, 0x88, 0x85, 0xc9, 0xc8,
0x4d, 0xf8, 0x1f, 0x73, 0x19, 0x6b, 0xa5, 0x08, 0x8f, 0xe2,
0x85, 0x43, 0xa8, 0x1b, 0xb5, 0x2c, 0x1d, 0xb4, 0x7f, 0xef,
0xad, 0x85, 0x51, 0x1f, 0x8d, 0x42, 0xa9, 0x84, 0x23, 0x67),
chunk_from_chars(0x91, 0x9f, 0x95, 0x90, 0x97, 0x3f, 0xbb, 0x06, 0xea, 0xf8,
0xe9, 0x7c, 0x8b, 0x20, 0x2e, 0xc3, 0xbf, 0x6a, 0xd4, 0xeb,
0x50, 0xb9, 0xe3, 0xd6, 0x63, 0x8b, 0x66, 0x22, 0x01, 0x79,
0xeb, 0x8c, 0x3e, 0xf1, 0x87, 0xdd, 0x50, 0x27, 0x0f, 0xde,
0x90, 0x3d, 0x5c, 0x70, 0x13, 0x55, 0x2e, 0x45, 0x18, 0xad,
0x9c, 0x69, 0xfa, 0x5e, 0x6d, 0xd7, 0x09, 0x5d, 0xbd, 0x3c,
0x68, 0x03, 0xf2, 0x9d, 0x8b, 0xcf, 0x9d, 0x65, 0xcd, 0xe7,
0x50, 0xb1, 0x7c, 0x79, 0x73, 0x7e, 0x96, 0xd7, 0xec, 0xc2,
0x30, 0x40, 0x2e, 0x22, 0x6e, 0x00, 0xc7, 0x25, 0x29, 0x17,
0xe9, 0x54, 0x99, 0x70, 0x55, 0x23, 0xf3, 0xe1, 0x5c, 0x2c,
0x59, 0x05, 0x4a, 0xba, 0x3a, 0x40, 0xfa, 0x10, 0x6c, 0x85,
0xd2, 0xfc, 0xb1, 0xff, 0x9c, 0x11, 0x5e, 0x19, 0xac, 0xc5,
0x79, 0xef, 0x1a, 0x19, 0x0e, 0xf7, 0x6b, 0x75, 0x29, 0xfe,
0x79, 0x62, 0x30, 0xfd, 0x7c, 0x67, 0x8a, 0xc9, 0xd2, 0x29,
0x40, 0x13, 0xee, 0x37, 0x33, 0x1e, 0x45, 0xe0, 0x72, 0xf2,
0xc8, 0xb5, 0xa9, 0x27, 0x5e, 0xe9, 0x81, 0x3d, 0x51, 0x00,
0x6f, 0x80, 0x34, 0x3c, 0xb6, 0xa2, 0x16, 0x81, 0xbc, 0x5c,
0xe0, 0xee, 0x6e, 0xe3, 0xf4, 0x97, 0x10, 0xaa, 0x23, 0xc9,
0x25, 0xec, 0x8b, 0x01, 0x82, 0x49, 0xf0, 0xe6, 0xf0, 0x0b,
0x85, 0xd6)
};
/**
* SHA-384 test case 11 - count 0
*/
drbg_test_vector_t drbg_hmac_sha384_6 = {
.type = DRBG_HMAC_SHA384, .strength = 256,
chunk_from_chars(0xc9, 0xb4, 0x5f, 0x12, 0x14, 0xb7, 0xfe, 0x12, 0xd5, 0xfa,
0x54, 0xb5, 0x79, 0xe0, 0x55, 0x02, 0x2c, 0x25, 0xd2, 0x3d,
0x8a, 0xf6, 0x3e, 0x39, 0x26, 0xc0, 0xec, 0xbd, 0x92, 0xab,
0x8d, 0x01),
chunk_from_chars(0xe9, 0xfe, 0x33, 0xf3, 0xd1, 0x56, 0x8b, 0x14, 0x6b, 0x7a,
0x86, 0xfc, 0x0f, 0xe8, 0x0e, 0x11, 0xe7, 0xd3, 0xe0, 0x8c,
0xa3, 0x9c, 0xc5, 0xdd, 0x38, 0x67, 0x6f, 0x8a, 0xcf, 0xdb,
0x75, 0xbb, 0x9a, 0xa0, 0x91, 0xa0, 0x27, 0xfc, 0x5b, 0x3c,
0x39, 0x4c, 0x7f, 0x17, 0xc8, 0x16, 0xc3, 0xcf, 0xf6, 0x27,
0x0e, 0x5b, 0xa1, 0x81, 0x9e, 0x48, 0x2e, 0x42, 0x19, 0x78,
0x96, 0xb9, 0x24, 0xf6, 0x63, 0x00, 0xa0, 0xd4, 0x25, 0x15,
0x3d, 0x55, 0x1e, 0xb0, 0x00, 0xea, 0xe8, 0x09, 0xc1, 0x5a),
chunk_from_chars(0xc7, 0xd0, 0xb2, 0x7b, 0x36, 0xbc, 0x29, 0x48, 0x31, 0x95,
0x40, 0x05, 0x5d, 0xf2, 0x29, 0xad, 0x3d, 0x43, 0xb5, 0x08,
0x6a, 0xe3, 0x45, 0xc1, 0xc3, 0xa5, 0x17, 0x01, 0x2c, 0x24,
0x7d, 0x5e, 0xdf, 0x25, 0xcc, 0xdf, 0x83, 0xb6, 0xfd, 0xf4,
0xec, 0x10, 0x41, 0x49, 0x65, 0x2b, 0x1d, 0x26, 0xed, 0x70,
0x36, 0x7b, 0x24, 0x6d, 0xfe, 0x9f, 0x58, 0x90, 0xf7, 0x26,
0xca, 0xd6, 0x77, 0x74, 0x4f, 0x64, 0x08, 0xd2, 0x43, 0xd9,
0x86, 0xef, 0x76, 0x8a, 0xac, 0x65, 0x61, 0x7c, 0x06, 0x20,
0x4d, 0x35, 0xe3, 0x1a, 0x98, 0xa0, 0x2e, 0xd3, 0x23, 0x5b,
0x0f, 0x98, 0x99, 0x86, 0x69, 0xca, 0xaa, 0x3f, 0xb5, 0xeb,
0x94, 0xdb, 0x64, 0xc2, 0xdf, 0xb3, 0xce, 0xf2, 0x31, 0xed,
0xa1, 0xfd, 0x59, 0xb4, 0x37, 0x7b, 0x0b, 0x00, 0x2a, 0x8c,
0x0b, 0x53, 0x10, 0xb9, 0x6f, 0x49, 0xe0, 0xfe, 0x3c, 0x46,
0x94, 0x45, 0x14, 0xe5, 0xf5, 0xae, 0xb4, 0xf6, 0x44, 0xd4,
0x38, 0x5f, 0x0e, 0x21, 0x09, 0xbf, 0xb9, 0xcf, 0xff, 0xa9,
0x96, 0x2e, 0x26, 0xab, 0x2c, 0x76, 0x49, 0xa2, 0x7e, 0xfa,
0x33, 0x09, 0xe7, 0x2c, 0xd1, 0x51, 0x16, 0xa5, 0x78, 0x7c,
0x13, 0x0c, 0xad, 0xcb, 0x4e, 0x42, 0xba, 0x6e, 0x9d, 0x0b,
0xd1, 0x4e, 0xed, 0x1c, 0x6a, 0x01, 0x9b, 0x5b, 0xe1, 0x3b,
0xe0, 0xc4)
};
/**
* SHA-512 test case 1 - count 0
*/
drbg_test_vector_t drbg_hmac_sha512_1 = {
.type = DRBG_HMAC_SHA512, .strength = 256,
{ NULL, 0 },
chunk_from_chars(0x48, 0xc1, 0x21, 0xb1, 0x87, 0x33, 0xaf, 0x15, 0xc2, 0x7e,
0x1d, 0xd9, 0xba, 0x66, 0xa9, 0xa8, 0x1a, 0x55, 0x79, 0xcd,
0xba, 0x0f, 0x5b, 0x65, 0x7e, 0xc5, 0x3c, 0x2b, 0x9e, 0x90,
0xbb, 0xf6, 0xbb, 0xb7, 0xc7, 0x77, 0x42, 0x80, 0x68, 0xfa,
0xd9, 0x97, 0x08, 0x91, 0xf8, 0x79, 0xb1, 0xaf, 0xe0, 0xff,
0xef, 0xda, 0xdb, 0x9c, 0xcf, 0x99, 0x05, 0x04, 0xd5, 0x68,
0xbd, 0xb4, 0xd8, 0x62, 0xcb, 0xe1, 0x7c, 0xcc, 0xe6, 0xe2,
0x2d, 0xfc, 0xab, 0x8b, 0x48, 0x04, 0xfd, 0x21, 0x42, 0x1a),
chunk_from_chars(0x05, 0xda, 0x6a, 0xac, 0x7d, 0x98, 0x0d, 0xa0, 0x38, 0xf6,
0x5f, 0x39, 0x28, 0x41, 0x47, 0x6d, 0x37, 0xfe, 0x70, 0xfb,
0xd3, 0xe3, 0x69, 0xd1, 0xf8, 0x01, 0x96, 0xe6, 0x6e, 0x54,
0xb8, 0xfa, 0xdb, 0x1d, 0x60, 0xe1, 0xa0, 0xf3, 0xd4, 0xdc,
0x17, 0x37, 0x69, 0xd7, 0x5f, 0xc3, 0x41, 0x05, 0x49, 0xd7,
0xa8, 0x43, 0x27, 0x0a, 0x54, 0xa0, 0x68, 0xb4, 0xfe, 0x76,
0x7d, 0x7d, 0x9a, 0x59, 0x60, 0x45, 0x10, 0xa8, 0x75, 0xad,
0x1e, 0x97, 0x31, 0xc8, 0xaf, 0xd0, 0xfd, 0x50, 0xb8, 0x25,
0xe2, 0xc5, 0x0d, 0x06, 0x25, 0x76, 0x17, 0x51, 0x06, 0xa9,
0x98, 0x1b, 0xe3, 0x7e, 0x02, 0xec, 0x7c, 0x5c, 0xd0, 0xa6,
0x9a, 0xa0, 0xca, 0x65, 0xbd, 0xda, 0xee, 0x1b, 0x0d, 0xe5,
0x32, 0xe1, 0x0c, 0xfa, 0x1f, 0x5b, 0xf6, 0xa0, 0x26, 0xe4,
0x73, 0x79, 0x73, 0x6a, 0x09, 0x9d, 0x67, 0x50, 0xab, 0x12,
0x1d, 0xbe, 0x36, 0x22, 0xb8, 0x41, 0xba, 0xf8, 0xbd, 0xcb,
0xe8, 0x75, 0xc8, 0x5b, 0xa4, 0xb5, 0x86, 0xb8, 0xb5, 0xb5,
0x7b, 0x0f, 0xec, 0xbe, 0xc0, 0x8c, 0x12, 0xff, 0x2a, 0x94,
0x53, 0xc4, 0x7c, 0x6e, 0x32, 0xa5, 0x21, 0x03, 0xd9, 0x72,
0xc6, 0x2a, 0xb9, 0xaf, 0xfb, 0x8e, 0x72, 0x8a, 0x31, 0xfc,
0xef, 0xbb, 0xcc, 0xc5, 0x56, 0xc0, 0xf0, 0xa3, 0x5f, 0x4b,
0x10, 0xac, 0xe2, 0xd9, 0x6b, 0x90, 0x6e, 0x36, 0xcb, 0xb7,
0x22, 0x33, 0x20, 0x1e, 0x53, 0x6d, 0x3e, 0x13, 0xb0, 0x45,
0x18, 0x7b, 0x41, 0x7d, 0x24, 0x49, 0xca, 0xd1, 0xed, 0xd1,
0x92, 0xe0, 0x61, 0xf1, 0x2d, 0x22, 0x14, 0x7b, 0x0a, 0x17,
0x6e, 0xa8, 0xd9, 0xc4, 0xc3, 0x54, 0x04, 0x39, 0x5b, 0x65,
0x02, 0xef, 0x33, 0x3a, 0x81, 0x3b, 0x65, 0x86, 0x03, 0x74,
0x79, 0xe0, 0xfa, 0x3c, 0x6a, 0x23)
};
/**
* SHA-512 test case 3 - count 0
*/
drbg_test_vector_t drbg_hmac_sha512_2 = {
.type = DRBG_HMAC_SHA512, .strength = 256,
chunk_from_chars(0x21, 0x23, 0x00, 0xf9, 0x38, 0x99, 0xff, 0x7c, 0xb1, 0x44,
0xf2, 0x04, 0x26, 0x02, 0x8b, 0x97, 0x63, 0x80, 0xa3, 0x48,
0x25, 0x3b, 0xcc, 0x3f, 0xf4, 0x2b, 0x52, 0x8c, 0xd1, 0x97,
0x25, 0x49),
chunk_from_chars(0x97, 0xae, 0xf9, 0x35, 0xea, 0x33, 0x71, 0x7e, 0x8e, 0x86,
0x44, 0xbb, 0x8c, 0x47, 0x89, 0xf3, 0x75, 0xc4, 0x8a, 0x94,
0x5d, 0xed, 0x08, 0x77, 0x11, 0x49, 0xe8, 0x28, 0xa2, 0x2d,
0xc8, 0x66, 0x82, 0x58, 0x0f, 0x51, 0x07, 0x0b, 0xa1, 0xe9,
0x91, 0xd9, 0x80, 0x3f, 0x51, 0xfd, 0x9a, 0x6f, 0x63, 0xcd,
0x91, 0xc1, 0xeb, 0xb2, 0xca, 0xa1, 0x5f, 0x28, 0x37, 0xdf,
0x8f, 0x35, 0xcb, 0xb6, 0xfe, 0x96, 0xdf, 0x26, 0x74, 0xa1,
0x36, 0x99, 0x0a, 0x59, 0x76, 0xcb, 0xba, 0xb6, 0x3b, 0xc1),
chunk_from_chars(0x0e, 0x85, 0x33, 0xf6, 0x4b, 0x60, 0xc2, 0x3a, 0x26, 0x55,
0x82, 0x70, 0x37, 0xdb, 0x21, 0x8c, 0x2f, 0xe9, 0xce, 0x43,
0x0f, 0xa4, 0xed, 0x6e, 0xd9, 0xbe, 0x34, 0x9c, 0x4b, 0xdc,
0x6f, 0x40, 0x01, 0x8b, 0x42, 0xf4, 0x86, 0xfa, 0x04, 0x28,
0x8b, 0x3b, 0x0c, 0x62, 0xa1, 0x28, 0x12, 0xe7, 0x6e, 0x08,
0xc7, 0x60, 0x62, 0xa5, 0x10, 0xcc, 0x60, 0x84, 0x1f, 0x16,
0x58, 0x69, 0xef, 0xac, 0xee, 0xf9, 0x08, 0x05, 0xbd, 0xde,
0x2f, 0xd6, 0x6c, 0x36, 0xc3, 0x8a, 0x2a, 0xc9, 0xc3, 0xcb,
0x86, 0xbf, 0xd3, 0x04, 0x06, 0x56, 0x9e, 0x0a, 0xfd, 0x24,
0x51, 0x02, 0xf2, 0xea, 0x2d, 0x49, 0xe4, 0xee, 0x5f, 0x69,
0x18, 0x72, 0x27, 0xa3, 0xf0, 0xed, 0xfb, 0xc1, 0x25, 0x9c,
0xb6, 0x56, 0x4a, 0x2d, 0x4e, 0x82, 0x9b, 0x3f, 0xc3, 0xb6,
0x99, 0x6e, 0x37, 0x54, 0x6f, 0x1d, 0x8a, 0x16, 0xfc, 0xd8,
0x20, 0x1d, 0x1a, 0xd2, 0x86, 0x61, 0xbb, 0xb0, 0x01, 0x2d,
0xaa, 0xd5, 0x5d, 0x54, 0x03, 0xe8, 0x33, 0xd8, 0xa0, 0x06,
0x8d, 0x21, 0x6c, 0x87, 0x9b, 0xce, 0xbc, 0x05, 0x4d, 0xf0,
0xc9, 0xcb, 0xa1, 0x4d, 0xad, 0x48, 0x63, 0xee, 0x1f, 0x75,
0xb7, 0x8b, 0xc4, 0x88, 0x66, 0x2c, 0xb0, 0xc9, 0x1c, 0xa4,
0xfd, 0xfc, 0xe7, 0xdf, 0x59, 0x16, 0xb4, 0xe6, 0x25, 0x80,
0x90, 0x2c, 0x60, 0x1b, 0xe7, 0x06, 0xdc, 0xc7, 0x90, 0x38,
0x58, 0xe6, 0xb9, 0x92, 0x07, 0x35, 0xbd, 0xaa, 0x63, 0x5a,
0xdd, 0x5c, 0x06, 0x08, 0x0d, 0x82, 0x26, 0x53, 0x45, 0xb4,
0x90, 0x37, 0xa3, 0x2f, 0xcf, 0x0a, 0x7c, 0x9e, 0xa6, 0x06,
0x9e, 0x33, 0x69, 0xf9, 0xb4, 0xaa, 0x45, 0x49, 0x3e, 0xfd,
0x73, 0x18, 0xda, 0x2a, 0xe9, 0xb4, 0xfc, 0x30, 0x04, 0x98,
0x24, 0x8a, 0xfa, 0xad, 0x8d, 0x49)
};
/**
* SHA-512 test case 5 - count 0
*/
drbg_test_vector_t drbg_hmac_sha512_3 = {
.type = DRBG_HMAC_SHA512, .strength = 256,
{ NULL, 0 },
chunk_from_chars(0x54, 0xda, 0xf8, 0xea, 0xd3, 0xac, 0xcb, 0x38, 0x2c, 0xdf,
0x25, 0x1c, 0xfb, 0xc8, 0x64, 0x4a, 0xb8, 0xbf, 0x4f, 0x99,
0x69, 0x37, 0x11, 0x10, 0x2c, 0x02, 0xb2, 0xb6, 0x92, 0x0c,
0x25, 0xc8, 0x4b, 0xcf, 0x3b, 0x02, 0xdc, 0x3e, 0x13, 0x0f,
0x50, 0xe8, 0x9b, 0xdf, 0x2c, 0xf7, 0x52, 0xe2, 0x45, 0x30,
0xe0, 0xb8, 0x95, 0x51, 0x90, 0xec, 0xd3, 0xca, 0x11, 0x7d,
0x26, 0x20, 0xa0, 0xf5, 0x82, 0x3a, 0x2c, 0x7c, 0x6f, 0x10,
0x8a, 0x72, 0xae, 0xc6, 0x9a, 0xd5, 0x91, 0x51, 0xc8, 0xec),
chunk_from_chars(0xc9, 0x44, 0x4a, 0x93, 0x66, 0x76, 0x4f, 0x89, 0xef, 0x32,
0x26, 0xee, 0x70, 0xf6, 0x18, 0x49, 0x2f, 0xa9, 0xfa, 0x9a,
0x1c, 0x96, 0xe5, 0x3e, 0xc8, 0x17, 0xde, 0xc9, 0xc4, 0xc8,
0x3f, 0xb6, 0xef, 0x7f, 0xcb, 0x2c, 0xae, 0x99, 0x73, 0x29,
0x3e, 0xaa, 0xa5, 0x96, 0xcb, 0xbf, 0xda, 0x4c, 0x3f, 0xbf,
0x2d, 0xd9, 0x12, 0x53, 0xbe, 0x2c, 0xe6, 0x64, 0x8c, 0x31,
0xe2, 0xaa, 0x92, 0x31, 0x5a, 0xb4, 0xad, 0xb9, 0x11, 0xaa,
0xac, 0x15, 0xb5, 0x6a, 0x27, 0x3d, 0xa7, 0x4c, 0x11, 0x4e,
0x1f, 0x58, 0xb3, 0x7b, 0x47, 0x05, 0x17, 0x1c, 0x4c, 0xf7,
0xc7, 0x45, 0x23, 0xf5, 0x2e, 0x72, 0x1f, 0x11, 0xbd, 0x8c,
0x37, 0x51, 0x99, 0x95, 0xe0, 0xd1, 0x3c, 0x19, 0x0d, 0x7e,
0x58, 0x6c, 0xd3, 0xe3, 0xe9, 0xfc, 0x2d, 0xa9, 0x48, 0xc5,
0xa5, 0x2a, 0xa6, 0x9c, 0xdc, 0xc8, 0x42, 0xda, 0x17, 0xb4,
0x94, 0xcb, 0x33, 0x0f, 0xca, 0x9d, 0x87, 0x24, 0x96, 0x5f,
0xe7, 0xbb, 0xc4, 0x5c, 0xcd, 0x87, 0x72, 0x14, 0xed, 0x4d,
0x91, 0x71, 0x1a, 0x4e, 0xcc, 0xf9, 0x32, 0x8f, 0x7a, 0x2e,
0x39, 0x3c, 0xf5, 0x9e, 0x69, 0xbb, 0xa6, 0x87, 0x16, 0xab,
0x93, 0x0d, 0x54, 0x62, 0x74, 0xa9, 0xd7, 0xa6, 0x3f, 0xb2,
0x75, 0xc2, 0x07, 0x12, 0xdd, 0x6b, 0x63, 0x1b, 0x69, 0x33,
0x73, 0x29, 0x53, 0x11, 0x87, 0x19, 0x21, 0xc5, 0x2e, 0x2e,
0xc5, 0x46, 0x15, 0x9d, 0x92, 0xeb, 0x15, 0x13, 0x3b, 0xdb,
0x45, 0x3b, 0xa5, 0x4a, 0xef, 0x09, 0xc4, 0x79, 0x0a, 0x1b,
0x34, 0x28, 0xb4, 0x44, 0x75, 0xee, 0x8f, 0xab, 0x6d, 0xb2,
0xd5, 0xa8, 0xaa, 0xaf, 0xc0, 0x46, 0x35, 0x5e, 0xb6, 0x42,
0x1d, 0xbc, 0xe2, 0xf9, 0x28, 0x3a, 0x03, 0xb4, 0xc3, 0x73,
0x97, 0x51, 0x31, 0xae, 0xca, 0x69)
};
/**
* SHA-512 test case 7 - count 0
*/
drbg_test_vector_t drbg_hmac_sha512_4 = {
.type = DRBG_HMAC_SHA512, .strength = 256,
chunk_from_chars(0x39, 0xa7, 0x19, 0x6a, 0x26, 0x16, 0xa5, 0x32, 0x9c, 0x4b,
0x09, 0xf3, 0xbe, 0x52, 0x1c, 0x23, 0x91, 0xfa, 0x37, 0xfc,
0xe9, 0x54, 0xa1, 0xfd, 0x25, 0x9b, 0xde, 0x23, 0x0c, 0x8d,
0x13, 0x0e),
chunk_from_chars(0xcd, 0xed, 0x7a, 0xae, 0xab, 0x10, 0x25, 0xa6, 0x05, 0x3c,
0x12, 0xb8, 0xbc, 0xa1, 0x97, 0xc7, 0x96, 0x3d, 0xee, 0x09,
0xf5, 0x0c, 0x1c, 0xb9, 0x73, 0x34, 0x11, 0xc7, 0x2c, 0xd0,
0x90, 0xb9, 0x1f, 0xf7, 0x7f, 0x52, 0x36, 0x78, 0xc1, 0x92,
0x6b, 0x2b, 0x11, 0x35, 0x4a, 0x55, 0x51, 0x0f, 0xf9, 0x15,
0xac, 0x12, 0x6f, 0x3a, 0xc6, 0xed, 0xdc, 0x6f, 0x9b, 0x85,
0x7b, 0x12, 0x43, 0x63, 0xff, 0xb5, 0x3f, 0xbb, 0x66, 0x4a,
0x3d, 0x7c, 0xb9, 0x10, 0xfb, 0xf5, 0x58, 0xb8, 0x33, 0xbb),
chunk_from_chars(0xa4, 0xc9, 0x7a, 0x54, 0xbe, 0x09, 0x1a, 0x7f, 0x1b, 0x56,
0x37, 0x2c, 0x08, 0xb4, 0xdb, 0xe9, 0xa1, 0x60, 0xe5, 0x9b,
0xfb, 0x1b, 0x38, 0xdf, 0xee, 0xff, 0x9b, 0xd8, 0xdb, 0x5b,
0x4f, 0x19, 0x71, 0x4c, 0x47, 0x19, 0xc9, 0x12, 0x7e, 0x8c,
0xbd, 0x24, 0xe7, 0x83, 0x90, 0x0e, 0x71, 0xa7, 0x7b, 0x1a,
0x83, 0x03, 0xc8, 0x86, 0x65, 0x5d, 0x85, 0x9a, 0x0a, 0x50,
0x54, 0xcd, 0x84, 0xed, 0x1c, 0x6b, 0xa1, 0x11, 0xad, 0x13,
0xdc, 0x12, 0x1b, 0xd0, 0x86, 0x9b, 0x21, 0x71, 0x2b, 0xc2,
0x42, 0x24, 0xc7, 0xe3, 0x59, 0xe2, 0xde, 0x8f, 0x09, 0x33,
0xc9, 0x82, 0xa1, 0x80, 0x11, 0x85, 0x64, 0x63, 0xfd, 0xb4,
0x9c, 0xca, 0x5c, 0x46, 0x80, 0x26, 0xce, 0x02, 0x4a, 0x56,
0x9c, 0x98, 0xfa, 0x3b, 0x3c, 0xc4, 0x88, 0x94, 0x6f, 0xe9,
0xfe, 0x07, 0xdd, 0x18, 0xfd, 0x75, 0x86, 0x3f, 0xfc, 0xfa,
0xd3, 0x2a, 0x2d, 0x04, 0x80, 0xe4, 0x5b, 0x16, 0x9f, 0x68,
0xcd, 0x6f, 0x31, 0xc6, 0x23, 0xb4, 0xfb, 0xd3, 0x35, 0x42,
0x70, 0xc5, 0x1c, 0x49, 0x4c, 0x61, 0x4d, 0xcc, 0xc2, 0x7d,
0xdb, 0x5e, 0x2f, 0x9b, 0xcb, 0xbc, 0x3f, 0xc3, 0x97, 0x38,
0x4c, 0x92, 0x37, 0xec, 0xaf, 0x6b, 0x47, 0x59, 0x1f, 0x67,
0x79, 0xa5, 0x2a, 0xb4, 0xc0, 0x38, 0x1b, 0xd7, 0xfe, 0x73,
0x44, 0x4c, 0x20, 0xd4, 0x7d, 0x5f, 0x25, 0xa4, 0x41, 0x3f,
0x80, 0x68, 0x55, 0x7e, 0x7f, 0xd2, 0x74, 0x5f, 0xdb, 0x88,
0xa8, 0x8d, 0x26, 0x2d, 0x1a, 0x23, 0x86, 0xc9, 0xe8, 0x4a,
0x11, 0x00, 0x08, 0xec, 0xd8, 0xcb, 0x9a, 0xea, 0x88, 0x3d,
0x43, 0x52, 0xd9, 0xe6, 0x16, 0xab, 0xe7, 0x59, 0xf1, 0x0c,
0x86, 0x7d, 0xa1, 0x85, 0x5e, 0xde, 0xd5, 0xa3, 0xeb, 0x5c,
0x4b, 0x20, 0xc9, 0x5a, 0xab, 0xe6)
};
/**
* SHA-512 test case 9 - count 0
*/
drbg_test_vector_t drbg_hmac_sha512_5 = {
.type = DRBG_HMAC_SHA512, .strength = 256,
{ NULL, 0 },
chunk_from_chars(0x60, 0xf1, 0x2a, 0x1e, 0x56, 0x3c, 0x83, 0xdd, 0xaa, 0x36,
0x13, 0xa5, 0x15, 0x53, 0x7f, 0x59, 0x0b, 0xf2, 0x2c, 0x23,
0x95, 0xc3, 0xcc, 0x67, 0x4e, 0x23, 0xcc, 0x7b, 0x3a, 0x7e,
0x59, 0x57, 0xb0, 0x46, 0xb7, 0x97, 0xa0, 0xaf, 0x84, 0x02,
0x7c, 0x69, 0x56, 0x88, 0x38, 0xf6, 0x49, 0x0e, 0x68, 0xda,
0x0a, 0xbd, 0xc0, 0x8a, 0xd5, 0xd9, 0xa3, 0xb8, 0x5a, 0x98,
0x16, 0xbe, 0xae, 0xe2, 0xda, 0x74, 0x9c, 0xa8, 0xbd, 0x75,
0x7b, 0x31, 0xd7, 0x56, 0xcb, 0x82, 0x0f, 0x4b, 0x52, 0x17),
chunk_from_chars(0x33, 0x95, 0x2b, 0xde, 0x77, 0x3c, 0x0d, 0xc0, 0x09, 0x10,
0xce, 0x6d, 0xc5, 0x5d, 0xae, 0x77, 0xd6, 0xa5, 0xc5, 0xab,
0x9a, 0x93, 0xf6, 0x12, 0xa6, 0x56, 0xb9, 0xcc, 0xc1, 0xeb,
0x24, 0xa6, 0xcc, 0xea, 0x86, 0xd5, 0x09, 0x0d, 0xf3, 0x05,
0xde, 0x69, 0x29, 0x96, 0x4c, 0x45, 0x60, 0x53, 0x14, 0x81,
0xea, 0x83, 0x55, 0x64, 0xf1, 0xde, 0x27, 0x10, 0xa7, 0xb1,
0x55, 0xf3, 0x77, 0x23, 0x47, 0xa2, 0x71, 0xfb, 0x8a, 0x40,
0x62, 0x13, 0x53, 0xc1, 0x35, 0xbe, 0xd0, 0x18, 0x0d, 0x86,
0x7d, 0x4b, 0x8e, 0xe6, 0x13, 0x9f, 0x3b, 0x6f, 0x60, 0xa1,
0xe4, 0x07, 0x2c, 0xce, 0x31, 0x98, 0xb2, 0x01, 0xdd, 0x1a,
0x0a, 0x31, 0x93, 0xa2, 0xd3, 0x06, 0x1e, 0xf1, 0x21, 0xed,
0x1d, 0x5c, 0xc1, 0x27, 0xe7, 0xa4, 0x33, 0xae, 0x54, 0x07,
0xc0, 0x9b, 0x45, 0xce, 0xb1, 0xed, 0xe6, 0x9f, 0x1c, 0x5e,
0x27, 0xe7, 0xac, 0x7f, 0xf7, 0xdd, 0x65, 0xd0, 0x7c, 0x92,
0xe9, 0xb0, 0x02, 0xf4, 0x4a, 0x36, 0xb4, 0x98, 0x8b, 0x4b,
0xab, 0x45, 0xd2, 0x07, 0x54, 0x94, 0x3a, 0xfc, 0x0b, 0xae,
0x2d, 0xac, 0x20, 0xc3, 0xcc, 0x6e, 0xe0, 0x8f, 0xfd, 0x3c,
0x6a, 0x94, 0x4e, 0xca, 0xe7, 0xd1, 0x25, 0x1a, 0x81, 0x49,
0xfb, 0xb8, 0x19, 0xdb, 0x2c, 0xb7, 0xd6, 0xfe, 0x48, 0xae,
0x98, 0x44, 0xf1, 0xc0, 0xcf, 0xf1, 0xd7, 0x61, 0x67, 0x03,
0x47, 0x35, 0xc7, 0x99, 0x8a, 0x1d, 0xd0, 0xa0, 0x66, 0xe6,
0x7e, 0xae, 0xe8, 0x6d, 0xa5, 0x81, 0x68, 0xe4, 0xeb, 0xe0,
0xfd, 0x36, 0xbc, 0x1e, 0x0e, 0x46, 0x9c, 0xd3, 0x77, 0xb4,
0x14, 0xb6, 0xe3, 0xc8, 0x92, 0x02, 0x02, 0x40, 0xae, 0x71,
0xf1, 0x72, 0x86, 0xd1, 0xa4, 0x84, 0xa1, 0x6d, 0xc1, 0x8b,
0x25, 0xeb, 0xab, 0x47, 0x4c, 0xe6)
};
/**
* SHA-512 test case 11 - count 0
*/
drbg_test_vector_t drbg_hmac_sha512_6 = {
.type = DRBG_HMAC_SHA512, .strength = 256,
chunk_from_chars(0x5e, 0x5b, 0x96, 0xb3, 0x8f, 0xff, 0xb9, 0x29, 0xbf, 0x3d,
0x74, 0x40, 0xe6, 0x0e, 0x9c, 0x38, 0xe6, 0xea, 0xb0, 0x5f,
0xd1, 0xe1, 0x2a, 0xb8, 0x2c, 0xb5, 0xfd, 0x5e, 0x6d, 0xa2,
0x6a, 0xb4),
chunk_from_chars(0x29, 0xb9, 0x7c, 0x42, 0x1a, 0xea, 0x05, 0xea, 0x9b, 0x1c,
0x68, 0x4a, 0x8b, 0x91, 0xcd, 0x04, 0xe5, 0x76, 0xa0, 0x19,
0x88, 0x31, 0xc4, 0x2a, 0x18, 0x66, 0x82, 0x4a, 0x34, 0x62,
0xc7, 0xa8, 0x10, 0xa7, 0xce, 0x39, 0x6f, 0x4b, 0xea, 0x52,
0x27, 0x54, 0x5c, 0x1a, 0x87, 0xd7, 0x4e, 0xb5, 0x24, 0x6c,
0x56, 0x51, 0x0a, 0x65, 0x2f, 0xd9, 0x0e, 0xa3, 0x77, 0xfe,
0xd3, 0x15, 0xd7, 0x57, 0x6a, 0x2a, 0x23, 0x0c, 0xef, 0xdf,
0x4f, 0x45, 0xae, 0x28, 0x72, 0xb9, 0xd9, 0xad, 0xad, 0x3f),
chunk_from_chars(0x61, 0x46, 0x67, 0xab, 0x1e, 0xe7, 0x5e, 0xd7, 0x13, 0x1f,
0x2e, 0x37, 0xda, 0x34, 0xa9, 0xb3, 0x92, 0x4d, 0xd8, 0x99,
0x7b, 0x35, 0x33, 0x5f, 0xfd, 0xdd, 0x67, 0xaa, 0x3a, 0x5d,
0xca, 0xec, 0x1b, 0x6c, 0xc9, 0xcf, 0x32, 0xab, 0x0c, 0x27,
0x7f, 0x2c, 0xb0, 0xcc, 0xa2, 0xae, 0xc7, 0x2d, 0x66, 0x3a,
0x25, 0x83, 0x08, 0xa6, 0x0c, 0xae, 0xed, 0xe4, 0x3d, 0x11,
0xd2, 0xd7, 0xcb, 0x81, 0x1f, 0x38, 0x67, 0x7b, 0x81, 0x31,
0x75, 0xd9, 0x32, 0x79, 0x0a, 0x37, 0x44, 0x9c, 0xf2, 0x8a,
0xa6, 0x81, 0x3a, 0xc4, 0x98, 0x96, 0x5f, 0x56, 0x92, 0x64,
0xc3, 0x23, 0xfa, 0x5e, 0x12, 0x0e, 0x95, 0x34, 0x88, 0x18,
0x2e, 0xc9, 0x7a, 0x32, 0xdd, 0xcb, 0x83, 0x5c, 0x45, 0x51,
0xf0, 0x85, 0x58, 0x6f, 0x3b, 0xc9, 0x68, 0x94, 0xb3, 0x0a,
0xfd, 0x77, 0x51, 0xe4, 0xa6, 0x90, 0xb5, 0x7a, 0xfc, 0x84,
0x19, 0x5f, 0xcb, 0x97, 0xf8, 0xdd, 0x90, 0x51, 0x16, 0xe6,
0xbc, 0x38, 0xbb, 0xaa, 0xaa, 0x54, 0x3e, 0xd0, 0x06, 0xd0,
0x28, 0x01, 0x68, 0x13, 0x81, 0x91, 0x89, 0x77, 0x03, 0x82,
0xe7, 0x5b, 0x66, 0x62, 0x0b, 0xc0, 0x73, 0x76, 0xb7, 0x89,
0x56, 0x20, 0xe2, 0xd4, 0x44, 0x6c, 0xc2, 0x9e, 0x22, 0xa8,
0x4b, 0xad, 0x1f, 0x7f, 0x87, 0x11, 0x61, 0x4c, 0x7e, 0x91,
0x9d, 0x48, 0x21, 0xb4, 0x0d, 0xdb, 0x46, 0x04, 0x88, 0xf1,
0xad, 0xd3, 0x6b, 0x40, 0xb4, 0x23, 0xfc, 0x9c, 0xed, 0xfe,
0x10, 0xfe, 0x12, 0x1b, 0xee, 0x24, 0xe2, 0x0c, 0x4f, 0x0b,
0xb1, 0x8d, 0xbd, 0x71, 0xc6, 0x02, 0xaf, 0x0b, 0x7a, 0x5a,
0x15, 0xa3, 0xea, 0xf3, 0xce, 0x44, 0xb2, 0xe8, 0x70, 0x90,
0x15, 0xf1, 0x35, 0xdb, 0xfd, 0x0f, 0x76, 0xe4, 0xb8, 0xde,
0xf7, 0x75, 0x80, 0x1c, 0x0e, 0x9e)
};

16
src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c
View File

@ -25,6 +25,7 @@
#define TEST_VECTOR_HASHER(x) extern hasher_test_vector_t x;
#define TEST_VECTOR_PRF(x) extern prf_test_vector_t x;
#define TEST_VECTOR_XOF(x) extern xof_test_vector_t x;
#define TEST_VECTOR_DRBG(x) extern drbg_test_vector_t x;
#define TEST_VECTOR_RNG(x) extern rng_test_vector_t x;
#define TEST_VECTOR_DH(x) extern dh_test_vector_t x;
@ -36,6 +37,7 @@
#undef TEST_VECTOR_HASHER
#undef TEST_VECTOR_PRF
#undef TEST_VECTOR_XOF
#undef TEST_VECTOR_DRBG
#undef TEST_VECTOR_RNG
#undef TEST_VECTOR_DH
@ -45,6 +47,7 @@
#define TEST_VECTOR_HASHER(x)
#define TEST_VECTOR_PRF(x)
#define TEST_VECTOR_XOF(x)
#define TEST_VECTOR_DRBG(x)
#define TEST_VECTOR_RNG(x)
#define TEST_VECTOR_DH(x)
@ -97,6 +100,14 @@ static xof_test_vector_t *xof[] = {
#undef TEST_VECTOR_XOF
#define TEST_VECTOR_XOF(x)
#undef TEST_VECTOR_DRBG
#define TEST_VECTOR_DRBG(x) &x,
static drbg_test_vector_t *drbg[] = {
#include "test_vectors.h"
};
#undef TEST_VECTOR_DRBG
#define TEST_VECTOR_DRBG(x)
#undef TEST_VECTOR_RNG
#define TEST_VECTOR_RNG(x) &x,
static rng_test_vector_t *rng[] = {
@ -197,6 +208,11 @@ plugin_t *test_vectors_plugin_create()
lib->crypto->add_test_vector(lib->crypto,
EXTENDED_OUTPUT_FUNCTION, xof[i]);
}
for (i = 0; i < countof(drbg); i++)
{
lib->crypto->add_test_vector(lib->crypto,
DETERMINISTIC_RANDOM_BIT_GENERATOR, drbg[i]);
}
for (i = 0; i < countof(rng); i++)
{
lib->crypto->add_test_vector(lib->crypto,

5
src/libstrongswan/tests/Makefile.am
View File

@ -2,8 +2,7 @@ check_LTLIBRARIES = libtest.la
libtest_la_SOURCES = \
test_suite.c test_suite.h \
test_runner.c test_runner.h \
utils/test_rng.c utils/test_rng.h
test_runner.c test_runner.h
libtest_la_CFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
@ -54,7 +53,7 @@ libstrongswan_tests_SOURCES = tests.h tests.c \
suites/test_asn1.c \
suites/test_asn1_parser.c \
suites/test_printf.c \
suites/test_test_rng.c \
suites/test_rng_tester.c \
suites/test_mgf1.c \
suites/test_ntru.c \
suites/test_ed25519.c \

1
src/libstrongswan/tests/suites/test_mgf1.c
View File

@ -15,7 +15,6 @@
#include "test_suite.h"
#include <tests/utils/test_rng.h>
#include <utils/test.h>
#include <crypto/xofs/xof.h>
#include <crypto/xofs/xof_bitspender.h>

14
src/libstrongswan/tests/suites/test_test_rng.c → src/libstrongswan/tests/suites/test_rng_tester.c
View File

@ -15,10 +15,10 @@
#include "test_suite.h"
#include <tests/utils/test_rng.h>
#include <utils/test.h>
#include <crypto/rngs/rng_tester.h>
START_TEST(test_test_rng)
START_TEST(test_rng_tester)
{
rng_t *entropy;
chunk_t in, in1, in2, out;
@ -27,7 +27,7 @@ START_TEST(test_test_rng)
in2 = chunk_from_chars(0x07, 0x08);
in = chunk_cat("cc", in1, in2);
entropy = test_rng_create(in);
entropy = rng_tester_create(in);
ck_assert(entropy->allocate_bytes(entropy, 6, &out));
ck_assert(chunk_equals(in1, out));
ck_assert(entropy->get_bytes(entropy, 2, out.ptr));
@ -41,15 +41,15 @@ START_TEST(test_test_rng)
END_TEST
Suite *test_rng_suite_create()
Suite *rng_tester_suite_create()
{
Suite *s;
TCase *tc;
s = suite_create("test_rng");
s = suite_create("rng_tester");
tc = tcase_create("test_rng");
tcase_add_test(tc, test_test_rng);
tc = tcase_create("rng_tester");
tcase_add_test(tc, test_rng_tester);
suite_add_tcase(s, tc);
return s;

2
src/libstrongswan/tests/suites/test_vectors.c
View File

@ -28,6 +28,8 @@ static transform_type_t tfs[] = {
INTEGRITY_ALGORITHM,
HASH_ALGORITHM,
PSEUDO_RANDOM_FUNCTION,
EXTENDED_OUTPUT_FUNCTION,
DETERMINISTIC_RANDOM_BIT_GENERATOR,
RANDOM_NUMBER_GENERATOR,
DIFFIE_HELLMAN_GROUP,
};

2
src/libstrongswan/tests/tests.h
View File

@ -46,7 +46,7 @@ TEST_SUITE_DEPEND(iv_gen_suite_create, RNG, RNG_STRONG)
TEST_SUITE(pen_suite_create)
TEST_SUITE(asn1_suite_create)
TEST_SUITE(asn1_parser_suite_create)
TEST_SUITE(test_rng_suite_create)
TEST_SUITE(rng_tester_suite_create)
TEST_SUITE_DEPEND(mgf1_sha1_suite_create, XOF, XOF_MGF1_SHA1)
TEST_SUITE_DEPEND(mgf1_sha256_suite_create, XOF, XOF_MGF1_SHA256)
TEST_SUITE_DEPEND(ntru_suite_create, DH, NTRU_112_BIT)