From 737375a2d27e9cf337bab3f37377eabaa0d31efe Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Thu, 10 Oct 2019 00:00:05 +0200 Subject: [PATCH] drbg: Implemented NIST SP-800-90A DRBG --- conf/Makefile.am | 1 + conf/plugins/drbg.opt | 3 + configure.ac | 6 +- src/libstrongswan/Makefile.am | 18 +- src/libstrongswan/crypto/crypto_factory.c | 118 ++- src/libstrongswan/crypto/crypto_factory.h | 49 +- src/libstrongswan/crypto/crypto_tester.c | 144 ++++ src/libstrongswan/crypto/crypto_tester.h | 33 + src/libstrongswan/crypto/drbgs/drbg.c | 28 + src/libstrongswan/crypto/drbgs/drbg.h | 99 +++ .../test_rng.c => crypto/rngs/rng_tester.c} | 4 +- .../test_rng.h => crypto/rngs/rng_tester.h} | 22 +- src/libstrongswan/crypto/transform.c | 10 +- src/libstrongswan/crypto/transform.h | 1 + src/libstrongswan/plugins/drbg/Makefile.am | 18 + src/libstrongswan/plugins/drbg/drbg_ctr.c | 356 ++++++++ src/libstrongswan/plugins/drbg/drbg_ctr.h | 51 ++ src/libstrongswan/plugins/drbg/drbg_hmac.c | 319 +++++++ src/libstrongswan/plugins/drbg/drbg_hmac.h | 51 ++ src/libstrongswan/plugins/drbg/drbg_plugin.c | 92 ++ src/libstrongswan/plugins/drbg/drbg_plugin.h | 42 + src/libstrongswan/plugins/plugin_feature.c | 22 + src/libstrongswan/plugins/plugin_feature.h | 7 + .../plugins/test_vectors/Makefile.am | 2 + .../plugins/test_vectors/test_vectors.h | 44 + .../test_vectors/test_vectors/drbg_ctr.c | 470 ++++++++++ .../test_vectors/test_vectors/drbg_hmac.c | 812 ++++++++++++++++++ .../test_vectors/test_vectors_plugin.c | 16 + src/libstrongswan/tests/Makefile.am | 5 +- src/libstrongswan/tests/suites/test_mgf1.c | 1 - .../{test_test_rng.c => test_rng_tester.c} | 14 +- src/libstrongswan/tests/suites/test_vectors.c | 2 + src/libstrongswan/tests/tests.h | 2 +- 33 files changed, 2825 insertions(+), 37 deletions(-) create mode 100644 conf/plugins/drbg.opt create mode 100644 src/libstrongswan/crypto/drbgs/drbg.c create mode 100644 src/libstrongswan/crypto/drbgs/drbg.h rename src/libstrongswan/{tests/utils/test_rng.c => crypto/rngs/rng_tester.c} (96%) rename src/libstrongswan/{tests/utils/test_rng.h => crypto/rngs/rng_tester.h} (61%) create mode 100644 src/libstrongswan/plugins/drbg/Makefile.am create mode 100644 src/libstrongswan/plugins/drbg/drbg_ctr.c create mode 100644 src/libstrongswan/plugins/drbg/drbg_ctr.h create mode 100644 src/libstrongswan/plugins/drbg/drbg_hmac.c create mode 100644 src/libstrongswan/plugins/drbg/drbg_hmac.h create mode 100644 src/libstrongswan/plugins/drbg/drbg_plugin.c create mode 100644 src/libstrongswan/plugins/drbg/drbg_plugin.h create mode 100644 src/libstrongswan/plugins/test_vectors/test_vectors/drbg_ctr.c create mode 100644 src/libstrongswan/plugins/test_vectors/test_vectors/drbg_hmac.c rename src/libstrongswan/tests/suites/{test_test_rng.c => test_rng_tester.c} (84%) diff --git a/conf/Makefile.am b/conf/Makefile.am index 0080a559d..1c2b41236 100644 --- a/conf/Makefile.am +++ b/conf/Makefile.am @@ -39,6 +39,7 @@ plugins = \ plugins/curl.opt \ plugins/dhcp.opt \ plugins/dnscert.opt \ + plugins/drbg.opt \ plugins/duplicheck.opt \ plugins/eap-aka.opt \ plugins/eap-aka-3gpp.opt \ diff --git a/conf/plugins/drbg.opt b/conf/plugins/drbg.opt new file mode 100644 index 000000000..2d132a1d7 --- /dev/null +++ b/conf/plugins/drbg.opt @@ -0,0 +1,3 @@ +charon.plugins.drbg.max_drbg_requests = 4294967294 + Number of pseudo-random bit requests from the DRBG before an automatic + reseeding occurs. diff --git a/configure.ac b/configure.ac index 6a20ce691..8016f44f6 100644 --- a/configure.ac +++ b/configure.ac @@ -1,6 +1,6 @@ # # Copyright (C) 2007-2017 Tobias Brunner -# Copyright (C) 2006-2017 Andreas Steffen +# Copyright (C) 2006-2019 Andreas Steffen # Copyright (C) 2006-2014 Martin Willi # HSR Hochschule fuer Technik Rapperswil # @@ -132,6 +132,7 @@ ARG_ENABL_SET([chapoly], [enables the ChaCha20/Poly1305 AEAD plugin.]) ARG_DISBL_SET([cmac], [disable CMAC crypto implementation plugin.]) ARG_ENABL_SET([ctr], [enables the Counter Mode wrapper crypto plugin.]) ARG_DISBL_SET([des], [disable DES/3DES software implementation plugin.]) +ARG_DISBL_SET([drbg], [disable the NIST Deterministic Random Bit Generator plugin.]) ARG_DISBL_SET([fips-prf], [disable FIPS PRF software implementation plugin.]) ARG_ENABL_SET([gcm], [enables the GCM AEAD wrapper crypto plugin.]) ARG_ENABL_SET([gcrypt], [enables the libgcrypt plugin.]) @@ -1442,6 +1443,7 @@ ADD_PLUGIN([ctr], [s charon scripts nm cmd]) ADD_PLUGIN([ccm], [s charon scripts nm cmd]) ADD_PLUGIN([gcm], [s charon scripts nm cmd]) ADD_PLUGIN([ntru], [s charon scripts nm cmd]) +ADD_PLUGIN([drbg], [s charon pki scripts nm cmd]) ADD_PLUGIN([newhope], [s charon scripts nm cmd]) ADD_PLUGIN([bliss], [s charon pki scripts nm cmd]) ADD_PLUGIN([curl], [s charon scepclient pki scripts nm cmd]) @@ -1611,6 +1613,7 @@ AM_CONDITIONAL(USE_AF_ALG, test x$af_alg = xtrue) AM_CONDITIONAL(USE_NTRU, test x$ntru = xtrue) AM_CONDITIONAL(USE_NEWHOPE, test x$newhope = xtrue) AM_CONDITIONAL(USE_BLISS, test x$bliss = xtrue) +AM_CONDITIONAL(USE_DRBG, test x$drbg = xtrue) # charon plugins # ---------------- @@ -1887,6 +1890,7 @@ AC_CONFIG_FILES([ src/libstrongswan/plugins/ccm/Makefile src/libstrongswan/plugins/gcm/Makefile src/libstrongswan/plugins/af_alg/Makefile + src/libstrongswan/plugins/drbg/Makefile src/libstrongswan/plugins/ntru/Makefile src/libstrongswan/plugins/bliss/Makefile src/libstrongswan/plugins/bliss/tests/Makefile diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index 77fe6ebff..fda7463ed 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -5,11 +5,13 @@ library.c \ asn1/asn1.c asn1/asn1_parser.c asn1/oid.c bio/bio_reader.c bio/bio_writer.c \ collections/blocking_queue.c collections/enumerator.c collections/hashtable.c \ collections/array.c \ -collections/linked_list.c crypto/crypters/crypter.c crypto/hashers/hasher.c \ +collections/linked_list.c crypto/crypters/crypter.c \ +crypto/drbgs/drbg.c crypto/hashers/hasher.c \ crypto/hashers/hash_algorithm_set.c crypto/proposal/proposal.c \ crypto/proposal/proposal_keywords.c crypto/proposal/proposal_keywords_static.c \ crypto/prfs/prf.c crypto/prfs/mac_prf.c crypto/pkcs5.c \ -crypto/rngs/rng.c crypto/prf_plus.c crypto/signers/signer.c \ +crypto/rngs/rng.c crypto/rngs/rng_tester.c \ +crypto/prf_plus.c crypto/signers/signer.c \ crypto/signers/mac_signer.c crypto/crypto_factory.c crypto/crypto_tester.c \ crypto/diffie_hellman.c crypto/aead.c crypto/transform.c \ crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c crypto/iv/iv_gen_seq.c \ @@ -68,10 +70,11 @@ library.h \ asn1/asn1.h asn1/asn1_parser.h asn1/oid.h bio/bio_reader.h bio/bio_writer.h \ collections/blocking_queue.h collections/enumerator.h collections/hashtable.h \ collections/linked_list.h collections/array.h collections/dictionary.h \ -crypto/crypters/crypter.h crypto/hashers/hasher.h \ +crypto/crypters/crypter.h crypto/drbgs/drbg.h crypto/hashers/hasher.h \ crypto/hashers/hash_algorithm_set.h crypto/mac.h crypto/proposal/proposal.h \ crypto/proposal/proposal_keywords.h crypto/proposal/proposal_keywords_static.h \ -crypto/prfs/prf.h crypto/prfs/mac_prf.h crypto/rngs/rng.h crypto/nonce_gen.h \ +crypto/rngs/rng.h crypto/rngs/rng_tester.h \ +crypto/prfs/prf.h crypto/prfs/mac_prf.h crypto/nonce_gen.h \ crypto/prf_plus.h crypto/signers/signer.h crypto/signers/mac_signer.h \ crypto/crypto_factory.h crypto/crypto_tester.h crypto/diffie_hellman.h \ crypto/aead.h crypto/transform.h crypto/pkcs5.h crypto/iv/iv_gen.h \ @@ -663,6 +666,13 @@ if MONOLITHIC endif endif +if USE_DRBG + SUBDIRS += plugins/drbg +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/drbg/libstrongswan-drbg.la +endif +endif + if USE_TEST_VECTORS SUBDIRS += plugins/test_vectors if MONOLITHIC diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c index 096bcbc9c..62b980696 100644 --- a/src/libstrongswan/crypto/crypto_factory.c +++ b/src/libstrongswan/crypto/crypto_factory.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2013-2014 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Copyright (C) 2016 Andreas Steffen + * Copyright (C) 2016-2019 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -53,6 +53,7 @@ struct entry_t { hasher_constructor_t create_hasher; prf_constructor_t create_prf; xof_constructor_t create_xof; + drbg_constructor_t create_drbg; rng_constructor_t create_rng; nonce_gen_constructor_t create_nonce_gen; dh_constructor_t create_dh; @@ -102,6 +103,11 @@ struct private_crypto_factory_t { */ linked_list_t *xofs; + /** + * registered drbgs, as entry_t + */ + linked_list_t *drbgs; + /** * registered rngs, as entry_t */ @@ -342,6 +348,40 @@ METHOD(crypto_factory_t, create_xof, xof_t*, return xof; } +METHOD(crypto_factory_t, create_drbg, drbg_t*, + private_crypto_factory_t *this, drbg_type_t type, uint32_t strength, + rng_t *entropy, chunk_t personalization_str) +{ + enumerator_t *enumerator; + entry_t *entry; + drbg_t *drbg = NULL; + + this->lock->read_lock(this->lock); + enumerator = this->drbgs->create_enumerator(this->drbgs); + while (enumerator->enumerate(enumerator, &entry)) + { + if (entry->algo == type) + { + if (this->test_on_create && + !this->tester->test_drbg(this->tester, type, + entry->create_drbg, NULL, + default_plugin_name)) + { + continue; + } + drbg = entry->create_drbg(type, strength, entropy, + personalization_str); + if (drbg) + { + break; + } + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + return drbg; +} + METHOD(crypto_factory_t, create_rng, rng_t*, private_crypto_factory_t *this, rng_quality_t quality) { @@ -709,6 +749,43 @@ METHOD(crypto_factory_t, remove_xof, void, this->lock->unlock(this->lock); } +METHOD(crypto_factory_t, add_drbg, bool, + private_crypto_factory_t *this, drbg_type_t type, + const char *plugin_name, drbg_constructor_t create) +{ + u_int speed = 0; + + if (!this->test_on_add || + this->tester->test_drbg(this->tester, type, create, + this->bench ? &speed : NULL, plugin_name)) + { + add_entry(this, this->drbgs, type, plugin_name, speed, create); + return TRUE; + } + this->test_failures++; + return FALSE; +} + +METHOD(crypto_factory_t, remove_drbg, void, + private_crypto_factory_t *this, drbg_constructor_t create) +{ + entry_t *entry; + enumerator_t *enumerator; + + this->lock->write_lock(this->lock); + enumerator = this->drbgs->create_enumerator(this->drbgs); + while (enumerator->enumerate(enumerator, &entry)) + { + if (entry->create_drbg == create) + { + this->drbgs->remove_at(this->drbgs, enumerator); + free(entry); + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); +} + METHOD(crypto_factory_t, add_rng, bool, private_crypto_factory_t *this, rng_quality_t quality, const char *plugin_name, rng_constructor_t create) @@ -981,6 +1058,30 @@ METHOD(crypto_factory_t, create_xof_enumerator, enumerator_t*, return create_enumerator(this, this->xofs, xof_filter); } +CALLBACK(drbg_filter, bool, + void *n, enumerator_t *orig, va_list args) +{ + entry_t *entry; + drbg_type_t *type; + const char **plugin_name; + + VA_ARGS_VGET(args, type, plugin_name); + + if (orig->enumerate(orig, &entry)) + { + *type = entry->algo; + *plugin_name = entry->plugin_name; + return TRUE; + } + return FALSE; +} + +METHOD(crypto_factory_t, create_drbg_enumerator, enumerator_t*, + private_crypto_factory_t *this) +{ + return create_enumerator(this, this->drbgs, drbg_filter); +} + CALLBACK(dh_filter, bool, void *n, enumerator_t *orig, va_list args) { @@ -1068,6 +1169,8 @@ METHOD(crypto_factory_t, add_test_vector, void, return this->tester->add_prf_vector(this->tester, vector); case EXTENDED_OUTPUT_FUNCTION: return this->tester->add_xof_vector(this->tester, vector); + case DETERMINISTIC_RANDOM_BIT_GENERATOR: + return this->tester->add_drbg_vector(this->tester, vector); case RANDOM_NUMBER_GENERATOR: return this->tester->add_rng_vector(this->tester, vector); case DIFFIE_HELLMAN_GROUP: @@ -1129,6 +1232,10 @@ METHOD(enumerator_t, verify_enumerate, bool, *valid = this->tester->test_xof(this->tester, entry->algo, entry->create_xof, NULL, entry->plugin_name); break; + case DETERMINISTIC_RANDOM_BIT_GENERATOR: + *valid = this->tester->test_drbg(this->tester, entry->algo, + entry->create_drbg, NULL, entry->plugin_name); + break; case RANDOM_NUMBER_GENERATOR: *valid = this->tester->test_rng(this->tester, entry->algo, entry->create_rng, NULL, entry->plugin_name); @@ -1180,6 +1287,9 @@ METHOD(crypto_factory_t, create_verify_enumerator, enumerator_t*, case EXTENDED_OUTPUT_FUNCTION: inner = this->xofs->create_enumerator(this->xofs); break; + case DETERMINISTIC_RANDOM_BIT_GENERATOR: + inner = this->drbgs->create_enumerator(this->drbgs); + break; case RANDOM_NUMBER_GENERATOR: inner = this->rngs->create_enumerator(this->rngs); break; @@ -1213,6 +1323,7 @@ METHOD(crypto_factory_t, destroy, void, this->hashers->destroy(this->hashers); this->prfs->destroy(this->prfs); this->xofs->destroy(this->xofs); + this->drbgs->destroy(this->drbgs); this->rngs->destroy(this->rngs); this->nonce_gens->destroy(this->nonce_gens); this->dhs->destroy(this->dhs); @@ -1236,6 +1347,7 @@ crypto_factory_t *crypto_factory_create() .create_hasher = _create_hasher, .create_prf = _create_prf, .create_xof = _create_xof, + .create_drbg = _create_drbg, .create_rng = _create_rng, .create_nonce_gen = _create_nonce_gen, .create_dh = _create_dh, @@ -1251,6 +1363,8 @@ crypto_factory_t *crypto_factory_create() .remove_prf = _remove_prf, .add_xof = _add_xof, .remove_xof = _remove_xof, + .add_drbg = _add_drbg, + .remove_drbg = _remove_drbg, .add_rng = _add_rng, .remove_rng = _remove_rng, .add_nonce_gen = _add_nonce_gen, @@ -1263,6 +1377,7 @@ crypto_factory_t *crypto_factory_create() .create_hasher_enumerator = _create_hasher_enumerator, .create_prf_enumerator = _create_prf_enumerator, .create_xof_enumerator = _create_xof_enumerator, + .create_drbg_enumerator = _create_drbg_enumerator, .create_dh_enumerator = _create_dh_enumerator, .create_rng_enumerator = _create_rng_enumerator, .create_nonce_gen_enumerator = _create_nonce_gen_enumerator, @@ -1276,6 +1391,7 @@ crypto_factory_t *crypto_factory_create() .hashers = linked_list_create(), .prfs = linked_list_create(), .xofs = linked_list_create(), + .drbgs = linked_list_create(), .rngs = linked_list_create(), .nonce_gens = linked_list_create(), .dhs = linked_list_create(), diff --git a/src/libstrongswan/crypto/crypto_factory.h b/src/libstrongswan/crypto/crypto_factory.h index 7f048c620..87e2cd2b6 100644 --- a/src/libstrongswan/crypto/crypto_factory.h +++ b/src/libstrongswan/crypto/crypto_factory.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Copyright (C) 2016 Andreas Steffen + * Copyright (C) 2016-2019 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -33,6 +33,7 @@ typedef struct crypto_factory_t crypto_factory_t; #include #include #include +#include #include #include #include @@ -65,10 +66,16 @@ typedef hasher_t* (*hasher_constructor_t)(hash_algorithm_t algo); typedef prf_t* (*prf_constructor_t)(pseudo_random_function_t algo); /** - * Constructor function for pseudo random functions + * Constructor function for extended output functions */ typedef xof_t* (*xof_constructor_t)(ext_out_function_t algo); +/** + * Constructor function for deterministic random bit generators + */ +typedef drbg_t* (*drbg_constructor_t)(drbg_type_t type, uint32_t strength, + rng_t *entropy, chunk_t personalization_str); + /** * Constructor function for source of randomness */ @@ -147,6 +154,19 @@ struct crypto_factory_t { */ xof_t* (*create_xof)(crypto_factory_t *this, ext_out_function_t algo); + /** + * Create a deterministic random bit generator instance. + * + * @param type DRBG type to use + * @param strength security strength in bits + * @param entropy entropy source to be used + * @param personalization_str optional personalization string + * @return drbg_t instance, NULL if not supported + */ + drbg_t* (*create_drbg)(crypto_factory_t *this, drbg_type_t type, + uint32_t strength, rng_t *entropy, + chunk_t personalization_str); + /** * Create a source of randomness. * @@ -285,6 +305,24 @@ struct crypto_factory_t { */ void (*remove_xof)(crypto_factory_t *this, xof_constructor_t create); + /** + * Register a drbg constructor. + * + * @param type type to constructor + * @param plugin_name plugin that registered this algorithm + * @param create constructor function for that algorithm + * @return TRUE if registered, FALSE if test vector failed + */ + bool (*add_drbg)(crypto_factory_t *this, drbg_type_t type, + const char *plugin_name, drbg_constructor_t create); + + /** + * Unregister a drbg constructor. + * + * @param create constructor function to unregister + */ + void (*remove_drbg)(crypto_factory_t *this, drbg_constructor_t create); + /** * Register a source of randomness. * @@ -381,6 +419,13 @@ struct crypto_factory_t { */ enumerator_t* (*create_xof_enumerator)(crypto_factory_t *this); + /** + * Create an enumerator over all registered DRBGs. + * + * @return enumerator over drbg_type_t, plugin + */ + enumerator_t* (*create_drbg_enumerator)(crypto_factory_t *this); + /** * Create an enumerator over all registered diffie hellman groups. * diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c index f0f64ce42..a04543ebc 100644 --- a/src/libstrongswan/crypto/crypto_tester.c +++ b/src/libstrongswan/crypto/crypto_tester.c @@ -1,5 +1,6 @@ /* * Copyright (C) 2009-2010 Martin Willi + * Copyright (C) 2016-2019 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * Copyright (C) 2010 revosec AG * @@ -24,6 +25,7 @@ #include #include +#include typedef struct private_crypto_tester_t private_crypto_tester_t; @@ -67,6 +69,11 @@ struct private_crypto_tester_t { */ linked_list_t *xof; + /** + * List of DRBG test vectors + */ + linked_list_t *drbg; + /** * List of RNG test vectors */ @@ -1179,6 +1186,133 @@ failure: return !failed; } +/** + * Benchmark a DRBG + */ +static u_int bench_drbg(private_crypto_tester_t *this, + drbg_type_t type, drbg_constructor_t create) +{ + drbg_t *drbg; + rng_t *entropy; + uint32_t strength = 128; + chunk_t seed = chunk_alloca(48); + + memset(seed.ptr, 0x81, seed.len); + entropy = rng_tester_create(seed); + + drbg = create(type, strength, entropy, chunk_empty); + if (drbg) + { + struct timespec start; + u_int runs = 0; + size_t out_len = 128; + char out_buf[out_len]; + + start_timing(&start); + while (end_timing(&start) < this->bench_time) + { + if (drbg->generate(drbg, out_len, out_buf)) + { + runs++; + } + } + drbg->destroy(drbg); + + return runs; + } + return 0; +} + +METHOD(crypto_tester_t, test_drbg, bool, + private_crypto_tester_t *this, drbg_type_t type, + drbg_constructor_t create, u_int *speed, const char *plugin_name) +{ + enumerator_t *enumerator; + drbg_test_vector_t *vector; + bool failed = FALSE; + u_int tested = 0; + + enumerator = this->drbg->create_enumerator(this->drbg); + while (enumerator->enumerate(enumerator, &vector)) + { + drbg_t *drbg; + rng_t *entropy; + chunk_t out = chunk_empty; + + if (vector->type != type) + { + continue; + } + tested++; + failed = TRUE; + + entropy = rng_tester_create(vector->entropy); + out = chunk_alloc(vector->out.len); + + drbg = create(type, vector->strength, entropy, + vector->personalization_str); + if (!drbg) + { + DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed", + drbg_type_names, type, plugin_name); + entropy->destroy(entropy); + chunk_free(&out); + break; + } + if (!drbg->reseed(drbg)) + { + goto failure; + } + if (!drbg->generate(drbg, out.len, out.ptr)) + { + goto failure; + } + if (!drbg->generate(drbg, out.len, out.ptr)) + { + goto failure; + } + if (!chunk_equals(out, vector->out)) + { + goto failure; + } + failed = FALSE; + +failure: + drbg->destroy(drbg); + entropy->destroy(entropy); + chunk_free(&out); + if (failed) + { + DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", + drbg_type_names, type, plugin_name, get_name(vector)); + break; + } + } + enumerator->destroy(enumerator); + if (!tested) + { + DBG1(DBG_LIB, "%s %N[%s]: no test vectors found", + this->required ? "disabled" : "enabled ", + drbg_type_names, type, plugin_name); + return !this->required; + } + if (!failed) + { + if (speed) + { + *speed = bench_drbg(this, type, create); + DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", + drbg_type_names, type, plugin_name, tested, *speed); + } + else + { + DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", + drbg_type_names, type, plugin_name, tested); + } + } + return !failed; +} + /** * Benchmark a RNG */ @@ -1489,6 +1623,12 @@ METHOD(crypto_tester_t, add_xof_vector, void, this->xof->insert_last(this->xof, vector); } +METHOD(crypto_tester_t, add_drbg_vector, void, + private_crypto_tester_t *this, drbg_test_vector_t *vector) +{ + this->drbg->insert_last(this->drbg, vector); +} + METHOD(crypto_tester_t, add_rng_vector, void, private_crypto_tester_t *this, rng_test_vector_t *vector) { @@ -1510,6 +1650,7 @@ METHOD(crypto_tester_t, destroy, void, this->hasher->destroy(this->hasher); this->prf->destroy(this->prf); this->xof->destroy(this->xof); + this->drbg->destroy(this->drbg); this->rng->destroy(this->rng); this->dh->destroy(this->dh); free(this); @@ -1530,6 +1671,7 @@ crypto_tester_t *crypto_tester_create() .test_hasher = _test_hasher, .test_prf = _test_prf, .test_xof = _test_xof, + .test_drbg = _test_drbg, .test_rng = _test_rng, .test_dh = _test_dh, .add_crypter_vector = _add_crypter_vector, @@ -1538,6 +1680,7 @@ crypto_tester_t *crypto_tester_create() .add_hasher_vector = _add_hasher_vector, .add_prf_vector = _add_prf_vector, .add_xof_vector = _add_xof_vector, + .add_drbg_vector = _add_drbg_vector, .add_rng_vector = _add_rng_vector, .add_dh_vector = _add_dh_vector, .destroy = _destroy, @@ -1548,6 +1691,7 @@ crypto_tester_t *crypto_tester_create() .hasher = linked_list_create(), .prf = linked_list_create(), .xof = linked_list_create(), + .drbg = linked_list_create(), .rng = linked_list_create(), .dh = linked_list_create(), diff --git a/src/libstrongswan/crypto/crypto_tester.h b/src/libstrongswan/crypto/crypto_tester.h index 430929595..fcb64a6e2 100644 --- a/src/libstrongswan/crypto/crypto_tester.h +++ b/src/libstrongswan/crypto/crypto_tester.h @@ -1,5 +1,6 @@ /* * Copyright (C) 2009 Martin Willi + * Copyright (C) 2016-2019 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -31,6 +32,7 @@ typedef struct signer_test_vector_t signer_test_vector_t; typedef struct hasher_test_vector_t hasher_test_vector_t; typedef struct prf_test_vector_t prf_test_vector_t; typedef struct xof_test_vector_t xof_test_vector_t; +typedef struct drbg_test_vector_t drbg_test_vector_t; typedef struct rng_test_vector_t rng_test_vector_t; typedef struct dh_test_vector_t dh_test_vector_t; @@ -128,6 +130,19 @@ struct xof_test_vector_t { u_char *out; }; +struct drbg_test_vector_t { + /** drbg type this test vector tests */ + drbg_type_t type; + /** security strength in bits */ + uint32_t strength; + /** optional personalization string */ + chunk_t personalization_str; + /** entropy_input | nonce | entropy_input_reseed */ + chunk_t entropy; + /** returned output bits */ + chunk_t out; +}; + /** * Test vector for a RNG. * @@ -241,6 +256,17 @@ struct crypto_tester_t { bool (*test_xof)(crypto_tester_t *this, ext_out_function_t alg, xof_constructor_t create, u_int *speed, const char *plugin_name); + /** + * Test a DRBG type. + * + * @param type DRBG type to test + * @param create constructor function for the DRBG + * @param speed speed test result, NULL to omit + * @return TRUE if test passed + */ + bool (*test_drbg)(crypto_tester_t *this, drbg_type_t type, + drbg_constructor_t create, + u_int *speed, const char *plugin_name); /** * Test a RNG implementation. * @@ -306,6 +332,13 @@ struct crypto_tester_t { */ void (*add_xof_vector)(crypto_tester_t *this, xof_test_vector_t *vector); + /** + * Add a test vector to test a DRBG. + * + * @param vector pointer to test vector + */ + void (*add_drbg_vector)(crypto_tester_t *this, drbg_test_vector_t *vector); + /** * Add a test vector to test a RNG. * diff --git a/src/libstrongswan/crypto/drbgs/drbg.c b/src/libstrongswan/crypto/drbgs/drbg.c new file mode 100644 index 000000000..7e763844f --- /dev/null +++ b/src/libstrongswan/crypto/drbgs/drbg.c @@ -0,0 +1,28 @@ +/* + * Copyright (C) 2019 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the "GNU General Public License as published by the + * Free Software Foundatio"n; either version 2 of the License, or (at your + * option) any later version". See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. +**/ + +#include "drbg.h" + +ENUM(drbg_type_names, DRBG_UNDEFINED, DRBG_CTR_AES256, + "DRBG_UNDEFINED", + "DRBG_HMAC_SHA1", + "DRBG_HMAC_SHA256", + "DRBG_HMAC_SHA384", + "DRBG_HMAC_SHA512", + "DRBG_CTR_AES128", + "DRBG_CTR_AES192", + "DRBG_CTR_AES256", +); + diff --git a/src/libstrongswan/crypto/drbgs/drbg.h b/src/libstrongswan/crypto/drbgs/drbg.h new file mode 100644 index 000000000..620d44d4e --- /dev/null +++ b/src/libstrongswan/crypto/drbgs/drbg.h @@ -0,0 +1,99 @@ +/* + * Copyright (C) 2019 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup drbg drbg + * @{ @ingroup crypto + */ + +#ifndef DRBG_H_ +#define DRBG_H_ + +typedef enum drbg_type_t drbg_type_t; +typedef struct drbg_t drbg_t; + +#include + +/** + * Deterministic Random Bit Generator.(DRBG) Type + */ +enum drbg_type_t { + DRBG_UNDEFINED, + DRBG_HMAC_SHA1, + DRBG_HMAC_SHA256, + DRBG_HMAC_SHA384, + DRBG_HMAC_SHA512, + DRBG_CTR_AES128, + DRBG_CTR_AES192, + DRBG_CTR_AES256, +}; + +/** + * enum name for drbg_type_t. + */ +extern enum_name_t *drbg_type_names; + +/** + * Interface for a Deterministic Random Bit Generator (DRBG) + * compliant with NIST SP 800-90A + */ +struct drbg_t { + + /** + * Return the type of the DRBG + * + * @return DRBG type + */ + drbg_type_t (*get_type)(drbg_t *this); + + /** + * Return the security strength of the DRBG + * + * @return configured security strength in bits + */ + uint32_t (*get_strength)(drbg_t *this); + + /** + * Reseed the instantiated DRBG + * + * @return TRUE if successful + */ + bool (*reseed)(drbg_t *this); + + /** + * Generate pseudorandom bytes. + * If the maximum number of requests has been reached, reseeding occurs + * + * @param len number of octets to generate + * @param out address of output buffer + * @return TRUE if successful + */ + bool (*generate)(drbg_t *this, uint32_t len, uint8_t *out); + + /** + * Get a reference on an drbg_t object increasing the count by one + * + * @return reference to the drbg_t object + */ + drbg_t* (*get_ref)(drbg_t *this); + + /** + * Uninstantiate and destroy the DRBG object + */ + void (*destroy)(drbg_t *this); + +}; + +#endif /** DRBG_H_ @}*/ diff --git a/src/libstrongswan/tests/utils/test_rng.c b/src/libstrongswan/crypto/rngs/rng_tester.c similarity index 96% rename from src/libstrongswan/tests/utils/test_rng.c rename to src/libstrongswan/crypto/rngs/rng_tester.c index 2985a56e3..4c763f165 100644 --- a/src/libstrongswan/tests/utils/test_rng.c +++ b/src/libstrongswan/crypto/rngs/rng_tester.c @@ -13,7 +13,7 @@ * for more details. */ -#include "test_rng.h" +#include "rng_tester.h" typedef struct private_rng_t private_rng_t; @@ -69,7 +69,7 @@ METHOD(rng_t, destroy, void, /* * Described in header. */ -rng_t *test_rng_create(chunk_t entropy) +rng_t *rng_tester_create(chunk_t entropy) { private_rng_t *this; diff --git a/src/libstrongswan/tests/utils/test_rng.h b/src/libstrongswan/crypto/rngs/rng_tester.h similarity index 61% rename from src/libstrongswan/tests/utils/test_rng.h rename to src/libstrongswan/crypto/rngs/rng_tester.h index e588f3be7..7b7d3ceda 100644 --- a/src/libstrongswan/tests/utils/test_rng.h +++ b/src/libstrongswan/crypto/rngs/rng_tester.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013 Andreas Steffen + * Copyright (C) 2013-2019 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -14,23 +14,23 @@ */ /** - * rng_t providing NIST SP 800-90A entropy test vectors + * rng_t providing deterministic output (DO NOT USE IN PRODUCTIVE SYSTEMS!!!) * - * @defgroup test_rng test_rng - * @{ @ingroup test_utils + * @defgroup rng_tester rng_tester + * @{ @ingroup crypto */ -#ifndef TEST_RNG_H_ -#define TEST_RNG_H_ +#ifndef RNG_TESTER_H_ +#define RNG_TESTER_H_ #include /** - * Creates a test_rng_t instance. + * Creates a rng_tester_t instance. * - * @param entropy entropy test vector - * @return created test_rng_t + * @param entropy deterministic output + * @return created rng_tester_t */ -rng_t *test_rng_create(chunk_t entropy); +rng_t *rng_tester_create(chunk_t entropy); -#endif /** TEST_RNG_H_ @} */ +#endif /** RNG_TESTER_H_ @} */ diff --git a/src/libstrongswan/crypto/transform.c b/src/libstrongswan/crypto/transform.c index 77a57f527..e30208ec0 100644 --- a/src/libstrongswan/crypto/transform.c +++ b/src/libstrongswan/crypto/transform.c @@ -23,14 +23,15 @@ ENUM_BEGIN(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS "INTEGRITY_ALGORITHM", "DIFFIE_HELLMAN_GROUP", "EXTENDED_SEQUENCE_NUMBERS"); -ENUM_NEXT(transform_type_names, HASH_ALGORITHM, EXTENDED_OUTPUT_FUNCTION, +ENUM_NEXT(transform_type_names, HASH_ALGORITHM, DETERMINISTIC_RANDOM_BIT_GENERATOR, EXTENDED_SEQUENCE_NUMBERS, "HASH_ALGORITHM", "RANDOM_NUMBER_GENERATOR", "AEAD_ALGORITHM", "COMPRESSION_ALGORITHM", - "EXTENDED OUTPUT FUNCTION"); -ENUM_END(transform_type_names, EXTENDED_OUTPUT_FUNCTION); + "EXTENDED OUTPUT FUNCTION", + "DETERMINISTIC RANDOM BIT GENERATOR"); +ENUM_END(transform_type_names, DETERMINISTIC_RANDOM_BIT_GENERATOR); ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS, @@ -38,7 +39,6 @@ ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS, "EXT_SEQ", ); - /** * See header */ @@ -63,6 +63,8 @@ enum_name_t* transform_get_enum_names(transform_type_t type) return extended_sequence_numbers_names; case EXTENDED_OUTPUT_FUNCTION: return ext_out_function_names; + case DETERMINISTIC_RANDOM_BIT_GENERATOR: + return drbg_type_names; case COMPRESSION_ALGORITHM: break; } diff --git a/src/libstrongswan/crypto/transform.h b/src/libstrongswan/crypto/transform.h index 63881b373..f7892b821 100644 --- a/src/libstrongswan/crypto/transform.h +++ b/src/libstrongswan/crypto/transform.h @@ -39,6 +39,7 @@ enum transform_type_t { AEAD_ALGORITHM = 258, COMPRESSION_ALGORITHM = 259, EXTENDED_OUTPUT_FUNCTION = 260, + DETERMINISTIC_RANDOM_BIT_GENERATOR = 261, }; /** diff --git a/src/libstrongswan/plugins/drbg/Makefile.am b/src/libstrongswan/plugins/drbg/Makefile.am new file mode 100644 index 000000000..560b2948e --- /dev/null +++ b/src/libstrongswan/plugins/drbg/Makefile.am @@ -0,0 +1,18 @@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = \ + $(PLUGIN_CFLAGS) + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-drbg.la +else +plugin_LTLIBRARIES = libstrongswan-drbg.la +endif + +libstrongswan_drbg_la_SOURCES = \ + drbg_plugin.h drbg_plugin.c \ + drbg_ctr.h drbg_ctr.c \ + drbg_hmac.h drbg_hmac.c + +libstrongswan_drbg_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/drbg/drbg_ctr.c b/src/libstrongswan/plugins/drbg/drbg_ctr.c new file mode 100644 index 000000000..9ca92671d --- /dev/null +++ b/src/libstrongswan/plugins/drbg/drbg_ctr.c @@ -0,0 +1,356 @@ +/* + * Copyright (C) 2016-2019 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "drbg_ctr.h" + +#define MAX_DRBG_REQUESTS 0xfffffffe + +typedef struct private_drbg_ctr_t private_drbg_ctr_t; + +/** + * Private data of an drbg_ctr_t object. + */ +struct private_drbg_ctr_t { + + /** + * Public drbg_ctr_t interface. + */ + drbg_ctr_t public; + + /** + * DRBG type. + */ + drbg_type_t type; + + /** + * Security strength in bits. + */ + uint32_t strength; + + /** + * Number of requests for pseudorandom bits + */ + uint32_t reseed_counter; + + /** + * Maximum number of requests for pseudorandom bits + */ + uint32_t max_requests; + + /** + * True entropy source + */ + rng_t *entropy; + + /** + * Block cipher in counter mode used by the DRBG + */ + crypter_t *crypter; + + /** + * Internal state of HMAC: key + */ + chunk_t key; + + /** + * Internal state of HMAC: value + */ + chunk_t value; + + /** + * reference count + */ + refcount_t ref; + +}; + +METHOD(drbg_t, get_type, drbg_type_t, + private_drbg_ctr_t *this) +{ + return this->type; +} + +METHOD(drbg_t, get_strength, uint32_t, + private_drbg_ctr_t *this) +{ + return this->strength; +} + +static bool encrypt_ctr(private_drbg_ctr_t *this, chunk_t out) +{ + chunk_t iv = chunk_alloca(this->value.len); + chunk_t bl = chunk_alloca(this->value.len); + chunk_t block; + size_t delta, pos = 0; + int bit; + + /* Initialize IV to all zeroes for ECB mode */ + memset(iv.ptr, 0x00, iv.len); + + if (!this->crypter->set_key(this->crypter, this->key)) + { + return FALSE; + } + + while (pos < out.len) + { + /* Increment counter by one */ + chunk_increment(this->value); + + /* Copy current counter to input block */ + delta = out.len - pos; + block = (delta < this->value.len) ? + bl : chunk_create(out.ptr + pos, this->value.len); + memcpy(block.ptr, this->value.ptr, this->value.len); + + /* ECB encryption */ + if (!this->crypter->encrypt(this->crypter, block, iv, NULL)) + { + return FALSE; + } + + /* Partial output block at the end? */ + if (delta < this->value.len) + { + memcpy(out.ptr + pos, block.ptr, delta); + } + pos += this->value.len; + } + + return TRUE; +} + +/** + * Update the internal state of the CTR_DRBG + */ +static bool update(private_drbg_ctr_t *this, chunk_t data) +{ + chunk_t temp; + + if (data.len && data.len != (this->key.len + this->value.len)) + { + return FALSE; + } + temp = chunk_alloca(this->key.len + this->value.len); + + if (!encrypt_ctr(this, temp)) + { + return FALSE; + } + /* Apply data */ + memxor(temp.ptr, data.ptr, data.len); + + /* Copy new key and value */ + memcpy(this->key.ptr, temp.ptr, this->key.len); + memcpy(this->value.ptr, temp.ptr + this->key.len, this->value.len); + memwipe(temp.ptr, temp.len); + DBG4(DBG_LIB, "CTR_DRBG K: %B", &this->key); + DBG4(DBG_LIB, "CTR_DRBG V: %B", &this->value); + + return TRUE; +} + +METHOD(drbg_t, reseed, bool, + private_drbg_ctr_t *this) +{ + chunk_t seed; + bool success; + + seed = chunk_alloc(this->key.len + this->value.len); + DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", seed.len); + + if (!this->entropy->get_bytes(this->entropy, seed.len, seed.ptr)) + { + chunk_free(&seed); + return FALSE; + } + DBG4(DBG_LIB, "reseed: %B", &seed); + + success = update(this, seed); + chunk_clear(&seed); + + if (!success) + { + return FALSE; + } + this->reseed_counter = 1; + + return TRUE; +} + +METHOD(drbg_t, generate, bool, + private_drbg_ctr_t *this, uint32_t len, uint8_t *out) +{ + chunk_t output; + + if (this->reseed_counter > this->max_requests) + { + if (!reseed(this)) + { + return FALSE; + } + } + + DBG2(DBG_LIB, "DRBG generates %u pseudorandom bytes", len); + if (!out || len == 0) + { + return FALSE; + } + output = chunk_create(out, len); + + if (!encrypt_ctr(this, output)) + { + return FALSE; + } + DBG4(DBG_LIB, "CTR_DRBG Out: %B", &output); + + if (!update(this, chunk_empty)) + { + return FALSE; + } + this->reseed_counter++; + + return TRUE; +} + +METHOD(drbg_t, get_ref, drbg_t*, + private_drbg_ctr_t *this) +{ + ref_get(&this->ref); + return &this->public.interface; +} + +METHOD(drbg_t, destroy, void, + private_drbg_ctr_t *this) +{ + if (ref_put(&this->ref)) + { + this->crypter->destroy(this->crypter); + chunk_clear(&this->key); + chunk_clear(&this->value); + free(this); + } +} + +/** + * See header + */ +drbg_ctr_t *drbg_ctr_create(drbg_type_t type, uint32_t strength, + rng_t *entropy, chunk_t personalization_str) +{ + private_drbg_ctr_t *this; + encryption_algorithm_t crypter_type; + crypter_t *crypter; + chunk_t seed; + size_t key_len, out_len, seed_len; + uint32_t max_requests; + bool success; + + switch (type) + { + case DRBG_CTR_AES128: + crypter_type = ENCR_AES_CBC; + key_len = 16; + break; + case DRBG_CTR_AES192: + crypter_type = ENCR_AES_CBC; + key_len = 24; + break; + case DRBG_CTR_AES256: + crypter_type = ENCR_AES_CBC; + key_len = 32; + break; + default: + DBG1(DBG_LIB, "%N not supported", drbg_type_names, type); + return NULL; + } + + if (strength > key_len * BITS_PER_BYTE) + { + DBG1(DBG_LIB, "%d bit block encryption key not sufficient for security " + "strength of % bits", key_len * BITS_PER_BYTE, strength); + return NULL; + } + + crypter = lib->crypto->create_crypter(lib->crypto, crypter_type, key_len); + if (!crypter) + { + DBG1(DBG_LIB, "creation of %N for DRBG failed", + encryption_algorithm_names, crypter_type); + return NULL; + } + out_len = crypter->get_block_size(crypter); + seed_len = key_len + out_len; + + if (personalization_str.len > seed_len) + { + DBG1(DBG_LIB, "personalization string length of %d bytes is larger " + "than seed length of % bytes", personalization_str.len, seed_len); + crypter->destroy(crypter); + return NULL; + } + + max_requests = lib->settings->get_int(lib->settings, + "%s.plugins.drbg.max_drbg_requests", + MAX_DRBG_REQUESTS, lib->ns); + + INIT(this, + .public = { + .interface = { + .get_type = _get_type, + .get_strength = _get_strength, + .reseed = _reseed, + .generate = _generate, + .get_ref = _get_ref, + .destroy = _destroy, + }, + }, + .type = type, + .strength = strength, + .entropy = entropy, + .crypter = crypter, + .key = chunk_alloc(key_len), + .value = chunk_alloc(out_len), + .max_requests = max_requests, + .reseed_counter = 1, + .ref = 1, + ); + + memset(this->key.ptr, 0x00, key_len); + memset(this->value.ptr, 0x00, out_len); + + seed = chunk_alloc(seed_len); + DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", seed_len); + + if (!this->entropy->get_bytes(this->entropy, seed.len, seed.ptr)) + { + chunk_free(&seed); + destroy(this); + return NULL; + } + memxor(seed.ptr, personalization_str.ptr, personalization_str.len); + DBG4(DBG_LIB, "seed: %B", &seed); + + success = update(this, seed); + chunk_clear(&seed); + + if (!success) + { + destroy(this); + return NULL; + } + + return &this->public; +} diff --git a/src/libstrongswan/plugins/drbg/drbg_ctr.h b/src/libstrongswan/plugins/drbg/drbg_ctr.h new file mode 100644 index 000000000..9e41a4e37 --- /dev/null +++ b/src/libstrongswan/plugins/drbg/drbg_ctr.h @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2019 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup drbg_ctr drbg_ctr + * @{ @ingroup drbg + */ + +#ifndef DRBG_CTR_H_ +#define DRBG_CTR_H_ + +#include + +typedef struct drbg_ctr_t drbg_ctr_t; + +/** + * NIST SP 800-90A CTR DRBC implementation + */ +struct drbg_ctr_t { + + /** + * Public Deterministic Random Bit Generator (DRBG) Interface + */ + drbg_t interface; +}; + +/** + * Create a drbg_ctr instance. + * + * @param type DRBG CTR type + * @param strength security strength in bits + * @param entropy entropy source to be used + * @param personalization_str optional personalization string + * @return drbg_ctr_t object, NULL if not supported + */ +drbg_ctr_t *drbg_ctr_create(drbg_type_t type, uint32_t strength, + rng_t *entropy, chunk_t personalization_str); + +#endif /** DRBG_CTR_H_ @}*/ diff --git a/src/libstrongswan/plugins/drbg/drbg_hmac.c b/src/libstrongswan/plugins/drbg/drbg_hmac.c new file mode 100644 index 000000000..2006e1096 --- /dev/null +++ b/src/libstrongswan/plugins/drbg/drbg_hmac.c @@ -0,0 +1,319 @@ +/* + * Copyright (C) 2016-2019 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "drbg_hmac.h" + +#define MAX_DRBG_REQUESTS 0xfffffffe + +typedef struct private_drbg_hmac_t private_drbg_hmac_t; + +/** + * Private data of an drbg_prf_t object. + */ +struct private_drbg_hmac_t { + + /** + * Public drbg_prf_t interface. + */ + drbg_hmac_t public; + + /** + * DRBG type. + */ + drbg_type_t type; + + /** + * Security strength in bits. + */ + uint32_t strength; + + /** + * Number of requests for pseudorandom bits + */ + size_t reseed_counter; + + /** + * Maximum number of requests for pseudorandom bits + */ + size_t max_requests; + + /** + * True entropy source + */ + rng_t *entropy; + + /** + * HMAC PRF used by the DRBG + */ + prf_t *prf; + + /** + * Internal state of HMAC: key + */ + chunk_t key; + + /** + * Internal state of HMAC: value + */ + chunk_t value; + + /** + * reference count + */ + refcount_t ref; + +}; + +METHOD(drbg_t, get_type, drbg_type_t, + private_drbg_hmac_t *this) +{ + return this->type; +} + +METHOD(drbg_t, get_strength, uint32_t, + private_drbg_hmac_t *this) +{ + return this->strength; +} + +/** + * Update the internal state of the HMAC_DRBG + */ +static bool update(private_drbg_hmac_t *this, chunk_t data) +{ + chunk_t ch_00 = chunk_from_chars(0x00); + chunk_t ch_01 = chunk_from_chars(0x01); + + if (!this->prf->set_key(this->prf, this->key) || + !this->prf->get_bytes(this->prf, this->value, NULL) || + !this->prf->get_bytes(this->prf, ch_00, NULL) || + !this->prf->get_bytes(this->prf, data, this->key.ptr) || + !this->prf->set_key(this->prf, this->key) || + !this->prf->get_bytes(this->prf, this->value, this->value.ptr)) + { + return FALSE; + } + + if (data.len > 0) + { + if (!this->prf->set_key(this->prf, this->key) || + !this->prf->get_bytes(this->prf, this->value, NULL) || + !this->prf->get_bytes(this->prf, ch_01, NULL) || + !this->prf->get_bytes(this->prf, data, this->key.ptr) || + !this->prf->set_key(this->prf, this->key) || + !this->prf->get_bytes(this->prf, this->value, this->value.ptr)) + { + return FALSE; + } + } + DBG4(DBG_LIB, "HMAC_DRBG K: %B", &this->key); + DBG4(DBG_LIB, "HMAC_DRBG V: %B", &this->value); + + return TRUE; +} + +METHOD(drbg_t, reseed, bool, + private_drbg_hmac_t *this) +{ + chunk_t seed; + bool success; + + seed = chunk_alloc(this->strength / BITS_PER_BYTE); + DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", seed.len); + + if (!this->entropy->get_bytes(this->entropy, seed.len, seed.ptr)) + { + chunk_free(&seed); + return FALSE; + } + DBG4(DBG_LIB, "reseed: %B", &seed); + + success = update(this, seed); + chunk_clear(&seed); + + if (!success) + { + return FALSE; + } + this->reseed_counter = 1; + + return TRUE; +} + +METHOD(drbg_t, generate, bool, + private_drbg_hmac_t *this, uint32_t len, uint8_t *out) +{ + size_t delta; + chunk_t output; + + DBG2(DBG_LIB, "DRBG generates %u pseudorandom bytes", len); + if (!out || len == 0) + { + return FALSE; + } + output = chunk_create(out, len); + + if (this->reseed_counter > this->max_requests) + { + if (!reseed(this)) + { + return FALSE; + } + } + while (len) + { + if (!this->prf->get_bytes(this->prf, this->value, this->value.ptr)) + { + return FALSE; + } + delta = min(len, this->value.len); + memcpy(out, this->value.ptr, delta); + len -= delta; + out += delta; + } + DBG4(DBG_LIB, "HMAC_DRBG Out: %B", &output); + + if (!update(this, chunk_empty)) + { + return FALSE; + } + this->reseed_counter++; + + return TRUE; +} + +METHOD(drbg_t, get_ref, drbg_t*, + private_drbg_hmac_t *this) +{ + ref_get(&this->ref); + return &this->public.interface; +} + +METHOD(drbg_t, destroy, void, + private_drbg_hmac_t *this) +{ + if (ref_put(&this->ref)) + { + this->prf->destroy(this->prf); + chunk_clear(&this->key); + chunk_clear(&this->value); + free(this); + } +} + +/** + * See header + */ +drbg_hmac_t *drbg_hmac_create(drbg_type_t type, uint32_t strength, + rng_t *entropy, chunk_t personalization_str) +{ + private_drbg_hmac_t *this; + pseudo_random_function_t prf_type = PRF_UNDEFINED; + size_t out_len, entropy_len; + uint32_t max_requests; + chunk_t seed; + prf_t * prf; + bool success; + + switch (type) + { + case DRBG_HMAC_SHA1: + prf_type = PRF_HMAC_SHA1; + break; + case DRBG_HMAC_SHA256: + prf_type = PRF_HMAC_SHA2_256; + break; + case DRBG_HMAC_SHA384: + prf_type = PRF_HMAC_SHA2_384; + break; + case DRBG_HMAC_SHA512: + prf_type = PRF_HMAC_SHA2_512; + break; + default: + DBG1(DBG_LIB, "%N not supported", drbg_type_names, type); + return NULL; + } + + prf = lib->crypto->create_prf(lib->crypto, prf_type); + if (!prf) + { + DBG1(DBG_LIB, "creation of %N for DRBG failed", + pseudo_random_function_names, prf_type); + return NULL; + } + out_len = prf->get_key_size(prf); + + if (strength > out_len * BITS_PER_BYTE) + { + DBG1(DBG_LIB, "%N not sufficient for security strength of % bits", + pseudo_random_function_names, prf_type, strength); + prf->destroy(prf); + return NULL; + } + + max_requests = lib->settings->get_int(lib->settings, + "%s.plugins.drbg.max_drbg_requests", + MAX_DRBG_REQUESTS, lib->ns); + + INIT(this, + .public = { + .interface = { + .get_type = _get_type, + .get_strength = _get_strength, + .reseed = _reseed, + .generate = _generate, + .get_ref = _get_ref, + .destroy = _destroy, + }, + }, + .type = type, + .strength = strength, + .entropy = entropy, + .prf = prf, + .key = chunk_alloc(out_len), + .value = chunk_alloc(out_len), + .max_requests = max_requests, + .reseed_counter = 1, + .ref = 1, + ); + + memset(this->key.ptr, 0x00, out_len); + memset(this->value.ptr, 0x01, out_len); + + entropy_len = (strength + strength/2) / BITS_PER_BYTE; + seed = chunk_alloc(entropy_len + personalization_str.len); + DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", entropy_len); + + if (!this->entropy->get_bytes(this->entropy, entropy_len, seed.ptr)) + { + chunk_free(&seed); + destroy(this); + return NULL; + } + memcpy(seed.ptr + entropy_len, + personalization_str.ptr, personalization_str.len); + DBG4(DBG_LIB, "seed: %B", &seed); + + success = update(this, seed); + chunk_clear(&seed); + + if (!success) + { + destroy(this); + return NULL; + } + + return &this->public; +} diff --git a/src/libstrongswan/plugins/drbg/drbg_hmac.h b/src/libstrongswan/plugins/drbg/drbg_hmac.h new file mode 100644 index 000000000..fafd24d6a --- /dev/null +++ b/src/libstrongswan/plugins/drbg/drbg_hmac.h @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2019 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup drbg_hmac drbg_hmac + * @{ @ingroup drbg + */ + +#ifndef DRBG_HMAC_H_ +#define DRBG_HMAC_H_ + +#include + +typedef struct drbg_hmac_t drbg_hmac_t; + +/** + * NIST SP 800-90A HMAC DRBC implementation + */ +struct drbg_hmac_t { + + /** + * Public Deterministic Random Bit Generator (DRBG) Interface + */ + drbg_t interface; +}; + +/** + * Create a drbg_hmac instance. + * + * @param type DRBG HMAC type + * @param strength security strength in bits + * @param entropy entropy source to be used + * @param personalization_str optional personalization string + * @return drbg_hmac_t object, NULL if not supported + */ +drbg_hmac_t *drbg_hmac_create(drbg_type_t type, uint32_t strength, + rng_t *entropy, chunk_t personalization_str); + +#endif /** DRBG_HMAC_H_ @}*/ diff --git a/src/libstrongswan/plugins/drbg/drbg_plugin.c b/src/libstrongswan/plugins/drbg/drbg_plugin.c new file mode 100644 index 000000000..bdf17b1d3 --- /dev/null +++ b/src/libstrongswan/plugins/drbg/drbg_plugin.c @@ -0,0 +1,92 @@ +/* + * Copyright (C) 2019 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "drbg_plugin.h" +#include "drbg_ctr.h" +#include "drbg_hmac.h" + +#include + +typedef struct private_drbg_plugin_t private_drbg_plugin_t; + +/** + * private data of drbg_plugin + */ +struct private_drbg_plugin_t { + + /** + * public functions + */ + drbg_plugin_t public; +}; + +METHOD(plugin_t, get_name, char*, + private_drbg_plugin_t *this) +{ + return "drbg"; +} + +METHOD(plugin_t, get_features, int, + private_drbg_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + /* NIST CTR DRBG */ + PLUGIN_REGISTER(DRBG, drbg_ctr_create), + PLUGIN_PROVIDE(DRBG, DRBG_CTR_AES128), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16), + PLUGIN_PROVIDE(DRBG, DRBG_CTR_AES192), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 24), + PLUGIN_PROVIDE(DRBG, DRBG_CTR_AES256), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 32), + /* NIST HMAC DRBG */ + PLUGIN_REGISTER(DRBG, drbg_hmac_create), + PLUGIN_PROVIDE(DRBG, DRBG_HMAC_SHA1), + PLUGIN_DEPENDS(PRF, PRF_HMAC_SHA1), + PLUGIN_PROVIDE(DRBG, DRBG_HMAC_SHA256), + PLUGIN_DEPENDS(PRF, PRF_HMAC_SHA2_256), + PLUGIN_PROVIDE(DRBG, DRBG_HMAC_SHA384), + PLUGIN_DEPENDS(PRF, PRF_HMAC_SHA2_384), + PLUGIN_PROVIDE(DRBG, DRBG_HMAC_SHA512), + PLUGIN_DEPENDS(PRF, PRF_HMAC_SHA2_512), + }; + *features = f; + return countof(f); +} + +METHOD(plugin_t, destroy, void, + private_drbg_plugin_t *this) +{ + free(this); +} + +/* + * see header file + */ +plugin_t *drbg_plugin_create() +{ + private_drbg_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .get_features = _get_features, + .destroy = _destroy, + }, + }, + ); + + return &this->public.plugin; +} diff --git a/src/libstrongswan/plugins/drbg/drbg_plugin.h b/src/libstrongswan/plugins/drbg/drbg_plugin.h new file mode 100644 index 000000000..f2fc743bf --- /dev/null +++ b/src/libstrongswan/plugins/drbg/drbg_plugin.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2019 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup drbg_p drbg + * @ingroup plugins + * + * @defgroup drbg_plugin drbg_plugin + * @{ @ingroup drbg_p + */ + +#ifndef DRBG_PLUGIN_H_ +#define DRBG_PLUGIN_H_ + +#include + +typedef struct drbg_plugin_t drbg_plugin_t; + +/** + * Plugin providing a NIST CTR and HMAC DRBG implementation + */ +struct drbg_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +#endif /** DRBG_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/plugin_feature.c b/src/libstrongswan/plugins/plugin_feature.c index 844698bd2..fa3d1f31b 100644 --- a/src/libstrongswan/plugins/plugin_feature.c +++ b/src/libstrongswan/plugins/plugin_feature.c @@ -1,5 +1,6 @@ /* * Copyright (C) 2012-2015 Tobias Brunner + * Copyright (C) 2016-2019 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2011 Martin Willi @@ -31,6 +32,7 @@ ENUM(plugin_feature_names, FEATURE_NONE, FEATURE_CUSTOM, "HASHER", "PRF", "XOF", + "DRBG", "DH", "RNG", "NONCE_GEN", @@ -91,6 +93,9 @@ uint32_t plugin_feature_hash(plugin_feature_t *feature) case FEATURE_XOF: data = chunk_from_thing(feature->arg.xof); break; + case FEATURE_DRBG: + data = chunk_from_thing(feature->arg.drbg); + break; case FEATURE_DH: data = chunk_from_thing(feature->arg.dh_group); break; @@ -166,6 +171,8 @@ bool plugin_feature_matches(plugin_feature_t *a, plugin_feature_t *b) return a->arg.prf == b->arg.prf; case FEATURE_XOF: return a->arg.xof == b->arg.xof; + case FEATURE_DRBG: + return a->arg.drbg == b->arg.drbg; case FEATURE_DH: return a->arg.dh_group == b->arg.dh_group; case FEATURE_RNG: @@ -225,6 +232,7 @@ bool plugin_feature_equals(plugin_feature_t *a, plugin_feature_t *b) case FEATURE_HASHER: case FEATURE_PRF: case FEATURE_XOF: + case FEATURE_DRBG: case FEATURE_DH: case FEATURE_NONCE_GEN: case FEATURE_RESOLVER: @@ -319,6 +327,13 @@ char* plugin_feature_get_string(plugin_feature_t *feature) return str; } break; + case FEATURE_DRBG: + if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type, + drbg_type_names, feature->arg.drbg) > 0) + { + return str; + } + break; case FEATURE_DH: if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type, diffie_hellman_group_names, feature->arg.dh_group) > 0) @@ -483,6 +498,10 @@ bool plugin_feature_load(plugin_t *plugin, plugin_feature_t *feature, lib->crypto->add_xof(lib->crypto, feature->arg.xof, name, reg->arg.reg.f); break; + case FEATURE_DRBG: + lib->crypto->add_drbg(lib->crypto, feature->arg.drbg, + name, reg->arg.reg.f); + break; case FEATURE_DH: lib->crypto->add_dh(lib->crypto, feature->arg.dh_group, name, reg->arg.reg.f); @@ -573,6 +592,9 @@ bool plugin_feature_unload(plugin_t *plugin, plugin_feature_t *feature, case FEATURE_XOF: lib->crypto->remove_xof(lib->crypto, reg->arg.reg.f); break; + case FEATURE_DRBG: + lib->crypto->remove_drbg(lib->crypto, reg->arg.reg.f); + break; case FEATURE_DH: lib->crypto->remove_dh(lib->crypto, reg->arg.reg.f); break; diff --git a/src/libstrongswan/plugins/plugin_feature.h b/src/libstrongswan/plugins/plugin_feature.h index d3c2df7f7..2692de2ce 100644 --- a/src/libstrongswan/plugins/plugin_feature.h +++ b/src/libstrongswan/plugins/plugin_feature.h @@ -1,5 +1,6 @@ /* * Copyright (C) 2012-2015 Tobias Brunner + * Copyright (C) 2016-2019 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2011 Martin Willi @@ -112,6 +113,8 @@ struct plugin_feature_t { FEATURE_PRF, /** xof_t */ FEATURE_XOF, + /** drbg_t */ + FEATURE_DRBG, /** diffie_hellman_t */ FEATURE_DH, /** rng_t */ @@ -175,6 +178,8 @@ struct plugin_feature_t { pseudo_random_function_t prf; /** FEATURE_XOFF */ ext_out_function_t xof; + /** FEATURE_DRBG */ + drbg_type_t drbg; /** FEATURE_HASHER */ hash_algorithm_t hasher; /** FEATURE_DH */ @@ -283,6 +288,7 @@ struct plugin_feature_t { #define _PLUGIN_FEATURE_HASHER(kind, alg) __PLUGIN_FEATURE(kind, HASHER, .hasher = alg) #define _PLUGIN_FEATURE_PRF(kind, alg) __PLUGIN_FEATURE(kind, PRF, .prf = alg) #define _PLUGIN_FEATURE_XOF(kind, alg) __PLUGIN_FEATURE(kind, XOF, .xof = alg) +#define _PLUGIN_FEATURE_DRBG(kind, type) __PLUGIN_FEATURE(kind, DRBG, .drbg = type) #define _PLUGIN_FEATURE_DH(kind, group) __PLUGIN_FEATURE(kind, DH, .dh_group = group) #define _PLUGIN_FEATURE_RNG(kind, quality) __PLUGIN_FEATURE(kind, RNG, .rng_quality = quality) #define _PLUGIN_FEATURE_NONCE_GEN(kind, ...) __PLUGIN_FEATURE(kind, NONCE_GEN, .custom = NULL) @@ -316,6 +322,7 @@ struct plugin_feature_t { #define _PLUGIN_FEATURE_REGISTER_HASHER(type, f) __PLUGIN_FEATURE_REGISTER(type, f) #define _PLUGIN_FEATURE_REGISTER_PRF(type, f) __PLUGIN_FEATURE_REGISTER(type, f) #define _PLUGIN_FEATURE_REGISTER_XOF(type, f) __PLUGIN_FEATURE_REGISTER(type, f) +#define _PLUGIN_FEATURE_REGISTER_DRBG(type, f) __PLUGIN_FEATURE_REGISTER(type, f) #define _PLUGIN_FEATURE_REGISTER_DH(type, f) __PLUGIN_FEATURE_REGISTER(type, f) #define _PLUGIN_FEATURE_REGISTER_RNG(type, f) __PLUGIN_FEATURE_REGISTER(type, f) #define _PLUGIN_FEATURE_REGISTER_NONCE_GEN(type, f) __PLUGIN_FEATURE_REGISTER(type, f) diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.am b/src/libstrongswan/plugins/test_vectors/Makefile.am index 3d34cf7c9..90cb7d396 100644 --- a/src/libstrongswan/plugins/test_vectors/Makefile.am +++ b/src/libstrongswan/plugins/test_vectors/Makefile.am @@ -50,6 +50,8 @@ libstrongswan_test_vectors_la_SOURCES = \ test_vectors/ecpbp.c \ test_vectors/curve25519.c \ test_vectors/curve448.c \ + test_vectors/drbg_ctr.c \ + test_vectors/drbg_hmac.c \ test_vectors/rng.c libstrongswan_test_vectors_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors.h b/src/libstrongswan/plugins/test_vectors/test_vectors.h index 7c8ac0c6e..006fea352 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors.h +++ b/src/libstrongswan/plugins/test_vectors/test_vectors.h @@ -1,5 +1,6 @@ /* * Copyright (C) 2009 Martin Willi + * Copyright (C) 2009-2019 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -274,6 +275,49 @@ TEST_VECTOR_XOF(chacha20_xof_2) TEST_VECTOR_XOF(chacha20_xof_3) TEST_VECTOR_XOF(chacha20_xof_4) +TEST_VECTOR_DRBG(drbg_ctr_aes128_1) +TEST_VECTOR_DRBG(drbg_ctr_aes128_2) +TEST_VECTOR_DRBG(drbg_ctr_aes128_3) +TEST_VECTOR_DRBG(drbg_ctr_aes128_4) +TEST_VECTOR_DRBG(drbg_ctr_aes128_5) +TEST_VECTOR_DRBG(drbg_ctr_aes128_6) +TEST_VECTOR_DRBG(drbg_ctr_aes192_1) +TEST_VECTOR_DRBG(drbg_ctr_aes192_2) +TEST_VECTOR_DRBG(drbg_ctr_aes192_3) +TEST_VECTOR_DRBG(drbg_ctr_aes192_4) +TEST_VECTOR_DRBG(drbg_ctr_aes192_5) +TEST_VECTOR_DRBG(drbg_ctr_aes192_6) +TEST_VECTOR_DRBG(drbg_ctr_aes256_1) +TEST_VECTOR_DRBG(drbg_ctr_aes256_2) +TEST_VECTOR_DRBG(drbg_ctr_aes256_3) +TEST_VECTOR_DRBG(drbg_ctr_aes256_4) +TEST_VECTOR_DRBG(drbg_ctr_aes256_5) +TEST_VECTOR_DRBG(drbg_ctr_aes256_6) +TEST_VECTOR_DRBG(drbg_hmac_sha1_1) +TEST_VECTOR_DRBG(drbg_hmac_sha1_2) +TEST_VECTOR_DRBG(drbg_hmac_sha1_3) +TEST_VECTOR_DRBG(drbg_hmac_sha1_4) +TEST_VECTOR_DRBG(drbg_hmac_sha1_5) +TEST_VECTOR_DRBG(drbg_hmac_sha1_6) +TEST_VECTOR_DRBG(drbg_hmac_sha256_1) +TEST_VECTOR_DRBG(drbg_hmac_sha256_2) +TEST_VECTOR_DRBG(drbg_hmac_sha256_3) +TEST_VECTOR_DRBG(drbg_hmac_sha256_4) +TEST_VECTOR_DRBG(drbg_hmac_sha256_5) +TEST_VECTOR_DRBG(drbg_hmac_sha256_6) +TEST_VECTOR_DRBG(drbg_hmac_sha384_1) +TEST_VECTOR_DRBG(drbg_hmac_sha384_2) +TEST_VECTOR_DRBG(drbg_hmac_sha384_3) +TEST_VECTOR_DRBG(drbg_hmac_sha384_4) +TEST_VECTOR_DRBG(drbg_hmac_sha384_5) +TEST_VECTOR_DRBG(drbg_hmac_sha384_6) +TEST_VECTOR_DRBG(drbg_hmac_sha512_1) +TEST_VECTOR_DRBG(drbg_hmac_sha512_2) +TEST_VECTOR_DRBG(drbg_hmac_sha512_3) +TEST_VECTOR_DRBG(drbg_hmac_sha512_4) +TEST_VECTOR_DRBG(drbg_hmac_sha512_5) +TEST_VECTOR_DRBG(drbg_hmac_sha512_6) + TEST_VECTOR_RNG(rng_monobit_1) TEST_VECTOR_RNG(rng_monobit_2) TEST_VECTOR_RNG(rng_monobit_3) diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/drbg_ctr.c b/src/libstrongswan/plugins/test_vectors/test_vectors/drbg_ctr.c new file mode 100644 index 000000000..66e37c90a --- /dev/null +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/drbg_ctr.c @@ -0,0 +1,470 @@ +/* + * Copyright (C) 2019 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the Licenseor (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be usefulbut + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include + +/** + * NIST SP 800-90A DRBG CTR Validation System (DRBGVS) + */ + +/** + * AES-128 no df test case 1 - count 0 + */ +drbg_test_vector_t drbg_ctr_aes128_1 = { + .type = DRBG_CTR_AES128, .strength = 128, + { NULL, 0 }, + chunk_from_chars(0xed, 0x1e, 0x7f, 0x21, 0xef, 0x66, 0xea, 0x5d, 0x8e, 0x2a, + 0x85, 0xb9, 0x33, 0x72, 0x45, 0x44, 0x5b, 0x71, 0xd6, 0x39, + 0x3a, 0x4e, 0xec, 0xb0, 0xe6, 0x3c, 0x19, 0x3d, 0x0f, 0x72, + 0xf9, 0xa9, 0x30, 0x3f, 0xb5, 0x19, 0xf0, 0xa4, 0xe1, 0x7d, + 0x6d, 0xf0, 0xb6, 0x42, 0x6a, 0xa0, 0xec, 0xb2, 0xa3, 0x60, + 0x79, 0xbd, 0x48, 0xbe, 0x47, 0xad, 0x2a, 0x8d, 0xbf, 0xe4, + 0x8d, 0xa3, 0xef, 0xad), + chunk_from_chars(0xf8, 0x01, 0x11, 0xd0, 0x8e, 0x87, 0x46, 0x72, 0xf3, 0x2f, + 0x42, 0x99, 0x71, 0x33, 0xa5, 0x21, 0x0f, 0x7a, 0x93, 0x75, + 0xe2, 0x2c, 0xea, 0x70, 0x58, 0x7f, 0x9c, 0xfa, 0xfe, 0xbe, + 0x0f, 0x6a, 0x6a, 0xa2, 0xeb, 0x68, 0xe7, 0xdd, 0x91, 0x64, + 0x53, 0x6d, 0x53, 0xfa, 0x02, 0x0f, 0xca, 0xb2, 0x0f, 0x54, + 0xca, 0xdd, 0xfa, 0xb7, 0xd6, 0xd9, 0x1e, 0x5f, 0xfe, 0xc1, + 0xdf, 0xd8, 0xde, 0xaa) +}; + +/** + * AES-128 no df test case 3 - count 0 + */ +drbg_test_vector_t drbg_ctr_aes128_2 = { + .type = DRBG_CTR_AES128, .strength = 128, + chunk_from_chars(0xe8, 0xfa, 0x4c, 0x5d, 0xe8, 0x25, 0x79, 0x1e, 0x68, 0x18, + 0x0f, 0x2b, 0xa1, 0x07, 0xe8, 0x29, 0xc4, 0x82, 0x99, 0xcb, + 0x01, 0xbe, 0x93, 0x9c, 0xd0, 0xbe, 0x76, 0xda, 0x12, 0x0a, + 0x91, 0xf2), + chunk_from_chars(0x34, 0xcb, 0xc2, 0xb2, 0x17, 0xf3, 0xd9, 0x07, 0xfa, 0x2a, + 0xd6, 0xa0, 0xd7, 0xa8, 0x13, 0xb0, 0xfd, 0xa1, 0xe1, 0x7f, + 0xbe, 0xed, 0x94, 0xb0, 0xe0, 0xa0, 0xab, 0xfb, 0xec, 0x94, + 0x71, 0x46, 0x83, 0x26, 0xf8, 0xe9, 0xcf, 0xbd, 0x02, 0xeb, + 0x07, 0x6b, 0xbb, 0x98, 0x19, 0xd9, 0x6a, 0x02, 0x38, 0x6f, + 0x80, 0xbf, 0x91, 0x3c, 0x8e, 0x4a, 0x80, 0x36, 0x1d, 0x82, + 0xca, 0xfa, 0xd5, 0x2e), + chunk_from_chars(0x52, 0xf5, 0xe7, 0x18, 0xbf, 0x48, 0xd9, 0x9e, 0x49, 0x87, + 0x75, 0xc0, 0x03, 0x78, 0xe5, 0x45, 0x79, 0x9b, 0xb2, 0x05, + 0x9a, 0xef, 0x0b, 0x74, 0xbe, 0x57, 0x3d, 0x82, 0x83, 0xf0, + 0x2b, 0x52, 0x93, 0x91, 0x79, 0x13, 0xbc, 0x8f, 0x26, 0xfc, + 0x23, 0x76, 0x0a, 0x1c, 0x86, 0xc3, 0xf5, 0xc8, 0x44, 0x85, + 0x74, 0x19, 0x86, 0x8e, 0xaf, 0xeb, 0x17, 0xc9, 0x24, 0x82, + 0x27, 0xd0, 0x26, 0xb8) +}; + +/** + * AES-128 no df test case 5 - count 0 + */ +drbg_test_vector_t drbg_ctr_aes128_3 = { + .type = DRBG_CTR_AES128, .strength = 128, + { NULL, 0 }, + chunk_from_chars(0xb2, 0xb3, 0x29, 0x83, 0x06, 0x47, 0x1b, 0xfc, 0xae, 0x61, + 0x43, 0x8a, 0x3a, 0x79, 0xe2, 0x35, 0x5e, 0xfa, 0x0b, 0x6e, + 0xde, 0x4c, 0xbc, 0xd3, 0xe6, 0x6d, 0xe5, 0x14, 0x0b, 0x3a, + 0xe6, 0x80, 0x26, 0xf0, 0xd1, 0xe4, 0x4b, 0xe5, 0x75, 0xee, + 0x6f, 0x3e, 0xda, 0x89, 0xc1, 0xe7, 0xe4, 0xfb, 0xd1, 0x42, + 0x8f, 0x88, 0x52, 0x60, 0x48, 0x71, 0xc7, 0xa4, 0xf4, 0xc7, + 0x07, 0xa3, 0x93, 0x28), + chunk_from_chars(0xb7, 0x1b, 0x6d, 0x73, 0x22, 0x45, 0x3a, 0x61, 0x2c, 0x34, + 0xa9, 0x1c, 0x1e, 0x5c, 0x3f, 0x8c, 0x30, 0x48, 0x6a, 0x69, + 0x2b, 0x1a, 0xd1, 0x3a, 0x4c, 0x08, 0xca, 0xcc, 0xd1, 0x23, + 0xa6, 0x39, 0xfd, 0x2e, 0x0a, 0x7c, 0x38, 0x9c, 0xfa, 0x1a, + 0x97, 0xcb, 0x78, 0xb4, 0x38, 0xdf, 0xf5, 0x7b, 0x0b, 0x5e, + 0xc4, 0xd5, 0x69, 0xa8, 0xb2, 0x81, 0x0a, 0x15, 0xf8, 0x5c, + 0x8c, 0x92, 0x26, 0xbf) +}; + +/** + * AES-128 no df test case 7 - count 0 + */ +drbg_test_vector_t drbg_ctr_aes128_4 = { + .type = DRBG_CTR_AES128, .strength = 128, + chunk_from_chars(0x35, 0x14, 0x20, 0xc0, 0x26, 0x3c, 0xe1, 0x1e, 0xe8, 0xb6, + 0x83, 0xf6, 0x10, 0x61, 0x30, 0xc6, 0x7f, 0xf1, 0xc6, 0x55, + 0xc4, 0xe6, 0x78, 0x82, 0x52, 0x93, 0xf0, 0x04, 0xd2, 0x7c, + 0x54, 0x24), + chunk_from_chars(0x5c, 0xd1, 0xdf, 0x6d, 0xb5, 0x8e, 0xa5, 0x07, 0x83, 0x8d, + 0x74, 0x26, 0xb3, 0xfb, 0x48, 0x40, 0x2c, 0xd1, 0x4a, 0xb7, + 0x5a, 0xbb, 0xde, 0xf3, 0x3c, 0xe3, 0x0f, 0xb9, 0x7c, 0x53, + 0x09, 0x98, 0x99, 0xe6, 0x85, 0x0f, 0xa2, 0x91, 0x31, 0xbf, + 0xc7, 0x48, 0xb2, 0xe7, 0x4e, 0x0f, 0xd6, 0x2a, 0xcc, 0x4b, + 0xe4, 0xe9, 0xb5, 0xf0, 0x64, 0x47, 0xdc, 0x26, 0xf7, 0x72, + 0xc0, 0x24, 0x15, 0x61), + chunk_from_chars(0xf6, 0x04, 0x0a, 0xf8, 0xae, 0x7a, 0xb0, 0x4c, 0xde, 0x02, + 0xbe, 0x25, 0xaf, 0x95, 0xde, 0xda, 0xda, 0x3b, 0x10, 0x32, + 0x1c, 0x41, 0x8c, 0x7a, 0xf4, 0xed, 0x5b, 0xc8, 0x2e, 0x28, + 0xeb, 0xf7, 0x78, 0xae, 0x42, 0x48, 0xc5, 0x65, 0x29, 0x2e, + 0x4c, 0xb8, 0xec, 0xcd, 0x40, 0xf1, 0x8a, 0x38, 0x28, 0x48, + 0xb4, 0x0d, 0x74, 0x41, 0xa2, 0x91, 0xcc, 0x9e, 0xe8, 0x46, + 0x5c, 0xbe, 0x5f, 0xd6) +}; + +/** + * AES-128 no df test case 9 - count 0 + */ +drbg_test_vector_t drbg_ctr_aes128_5 = { + .type = DRBG_CTR_AES128, .strength = 128, + { NULL, 0 }, + chunk_from_chars(0x85, 0x82, 0x04, 0xf2, 0x7e, 0x93, 0xe8, 0x72, 0xa1, 0xce, + 0x62, 0x08, 0xef, 0x6d, 0xe3, 0x98, 0x68, 0xdd, 0xad, 0x55, + 0xea, 0xc8, 0x99, 0xca, 0x05, 0x81, 0xb9, 0xbb, 0x69, 0x7d, + 0x44, 0x17, 0x1e, 0x82, 0x20, 0x08, 0xae, 0xcf, 0x6e, 0x67, + 0xcc, 0x47, 0xf2, 0xb9, 0x8b, 0x04, 0x68, 0x7b, 0x12, 0x1e, + 0xa4, 0x03, 0x6b, 0x6c, 0xab, 0xb0, 0xc3, 0x6e, 0xfb, 0xe1, + 0x51, 0x46, 0x38, 0x0b), + chunk_from_chars(0x49, 0xce, 0x84, 0x96, 0x3d, 0xf8, 0x64, 0xaa, 0xe3, 0x6b, + 0xec, 0x3f, 0x3e, 0xd2, 0x23, 0xf9, 0x5d, 0xf4, 0x95, 0x6c, + 0x7c, 0x01, 0xb6, 0x20, 0xd5, 0xf2, 0x10, 0xe6, 0x38, 0x65, + 0x9d, 0x5e, 0x18, 0x86, 0x70, 0x0c, 0x04, 0xe7, 0x9e, 0x57, + 0x9c, 0xa7, 0xc9, 0xb0, 0x54, 0x54, 0xb5, 0x25, 0xc2, 0xea, + 0x73, 0x48, 0x03, 0x2b, 0x3a, 0xb8, 0xd9, 0x1b, 0x4c, 0x47, + 0x00, 0x22, 0x04, 0xaf) +}; + +/** + * AES-128 no df test case 11 - count 0 + */ +drbg_test_vector_t drbg_ctr_aes128_6 = { + .type = DRBG_CTR_AES128, .strength = 128, + chunk_from_chars(0xa6, 0xcf, 0xbd, 0xd0, 0x5e, 0xee, 0x36, 0xa3, 0xd1, 0x01, + 0xc3, 0xd0, 0x30, 0x1c, 0xb6, 0xff, 0x21, 0x68, 0x7d, 0x9f, + 0x89, 0xcf, 0xc8, 0x60, 0xd0, 0x5d, 0xfa, 0x1a, 0x95, 0x7f, + 0x56, 0xbd), + chunk_from_chars(0x87, 0x64, 0xbf, 0x9c, 0x12, 0xff, 0x37, 0xe2, 0x3a, 0xfe, + 0x28, 0xa4, 0x5c, 0x43, 0x04, 0xc0, 0x5d, 0x54, 0x65, 0x4b, + 0xa1, 0x4c, 0xf5, 0x8d, 0x7a, 0xe3, 0x71, 0x34, 0x7e, 0x1e, + 0x70, 0x35, 0x19, 0x09, 0x33, 0xf0, 0x7a, 0x1d, 0x44, 0x8d, + 0xab, 0x65, 0x07, 0x16, 0xa1, 0xb3, 0x07, 0x14, 0xca, 0xda, + 0x5c, 0xd0, 0xfb, 0xc4, 0x3b, 0x9d, 0x2d, 0xde, 0x79, 0x1c, + 0x4a, 0xd8, 0x52, 0x2d), + chunk_from_chars(0x5c, 0xbd, 0x9b, 0x5c, 0xf1, 0x88, 0x33, 0x30, 0xb3, 0x0b, + 0x1d, 0xa9, 0x17, 0xe6, 0x2d, 0x66, 0x82, 0x11, 0x5f, 0x0e, + 0x97, 0x52, 0x39, 0x6c, 0x32, 0xc5, 0x97, 0xb9, 0x0a, 0x95, + 0x72, 0xa7, 0xe9, 0xc6, 0x13, 0x89, 0xf5, 0xec, 0x97, 0x9a, + 0x72, 0xf7, 0x1f, 0xe0, 0x3d, 0x0c, 0xd2, 0xf3, 0x4b, 0x3d, + 0x91, 0x70, 0xcc, 0x96, 0x1a, 0x79, 0x42, 0xc6, 0x52, 0xec, + 0x42, 0x65, 0x1b, 0xd3) +}; + +/** + * AES-192 no df test case 1 - count 0 + */ +drbg_test_vector_t drbg_ctr_aes192_1 = { + .type = DRBG_CTR_AES192, .strength = 192, + { NULL, 0 }, + chunk_from_chars(0xd6, 0xe1, 0x8f, 0x45, 0x65, 0xfd, 0xf2, 0x82, 0x6d, 0x0d, + 0x56, 0x41, 0x96, 0x47, 0xc0, 0x20, 0x41, 0x3b, 0x96, 0x32, + 0x99, 0xd8, 0xde, 0x2c, 0x65, 0x10, 0x27, 0x7f, 0x8c, 0xe9, + 0x88, 0xa7, 0xf0, 0xb3, 0xbc, 0x1d, 0xf8, 0x5b, 0x15, 0x3f, + 0xa8, 0x23, 0xd6, 0x31, 0x1f, 0x9f, 0x66, 0xdf, 0x32, 0x9e, + 0x3d, 0x70, 0x65, 0xe2, 0x4f, 0xe2, 0x50, 0x7e, 0x6b, 0x9d, + 0xbc, 0xc2, 0x28, 0x38, 0x48, 0x3f, 0xa7, 0x29, 0xca, 0x51, + 0x16, 0xd0, 0x3a, 0x91, 0x02, 0x81, 0x39, 0xd7, 0x13, 0x0a), + chunk_from_chars(0x4b, 0xf8, 0x06, 0x69, 0x0a, 0xf1, 0x3d, 0xbc, 0xfd, 0x44, + 0x8c, 0x79, 0xa3, 0x53, 0x2e, 0x00, 0x0b, 0xca, 0xbc, 0xef, + 0x36, 0xf2, 0x64, 0x3f, 0x3e, 0x1c, 0x9d, 0xe6, 0x07, 0x10, + 0x42, 0x82, 0xf8, 0x1c, 0xd6, 0xcd, 0xcf, 0x8d, 0xa8, 0x42, + 0x9c, 0x94, 0x10, 0x82, 0x45, 0x11, 0x4d, 0x3d, 0xa1, 0x7b, + 0x9f, 0x48, 0xbb, 0x07, 0x09, 0x4c, 0x07, 0x3a, 0x94, 0xf5, + 0xd2, 0xef, 0x9e, 0x30) +}; + +/** + * AES-192 no df test case 3 - count 0 + */ +drbg_test_vector_t drbg_ctr_aes192_2 = { + .type = DRBG_CTR_AES192, .strength = 192, + chunk_from_chars(0x2e, 0xca, 0x97, 0x47, 0x8d, 0x60, 0x6b, 0x0b, 0xca, 0x56, + 0xf0, 0x55, 0xa1, 0xe8, 0x39, 0x4b, 0x44, 0xf5, 0xe3, 0x02, + 0x8d, 0xa5, 0x9a, 0x39, 0x00, 0xd5, 0xd7, 0xbd, 0x34, 0x1b, + 0x06, 0x21, 0xb5, 0xf6, 0xd2, 0x30, 0x9e, 0x36, 0xb4, 0xae), + chunk_from_chars(0xe0, 0xe0, 0x3d, 0x4a, 0x9e, 0x4d, 0xe3, 0x62, 0xe6, 0xbb, + 0x9b, 0xa6, 0x35, 0xb8, 0x47, 0x91, 0x2a, 0x3f, 0x9e, 0x1d, + 0x83, 0xb4, 0x36, 0x3f, 0xc2, 0x58, 0xcd, 0xea, 0x29, 0x28, + 0xa8, 0x78, 0x23, 0x18, 0x6f, 0x1c, 0x47, 0xc4, 0x17, 0x5f, + 0x66, 0xaa, 0x3d, 0xb4, 0xbe, 0xa8, 0xf2, 0xe1, 0xb2, 0x46, + 0x97, 0x51, 0x57, 0x8f, 0x24, 0xf1, 0xb4, 0xd0, 0xdf, 0x97, + 0x1c, 0xf2, 0x28, 0x17, 0x12, 0x14, 0x98, 0x12, 0xc2, 0x0e, + 0x80, 0x4b, 0x90, 0xf3, 0xaa, 0xc1, 0x2d, 0x7c, 0x98, 0x32), + chunk_from_chars(0x0e, 0x02, 0xf3, 0x44, 0xb1, 0x15, 0x9c, 0xcd, 0x77, 0x95, + 0x97, 0x4e, 0x7b, 0xb9, 0xdf, 0x9e, 0x8c, 0xc3, 0x81, 0xa1, + 0x30, 0xb9, 0x8b, 0x43, 0x46, 0x22, 0x85, 0xfe, 0x3e, 0xd8, + 0x58, 0x78, 0x11, 0xab, 0xde, 0xf4, 0x71, 0xbb, 0xcf, 0xe8, + 0x30, 0xe5, 0x16, 0xb7, 0x8f, 0x78, 0x1a, 0x05, 0xb5, 0x2e, + 0x44, 0xd5, 0x41, 0x22, 0x77, 0x50, 0x84, 0x17, 0x0f, 0xf6, + 0xd8, 0x06, 0x27, 0xe9) +}; + +/** + * AES-192 no df test case 5 - count 0 + */ +drbg_test_vector_t drbg_ctr_aes192_3 = { + .type = DRBG_CTR_AES192, .strength = 192, + { NULL, 0 }, + chunk_from_chars(0x21, 0xa5, 0x3c, 0x17, 0x66, 0x1a, 0xed, 0x92, 0x95, 0x0f, + 0xf4, 0xfd, 0xf4, 0xab, 0x8f, 0xa5, 0xdc, 0x44, 0xe9, 0x9f, + 0x88, 0xaa, 0x95, 0x3e, 0x19, 0xb4, 0xbe, 0x78, 0xba, 0x75, + 0xf2, 0x67, 0xf6, 0x70, 0x34, 0xa1, 0x56, 0x6e, 0x83, 0x3e, + 0x1e, 0xcb, 0x61, 0xa5, 0xdd, 0x70, 0xb1, 0x67, 0xd6, 0x55, + 0x77, 0x41, 0x5c, 0x2f, 0xb8, 0x12, 0xea, 0x20, 0xb3, 0x25, + 0xd2, 0xb5, 0x31, 0x58, 0x69, 0x7c, 0xf9, 0x7c, 0x81, 0xd7, + 0x9e, 0x84, 0x99, 0xf7, 0x45, 0x40, 0x13, 0x7f, 0xd1, 0xe1), + chunk_from_chars(0x11, 0xa0, 0x7b, 0x22, 0x31, 0x91, 0x6f, 0x99, 0xc3, 0xf7, + 0xa0, 0x7d, 0x14, 0x51, 0xab, 0x94, 0x0d, 0x2d, 0x66, 0x3c, + 0x97, 0x29, 0xc1, 0x85, 0x71, 0x70, 0xa3, 0x16, 0x55, 0x07, + 0x8a, 0x82, 0x74, 0xec, 0x4a, 0x90, 0x31, 0xbc, 0xfd, 0x2a, + 0xbb, 0x1a, 0xe5, 0x81, 0x3f, 0x49, 0x70, 0xa7, 0x16, 0xe3, + 0xd1, 0x42, 0x87, 0xe4, 0xf2, 0x1e, 0x01, 0x32, 0x3f, 0xdf, + 0xff, 0xb7, 0x61, 0x87) +}; + +/** + * AES-192 no df test case 7 - count 0 + */ +drbg_test_vector_t drbg_ctr_aes192_4 = { + .type = DRBG_CTR_AES192, .strength = 192, + chunk_from_chars(0x08, 0x94, 0x30, 0xcf, 0x99, 0x6e, 0x06, 0xa0, 0xdc, 0x31, + 0x32, 0xc8, 0xaa, 0x6e, 0x3e, 0xdc, 0x76, 0x51, 0xff, 0x4f, + 0x01, 0xe7, 0x11, 0x3c, 0xa3, 0xce, 0x2a, 0x21, 0x5e, 0x10, + 0xec, 0x88, 0xad, 0x72, 0x36, 0xb8, 0x30, 0x7c, 0x85, 0x69), + chunk_from_chars(0x9d, 0xda, 0x17, 0x5d, 0x9f, 0x26, 0xe5, 0x6b, 0x94, 0x49, + 0xbb, 0x0c, 0x9d, 0x02, 0x2c, 0x47, 0x13, 0x8a, 0xe7, 0x8b, + 0xa3, 0x8c, 0x35, 0xd1, 0x5f, 0x2d, 0x2c, 0x55, 0x5d, 0x69, + 0xd4, 0xd6, 0x94, 0x5a, 0x57, 0xae, 0x39, 0x69, 0x62, 0x52, + 0xd7, 0x5a, 0xae, 0x1b, 0x7b, 0xb4, 0x9b, 0x81, 0xff, 0x43, + 0xa8, 0xe8, 0x9f, 0x7b, 0x0c, 0xcb, 0xf6, 0xf6, 0xaf, 0x46, + 0x47, 0xa5, 0x57, 0xf7, 0x6e, 0xd7, 0x3f, 0x09, 0x25, 0x4d, + 0x67, 0xff, 0xd7, 0xe3, 0x56, 0x29, 0x86, 0x86, 0x23, 0x00), + chunk_from_chars(0xbc, 0x80, 0x62, 0x76, 0x71, 0xbc, 0xa2, 0x67, 0xba, 0xe1, + 0xa0, 0xde, 0x9e, 0xb9, 0xe4, 0x81, 0xd8, 0x3b, 0x5c, 0xad, + 0xe6, 0xe3, 0xc5, 0x08, 0x24, 0x34, 0xb0, 0xb7, 0x00, 0xf3, + 0x15, 0x43, 0x9c, 0x2c, 0xa2, 0xe9, 0xde, 0xf4, 0x3b, 0x1b, + 0xf2, 0x05, 0x84, 0x57, 0x7c, 0xef, 0x5b, 0x61, 0xc0, 0x68, + 0x1e, 0x4b, 0xd4, 0x40, 0xe8, 0x8d, 0xa3, 0x79, 0xa0, 0x21, + 0x4c, 0xf5, 0xf5, 0xcf) +}; + +/** + * AES-192 no df test case 9 - count 0 + */ +drbg_test_vector_t drbg_ctr_aes192_5 = { + .type = DRBG_CTR_AES192, .strength = 192, + { NULL, 0 }, + chunk_from_chars(0x3b, 0xb9, 0xb2, 0x66, 0x2a, 0x25, 0x5d, 0xf8, 0xf8, 0x80, + 0x88, 0x47, 0x18, 0x84, 0x06, 0x96, 0x0e, 0xc0, 0x03, 0x35, + 0x1c, 0xab, 0x3a, 0xd2, 0x02, 0x78, 0x71, 0xf1, 0x30, 0x29, + 0x56, 0xaa, 0x31, 0xab, 0xc8, 0xd3, 0x9c, 0x36, 0x29, 0xd9, + 0x7b, 0xc8, 0x63, 0xda, 0x2b, 0x9f, 0xde, 0x00, 0x8b, 0x61, + 0x00, 0x79, 0xf8, 0xbd, 0x80, 0x41, 0x80, 0xa7, 0xe8, 0x65, + 0x3c, 0xa6, 0xe9, 0x1a, 0x5a, 0x90, 0x61, 0x9c, 0x23, 0xe0, + 0x2c, 0xe4, 0xd6, 0x07, 0xb0, 0x0c, 0x79, 0x24, 0x36, 0xfe), + chunk_from_chars(0x50, 0x6c, 0x74, 0x51, 0xe5, 0xee, 0x0f, 0xdc, 0xa4, 0x86, + 0x32, 0x94, 0x2f, 0x2b, 0xa4, 0x73, 0x04, 0xeb, 0x02, 0x10, + 0xf1, 0xfa, 0xc6, 0x6c, 0x62, 0x03, 0x65, 0xf7, 0x53, 0xef, + 0x70, 0x98, 0x9c, 0x40, 0xfe, 0x9f, 0xd5, 0x4d, 0x54, 0xa9, + 0xe4, 0xaa, 0x0b, 0x3f, 0x1a, 0xb7, 0x00, 0xaa, 0x6e, 0x9d, + 0x45, 0xbc, 0x7c, 0xe3, 0x2b, 0x88, 0xbb, 0xed, 0x53, 0x7e, + 0xcb, 0xc4, 0xf3, 0x77) +}; + +/** + * AES-192 no df test case 11 - count 0 + */ +drbg_test_vector_t drbg_ctr_aes192_6 = { + .type = DRBG_CTR_AES192, .strength = 192, + chunk_from_chars(0x7a, 0xa6, 0x0c, 0x5a, 0x25, 0x36, 0x0d, 0x8a, 0x0a, 0x9d, + 0x41, 0xe3, 0x4c, 0x76, 0xc4, 0xf1, 0x80, 0x71, 0xb5, 0x6a, + 0xc6, 0x73, 0xd4, 0xba, 0xac, 0xbe, 0xe7, 0x75, 0x49, 0xdd, + 0x36, 0x1d, 0xb6, 0x49, 0x6f, 0x90, 0x34, 0x51, 0x38, 0x88), + chunk_from_chars(0xe7, 0xb5, 0xcc, 0x99, 0xdd, 0xe3, 0x12, 0x31, 0x8e, 0xcb, + 0x2a, 0x3b, 0xc4, 0xee, 0x8c, 0x14, 0x76, 0x34, 0x5a, 0xd3, + 0xe8, 0x1b, 0x5d, 0x6d, 0xc0, 0xb7, 0x47, 0xb5, 0x90, 0xc0, + 0xd2, 0x1b, 0xe7, 0x31, 0x39, 0x8f, 0x82, 0x3a, 0xad, 0x02, + 0x31, 0x0e, 0x8e, 0x8d, 0xbc, 0x6a, 0xe5, 0x86, 0x62, 0x5d, + 0x75, 0x0f, 0x5a, 0x1c, 0xee, 0x76, 0x4a, 0x7e, 0x47, 0xa2, + 0xeb, 0x35, 0x5c, 0x5c, 0x94, 0xdd, 0xe9, 0x50, 0x06, 0x5f, + 0xb7, 0x55, 0x46, 0xff, 0x34, 0x7f, 0x7f, 0x17, 0x24, 0xeb), + chunk_from_chars(0x21, 0x46, 0x0b, 0xda, 0x25, 0xdc, 0xad, 0x96, 0xd2, 0x91, + 0x44, 0xc9, 0x12, 0xc6, 0x54, 0xe3, 0x07, 0xa0, 0xb5, 0x59, + 0xd7, 0x26, 0xc0, 0x51, 0x3e, 0x2f, 0x07, 0xa4, 0xe6, 0xca, + 0x0c, 0x44, 0x4e, 0xcb, 0x4f, 0xf6, 0xa9, 0x77, 0x88, 0x0c, + 0xba, 0x4b, 0xb9, 0x93, 0xb2, 0xd2, 0x87, 0x3d, 0xab, 0xd3, + 0x59, 0xa8, 0xc4, 0x93, 0xdc, 0x28, 0x38, 0xab, 0xb1, 0x0f, + 0x63, 0xd3, 0xa8, 0xe7) +}; + +/** + * AES-256 no df test case 1 - count 0 + */ +drbg_test_vector_t drbg_ctr_aes256_1 = { + .type = DRBG_CTR_AES256, .strength = 256, + { NULL, 0 }, + chunk_from_chars(0xe4, 0xbc, 0x23, 0xc5, 0x08, 0x9a, 0x19, 0xd8, 0x6f, 0x41, + 0x19, 0xcb, 0x3f, 0xa0, 0x8c, 0x0a, 0x49, 0x91, 0xe0, 0xa1, + 0xde, 0xf1, 0x7e, 0x10, 0x1e, 0x4c, 0x14, 0xd9, 0xc3, 0x23, + 0x46, 0x0a, 0x7c, 0x2f, 0xb5, 0x8e, 0x0b, 0x08, 0x6c, 0x6c, + 0x57, 0xb5, 0x5f, 0x56, 0xca, 0xe2, 0x5b, 0xad, 0xfd, 0x85, + 0xa8, 0x36, 0xbb, 0xa8, 0x50, 0x19, 0x88, 0x1e, 0x8c, 0x6b, + 0xad, 0x23, 0xc9, 0x06, 0x1a, 0xdc, 0x75, 0x47, 0x76, 0x59, + 0xac, 0xae, 0xa8, 0xe4, 0xa0, 0x1d, 0xfe, 0x07, 0xa1, 0x83, + 0x2d, 0xad, 0x1c, 0x13, 0x6f, 0x59, 0xd7, 0x0f, 0x86, 0x53, + 0xa5, 0xdc, 0x11, 0x86, 0x63, 0xd6), + chunk_from_chars(0xb2, 0xcb, 0x89, 0x05, 0xc0, 0x5e, 0x59, 0x50, 0xca, 0x31, + 0x89, 0x50, 0x96, 0xbe, 0x29, 0xea, 0x3d, 0x5a, 0x3b, 0x82, + 0xb2, 0x69, 0x49, 0x55, 0x54, 0xeb, 0x80, 0xfe, 0x07, 0xde, + 0x43, 0xe1, 0x93, 0xb9, 0xe7, 0xc3, 0xec, 0xe7, 0x3b, 0x80, + 0xe0, 0x62, 0xb1, 0xc1, 0xf6, 0x82, 0x02, 0xfb, 0xb1, 0xc5, + 0x2a, 0x04, 0x0e, 0xa2, 0x47, 0x88, 0x64, 0x29, 0x52, 0x82, + 0x23, 0x4a, 0xaa, 0xda) +}; + +/** + * AES-256 no df test case 3 - count 0 + */ +drbg_test_vector_t drbg_ctr_aes256_2 = { + .type = DRBG_CTR_AES256, .strength = 256, + chunk_from_chars(0x1d, 0x2b, 0xe6, 0xf2, 0x5e, 0x88, 0xfa, 0x30, 0xc4, 0xef, + 0x42, 0xe4, 0xd5, 0x4e, 0xfd, 0x95, 0x7d, 0xec, 0x23, 0x1f, + 0xa0, 0x01, 0x43, 0xca, 0x47, 0x58, 0x0b, 0xe6, 0x66, 0xa8, + 0xc1, 0x43, 0xa9, 0x16, 0xc9, 0x0b, 0x38, 0x19, 0xa0, 0xa7, + 0xea, 0x91, 0x4e, 0x3c, 0x9a, 0x2e, 0x7a, 0x3f), + chunk_from_chars(0xff, 0xad, 0x10, 0x10, 0x00, 0x25, 0xa8, 0x79, 0x67, 0x2f, + 0xf5, 0x03, 0x74, 0xb2, 0x86, 0x71, 0x2f, 0x45, 0x7d, 0xd0, + 0x14, 0x41, 0xd7, 0x6a, 0xc1, 0xa1, 0xcd, 0x15, 0xc7, 0x39, + 0x0d, 0xd9, 0x31, 0x79, 0xa2, 0xf5, 0x92, 0x0d, 0x19, 0x8b, + 0xf3, 0x4a, 0x1b, 0x76, 0xfb, 0xc2, 0x12, 0x89, 0x6c, 0x1a, + 0x08, 0x9c, 0xae, 0x31, 0x33, 0x63, 0xbc, 0x76, 0xa7, 0x80, + 0x13, 0x9e, 0xb4, 0xf2, 0xf2, 0x04, 0x8b, 0x1f, 0x6b, 0x07, + 0x89, 0x6c, 0x5c, 0x41, 0x2b, 0xff, 0x03, 0x85, 0x44, 0x0f, + 0xc4, 0x3b, 0x73, 0xfa, 0xcb, 0xb7, 0x9e, 0x3a, 0x25, 0x2f, + 0xa0, 0x1f, 0xe1, 0x7a, 0xb3, 0x91), + chunk_from_chars(0xe0, 0x53, 0xc7, 0xd4, 0xbd, 0x90, 0x99, 0xef, 0x6a, 0x99, + 0xf1, 0x90, 0xa5, 0xfd, 0x80, 0x21, 0x94, 0x37, 0xd6, 0x42, + 0x00, 0x66, 0x72, 0x33, 0x8d, 0xa6, 0xe0, 0xfe, 0x73, 0xca, + 0x4d, 0x24, 0xff, 0xa5, 0x11, 0x51, 0xbf, 0xbd, 0xac, 0x78, + 0xd8, 0xa2, 0xf6, 0x25, 0x50, 0x46, 0xed, 0xf5, 0x7a, 0x04, + 0x62, 0x6e, 0x99, 0x77, 0x13, 0x9c, 0x69, 0x33, 0x27, 0x42, + 0x99, 0xf3, 0xbd, 0xff) +}; + +/** + * AES-256 no df test case 5 - count 0 + */ +drbg_test_vector_t drbg_ctr_aes256_3 = { + .type = DRBG_CTR_AES256, .strength = 256, + { NULL, 0 }, + chunk_from_chars(0xfc, 0xa0, 0xb6, 0xe5, 0x57, 0xf5, 0x14, 0x30, 0xdd, 0x78, + 0x7a, 0xb4, 0xd3, 0x3f, 0x18, 0xd9, 0xae, 0xc2, 0x19, 0x62, + 0x9d, 0x1b, 0x83, 0x9a, 0x35, 0xca, 0xaf, 0xc8, 0x25, 0xab, + 0x55, 0xbe, 0x6a, 0x88, 0x03, 0x21, 0xbe, 0x58, 0xc1, 0x6e, + 0xac, 0xb9, 0x45, 0xb7, 0xbb, 0x7c, 0xad, 0xb7, 0x7b, 0x68, + 0x49, 0x23, 0xae, 0x50, 0x86, 0x6f, 0x71, 0x0d, 0x3b, 0x5b, + 0x2e, 0xdf, 0x24, 0x45, 0x59, 0x3f, 0xe6, 0x6d, 0x15, 0xf2, + 0xdc, 0x73, 0x5e, 0x2b, 0x0c, 0x27, 0x8f, 0x1c, 0xc9, 0x73, + 0x50, 0x75, 0xdd, 0x26, 0x8b, 0x91, 0x40, 0x8e, 0xf7, 0x3d, + 0x55, 0x04, 0x23, 0x54, 0x5a, 0xdc), + chunk_from_chars(0x29, 0x37, 0x56, 0x71, 0x40, 0x7b, 0x1a, 0x45, 0xb9, 0xfd, + 0x8b, 0x4f, 0x50, 0x7d, 0xda, 0x23, 0x48, 0x22, 0xd5, 0x57, + 0xe4, 0x8b, 0x9a, 0x52, 0x99, 0x7b, 0x13, 0x75, 0x7e, 0x0c, + 0x2f, 0x79, 0x6c, 0x87, 0x41, 0xf9, 0x4b, 0xc2, 0xbd, 0x0d, + 0x8c, 0x98, 0xe5, 0xe2, 0x5e, 0x4c, 0xee, 0x65, 0xe4, 0xdd, + 0x63, 0x4c, 0x98, 0xbc, 0x3b, 0x66, 0xfb, 0x62, 0x79, 0xf9, + 0x46, 0x8a, 0xc8, 0x41) +}; + +/** + * AES-256 no df test case 7 - count 0 + */ +drbg_test_vector_t drbg_ctr_aes256_4 = { + .type = DRBG_CTR_AES256, .strength = 256, + chunk_from_chars(0x71, 0x00, 0xbe, 0xe1, 0xf8, 0xca, 0x38, 0xf4, 0xf0, 0x7b, + 0x99, 0x10, 0xb1, 0x2b, 0xae, 0xce, 0x71, 0x52, 0x22, 0x66, + 0x3a, 0x1d, 0x5c, 0x16, 0x99, 0xb5, 0xd4, 0x02, 0x2c, 0x0e, + 0x0b, 0x1a, 0x49, 0xc9, 0x4b, 0x89, 0x8e, 0x53, 0x18, 0xf6, + 0x86, 0x1b, 0x43, 0xa8, 0xf1, 0xa4, 0xa8, 0x82), + chunk_from_chars(0x91, 0xe1, 0x5b, 0x57, 0x88, 0x61, 0x56, 0xd0, 0xea, 0xe2, + 0xed, 0xa3, 0x68, 0x7c, 0xc4, 0xb6, 0x17, 0x72, 0x56, 0x47, + 0xfc, 0x34, 0x23, 0xfb, 0x54, 0x8f, 0x18, 0x03, 0x38, 0x06, + 0x4a, 0xb6, 0x68, 0x98, 0x00, 0x50, 0x09, 0xc2, 0xc9, 0xc5, + 0xf7, 0xc4, 0x20, 0xd9, 0x9e, 0x4f, 0x35, 0x1a, 0x25, 0xda, + 0x97, 0x00, 0xe7, 0x98, 0x8a, 0x46, 0xb2, 0xfb, 0x44, 0x35, + 0x8f, 0xc3, 0xb1, 0x40, 0xaf, 0x96, 0xb9, 0xf8, 0x5c, 0xfc, + 0x74, 0x79, 0x78, 0xe8, 0x5a, 0xfc, 0xca, 0x0b, 0xcc, 0x02, + 0xe8, 0x07, 0xaf, 0x83, 0x0b, 0x3c, 0x0e, 0x69, 0x60, 0xa6, + 0x0b, 0xbc, 0x2d, 0xed, 0x89, 0x1b), + chunk_from_chars(0xea, 0xa8, 0x0c, 0x6f, 0x59, 0x0f, 0x28, 0xcc, 0x7b, 0x5e, + 0xdb, 0xd3, 0xd8, 0x64, 0x3a, 0x68, 0xf7, 0xe6, 0xde, 0x87, + 0x3b, 0x0b, 0x9d, 0x83, 0x9b, 0x0a, 0xb9, 0x6c, 0xa2, 0x48, + 0xbb, 0x4b, 0x92, 0x34, 0xb1, 0xc0, 0x65, 0x85, 0x7d, 0x93, + 0x6c, 0xe6, 0xdd, 0x0f, 0xc9, 0x2d, 0x6b, 0x3c, 0xf9, 0x8f, + 0x3a, 0x29, 0xc1, 0x6b, 0xb5, 0x49, 0xf6, 0xde, 0xa4, 0x22, + 0x12, 0x26, 0xe5, 0x50) +}; + +/** + * AES-256 no df test case 9 - count 0 + */ +drbg_test_vector_t drbg_ctr_aes256_5 = { + .type = DRBG_CTR_AES256, .strength = 256, + { NULL, 0 }, + chunk_from_chars(0x3f, 0xa9, 0x04, 0x74, 0x70, 0x34, 0xcc, 0x30, 0x93, 0xde, + 0xaa, 0xc4, 0x97, 0xe3, 0xc1, 0x43, 0xfa, 0x44, 0x00, 0xac, + 0xcf, 0xc5, 0x58, 0x85, 0x71, 0x7f, 0xa9, 0x43, 0xf4, 0x3c, + 0xba, 0xd1, 0xa8, 0x91, 0x68, 0xaa, 0x76, 0x96, 0x1e, 0x15, + 0x0e, 0x26, 0x49, 0xec, 0x1e, 0xd6, 0x73, 0x61, 0xc6, 0x0c, + 0x5b, 0x41, 0x5b, 0xad, 0x71, 0x54, 0x93, 0x48, 0x6b, 0x7a, + 0x12, 0x3b, 0xa6, 0xc0, 0x46, 0x08, 0x9e, 0x95, 0x49, 0xea, + 0x8b, 0xb2, 0x2a, 0x7a, 0xd4, 0x10, 0x8b, 0xec, 0x98, 0x11, + 0x7f, 0x75, 0x1a, 0x2e, 0x4c, 0xc2, 0x0b, 0x02, 0x51, 0x0d, + 0x2a, 0x3d, 0x02, 0x60, 0x5b, 0x4d), + chunk_from_chars(0xab, 0x2d, 0x70, 0x9d, 0xe8, 0x81, 0x16, 0x4b, 0x6c, 0x21, + 0x49, 0xb2, 0x1e, 0xae, 0x15, 0x17, 0xf8, 0x75, 0x61, 0x64, + 0x9e, 0x0d, 0xd9, 0xca, 0x5c, 0xe5, 0x51, 0xc5, 0xbd, 0x12, + 0xfd, 0xf7, 0x09, 0x1e, 0x08, 0x1d, 0x30, 0x71, 0x23, 0xae, + 0xc5, 0xae, 0x7c, 0x30, 0xaf, 0xd2, 0xa6, 0x4c, 0x8d, 0x13, + 0x6e, 0xa0, 0x7f, 0x7e, 0xc5, 0xed, 0xb4, 0x40, 0x0b, 0x9a, + 0x64, 0x45, 0x66, 0x42) +}; + +/** + * AES-256 no df test case 11 - count 0 + */ +drbg_test_vector_t drbg_ctr_aes256_6 = { + .type = DRBG_CTR_AES256, .strength = 256, + chunk_from_chars(0xda, 0x7c, 0x74, 0x2b, 0x40, 0x8d, 0xeb, 0x1b, 0x02, 0x6e, + 0xc5, 0xdf, 0xeb, 0x00, 0xdd, 0x07, 0x5f, 0x48, 0x06, 0x9c, + 0x18, 0x5e, 0x5d, 0x35, 0x5b, 0x09, 0xef, 0xf8, 0x8f, 0xcc, + 0xf2, 0x89, 0xef, 0x04, 0x52, 0x26, 0xc2, 0xe2, 0x99, 0x1e, + 0x20, 0xb0, 0x97, 0x64, 0x33, 0x99, 0x4c, 0x0d), + chunk_from_chars(0xa3, 0x68, 0x73, 0x75, 0x12, 0x9c, 0x98, 0x86, 0xea, 0x48, + 0xa2, 0xf4, 0x9b, 0xe3, 0x28, 0xdd, 0x2b, 0xcf, 0x46, 0x68, + 0x9a, 0x59, 0xde, 0x69, 0xa9, 0x29, 0xdc, 0xb0, 0x1e, 0x6b, + 0x79, 0xac, 0x96, 0xf9, 0x8d, 0xde, 0xd9, 0xe1, 0x38, 0x11, + 0xc2, 0x5c, 0x55, 0x59, 0x7b, 0xbd, 0x3f, 0x8b, 0x40, 0xca, + 0x11, 0x4f, 0x31, 0xa5, 0x45, 0xb9, 0x29, 0xc4, 0x22, 0x5d, + 0x0d, 0x21, 0x99, 0x74, 0x3a, 0x5d, 0xf3, 0x6a, 0x83, 0x61, + 0x89, 0x2d, 0x5c, 0xdf, 0x35, 0x21, 0x8e, 0xed, 0x63, 0x54, + 0xa6, 0x5c, 0xaf, 0x04, 0xd8, 0x61, 0xf6, 0x14, 0x75, 0x62, + 0x5b, 0x21, 0x5a, 0xc6, 0x38, 0x3c), + chunk_from_chars(0x47, 0xa4, 0x52, 0x1d, 0xd4, 0x5c, 0x7b, 0x72, 0xe3, 0x9b, + 0x7b, 0xb6, 0xbe, 0x14, 0xbf, 0xb4, 0x02, 0x9f, 0x33, 0xea, + 0x87, 0xbf, 0x11, 0xf1, 0x84, 0x1e, 0x01, 0xd3, 0x37, 0x2d, + 0x7a, 0x0c, 0x6d, 0x12, 0x89, 0xe0, 0xec, 0x60, 0x59, 0x9c, + 0x28, 0xc4, 0x0f, 0x38, 0x2f, 0x7d, 0xce, 0x33, 0xcf, 0x81, + 0x57, 0x55, 0x20, 0xbf, 0xf5, 0x58, 0x00, 0x87, 0xf3, 0x01, + 0x08, 0x80, 0xbd, 0xbc) +}; \ No newline at end of file diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/drbg_hmac.c b/src/libstrongswan/plugins/test_vectors/test_vectors/drbg_hmac.c new file mode 100644 index 000000000..d32685141 --- /dev/null +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/drbg_hmac.c @@ -0,0 +1,812 @@ +/* + * Copyright (C) 2019 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the Licenseor (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be usefulbut + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include + +/** + * NIST SP 800-90A DRBG HMAC Validation System (DRBGVS) + */ + +/** + * SHA-1 test case 1 - count 0 + */ +drbg_test_vector_t drbg_hmac_sha1_1 = { + .type = DRBG_HMAC_SHA1, .strength = 128, + { NULL, 0 }, + chunk_from_chars(0x79, 0x34, 0x9b, 0xbf, 0x7c, 0xdd, 0xa5, 0x79, 0x95, 0x57, + 0x86, 0x66, 0x21, 0xc9, 0x13, 0x83, 0x11, 0x46, 0x73, 0x3a, + 0xbf, 0x8c, 0x35, 0xc8, 0xc7, 0x21, 0x5b, 0x5b, 0x96, 0xc4, + 0x8e, 0x9b, 0x33, 0x8c, 0x74, 0xe3, 0xe9, 0x9d, 0xfe, 0xdf), + chunk_from_chars(0xc6, 0xa1, 0x6a, 0xb8, 0xd4, 0x20, 0x70, 0x6f, 0x0f, 0x34, + 0xab, 0x7f, 0xec, 0x5a, 0xdc, 0xa9, 0xd8, 0xca, 0x3a, 0x13, + 0x3e, 0x15, 0x9c, 0xa6, 0xac, 0x43, 0xc6, 0xf8, 0xa2, 0xbe, + 0x22, 0x83, 0x4a, 0x4c, 0x0a, 0x0a, 0xff, 0xb1, 0x0d, 0x71, + 0x94, 0xf1, 0xc1, 0xa5, 0xcf, 0x73, 0x22, 0xec, 0x1a, 0xe0, + 0x96, 0x4e, 0xd4, 0xbf, 0x12, 0x27, 0x46, 0xe0, 0x87, 0xfd, + 0xb5, 0xb3, 0xe9, 0x1b, 0x34, 0x93, 0xd5, 0xbb, 0x98, 0xfa, + 0xed, 0x49, 0xe8, 0x5f, 0x13, 0x0f, 0xc8, 0xa4, 0x59, 0xb7) +}; + +/** + * SHA-1 test case 3 - count 0 + */ +drbg_test_vector_t drbg_hmac_sha1_2 = { + .type = DRBG_HMAC_SHA1, .strength = 128, + chunk_from_chars(0xb2, 0x4e, 0x39, 0x2c, 0xb1, 0xf3, 0xc1, 0x8a, 0xf2, 0xcb, + 0x50, 0xfe, 0xac, 0x73, 0x3e, 0x32), + chunk_from_chars(0x11, 0xc0, 0xa7, 0xe1, 0x47, 0x2c, 0xec, 0x70, 0xfa, 0x8c, + 0x1c, 0xa1, 0x57, 0x59, 0xac, 0x5b, 0xb1, 0xc7, 0x3c, 0x22, + 0xdb, 0x39, 0xcd, 0x7b, 0xc6, 0xab, 0x59, 0xff, 0x70, 0x8a, + 0x5c, 0x1f, 0x59, 0x8e, 0x75, 0xdf, 0x06, 0x0e, 0x19, 0x81), + chunk_from_chars(0x07, 0x0e, 0x60, 0x3c, 0xd4, 0x8d, 0x56, 0x43, 0x0a, 0x5a, + 0xb4, 0x61, 0xa7, 0x51, 0xec, 0x2a, 0x4a, 0x6a, 0xa6, 0xfb, + 0x6e, 0xe5, 0x2e, 0xfe, 0x9a, 0x41, 0xe4, 0x61, 0x1e, 0xaf, + 0xdf, 0xc9, 0x57, 0x18, 0x4b, 0x47, 0xbb, 0xb0, 0x17, 0xe4, + 0x84, 0xac, 0x34, 0xc7, 0xde, 0x56, 0xcd, 0x78, 0x13, 0xfe, + 0xb3, 0x01, 0xb5, 0xbe, 0xfc, 0xe5, 0x73, 0xad, 0x0a, 0x25, + 0x4e, 0x6c, 0xfe, 0x35, 0xb7, 0x7c, 0x30, 0xbe, 0x6b, 0x7c, + 0xb5, 0xe7, 0xef, 0xa7, 0x28, 0x13, 0xc7, 0x54, 0x6b, 0xa5) +}; + +/** + * SHA-1 test case 5 - count 0 + */ +drbg_test_vector_t drbg_hmac_sha1_3 = { + .type = DRBG_HMAC_SHA1, .strength = 128, + { NULL, 0 }, + chunk_from_chars(0xe5, 0xa8, 0x13, 0x57, 0xb9, 0x12, 0x15, 0xdd, 0xa0, 0xa0, + 0x98, 0x6a, 0x3f, 0xf5, 0x12, 0x3f, 0x9c, 0x18, 0x38, 0xd7, + 0x36, 0x0e, 0x67, 0x4b, 0x59, 0x2d, 0xd2, 0x32, 0xac, 0x83, + 0xdb, 0x36, 0xab, 0xba, 0xcf, 0xb8, 0xc6, 0x40, 0xdc, 0x60), + chunk_from_chars(0xa4, 0xd1, 0x84, 0x3c, 0x7a, 0xf2, 0x08, 0xf7, 0x70, 0xf8, + 0xb5, 0xac, 0xf6, 0x45, 0x28, 0x86, 0x6d, 0x51, 0xe7, 0x31, + 0xed, 0x5e, 0xbc, 0x75, 0x6e, 0x81, 0xef, 0xe8, 0xfb, 0x8f, + 0x9c, 0x9a, 0xf8, 0x9d, 0x52, 0xe8, 0xe8, 0xd1, 0xc0, 0x14, + 0x1e, 0xbe, 0xbc, 0x18, 0xb1, 0xca, 0x78, 0xc7, 0x8a, 0x2f, + 0x21, 0xcb, 0x90, 0x9d, 0x5b, 0xac, 0x3b, 0x6a, 0xe6, 0x0c, + 0x4a, 0x2f, 0xf4, 0x17, 0x6b, 0x14, 0x90, 0x5e, 0x4a, 0xfa, + 0x3b, 0xa9, 0xe4, 0x58, 0x21, 0x6d, 0x57, 0x20, 0xce, 0x83) +}; + +/** + * SHA-1 test case 7 - count 0 + */ +drbg_test_vector_t drbg_hmac_sha1_4 = { + .type = DRBG_HMAC_SHA1, .strength = 128, + chunk_from_chars(0x12, 0x91, 0x26, 0xc1, 0x6d, 0x99, 0xa6, 0x84, 0xf3, 0xcb, + 0x47, 0xe7, 0xff, 0xb2, 0x07, 0xac), + chunk_from_chars(0x12, 0xbf, 0xb2, 0xbf, 0xf5, 0x78, 0x11, 0x28, 0x96, 0x7e, + 0x9c, 0xe4, 0xd4, 0x29, 0x45, 0x3c, 0x5a, 0xab, 0x2b, 0xe4, + 0xe9, 0x2e, 0xc8, 0x55, 0xfa, 0x8b, 0x0d, 0xa2, 0xcd, 0x50, + 0x31, 0x43, 0x3d, 0x64, 0x31, 0x0b, 0xa4, 0x4d, 0x47, 0xe4), + chunk_from_chars(0x76, 0x6c, 0x4a, 0x16, 0x70, 0xde, 0xe6, 0x3e, 0xe3, 0xaa, + 0xfb, 0x60, 0x39, 0xe8, 0x6e, 0xc5, 0xca, 0x28, 0x90, 0x53, + 0x19, 0x74, 0xe7, 0x0f, 0xed, 0xb3, 0xc0, 0x21, 0x8b, 0x08, + 0xfa, 0xca, 0x07, 0xdd, 0xfa, 0xaf, 0xf0, 0xa7, 0x7f, 0x0a, + 0xe4, 0x77, 0x62, 0xb0, 0xe1, 0xb3, 0x1c, 0x5f, 0xb0, 0x36, + 0xdc, 0xa4, 0x13, 0xfb, 0x96, 0xf6, 0xe0, 0xec, 0x6a, 0xb7, + 0xdb, 0xcb, 0xb5, 0x58, 0xaa, 0x5d, 0x94, 0xf4, 0x29, 0xc3, + 0x8e, 0x0f, 0xd7, 0xb3, 0x9f, 0x12, 0x72, 0x1c, 0x99, 0x35) +}; + +/** + * SHA-1 test case 9 - count 0 + */ +drbg_test_vector_t drbg_hmac_sha1_5 = { + .type = DRBG_HMAC_SHA1, .strength = 128, + { NULL, 0 }, + chunk_from_chars(0x23, 0xbe, 0xc0, 0x2f, 0x58, 0xa3, 0xa8, 0xd9, 0xd9, 0xfb, + 0x36, 0x8d, 0xd2, 0x62, 0x8c, 0x56, 0xee, 0xda, 0xa5, 0x0c, + 0xea, 0x71, 0x25, 0x46, 0x4d, 0x46, 0x6a, 0x36, 0x08, 0xa4, + 0xac, 0xdb, 0xd6, 0xa5, 0xa7, 0xa7, 0x53, 0xa1, 0x5f, 0x9b), + chunk_from_chars(0x98, 0x7f, 0x5c, 0xa0, 0xb5, 0x9d, 0x6f, 0xd1, 0xde, 0x8d, + 0x7e, 0xbb, 0x07, 0xc0, 0xd9, 0x88, 0xe2, 0x46, 0xc3, 0x0f, + 0xea, 0x5d, 0xbf, 0x5c, 0xdd, 0x5b, 0xbe, 0xf7, 0xca, 0x45, + 0x30, 0x18, 0xe2, 0xba, 0xcb, 0xf7, 0x97, 0x7f, 0x49, 0x4c, + 0xa9, 0xbf, 0x5c, 0x12, 0x80, 0x55, 0xe4, 0x1a, 0xb8, 0xf7, + 0xda, 0x93, 0xd8, 0xbb, 0xfa, 0xf9, 0x04, 0x4b, 0x09, 0x4a, + 0x6e, 0xdd, 0x0d, 0x72, 0x96, 0x3f, 0x83, 0xa3, 0xd1, 0xf4, + 0x17, 0xfc, 0x8f, 0x5b, 0x72, 0x39, 0x11, 0xec, 0xa0, 0x62) +}; + +/** + * SHA-1 test case 11 - count 0 + */ +drbg_test_vector_t drbg_hmac_sha1_6 = { + .type = DRBG_HMAC_SHA1, .strength = 128, + chunk_from_chars(0x99, 0x9d, 0x6d, 0xa3, 0xb5, 0xdd, 0x45, 0x2c, 0x4b, 0xd9, + 0x72, 0x01, 0x7b, 0x3f, 0xa1, 0x35), + chunk_from_chars(0x91, 0x11, 0xd8, 0xc3, 0x3f, 0x0f, 0x58, 0x53, 0x47, 0xd5, + 0x13, 0x54, 0xab, 0xa7, 0xaa, 0x15, 0xbd, 0x05, 0xff, 0x4f, + 0xcb, 0x05, 0x8d, 0xe3, 0x84, 0x47, 0xd0, 0x6c, 0x5f, 0xdb, + 0x5c, 0xf2, 0xad, 0xd7, 0x7b, 0xc5, 0x69, 0xe8, 0x94, 0x4b), + chunk_from_chars(0x69, 0x7d, 0x46, 0x8a, 0xcc, 0xc5, 0x26, 0x55, 0x81, 0x98, + 0xa0, 0xd0, 0xaf, 0x81, 0x85, 0x0b, 0xb9, 0x91, 0x0b, 0x70, + 0x51, 0x8c, 0x86, 0xa7, 0xf9, 0x9b, 0x7b, 0x82, 0x65, 0x79, + 0x66, 0xa0, 0x5c, 0x73, 0x89, 0x0c, 0x3a, 0xf4, 0x81, 0x52, + 0x04, 0x5e, 0x66, 0x9a, 0xfd, 0xca, 0x08, 0x07, 0x39, 0x72, + 0x1f, 0xc2, 0xbd, 0xd4, 0x9f, 0x90, 0xa1, 0xe5, 0x65, 0xa6, + 0x90, 0x69, 0x23, 0x6e, 0x83, 0xe5, 0xe1, 0xde, 0x6c, 0x91, + 0xbe, 0x64, 0x02, 0x0a, 0x9a, 0x95, 0xa2, 0xb7, 0x49, 0x82) +}; + +/** + * SHA-256 test case 1 - count 0 + */ +drbg_test_vector_t drbg_hmac_sha256_1 = { + .type = DRBG_HMAC_SHA256, .strength = 256, + { NULL, 0 }, + chunk_from_chars(0x06, 0x03, 0x2c, 0xd5, 0xee, 0xd3, 0x3f, 0x39, 0x26, 0x5f, + 0x49, 0xec, 0xb1, 0x42, 0xc5, 0x11, 0xda, 0x9a, 0xff, 0x2a, + 0xf7, 0x12, 0x03, 0xbf, 0xfa, 0xf3, 0x4a, 0x9c, 0xa5, 0xbd, + 0x9c, 0x0d, 0x0e, 0x66, 0xf7, 0x1e, 0xdc, 0x43, 0xe4, 0x2a, + 0x45, 0xad, 0x3c, 0x6f, 0xc6, 0xcd, 0xc4, 0xdf, 0x01, 0x92, + 0x0a, 0x4e, 0x66, 0x9e, 0xd3, 0xa8, 0x5a, 0xe8, 0xa3, 0x3b, + 0x35, 0xa7, 0x4a, 0xd7, 0xfb, 0x2a, 0x6b, 0xb4, 0xcf, 0x39, + 0x5c, 0xe0, 0x03, 0x34, 0xa9, 0xc9, 0xa5, 0xa5, 0xd5, 0x52), + chunk_from_chars(0x76, 0xfc, 0x79, 0xfe, 0x9b, 0x50, 0xbe, 0xcc, 0xc9, 0x91, + 0xa1, 0x1b, 0x56, 0x35, 0x78, 0x3a, 0x83, 0x53, 0x6a, 0xdd, + 0x03, 0xc1, 0x57, 0xfb, 0x30, 0x64, 0x5e, 0x61, 0x1c, 0x28, + 0x98, 0xbb, 0x2b, 0x1b, 0xc2, 0x15, 0x00, 0x02, 0x09, 0x20, + 0x8c, 0xd5, 0x06, 0xcb, 0x28, 0xda, 0x2a, 0x51, 0xbd, 0xb0, + 0x38, 0x26, 0xaa, 0xf2, 0xbd, 0x23, 0x35, 0xd5, 0x76, 0xd5, + 0x19, 0x16, 0x08, 0x42, 0xe7, 0x15, 0x8a, 0xd0, 0x94, 0x9d, + 0x1a, 0x9e, 0xc3, 0xe6, 0x6e, 0xa1, 0xb1, 0xa0, 0x64, 0xb0, + 0x05, 0xde, 0x91, 0x4e, 0xac, 0x2e, 0x9d, 0x4f, 0x2d, 0x72, + 0xa8, 0x61, 0x6a, 0x80, 0x22, 0x54, 0x22, 0x91, 0x82, 0x50, + 0xff, 0x66, 0xa4, 0x1b, 0xd2, 0xf8, 0x64, 0xa6, 0xa3, 0x8c, + 0xc5, 0xb6, 0x49, 0x9d, 0xc4, 0x3f, 0x7f, 0x2b, 0xd0, 0x9e, + 0x1e, 0x0f, 0x8f, 0x58, 0x85, 0x93, 0x51, 0x24) +}; + +/** + * SHA-256 test case 3 - count 0 + */ +drbg_test_vector_t drbg_hmac_sha256_2 = { + .type = DRBG_HMAC_SHA256, .strength = 256, + chunk_from_chars(0xf2, 0xe5, 0x8f, 0xe6, 0x0a, 0x3a, 0xfc, 0x59, 0xda, 0xd3, + 0x75, 0x95, 0x41, 0x5f, 0xfd, 0x31, 0x8c, 0xcf, 0x69, 0xd6, + 0x77, 0x80, 0xf6, 0xfa, 0x07, 0x97, 0xdc, 0x9a, 0xa4, 0x3e, + 0x14, 0x4c), + chunk_from_chars(0xfa, 0x0e, 0xe1, 0xfe, 0x39, 0xc7, 0xc3, 0x90, 0xaa, 0x94, + 0x15, 0x9d, 0x0d, 0xe9, 0x75, 0x64, 0x34, 0x2b, 0x59, 0x17, + 0x77, 0xf3, 0xe5, 0xf6, 0xa4, 0xba, 0x2a, 0xea, 0x34, 0x2e, + 0xc8, 0x40, 0xdd, 0x08, 0x20, 0x65, 0x5c, 0xb2, 0xff, 0xdb, + 0x0d, 0xa9, 0xe9, 0x31, 0x0a, 0x67, 0xc9, 0xe5, 0xe0, 0x62, + 0x9b, 0x6d, 0x79, 0x75, 0xdd, 0xfa, 0x96, 0xa3, 0x99, 0x64, + 0x87, 0x40, 0xe6, 0x0f, 0x1f, 0x95, 0x57, 0xdc, 0x58, 0xb3, + 0xd7, 0x41, 0x5f, 0x9b, 0xa9, 0xd4, 0xdb, 0xb5, 0x01, 0xf6), + chunk_from_chars(0xf9, 0x2d, 0x4c, 0xf9, 0x9a, 0x53, 0x5b, 0x20, 0x22, 0x2a, + 0x52, 0xa6, 0x8d, 0xb0, 0x4c, 0x5a, 0xf6, 0xf5, 0xff, 0xc7, + 0xb6, 0x6a, 0x47, 0x3a, 0x37, 0xa2, 0x56, 0xbd, 0x8d, 0x29, + 0x8f, 0x9b, 0x4a, 0xa4, 0xaf, 0x7e, 0x8d, 0x18, 0x1e, 0x02, + 0x36, 0x79, 0x03, 0xf9, 0x3b, 0xdb, 0x74, 0x4c, 0x6c, 0x2f, + 0x3f, 0x34, 0x72, 0x62, 0x6b, 0x40, 0xce, 0x9b, 0xd6, 0xa7, + 0x0e, 0x7b, 0x8f, 0x93, 0x99, 0x2a, 0x16, 0xa7, 0x6f, 0xab, + 0x6b, 0x5f, 0x16, 0x25, 0x68, 0xe0, 0x8e, 0xe6, 0xc3, 0xe8, + 0x04, 0xae, 0xfd, 0x95, 0x2d, 0xdd, 0x3a, 0xcb, 0x79, 0x1c, + 0x50, 0xf2, 0xad, 0x69, 0xe9, 0xa0, 0x40, 0x28, 0xa0, 0x6a, + 0x9c, 0x01, 0xd3, 0xa6, 0x2a, 0xca, 0x2a, 0xaf, 0x6e, 0xfe, + 0x69, 0xed, 0x97, 0xa0, 0x16, 0x21, 0x3a, 0x2d, 0xd6, 0x42, + 0xb4, 0x88, 0x67, 0x64, 0x07, 0x2d, 0x9c, 0xbe) +}; + +/** + * SHA-256 test case 5 - count 0 + */ +drbg_test_vector_t drbg_hmac_sha256_3 = { + .type = DRBG_HMAC_SHA256, .strength = 256, + { NULL, 0 }, + chunk_from_chars(0xff, 0x0c, 0xdd, 0x55, 0x5c, 0x60, 0x46, 0x47, 0x60, 0xb2, + 0x89, 0xb7, 0xbc, 0x1f, 0x81, 0x1a, 0x41, 0xff, 0xf7, 0x2d, + 0xe5, 0x90, 0x83, 0x85, 0x8c, 0x02, 0x0a, 0x10, 0x53, 0xbd, + 0xc7, 0x4a, 0x7b, 0xc0, 0x99, 0x28, 0x5a, 0xd5, 0x62, 0x19, + 0x93, 0xb6, 0x39, 0xc4, 0xa9, 0x4c, 0x37, 0x6b, 0x14, 0xfc, + 0x6c, 0x9b, 0x17, 0x8d, 0xb6, 0x44, 0xa8, 0xcd, 0x71, 0x30, + 0xa4, 0xcf, 0x05, 0x16, 0x78, 0xc8, 0xf4, 0xfa, 0x8f, 0x24, + 0xc2, 0x7b, 0x0a, 0x53, 0x13, 0x38, 0xa5, 0xce, 0x85, 0x89), + chunk_from_chars(0x2f, 0x26, 0x20, 0x34, 0x7b, 0xdd, 0xca, 0xa2, 0x94, 0x36, + 0x85, 0x34, 0x6b, 0xbf, 0x31, 0xc4, 0x40, 0x81, 0xf8, 0x66, + 0x5f, 0x3d, 0xdb, 0x2b, 0x42, 0xae, 0x14, 0x16, 0xa7, 0x4c, + 0x4b, 0x77, 0xfa, 0xb3, 0xfa, 0x19, 0xae, 0xec, 0xc5, 0x47, + 0xe7, 0x6c, 0x8c, 0xbe, 0x6a, 0xd1, 0xf1, 0x00, 0xa3, 0xfc, + 0x8b, 0x2c, 0xe2, 0xa1, 0xea, 0x3a, 0x3d, 0xd7, 0xcf, 0xad, + 0x46, 0xc1, 0xb2, 0x78, 0x30, 0xb9, 0x40, 0xba, 0x18, 0xd0, + 0x9e, 0x9b, 0x7f, 0xa9, 0x02, 0xbb, 0x76, 0x06, 0x69, 0xb1, + 0x73, 0x5c, 0xc7, 0xb7, 0xbd, 0x39, 0x05, 0x2d, 0xa7, 0xf2, + 0x62, 0x6f, 0xa8, 0x70, 0x00, 0xcf, 0xfa, 0xda, 0x41, 0x00, + 0x19, 0xd0, 0x53, 0x38, 0x6a, 0xd8, 0x08, 0xbd, 0x3c, 0x0c, + 0xfc, 0xf5, 0x6b, 0x91, 0x87, 0x9e, 0xb8, 0xd3, 0xf9, 0x32, + 0xee, 0x2d, 0x18, 0x5e, 0x54, 0xf3, 0x1b, 0x74) +}; + +/** + * SHA-256 test case 7 - count 0 + */ +drbg_test_vector_t drbg_hmac_sha256_4 = { + .type = DRBG_HMAC_SHA256, .strength = 256, + chunk_from_chars(0x40, 0x93, 0x3f, 0xdc, 0xce, 0x41, 0x59, 0xb0, 0x95, 0x51, + 0x11, 0xf8, 0x44, 0x47, 0x1b, 0x0d, 0xb8, 0x5b, 0x73, 0xbd, + 0xd2, 0xb7, 0x8c, 0x46, 0x8d, 0xd3, 0x9e, 0x2a, 0x9b, 0x29, + 0xae, 0xf2), + chunk_from_chars(0x28, 0xba, 0x1a, 0x66, 0x16, 0x32, 0xef, 0xc8, 0xec, 0xce, + 0xd5, 0xf5, 0x1b, 0x79, 0x13, 0x00, 0xfb, 0x3b, 0x55, 0xb0, + 0x5d, 0x04, 0x17, 0x08, 0x63, 0x8d, 0xe4, 0xbe, 0xb7, 0x57, + 0xa9, 0xe5, 0x76, 0x82, 0x87, 0x96, 0xaf, 0xf0, 0x7f, 0x55, + 0x79, 0x5c, 0xb5, 0x47, 0x13, 0xc7, 0x7e, 0xd4, 0xa5, 0xf5, + 0x42, 0xb0, 0x4a, 0xaa, 0x5d, 0xbc, 0x93, 0x1e, 0x47, 0x01, + 0x9f, 0xeb, 0x38, 0x96, 0x26, 0x16, 0xc5, 0x7a, 0xf0, 0x9b, + 0x7c, 0x1d, 0xf8, 0x3f, 0x2b, 0x86, 0x0f, 0xf7, 0x65, 0x86), + chunk_from_chars(0x65, 0xe5, 0xaa, 0x47, 0xb3, 0x85, 0xf1, 0xea, 0x42, 0xb2, + 0x31, 0xb9, 0xfe, 0x74, 0x42, 0x53, 0xb8, 0x59, 0x88, 0x59, + 0xd7, 0x01, 0x1e, 0x52, 0x5f, 0x5a, 0x2a, 0x1a, 0xd3, 0x2a, + 0x97, 0x2a, 0x85, 0x08, 0x02, 0xc6, 0x0a, 0x2b, 0xe1, 0x9b, + 0xe2, 0x70, 0x06, 0x3a, 0x3c, 0xfb, 0xea, 0xae, 0x95, 0x4f, + 0x10, 0xb1, 0x22, 0x35, 0x2d, 0xe6, 0xa0, 0x8a, 0xc4, 0x10, + 0xe0, 0x99, 0x16, 0x53, 0xaa, 0xb2, 0x71, 0xb3, 0x60, 0xfe, + 0x91, 0x91, 0xcf, 0x5a, 0xdd, 0xcc, 0xcc, 0xed, 0x8c, 0x4a, + 0xcf, 0xb6, 0x14, 0x57, 0x04, 0x99, 0x92, 0x98, 0x8f, 0xd7, + 0xa9, 0xac, 0xca, 0x1f, 0x1b, 0xca, 0x35, 0xf1, 0x47, 0x58, + 0x13, 0x69, 0x4a, 0x39, 0x98, 0x8e, 0x5f, 0xac, 0x9f, 0x4a, + 0xc0, 0x57, 0x22, 0x86, 0xbc, 0x46, 0x25, 0x82, 0xad, 0x0a, + 0xf7, 0x8a, 0xb3, 0xb8, 0x5e, 0xc1, 0x7a, 0x25) +}; + +/** + * SHA-256 test case 9 - count 0 + */ +drbg_test_vector_t drbg_hmac_sha256_5 = { + .type = DRBG_HMAC_SHA256, .strength = 256, + { NULL, 0 }, + chunk_from_chars(0x6a, 0xe8, 0x03, 0x03, 0x29, 0x23, 0x91, 0x33, 0x5b, 0xf9, + 0xc9, 0x38, 0x7f, 0xbd, 0x3b, 0xf6, 0x15, 0x75, 0x6c, 0x9c, + 0x27, 0xc3, 0x47, 0x8c, 0x87, 0xe2, 0x60, 0xcf, 0x97, 0xd4, + 0x71, 0x10, 0x01, 0xe1, 0x62, 0x47, 0xdd, 0x4c, 0xae, 0x64, + 0x99, 0x33, 0x7d, 0x82, 0x78, 0x4e, 0xa5, 0x7f, 0x03, 0x57, + 0x02, 0xef, 0x4e, 0x11, 0x2b, 0x17, 0x31, 0x12, 0xc5, 0x85, + 0x1d, 0x07, 0xb2, 0x79, 0x30, 0x98, 0x63, 0x74, 0x0d, 0x38, + 0xd0, 0xd0, 0x72, 0x02, 0x23, 0xe2, 0x40, 0x17, 0xbb, 0xc0), + chunk_from_chars(0xcf, 0x43, 0x15, 0x59, 0x8f, 0xcd, 0x6a, 0xf1, 0x31, 0x55, + 0x18, 0xc4, 0xbf, 0xba, 0xc0, 0x54, 0x0c, 0x58, 0x96, 0x35, + 0x27, 0x35, 0x48, 0xa7, 0xb5, 0x07, 0xe7, 0xd2, 0xe6, 0x85, + 0xe5, 0x94, 0x7b, 0x87, 0xae, 0x25, 0x7e, 0x58, 0xfa, 0xf2, + 0x14, 0xf2, 0xb5, 0x8e, 0xd1, 0x0c, 0x3b, 0xd3, 0x5f, 0x75, + 0xf6, 0xc3, 0x5d, 0xd6, 0xd4, 0x41, 0xc9, 0x3b, 0xcd, 0x42, + 0xe7, 0x17, 0x20, 0x10, 0x26, 0x31, 0xb1, 0xa6, 0xa4, 0xba, + 0x24, 0x7c, 0x17, 0x5e, 0xd8, 0x00, 0xcf, 0xca, 0x6e, 0x1e, + 0x83, 0x9b, 0x5a, 0xa9, 0x07, 0x60, 0x4c, 0xcf, 0xe6, 0xf9, + 0x84, 0xf6, 0x82, 0x2e, 0x00, 0x1a, 0xb0, 0x2d, 0xd6, 0x63, + 0x49, 0x64, 0xf7, 0x89, 0xcb, 0x10, 0x7a, 0x97, 0x73, 0x46, + 0x69, 0x3f, 0x32, 0x44, 0xc8, 0x95, 0xe8, 0x40, 0xdf, 0xa0, + 0xed, 0xf7, 0xf1, 0x4d, 0xc6, 0x1d, 0x79, 0x4f) +}; + +/** + * SHA-256 test case 11 - count 0 + */ +drbg_test_vector_t drbg_hmac_sha256_6 = { + .type = DRBG_HMAC_SHA256, .strength = 256, + chunk_from_chars(0x9f, 0x16, 0x99, 0xc9, 0x9d, 0x60, 0xb0, 0x85, 0xbc, 0x61, + 0xcb, 0x11, 0x0e, 0xf8, 0xab, 0x59, 0x0d, 0x82, 0xa9, 0x70, + 0x02, 0x1c, 0x3c, 0x6a, 0x5d, 0x48, 0x02, 0x1c, 0x45, 0xde, + 0x49, 0x56), + chunk_from_chars(0x63, 0x3d, 0x32, 0xe3, 0x00, 0x5f, 0x78, 0x11, 0x47, 0x23, + 0xb3, 0xea, 0x5a, 0xc1, 0x21, 0xba, 0x74, 0xaa, 0x00, 0xc5, + 0x2d, 0x93, 0x96, 0x67, 0xe3, 0x0c, 0x33, 0x51, 0xb3, 0x85, + 0x49, 0xf7, 0x37, 0xaf, 0xff, 0x50, 0x4a, 0x2d, 0x8a, 0xc1, + 0x68, 0xc6, 0x8e, 0x24, 0xd0, 0xfe, 0x66, 0xf6, 0x3e, 0x33, + 0x47, 0xc5, 0x47, 0xf1, 0x7f, 0x4d, 0x0b, 0x9f, 0x46, 0x40, + 0x5a, 0x54, 0xee, 0xdd, 0x7e, 0x98, 0x0d, 0x06, 0xa2, 0x15, + 0xec, 0x15, 0xe8, 0x93, 0x16, 0xab, 0x74, 0x3b, 0x75, 0x47), + chunk_from_chars(0x6e, 0x38, 0xe8, 0x29, 0x62, 0xd7, 0x07, 0xce, 0x9a, 0x6a, + 0xc3, 0x83, 0xa7, 0x38, 0xa7, 0x48, 0xf9, 0x75, 0xeb, 0x78, + 0x56, 0x11, 0xfa, 0xd5, 0xe3, 0xf5, 0xa4, 0xfe, 0x44, 0xd7, + 0xb5, 0x9a, 0x98, 0x13, 0x7a, 0x2b, 0xcd, 0xc3, 0x5f, 0x9e, + 0xe9, 0xa1, 0xe2, 0x1b, 0xb1, 0x7d, 0xf1, 0x66, 0x5c, 0xd1, + 0x39, 0x76, 0x25, 0xa1, 0x77, 0x24, 0x7e, 0x2e, 0x32, 0x9a, + 0x66, 0x01, 0x40, 0x63, 0x61, 0x41, 0x56, 0x06, 0x10, 0xa3, + 0x68, 0xbf, 0xd4, 0x99, 0xc2, 0xe2, 0x5b, 0xe3, 0x18, 0xaa, + 0x4d, 0xa9, 0xe7, 0xa3, 0x52, 0xd1, 0x15, 0xdb, 0x82, 0x82, + 0xed, 0x8d, 0x79, 0xec, 0xf9, 0xcd, 0x82, 0x03, 0x60, 0xd3, + 0xd2, 0xd1, 0xa5, 0x8a, 0x93, 0xe0, 0x40, 0xf5, 0x55, 0x48, + 0x87, 0xce, 0x6c, 0x98, 0x58, 0xbc, 0x2b, 0xb1, 0x02, 0x24, + 0x99, 0x80, 0xa8, 0x58, 0x49, 0x8a, 0xbc, 0xda) +}; + +/** + * SHA-384 test case 1 - count 0 + */ +drbg_test_vector_t drbg_hmac_sha384_1 = { + .type = DRBG_HMAC_SHA384, .strength = 256, + { NULL, 0 }, + chunk_from_chars(0x09, 0x63, 0x49, 0x50, 0x6f, 0x3a, 0x76, 0x53, 0xd5, 0x4d, + 0xb7, 0xec, 0x1d, 0x09, 0xe9, 0x34, 0x13, 0xed, 0xd1, 0x75, + 0xb6, 0xdd, 0xbe, 0xb0, 0x0e, 0x56, 0x75, 0x2a, 0x52, 0x0a, + 0xc8, 0xff, 0xfc, 0x79, 0x83, 0xb9, 0x18, 0xac, 0xad, 0xaa, + 0x71, 0xa6, 0x7e, 0x16, 0x24, 0xf1, 0xb5, 0x02, 0x42, 0x60, + 0xa0, 0x49, 0x5f, 0xda, 0xba, 0x58, 0xaa, 0xe4, 0x1d, 0xf8, + 0x25, 0x05, 0x01, 0x2d, 0x48, 0x0c, 0x8e, 0x4f, 0x75, 0x1f, + 0xd7, 0xeb, 0xc3, 0x9f, 0x9b, 0xec, 0xd6, 0x94, 0xb2, 0xa3), + chunk_from_chars(0xf4, 0xc7, 0xbe, 0xc0, 0xc2, 0x6c, 0xf3, 0x89, 0x2d, 0x21, + 0x45, 0x49, 0xac, 0x6f, 0x3d, 0x82, 0xf3, 0x4c, 0x69, 0x66, + 0xd4, 0x29, 0x50, 0x99, 0xee, 0x56, 0x16, 0x6e, 0x87, 0x9a, + 0x70, 0xec, 0xae, 0x13, 0x02, 0x51, 0xfa, 0xcd, 0xa3, 0x51, + 0xe9, 0x03, 0xd8, 0x77, 0xb6, 0xc5, 0xea, 0xb5, 0x15, 0x3c, + 0xe8, 0x7b, 0xa6, 0xc7, 0xcf, 0x8b, 0xcc, 0x61, 0xcb, 0xd1, + 0x4c, 0xfb, 0xe3, 0x4c, 0xf1, 0xed, 0x43, 0x67, 0x8a, 0xee, + 0x69, 0xcd, 0x87, 0xb6, 0x0e, 0x6b, 0xcb, 0x6f, 0xf4, 0x8e, + 0xbd, 0x44, 0xce, 0x9e, 0x31, 0x98, 0x2d, 0x8f, 0xe2, 0x0a, + 0xec, 0x34, 0xfa, 0x51, 0xd6, 0x25, 0xf8, 0x45, 0xf6, 0x10, + 0x56, 0x57, 0x59, 0x69, 0xbf, 0x78, 0x5c, 0x2f, 0xfa, 0xb4, + 0xdc, 0xc7, 0x54, 0xf1, 0x3d, 0xe6, 0x34, 0x23, 0xe9, 0x4b, + 0xad, 0x8d, 0x5e, 0x16, 0x6d, 0x96, 0xa6, 0x2a, 0x60, 0x2d, + 0x3e, 0xe4, 0x04, 0x5d, 0xf1, 0x62, 0x02, 0x8b, 0x89, 0xca, + 0xc4, 0x5e, 0x62, 0x07, 0xd9, 0x09, 0x7f, 0x2b, 0x3a, 0xc0, + 0xab, 0x17, 0x72, 0x92, 0x51, 0x98, 0x5f, 0x27, 0x6f, 0x12, + 0x87, 0xf5, 0xc5, 0x6c, 0xc9, 0xba, 0x1a, 0x79, 0xfb, 0xdb, + 0xb2, 0x91, 0xf3, 0xa9, 0x45, 0xfb, 0xfd, 0xbd, 0x63, 0xcf, + 0x13, 0xb8, 0x2e, 0xc9, 0x1f, 0x7b, 0x10, 0x85, 0xb3, 0x32, + 0x79, 0xe3) +}; + +/** + * SHA-384 test case 3 - count 0 + */ +drbg_test_vector_t drbg_hmac_sha384_2 = { + .type = DRBG_HMAC_SHA384, .strength = 256, + chunk_from_chars(0x43, 0xbf, 0x6f, 0x32, 0xb3, 0xb5, 0xf5, 0x80, 0xb5, 0x41, + 0x79, 0xe4, 0x10, 0x2d, 0x06, 0x35, 0x36, 0xe7, 0xc4, 0x76, + 0x81, 0xd6, 0xde, 0x3c, 0xfe, 0x88, 0xfd, 0x8e, 0xc6, 0x6e, + 0x48, 0x73), + chunk_from_chars(0x4d, 0x95, 0xf3, 0x1b, 0x96, 0x06, 0xa5, 0xf6, 0xd0, 0x4d, + 0xff, 0x1d, 0x89, 0xb5, 0x0b, 0xec, 0xfd, 0x08, 0x82, 0xe6, + 0xcf, 0x51, 0xc1, 0xc5, 0xd2, 0x4a, 0xd8, 0x43, 0xbc, 0x12, + 0xd9, 0x77, 0xeb, 0xa4, 0x58, 0x2c, 0x39, 0xd7, 0x93, 0xa6, + 0x3e, 0xad, 0xb6, 0x3f, 0x29, 0x25, 0x68, 0xc7, 0xfc, 0x42, + 0x70, 0xe6, 0xc9, 0xae, 0xc8, 0x31, 0x86, 0xa2, 0x08, 0x19, + 0xa7, 0xd3, 0x5e, 0x7f, 0x11, 0x55, 0xea, 0x10, 0x87, 0x94, + 0x30, 0x2d, 0x59, 0x3c, 0x53, 0xce, 0x9d, 0x25, 0x42, 0x2b), + chunk_from_chars(0xe9, 0x91, 0xd0, 0x00, 0xb2, 0x4e, 0xbd, 0xf8, 0x38, 0xba, + 0x11, 0xf9, 0x84, 0x95, 0x91, 0xb0, 0x02, 0x9f, 0xef, 0xf3, + 0x36, 0x04, 0xbc, 0x4d, 0x71, 0xac, 0xd9, 0x43, 0x01, 0xf8, + 0xd0, 0x45, 0xee, 0xb1, 0xf8, 0x1f, 0x3a, 0x10, 0x1a, 0x29, + 0x74, 0x03, 0xa3, 0x58, 0x59, 0x11, 0x3c, 0x09, 0x99, 0x39, + 0x63, 0x86, 0x80, 0xd4, 0x81, 0xc8, 0x60, 0x67, 0xf5, 0x47, + 0x62, 0x89, 0x2f, 0x82, 0x14, 0x6f, 0x61, 0xcc, 0xe7, 0xbc, + 0x2c, 0x85, 0xd3, 0x95, 0x34, 0x8f, 0x3e, 0xa2, 0xab, 0xa6, + 0xbb, 0x3e, 0x59, 0xdb, 0xcf, 0x8e, 0x41, 0xa8, 0x19, 0x18, + 0xb6, 0xca, 0xb3, 0x04, 0xd4, 0x4e, 0xa1, 0xe3, 0x25, 0x73, + 0xcd, 0x69, 0x36, 0xf3, 0x8c, 0xdc, 0x11, 0xd3, 0xc2, 0xf9, + 0x62, 0x90, 0xcc, 0x27, 0xb0, 0xdf, 0xa3, 0xbb, 0xba, 0xfa, + 0x93, 0x94, 0xac, 0xdf, 0x2f, 0x44, 0x35, 0x17, 0x0b, 0x42, + 0x85, 0x63, 0x42, 0x7c, 0x4b, 0x02, 0xed, 0x25, 0x92, 0x42, + 0x26, 0xed, 0xf8, 0xd5, 0xa5, 0xec, 0xa4, 0xee, 0xc4, 0xae, + 0xcf, 0x98, 0xef, 0x2e, 0x6f, 0x75, 0xca, 0xa7, 0x0b, 0xdd, + 0x84, 0x87, 0x7d, 0xf2, 0xe6, 0x37, 0xb7, 0xfa, 0xd6, 0x21, + 0xc6, 0x17, 0x0c, 0xa5, 0xbd, 0x86, 0xe2, 0x1d, 0x0b, 0xb0, + 0x1c, 0xc9, 0x0f, 0xe2, 0xe7, 0x63, 0x53, 0xa9, 0xd5, 0x68, + 0x7b, 0xea) +}; + +/** + * SHA-384 test case 5 - count 0 + */ +drbg_test_vector_t drbg_hmac_sha384_3 = { + .type = DRBG_HMAC_SHA384, .strength = 256, + { NULL, 0 }, + chunk_from_chars(0xdc, 0x46, 0xe3, 0x17, 0xbe, 0xde, 0x8f, 0xf5, 0xb4, 0x51, + 0x20, 0xee, 0xfa, 0x6d, 0xe7, 0x80, 0x31, 0xb0, 0x8c, 0xa7, + 0x87, 0x6d, 0x62, 0xd1, 0x0e, 0xc8, 0x2f, 0x66, 0xa4, 0x8e, + 0xba, 0x3f, 0x60, 0x24, 0xe1, 0x39, 0x63, 0xed, 0x40, 0x42, + 0x29, 0xac, 0xb7, 0x96, 0xba, 0x0b, 0x2d, 0x0b, 0x04, 0x55, + 0xc3, 0xa1, 0xae, 0xe2, 0x0c, 0xcd, 0x66, 0xa3, 0xdd, 0x96, + 0x89, 0x68, 0x3f, 0x5c, 0xae, 0x3a, 0x7c, 0x37, 0xd0, 0x9a, + 0xd6, 0xce, 0x74, 0x6d, 0xb6, 0x69, 0x21, 0x02, 0xc2, 0x89), + chunk_from_chars(0xb3, 0xb5, 0x41, 0xca, 0x46, 0x2a, 0x72, 0xa2, 0xcc, 0xb9, + 0x25, 0xf5, 0x8f, 0x40, 0xfc, 0xb1, 0xd5, 0x38, 0x51, 0x38, + 0xb0, 0x95, 0xf7, 0x71, 0x57, 0x5e, 0x62, 0x85, 0x18, 0xd6, + 0x94, 0xb9, 0xed, 0x47, 0xb1, 0x26, 0x34, 0x06, 0x3d, 0x9e, + 0x9f, 0xb6, 0x4d, 0xdb, 0x20, 0xde, 0xcd, 0x20, 0xe5, 0x7f, + 0xac, 0x66, 0x5e, 0xec, 0x16, 0x8a, 0x18, 0xf7, 0xaa, 0xf8, + 0xc8, 0xf9, 0x25, 0xfe, 0x2c, 0x34, 0xfa, 0x9f, 0x76, 0x6d, + 0x5a, 0x17, 0x24, 0x59, 0xf3, 0x2b, 0xcf, 0x24, 0x31, 0x99, + 0xaa, 0xc7, 0x13, 0x9b, 0x2c, 0x1a, 0xa7, 0x98, 0x2f, 0xfb, + 0x24, 0x24, 0xa4, 0x76, 0x5a, 0x9d, 0xd1, 0xdd, 0x46, 0x2f, + 0x08, 0xa2, 0x80, 0x35, 0x0f, 0x0c, 0xea, 0x0c, 0x4b, 0x9c, + 0xd8, 0x73, 0x24, 0xb0, 0xf4, 0x0c, 0x68, 0xf1, 0xa8, 0x77, + 0xe6, 0x99, 0x18, 0x7f, 0x5c, 0x40, 0x61, 0x0d, 0x38, 0xe7, + 0x15, 0x91, 0xe9, 0x85, 0x64, 0x01, 0x8e, 0xd2, 0xe3, 0x09, + 0x00, 0x09, 0xe4, 0x9e, 0x1b, 0xe3, 0x6f, 0x86, 0x2b, 0xfd, + 0x01, 0xf3, 0x8d, 0x95, 0x37, 0xda, 0xa3, 0x4d, 0x75, 0x65, + 0xbb, 0x17, 0x61, 0xb5, 0x72, 0x7d, 0xf7, 0x55, 0x4f, 0xda, + 0xf7, 0xf0, 0x98, 0x0d, 0xe7, 0xc2, 0x03, 0x3c, 0x1d, 0xbb, + 0xea, 0xa2, 0x98, 0xdf, 0x1c, 0x7f, 0x34, 0x05, 0x16, 0x29, + 0xfd, 0x4f) +}; + +/** + * SHA-384 test case 7 - count 0 + */ +drbg_test_vector_t drbg_hmac_sha384_4 = { + .type = DRBG_HMAC_SHA384, .strength = 256, + chunk_from_chars(0x8a, 0xf7, 0x9c, 0xed, 0x4b, 0x27, 0x77, 0xf4, 0x4e, 0xb3, + 0xf9, 0x78, 0x1b, 0xab, 0x24, 0x35, 0x85, 0xb8, 0x27, 0x11, + 0xdc, 0x1b, 0x36, 0x2e, 0xe9, 0x8c, 0x8e, 0x65, 0x77, 0x89, + 0x1c, 0x7d), + chunk_from_chars(0x79, 0xbe, 0x91, 0xa2, 0x24, 0x86, 0xcf, 0xd6, 0x21, 0x24, + 0x8a, 0xed, 0x9c, 0xd8, 0x20, 0x27, 0x8f, 0x1a, 0xba, 0xc8, + 0x2d, 0xe3, 0x77, 0xc3, 0x66, 0x4d, 0x83, 0xce, 0x2f, 0xf3, + 0xd1, 0x75, 0x24, 0xca, 0x63, 0x07, 0x4b, 0xd6, 0x7b, 0x2e, + 0xff, 0xc6, 0x20, 0xbd, 0xef, 0x61, 0x7b, 0x6f, 0x64, 0x3a, + 0x86, 0x91, 0x9e, 0x5e, 0x98, 0x4d, 0x62, 0x81, 0xde, 0x71, + 0x50, 0x40, 0xb6, 0xf5, 0x21, 0x86, 0x6e, 0xdf, 0xaa, 0xea, + 0xd6, 0x16, 0xe1, 0xd1, 0xbd, 0x83, 0xc2, 0x21, 0x0f, 0x5e), + chunk_from_chars(0x5b, 0x6a, 0x4a, 0xb3, 0x60, 0xfb, 0x85, 0x1b, 0xba, 0xa0, + 0x35, 0xac, 0x55, 0xa5, 0x85, 0x3c, 0x4f, 0x06, 0xfd, 0x80, + 0x41, 0xf2, 0x82, 0xde, 0xe1, 0x08, 0x27, 0xb5, 0x61, 0xee, + 0x03, 0x8a, 0x3d, 0x3c, 0x53, 0x7d, 0x55, 0x43, 0x0b, 0x01, + 0x3b, 0x97, 0x25, 0xc0, 0x11, 0xa2, 0x7b, 0x33, 0x49, 0x21, + 0x43, 0x88, 0xb4, 0x23, 0x2d, 0xd3, 0x1a, 0x36, 0x60, 0xe5, + 0xb6, 0xad, 0x1f, 0xab, 0x50, 0x82, 0x04, 0x1a, 0xa3, 0x4f, + 0xc8, 0x04, 0xbf, 0x2b, 0xe3, 0x68, 0xac, 0x6d, 0xea, 0x0b, + 0x3e, 0xbc, 0xaa, 0x5b, 0x54, 0xdb, 0xa5, 0x16, 0x82, 0xec, + 0xa1, 0x9f, 0x9a, 0x5d, 0x59, 0x56, 0x33, 0xff, 0xac, 0xdd, + 0x74, 0x6e, 0x10, 0x89, 0xea, 0x3d, 0x67, 0xb1, 0x56, 0xea, + 0xa2, 0xe9, 0xf9, 0xb7, 0x9c, 0xc1, 0x78, 0x74, 0x55, 0x56, + 0x16, 0x79, 0x2a, 0xf3, 0x70, 0x85, 0xad, 0x3f, 0xfa, 0xa2, + 0x8b, 0xec, 0x60, 0xd5, 0xdb, 0x6e, 0xb0, 0xc2, 0xbc, 0xd6, + 0xf8, 0x70, 0x54, 0x3d, 0x8e, 0xca, 0x7e, 0xeb, 0xfd, 0x63, + 0xda, 0xcd, 0xb7, 0xf3, 0xd3, 0x89, 0xd0, 0xe0, 0xb2, 0xa9, + 0xab, 0x92, 0xe7, 0xa7, 0x8d, 0x11, 0xf8, 0xa3, 0xf0, 0x64, + 0x02, 0xa9, 0xae, 0x75, 0x10, 0xdd, 0x96, 0x48, 0xac, 0x8c, + 0xc3, 0x3d, 0xee, 0xe4, 0x9b, 0xc6, 0xfe, 0xe9, 0x7b, 0xc8, + 0x6d, 0xcf) +}; + +/** + * SHA-384 test case 9 - count 0 + */ +drbg_test_vector_t drbg_hmac_sha384_5 = { + .type = DRBG_HMAC_SHA384, .strength = 256, + { NULL, 0 }, + chunk_from_chars(0x54, 0x96, 0x45, 0x38, 0xca, 0x40, 0xae, 0xe8, 0xef, 0xa7, + 0xbf, 0x33, 0x6a, 0x23, 0x78, 0x7d, 0x95, 0x06, 0x40, 0x69, + 0x64, 0xc3, 0x27, 0x43, 0xdf, 0x9c, 0xce, 0x28, 0xe8, 0x92, + 0xc2, 0xa6, 0x9e, 0x7b, 0xdf, 0x08, 0xe8, 0x5e, 0x8d, 0xe7, + 0xe0, 0x49, 0xe7, 0xfc, 0x3a, 0x13, 0x88, 0x85, 0xc9, 0xc8, + 0x4d, 0xf8, 0x1f, 0x73, 0x19, 0x6b, 0xa5, 0x08, 0x8f, 0xe2, + 0x85, 0x43, 0xa8, 0x1b, 0xb5, 0x2c, 0x1d, 0xb4, 0x7f, 0xef, + 0xad, 0x85, 0x51, 0x1f, 0x8d, 0x42, 0xa9, 0x84, 0x23, 0x67), + chunk_from_chars(0x91, 0x9f, 0x95, 0x90, 0x97, 0x3f, 0xbb, 0x06, 0xea, 0xf8, + 0xe9, 0x7c, 0x8b, 0x20, 0x2e, 0xc3, 0xbf, 0x6a, 0xd4, 0xeb, + 0x50, 0xb9, 0xe3, 0xd6, 0x63, 0x8b, 0x66, 0x22, 0x01, 0x79, + 0xeb, 0x8c, 0x3e, 0xf1, 0x87, 0xdd, 0x50, 0x27, 0x0f, 0xde, + 0x90, 0x3d, 0x5c, 0x70, 0x13, 0x55, 0x2e, 0x45, 0x18, 0xad, + 0x9c, 0x69, 0xfa, 0x5e, 0x6d, 0xd7, 0x09, 0x5d, 0xbd, 0x3c, + 0x68, 0x03, 0xf2, 0x9d, 0x8b, 0xcf, 0x9d, 0x65, 0xcd, 0xe7, + 0x50, 0xb1, 0x7c, 0x79, 0x73, 0x7e, 0x96, 0xd7, 0xec, 0xc2, + 0x30, 0x40, 0x2e, 0x22, 0x6e, 0x00, 0xc7, 0x25, 0x29, 0x17, + 0xe9, 0x54, 0x99, 0x70, 0x55, 0x23, 0xf3, 0xe1, 0x5c, 0x2c, + 0x59, 0x05, 0x4a, 0xba, 0x3a, 0x40, 0xfa, 0x10, 0x6c, 0x85, + 0xd2, 0xfc, 0xb1, 0xff, 0x9c, 0x11, 0x5e, 0x19, 0xac, 0xc5, + 0x79, 0xef, 0x1a, 0x19, 0x0e, 0xf7, 0x6b, 0x75, 0x29, 0xfe, + 0x79, 0x62, 0x30, 0xfd, 0x7c, 0x67, 0x8a, 0xc9, 0xd2, 0x29, + 0x40, 0x13, 0xee, 0x37, 0x33, 0x1e, 0x45, 0xe0, 0x72, 0xf2, + 0xc8, 0xb5, 0xa9, 0x27, 0x5e, 0xe9, 0x81, 0x3d, 0x51, 0x00, + 0x6f, 0x80, 0x34, 0x3c, 0xb6, 0xa2, 0x16, 0x81, 0xbc, 0x5c, + 0xe0, 0xee, 0x6e, 0xe3, 0xf4, 0x97, 0x10, 0xaa, 0x23, 0xc9, + 0x25, 0xec, 0x8b, 0x01, 0x82, 0x49, 0xf0, 0xe6, 0xf0, 0x0b, + 0x85, 0xd6) +}; + +/** + * SHA-384 test case 11 - count 0 + */ +drbg_test_vector_t drbg_hmac_sha384_6 = { + .type = DRBG_HMAC_SHA384, .strength = 256, + chunk_from_chars(0xc9, 0xb4, 0x5f, 0x12, 0x14, 0xb7, 0xfe, 0x12, 0xd5, 0xfa, + 0x54, 0xb5, 0x79, 0xe0, 0x55, 0x02, 0x2c, 0x25, 0xd2, 0x3d, + 0x8a, 0xf6, 0x3e, 0x39, 0x26, 0xc0, 0xec, 0xbd, 0x92, 0xab, + 0x8d, 0x01), + chunk_from_chars(0xe9, 0xfe, 0x33, 0xf3, 0xd1, 0x56, 0x8b, 0x14, 0x6b, 0x7a, + 0x86, 0xfc, 0x0f, 0xe8, 0x0e, 0x11, 0xe7, 0xd3, 0xe0, 0x8c, + 0xa3, 0x9c, 0xc5, 0xdd, 0x38, 0x67, 0x6f, 0x8a, 0xcf, 0xdb, + 0x75, 0xbb, 0x9a, 0xa0, 0x91, 0xa0, 0x27, 0xfc, 0x5b, 0x3c, + 0x39, 0x4c, 0x7f, 0x17, 0xc8, 0x16, 0xc3, 0xcf, 0xf6, 0x27, + 0x0e, 0x5b, 0xa1, 0x81, 0x9e, 0x48, 0x2e, 0x42, 0x19, 0x78, + 0x96, 0xb9, 0x24, 0xf6, 0x63, 0x00, 0xa0, 0xd4, 0x25, 0x15, + 0x3d, 0x55, 0x1e, 0xb0, 0x00, 0xea, 0xe8, 0x09, 0xc1, 0x5a), + chunk_from_chars(0xc7, 0xd0, 0xb2, 0x7b, 0x36, 0xbc, 0x29, 0x48, 0x31, 0x95, + 0x40, 0x05, 0x5d, 0xf2, 0x29, 0xad, 0x3d, 0x43, 0xb5, 0x08, + 0x6a, 0xe3, 0x45, 0xc1, 0xc3, 0xa5, 0x17, 0x01, 0x2c, 0x24, + 0x7d, 0x5e, 0xdf, 0x25, 0xcc, 0xdf, 0x83, 0xb6, 0xfd, 0xf4, + 0xec, 0x10, 0x41, 0x49, 0x65, 0x2b, 0x1d, 0x26, 0xed, 0x70, + 0x36, 0x7b, 0x24, 0x6d, 0xfe, 0x9f, 0x58, 0x90, 0xf7, 0x26, + 0xca, 0xd6, 0x77, 0x74, 0x4f, 0x64, 0x08, 0xd2, 0x43, 0xd9, + 0x86, 0xef, 0x76, 0x8a, 0xac, 0x65, 0x61, 0x7c, 0x06, 0x20, + 0x4d, 0x35, 0xe3, 0x1a, 0x98, 0xa0, 0x2e, 0xd3, 0x23, 0x5b, + 0x0f, 0x98, 0x99, 0x86, 0x69, 0xca, 0xaa, 0x3f, 0xb5, 0xeb, + 0x94, 0xdb, 0x64, 0xc2, 0xdf, 0xb3, 0xce, 0xf2, 0x31, 0xed, + 0xa1, 0xfd, 0x59, 0xb4, 0x37, 0x7b, 0x0b, 0x00, 0x2a, 0x8c, + 0x0b, 0x53, 0x10, 0xb9, 0x6f, 0x49, 0xe0, 0xfe, 0x3c, 0x46, + 0x94, 0x45, 0x14, 0xe5, 0xf5, 0xae, 0xb4, 0xf6, 0x44, 0xd4, + 0x38, 0x5f, 0x0e, 0x21, 0x09, 0xbf, 0xb9, 0xcf, 0xff, 0xa9, + 0x96, 0x2e, 0x26, 0xab, 0x2c, 0x76, 0x49, 0xa2, 0x7e, 0xfa, + 0x33, 0x09, 0xe7, 0x2c, 0xd1, 0x51, 0x16, 0xa5, 0x78, 0x7c, + 0x13, 0x0c, 0xad, 0xcb, 0x4e, 0x42, 0xba, 0x6e, 0x9d, 0x0b, + 0xd1, 0x4e, 0xed, 0x1c, 0x6a, 0x01, 0x9b, 0x5b, 0xe1, 0x3b, + 0xe0, 0xc4) +}; + +/** + * SHA-512 test case 1 - count 0 + */ +drbg_test_vector_t drbg_hmac_sha512_1 = { + .type = DRBG_HMAC_SHA512, .strength = 256, + { NULL, 0 }, + chunk_from_chars(0x48, 0xc1, 0x21, 0xb1, 0x87, 0x33, 0xaf, 0x15, 0xc2, 0x7e, + 0x1d, 0xd9, 0xba, 0x66, 0xa9, 0xa8, 0x1a, 0x55, 0x79, 0xcd, + 0xba, 0x0f, 0x5b, 0x65, 0x7e, 0xc5, 0x3c, 0x2b, 0x9e, 0x90, + 0xbb, 0xf6, 0xbb, 0xb7, 0xc7, 0x77, 0x42, 0x80, 0x68, 0xfa, + 0xd9, 0x97, 0x08, 0x91, 0xf8, 0x79, 0xb1, 0xaf, 0xe0, 0xff, + 0xef, 0xda, 0xdb, 0x9c, 0xcf, 0x99, 0x05, 0x04, 0xd5, 0x68, + 0xbd, 0xb4, 0xd8, 0x62, 0xcb, 0xe1, 0x7c, 0xcc, 0xe6, 0xe2, + 0x2d, 0xfc, 0xab, 0x8b, 0x48, 0x04, 0xfd, 0x21, 0x42, 0x1a), + chunk_from_chars(0x05, 0xda, 0x6a, 0xac, 0x7d, 0x98, 0x0d, 0xa0, 0x38, 0xf6, + 0x5f, 0x39, 0x28, 0x41, 0x47, 0x6d, 0x37, 0xfe, 0x70, 0xfb, + 0xd3, 0xe3, 0x69, 0xd1, 0xf8, 0x01, 0x96, 0xe6, 0x6e, 0x54, + 0xb8, 0xfa, 0xdb, 0x1d, 0x60, 0xe1, 0xa0, 0xf3, 0xd4, 0xdc, + 0x17, 0x37, 0x69, 0xd7, 0x5f, 0xc3, 0x41, 0x05, 0x49, 0xd7, + 0xa8, 0x43, 0x27, 0x0a, 0x54, 0xa0, 0x68, 0xb4, 0xfe, 0x76, + 0x7d, 0x7d, 0x9a, 0x59, 0x60, 0x45, 0x10, 0xa8, 0x75, 0xad, + 0x1e, 0x97, 0x31, 0xc8, 0xaf, 0xd0, 0xfd, 0x50, 0xb8, 0x25, + 0xe2, 0xc5, 0x0d, 0x06, 0x25, 0x76, 0x17, 0x51, 0x06, 0xa9, + 0x98, 0x1b, 0xe3, 0x7e, 0x02, 0xec, 0x7c, 0x5c, 0xd0, 0xa6, + 0x9a, 0xa0, 0xca, 0x65, 0xbd, 0xda, 0xee, 0x1b, 0x0d, 0xe5, + 0x32, 0xe1, 0x0c, 0xfa, 0x1f, 0x5b, 0xf6, 0xa0, 0x26, 0xe4, + 0x73, 0x79, 0x73, 0x6a, 0x09, 0x9d, 0x67, 0x50, 0xab, 0x12, + 0x1d, 0xbe, 0x36, 0x22, 0xb8, 0x41, 0xba, 0xf8, 0xbd, 0xcb, + 0xe8, 0x75, 0xc8, 0x5b, 0xa4, 0xb5, 0x86, 0xb8, 0xb5, 0xb5, + 0x7b, 0x0f, 0xec, 0xbe, 0xc0, 0x8c, 0x12, 0xff, 0x2a, 0x94, + 0x53, 0xc4, 0x7c, 0x6e, 0x32, 0xa5, 0x21, 0x03, 0xd9, 0x72, + 0xc6, 0x2a, 0xb9, 0xaf, 0xfb, 0x8e, 0x72, 0x8a, 0x31, 0xfc, + 0xef, 0xbb, 0xcc, 0xc5, 0x56, 0xc0, 0xf0, 0xa3, 0x5f, 0x4b, + 0x10, 0xac, 0xe2, 0xd9, 0x6b, 0x90, 0x6e, 0x36, 0xcb, 0xb7, + 0x22, 0x33, 0x20, 0x1e, 0x53, 0x6d, 0x3e, 0x13, 0xb0, 0x45, + 0x18, 0x7b, 0x41, 0x7d, 0x24, 0x49, 0xca, 0xd1, 0xed, 0xd1, + 0x92, 0xe0, 0x61, 0xf1, 0x2d, 0x22, 0x14, 0x7b, 0x0a, 0x17, + 0x6e, 0xa8, 0xd9, 0xc4, 0xc3, 0x54, 0x04, 0x39, 0x5b, 0x65, + 0x02, 0xef, 0x33, 0x3a, 0x81, 0x3b, 0x65, 0x86, 0x03, 0x74, + 0x79, 0xe0, 0xfa, 0x3c, 0x6a, 0x23) +}; + +/** + * SHA-512 test case 3 - count 0 + */ +drbg_test_vector_t drbg_hmac_sha512_2 = { + .type = DRBG_HMAC_SHA512, .strength = 256, + chunk_from_chars(0x21, 0x23, 0x00, 0xf9, 0x38, 0x99, 0xff, 0x7c, 0xb1, 0x44, + 0xf2, 0x04, 0x26, 0x02, 0x8b, 0x97, 0x63, 0x80, 0xa3, 0x48, + 0x25, 0x3b, 0xcc, 0x3f, 0xf4, 0x2b, 0x52, 0x8c, 0xd1, 0x97, + 0x25, 0x49), + chunk_from_chars(0x97, 0xae, 0xf9, 0x35, 0xea, 0x33, 0x71, 0x7e, 0x8e, 0x86, + 0x44, 0xbb, 0x8c, 0x47, 0x89, 0xf3, 0x75, 0xc4, 0x8a, 0x94, + 0x5d, 0xed, 0x08, 0x77, 0x11, 0x49, 0xe8, 0x28, 0xa2, 0x2d, + 0xc8, 0x66, 0x82, 0x58, 0x0f, 0x51, 0x07, 0x0b, 0xa1, 0xe9, + 0x91, 0xd9, 0x80, 0x3f, 0x51, 0xfd, 0x9a, 0x6f, 0x63, 0xcd, + 0x91, 0xc1, 0xeb, 0xb2, 0xca, 0xa1, 0x5f, 0x28, 0x37, 0xdf, + 0x8f, 0x35, 0xcb, 0xb6, 0xfe, 0x96, 0xdf, 0x26, 0x74, 0xa1, + 0x36, 0x99, 0x0a, 0x59, 0x76, 0xcb, 0xba, 0xb6, 0x3b, 0xc1), + chunk_from_chars(0x0e, 0x85, 0x33, 0xf6, 0x4b, 0x60, 0xc2, 0x3a, 0x26, 0x55, + 0x82, 0x70, 0x37, 0xdb, 0x21, 0x8c, 0x2f, 0xe9, 0xce, 0x43, + 0x0f, 0xa4, 0xed, 0x6e, 0xd9, 0xbe, 0x34, 0x9c, 0x4b, 0xdc, + 0x6f, 0x40, 0x01, 0x8b, 0x42, 0xf4, 0x86, 0xfa, 0x04, 0x28, + 0x8b, 0x3b, 0x0c, 0x62, 0xa1, 0x28, 0x12, 0xe7, 0x6e, 0x08, + 0xc7, 0x60, 0x62, 0xa5, 0x10, 0xcc, 0x60, 0x84, 0x1f, 0x16, + 0x58, 0x69, 0xef, 0xac, 0xee, 0xf9, 0x08, 0x05, 0xbd, 0xde, + 0x2f, 0xd6, 0x6c, 0x36, 0xc3, 0x8a, 0x2a, 0xc9, 0xc3, 0xcb, + 0x86, 0xbf, 0xd3, 0x04, 0x06, 0x56, 0x9e, 0x0a, 0xfd, 0x24, + 0x51, 0x02, 0xf2, 0xea, 0x2d, 0x49, 0xe4, 0xee, 0x5f, 0x69, + 0x18, 0x72, 0x27, 0xa3, 0xf0, 0xed, 0xfb, 0xc1, 0x25, 0x9c, + 0xb6, 0x56, 0x4a, 0x2d, 0x4e, 0x82, 0x9b, 0x3f, 0xc3, 0xb6, + 0x99, 0x6e, 0x37, 0x54, 0x6f, 0x1d, 0x8a, 0x16, 0xfc, 0xd8, + 0x20, 0x1d, 0x1a, 0xd2, 0x86, 0x61, 0xbb, 0xb0, 0x01, 0x2d, + 0xaa, 0xd5, 0x5d, 0x54, 0x03, 0xe8, 0x33, 0xd8, 0xa0, 0x06, + 0x8d, 0x21, 0x6c, 0x87, 0x9b, 0xce, 0xbc, 0x05, 0x4d, 0xf0, + 0xc9, 0xcb, 0xa1, 0x4d, 0xad, 0x48, 0x63, 0xee, 0x1f, 0x75, + 0xb7, 0x8b, 0xc4, 0x88, 0x66, 0x2c, 0xb0, 0xc9, 0x1c, 0xa4, + 0xfd, 0xfc, 0xe7, 0xdf, 0x59, 0x16, 0xb4, 0xe6, 0x25, 0x80, + 0x90, 0x2c, 0x60, 0x1b, 0xe7, 0x06, 0xdc, 0xc7, 0x90, 0x38, + 0x58, 0xe6, 0xb9, 0x92, 0x07, 0x35, 0xbd, 0xaa, 0x63, 0x5a, + 0xdd, 0x5c, 0x06, 0x08, 0x0d, 0x82, 0x26, 0x53, 0x45, 0xb4, + 0x90, 0x37, 0xa3, 0x2f, 0xcf, 0x0a, 0x7c, 0x9e, 0xa6, 0x06, + 0x9e, 0x33, 0x69, 0xf9, 0xb4, 0xaa, 0x45, 0x49, 0x3e, 0xfd, + 0x73, 0x18, 0xda, 0x2a, 0xe9, 0xb4, 0xfc, 0x30, 0x04, 0x98, + 0x24, 0x8a, 0xfa, 0xad, 0x8d, 0x49) +}; + +/** + * SHA-512 test case 5 - count 0 + */ +drbg_test_vector_t drbg_hmac_sha512_3 = { + .type = DRBG_HMAC_SHA512, .strength = 256, + { NULL, 0 }, + chunk_from_chars(0x54, 0xda, 0xf8, 0xea, 0xd3, 0xac, 0xcb, 0x38, 0x2c, 0xdf, + 0x25, 0x1c, 0xfb, 0xc8, 0x64, 0x4a, 0xb8, 0xbf, 0x4f, 0x99, + 0x69, 0x37, 0x11, 0x10, 0x2c, 0x02, 0xb2, 0xb6, 0x92, 0x0c, + 0x25, 0xc8, 0x4b, 0xcf, 0x3b, 0x02, 0xdc, 0x3e, 0x13, 0x0f, + 0x50, 0xe8, 0x9b, 0xdf, 0x2c, 0xf7, 0x52, 0xe2, 0x45, 0x30, + 0xe0, 0xb8, 0x95, 0x51, 0x90, 0xec, 0xd3, 0xca, 0x11, 0x7d, + 0x26, 0x20, 0xa0, 0xf5, 0x82, 0x3a, 0x2c, 0x7c, 0x6f, 0x10, + 0x8a, 0x72, 0xae, 0xc6, 0x9a, 0xd5, 0x91, 0x51, 0xc8, 0xec), + chunk_from_chars(0xc9, 0x44, 0x4a, 0x93, 0x66, 0x76, 0x4f, 0x89, 0xef, 0x32, + 0x26, 0xee, 0x70, 0xf6, 0x18, 0x49, 0x2f, 0xa9, 0xfa, 0x9a, + 0x1c, 0x96, 0xe5, 0x3e, 0xc8, 0x17, 0xde, 0xc9, 0xc4, 0xc8, + 0x3f, 0xb6, 0xef, 0x7f, 0xcb, 0x2c, 0xae, 0x99, 0x73, 0x29, + 0x3e, 0xaa, 0xa5, 0x96, 0xcb, 0xbf, 0xda, 0x4c, 0x3f, 0xbf, + 0x2d, 0xd9, 0x12, 0x53, 0xbe, 0x2c, 0xe6, 0x64, 0x8c, 0x31, + 0xe2, 0xaa, 0x92, 0x31, 0x5a, 0xb4, 0xad, 0xb9, 0x11, 0xaa, + 0xac, 0x15, 0xb5, 0x6a, 0x27, 0x3d, 0xa7, 0x4c, 0x11, 0x4e, + 0x1f, 0x58, 0xb3, 0x7b, 0x47, 0x05, 0x17, 0x1c, 0x4c, 0xf7, + 0xc7, 0x45, 0x23, 0xf5, 0x2e, 0x72, 0x1f, 0x11, 0xbd, 0x8c, + 0x37, 0x51, 0x99, 0x95, 0xe0, 0xd1, 0x3c, 0x19, 0x0d, 0x7e, + 0x58, 0x6c, 0xd3, 0xe3, 0xe9, 0xfc, 0x2d, 0xa9, 0x48, 0xc5, + 0xa5, 0x2a, 0xa6, 0x9c, 0xdc, 0xc8, 0x42, 0xda, 0x17, 0xb4, + 0x94, 0xcb, 0x33, 0x0f, 0xca, 0x9d, 0x87, 0x24, 0x96, 0x5f, + 0xe7, 0xbb, 0xc4, 0x5c, 0xcd, 0x87, 0x72, 0x14, 0xed, 0x4d, + 0x91, 0x71, 0x1a, 0x4e, 0xcc, 0xf9, 0x32, 0x8f, 0x7a, 0x2e, + 0x39, 0x3c, 0xf5, 0x9e, 0x69, 0xbb, 0xa6, 0x87, 0x16, 0xab, + 0x93, 0x0d, 0x54, 0x62, 0x74, 0xa9, 0xd7, 0xa6, 0x3f, 0xb2, + 0x75, 0xc2, 0x07, 0x12, 0xdd, 0x6b, 0x63, 0x1b, 0x69, 0x33, + 0x73, 0x29, 0x53, 0x11, 0x87, 0x19, 0x21, 0xc5, 0x2e, 0x2e, + 0xc5, 0x46, 0x15, 0x9d, 0x92, 0xeb, 0x15, 0x13, 0x3b, 0xdb, + 0x45, 0x3b, 0xa5, 0x4a, 0xef, 0x09, 0xc4, 0x79, 0x0a, 0x1b, + 0x34, 0x28, 0xb4, 0x44, 0x75, 0xee, 0x8f, 0xab, 0x6d, 0xb2, + 0xd5, 0xa8, 0xaa, 0xaf, 0xc0, 0x46, 0x35, 0x5e, 0xb6, 0x42, + 0x1d, 0xbc, 0xe2, 0xf9, 0x28, 0x3a, 0x03, 0xb4, 0xc3, 0x73, + 0x97, 0x51, 0x31, 0xae, 0xca, 0x69) +}; + +/** + * SHA-512 test case 7 - count 0 + */ +drbg_test_vector_t drbg_hmac_sha512_4 = { + .type = DRBG_HMAC_SHA512, .strength = 256, + chunk_from_chars(0x39, 0xa7, 0x19, 0x6a, 0x26, 0x16, 0xa5, 0x32, 0x9c, 0x4b, + 0x09, 0xf3, 0xbe, 0x52, 0x1c, 0x23, 0x91, 0xfa, 0x37, 0xfc, + 0xe9, 0x54, 0xa1, 0xfd, 0x25, 0x9b, 0xde, 0x23, 0x0c, 0x8d, + 0x13, 0x0e), + chunk_from_chars(0xcd, 0xed, 0x7a, 0xae, 0xab, 0x10, 0x25, 0xa6, 0x05, 0x3c, + 0x12, 0xb8, 0xbc, 0xa1, 0x97, 0xc7, 0x96, 0x3d, 0xee, 0x09, + 0xf5, 0x0c, 0x1c, 0xb9, 0x73, 0x34, 0x11, 0xc7, 0x2c, 0xd0, + 0x90, 0xb9, 0x1f, 0xf7, 0x7f, 0x52, 0x36, 0x78, 0xc1, 0x92, + 0x6b, 0x2b, 0x11, 0x35, 0x4a, 0x55, 0x51, 0x0f, 0xf9, 0x15, + 0xac, 0x12, 0x6f, 0x3a, 0xc6, 0xed, 0xdc, 0x6f, 0x9b, 0x85, + 0x7b, 0x12, 0x43, 0x63, 0xff, 0xb5, 0x3f, 0xbb, 0x66, 0x4a, + 0x3d, 0x7c, 0xb9, 0x10, 0xfb, 0xf5, 0x58, 0xb8, 0x33, 0xbb), + chunk_from_chars(0xa4, 0xc9, 0x7a, 0x54, 0xbe, 0x09, 0x1a, 0x7f, 0x1b, 0x56, + 0x37, 0x2c, 0x08, 0xb4, 0xdb, 0xe9, 0xa1, 0x60, 0xe5, 0x9b, + 0xfb, 0x1b, 0x38, 0xdf, 0xee, 0xff, 0x9b, 0xd8, 0xdb, 0x5b, + 0x4f, 0x19, 0x71, 0x4c, 0x47, 0x19, 0xc9, 0x12, 0x7e, 0x8c, + 0xbd, 0x24, 0xe7, 0x83, 0x90, 0x0e, 0x71, 0xa7, 0x7b, 0x1a, + 0x83, 0x03, 0xc8, 0x86, 0x65, 0x5d, 0x85, 0x9a, 0x0a, 0x50, + 0x54, 0xcd, 0x84, 0xed, 0x1c, 0x6b, 0xa1, 0x11, 0xad, 0x13, + 0xdc, 0x12, 0x1b, 0xd0, 0x86, 0x9b, 0x21, 0x71, 0x2b, 0xc2, + 0x42, 0x24, 0xc7, 0xe3, 0x59, 0xe2, 0xde, 0x8f, 0x09, 0x33, + 0xc9, 0x82, 0xa1, 0x80, 0x11, 0x85, 0x64, 0x63, 0xfd, 0xb4, + 0x9c, 0xca, 0x5c, 0x46, 0x80, 0x26, 0xce, 0x02, 0x4a, 0x56, + 0x9c, 0x98, 0xfa, 0x3b, 0x3c, 0xc4, 0x88, 0x94, 0x6f, 0xe9, + 0xfe, 0x07, 0xdd, 0x18, 0xfd, 0x75, 0x86, 0x3f, 0xfc, 0xfa, + 0xd3, 0x2a, 0x2d, 0x04, 0x80, 0xe4, 0x5b, 0x16, 0x9f, 0x68, + 0xcd, 0x6f, 0x31, 0xc6, 0x23, 0xb4, 0xfb, 0xd3, 0x35, 0x42, + 0x70, 0xc5, 0x1c, 0x49, 0x4c, 0x61, 0x4d, 0xcc, 0xc2, 0x7d, + 0xdb, 0x5e, 0x2f, 0x9b, 0xcb, 0xbc, 0x3f, 0xc3, 0x97, 0x38, + 0x4c, 0x92, 0x37, 0xec, 0xaf, 0x6b, 0x47, 0x59, 0x1f, 0x67, + 0x79, 0xa5, 0x2a, 0xb4, 0xc0, 0x38, 0x1b, 0xd7, 0xfe, 0x73, + 0x44, 0x4c, 0x20, 0xd4, 0x7d, 0x5f, 0x25, 0xa4, 0x41, 0x3f, + 0x80, 0x68, 0x55, 0x7e, 0x7f, 0xd2, 0x74, 0x5f, 0xdb, 0x88, + 0xa8, 0x8d, 0x26, 0x2d, 0x1a, 0x23, 0x86, 0xc9, 0xe8, 0x4a, + 0x11, 0x00, 0x08, 0xec, 0xd8, 0xcb, 0x9a, 0xea, 0x88, 0x3d, + 0x43, 0x52, 0xd9, 0xe6, 0x16, 0xab, 0xe7, 0x59, 0xf1, 0x0c, + 0x86, 0x7d, 0xa1, 0x85, 0x5e, 0xde, 0xd5, 0xa3, 0xeb, 0x5c, + 0x4b, 0x20, 0xc9, 0x5a, 0xab, 0xe6) +}; + +/** + * SHA-512 test case 9 - count 0 + */ +drbg_test_vector_t drbg_hmac_sha512_5 = { + .type = DRBG_HMAC_SHA512, .strength = 256, + { NULL, 0 }, + chunk_from_chars(0x60, 0xf1, 0x2a, 0x1e, 0x56, 0x3c, 0x83, 0xdd, 0xaa, 0x36, + 0x13, 0xa5, 0x15, 0x53, 0x7f, 0x59, 0x0b, 0xf2, 0x2c, 0x23, + 0x95, 0xc3, 0xcc, 0x67, 0x4e, 0x23, 0xcc, 0x7b, 0x3a, 0x7e, + 0x59, 0x57, 0xb0, 0x46, 0xb7, 0x97, 0xa0, 0xaf, 0x84, 0x02, + 0x7c, 0x69, 0x56, 0x88, 0x38, 0xf6, 0x49, 0x0e, 0x68, 0xda, + 0x0a, 0xbd, 0xc0, 0x8a, 0xd5, 0xd9, 0xa3, 0xb8, 0x5a, 0x98, + 0x16, 0xbe, 0xae, 0xe2, 0xda, 0x74, 0x9c, 0xa8, 0xbd, 0x75, + 0x7b, 0x31, 0xd7, 0x56, 0xcb, 0x82, 0x0f, 0x4b, 0x52, 0x17), + chunk_from_chars(0x33, 0x95, 0x2b, 0xde, 0x77, 0x3c, 0x0d, 0xc0, 0x09, 0x10, + 0xce, 0x6d, 0xc5, 0x5d, 0xae, 0x77, 0xd6, 0xa5, 0xc5, 0xab, + 0x9a, 0x93, 0xf6, 0x12, 0xa6, 0x56, 0xb9, 0xcc, 0xc1, 0xeb, + 0x24, 0xa6, 0xcc, 0xea, 0x86, 0xd5, 0x09, 0x0d, 0xf3, 0x05, + 0xde, 0x69, 0x29, 0x96, 0x4c, 0x45, 0x60, 0x53, 0x14, 0x81, + 0xea, 0x83, 0x55, 0x64, 0xf1, 0xde, 0x27, 0x10, 0xa7, 0xb1, + 0x55, 0xf3, 0x77, 0x23, 0x47, 0xa2, 0x71, 0xfb, 0x8a, 0x40, + 0x62, 0x13, 0x53, 0xc1, 0x35, 0xbe, 0xd0, 0x18, 0x0d, 0x86, + 0x7d, 0x4b, 0x8e, 0xe6, 0x13, 0x9f, 0x3b, 0x6f, 0x60, 0xa1, + 0xe4, 0x07, 0x2c, 0xce, 0x31, 0x98, 0xb2, 0x01, 0xdd, 0x1a, + 0x0a, 0x31, 0x93, 0xa2, 0xd3, 0x06, 0x1e, 0xf1, 0x21, 0xed, + 0x1d, 0x5c, 0xc1, 0x27, 0xe7, 0xa4, 0x33, 0xae, 0x54, 0x07, + 0xc0, 0x9b, 0x45, 0xce, 0xb1, 0xed, 0xe6, 0x9f, 0x1c, 0x5e, + 0x27, 0xe7, 0xac, 0x7f, 0xf7, 0xdd, 0x65, 0xd0, 0x7c, 0x92, + 0xe9, 0xb0, 0x02, 0xf4, 0x4a, 0x36, 0xb4, 0x98, 0x8b, 0x4b, + 0xab, 0x45, 0xd2, 0x07, 0x54, 0x94, 0x3a, 0xfc, 0x0b, 0xae, + 0x2d, 0xac, 0x20, 0xc3, 0xcc, 0x6e, 0xe0, 0x8f, 0xfd, 0x3c, + 0x6a, 0x94, 0x4e, 0xca, 0xe7, 0xd1, 0x25, 0x1a, 0x81, 0x49, + 0xfb, 0xb8, 0x19, 0xdb, 0x2c, 0xb7, 0xd6, 0xfe, 0x48, 0xae, + 0x98, 0x44, 0xf1, 0xc0, 0xcf, 0xf1, 0xd7, 0x61, 0x67, 0x03, + 0x47, 0x35, 0xc7, 0x99, 0x8a, 0x1d, 0xd0, 0xa0, 0x66, 0xe6, + 0x7e, 0xae, 0xe8, 0x6d, 0xa5, 0x81, 0x68, 0xe4, 0xeb, 0xe0, + 0xfd, 0x36, 0xbc, 0x1e, 0x0e, 0x46, 0x9c, 0xd3, 0x77, 0xb4, + 0x14, 0xb6, 0xe3, 0xc8, 0x92, 0x02, 0x02, 0x40, 0xae, 0x71, + 0xf1, 0x72, 0x86, 0xd1, 0xa4, 0x84, 0xa1, 0x6d, 0xc1, 0x8b, + 0x25, 0xeb, 0xab, 0x47, 0x4c, 0xe6) +}; + +/** + * SHA-512 test case 11 - count 0 + */ +drbg_test_vector_t drbg_hmac_sha512_6 = { + .type = DRBG_HMAC_SHA512, .strength = 256, + chunk_from_chars(0x5e, 0x5b, 0x96, 0xb3, 0x8f, 0xff, 0xb9, 0x29, 0xbf, 0x3d, + 0x74, 0x40, 0xe6, 0x0e, 0x9c, 0x38, 0xe6, 0xea, 0xb0, 0x5f, + 0xd1, 0xe1, 0x2a, 0xb8, 0x2c, 0xb5, 0xfd, 0x5e, 0x6d, 0xa2, + 0x6a, 0xb4), + chunk_from_chars(0x29, 0xb9, 0x7c, 0x42, 0x1a, 0xea, 0x05, 0xea, 0x9b, 0x1c, + 0x68, 0x4a, 0x8b, 0x91, 0xcd, 0x04, 0xe5, 0x76, 0xa0, 0x19, + 0x88, 0x31, 0xc4, 0x2a, 0x18, 0x66, 0x82, 0x4a, 0x34, 0x62, + 0xc7, 0xa8, 0x10, 0xa7, 0xce, 0x39, 0x6f, 0x4b, 0xea, 0x52, + 0x27, 0x54, 0x5c, 0x1a, 0x87, 0xd7, 0x4e, 0xb5, 0x24, 0x6c, + 0x56, 0x51, 0x0a, 0x65, 0x2f, 0xd9, 0x0e, 0xa3, 0x77, 0xfe, + 0xd3, 0x15, 0xd7, 0x57, 0x6a, 0x2a, 0x23, 0x0c, 0xef, 0xdf, + 0x4f, 0x45, 0xae, 0x28, 0x72, 0xb9, 0xd9, 0xad, 0xad, 0x3f), + chunk_from_chars(0x61, 0x46, 0x67, 0xab, 0x1e, 0xe7, 0x5e, 0xd7, 0x13, 0x1f, + 0x2e, 0x37, 0xda, 0x34, 0xa9, 0xb3, 0x92, 0x4d, 0xd8, 0x99, + 0x7b, 0x35, 0x33, 0x5f, 0xfd, 0xdd, 0x67, 0xaa, 0x3a, 0x5d, + 0xca, 0xec, 0x1b, 0x6c, 0xc9, 0xcf, 0x32, 0xab, 0x0c, 0x27, + 0x7f, 0x2c, 0xb0, 0xcc, 0xa2, 0xae, 0xc7, 0x2d, 0x66, 0x3a, + 0x25, 0x83, 0x08, 0xa6, 0x0c, 0xae, 0xed, 0xe4, 0x3d, 0x11, + 0xd2, 0xd7, 0xcb, 0x81, 0x1f, 0x38, 0x67, 0x7b, 0x81, 0x31, + 0x75, 0xd9, 0x32, 0x79, 0x0a, 0x37, 0x44, 0x9c, 0xf2, 0x8a, + 0xa6, 0x81, 0x3a, 0xc4, 0x98, 0x96, 0x5f, 0x56, 0x92, 0x64, + 0xc3, 0x23, 0xfa, 0x5e, 0x12, 0x0e, 0x95, 0x34, 0x88, 0x18, + 0x2e, 0xc9, 0x7a, 0x32, 0xdd, 0xcb, 0x83, 0x5c, 0x45, 0x51, + 0xf0, 0x85, 0x58, 0x6f, 0x3b, 0xc9, 0x68, 0x94, 0xb3, 0x0a, + 0xfd, 0x77, 0x51, 0xe4, 0xa6, 0x90, 0xb5, 0x7a, 0xfc, 0x84, + 0x19, 0x5f, 0xcb, 0x97, 0xf8, 0xdd, 0x90, 0x51, 0x16, 0xe6, + 0xbc, 0x38, 0xbb, 0xaa, 0xaa, 0x54, 0x3e, 0xd0, 0x06, 0xd0, + 0x28, 0x01, 0x68, 0x13, 0x81, 0x91, 0x89, 0x77, 0x03, 0x82, + 0xe7, 0x5b, 0x66, 0x62, 0x0b, 0xc0, 0x73, 0x76, 0xb7, 0x89, + 0x56, 0x20, 0xe2, 0xd4, 0x44, 0x6c, 0xc2, 0x9e, 0x22, 0xa8, + 0x4b, 0xad, 0x1f, 0x7f, 0x87, 0x11, 0x61, 0x4c, 0x7e, 0x91, + 0x9d, 0x48, 0x21, 0xb4, 0x0d, 0xdb, 0x46, 0x04, 0x88, 0xf1, + 0xad, 0xd3, 0x6b, 0x40, 0xb4, 0x23, 0xfc, 0x9c, 0xed, 0xfe, + 0x10, 0xfe, 0x12, 0x1b, 0xee, 0x24, 0xe2, 0x0c, 0x4f, 0x0b, + 0xb1, 0x8d, 0xbd, 0x71, 0xc6, 0x02, 0xaf, 0x0b, 0x7a, 0x5a, + 0x15, 0xa3, 0xea, 0xf3, 0xce, 0x44, 0xb2, 0xe8, 0x70, 0x90, + 0x15, 0xf1, 0x35, 0xdb, 0xfd, 0x0f, 0x76, 0xe4, 0xb8, 0xde, + 0xf7, 0x75, 0x80, 0x1c, 0x0e, 0x9e) +}; diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c index 96faa561e..7b11b19aa 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c @@ -25,6 +25,7 @@ #define TEST_VECTOR_HASHER(x) extern hasher_test_vector_t x; #define TEST_VECTOR_PRF(x) extern prf_test_vector_t x; #define TEST_VECTOR_XOF(x) extern xof_test_vector_t x; +#define TEST_VECTOR_DRBG(x) extern drbg_test_vector_t x; #define TEST_VECTOR_RNG(x) extern rng_test_vector_t x; #define TEST_VECTOR_DH(x) extern dh_test_vector_t x; @@ -36,6 +37,7 @@ #undef TEST_VECTOR_HASHER #undef TEST_VECTOR_PRF #undef TEST_VECTOR_XOF +#undef TEST_VECTOR_DRBG #undef TEST_VECTOR_RNG #undef TEST_VECTOR_DH @@ -45,6 +47,7 @@ #define TEST_VECTOR_HASHER(x) #define TEST_VECTOR_PRF(x) #define TEST_VECTOR_XOF(x) +#define TEST_VECTOR_DRBG(x) #define TEST_VECTOR_RNG(x) #define TEST_VECTOR_DH(x) @@ -97,6 +100,14 @@ static xof_test_vector_t *xof[] = { #undef TEST_VECTOR_XOF #define TEST_VECTOR_XOF(x) +#undef TEST_VECTOR_DRBG +#define TEST_VECTOR_DRBG(x) &x, +static drbg_test_vector_t *drbg[] = { +#include "test_vectors.h" +}; +#undef TEST_VECTOR_DRBG +#define TEST_VECTOR_DRBG(x) + #undef TEST_VECTOR_RNG #define TEST_VECTOR_RNG(x) &x, static rng_test_vector_t *rng[] = { @@ -197,6 +208,11 @@ plugin_t *test_vectors_plugin_create() lib->crypto->add_test_vector(lib->crypto, EXTENDED_OUTPUT_FUNCTION, xof[i]); } + for (i = 0; i < countof(drbg); i++) + { + lib->crypto->add_test_vector(lib->crypto, + DETERMINISTIC_RANDOM_BIT_GENERATOR, drbg[i]); + } for (i = 0; i < countof(rng); i++) { lib->crypto->add_test_vector(lib->crypto, diff --git a/src/libstrongswan/tests/Makefile.am b/src/libstrongswan/tests/Makefile.am index d4cac5a3b..ccbedde35 100644 --- a/src/libstrongswan/tests/Makefile.am +++ b/src/libstrongswan/tests/Makefile.am @@ -2,8 +2,7 @@ check_LTLIBRARIES = libtest.la libtest_la_SOURCES = \ test_suite.c test_suite.h \ - test_runner.c test_runner.h \ - utils/test_rng.c utils/test_rng.h + test_runner.c test_runner.h libtest_la_CFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ @@ -54,7 +53,7 @@ libstrongswan_tests_SOURCES = tests.h tests.c \ suites/test_asn1.c \ suites/test_asn1_parser.c \ suites/test_printf.c \ - suites/test_test_rng.c \ + suites/test_rng_tester.c \ suites/test_mgf1.c \ suites/test_ntru.c \ suites/test_ed25519.c \ diff --git a/src/libstrongswan/tests/suites/test_mgf1.c b/src/libstrongswan/tests/suites/test_mgf1.c index 6945f5c7f..a42fb5d29 100644 --- a/src/libstrongswan/tests/suites/test_mgf1.c +++ b/src/libstrongswan/tests/suites/test_mgf1.c @@ -15,7 +15,6 @@ #include "test_suite.h" -#include #include #include #include diff --git a/src/libstrongswan/tests/suites/test_test_rng.c b/src/libstrongswan/tests/suites/test_rng_tester.c similarity index 84% rename from src/libstrongswan/tests/suites/test_test_rng.c rename to src/libstrongswan/tests/suites/test_rng_tester.c index 9a983b677..8a471266a 100644 --- a/src/libstrongswan/tests/suites/test_test_rng.c +++ b/src/libstrongswan/tests/suites/test_rng_tester.c @@ -15,10 +15,10 @@ #include "test_suite.h" -#include #include +#include -START_TEST(test_test_rng) +START_TEST(test_rng_tester) { rng_t *entropy; chunk_t in, in1, in2, out; @@ -27,7 +27,7 @@ START_TEST(test_test_rng) in2 = chunk_from_chars(0x07, 0x08); in = chunk_cat("cc", in1, in2); - entropy = test_rng_create(in); + entropy = rng_tester_create(in); ck_assert(entropy->allocate_bytes(entropy, 6, &out)); ck_assert(chunk_equals(in1, out)); ck_assert(entropy->get_bytes(entropy, 2, out.ptr)); @@ -41,15 +41,15 @@ START_TEST(test_test_rng) END_TEST -Suite *test_rng_suite_create() +Suite *rng_tester_suite_create() { Suite *s; TCase *tc; - s = suite_create("test_rng"); + s = suite_create("rng_tester"); - tc = tcase_create("test_rng"); - tcase_add_test(tc, test_test_rng); + tc = tcase_create("rng_tester"); + tcase_add_test(tc, test_rng_tester); suite_add_tcase(s, tc); return s; diff --git a/src/libstrongswan/tests/suites/test_vectors.c b/src/libstrongswan/tests/suites/test_vectors.c index 971b331b2..b5733fef8 100644 --- a/src/libstrongswan/tests/suites/test_vectors.c +++ b/src/libstrongswan/tests/suites/test_vectors.c @@ -28,6 +28,8 @@ static transform_type_t tfs[] = { INTEGRITY_ALGORITHM, HASH_ALGORITHM, PSEUDO_RANDOM_FUNCTION, + EXTENDED_OUTPUT_FUNCTION, + DETERMINISTIC_RANDOM_BIT_GENERATOR, RANDOM_NUMBER_GENERATOR, DIFFIE_HELLMAN_GROUP, }; diff --git a/src/libstrongswan/tests/tests.h b/src/libstrongswan/tests/tests.h index 26ff161a4..4106a42fb 100644 --- a/src/libstrongswan/tests/tests.h +++ b/src/libstrongswan/tests/tests.h @@ -46,7 +46,7 @@ TEST_SUITE_DEPEND(iv_gen_suite_create, RNG, RNG_STRONG) TEST_SUITE(pen_suite_create) TEST_SUITE(asn1_suite_create) TEST_SUITE(asn1_parser_suite_create) -TEST_SUITE(test_rng_suite_create) +TEST_SUITE(rng_tester_suite_create) TEST_SUITE_DEPEND(mgf1_sha1_suite_create, XOF, XOF_MGF1_SHA1) TEST_SUITE_DEPEND(mgf1_sha256_suite_create, XOF, XOF_MGF1_SHA256) TEST_SUITE_DEPEND(ntru_suite_create, DH, NTRU_112_BIT)