From b9d9c3f1d5b0a92cd7c07df1c180f915ad2e6018 Mon Sep 17 00:00:00 2001 From: Michael Brown Date: Tue, 6 Mar 2012 12:58:56 +0000 Subject: [PATCH] [rng] Allow HMAC_DRBG to use multiple underlying hash algorithms Signed-off-by: Michael Brown --- src/crypto/hmac_drbg.c | 128 ++++++------ src/include/ipxe/drbg.h | 32 ++- src/include/ipxe/hmac_drbg.h | 160 ++++++++++++--- src/tests/hmac_drbg_test.c | 387 +++++++++++++++++++---------------- 4 files changed, 441 insertions(+), 266 deletions(-) diff --git a/src/crypto/hmac_drbg.c b/src/crypto/hmac_drbg.c index 9e70e4e6..3f56e1b7 100644 --- a/src/crypto/hmac_drbg.c +++ b/src/crypto/hmac_drbg.c @@ -46,6 +46,7 @@ FILE_LICENCE ( GPL2_OR_LATER ); /** * Update the HMAC_DRBG key * + * @v hash Underlying hash algorithm * @v state HMAC_DRBG internal state * @v data Provided data * @v len Length of provided data @@ -57,40 +58,40 @@ FILE_LICENCE ( GPL2_OR_LATER ); * * as used by hmac_drbg_update() */ -static void hmac_drbg_update_key ( struct hmac_drbg_state *state, +static void hmac_drbg_update_key ( struct digest_algorithm *hash, + struct hmac_drbg_state *state, const void *data, size_t len, const uint8_t single ) { - uint8_t context[HMAC_DRBG_CTX_SIZE]; - size_t key_len = sizeof ( state->key ); + uint8_t context[ hash->ctxsize ]; + size_t out_len = hash->digestsize; - DBGC ( state, "HMAC_DRBG %p provided data :\n", state ); + DBGC ( state, "HMAC_DRBG_%s %p provided data :\n", hash->name, state ); DBGC_HDA ( state, 0, data, len ); /* Sanity checks */ + assert ( hash != NULL ); assert ( state != NULL ); assert ( ( data != NULL ) || ( len == 0 ) ); assert ( ( single == 0x00 ) || ( single == 0x01 ) ); /* K = HMAC ( K, V || single || provided_data ) */ - hmac_init ( &hmac_drbg_algorithm, context, state->key, &key_len ); - assert ( key_len == sizeof ( state->key ) ); - hmac_update ( &hmac_drbg_algorithm, context, - state->value, sizeof ( state->value ) ); - hmac_update ( &hmac_drbg_algorithm, context, - &single, sizeof ( single ) ); - hmac_update ( &hmac_drbg_algorithm, context, data, len ); - hmac_final ( &hmac_drbg_algorithm, context, state->key, &key_len, - state->key ); - assert ( key_len == sizeof ( state->key ) ); + hmac_init ( hash, context, state->key, &out_len ); + assert ( out_len == hash->digestsize ); + hmac_update ( hash, context, state->value, out_len ); + hmac_update ( hash, context, &single, sizeof ( single ) ); + hmac_update ( hash, context, data, len ); + hmac_final ( hash, context, state->key, &out_len, state->key ); + assert ( out_len == hash->digestsize ); - DBGC ( state, "HMAC_DRBG %p K = HMAC ( K, V || %#02x || " - "provided_data ) :\n", state, single ); - DBGC_HDA ( state, 0, state->key, sizeof ( state->key ) ); + DBGC ( state, "HMAC_DRBG_%s %p K = HMAC ( K, V || %#02x || " + "provided_data ) :\n", hash->name, state, single ); + DBGC_HDA ( state, 0, state->key, out_len ); } /** * Update the HMAC_DRBG value * + * @v hash Underlying hash algorithm * @v state HMAC_DRBG internal state * @v data Provided data * @v len Length of provided data @@ -102,29 +103,31 @@ static void hmac_drbg_update_key ( struct hmac_drbg_state *state, * * as used by hmac_drbg_update() and hmac_drbg_generate() */ -static void hmac_drbg_update_value ( struct hmac_drbg_state *state ) { - uint8_t context[HMAC_DRBG_CTX_SIZE]; - size_t key_len = sizeof ( state->key ); +static void hmac_drbg_update_value ( struct digest_algorithm *hash, + struct hmac_drbg_state *state ) { + uint8_t context[ hash->ctxsize ]; + size_t out_len = hash->digestsize; /* Sanity checks */ + assert ( hash != NULL ); assert ( state != NULL ); /* V = HMAC ( K, V ) */ - hmac_init ( &hmac_drbg_algorithm, context, state->key, &key_len ); - assert ( key_len == sizeof ( state->key ) ); - hmac_update ( &hmac_drbg_algorithm, context, - state->value, sizeof ( state->value ) ); - hmac_final ( &hmac_drbg_algorithm, context, state->key, &key_len, - state->value ); - assert ( key_len == sizeof ( state->key ) ); + hmac_init ( hash, context, state->key, &out_len ); + assert ( out_len == hash->digestsize ); + hmac_update ( hash, context, state->value, out_len ); + hmac_final ( hash, context, state->key, &out_len, state->value ); + assert ( out_len == hash->digestsize ); - DBGC ( state, "HMAC_DRBG %p V = HMAC ( K, V ) :\n", state ); - DBGC_HDA ( state, 0, state->value, sizeof ( state->value ) ); + DBGC ( state, "HMAC_DRBG_%s %p V = HMAC ( K, V ) :\n", + hash->name, state ); + DBGC_HDA ( state, 0, state->value, out_len ); } /** * Update HMAC_DRBG internal state * + * @v hash Underlying hash algorithm * @v state HMAC_DRBG internal state * @v data Provided data * @v len Length of provided data @@ -135,30 +138,32 @@ static void hmac_drbg_update_value ( struct hmac_drbg_state *state ) { * The key and value are updated in-place within the HMAC_DRBG * internal state. */ -static void hmac_drbg_update ( struct hmac_drbg_state *state, +static void hmac_drbg_update ( struct digest_algorithm *hash, + struct hmac_drbg_state *state, const void *data, size_t len ) { - DBGC ( state, "HMAC_DRBG %p update\n", state ); + DBGC ( state, "HMAC_DRBG_%s %p update\n", hash->name, state ); /* Sanity checks */ + assert ( hash != NULL ); assert ( state != NULL ); assert ( ( data != NULL ) || ( len == 0 ) ); /* 1. K = HMAC ( K, V || 0x00 || provided_data ) */ - hmac_drbg_update_key ( state, data, len, 0x00 ); + hmac_drbg_update_key ( hash, state, data, len, 0x00 ); /* 2. V = HMAC ( K, V ) */ - hmac_drbg_update_value ( state ); + hmac_drbg_update_value ( hash, state ); /* 3. If ( provided_data = Null ), then return K and V */ if ( ! len ) return; /* 4. K = HMAC ( K, V || 0x01 || provided_data ) */ - hmac_drbg_update_key ( state, data, len, 0x01 ); + hmac_drbg_update_key ( hash, state, data, len, 0x01 ); /* 5. V = HMAC ( K, V ) */ - hmac_drbg_update_value ( state ); + hmac_drbg_update_value ( hash, state ); /* 6. Return K and V */ } @@ -166,6 +171,7 @@ static void hmac_drbg_update ( struct hmac_drbg_state *state, /** * Instantiate HMAC_DRBG * + * @v hash Underlying hash algorithm * @v state HMAC_DRBG internal state to be initialised * @v entropy Entropy input * @v entropy_len Length of entropy input @@ -184,17 +190,18 @@ static void hmac_drbg_update ( struct hmac_drbg_state *state, * The key, value and reseed counter are updated in-place within the * HMAC_DRBG internal state. */ -void hmac_drbg_instantiate ( struct hmac_drbg_state *state, +void hmac_drbg_instantiate ( struct digest_algorithm *hash, + struct hmac_drbg_state *state, const void *entropy, size_t entropy_len, const void *personal, size_t personal_len ){ + size_t out_len = hash->digestsize; - DBGC ( state, "HMAC_DRBG %p instantiate\n", state ); + DBGC ( state, "HMAC_DRBG_%s %p instantiate\n", hash->name, state ); /* Sanity checks */ + assert ( hash != NULL ); assert ( state != NULL ); assert ( entropy != NULL ); - assert ( ( 8 * entropy_len ) >= - ( 3 * HMAC_DRBG_SECURITY_STRENGTH / 2 ) ); assert ( ( personal != NULL ) || ( personal_len == 0 ) ); /* 1. seed_material = entropy_input || nonce || @@ -202,23 +209,24 @@ void hmac_drbg_instantiate ( struct hmac_drbg_state *state, */ /* 2. Key = 0x00 00..00 */ - memset ( state->key, 0x00, sizeof ( state->key ) ); + memset ( state->key, 0x00, out_len ); /* 3. V = 0x01 01...01 */ - memset ( state->value, 0x01, sizeof ( state->value ) ); + memset ( state->value, 0x01, out_len ); /* 4. ( Key, V ) = HMAC_DBRG_Update ( seed_material, Key, V ) * 5. reseed_counter = 1 * 6. Return V, Key and reseed_counter as the * initial_working_state */ - hmac_drbg_reseed ( state, entropy, entropy_len, + hmac_drbg_reseed ( hash, state, entropy, entropy_len, personal, personal_len ); } /** * Reseed HMAC_DRBG * + * @v hash Underlying hash algorithm * @v state HMAC_DRBG internal state * @v entropy Entropy input * @v entropy_len Length of entropy input @@ -231,27 +239,29 @@ void hmac_drbg_instantiate ( struct hmac_drbg_state *state, * The key, value and reseed counter are updated in-place within the * HMAC_DRBG internal state. */ -void hmac_drbg_reseed ( struct hmac_drbg_state *state, +void hmac_drbg_reseed ( struct digest_algorithm *hash, + struct hmac_drbg_state *state, const void *entropy, size_t entropy_len, const void *additional, size_t additional_len ) { uint8_t seed_material[ entropy_len + additional_len ]; - DBGC ( state, "HMAC_DRBG %p (re)seed\n", state ); + DBGC ( state, "HMAC_DRBG_%s %p (re)seed\n", hash->name, state ); /* Sanity checks */ + assert ( hash != NULL ); assert ( state != NULL ); assert ( entropy != NULL ); - assert ( ( 8 * entropy_len ) >= HMAC_DRBG_SECURITY_STRENGTH ); assert ( ( additional != NULL ) || ( additional_len == 0 ) ); /* 1. seed_material = entropy_input || additional_input */ memcpy ( seed_material, entropy, entropy_len ); memcpy ( ( seed_material + entropy_len ), additional, additional_len ); - DBGC ( state, "HMAC_DRBG %p seed material :\n", state ); + DBGC ( state, "HMAC_DRBG_%s %p seed material :\n", hash->name, state ); DBGC_HDA ( state, 0, seed_material, sizeof ( seed_material ) ); /* 2. ( Key, V ) = HMAC_DBRG_Update ( seed_material, Key, V ) */ - hmac_drbg_update ( state, seed_material, sizeof ( seed_material ) ); + hmac_drbg_update ( hash, state, seed_material, + sizeof ( seed_material ) ); /* 3. reseed_counter = 1 */ state->reseed_counter = 1; @@ -262,6 +272,7 @@ void hmac_drbg_reseed ( struct hmac_drbg_state *state, /** * Generate pseudorandom bits using HMAC_DRBG * + * @v hash Underlying hash algorithm * @v state HMAC_DRBG internal state * @v additional Additional input * @v additional_len Length of additional input @@ -279,16 +290,19 @@ void hmac_drbg_reseed ( struct hmac_drbg_state *state, * * Note that the only permitted error is "reseed required". */ -int hmac_drbg_generate ( struct hmac_drbg_state *state, +int hmac_drbg_generate ( struct digest_algorithm *hash, + struct hmac_drbg_state *state, const void *additional, size_t additional_len, void *data, size_t len ) { + size_t out_len = hash->digestsize; void *orig_data = data; size_t orig_len = len; size_t frag_len; - DBGC ( state, "HMAC_DRBG %p generate\n", state ); + DBGC ( state, "HMAC_DRBG_%s %p generate\n", hash->name, state ); /* Sanity checks */ + assert ( hash != NULL ); assert ( state != NULL ); assert ( data != NULL ); assert ( ( additional != NULL ) || ( additional_len == 0 ) ); @@ -297,8 +311,8 @@ int hmac_drbg_generate ( struct hmac_drbg_state *state, * indication that a reseed is required */ if ( state->reseed_counter > HMAC_DRBG_RESEED_INTERVAL ) { - DBGC ( state, "HMAC_DRBG %p reseed interval exceeded\n", - state ); + DBGC ( state, "HMAC_DRBG_%s %p reseed interval exceeded\n", + hash->name, state ); return -ESTALE; } @@ -306,7 +320,7 @@ int hmac_drbg_generate ( struct hmac_drbg_state *state, * ( Key, V ) = HMAC_DRBG_Update ( additional_input, Key, V ) */ if ( additional_len ) - hmac_drbg_update ( state, additional, additional_len ); + hmac_drbg_update ( hash, state, additional, additional_len ); /* 3. temp = Null * 4. While ( len ( temp ) < requested_number_of_bits ) do: @@ -314,27 +328,27 @@ int hmac_drbg_generate ( struct hmac_drbg_state *state, while ( len ) { /* 4.1 V = HMAC ( Key, V ) */ - hmac_drbg_update_value ( state ); + hmac_drbg_update_value ( hash, state ); /* 4.2. temp = temp || V * 5. returned_bits = Leftmost requested_number_of_bits * of temp */ frag_len = len; - if ( frag_len > sizeof ( state->value ) ) - frag_len = sizeof ( state->value ); + if ( frag_len > out_len ) + frag_len = out_len; memcpy ( data, state->value, frag_len ); data += frag_len; len -= frag_len; } /* 6. ( Key, V ) = HMAC_DRBG_Update ( additional_input, Key, V ) */ - hmac_drbg_update ( state, additional, additional_len ); + hmac_drbg_update ( hash, state, additional, additional_len ); /* 7. reseed_counter = reseed_counter + 1 */ state->reseed_counter++; - DBGC ( state, "HMAC_DRBG %p generated :\n", state ); + DBGC ( state, "HMAC_DRBG_%s %p generated :\n", hash->name, state ); DBGC_HDA ( state, 0, orig_data, orig_len ); /* 8. Return SUCCESS, returned_bits, and the new values of diff --git a/src/include/ipxe/drbg.h b/src/include/ipxe/drbg.h index 3cf4584a..139f03c5 100644 --- a/src/include/ipxe/drbg.h +++ b/src/include/ipxe/drbg.h @@ -10,16 +10,29 @@ FILE_LICENCE ( GPL2_OR_LATER ); #include +#include #include -/** Maximum security strength */ -#define DRBG_MAX_SECURITY_STRENGTH HMAC_DRBG_MAX_SECURITY_STRENGTH +/** Choose HMAC_DRBG using SHA-1 + * + * HMAC_DRBG using SHA-1 is an Approved algorithm in ANS X9.82. + */ +#define HMAC_DRBG_ALGORITHM HMAC_DRBG_SHA1 -/** Security strength */ -#define DRBG_SECURITY_STRENGTH HMAC_DRBG_SECURITY_STRENGTH +/** Maximum security strength */ +#define DRBG_MAX_SECURITY_STRENGTH \ + HMAC_DRBG_MAX_SECURITY_STRENGTH ( HMAC_DRBG_ALGORITHM ) + +/** Security strength + * + * We choose to operate at the maximum security strength supported by + * the algorithm. + */ +#define DRBG_SECURITY_STRENGTH DRBG_MAX_SECURITY_STRENGTH /** Minimum entropy input length */ -#define DRBG_MIN_ENTROPY_LEN_BYTES HMAC_DRBG_MIN_ENTROPY_LEN_BYTES +#define DRBG_MIN_ENTROPY_LEN_BYTES \ + HMAC_DRBG_MIN_ENTROPY_LEN_BYTES ( DRBG_SECURITY_STRENGTH ) /** Maximum entropy input length */ #define DRBG_MAX_ENTROPY_LEN_BYTES HMAC_DRBG_MAX_ENTROPY_LEN_BYTES @@ -60,7 +73,8 @@ static inline void drbg_instantiate_algorithm ( struct drbg_state *state, size_t entropy_len, const void *personal, size_t personal_len ) { - hmac_drbg_instantiate ( &state->internal, entropy, entropy_len, + hmac_drbg_instantiate ( HMAC_DRBG_HASH ( HMAC_DRBG_ALGORITHM ), + &state->internal, entropy, entropy_len, personal, personal_len ); } @@ -81,7 +95,8 @@ static inline void drbg_reseed_algorithm ( struct drbg_state *state, size_t entropy_len, const void *additional, size_t additional_len ) { - hmac_drbg_reseed ( &state->internal, entropy, entropy_len, + hmac_drbg_reseed ( HMAC_DRBG_HASH ( HMAC_DRBG_ALGORITHM ), + &state->internal, entropy, entropy_len, additional, additional_len ); } @@ -104,7 +119,8 @@ static inline int drbg_generate_algorithm ( struct drbg_state *state, const void *additional, size_t additional_len, void *data, size_t len ) { - return hmac_drbg_generate ( &state->internal, additional, + return hmac_drbg_generate ( HMAC_DRBG_HASH ( HMAC_DRBG_ALGORITHM ), + &state->internal, additional, additional_len, data, len ); } diff --git a/src/include/ipxe/hmac_drbg.h b/src/include/ipxe/hmac_drbg.h index b3dfe368..8dfd2924 100644 --- a/src/include/ipxe/hmac_drbg.h +++ b/src/include/ipxe/hmac_drbg.h @@ -10,48 +10,148 @@ FILE_LICENCE ( GPL2_OR_LATER ); #include -#include +#include -/** Use SHA-1 as the underlying hash algorithm +/** Declare an HMAC_DRBG algorithm * - * HMAC_DRBG using SHA-1 is an Approved algorithm in ANS X9.82. + * @v hash Underlying hash algorithm + * @v max_security_strength Maxmimum security strength + * @v out_len_bits Output block length, in bits + * @ret hmac_drbg HMAC_DRBG algorithm */ -#define hmac_drbg_algorithm sha1_algorithm +#define HMAC_DRBG( hash, max_security_strength, out_len_bits ) \ + ( hash, max_security_strength, out_len_bits ) + +/** HMAC_DRBG using SHA-1 + * + * The maximum security strength of HMAC_DRBG using SHA-1 is 128 bits + * according to the list of maximum security strengths documented in + * NIST SP 800-57 Part 1 Section 5.6.1 Table 3. + * + * The output block length of HMAC_DRBG using SHA-1 is 160 bits + * according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP + * 800-90 Section 10.1 Table 2). + */ +#define HMAC_DRBG_SHA1 HMAC_DRBG ( &sha1_algorithm, 128, 160 ) + +/** HMAC_DRBG using SHA-224 + * + * The maximum security strength of HMAC_DRBG using SHA-224 is 192 + * bits according to the list of maximum security strengths documented + * in NIST SP 800-57 Part 1 Section 5.6.1 Table 3. + * + * The output block length of HMAC_DRBG using SHA-224 is 224 bits + * according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP + * 800-90 Section 10.1 Table 2). + */ +#define HMAC_DRBG_SHA224 HMAC_DRBG ( &sha224_algorithm, 192, 224 ) + +/** HMAC_DRBG using SHA-256 + * + * The maximum security strength of HMAC_DRBG using SHA-256 is 256 + * bits according to the list of maximum security strengths documented + * in NIST SP 800-57 Part 1 Section 5.6.1 Table 3. + * + * The output block length of HMAC_DRBG using SHA-256 is 256 bits + * according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP + * 800-90 Section 10.1 Table 2). + */ +#define HMAC_DRBG_SHA256 HMAC_DRBG ( &sha256_algorithm, 256, 256 ) + +/** HMAC_DRBG using SHA-384 + * + * The maximum security strength of HMAC_DRBG using SHA-384 is 256 + * bits according to the list of maximum security strengths documented + * in NIST SP 800-57 Part 1 Section 5.6.1 Table 3. + * + * The output block length of HMAC_DRBG using SHA-384 is 384 bits + * according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP + * 800-90 Section 10.1 Table 2). + */ +#define HMAC_DRBG_SHA384 HMAC_DRBG ( &sha384_algorithm, 256, 384 ) + +/** HMAC_DRBG using SHA-512 + * + * The maximum security strength of HMAC_DRBG using SHA-512 is 256 + * bits according to the list of maximum security strengths documented + * in NIST SP 800-57 Part 1 Section 5.6.1 Table 3. + * + * The output block length of HMAC_DRBG using SHA-512 is 512 bits + * according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP + * 800-90 Section 10.1 Table 2). + */ +#define HMAC_DRBG_SHA512 HMAC_DRBG ( &sha512_algorithm, 256, 512 ) + +/** Underlying hash algorithm + * + * @v hmac_drbg HMAC_DRBG algorithm + * @ret hash Underlying hash algorithm + */ +#define HMAC_DRBG_HASH( hmac_drbg ) \ + HMAC_DRBG_EXTRACT_HASH hmac_drbg +#define HMAC_DRBG_EXTRACT_HASH( hash, max_security_strength, out_len_bits ) \ + hash /** Maximum security strength * - * The maximum security strength of HMAC_DRBG using SHA-1 is 128 bits - * (according to the list of maximum security strengths documented in - * NIST SP 800-57 Part 1 Section 5.6.1 Table 3). + * @v hmac_drbg HMAC_DRBG algorithm + * @ret max_security_strength Maxmimum security strength */ -#define HMAC_DRBG_MAX_SECURITY_STRENGTH 128 +#define HMAC_DRBG_MAX_SECURITY_STRENGTH( hmac_drbg ) \ + HMAC_DRBG_EXTRACT_MAX_SECURITY_STRENGTH hmac_drbg +#define HMAC_DRBG_EXTRACT_MAX_SECURITY_STRENGTH( hash, max_security_strength, \ + out_len_bits ) \ + max_security_strength -/** Security strength +/** Output block length, in bits * - * For the sake of implementation simplicity, only a single security - * strength is supported, which is the maximum security strength - * supported by the algorithm. + * @v hmac_drbg HMAC_DRBG algorithm + * @ret out_len_bits Output block length, in bits */ -#define HMAC_DRBG_SECURITY_STRENGTH HMAC_DRBG_MAX_SECURITY_STRENGTH +#define HMAC_DRBG_OUTLEN_BITS( hmac_drbg ) \ + HMAC_DRBG_EXTRACT_OUTLEN_BITS hmac_drbg +#define HMAC_DRBG_EXTRACT_OUTLEN_BITS( hash, max_security_strength, \ + out_len_bits ) \ + out_len_bits -/** Underlying hash algorithm output length (in bytes) */ -#define HMAC_DRBG_OUTLEN_BYTES SHA1_DIGEST_SIZE +/** Output block length, in bytes + * + * @v hmac_drbg HMAC_DRBG algorithm + * @ret out_len_bytes Output block length, in bytes + */ +#define HMAC_DRBG_OUTLEN_BYTES( hmac_drbg ) \ + ( HMAC_DRBG_OUTLEN_BITS ( hmac_drbg ) / 8 ) + +/** Maximum output block length, in bytes + * + * The maximum output block length for HMAC_DRBG is 512 bits for + * SHA-512 according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 + * (NIST SP 800-90 Section 10.1 Table 2). + */ +#define HMAC_DRBG_MAX_OUTLEN_BYTES HMAC_DRBG_OUTLEN_BYTES ( HMAC_DRBG_SHA512 ) /** Required minimum entropy for instantiate and reseed + * + * @v security_strength Security strength + * @ret min_entropy Required minimum entropy * * The minimum required entropy for HMAC_DRBG is equal to the security * strength according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 * (NIST SP 800-90 Section 10.1 Table 2). */ -#define HMAC_DRBG_MIN_ENTROPY_BYTES ( HMAC_DRBG_SECURITY_STRENGTH / 8 ) +#define HMAC_DRBG_MIN_ENTROPY( security_strength ) (security_strength) /** Minimum entropy input length + * + * @v security_strength Security strength + * @ret min_entropy_len_bytes Required minimum entropy length (in bytes) * * The minimum entropy input length for HMAC_DRBG is equal to the * security strength according to ANS X9.82 Part 3-2007 Section 10.2.1 * Table 2 (NIST SP 800-90 Section 10.1 Table 2). */ -#define HMAC_DRBG_MIN_ENTROPY_LEN_BYTES ( HMAC_DRBG_SECURITY_STRENGTH / 8 ) +#define HMAC_DRBG_MIN_ENTROPY_LEN_BYTES( security_strength ) \ + ( (security_strength) / 8 ) /** Maximum entropy input length * @@ -95,19 +195,16 @@ FILE_LICENCE ( GPL2_OR_LATER ); /** Reseed interval * - * The maximum permitted reseed interval for HMAC_DRBG using SHA-1 is - * 2^48 according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 - * (NIST SP 800-90 Section 10.1 Table 2). However, the sample - * implementation given in ANS X9.82 Part 3-2007 Annex E.2.1 (NIST SP - * 800-90 Appendix F.2) shows a reseed interval of 10000. + * The maximum permitted reseed interval for HMAC_DRBG is 2^48 + * according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP + * 800-90 Section 10.1 Table 2). However, the sample implementation + * given in ANS X9.82 Part 3-2007 Annex E.2.1 (NIST SP 800-90 Appendix + * F.2) shows a reseed interval of 10000. * * We choose a very conservative reseed interval. */ #define HMAC_DRBG_RESEED_INTERVAL 1024 -/** Underlying hash algorithm context size (in bytes) */ -#define HMAC_DRBG_CTX_SIZE SHA1_CTX_SIZE - /** * HMAC_DRBG internal state * @@ -124,13 +221,13 @@ struct hmac_drbg_state { * "The value V of outlen bits, which is updated each time * another outlen bits of output are produced" */ - uint8_t value[HMAC_DRBG_OUTLEN_BYTES]; + uint8_t value[HMAC_DRBG_MAX_OUTLEN_BYTES]; /** Current key * * "The outlen-bit Key, which is updated at least once each * time that the DRBG mechanism generates pseudorandom bits." */ - uint8_t key[HMAC_DRBG_OUTLEN_BYTES]; + uint8_t key[HMAC_DRBG_MAX_OUTLEN_BYTES]; /** Reseed counter * * "A counter (reseed_counter) that indicates the number of @@ -140,13 +237,16 @@ struct hmac_drbg_state { unsigned int reseed_counter; }; -extern void hmac_drbg_instantiate ( struct hmac_drbg_state *state, +extern void hmac_drbg_instantiate ( struct digest_algorithm *hash, + struct hmac_drbg_state *state, const void *entropy, size_t entropy_len, const void *personal, size_t personal_len ); -extern void hmac_drbg_reseed ( struct hmac_drbg_state *state, +extern void hmac_drbg_reseed ( struct digest_algorithm *hash, + struct hmac_drbg_state *state, const void *entropy, size_t entropy_len, const void *additional, size_t additional_len ); -extern int hmac_drbg_generate ( struct hmac_drbg_state *state, +extern int hmac_drbg_generate ( struct digest_algorithm *hash, + struct hmac_drbg_state *state, const void *additional, size_t additional_len, void *data, size_t len ); diff --git a/src/tests/hmac_drbg_test.c b/src/tests/hmac_drbg_test.c index ad5584f1..2e93e5e8 100644 --- a/src/tests/hmac_drbg_test.c +++ b/src/tests/hmac_drbg_test.c @@ -35,6 +35,7 @@ FILE_LICENCE ( GPL2_OR_LATER ); #include #include #include +#include #include /** Define inline expected data */ @@ -42,10 +43,18 @@ FILE_LICENCE ( GPL2_OR_LATER ); /** An HMAC_DRBG instantiation test */ struct hmac_drbg_test_instantiate { - /** Entropy (including nonce) */ + /** Underlying hash algorithm */ + struct digest_algorithm *hash; + /** Output block length */ + size_t out_len; + /** Entropy */ const void *entropy; - /** Length of entropy (including nonce) */ + /** Length of entropy */ size_t entropy_len; + /** Nonce */ + const void *nonce; + /** Length of nonce */ + size_t nonce_len; /** Personalisation string */ const void *personal; /** Length of personalisation string */ @@ -64,19 +73,26 @@ struct hmac_drbg_test_instantiate { * Define an HMAC_DRBG instantiation test * * @v name Test name - * @v entropy_array Entropy input (including nonce) + * @v hmac_drbg HMAC_DRBG algorithm + * @v entropy_array Entropy input + * @v nonce_array Nonce * @v personal_array Personalisation string * @v key Expected key * @v value Expected value * @ret test Instantiation test */ -#define HMAC_DRBG_TEST_INSTANTIATE( name, entropy_array, \ - personal_array, key, value ) \ +#define HMAC_DRBG_TEST_INSTANTIATE( name, hmac_drbg, entropy_array, \ + nonce_array, personal_array, \ + key, value ) \ static const uint8_t name ## _key [] = key; \ static const uint8_t name ## _value [] = value; \ static const struct hmac_drbg_test_instantiate name = { \ + .hash = HMAC_DRBG_HASH ( hmac_drbg ), \ + .out_len = HMAC_DRBG_OUTLEN_BYTES ( hmac_drbg ), \ .entropy = entropy_array, \ .entropy_len = sizeof ( entropy_array ), \ + .nonce = nonce_array, \ + .nonce_len = sizeof ( nonce_array ), \ .personal = personal_array, \ .personal_len = sizeof ( personal_array ), \ .expected_key = name ## _key, \ @@ -92,19 +108,33 @@ struct hmac_drbg_test_instantiate { * @v test Instantiation test */ #define instantiate_ok( state, test ) do { \ - assert ( (test)->expected_key_len == HMAC_DRBG_OUTLEN_BYTES ); \ - assert ( (test)->expected_value_len == HMAC_DRBG_OUTLEN_BYTES ); \ - hmac_drbg_instantiate ( (state), (test)->entropy, \ - (test)->entropy_len, (test)->personal, \ + struct { \ + uint8_t entropy[(test)->entropy_len]; \ + uint8_t nonce[(test)->nonce_len]; \ + } __attribute__ (( packed )) entropy_nonce; \ + \ + assert ( (test)->expected_key_len == (test)->out_len ); \ + assert ( (test)->expected_value_len == (test)->out_len ); \ + memcpy ( entropy_nonce.entropy, (test)->entropy, \ + sizeof ( entropy_nonce.entropy ) ); \ + memcpy ( entropy_nonce.nonce, (test)->nonce, \ + sizeof ( entropy_nonce.nonce ) ); \ + hmac_drbg_instantiate ( (test)->hash, (state), &entropy_nonce, \ + sizeof ( entropy_nonce ), \ + (test)->personal, \ (test)->personal_len ); \ ok ( memcmp ( (state)->key, (test)->expected_key, \ - sizeof ( (state)->key ) ) == 0 ); \ + (test)->expected_key_len ) == 0 ); \ ok ( memcmp ( (state)->value, (test)->expected_value, \ - sizeof ( (state)->value ) ) == 0 ); \ + (test)->expected_value_len ) == 0 ); \ } while ( 0 ) /** An HMAC_DRBG reseed test */ struct hmac_drbg_test_reseed { + /** Underlying hash algorithm */ + struct digest_algorithm *hash; + /** Output block length */ + size_t out_len; /** Entropy */ const void *entropy; /** Length of entropy */ @@ -127,17 +157,20 @@ struct hmac_drbg_test_reseed { * Define an HMAC_DRBG reseed test * * @v name Test name + * @v hmac_drbg HMAC_DRBG algorithm * @v entropy_array Entropy input * @v additional_array Additional input * @v key Expected key * @v value Expected value * @ret test Reseed test */ -#define HMAC_DRBG_TEST_RESEED( name, entropy_array, additional_array, \ - key, value ) \ +#define HMAC_DRBG_TEST_RESEED( name, hmac_drbg, entropy_array, \ + additional_array, key, value ) \ static const uint8_t name ## _key [] = key; \ static const uint8_t name ## _value [] = value; \ static const struct hmac_drbg_test_reseed name = { \ + .hash = HMAC_DRBG_HASH ( hmac_drbg ), \ + .out_len = HMAC_DRBG_OUTLEN_BYTES ( hmac_drbg ), \ .entropy = entropy_array, \ .entropy_len = sizeof ( entropy_array ), \ .additional = additional_array, \ @@ -155,19 +188,23 @@ struct hmac_drbg_test_reseed { * @v test Reseed test */ #define reseed_ok( state, test ) do { \ - assert ( (test)->expected_key_len == HMAC_DRBG_OUTLEN_BYTES ); \ - assert ( (test)->expected_value_len == HMAC_DRBG_OUTLEN_BYTES ); \ - hmac_drbg_reseed ( (state), (test)->entropy, \ + assert ( (test)->expected_key_len == (test)->out_len ); \ + assert ( (test)->expected_value_len == (test)->out_len ); \ + hmac_drbg_reseed ( (test)->hash, (state), (test)->entropy, \ (test)->entropy_len, (test)->additional, \ (test)->additional_len ); \ ok ( memcmp ( (state)->key, (test)->expected_key, \ - sizeof ( (state)->key ) ) == 0 ); \ + (test)->expected_key_len ) == 0 ); \ ok ( memcmp ( (state)->value, (test)->expected_value, \ - sizeof ( (state)->value ) ) == 0 ); \ + (test)->expected_value_len ) == 0 ); \ } while ( 0 ) /** An HMAC_DRBG generation test */ struct hmac_drbg_test_generate { + /** Underlying hash algorithm */ + struct digest_algorithm *hash; + /** Output block length */ + size_t out_len; /** Additional input */ const void *additional; /** Length of additional_input */ @@ -183,25 +220,28 @@ struct hmac_drbg_test_generate { /** Expected pseudorandom data */ const void *expected_data; /** Length of data */ - size_t len; + size_t expected_data_len; }; /** * Define an HMAC_DRBG generation test * * @v name Test name + * @v hmac_drbg HMAC_DRBG algorithm * @v additional_array Additional input * @v key Expected key * @v value Expected value * @v data Expected pseudorandom data * @ret test Generation test */ -#define HMAC_DRBG_TEST_GENERATE( name, additional_array, key, value, \ - data ) \ +#define HMAC_DRBG_TEST_GENERATE( name, hmac_drbg, additional_array, \ + key, value, data ) \ static const uint8_t name ## _key [] = key; \ static const uint8_t name ## _value [] = value; \ static const uint8_t name ## _data [] = data; \ static const struct hmac_drbg_test_generate name = { \ + .hash = HMAC_DRBG_HASH ( hmac_drbg ), \ + .out_len = HMAC_DRBG_OUTLEN_BYTES ( hmac_drbg ), \ .additional = additional_array, \ .additional_len = sizeof ( additional_array ), \ .expected_key = name ## _key, \ @@ -209,7 +249,7 @@ struct hmac_drbg_test_generate { .expected_value = name ## _value, \ .expected_value_len = sizeof ( name ## _value ), \ .expected_data = name ## _data, \ - .len = sizeof ( name ## _data ), \ + .expected_data_len = sizeof ( name ## _data ), \ } /** @@ -219,25 +259,28 @@ struct hmac_drbg_test_generate { * @v test Generation test */ #define generate_ok( state, test ) do { \ - uint8_t data[ (test)->len ]; \ + uint8_t data[ (test)->expected_data_len ]; \ int rc; \ \ - assert ( (test)->expected_key_len == HMAC_DRBG_OUTLEN_BYTES ); \ - assert ( (test)->expected_value_len == HMAC_DRBG_OUTLEN_BYTES );\ - rc = hmac_drbg_generate ( (state), (test)->additional, \ - (test)->additional_len, data, \ - sizeof ( data ) ); \ + assert ( (test)->expected_key_len == (test)->out_len ); \ + assert ( (test)->expected_value_len == (test)->out_len ); \ + rc = hmac_drbg_generate ( (test)->hash, (state), \ + (test)->additional, \ + (test)->additional_len, \ + data, sizeof ( data ) ); \ ok ( rc == 0 ); \ ok ( memcmp ( (state)->key, (test)->expected_key, \ - sizeof ( (state)->key ) ) == 0 ); \ + (test)->expected_key_len ) == 0 ); \ ok ( memcmp ( (state)->value, (test)->expected_value, \ - sizeof ( (state)->value ) ) == 0 ); \ + (test)->expected_value_len ) == 0 ); \ ok ( memcmp ( data, (test)->expected_data, \ - sizeof ( data ) ) == 0 ); \ + (test)->expected_data_len ) == 0 ); \ } while ( 0 ) /** An HMAC_DRBG generation failure test */ struct hmac_drbg_test_generate_fail { + /** Underlying hash algorithm */ + struct digest_algorithm *hash; /** Additional input */ const void *additional; /** Length of additional_input */ @@ -250,11 +293,14 @@ struct hmac_drbg_test_generate_fail { * Define an HMAC_DRBG generation failure test * * @v name Test name + * @v hmac_drbg HMAC_DRBG algorithm * @v additional_array Additional input * @ret test Generation failure test */ -#define HMAC_DRBG_TEST_GENERATE_FAIL( name, additional_array, len ) \ +#define HMAC_DRBG_TEST_GENERATE_FAIL( name, hmac_drbg, \ + additional_array, len ) \ static const struct hmac_drbg_test_generate_fail name = { \ + .hash = HMAC_DRBG_HASH ( hmac_drbg ), \ .additional = additional_array, \ .additional_len = sizeof ( additional_array ), \ .requested_len = len, \ @@ -270,25 +316,24 @@ struct hmac_drbg_test_generate_fail { uint8_t data[ (test)->requested_len ]; \ int rc; \ \ - rc = hmac_drbg_generate ( (state), (test)->additional, \ + rc = hmac_drbg_generate ( (test)->hash, (state), \ + (test)->additional, \ (test)->additional_len, data, \ sizeof ( data ) ); \ ok ( rc != 0 ); \ } while ( 0 ) -/** "EntropyInput" and "Nonce" - * - * These are pre-concatenated since our implementation expects to - * receive the nonce in the form of additional entropy. - */ +/** "EntropyInput" */ static const uint8_t entropy_input[] = { - /* "EntropyInput" */ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, - /* "Nonce" */ + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36 +}; + +/** "Nonce" for SHA-1 */ +static const uint8_t nonce_sha1[] = { 0x20, 0x21, 0x22, 0x23, 0x24 }; @@ -343,16 +388,16 @@ static const uint8_t additional_input_2[] = { 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6 }; -/** Test 1 : Instantiation */ -HMAC_DRBG_TEST_INSTANTIATE ( instantiate_1, - entropy_input, personalisation_string_empty, +/** SHA-1 Test 1 : Instantiation */ +HMAC_DRBG_TEST_INSTANTIATE ( sha1_instantiate_1, HMAC_DRBG_SHA1, + entropy_input, nonce_sha1, personalisation_string_empty, EXPECT ( 0xab, 0x16, 0x0d, 0xd2, 0x1c, 0x30, 0x98, 0x0c, 0xa3, 0xca, 0x5a, 0x9c, 0x77, 0xb7, 0xbd, 0xf0, 0x50, 0xe6, 0x4e, 0xe9 ), EXPECT ( 0x61, 0x44, 0x99, 0xea, 0x98, 0x0c, 0xfb, 0x3d, 0xaa, 0x2c, 0xa8, 0x6d, 0x65, 0xa4, 0x6b, 0xf4, 0x48, 0x8d, 0x8c, 0xc5 ) ); -/** Test 1.1 : First call to Generate */ -HMAC_DRBG_TEST_GENERATE ( generate_1_1, +/** SHA-1 Test 1.1 : First call to Generate */ +HMAC_DRBG_TEST_GENERATE ( sha1_generate_1_1, HMAC_DRBG_SHA1, additional_input_empty, EXPECT ( 0x7b, 0xb1, 0x80, 0x28, 0xe0, 0x1d, 0x03, 0x42, 0xdf, 0x4f, 0x54, 0xda, 0x51, 0x22, 0xfa, 0x5f, 0x2c, 0x3a, 0x05, 0xe4 ), @@ -363,8 +408,8 @@ HMAC_DRBG_TEST_GENERATE ( generate_1_1, 0x8c, 0x0b, 0x22, 0xcd, 0x06, 0x30, 0xbf, 0xb0, 0x12, 0x7f, 0xb5, 0x40, 0x8c, 0x8e, 0xfc, 0x17, 0xa9, 0x29, 0x89, 0x6e ) ); -/** Test 1.2 : Second call to Generate */ -HMAC_DRBG_TEST_GENERATE ( generate_1_2, +/** SHA-1 Test 1.2 : Second call to Generate */ +HMAC_DRBG_TEST_GENERATE ( sha1_generate_1_2, HMAC_DRBG_SHA1, additional_input_empty, EXPECT ( 0x3d, 0x4d, 0x73, 0x77, 0xe9, 0x17, 0x2a, 0xaf, 0xa7, 0x76, 0xb0, 0xdd, 0xcb, 0x89, 0x42, 0x00, 0x4a, 0x44, 0xb7, 0xfd ), @@ -375,11 +420,11 @@ HMAC_DRBG_TEST_GENERATE ( generate_1_2, 0x9c, 0xe3, 0x67, 0xd0, 0x3a, 0xea, 0xde, 0x37, 0x82, 0x7f, 0xa8, 0xe9, 0xcb, 0x6a, 0x08, 0x19, 0x61, 0x15, 0xd9, 0x48 ) ); -/** Test 2 : Instantiation */ -#define instantiate_2 instantiate_1 +/** SHA-1 Test 2 : Instantiation */ +#define sha1_instantiate_2 sha1_instantiate_1 -/** Test 2.1 : First call to Generate */ -HMAC_DRBG_TEST_GENERATE ( generate_2_1, +/** SHA-1 Test 2.1 : First call to Generate */ +HMAC_DRBG_TEST_GENERATE ( sha1_generate_2_1, HMAC_DRBG_SHA1, additional_input_1, EXPECT ( 0x3a, 0x06, 0x2e, 0x6b, 0x79, 0xfe, 0x70, 0xdb, 0xff, 0xeb, 0x3a, 0x2b, 0x6b, 0xe8, 0x03, 0x23, 0xf7, 0xd6, 0x74, 0xc5 ), @@ -390,8 +435,8 @@ HMAC_DRBG_TEST_GENERATE ( generate_2_1, 0x9a, 0xd0, 0xbb, 0x26, 0xfa, 0xc0, 0x49, 0x7b, 0x5c, 0x57, 0xe1, 0x61, 0xe3, 0x66, 0x81, 0xbc, 0xc9, 0x30, 0xce, 0x80 ) ); -/** Test 2.2 : Second call to Generate */ -HMAC_DRBG_TEST_GENERATE ( generate_2_2, +/** SHA-1 Test 2.2 : Second call to Generate */ +HMAC_DRBG_TEST_GENERATE ( sha1_generate_2_2, HMAC_DRBG_SHA1, additional_input_2, EXPECT ( 0x8a, 0xd7, 0xe3, 0x47, 0x72, 0xb5, 0xfc, 0x7c, 0x3b, 0x3b, 0x27, 0x62, 0x4f, 0x0b, 0x91, 0x77, 0x6a, 0x8a, 0x71, 0x12 ), @@ -402,16 +447,16 @@ HMAC_DRBG_TEST_GENERATE ( generate_2_2, 0xb9, 0xc3, 0x7b, 0x7f, 0xe8, 0x1b, 0xa9, 0x40, 0x45, 0xa1, 0x4a, 0x7c, 0xb5, 0x14, 0xb4, 0x46, 0x66, 0x6e, 0xa5, 0xa7 ) ); -/** Test 3 : Instantiation */ -HMAC_DRBG_TEST_INSTANTIATE ( instantiate_3, - entropy_input, personalisation_string, +/** SHA-1 Test 3 : Instantiation */ +HMAC_DRBG_TEST_INSTANTIATE ( sha1_instantiate_3, HMAC_DRBG_SHA1, + entropy_input, nonce_sha1, personalisation_string, EXPECT ( 0xb7, 0xd9, 0x66, 0xd7, 0x0d, 0x4e, 0x27, 0xa7, 0xfa, 0x83, 0x8f, 0x7d, 0x61, 0x12, 0x6c, 0x0e, 0xdc, 0x84, 0x76, 0x1c ), EXPECT ( 0xda, 0xb2, 0xa7, 0x18, 0x83, 0xf1, 0x00, 0x5c, 0x5d, 0xd0, 0x39, 0x32, 0x4d, 0x3c, 0x36, 0x4d, 0x6e, 0x18, 0xf9, 0x54 ) ); -/** Test 3.1 : First call to Generate */ -HMAC_DRBG_TEST_GENERATE ( generate_3_1, +/** SHA-1 Test 3.1 : First call to Generate */ +HMAC_DRBG_TEST_GENERATE ( sha1_generate_3_1, HMAC_DRBG_SHA1, additional_input_empty, EXPECT ( 0x87, 0xd3, 0x82, 0x8b, 0xe0, 0x3a, 0x80, 0x7d, 0xd3, 0x40, 0x29, 0x41, 0xbe, 0xd6, 0xde, 0x98, 0x6e, 0xe7, 0xa2, 0x86 ), @@ -422,8 +467,8 @@ HMAC_DRBG_TEST_GENERATE ( generate_3_1, 0x9b, 0xd0, 0x60, 0x20, 0x8e, 0xea, 0x7d, 0x71, 0xf9, 0xd1, 0x23, 0xdf, 0x47, 0xb3, 0xce, 0x06, 0x9d, 0x98, 0xed, 0xe6 ) ); -/** Test 3.2 : Second call to Generate */ -HMAC_DRBG_TEST_GENERATE ( generate_3_2, +/** SHA-1 Test 3.2 : Second call to Generate */ +HMAC_DRBG_TEST_GENERATE ( sha1_generate_3_2, HMAC_DRBG_SHA1, additional_input_empty, EXPECT ( 0x26, 0xab, 0xbf, 0x54, 0xb2, 0x8b, 0x93, 0xff, 0x90, 0x08, 0x67, 0x0e, 0xbf, 0xee, 0x86, 0xcd, 0xd7, 0x22, 0x8e, 0xd5 ), @@ -434,11 +479,11 @@ HMAC_DRBG_TEST_GENERATE ( generate_3_2, 0x63, 0x97, 0x65, 0x47, 0x2b, 0x71, 0xac, 0xeb, 0xe2, 0xea, 0x8b, 0x1b, 0x6b, 0x49, 0x62, 0x9c, 0xb6, 0x73, 0x17, 0xe0 ) ); -/** Test 4 : Instantiation */ -#define instantiate_4 instantiate_3 +/** SHA-1 Test 4 : Instantiation */ +#define sha1_instantiate_4 sha1_instantiate_3 -/** Test 4.1 : First call to Generate */ -HMAC_DRBG_TEST_GENERATE ( generate_4_1, +/** SHA-1 Test 4.1 : First call to Generate */ +HMAC_DRBG_TEST_GENERATE ( sha1_generate_4_1, HMAC_DRBG_SHA1, additional_input_1, EXPECT ( 0x17, 0xa5, 0xd7, 0x9f, 0x07, 0x67, 0x87, 0x6f, 0x3a, 0x45, 0xe0, 0xc9, 0xc3, 0x3e, 0xc8, 0x8b, 0x03, 0xce, 0xea, 0x13 ), @@ -449,8 +494,8 @@ HMAC_DRBG_TEST_GENERATE ( generate_4_1, 0x6d, 0xfc, 0x30, 0x2e, 0xad, 0x4c, 0xe3, 0xf5, 0x54, 0xc7, 0x9b, 0x0d, 0x44, 0x23, 0x9e, 0xba, 0x56, 0xa7, 0xea, 0x2d ) ); -/** Test 4.2 : Second call to Generate */ -HMAC_DRBG_TEST_GENERATE ( generate_4_2, +/** SHA-1 Test 4.2 : Second call to Generate */ +HMAC_DRBG_TEST_GENERATE ( sha1_generate_4_2, HMAC_DRBG_SHA1, additional_input_2, EXPECT ( 0x07, 0x9b, 0x57, 0xd9, 0x40, 0x6e, 0x11, 0xc2, 0xf8, 0x7c, 0x8c, 0x82, 0x8c, 0x8c, 0x6f, 0xa7, 0x6e, 0x40, 0xea, 0x01 ), @@ -461,23 +506,23 @@ HMAC_DRBG_TEST_GENERATE ( generate_4_2, 0xdc, 0x91, 0x21, 0x5d, 0x44, 0xb1, 0x07, 0xb4, 0xd5, 0xa7, 0x79, 0x01, 0x59, 0x25, 0x09, 0x76, 0x52, 0x80, 0xf9, 0x69 ) ); -/** Test 5 : Instantiation */ -#define instantiate_5 instantiate_1 +/** SHA-1 Test 5 : Instantiation */ +#define sha1_instantiate_5 sha1_instantiate_1 -/** Test 5.1 : First call to Generate */ -HMAC_DRBG_TEST_GENERATE_FAIL ( generate_fail_5_1, +/** SHA-1 Test 5.1 : First call to Generate */ +HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_5_1, HMAC_DRBG_SHA1, additional_input_empty, ( 320 / 8 ) ); -/** Test 5.2 : Reseed */ -HMAC_DRBG_TEST_RESEED ( reseed_5_2, +/** SHA-1 Test 5.2 : Reseed */ +HMAC_DRBG_TEST_RESEED ( sha1_reseed_5_2, HMAC_DRBG_SHA1, entropy_input_1, additional_input_empty, EXPECT ( 0xcd, 0x4c, 0xab, 0x38, 0xc8, 0xad, 0x65, 0x71, 0x22, 0xbf, 0x5d, 0x3d, 0x00, 0xd0, 0xac, 0x9b, 0x13, 0xd6, 0x29, 0xbb ), EXPECT ( 0xf6, 0x60, 0xe2, 0x3e, 0x91, 0x00, 0x6b, 0x62, 0xc6, 0x54, 0x3a, 0xb1, 0x34, 0x4d, 0x23, 0xa3, 0x1a, 0xb4, 0xcf, 0x2c ) ); -/** Test 5.3 : Retried first call to Generate */ -HMAC_DRBG_TEST_GENERATE ( generate_5_3, +/** SHA-1 Test 5.3 : Retried first call to Generate */ +HMAC_DRBG_TEST_GENERATE ( sha1_generate_5_3, HMAC_DRBG_SHA1, additional_input_empty, EXPECT ( 0x58, 0x7f, 0xd8, 0x21, 0xef, 0x6c, 0x9d, 0xa4, 0xa8, 0x3c, 0x19, 0x21, 0x1f, 0x10, 0x56, 0xca, 0xcd, 0x23, 0xfc, 0x1a ), @@ -488,20 +533,20 @@ HMAC_DRBG_TEST_GENERATE ( generate_5_3, 0xbc, 0x0e, 0xfc, 0x28, 0x2a, 0xbd, 0x87, 0x60, 0x5c, 0xc9, 0x0c, 0xba, 0x9b, 0x86, 0x33, 0xdc, 0xb1, 0xda, 0xe0, 0x2e ) ); -/** Test 5.4 : Second call to Generate */ -HMAC_DRBG_TEST_GENERATE_FAIL ( generate_fail_5_4, +/** SHA-1 Test 5.4 : Second call to Generate */ +HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_5_4, HMAC_DRBG_SHA1, additional_input_empty, ( 320 / 8 ) ); -/** Test 5.5 : Reseed */ -HMAC_DRBG_TEST_RESEED ( reseed_5_5, +/** SHA-1 Test 5.5 : Reseed */ +HMAC_DRBG_TEST_RESEED ( sha1_reseed_5_5, HMAC_DRBG_SHA1, entropy_input_2, additional_input_empty, EXPECT ( 0xdb, 0xa1, 0xcf, 0xf4, 0x87, 0x95, 0x46, 0xa0, 0x38, 0xa5, 0x59, 0xb2, 0xa2, 0x4d, 0xf2, 0xc0, 0x30, 0x08, 0x9a, 0x41 ), EXPECT ( 0x2f, 0x88, 0x3c, 0x46, 0x48, 0xe1, 0x31, 0xe8, 0x6d, 0xdf, 0x9d, 0xca, 0x0d, 0x74, 0xf3, 0x0c, 0xa1, 0xce, 0x6e, 0xfb ) ); -/** Test 5.6 : Retried second call to Generate */ -HMAC_DRBG_TEST_GENERATE ( generate_5_6, +/** SHA-1 Test 5.6 : Retried second call to Generate */ +HMAC_DRBG_TEST_GENERATE ( sha1_generate_5_6, HMAC_DRBG_SHA1, additional_input_empty, EXPECT ( 0xf9, 0x39, 0xa5, 0xab, 0x08, 0xa3, 0x9f, 0x23, 0x10, 0x70, 0xb0, 0xd4, 0xc9, 0x6d, 0xc2, 0x37, 0x90, 0xba, 0x01, 0x53 ), @@ -512,23 +557,23 @@ HMAC_DRBG_TEST_GENERATE ( generate_5_6, 0x1a, 0x0a, 0xd3, 0x9b, 0xd1, 0x5e, 0x86, 0x2e, 0x64, 0x4f, 0x31, 0xe4, 0xa2, 0xd7, 0xd8, 0x43, 0xe5, 0x7c, 0x59, 0x68 ) ); -/** Test 6 : Instantiate */ -#define instantiate_6 instantiate_1 +/** SHA-1 Test 6 : Instantiate */ +#define sha1_instantiate_6 sha1_instantiate_1 -/** Test 6.1 : First call to Generate */ -HMAC_DRBG_TEST_GENERATE_FAIL ( generate_fail_6_1, +/** SHA-1 Test 6.1 : First call to Generate */ +HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_6_1, HMAC_DRBG_SHA1, additional_input_1, ( 320 / 8 ) ); -/** Test 6.2 : Reseed */ -HMAC_DRBG_TEST_RESEED ( reseed_6_2, +/** SHA-1 Test 6.2 : Reseed */ +HMAC_DRBG_TEST_RESEED ( sha1_reseed_6_2, HMAC_DRBG_SHA1, entropy_input_1, additional_input_1, EXPECT ( 0x52, 0x28, 0xa4, 0xb6, 0xa4, 0x46, 0x92, 0x90, 0x5e, 0xc0, 0x44, 0xbf, 0xf0, 0xbb, 0x4e, 0x25, 0xa3, 0x87, 0xca, 0xc1 ), EXPECT ( 0x24, 0x77, 0x32, 0xd0, 0x4c, 0xb8, 0x4e, 0xd4, 0x1a, 0xdd, 0x95, 0xa4, 0xb7, 0x8b, 0x50, 0xcd, 0x9b, 0x3d, 0x3f, 0x32 ) ); -/** Test 6.3 : Retried first call to Generate */ -HMAC_DRBG_TEST_GENERATE ( generate_6_3, +/** SHA-1 Test 6.3 : Retried first call to Generate */ +HMAC_DRBG_TEST_GENERATE ( sha1_generate_6_3, HMAC_DRBG_SHA1, additional_input_empty, EXPECT ( 0xab, 0x3d, 0xd4, 0x89, 0x5b, 0xc8, 0xcd, 0x22, 0x71, 0xde, 0xba, 0x5f, 0x3c, 0x13, 0x63, 0x52, 0x6b, 0x8b, 0x74, 0x52 ), @@ -539,20 +584,20 @@ HMAC_DRBG_TEST_GENERATE ( generate_6_3, 0x57, 0xae, 0xe8, 0x15, 0xb9, 0xc0, 0x70, 0x04, 0xc7, 0xe9, 0x92, 0xeb, 0x8c, 0x7e, 0x59, 0x19, 0x64, 0xaf, 0xee, 0xa2 ) ); -/** Test 6.4 : Second call to Generate */ -HMAC_DRBG_TEST_GENERATE_FAIL ( generate_fail_6_4, +/** SHA-1 Test 6.4 : Second call to Generate */ +HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_6_4, HMAC_DRBG_SHA1, additional_input_2, ( 320 / 8 ) ); -/** Test 6.5 : Reseed */ -HMAC_DRBG_TEST_RESEED ( reseed_6_5, +/** SHA-1 Test 6.5 : Reseed */ +HMAC_DRBG_TEST_RESEED ( sha1_reseed_6_5, HMAC_DRBG_SHA1, entropy_input_2, additional_input_2, EXPECT ( 0xe5, 0x73, 0x9f, 0x9c, 0xf7, 0xff, 0x43, 0x84, 0xd1, 0x27, 0x3e, 0x02, 0x6b, 0x45, 0x31, 0x21, 0x36, 0x49, 0x4f, 0x41 ), EXPECT ( 0x30, 0xc3, 0x43, 0x05, 0xc2, 0xc6, 0x48, 0xb0, 0x57, 0xa6, 0x40, 0x22, 0x1b, 0x5c, 0x56, 0x57, 0x26, 0xcd, 0x32, 0xb2 ) ); -/** Test 6.6 : Retried second call to Generate */ -HMAC_DRBG_TEST_GENERATE ( generate_6_6, +/** SHA-1 Test 6.6 : Retried second call to Generate */ +HMAC_DRBG_TEST_GENERATE ( sha1_generate_6_6, HMAC_DRBG_SHA1, additional_input_empty, EXPECT ( 0x61, 0x91, 0xca, 0x9b, 0xf0, 0x00, 0xd1, 0x0a, 0x71, 0x69, 0x0a, 0xc1, 0x0e, 0x09, 0xff, 0xc8, 0x92, 0xab, 0xde, 0x9a ), @@ -563,23 +608,23 @@ HMAC_DRBG_TEST_GENERATE ( generate_6_6, 0x2d, 0xc6, 0x4a, 0x16, 0x42, 0x11, 0x88, 0x9a, 0x01, 0x0f, 0x24, 0x71, 0xa0, 0x91, 0x2f, 0xfe, 0xa1, 0xbf, 0x01, 0x95 ) ); -/** Test 7 : Instantiation */ -#define instantiate_7 instantiate_3 +/** SHA-1 Test 7 : Instantiation */ +#define sha1_instantiate_7 sha1_instantiate_3 -/** Test 7.1 : First call to Generate */ -HMAC_DRBG_TEST_GENERATE_FAIL ( generate_fail_7_1, +/** SHA-1 Test 7.1 : First call to Generate */ +HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_7_1, HMAC_DRBG_SHA1, additional_input_empty, ( 320 / 8 ) ); -/** Test 7.2 : Reseed */ -HMAC_DRBG_TEST_RESEED ( reseed_7_2, +/** SHA-1 Test 7.2 : Reseed */ +HMAC_DRBG_TEST_RESEED ( sha1_reseed_7_2, HMAC_DRBG_SHA1, entropy_input_1, additional_input_empty, EXPECT ( 0xb9, 0x25, 0x4d, 0x8a, 0xac, 0xba, 0x43, 0xfb, 0xda, 0xe6, 0x39, 0x4f, 0x2b, 0x3a, 0xfc, 0x5d, 0x58, 0x08, 0x00, 0xbf ), EXPECT ( 0x28, 0x40, 0x3b, 0x60, 0x36, 0x38, 0xd0, 0x7d, 0x79, 0x66, 0x66, 0x1e, 0xf6, 0x7b, 0x9d, 0x39, 0x05, 0xf4, 0x6d, 0xb9 ) ); -/** Test 7.3 : Retried first call to Generate */ -HMAC_DRBG_TEST_GENERATE ( generate_7_3, +/** SHA-1 Test 7.3 : Retried first call to Generate */ +HMAC_DRBG_TEST_GENERATE ( sha1_generate_7_3, HMAC_DRBG_SHA1, additional_input_empty, EXPECT ( 0x64, 0xfe, 0x07, 0x4a, 0x6e, 0x77, 0x97, 0xd1, 0xa4, 0x35, 0xda, 0x89, 0x64, 0x48, 0x4d, 0x6c, 0xf8, 0xbd, 0xc0, 0x1b ), @@ -590,20 +635,20 @@ HMAC_DRBG_TEST_GENERATE ( generate_7_3, 0xb5, 0x70, 0x81, 0xe4, 0x22, 0x0f, 0x22, 0xc5, 0xc2, 0x83, 0xe2, 0xc9, 0x1b, 0x8e, 0x30, 0x5a, 0xb8, 0x69, 0xc6, 0x25 ) ); -/** Test 7.4 : Second call to Generate */ -HMAC_DRBG_TEST_GENERATE_FAIL ( generate_fail_7_4, +/** SHA-1 Test 7.4 : Second call to Generate */ +HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_7_4, HMAC_DRBG_SHA1, additional_input_empty, ( 320 / 8 ) ); -/** Test 7.5 : Reseed */ -HMAC_DRBG_TEST_RESEED ( reseed_7_5, +/** SHA-1 Test 7.5 : Reseed */ +HMAC_DRBG_TEST_RESEED ( sha1_reseed_7_5, HMAC_DRBG_SHA1, entropy_input_2, additional_input_empty, EXPECT ( 0x02, 0xbc, 0x57, 0x7f, 0xd1, 0x0e, 0xf7, 0x19, 0x3c, 0x1d, 0xb0, 0x98, 0xbd, 0x5b, 0x75, 0xc7, 0xc4, 0xb6, 0x79, 0x59 ), EXPECT ( 0xbc, 0xbd, 0xf0, 0x52, 0xe0, 0xe0, 0x2a, 0xe8, 0x9a, 0x77, 0x67, 0x94, 0x3f, 0x98, 0x65, 0xb8, 0xb7, 0x22, 0x90, 0x2d ) ); -/** Test 7.6 : Retried second call to Generate */ -HMAC_DRBG_TEST_GENERATE ( generate_7_6, +/** SHA-1 Test 7.6 : Retried second call to Generate */ +HMAC_DRBG_TEST_GENERATE ( sha1_generate_7_6, HMAC_DRBG_SHA1, additional_input_empty, EXPECT ( 0x1a, 0xa4, 0x24, 0x1c, 0x69, 0x5e, 0x29, 0xc0, 0xa5, 0x9a, 0xd1, 0x8a, 0x60, 0x70, 0xe3, 0x38, 0xa5, 0x48, 0xbe, 0x92 ), @@ -614,23 +659,23 @@ HMAC_DRBG_TEST_GENERATE ( generate_7_6, 0x61, 0x48, 0x2c, 0xa5, 0x4d, 0x5f, 0xa7, 0x23, 0xf4, 0xc8, 0x8b, 0x4f, 0xa5, 0x04, 0xbf, 0x03, 0x27, 0x7f, 0xa7, 0x83 ) ); -/** Test 8 : Instantiate */ -#define instantiate_8 instantiate_3 +/** SHA-1 Test 8 : Instantiate */ +#define sha1_instantiate_8 sha1_instantiate_3 -/** Test 8.1 : First call to Generate */ -HMAC_DRBG_TEST_GENERATE_FAIL ( generate_fail_8_1, +/** SHA-1 Test 8.1 : First call to Generate */ +HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_8_1, HMAC_DRBG_SHA1, additional_input_1, ( 320 / 8 ) ); -/** Test 8.2 : Reseed */ -HMAC_DRBG_TEST_RESEED ( reseed_8_2, +/** SHA-1 Test 8.2 : Reseed */ +HMAC_DRBG_TEST_RESEED ( sha1_reseed_8_2, HMAC_DRBG_SHA1, entropy_input_1, additional_input_1, EXPECT ( 0xc0, 0x95, 0x48, 0xc0, 0xd3, 0xc8, 0x61, 0xd7, 0x40, 0xf2, 0x83, 0x7d, 0x72, 0xb5, 0x07, 0x23, 0x5c, 0x26, 0xdb, 0x82 ), EXPECT ( 0x17, 0x4b, 0x3f, 0x84, 0xc3, 0x53, 0x1f, 0x7c, 0x0a, 0x2e, 0x54, 0x21, 0x23, 0x4e, 0xa1, 0x6b, 0x70, 0x8d, 0xdf, 0x0d ) ); -/** Test 8.3 : Retried first call to Generate */ -HMAC_DRBG_TEST_GENERATE ( generate_8_3, +/** SHA-1 Test 8.3 : Retried first call to Generate */ +HMAC_DRBG_TEST_GENERATE ( sha1_generate_8_3, HMAC_DRBG_SHA1, additional_input_empty, EXPECT ( 0x60, 0x3f, 0x09, 0x49, 0x27, 0x9c, 0x70, 0xe8, 0xc6, 0x6c, 0x0f, 0x56, 0x37, 0xc0, 0xf3, 0x75, 0x60, 0x07, 0xe5, 0xac ), @@ -641,20 +686,20 @@ HMAC_DRBG_TEST_GENERATE ( generate_8_3, 0x34, 0x71, 0xfd, 0xa5, 0x5c, 0x6d, 0xdd, 0x2c, 0x03, 0xef, 0xa3, 0xb9, 0x64, 0x3a, 0xb3, 0xbb, 0x22, 0xf6, 0xc9, 0xf2 ) ); -/** Test 8.4 : Second call to Generate */ -HMAC_DRBG_TEST_GENERATE_FAIL ( generate_fail_8_4, +/** SHA-1 Test 8.4 : Second call to Generate */ +HMAC_DRBG_TEST_GENERATE_FAIL ( sha1_generate_fail_8_4, HMAC_DRBG_SHA1, additional_input_2, ( 320 / 8 ) ); -/** Test 8.5 : Reseed */ -HMAC_DRBG_TEST_RESEED ( reseed_8_5, +/** SHA-1 Test 8.5 : Reseed */ +HMAC_DRBG_TEST_RESEED ( sha1_reseed_8_5, HMAC_DRBG_SHA1, entropy_input_2, additional_input_2, EXPECT ( 0x89, 0x42, 0xa5, 0x4f, 0x34, 0x9e, 0x28, 0x1b, 0x84, 0xaa, 0x46, 0x95, 0x87, 0xfb, 0xdd, 0xaf, 0x9d, 0x11, 0x40, 0x82 ), EXPECT ( 0x07, 0x73, 0x0e, 0x3c, 0xbf, 0xfd, 0x3c, 0xaf, 0xd7, 0xa8, 0xaa, 0xe2, 0xbf, 0x01, 0xd6, 0x01, 0x43, 0x01, 0xe2, 0x4d ) ); -/** Test 8.6 : Retried second call to Generate */ -HMAC_DRBG_TEST_GENERATE ( generate_8_6, +/** SHA-1 Test 8.6 : Retried second call to Generate */ +HMAC_DRBG_TEST_GENERATE ( sha1_generate_8_6, HMAC_DRBG_SHA1, additional_input_empty, EXPECT ( 0xbd, 0xe1, 0xb4, 0x6c, 0xdc, 0x54, 0x13, 0xb3, 0xd9, 0xf7, 0x35, 0xac, 0xdb, 0x80, 0xb1, 0x3c, 0x57, 0xbf, 0xe4, 0x73 ), @@ -724,69 +769,69 @@ static void hmac_drbg_test_exec ( void ) { * greater than the reseed_interval. */ - /* Test 1 */ - instantiate_ok ( &state, &instantiate_1 ); - generate_ok ( &state, &generate_1_1 ); - generate_ok ( &state, &generate_1_2 ); + /* SHA-1 Test 1 */ + instantiate_ok ( &state, &sha1_instantiate_1 ); + generate_ok ( &state, &sha1_generate_1_1 ); + generate_ok ( &state, &sha1_generate_1_2 ); - /* Test 2 */ - instantiate_ok ( &state, &instantiate_2 ); - generate_ok ( &state, &generate_2_1 ); - generate_ok ( &state, &generate_2_2 ); + /* SHA-1 Test 2 */ + instantiate_ok ( &state, &sha1_instantiate_2 ); + generate_ok ( &state, &sha1_generate_2_1 ); + generate_ok ( &state, &sha1_generate_2_2 ); - /* Test 3 */ - instantiate_ok ( &state, &instantiate_3 ); - generate_ok ( &state, &generate_3_1 ); - generate_ok ( &state, &generate_3_2 ); + /* SHA-1 Test 3 */ + instantiate_ok ( &state, &sha1_instantiate_3 ); + generate_ok ( &state, &sha1_generate_3_1 ); + generate_ok ( &state, &sha1_generate_3_2 ); - /* Test 4 */ - instantiate_ok ( &state, &instantiate_4 ); - generate_ok ( &state, &generate_4_1 ); - generate_ok ( &state, &generate_4_2 ); + /* SHA-1 Test 4 */ + instantiate_ok ( &state, &sha1_instantiate_4 ); + generate_ok ( &state, &sha1_generate_4_1 ); + generate_ok ( &state, &sha1_generate_4_2 ); - /* Test 5 */ - instantiate_ok ( &state, &instantiate_5 ); + /* SHA-1 Test 5 */ + instantiate_ok ( &state, &sha1_instantiate_5 ); force_reseed_required ( &state ); /* See above comments */ - generate_fail_ok ( &state, &generate_fail_5_1 ); - reseed_ok ( &state, &reseed_5_2 ); - generate_ok ( &state, &generate_5_3 ); + generate_fail_ok ( &state, &sha1_generate_fail_5_1 ); + reseed_ok ( &state, &sha1_reseed_5_2 ); + generate_ok ( &state, &sha1_generate_5_3 ); force_reseed_required ( &state ); /* See above comments */ - generate_fail_ok ( &state, &generate_fail_5_4 ); - reseed_ok ( &state, &reseed_5_5 ); - generate_ok ( &state, &generate_5_6 ); + generate_fail_ok ( &state, &sha1_generate_fail_5_4 ); + reseed_ok ( &state, &sha1_reseed_5_5 ); + generate_ok ( &state, &sha1_generate_5_6 ); - /* Test 6 */ - instantiate_ok ( &state, &instantiate_6 ); + /* SHA-1 Test 6 */ + instantiate_ok ( &state, &sha1_instantiate_6 ); force_reseed_required ( &state ); /* See above comments */ - generate_fail_ok ( &state, &generate_fail_6_1 ); - reseed_ok ( &state, &reseed_6_2 ); - generate_ok ( &state, &generate_6_3 ); + generate_fail_ok ( &state, &sha1_generate_fail_6_1 ); + reseed_ok ( &state, &sha1_reseed_6_2 ); + generate_ok ( &state, &sha1_generate_6_3 ); force_reseed_required ( &state ); /* See above comments */ - generate_fail_ok ( &state, &generate_fail_6_4 ); - reseed_ok ( &state, &reseed_6_5 ); - generate_ok ( &state, &generate_6_6 ); + generate_fail_ok ( &state, &sha1_generate_fail_6_4 ); + reseed_ok ( &state, &sha1_reseed_6_5 ); + generate_ok ( &state, &sha1_generate_6_6 ); - /* Test 7 */ - instantiate_ok ( &state, &instantiate_7 ); + /* SHA-1 Test 7 */ + instantiate_ok ( &state, &sha1_instantiate_7 ); force_reseed_required ( &state ); /* See above comments */ - generate_fail_ok ( &state, &generate_fail_7_1 ); - reseed_ok ( &state, &reseed_7_2 ); - generate_ok ( &state, &generate_7_3 ); + generate_fail_ok ( &state, &sha1_generate_fail_7_1 ); + reseed_ok ( &state, &sha1_reseed_7_2 ); + generate_ok ( &state, &sha1_generate_7_3 ); force_reseed_required ( &state ); /* See above comments */ - generate_fail_ok ( &state, &generate_fail_7_4 ); - reseed_ok ( &state, &reseed_7_5 ); - generate_ok ( &state, &generate_7_6 ); + generate_fail_ok ( &state, &sha1_generate_fail_7_4 ); + reseed_ok ( &state, &sha1_reseed_7_5 ); + generate_ok ( &state, &sha1_generate_7_6 ); - /* Test 8 */ - instantiate_ok ( &state, &instantiate_8 ); + /* SHA-1 Test 8 */ + instantiate_ok ( &state, &sha1_instantiate_8 ); force_reseed_required ( &state ); /* See above comments */ - generate_fail_ok ( &state, &generate_fail_8_1 ); - reseed_ok ( &state, &reseed_8_2 ); - generate_ok ( &state, &generate_8_3 ); + generate_fail_ok ( &state, &sha1_generate_fail_8_1 ); + reseed_ok ( &state, &sha1_reseed_8_2 ); + generate_ok ( &state, &sha1_generate_8_3 ); force_reseed_required ( &state ); /* See above comments */ - generate_fail_ok ( &state, &generate_fail_8_4 ); - reseed_ok ( &state, &reseed_8_5 ); - generate_ok ( &state, &generate_8_6 ); + generate_fail_ok ( &state, &sha1_generate_fail_8_4 ); + reseed_ok ( &state, &sha1_reseed_8_5 ); + generate_ok ( &state, &sha1_generate_8_6 ); } /** HMAC_DRBG self-test */